From: Christian Heller Date: Thu, 13 Mar 2025 16:49:21 +0000 (+0100) Subject: Minor improvements. X-Git-Url: https://plomlompom.com/repos/%7B%7B%20web_path%20%7D%7D/decks/booking/ledger?a=commitdiff_plain;h=refs%2Fheads%2Fmaster;p=config Minor improvements. --- diff --git a/testing/scripts/_setup_secrets_user.sh b/testing/scripts/_setup_secrets_user.sh new file mode 100644 index 0000000..308ec14 --- /dev/null +++ b/testing/scripts/_setup_secrets_user.sh @@ -0,0 +1,70 @@ +set -e +. ./_misc.sh + +PATH_REPOS="${HOME}/repos" +PATH_BORGKEYS="${HOME}/.config/borg/keys" +REPOS_SITE_DOMAIN=plomlompom.com +REMOTE_PATH_REPOS=/var/repos +NAME_BORGAPP=borgplom +if [ ! -z "$1" ]; then + export BORG_PASSPHRASE="$1" +fi + +abort_if_not_user "${USERNAME}" +abort_if_offline +abort_if_exists "${PATH_USER_SSH}" +abort_if_exists "${PATH_REPOS}" +abort_if_exists "${PATH_BORGKEYS}" + +echo "\nSetting up ~/.ssh" +PATH_PRIVATE_KEY="${PATH_USER_SSH}/${FILENAME_PRIVATE_KEY}" +PATH_PUBLIC_KEY="${PATH_USER_SSH}/${FILENAME_PUBLIC_KEY}" +mkdir -p "${PATH_USER_SSH}" +cp "${PATH_SECRETS}/${FILENAME_PRIVATE_KEY}" "${PATH_PRIVATE_KEY}" +while [ ! -s "${PATH_PUBLIC_KEY}" ]; do + set +e + stty -echo + ssh-keygen -y -f "${PATH_PRIVATE_KEY}" > "${PATH_PUBLIC_KEY}" + stty echo + set -e +done +PATH_KNOWN_HOSTS="${PATH_USER_SSH}/known_hosts" + +echo "\n\nSetting up ~/repos" +REPOS_SITE_LOGIN="${USERNAME}@${REPOS_SITE_DOMAIN}" +eval $(ssh-agent) && ssh-add +ssh-keyscan "${REPOS_SITE_DOMAIN}" >> "${PATH_KNOWN_HOSTS}" +mkdir "${PATH_REPOS}" +cd "${PATH_REPOS}" +ssh ${REPOS_SITE_LOGIN} "cd $REMOTE_PATH_REPOS && ls -1" | while read REPO_NAME; do + git clone --recurse "${REPOS_SITE_LOGIN}:${REMOTE_PATH_REPOS}/${REPO_NAME}" +done + +echo "\nSetting up borg and pull in ~/org" +PATH_TARED_KEYS=borg_keyfiles +mkdir -p "${PATH_BORGKEYS}" +tar xf "${PATH_SECRETS}/${PATH_TARED_KEYS}.tar" +mv "${PATH_TARED_KEYS}"/* "${PATH_BORGKEYS}/" +rmdir "${PATH_TARED_KEYS}" +ls -1 "${PATH_BORGKEYS}/" | while read FILENAME; do + SERVER_NAME=$(echo "${FILENAME}" | sed 's/.*@//') + set +e + ssh-keyscan "${SERVER_NAME}" >> "${PATH_KNOWN_HOSTS}" + set -e +done +while true; do + set +e + "${NAME_BORGAPP}" orgpull + RESULT=$? + set -e + if [ "${RESULT}" = "0" ]; then + break + elif [ "${RESULT}" != "2" ]; then + echo "Aborting due to unexpected ${NAME_BORGAPP} error." + exit 1 + fi +done + +PATH_REL_DEL_REPO="DELETE_${PATH_REL_REPO}" +mv "${HOME}/${PATH_REL_REPO}" "${HOME}/${PATH_REL_DEL_REPO}" +echo "\nWith ~/repos set up, new reference be ~/repos/${PATH_REL_REPO}; moved ~/${PATH_REL_REPO} to ~/${PATH_REL_DEL_REPO}, ready to be deleted by you." diff --git a/testing/scripts/setup_secrets.sh b/testing/scripts/setup_secrets.sh new file mode 100755 index 0000000..a706739 --- /dev/null +++ b/testing/scripts/setup_secrets.sh @@ -0,0 +1,44 @@ +#!/bin/sh +set -e +. ./_misc.sh +. ../home/desktop/.nonpath_bins/plomlib.sh + +abort_if_not_user root +abort_if_offline + +# Mount secrets device and copy over its content. +abort_if_exists "${PATH_SECRETS}" +expect_min_n_args 1 "(device name, e.g. 'sda')" "$@" +SECRETS_DEV=$1 +PATH_SOURCE=/media/${SECRETS_DEV}/${PATH_REL_SECRETS} +PATH_DEV=/dev/${SECRETS_DEV} +echo "Put secrets drive into slot for ${PATH_DEV}." +while [ ! -e "${PATH_DEV}" ]; do + sleep 0.1 +done +while true; do + get_passphrase + set +e + echo "${PASSPHRASE}" | pmount "${PATH_DEV}" + RESULT=$? + set -e + if [ "${RESULT}" = "0" ]; then + break + elif [ "${RESULT}" != "100" ]; then + echo "Aborting due to pmount error." + exit 1 + fi +done +cp -a "${PATH_SOURCE}" "${PATH_SECRETS}" +pumount "${SECRETS_DEV}" +echo "You can remove ${PATH_DEV} now." +chown -R "${USERNAME}:${USERNAME}" "${PATH_SECRETS}" + +cd ../.. +PATH_REPO=$(pwd) +CONTAINS_TICK=$(echo "${PASSPHRASE}" | grep "'" | wc -l) +if [ "${CONTAINS_TICK}" = "1" ]; then + echo "Cannot pass to user script passphrase with illegal character, aborting." + exit 1 +fi +su -l "${USERNAME}" -c "cd ${PATH_REPO}/testing/scripts && /bin/sh ./_setup_secrets_user.sh '${PASSPHRASE}'" diff --git a/testing/scripts/setup_secrets_root.sh b/testing/scripts/setup_secrets_root.sh deleted file mode 100755 index 110f1f2..0000000 --- a/testing/scripts/setup_secrets_root.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh -set -e -. ./_misc.sh -. ../home/desktop/.nonpath_bins/plomlib.sh - -abort_if_not_user root -abort_if_offline - -# Mount secrets device and copy over its content. -abort_if_exists "${PATH_SECRETS}" -expect_min_n_args 1 "(device name, e.g. 'sda')" "$@" -SECRETS_DEV=$1 -PATH_SOURCE=/media/${SECRETS_DEV}/${PATH_REL_SECRETS} -PATH_DEV=/dev/${SECRETS_DEV} -echo "Put secrets drive into slot for ${PATH_DEV}." -while [ ! -e "${PATH_DEV}" ]; do - sleep 0.1 -done -while true; do - get_passphrase - set +e - echo "${PASSPHRASE}" | pmount "${PATH_DEV}" - RESULT=$? - set -e - if [ "${RESULT}" = "0" ]; then - break - elif [ "${RESULT}" != "100" ]; then - echo "Aborting due to pmount error." - exit 1 - fi -done -cp -a "${PATH_SOURCE}" "${PATH_SECRETS}" -pumount "${SECRETS_DEV}" -echo "You can remove ${PATH_DEV} now." -chown -R "${USERNAME}:${USERNAME}" "${PATH_SECRETS}" - -cd ../.. -PATH_REPO=$(pwd) -CONTAINS_TICK=$(echo "${PASSPHRASE}" | grep "'" | wc -l) -if [ "${CONTAINS_TICK}" = "1" ]; then - echo "Cannot pass to user script passphrase with illegal character, aborting." - exit 1 -fi -su -l "${USERNAME}" -c "cd ${PATH_REPO}/testing/scripts && ./setup_secrets_user.sh '${PASSPHRASE}'" diff --git a/testing/scripts/setup_secrets_user.sh b/testing/scripts/setup_secrets_user.sh deleted file mode 100755 index a5c547f..0000000 --- a/testing/scripts/setup_secrets_user.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/sh -set -e -. ./_misc.sh - -PATH_REPOS="${HOME}/repos" -PATH_BORGKEYS="${HOME}/.config/borg/keys" -REPOS_SITE_DOMAIN=plomlompom.com -REMOTE_PATH_REPOS=/var/repos -NAME_BORGAPP=borgplom -if [ ! -z "$1" ]; then - export BORG_PASSPHRASE="$1" -fi - -abort_if_not_user "${USERNAME}" -abort_if_offline -abort_if_exists "${PATH_USER_SSH}" -abort_if_exists "${PATH_REPOS}" -abort_if_exists "${PATH_BORGKEYS}" - -echo "\nSetting up ~/.ssh" -PATH_PRIVATE_KEY="${PATH_USER_SSH}/${FILENAME_PRIVATE_KEY}" -PATH_PUBLIC_KEY="${PATH_USER_SSH}/${FILENAME_PUBLIC_KEY}" -mkdir -p "${PATH_USER_SSH}" -cp "${PATH_SECRETS}/${FILENAME_PRIVATE_KEY}" "${PATH_PRIVATE_KEY}" -while [ ! -s "${PATH_PUBLIC_KEY}" ]; do - set +e - stty -echo - ssh-keygen -y -f "${PATH_PRIVATE_KEY}" > "${PATH_PUBLIC_KEY}" - stty echo - set -e -done -PATH_KNOWN_HOSTS="${PATH_USER_SSH}/known_hosts" - -echo "\n\nSetting up ~/repos" -REPOS_SITE_LOGIN="${USERNAME}@${REPOS_SITE_DOMAIN}" -eval $(ssh-agent) && ssh-add -ssh-keyscan "${REPOS_SITE_DOMAIN}" >> "${PATH_KNOWN_HOSTS}" -mkdir "${PATH_REPOS}" -cd "${PATH_REPOS}" -ssh ${REPOS_SITE_LOGIN} "cd $REMOTE_PATH_REPOS && ls -1" | while read REPO_NAME; do - git clone --recurse "${REPOS_SITE_LOGIN}:${REMOTE_PATH_REPOS}/${REPO_NAME}" -done - -echo "\nSetting up borg and pull in ~/org" -PATH_TARED_KEYS=borg_keyfiles -mkdir -p "${PATH_BORGKEYS}" -tar xf "${PATH_SECRETS}/${PATH_TARED_KEYS}.tar" -mv "${PATH_TARED_KEYS}"/* "${PATH_BORGKEYS}/" -rmdir "${PATH_TARED_KEYS}" -ls -1 "${PATH_BORGKEYS}/" | while read FILENAME; do - SERVER_NAME=$(echo "${FILENAME}" | sed 's/.*@//') - set +e - ssh-keyscan "${SERVER_NAME}" >> "${PATH_KNOWN_HOSTS}" - set -e -done -while true; do - set +e - "${NAME_BORGAPP}" orgpull - RESULT=$? - set -e - if [ "${RESULT}" = "0" ]; then - break - elif [ "${RESULT}" != "2" ]; then - echo "Aborting due to unexpected ${NAME_BORGAPP} error." - exit 1 - fi -done - -PATH_REL_DEL_REPO="DELETE_${PATH_REL_REPO}" -mv "${HOME}/${PATH_REL_REPO}" "${HOME}/${PATH_REL_DEL_REPO}" -echo "\nWith ~/repos set up, new reference be ~/repos/${PATH_REL_REPO}; moved ~/${PATH_REL_REPO} to ~/${PATH_REL_DEL_REPO}, ready to be deleted by you."