home · contact · privacy
projects / config / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6d033d6)
Add catgirl logss encryption.
authorChristian Heller <c.heller@plomlompom.de>
Tue, 15 Apr 2025 11:33:10 +0000 (13:33 +0200)
committerChristian Heller <c.heller@plomlompom.de>
Tue, 15 Apr 2025 11:33:10 +0000 (13:33 +0200)
bookworm/aptmark/catgirl patch | blob | history
bookworm/etc/caddy/caddy/Caddyfile patch | blob | history
bookworm/etc/catgirl/systemd/system/encrypt_catgirl_logs.service [new file with mode: 0644] patch | blob
bookworm/etc/catgirl/systemd/system/encrypt_catgirl_logs.timer [new file with mode: 0644] patch | blob
bookworm/home/catgirl/.config/catgirl/libera patch | blob | history
bookworm/home/catgirl/.local/bin/encrypt_catgirl_logs [new file with mode: 0755] patch | blob
bookworm/home/catgirl/.plomlib/constants_catgirl [new file with mode: 0644] patch | blob
bookworm/home/catgirl/.plomlib/encrypt_with.pub [new file with mode: 0644] patch | blob
bookworm/scripts/setup_catgirl.sh patch | blob | history

diff --git a/bookworm/aptmark/catgirl b/bookworm/aptmark/catgirl
index ddab378055fe2ad3749b219d4deefe86c948bbd4..be0a8b44ceef6a4671b2e78d431f86d54c0e4d0d 100644 (file)
--- a/bookworm/aptmark/catgirl
+++ b/bookworm/aptmark/catgirl
@@ -1,4 +1,7 @@
 # IRC
-tmux
 catgirl
+# for detachable sessions
+tmux
+# for logs encryption
+age
 #
diff --git a/bookworm/etc/caddy/caddy/Caddyfile b/bookworm/etc/caddy/caddy/Caddyfile
index 788e8f745f8e224accbb243566cf3fe91f3f94e2..1eddd8379209dedf13ba1cf2f1e52c34a4e7439e 100644 (file)
--- a/bookworm/etc/caddy/caddy/Caddyfile
+++ b/bookworm/etc/caddy/caddy/Caddyfile
@@ -1,6 +1,6 @@
 REPLACE_WITH_FQDN {
     root * /var/www/dump
-    basic_auth /private/* {
+    basicauth /private/* {
         user REPLACE_WITH_HASH
     }
     file_server browse
diff --git a/bookworm/etc/catgirl/systemd/system/encrypt_catgirl_logs.service b/bookworm/etc/catgirl/systemd/system/encrypt_catgirl_logs.service
new file mode 100644 (file)
index 0000000..3529295
--- /dev/null
+++ b/bookworm/etc/catgirl/systemd/system/encrypt_catgirl_logs.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Run script for encrypting catgirl logs.
+
+[Service]
+Type=oneshot
+User=plom
+ExecStart=/bin/sh -c 'encrypt_catgirl_logs'
+
diff --git a/bookworm/etc/catgirl/systemd/system/encrypt_catgirl_logs.timer b/bookworm/etc/catgirl/systemd/system/encrypt_catgirl_logs.timer
new file mode 100644 (file)
index 0000000..c650376
--- /dev/null
+++ b/bookworm/etc/catgirl/systemd/system/encrypt_catgirl_logs.timer
@@ -0,0 +1,9 @@
+[Unit]
+Description=Run service for encrypting catgirl logs once every day.
+
+[Timer]
+OnCalendar=*-*-* 01:00:00
+
+[Install]
+WantedBy=timers.target
+
diff --git a/bookworm/home/catgirl/.config/catgirl/libera b/bookworm/home/catgirl/.config/catgirl/libera
index 5d04ff2c9f70e5a5f9be2a72d8e5c3b6e7b0a0b7..68c04eb8d1fee0780ac99d00109cdfc422ed8f4f 100644 (file)
--- a/bookworm/home/catgirl/.config/catgirl/libera
+++ b/bookworm/home/catgirl/.config/catgirl/libera
@@ -1,3 +1,4 @@
 host = irc.libera.chat
 join = #plomtest
-sasl-plain = plomlompom:REPLACE_WITH_SASL_PASSWORD
+sasl-plain = plomtest:REPLACE_WITH_SASL_PASSWORD
+log
diff --git a/bookworm/home/catgirl/.local/bin/encrypt_catgirl_logs b/bookworm/home/catgirl/.local/bin/encrypt_catgirl_logs
new file mode 100755 (executable)
index 0000000..469f4eb
--- /dev/null
+++ b/bookworm/home/catgirl/.local/bin/encrypt_catgirl_logs
@@ -0,0 +1,26 @@
+#!/bin/sh
+set -e
+cd $(dirname "$0")
+. lib/expect_n_args
+. lib/constants_catgirl  # PATH_USER_SHARE_CATGIRL
+
+expect_n_args 0
+
+PATH_LOGS="${PATH_USER_SHARE_CATGIRL}/log"
+PATH_ENCRYPTED_LOGS="${HOME}/logs_encrypted"
+PATH_ENCRYPTION_KEY="${HOME}/.plomlib/encrypt_with.pub"
+TODAY="$(date +'%Y-%m-%d')"
+for _PATH_LOG in $(ls -1 "${PATH_LOGS}/*/*/*.log"); do
+    _FILENAME=$(basename "${PATH_LOG})"
+    _DATE_OF_LOG=$(echo "${FILENAME}" | cut -d'.' -f1)
+    _DIRNAME=$(dirname "${PATH_LOG}"
+    _WINDOW_OF_LOG=$(basename "${_DIRNAME}"
+    _DIRNAME=$(dirname "${_DIRNAME}"
+    _NETWORK_OF_LOG=$(basename "${_DIRNAME}"
+    if [ "${_DATE_OF_LOG}" < "${TODAY}" ]; then 
+        _PATH_TARGET="${PATH_ENCRYPTED_LOGS}/${_NETWORK_OF_LOG}/${_WINDOW_OF_LOG}"
+        mkdir -p "${_PATH_TARGET}" 
+        age -R "${PATH_ENCRYPTION_KEY}" "${_PATH_LOG}" > "${_PATH_TARGET}/${_FILENAME}.age"
+        rm "${_PATH_LOG}" 
+    fi
+done
diff --git a/bookworm/home/catgirl/.plomlib/constants_catgirl b/bookworm/home/catgirl/.plomlib/constants_catgirl
new file mode 100644 (file)
index 0000000..daa6b56
--- /dev/null
+++ b/bookworm/home/catgirl/.plomlib/constants_catgirl
@@ -0,0 +1,4 @@
+. lib/constants_user  # PATH_USER_HOME
+
+PATH_USER_SHARE_CATGIRL="${PATH_USER_HOME}/.local/share/catgirl"
+
diff --git a/bookworm/home/catgirl/.plomlib/encrypt_with.pub b/bookworm/home/catgirl/.plomlib/encrypt_with.pub
new file mode 100644 (file)
index 0000000..ddd5ba1
--- /dev/null
+++ b/bookworm/home/catgirl/.plomlib/encrypt_with.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAoMa288S7iHnw8lEaSQTTK8pSJwBEWCCyPJF7zewbXrgGoHHXAYD88AJFrULBivTk6HIVpx+Dc0fdhheXr3yl8XGo57l7XTVd1xz2USxaPXfWHEz5mAtJVM4MJ7MjQ5eNkCgrJaOWZ1SLnSS/+dF3KGYs1BK7piIKFk/5AKQmX+0R3STxNlLlEOWG03224409VNliMKFhbfjszPJyaKDFKt4tnG12YgEZ0Zx2LbAfJZzFdkxb2qzcdb09vRHOEZgtFPszohVETaBtocl3mEPHRjwXzhE6fz/jzMHc+JZDViQONobvgJ7weVU7dnv8zmiobFuyOEb4uyAE1yugvBypPQ==
diff --git a/bookworm/scripts/setup_catgirl.sh b/bookworm/scripts/setup_catgirl.sh
index ee7db2c5cfb8f86662a1156bd17241f3e6e3baf3..a61d66a5c54509ab9256024d713ed96c50213358 100755 (executable)
--- a/bookworm/scripts/setup_catgirl.sh
+++ b/bookworm/scripts/setup_catgirl.sh
@@ -1,6 +1,7 @@
 #!/bin/sh
 set -e
 cd $(dirname "$0")
+. lib/constants_catgirl  # PATH_USER_SHARE_CATGIRL
 . lib/constants_repopaths # PATH_CONF
 . lib/constants_ssh  # PATH_REL_SSH, PATH_USER_SSH
 . lib/constants_user  # PATH_USER_HOME, USERNAME
@@ -12,17 +13,18 @@ cd $(dirname "$0")
 
 MIN_TAGS='all server catgirl caddy'
 
-expect_n_args 4 4 'HOSTNAME, FQDN, SASL_PASSWORD, CADDY_PASSWORD' $@
+expect_n_args 4 4 'HOSTNAME, FQDN, IRC_PASSWORD, WEB_PASSWORD' $@
 HOSTNAME="$1"
 FQDN="$2"
-SASL_PASSWORD="$3"
-CADDY_PASSWORD="$4"
+IRC_PASSWORD="$3"
+WEB_PASSWORD="$4"
 
 PATH_REL_ETC=etc
 PATH_CONF_ETC="${PATH_CONF}/${PATH_REL_ETC}"
 PATH_ETC="/${PATH_REL_ETC}"
 PATH_HOSTS="${PATH_ETC}/hosts"
 PATH_BORG_HOME=/home/borg
+PATH_CADDYFILE="${PATH_ETC}/caddy/Caddyfile"
 
 echo '\nPreparing caddy install.'
 apt -y install curl
@@ -57,17 +59,18 @@ cp -a "${PATH_USER_SSH}" "${PATH_BORG_HOME}/"
 chown -R borg:nogroup "${PATH_BORG_HOME}/${PATH_REL_SSH}"
 
 echo '\nEnabling the firewall.'
-systemctl enable nftables.service
-systemctl start nftables.service
+systemctl enable --now nftables
 
-# echo '\nSetting up catgirl.'
-# sed -i "s/REPLACE_WITH_SASL_PASSWORD/${SASL_PASSWORD}/g" "${PATH_USER_HOME}/.config/catgirl/libera"
-# systemctl enable catgirl.service
-# systemctl start catgirl.service
+echo '\nSetting up catgirl.'
+sed -i "s/REPLACE_WITH_IRC_PASSWORD/${IRC_PASSWORD}/g" "${PATH_USER_HOME}/.config/catgirl/libera"
+mkdir -p "${PATH_USER_SHARE_CATGIRL}"
+chown -R "${PATH_USER_SHARE_CATGIRL}"
+systemctl enable --now catgirl
+systemctl enable --now encrypt_catgirl_logs
 
-# Reload caddy with new config.
-HASH=$(caddy hash-password --plaintext "${CADDY_PASSWORD}")
-sed -i "s/REPLACE_WITH_HASH/${HASH}/g" "${PATH_ETC}/caddy/Caddyfile"
-sed -i "s/REPLACE_WITH_FQDN/${FQDN}/g" "${PATH_ETC}/caddy/Caddyfile"
-mkdir -p /var/www/dump/{private,public}
+echo "Adapting caddy's config and reloading it …"
+HASH=$(caddy hash-password --plaintext "${WEB_PASSWORD}")
+sed -i "s/REPLACE_WITH_HASH/${HASH}/g" "${PATH_CADDYFILE}"
+sed -i "s/REPLACE_WITH_FQDN/${FQDN}/g" "${PATH_CADDYFILE}"
+mkdir -p /var/www/dump/private /var/www/dump/public
 systemctl reload caddy
Unnamed repository; edit this file 'description' to name the repository.