From 8b70cae2a1c2638df5942f570fcd3b4cc60e5efc Mon Sep 17 00:00:00 2001
From: Christian Heller <c.heller@plomlompom.de>
Date: Thu, 7 Oct 2021 23:19:35 +0200
Subject: [PATCH] Add Bullseye play server setup basics.

---
 bullseye/apt-mark/play                        |  4 ++
 .../systemd/system/encrypt_chatlogs.service   |  6 ++
 .../etc/systemd/system/encrypt_chatlogs.timer |  8 +++
 bullseye/other_files/weechat-wrapper.sh       |  7 +++
 bullseye/other_files/weechatlogs_encrypter.sh | 16 ++++++
 bullseye/other_files/weechatrc                |  8 +++
 bullseye/setup_scripts/mirror_dir.sh          | 23 ++++++++
 .../setup_scripts/prepare_to_meet_server.sh   | 22 ++++++++
 bullseye/setup_scripts/setup_play.sh          | 55 +++++++++++++++++++
 9 files changed, 149 insertions(+)
 create mode 100644 bullseye/apt-mark/play
 create mode 100644 bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.service
 create mode 100644 bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer
 create mode 100755 bullseye/other_files/weechat-wrapper.sh
 create mode 100755 bullseye/other_files/weechatlogs_encrypter.sh
 create mode 100644 bullseye/other_files/weechatrc
 create mode 100755 bullseye/setup_scripts/mirror_dir.sh
 create mode 100755 bullseye/setup_scripts/prepare_to_meet_server.sh
 create mode 100755 bullseye/setup_scripts/setup_play.sh

diff --git a/bullseye/apt-mark/play b/bullseye/apt-mark/play
new file mode 100644
index 0000000..154f7e7
--- /dev/null
+++ b/bullseye/apt-mark/play
@@ -0,0 +1,4 @@
+weechat
+screen
+gnupg
+dirmngr
diff --git a/bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.service b/bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.service
new file mode 100644
index 0000000..bc81613
--- /dev/null
+++ b/bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Attempt encryption of old chat logs
+[Service]
+Type=oneshot
+User=plom
+ExecStart=/bin/sh -c '~/weechatlogs_encrypter.sh'
diff --git a/bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer b/bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer
new file mode 100644
index 0000000..79a6e1e
--- /dev/null
+++ b/bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer
@@ -0,0 +1,8 @@
+[Unit]
+Description=Attempt encryption of old chatlogs once every minute.
+
+[Timer]
+OnCalendar=*-*-* *:*:00
+
+[Install]
+WantedBy=timers.target
\ No newline at end of file
diff --git a/bullseye/other_files/weechat-wrapper.sh b/bullseye/other_files/weechat-wrapper.sh
new file mode 100755
index 0000000..b433574
--- /dev/null
+++ b/bullseye/other_files/weechat-wrapper.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Enforce ~/.weechatrc as sole persistent weechat config file.
+rm -rf ~/.weechat/
+WEECHATCONF=`tr '\n' ';' < ~/.weechatrc`
+weechat -r "$WEECHATCONF"
+rm -rf ~/.weechat/
diff --git a/bullseye/other_files/weechatlogs_encrypter.sh b/bullseye/other_files/weechatlogs_encrypter.sh
new file mode 100755
index 0000000..9e177d3
--- /dev/null
+++ b/bullseye/other_files/weechatlogs_encrypter.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+# Encrypt dated weechatlog files older than one day to GPG target defined in
+# ~/.encrypt_target
+set -e
+
+gpg_key=$(cat ~/.encrypt_target)
+cd ~/weechatlogs/irc/
+
+# Dirty hack: To avoid trouble with GPG key expiration, fake
+# system to something reasonbly old (younger than key creation,
+# older than expiration) by taking the mod datetime of
+# /etc/hostname, which should have last be changed when the
+# system was set up.
+hostname_mod_epoch=$(stat -c%Y /etc/hostname)
+find . -regextype posix-egrep -regex '^.*/.*/.*\.[0-9]{4}-[0-9]{2}-[0-9]{2}\.weechatlog$' -type f -mtime +1 -exec gpg --recipient "${gpg_key}" --trust-model always --faked-system-time="${hostname_mod_epoch}" --encrypt {} \; -exec rm {} \;
+
diff --git a/bullseye/other_files/weechatrc b/bullseye/other_files/weechatrc
new file mode 100644
index 0000000..44cc506
--- /dev/null
+++ b/bullseye/other_files/weechatrc
@@ -0,0 +1,8 @@
+/set logger.file.path ~/weechatlogs
+/set logger.file.flush_delay 0
+/set logger.mask.irc "irc/$server/$channel.%Y-%m-%d.weechatlog"
+/set weechat.bar.status.items "[time],[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+buffer_zoom+buffer_filter,[lag],[hotlist],completion,scroll,[otr]"
+/set weechat.color.chat_nick_colors "lightcyan"
+/server add libera irc.libera.chat -nicks=plomlompom,plomlomp0m,ploml0mp0m,pl0ml0mp0m -realname="Christian Heller" -autojoin=#plomlomtest
+/connect libera 
+/bar hide buflist
diff --git a/bullseye/setup_scripts/mirror_dir.sh b/bullseye/setup_scripts/mirror_dir.sh
new file mode 100755
index 0000000..0fc03aa
--- /dev/null
+++ b/bullseye/setup_scripts/mirror_dir.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+# Mirror directory tree from remote to local server, keeping the path.
+set -e
+
+if [ $# -lt 2 ]; then
+    echo "Need server and directory as arguments."
+    false
+fi
+server=$1
+dir=$2
+path_package=/tmp/delete.tar
+
+eval `ssh-agent`
+ssh-add
+cd
+ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ."
+scp plom@"${server}":"${path_package}" "${path_package}"
+mkdir -p "${dir}"
+cd "${dir}"
+tar xf "${path_package}"
+cd
+rm "${path_package}"
+ssh plom@"${server}" rm "${path_package}"
diff --git a/bullseye/setup_scripts/prepare_to_meet_server.sh b/bullseye/setup_scripts/prepare_to_meet_server.sh
new file mode 100755
index 0000000..569bf74
--- /dev/null
+++ b/bullseye/setup_scripts/prepare_to_meet_server.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+# Do some of the steps necessary to SSH (key-based) with another server.
+set -e
+
+if [ "$#" -ne 1 ]; then
+    echo 'Need server IP as argument.'
+    false
+fi
+target="$1"
+
+# We need a public key to copy over, so generate it if not found.
+if [ ! -f ~/.ssh/id_rsa.pub ]; then
+    ssh-keygen
+fi
+
+# Add target to ~/.ssh/known_hosts so we don't get
+# asked for permission at inopportune moments.
+ssh-keyscan -H "$target" >> ~/.ssh/known_hosts
+
+# Tell user what to do.
+echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:"
+cat ~/.ssh/id_rsa.pub
diff --git a/bullseye/setup_scripts/setup_play.sh b/bullseye/setup_scripts/setup_play.sh
new file mode 100755
index 0000000..48f11ba
--- /dev/null
+++ b/bullseye/setup_scripts/setup_play.sh
@@ -0,0 +1,55 @@
+#!/bin/sh
+set -e
+set -x
+
+if [ "$#" -lt 1 ]; then
+  echo "Need public key ID and optionally old server IP."
+  false
+fi
+gpg_key="$1"
+old_server="$2"
+
+config_tree_prefix="${HOME}/config/bullseye"
+./install_for_target.sh play
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" play
+cp "${config_tree_prefix}/other_files/weechatrc" /home/plom/.weechatrc
+cp "${config_tree_prefix}/other_files/weechat-wrapper.sh" /home/plom/
+cp "${config_tree_prefix}/other_files/weechatlogs_encrypter.sh" /home/plom/
+chown plom:plom /home/plom/*weechat*
+chown plom:plom /home/plom/.weechatrc
+echo "${gpg_key}" > /home/plom/.encrypt_target
+chown plom:plom /home/plom/.encrypt_target
+
+# TODO refactor with setup_website.sh
+# Add encryption key.
+keyservers='sks-keyservers.net/ keys.gnupg.net'
+set +e
+while true; do
+    do_break=0
+    for keyserver in $(echo "${keyservers}"); do
+        su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}"
+        if [ $? -eq "0" ]; then
+            do_break=1
+            break
+        fi
+        echo "Attempt with keyserver ${keyserver} unsuccessful, trying other."
+    done
+    if [ "${do_break}" -eq "1" ]; then
+        break
+    fi
+done
+set -e
+
+if [ "${old_server}" != "" ]; then
+  cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/
+  su -lc "./prepare_to_meet_server.sh ${old_server}" plom
+  read -p'Hit Enter when you are done.' ignore
+  rm /home/plom/prepare_to_meet_server.sh
+  su -lc "scp plom@${old_server}:.ssh/authorized_keys .ssh/authorized_keys" plom
+  su -lc "scp plom@${old_server}:.weechatrc ~" plom
+  cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
+  su -lc "./mirror_dir.sh ${old_server} /home/plom/weechatlogs" plom
+  rm /home/plom/mirror_dir.sh
+fi
+
+systemctl enable --now encrypt_chatlogs.timer
-- 
2.30.2