From 753f7f64a8295dac2ab15cf227396529441870a5 Mon Sep 17 00:00:00 2001
From: Christian Heller <c.heller@plomlompom.de>
Date: Tue, 13 Nov 2018 22:41:53 +0100
Subject: [PATCH] Extend new setup.

---
 .../init_user_and_keybased_login.sh                | 14 +++++++++++---
 .../etc/apt/apt.conf.d}/99_minimize_dependencies   |  0
 .../linkable_etc_files/all/etc/apt/sources.list    |  4 ++++
 .../server/etc/ssh}/sshd_config                    |  4 ++--
 all_new_2018/symlink_etc.sh                        | 14 ++++++++++++++
 5 files changed, 31 insertions(+), 5 deletions(-)
 rename all_new_2018/{init_user_and_keybased_login => }/init_user_and_keybased_login.sh (70%)
 rename all_new_2018/{limit_packages => linkable_etc_files/all/etc/apt/apt.conf.d}/99_minimize_dependencies (100%)
 create mode 100644 all_new_2018/linkable_etc_files/all/etc/apt/sources.list
 rename all_new_2018/{init_user_and_keybased_login => linkable_etc_files/server/etc/ssh}/sshd_config (98%)
 create mode 100644 all_new_2018/symlink_etc.sh

diff --git a/all_new_2018/init_user_and_keybased_login/init_user_and_keybased_login.sh b/all_new_2018/init_user_and_keybased_login.sh
similarity index 70%
rename from all_new_2018/init_user_and_keybased_login/init_user_and_keybased_login.sh
rename to all_new_2018/init_user_and_keybased_login.sh
index 0524a35..5fa7831 100755
--- a/all_new_2018/init_user_and_keybased_login/init_user_and_keybased_login.sh
+++ b/all_new_2018/init_user_and_keybased_login.sh
@@ -7,9 +7,16 @@
 # contains the local ~/.ssh/id_rsa.pub, and also any old
 # /etc/ssh/sshd_config.
 #
-# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub
+# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly
+# configured sshd_config file in reach.
 set -e
 
+# Location auf a sshd_config with "PermitRootLogin no" and
+# "PasswordAuthentication no".
+system_path_sshd_config='/etc/ssh/sshd_config'
+config_tree_prefix='~/config/all_new_2018/linkable_etc_files/server/'
+local_path_sshd_config="$config_tree_prefix""$system_path_sshd_config"
+
 # Ensure we have a server name as argument.
 if [ $# -eq 0 ]; then
     echo "Need server as argument."
@@ -27,7 +34,8 @@ export SSHPASS="$PW_ROOT"
 
 # Create user plom, and his ~/.ssh/authorized_keys based on the local
 # ~/.ssh/id_rsa.pub; ensure the result has proper permissions and
-# ownerships. Then disable root and pw login, and restart ssh daemon.
+# ownerships. Then disable root and pw login by copying over the
+# sshd_config and restart ssh daemon.
 #
 # This could be a line or two shorter by using ssh-copy-id, but that
 # would require setting a password for user plom otherwise not needed.
@@ -38,5 +46,5 @@ sshpass -e ssh root@"$server" \
         'chown plom:plom /tmp/authorized_keys && '\
         'chmod u=rw,go= /tmp/authorized_keys && '\
         'mv /tmp/authorized_keys /home/plom/.ssh/'
-sshpass -e scp sshd_config root@"$server":/etc/ssh/sshd_config
+sshpass -e scp "$local_path_sshd_config" root@"$server":"$system_path_sshd_config"
 sshpass -e ssh root@"$server" 'service ssh restart'
diff --git a/all_new_2018/limit_packages/99_minimize_dependencies b/all_new_2018/linkable_etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies
similarity index 100%
rename from all_new_2018/limit_packages/99_minimize_dependencies
rename to all_new_2018/linkable_etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies
diff --git a/all_new_2018/linkable_etc_files/all/etc/apt/sources.list b/all_new_2018/linkable_etc_files/all/etc/apt/sources.list
new file mode 100644
index 0000000..68064c6
--- /dev/null
+++ b/all_new_2018/linkable_etc_files/all/etc/apt/sources.list
@@ -0,0 +1,4 @@
+deb http://deb.debian.org/debian stretch main contrib non-free
+deb http://deb.debian.org/debian-security/ stretch/updates main contrib non-free
+deb http://deb.debian.org/debian stretch-updates main contrib non-free
+deb http://ftp.debian.org/debian stretch-backports main contrib non-free
\ No newline at end of file
diff --git a/all_new_2018/init_user_and_keybased_login/sshd_config b/all_new_2018/linkable_etc_files/server/etc/ssh/sshd_config
similarity index 98%
rename from all_new_2018/init_user_and_keybased_login/sshd_config
rename to all_new_2018/linkable_etc_files/server/etc/ssh/sshd_config
index 1169f74..b72e311 100644
--- a/all_new_2018/init_user_and_keybased_login/sshd_config
+++ b/all_new_2018/linkable_etc_files/server/etc/ssh/sshd_config
@@ -30,7 +30,7 @@ Port 443 # used for networks where 22 is banned
 # Authentication:
 
 #LoginGraceTime 2m
-PermitRootLogin no 
+PermitRootLogin no
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
@@ -124,4 +124,4 @@ Subsystem sftp	/usr/lib/openssh/sftp-server
 #	ForceCommand cvs server
 
 ClientAliveInterval 120
-PasswordAuthentication no 
+PasswordAuthentication no
diff --git a/all_new_2018/symlink_etc.sh b/all_new_2018/symlink_etc.sh
new file mode 100644
index 0000000..238d136
--- /dev/null
+++ b/all_new_2018/symlink_etc.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+# Symbolically link files to those under linkable_etc_files/$1/, e.g.
+# link /etc/foo/bar to linkable_etc_files/$1/etc/foo/bar. Create
+# directories as necessary.
+# CAUTION: This removes original files at the affected paths.
+set -e
+
+target="$1"
+config_tree_prefix="~/config/all_new_2018/linkable_etc_files/"
+cd "$config_tree_prefix""$target"
+for path in $(find .); do
+    dest=$(echo "$path" | cut -c2-)
+    ln -fs "$path" "$dest"
+done
-- 
2.30.2