From feb1dd9ca5a7012534b2298dbbdeb409bd1d065c Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Tue, 15 Apr 2025 23:11:40 +0200 Subject: [PATCH] Major refactoring. --- .../system/encrypt_catgirl_logs.service | 2 +- bookworm/home/catgirl/.config/catgirl/libera | 2 +- .../catgirl/.local/bin/encrypt_catgirl_logs | 4 +- bookworm/scripts/lib/chown_to_user | 9 ++ bookworm/scripts/lib/constants_etc | 3 + bookworm/scripts/lib/copy_dirtree | 28 +++--- bookworm/scripts/lib/ensure_etc_of_tags | 8 ++ bookworm/scripts/lib/ensure_homefiles_of_tags | 8 ++ bookworm/scripts/lib/ensure_packages_of_tags | 15 ++++ bookworm/scripts/lib/init_packages | 18 +--- bookworm/scripts/lib/setup_users | 7 +- bookworm/scripts/setup_catgirl.sh | 90 +++++++------------ bookworm/scripts/setup_server.sh | 66 ++++++++++++++ testing/scripts/lib/chown_to_user | 1 + testing/scripts/lib/constants_etc | 1 + testing/scripts/lib/ensure_etc_of_tags | 1 + testing/scripts/lib/ensure_homefiles_of_tags | 1 + testing/scripts/lib/ensure_packages_of_tags | 1 + testing/scripts/setup_desktop.sh | 8 +- testing/scripts/setup_secrets.sh | 3 +- 20 files changed, 181 insertions(+), 95 deletions(-) create mode 100644 bookworm/scripts/lib/chown_to_user create mode 100644 bookworm/scripts/lib/constants_etc create mode 100644 bookworm/scripts/lib/ensure_etc_of_tags create mode 100644 bookworm/scripts/lib/ensure_homefiles_of_tags create mode 100644 bookworm/scripts/lib/ensure_packages_of_tags create mode 100644 bookworm/scripts/setup_server.sh create mode 120000 testing/scripts/lib/chown_to_user create mode 120000 testing/scripts/lib/constants_etc create mode 120000 testing/scripts/lib/ensure_etc_of_tags create mode 120000 testing/scripts/lib/ensure_homefiles_of_tags create mode 120000 testing/scripts/lib/ensure_packages_of_tags diff --git a/bookworm/etc/catgirl/systemd/system/encrypt_catgirl_logs.service b/bookworm/etc/catgirl/systemd/system/encrypt_catgirl_logs.service index 3529295..3f22c84 100644 --- a/bookworm/etc/catgirl/systemd/system/encrypt_catgirl_logs.service +++ b/bookworm/etc/catgirl/systemd/system/encrypt_catgirl_logs.service @@ -4,5 +4,5 @@ Description=Run script for encrypting catgirl logs. [Service] Type=oneshot User=plom -ExecStart=/bin/sh -c 'encrypt_catgirl_logs' +ExecStart=/bin/sh -cl 'encrypt_catgirl_logs' diff --git a/bookworm/home/catgirl/.config/catgirl/libera b/bookworm/home/catgirl/.config/catgirl/libera index 68c04eb..f27baa7 100644 --- a/bookworm/home/catgirl/.config/catgirl/libera +++ b/bookworm/home/catgirl/.config/catgirl/libera @@ -1,4 +1,4 @@ host = irc.libera.chat join = #plomtest -sasl-plain = plomtest:REPLACE_WITH_SASL_PASSWORD +sasl-plain = plomtest:REPLACE_WITH_IRC_PASSWORD log diff --git a/bookworm/home/catgirl/.local/bin/encrypt_catgirl_logs b/bookworm/home/catgirl/.local/bin/encrypt_catgirl_logs index 111b27c..ba4bbf4 100755 --- a/bookworm/home/catgirl/.local/bin/encrypt_catgirl_logs +++ b/bookworm/home/catgirl/.local/bin/encrypt_catgirl_logs @@ -10,7 +10,9 @@ PATH_LOGS="${PATH_USER_SHARE_CATGIRL}/log" PATH_ENCRYPTED_LOGS="${HOME}/logs_encrypted" PATH_ENCRYPTION_KEY="${HOME}/.plomlib/encrypt_with.pub" TODAY="$(date +'%Y-%m-%d')" -PATHS_LOGFILES="$(ls ${PATH_LOGS}/*/*/*.log)" +set +e +PATHS_LOGFILES="$(ls ${PATH_LOGS}/*/*/*.log 2> /dev/null)" +set -e if [ -z "${PATH_LOGFILES}" ]; then echo "No log files present, so nothing to do." exit 0 diff --git a/bookworm/scripts/lib/chown_to_user b/bookworm/scripts/lib/chown_to_user new file mode 100644 index 0000000..2463d76 --- /dev/null +++ b/bookworm/scripts/lib/chown_to_user @@ -0,0 +1,9 @@ +. lib/constants_user # USERNAME + +chown_to_user() { + if [ ! -z "$@" ]; then + for _PATH in $@; do + chown -R "${USERNAME}:${USERNAME}" "${_PATH}" + done + fi +} diff --git a/bookworm/scripts/lib/constants_etc b/bookworm/scripts/lib/constants_etc new file mode 100644 index 0000000..287696e --- /dev/null +++ b/bookworm/scripts/lib/constants_etc @@ -0,0 +1,3 @@ +PATH_REL_ETC=etc +PATH_ETC="/${PATH_REL_ETC}" + diff --git a/bookworm/scripts/lib/copy_dirtree b/bookworm/scripts/lib/copy_dirtree index 13c1c85..e259032 100644 --- a/bookworm/scripts/lib/copy_dirtree +++ b/bookworm/scripts/lib/copy_dirtree @@ -2,22 +2,22 @@ copy_dirtree() { expect_n_args 3 99 'SOURCE_ROOT TARGET_ROOT TAG...' $@ - SOURCE_ROOT="$1" - TARGET_ROOT="$2" + _SOURCE_ROOT="$1" + _TARGET_ROOT="$2" shift 2 - TAGS="$@" + _TAGS="$@" for TAG in ${TAGS}; do - PATH_TAG="${SOURCE_ROOT}/${TAG}" - if [ ! -d "${PATH_TAG}" ]; then - continue - fi - cd "${PATH_TAG}" - for PATH_REL in $(find . -type f,l); do - PATH_TARGET="${TARGET_ROOT}"$(echo "${PATH_REL}" | cut -c2-) - PATH_SOURCE=$(realpath "${PATH_REL}") - DIRECTORY=$(dirname "${PATH_TARGET}") - mkdir -p "${DIRECTORY}" - cp -a "${PATH_SOURCE}" "${PATH_TARGET}" + _PATH_TAG="${_SOURCE_ROOT}/${_TAG}" + if [ ! -d "${_PATH_TAG}" ]; then + continue + fi + cd "${_PATH_TAG}" + for _PATH_REL in $(find . -type f,l); do + _PATH_TARGET="${_TARGET_ROOT}"$(echo "${_PATH_REL}" | cut -c2-) + _PATH_SOURCE=$(realpath "${_PATH_REL}") + _DIRECTORY=$(dirname "${_PATH_TARGET}") + mkdir -p "${_DIRECTORY}" + cp -av "${_PATH_SOURCE}" "${_PATH_TARGET}" done cd - > /dev/null done diff --git a/bookworm/scripts/lib/ensure_etc_of_tags b/bookworm/scripts/lib/ensure_etc_of_tags new file mode 100644 index 0000000..deab16c --- /dev/null +++ b/bookworm/scripts/lib/ensure_etc_of_tags @@ -0,0 +1,8 @@ +. lib/copy_dirtree +. lib/constants_etc # PATH_ETC, PATH_REL_ETC +. lib/constants_repopaths # PATH_CONF + +ensure_etc_of_tags() { + _PATH_CONF_ETC="${PATH_CONF}/${PATH_REL_ETC}" + copy_dirtree "${_PATH_CONF_ETC}" "${PATH_ETC}" $@ +} diff --git a/bookworm/scripts/lib/ensure_homefiles_of_tags b/bookworm/scripts/lib/ensure_homefiles_of_tags new file mode 100644 index 0000000..476695a --- /dev/null +++ b/bookworm/scripts/lib/ensure_homefiles_of_tags @@ -0,0 +1,8 @@ +. lib/chown_to_user +. lib/constants_user # PATH_USER_HOME +. lib/constants_repopaths # PATH_CONF + +ensure_homefiles_of_tags() { + _TO_CHOWN=$(copy_dirtree "${_PATH_CONF_HOME}" "${PATH_USER_HOME}" $@ | sed "s/.*' -> //g") + chown_to_user ${_TO_CHOWN} +} diff --git a/bookworm/scripts/lib/ensure_packages_of_tags b/bookworm/scripts/lib/ensure_packages_of_tags new file mode 100644 index 0000000..e1fdb98 --- /dev/null +++ b/bookworm/scripts/lib/ensure_packages_of_tags @@ -0,0 +1,15 @@ +ensure_packages_of_tags() { + # Walk through the package names in ../aptmark/ files to ensure the respective + # packages are installed. + for _TAG in $@; do + _PATH_APTMARK_TAG="../aptmark/${_TAG}" + if [ ! -f "${_PATH_APTMARK_TAG}" ]; then + continue + fi + cat "${_PATH_APTMARK_TAG}" | while read _LINE; do + if [ ! $(echo "${_LINE}" | cut -c1) = "#" ]; then + apt-get -y -o Dpkg::Options::="--force-confnew" install "${_LINE}" + fi + done + done +} diff --git a/bookworm/scripts/lib/init_packages b/bookworm/scripts/lib/init_packages index 0148225..0de0578 100644 --- a/bookworm/scripts/lib/init_packages +++ b/bookworm/scripts/lib/init_packages @@ -1,3 +1,5 @@ +. lib/ensure_packages_of_tags + init_packages() { echo "\nInstalling and/or keeping only what's required by us or Debian." export DEBIAN_FRONTEND=noninteractive @@ -16,21 +18,9 @@ init_packages() { comm -3 "${PATH_LIST_ALL_PACKAGES}" "${PATH_LIST_WHITE}" > "${PATH_LIST_BLACK}" apt-mark auto `cat "${PATH_LIST_BLACK}"` rm "${PATH_LIST_UNSORTED}" "${PATH_LIST_ALL_PACKAGES}" "${PATH_LIST_WHITE}" "${PATH_LIST_BLACK}" - - # Walk through the package names in ../aptmark/ files to ensure the respective - # packages are installed. - for TAG in $@; do - PATH_APTMARK_TAG="../aptmark/${TAG}" - if [ ! -f "${PATH_APTMARK_TAG}" ]; then - continue - fi - cat "${PATH_APTMARK_TAG}" | while read LINE; do - if [ ! $(echo "${LINE}" | cut -c1) = "#" ]; then - apt-get -y -o Dpkg::Options::="--force-confnew" install "${LINE}" - fi - done - done + # before purging, ensure tagged packages installed + ensure_packages_of_tags $@ apt -y --purge autoremove apt -y dist-upgrade } diff --git a/bookworm/scripts/lib/setup_users b/bookworm/scripts/lib/setup_users index 349c6a3..01e2ee2 100644 --- a/bookworm/scripts/lib/setup_users +++ b/bookworm/scripts/lib/setup_users @@ -1,5 +1,7 @@ +. lib/chown_to_user . lib/copy_dirtree . lib/constants_user # PATH_USER_HOME, USERNAME +. lib/ensure_homefiles_of_tags setup_users() { _MIN_TAGS="$1" @@ -13,10 +15,11 @@ setup_users() { echo "\nSetting up user ${USERNAME}." adduser --disabled-password --gecos "" "${USERNAME}" usermod -a -G sudo "${USERNAME}" + ensure_homefiles_of_tags ${_MIN_TAGS} ${_TAGS_USER} copy_dirtree "${_PATH_CONF_HOME}" "${PATH_USER_HOME}" ${_MIN_TAGS} ${_TAGS_USER} - mkdir -p "${_PATH_USER_BIN}" + _TO_CHOWN=$(mkdir -p "${_PATH_USER_BIN}" | sed 's/mkdir: created directory //g | head -1' cd "${_PATH_USER_BIN}" ln -s ../../.plomlib lib + chown_to_user "${_TO_CHOWN}" cd - > /dev/null - chown -R "${USERNAME}:${USERNAME}" "${PATH_USER_HOME}" } diff --git a/bookworm/scripts/setup_catgirl.sh b/bookworm/scripts/setup_catgirl.sh index 5acf65e..3ecbeb8 100755 --- a/bookworm/scripts/setup_catgirl.sh +++ b/bookworm/scripts/setup_catgirl.sh @@ -11,66 +11,44 @@ cd $(dirname "$0") . lib/init_packages . lib/setup_users -MIN_TAGS='all server catgirl caddy' +. lib/ensure_etc_of_tags +. lib/ensure_packages_of_tags + +PATH_DEP=/root/setup_server.finished +if [ ! -f "${PATH_DEP}" ]; then + abort "No ${PATH_DEP} found – run setup_server.sh first!" +fi +expect_n_args 1 1 'IRC_PASSWORD' $@ +IRC_PASSWORD="$1" + +ensure_packages_of_tags() { + # Walk through the package names in ../aptmark/ files to ensure the respective + # packages are installed. + for TAG in $@; do + PATH_APTMARK_TAG="../aptmark/${TAG}" + if [ ! -f "${PATH_APTMARK_TAG}" ]; then + continue + fi + cat "${PATH_APTMARK_TAG}" | while read LINE; do + if [ ! $(echo "${LINE}" | cut -c1) = "#" ]; then + apt-get -y -o Dpkg::Options::="--force-confnew" install "${LINE}" + fi + done + done +} + +ensure_packages_of_tags catgirl +ensure_etc_of_tags catgirl +copy_dirtree "${_PATH_CONF_HOME}" "${PATH_USER_HOME}" catgirl +chown -R "${USERNAME}:${USERNAME}" "${PATH_USER_HOME}" -expect_n_args 4 4 'HOSTNAME, FQDN, IRC_PASSWORD, WEB_PASSWORD' $@ -HOSTNAME="$1" -FQDN="$2" -IRC_PASSWORD="$3" -WEB_PASSWORD="$4" - -PATH_REL_ETC=etc -PATH_CONF_ETC="${PATH_CONF}/${PATH_REL_ETC}" -PATH_ETC="/${PATH_REL_ETC}" -PATH_HOSTS="${PATH_ETC}/hosts" -PATH_BORG_HOME=/home/borg -PATH_CADDYFILE="${PATH_ETC}/caddy/Caddyfile" - -echo '\nPreparing caddy install.' -apt -y install curl -curl -1Lf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg -curl -1Lf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list - -init_packages "${MIN_TAGS}" - -echo '\nSetting hostname and FQDN.' -echo "${HOSTNAME}" > "${PATH_ETC}/hostname" -hostname "${HOSTNAME}" -echo '127.0.0.1 localhost.localdomain localhost' > "${PATH_HOSTS}" -echo "$(determine_ip) ${FQDN} ${HOSTNAME}" >> "${PATH_HOSTS}" - -echo '\nAdapting /etc to our needs.' -copy_dirtree "${PATH_CONF_ETC}" "${PATH_ETC}" ${MIN_TAGS} - -echo '\nSetting Berlin localtime.' -ln -sf /usr/share/zoneinfo/Europe/Berlin "${PATH_ETC}/localtime" -ntpdate-debian - -setup_users "${MIN_TAGS}" '' - -echo '\nMoving SSH data from root to user.' -mkdir -p "${PATH_USER_SSH}" -mv "/root/${PATH_REL_SSH}/authorized_keys" "${PATH_USER_SSH}/" -chown -R "${USERNAME}:${USERNAME}" "${PATH_USER_SSH}" - -echo '\nSetting up minimal borg user.' -adduser --system --home "${PATH_BORG_HOME}" --shell /bin/sh borg -cp -a "${PATH_USER_SSH}" "${PATH_BORG_HOME}/" -chown -R borg:nogroup "${PATH_BORG_HOME}/${PATH_REL_SSH}" - -echo '\nEnabling the firewall.' -systemctl enable --now nftables +mkdir -p "${PATH_USER_SHARE_CATGIRL}" echo '\nSetting up catgirl.' + sed -i "s/REPLACE_WITH_IRC_PASSWORD/${IRC_PASSWORD}/g" "${PATH_USER_HOME}/.config/catgirl/libera" -mkdir -p "${PATH_USER_SHARE_CATGIRL}" chown -R plom:plom "${PATH_USER_SHARE_CATGIRL}" + systemctl enable --now catgirl -systemctl enable --now encrypt_catgirl_logs +systemctl enable --now encrypt_catgirl_logs.timer -echo "Adapting caddy's config and reloading it …" -HASH=$(caddy hash-password --plaintext "${WEB_PASSWORD}") -sed -i "s/REPLACE_WITH_HASH/${HASH}/g" "${PATH_CADDYFILE}" -sed -i "s/REPLACE_WITH_FQDN/${FQDN}/g" "${PATH_CADDYFILE}" -mkdir -p /var/www/dump/private /var/www/dump/public -systemctl reload caddy diff --git a/bookworm/scripts/setup_server.sh b/bookworm/scripts/setup_server.sh new file mode 100644 index 0000000..38ba4e5 --- /dev/null +++ b/bookworm/scripts/setup_server.sh @@ -0,0 +1,66 @@ +#!/bin/sh +set -e +cd $(dirname "$0") +. lib/constants_etc # PATH_ETC +. lib/constants_ssh # PATH_REL_SSH, PATH_USER_SSH +. lib/determine_ip +. lib/ensure_etc_of_tags +. lib/expect_n_args +. lib/init_packages +. lib/setup_users + +MIN_TAGS='all server caddy' + +expect_n_args 3 3 'HOSTNAME, FQDN, WEB_PASSWORD' $@ +HOSTNAME="$1" +FQDN="$2" +WEB_PASSWORD="$3" + +PATH_HOSTS="${PATH_ETC}/hosts" +PATH_BORG_HOME=/home/borg +PATH_CADDYFILE="${PATH_ETC}/caddy/Caddyfile" + +echo '\nPreparing caddy install.' +PATH_CADDY_REPO='https://dl.cloudsmith.io/public/caddy/stable/gpg.key' +apt -y install curl +curl -1Lf "${PATH_CADDY_REPO}/gpg.key" | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg +curl -1Lf "${PATH_CADDY_REPO}/debian.deb.txt" | tee /etc/apt/sources.list.d/caddy-stable.list + +init_packages "${MIN_TAGS}" + +echo '\nSetting hostname and FQDN.' +echo "${HOSTNAME}" > "${PATH_ETC}/hostname" +hostname "${HOSTNAME}" +echo '127.0.0.1 localhost.localdomain localhost' > "${PATH_HOSTS}" +echo "$(determine_ip) ${FQDN} ${HOSTNAME}" >> "${PATH_HOSTS}" + +echo '\nAdapting /etc to our needs.' +ensure_etc_of_tags ${MIN_TAGS} + +echo '\nSetting Berlin localtime.' +ln -sf /usr/share/zoneinfo/Europe/Berlin "${PATH_ETC}/localtime" +ntpdate-debian + +setup_users "${MIN_TAGS}" '' + +echo '\nMoving SSH data from root to user.' +mkdir -p "${PATH_USER_SSH}" +mv "/root/${PATH_REL_SSH}/authorized_keys" "${PATH_USER_SSH}/" +chown_to_user "${PATH_USER_SSH}" + +echo '\nSetting up minimal borg user.' +adduser --system --home "${PATH_BORG_HOME}" --shell /bin/sh borg +cp -a "${PATH_USER_SSH}" "${PATH_BORG_HOME}/" +chown -R borg:nogroup "${PATH_BORG_HOME}/${PATH_REL_SSH}" + +echo '\nEnabling the firewall.' +systemctl enable --now nftables + +echo "Adapting caddy's config and reloading it …" +HASH=$(caddy hash-password --plaintext "${WEB_PASSWORD}") +sed -i "s/REPLACE_WITH_HASH/${HASH}/g" "${PATH_CADDYFILE}" +sed -i "s/REPLACE_WITH_FQDN/${FQDN}/g" "${PATH_CADDYFILE}" +mkdir -p /var/www/dump/private /var/www/dump/public +systemctl reload caddy + +touch /root/setup_server.finished diff --git a/testing/scripts/lib/chown_to_user b/testing/scripts/lib/chown_to_user new file mode 120000 index 0000000..d23376e --- /dev/null +++ b/testing/scripts/lib/chown_to_user @@ -0,0 +1 @@ +../../../bookworm/scripts/lib/chown_to_user \ No newline at end of file diff --git a/testing/scripts/lib/constants_etc b/testing/scripts/lib/constants_etc new file mode 120000 index 0000000..5c4073f --- /dev/null +++ b/testing/scripts/lib/constants_etc @@ -0,0 +1 @@ +../../../bookworm/scripts/lib/constants_etc \ No newline at end of file diff --git a/testing/scripts/lib/ensure_etc_of_tags b/testing/scripts/lib/ensure_etc_of_tags new file mode 120000 index 0000000..49a4429 --- /dev/null +++ b/testing/scripts/lib/ensure_etc_of_tags @@ -0,0 +1 @@ +../../../bookworm/scripts/lib/ensure_etc_of_tags \ No newline at end of file diff --git a/testing/scripts/lib/ensure_homefiles_of_tags b/testing/scripts/lib/ensure_homefiles_of_tags new file mode 120000 index 0000000..218fee3 --- /dev/null +++ b/testing/scripts/lib/ensure_homefiles_of_tags @@ -0,0 +1 @@ +../../../bookworm/scripts/lib/ensure_homefiles_of_tags \ No newline at end of file diff --git a/testing/scripts/lib/ensure_packages_of_tags b/testing/scripts/lib/ensure_packages_of_tags new file mode 120000 index 0000000..3c5fdf5 --- /dev/null +++ b/testing/scripts/lib/ensure_packages_of_tags @@ -0,0 +1 @@ +../../../bookworm/scripts/lib/ensure_packages_of_tags \ No newline at end of file diff --git a/testing/scripts/setup_desktop.sh b/testing/scripts/setup_desktop.sh index d4ba741..1f82b2a 100755 --- a/testing/scripts/setup_desktop.sh +++ b/testing/scripts/setup_desktop.sh @@ -3,17 +3,15 @@ set -e cd $(dirname "$0") . lib/abort . lib/abort_if_offline +. lib/constants_etc # PATH_REL_ETC, PATH_ETC, PATH_REL_ETC . lib/constants_repopaths # PATH_CONF -. lib/constants_user # PATH_USER_HOME, USERNAME -. lib/copy_dirtree +. lib/constants_user # USERNAME . lib/determine_ip . lib/expect_min_n_args . lib/init_packages . lib/setup_users -PATH_REL_ETC=etc PATH_CONF_ETC="${PATH_CONF}/${PATH_REL_ETC}" -PATH_ETC="/${PATH_REL_ETC}" PATH_NETWORK_INTERFACES="${PATH_ETC}/network/interfaces" PATH_REL_APT=apt PATH_REL_APT_CONF=${PATH_REL_APT}/apt.conf.d @@ -102,7 +100,7 @@ echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts echo "$(determine_ip) ${SYSTEM_NAME}" >> /etc/hosts echo "\nAdapting /etc to our needs." -copy_dirtree "${PATH_CONF_ETC}" '/etc' ${TAGS_PACKAGES} +ensure_etc_of_tags ${TAGS_PACKAGES} echo "\nEnsuring our desired locale is available." locale-gen diff --git a/testing/scripts/setup_secrets.sh b/testing/scripts/setup_secrets.sh index 79674c1..458bb74 100755 --- a/testing/scripts/setup_secrets.sh +++ b/testing/scripts/setup_secrets.sh @@ -2,6 +2,7 @@ set -e cd $(dirname "$0") . lib/abort_if_not_user +. lib/chown_to_user . lib/constants_repopaths # PATH_CONF, PATH_SCRIPTS . lib/constants_user # USERNAME . lib/path_tmp_timestamped @@ -13,6 +14,6 @@ PATH_TMP_REPO="$(path_tmp_timestamped configrepo)" echo "Setting up config repo copy for user at ${PATH_TMP_REPO} …" cp -a "${PATH_REPO}" "${PATH_TMP_REPO}" -chown -R "${USERNAME}:${USERNAME}" "${PATH_TMP_REPO}" +chown_to_user "${PATH_TMP_REPO}" su -l "${USERNAME}" -c "/bin/sh ${PATH_TMP_REPO}/${PATH_REL_SETUP_SECRETS_USER} $1" rm -rf "${PATH_TMP_REPO}" -- 2.30.2