#!/bin/sh
set -e
cd $(dirname "$0")
-. lib/constants_server
+. lib/constants_ssh # PATH_USER_SSH
. lib/expect_min_n_args
-PATH_KNOWN_HOSTS="${PATH_SSH}/known_hosts"
+PATH_KNOWN_HOSTS="${PATH_USER_SSH}/known_hosts"
expect_min_n_args 1 '(server)' "$@"
SERVER="$1"
+++ /dev/null
-PATH_REL_SSH=.ssh
-PATH_SSH="${HOME}/${PATH_REL_SSH}"
--- /dev/null
+. lib/constants_user
+PATH_REL_SSH=.ssh
+PATH_USER_SSH="${PATH_USER_HOME}/${PATH_REL_SSH}"
set -e
cd $(dirname "$0")
. lib/constants_repopaths # PATH_CONF
-. lib/constants_server # PATH_REL_SSH, PATH_SSH
+. lib/constants_ssh # PATH_REL_SSH, PATH_USER_SSH
. lib/constants_user # USERNAME
. lib/copy_dirtree
. lib/determine_ip
PATH_REL_ETC=etc
PATH_CONF_ETC="${PATH_CONF}/${PATH_REL_ETC}"
-PATH_USER_SSH="${PATH_USER_HOME}/${PATH_REL_SSH}"
PATH_ETC="/${PATH_REL_ETC}"
PATH_HOSTS="${PATH_ETC}/hosts"
setup_users "${MIN_TAGS}" ""
mkdir -p "${PATH_USER_SSH}"
-mv "${PATH_SSH}/authorized_keys" "${PATH_USER_SSH}/"
+mv "/root/${PATH_REL_SSH}/authorized_keys" "${PATH_USER_SSH}/"
chown -R "${USERNAME}:${USERNAME}" "${PATH_USER_SSH}"
# # Enable firewall.
--- /dev/null
+../../.plomlib.sh
\ No newline at end of file
#!/bin/sh
set -e
+cd $(dirname "$0")
+. lib/constants_borg
+. lib/get_passphrase
+. lib/path_tmp_timestamped
-. "${HOME}/.plomlib.sh/get_passphrase"
-. "${HOME}/.plomlib.sh/path_tmp_timestamped"
-
-PATH_BORGKEYS="${HOME}/.config/borg/keys"
+PATH_CONF_SECURITY="${PATH_BORG_CONF}/security"
NAME_REPO=borg
NAME_ARCHIVE=orgdir
if [ "$1" = "orgpull" ]; then
PATH_PIPE="$(path_tmp_timestamped 'pipe')"
mkfifo "${PATH_PIPE}"
- ls -1 "${PATH_BORGKEYS}/" > "${PATH_PIPE}" &
+ ls -1 "${PATH_CONF_SECURITY}/" > "${PATH_PIPE}" &
while read FILENAME; do
- NAME_SERVER=$(echo "${FILENAME}" | sed 's/.*@//')
+ NAME_SERVER="$(echo ${FILENAME} | cut -d'/' -f3 | cut -d'@' -f2)"
if ping -c1 -W2 "${NAME_SERVER}" > /dev/null 2>&1; then
break
else
done < "${PATH_PIPE}"
rm "${PATH_PIPE}"
REPO="${NAME_SERVER}:${NAME_REPO}"
+ echo "Checking out ${REPO} …"
while true; do
if [ -z "${BORG_PASSPHRASE}" ]; then
- printf 'Passhrapse:'
+ printf 'Passhrase:'
export BORG_PASSPHRASE="$(get_passphrase)"
echo ''
fi
echo "Pulling archive: ${ARCHIVE}"
cd /
borg extract --verbose "${REPO}::${ARCHIVE}"
- break
fi
--- /dev/null
+#!/bin/sh
+set -e
+
+cd $(dirname "$0")
+. lib/abort_if_exists
+. lib/constants_borg # PATH_BORG_CONF
+. lib/constants_secrets # PATH_REL_SECRETS, PATH_SECRETS
+. lib/constants_ssh # PATH_USER_SSH
+. lib/constants_user # USERNAME
+. lib/mount_secrets # mount_secrets, copy_and_unmount_secrets
+
+abort_if_exists "${PATH_SECRETS}"
+echo "Collecting new ${PATH_REL_SECRETS}."
+mkdir "${PATH_SECRETS}"
+cp -a "${PATH_BORG_CONF}" "${PATH_SECRETS}/"
+cp -a "${PATH_USER_SSH}" "${PATH_SECRETS_SSH}"
+echo "secrets file, last update: $(whoami)/$(hostname) at $(date)" > "${PATH_SECRETS}/info"
+
+mount_secrets # sets PATH_MOUNTED_SECRETS
+SUFFIX_OLD=.old
+PATH_REL_SECRETS_OLD="${PATH_REL_SECRETS}${SUFFIX_OLD}"
+PATH_MOUNTED_SECRETS_OLD="${PATH_MOUNTED_SECRETS}${SUFFIX_OLD}"
+if [ -d "${PATH_MOUNTED_SECRETS}" ]; then
+ echo "Drive already has ${PATH_REL_SECRETS}, moving to ${PATH_REL_SECRETS_OLD}."
+ rm -rf "${PATH_MOUNTED_SECRETS_OLD}"
+ mv "${PATH_MOUNTED_SECRETS}" "${PATH_MOUNTED_SECRETS_OLD}"
+fi
+copy_and_unmount_secrets 'out'
--- /dev/null
+../../../scripts/lib/abort
\ No newline at end of file
--- /dev/null
+../../../scripts/lib/abort_if_exists
\ No newline at end of file
--- /dev/null
+../../../scripts/lib/constants_borg
\ No newline at end of file
--- /dev/null
+../../../scripts/lib/constants_secrets
\ No newline at end of file
--- /dev/null
+../../../scripts/lib/constants_ssh
\ No newline at end of file
--- /dev/null
+../../../scripts/lib/constants_user
\ No newline at end of file
--- /dev/null
+../../../scripts/lib/expect_min_n_args
\ No newline at end of file
--- /dev/null
+../../../scripts/lib/mount_secrets
\ No newline at end of file
#!/bin/sh
set -e
cd $(dirname "$0")
-
-. lib/constants_user # USERNAME
. lib/abort
. lib/abort_if_exists
. lib/abort_if_not_user
. lib/abort_if_offline
+. lib/constants_borg # PATH_BORG_CONF, PATH_REL_BORG_CONF
+. lib/constants_secrets # PATH_SECRETS
+. lib/constants_ssh # PATH_USER_SSH
+. lib/constants_user # USERNAME
+. lib/mount_secrets # mount_secrets, copy_and_unmount_secrets
PATH_REPOS="${HOME}/repos"
-PATH_BORGKEYS="${HOME}/.config/borg/keys"
-PATH_USER_SSH="${HOME}/.ssh"
-FILENAME_KEY=id_rsa
-PATH_PRIVATE_KEY="${PATH_USER_SSH}/${FILENAME_KEY}"
-PATH_KNOWN_HOSTS="${PATH_USER_SSH}/known_hosts"
REPOS_SITE_DOMAIN=plomlompom.com
REMOTE_PATH_REPOS=/var/repos
NAME_BORGAPP=borgplom
-abort_if_not_user "${USERNAME}"
abort_if_offline
+abort_if_not_user "${USERNAME}"
+abort_if_exists "${PATH_SECRETS}"
abort_if_exists "${PATH_USER_SSH}"
abort_if_exists "${PATH_REPOS}"
-abort_if_exists "${PATH_BORGKEYS}"
+abort_if_exists "${PATH_BORG_CONF}"
+
+mount_secrets # sets PASSPHRASE
+copy_and_unmount_secrets 'in'
+export BORG_PASSPHRASE="${PASSPHRASE}"
echo "\nSetting up ~/.ssh"
-PATH_PUBLIC_KEY="${PATH_PRIVATE_KEY}.pub"
-mkdir -p "${PATH_USER_SSH}"
-cp "${PATH_SECRETS}/${FILENAME_KEY}" "${PATH_PRIVATE_KEY}"
-while [ ! -s "${PATH_PUBLIC_KEY}" ]; do
- stty -echo
- set +e
- ssh-keygen -y -f "${PATH_PRIVATE_KEY}" > "${PATH_PUBLIC_KEY}"
- set -e
- stty echo
-done
+cp -a "${PATH_SECRETS_SSH}" "${PATH_USER_SSH}"
eval $(ssh-agent)
while true; do
echo ''
echo "\n\nSetting up ~/repos"
REPOS_SITE_LOGIN="${USERNAME}@${REPOS_SITE_DOMAIN}"
-ssh-keyscan "${REPOS_SITE_DOMAIN}" >> "${PATH_KNOWN_HOSTS}"
mkdir "${PATH_REPOS}"
cd "${PATH_REPOS}"
ssh ${REPOS_SITE_LOGIN} "cd ${REMOTE_PATH_REPOS} && ls -1" | while read REPO_NAME; do
cd -
echo "\nSetting up borg and pull in ~/org"
-PATH_TARED_KEYS=borg_keyfiles
-mkdir -p "${PATH_BORGKEYS}"
-tar xf "${PATH_SECRETS}/${PATH_TARED_KEYS}.tar"
-mv "${PATH_TARED_KEYS}"/* "${PATH_BORGKEYS}/"
-rmdir "${PATH_TARED_KEYS}"
-ls -1 "${PATH_BORGKEYS}/" | while read FILENAME; do
- SERVER_NAME=$(echo "${FILENAME}" | sed 's/.*@//')
- set +e
- ssh-keyscan "${SERVER_NAME}" >> "${PATH_KNOWN_HOSTS}"
- set -e
- echo ''
-done
+PATH_PARENT_BORG_CONF="$(dirname ${PATH_BORG_CONF})"
+mkdir -p "${PATH_BORG_CONF}"
+cp -a "${PATH_SECRETS}/${PATH_REL_BORG_CONF}" "${PATH_PARENT_BORG_CONF}/"
while true; do
set +e
"${NAME_BORGAPP}" orgpull
+. lib/abort
+
abort_if_exists() {
if [ -e "$1" ]; then
abort "$1 already exists."
fi
}
-
--- /dev/null
+PATH_REL_BORG_CONF=borg
+PATH_BORG_CONF="${HOME}/.config/${PATH_REL_BORG_CONF}"
--- /dev/null
+. lib/constants_user
+PATH_MEDIA=/media
+PATH_REL_SECRETS=.secrets
+PATH_SECRETS="${PATH_USER_HOME}/${PATH_REL_SECRETS}"
+PATH_SECRETS_SSH="${PATH_SECRETS}/ssh"
--- /dev/null
+../../../bookworm/scripts/lib/constants_ssh
\ No newline at end of file
--- /dev/null
+. lib/constants_secrets # PATH_MEDIA, PATH_REL_SECRETS
+. lib/expect_min_n_args
+. lib/get_passphrase
+. lib/path_tmp_timestamped
+
+mount_secrets() {
+ expect_min_n_args 1 "(device name, e.g. 'sda')" "$@"
+ SECRETS_DEV=$1
+ PATH_MOUNTED_SECRETS="${PATH_MEDIA}/${SECRETS_DEV}/${PATH_REL_SECRETS}"
+ PATH_DEV="/dev/${SECRETS_DEV}"
+ PATH_PMOUNT_ERR="$(path_tmp_timestamped 'err_mount')"
+ echo "Put secrets drive into slot for ${PATH_DEV}."
+ while [ ! -e "${PATH_DEV}" ]; do
+ sleep 0.1
+ done
+ while true; do
+ printf 'Passphrase: '
+ PASSPHRASE=$(get_passphrase)
+ echo ''
+ set +e
+ echo "${PASSPHRASE}" | pmount "${PATH_DEV}" 2> "${PATH_PMOUNT_ERR}"
+ RESULT=$?
+ set -e
+ if [ "${RESULT}" = "0" ]; then
+ break
+ elif [ "${RESULT}" != "100" ]; then
+ PMOUNT_ERR="$(cat ${PATH_PMOUNT_ERR})"
+ rm "${PATH_PMOUNT_ERR}"
+ abort "Aborting due to pmount error: ${PMOUNT_ERR}"
+ fi
+ done
+}
+
+copy_and_unmount_secrets() {
+ echo "Copying over ${PATH_REL_SECRETS}."
+ if [ "$1" = "out" ]; then
+ cp -a "${PATH_SECRETS}" "${PATH_MOUNTED_SECRETS}"
+ elif [ "$1" = "in" ]; then
+ cp -a "${PATH_MOUNTED_SECRETS}" "${PATH_SECRETS}"
+ else
+ echo abort "Illegal argument to unmount_secrets."
+ fi
+ pumount "${SECRETS_DEV}"
+ echo "You can remove device ${SECRETS_DEV} now."
+}
ntpdate-debian
setup_users "${MIN_TAGS}" "${TAGS_USER}"
+adduser plom plugdev # so user may use pmount
passwd "${USERNAME}"
#!/bin/sh
set -e
cd $(dirname "$0")
-. lib/abort
-. lib/abort_if_exists
. lib/abort_if_not_user
-. lib/abort_if_offline
-. lib/constants_user # PATH_USER_HOME, USERNAME
. lib/constants_repopaths # PATH_CONF, PATH_SCRIPTS
-. lib/expect_min_n_args
-. lib/get_passphrase
+. lib/constants_user # USERNAME
. lib/path_tmp_timestamped
+abort_if_not_user root
PATH_REL_SETUP_SECRETS_USER="$(basename ${PATH_CONF})/$(basename ${PATH_SCRIPTS})/_setup_secrets_user.sh"
PATH_REPO="$(dirname ${PATH_CONF})"
-PATH_REL_SECRETS=.secrets
-export PATH_SECRETS="${PATH_USER_HOME}/${PATH_REL_SECRETS}"
-
-# Mount secrets device and copy over its content.
-abort_if_exists "${PATH_SECRETS}"
-expect_min_n_args 1 "(device name, e.g. 'sda')" "$@"
-SECRETS_DEV=$1
-PATH_SOURCE=/media/${SECRETS_DEV}/${PATH_REL_SECRETS}
-PATH_DEV=/dev/${SECRETS_DEV}
-PATH_PMOUNT_ERR="$(path_tmp_timestamped 'err_mount')"
-echo "Put secrets drive into slot for ${PATH_DEV}."
-while [ ! -e "${PATH_DEV}" ]; do
- sleep 0.1
-done
-while true; do
- printf 'Passphrase: '
- PASSPHRASE=$(get_passphrase)
- echo ''
- set +e
- echo "${PASSPHRASE}" | pmount "${PATH_DEV}" 2> "${PATH_PMOUNT_ERR}"
- RESULT=$?
- set -e
- if [ "${RESULT}" = "0" ]; then
- break
- elif [ "${RESULT}" != "100" ]; then
- PMOUNT_ERR="$(cat ${PATH_PMOUNT_ERR})"
- rm "${PATH_PMOUNT_ERR}"
- abort "Aborting due to pmount error: ${PMOUNT_ERR}"
- fi
-done
-cp -a "${PATH_SOURCE}" "${PATH_SECRETS}"
-pumount "${SECRETS_DEV}"
-echo "You can remove ${PATH_DEV} now."
-chown -R "${USERNAME}:${USERNAME}" "${PATH_SECRETS}"
-
-export BORG_PASSPHRASE="${PASSPHRASE}"
PATH_TMP_REPO="$(path_tmp_timestamped configrepo)"
+
+echo "Setting up config repo copy for user at ${PATH_TMP_REPO} …"
cp -a "${PATH_REPO}" "${PATH_TMP_REPO}"
chown -R "${USERNAME}:${USERNAME}" "${PATH_TMP_REPO}"
-su -l "${USERNAME}" --whitelist-environment=PATH_SECRETS,BORG_PASSPHRASE -c "/bin/sh ${PATH_TMP_REPO}/${PATH_REL_SETUP_SECRETS_USER}"
+su -l "${USERNAME}" --whitelist-environment=BORG_PASSPHRASE -c "/bin/sh ${PATH_TMP_REPO}/${PATH_REL_SETUP_SECRETS_USER}"
rm -rf "${PATH_TMP_REPO}"
projects / config / commitdiff