home · contact · privacy
Change directory structure and between-script path references.
authorChristian Heller <c.heller@plomlompom.de>
Sat, 15 Dec 2018 18:15:04 +0000 (19:15 +0100)
committerChristian Heller <c.heller@plomlompom.de>
Sat, 15 Dec 2018 18:15:04 +0000 (19:15 +0100)
30 files changed:
all_new_2018/hardlink_etc.sh [deleted file]
all_new_2018/init_user_and_keybased_login.sh [deleted file]
all_new_2018/install_for_target.sh [deleted file]
all_new_2018/letsencrypt.sh [deleted file]
all_new_2018/letsencrypt_get.sh [deleted file]
all_new_2018/mirror_dir.sh [deleted file]
all_new_2018/prepare_to_meet_server.sh [deleted file]
all_new_2018/purge_nonrequireds.sh [deleted file]
all_new_2018/set_hostname_and_fqdn.sh [deleted file]
all_new_2018/setup_mail.sh [deleted file]
all_new_2018/setup_play.sh [deleted file]
all_new_2018/setup_plomlombot.sh [deleted file]
all_new_2018/setup_scripts/hardlink_etc.sh [new file with mode: 0755]
all_new_2018/setup_scripts/init_user_and_keybased_login.sh [new file with mode: 0755]
all_new_2018/setup_scripts/install_for_target.sh [new file with mode: 0755]
all_new_2018/setup_scripts/letsencrypt.sh [new file with mode: 0755]
all_new_2018/setup_scripts/letsencrypt_get.sh [new file with mode: 0755]
all_new_2018/setup_scripts/mirror_dir.sh [new file with mode: 0755]
all_new_2018/setup_scripts/prepare_to_meet_server.sh [new file with mode: 0755]
all_new_2018/setup_scripts/purge_nonrequireds.sh [new file with mode: 0755]
all_new_2018/setup_scripts/set_hostname_and_fqdn.sh [new file with mode: 0755]
all_new_2018/setup_scripts/setup_mail.sh [new file with mode: 0755]
all_new_2018/setup_scripts/setup_play.sh [new file with mode: 0755]
all_new_2018/setup_scripts/setup_plomlombot.sh [new file with mode: 0755]
all_new_2018/setup_scripts/setup_sendonly.sh [new file with mode: 0755]
all_new_2018/setup_scripts/setup_server.sh [new file with mode: 0755]
all_new_2018/setup_scripts/setup_web.sh [new file with mode: 0755]
all_new_2018/setup_sendonly.sh [deleted file]
all_new_2018/setup_server.sh [deleted file]
all_new_2018/setup_web.sh [deleted file]

diff --git a/all_new_2018/hardlink_etc.sh b/all_new_2018/hardlink_etc.sh
deleted file mode 100755 (executable)
index a6f3b68..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-# Hard link files to those in argument-selected subdirectories of
-# linkable_etc_files//, e.g. link /etc/foo/bar to
-# linkable_etc_files/$1/etc/foo/bar and so on. Create directories as
-# necessary. We do the hard linking so files that should be readable to
-# non-root in /etc/ remain so despite having a path below /root/, as
-# symbolic links point into /root/ without making the targets readable
-# to non-root.
-# CAUTION: This removes original files at the affected paths.
-set -e
-
-config_tree_prefix="${HOME}/config/all_new_2018/linkable_etc_files/"
-
-for target in "$@"; do
-    cd "${config_tree_prefix}${target}"
-    for path in $(find . -type f); do
-        linking=$(echo "${path}" | cut -c2-)
-        linked=$(realpath "${path}")
-        dir=$(dirname "${linking}")
-        mkdir -p "${dir}"
-        ln -f "${linked}" "${linking}"
-    done
-done
diff --git a/all_new_2018/init_user_and_keybased_login.sh b/all_new_2018/init_user_and_keybased_login.sh
deleted file mode 100755 (executable)
index fc9dd96..0000000
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/bin/sh
-# This script turns a fresh server with password-based root access to
-# one of only key-based access and only to new non-root account plom.
-#
-# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
-# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
-# contains the local ~/.ssh/id_rsa.pub, and also any old
-# /etc/ssh/sshd_config.
-#
-# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly
-# configured sshd_config file in reach.
-set -e
-
-# Location auf a sshd_config with "PermitRootLogin no" and
-# "PasswordAuthentication no".
-system_path_sshd_config='/etc/ssh/sshd_config'
-config_tree_prefix="${HOME}/config/all_new_2018/linkable_etc_files/server/"
-local_path_sshd_config="${config_tree_prefix}""${system_path_sshd_config}"
-
-# Ensure we have a server name as argument.
-if [ $# -eq 0 ]; then
-    echo "Need server as argument."
-    false
-fi
-server="$1"
-
-# Ask for root password only once, sshpass will re-use it then often.
-stty -echo
-printf "Server root password: "
-read PW_ROOT
-stty echo
-printf "\n"
-export SSHPASS="${PW_ROOT}"
-
-# Create user plom, and his ~/.ssh/authorized_keys based on the local
-# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and
-# ownerships. Then disable root and pw login by copying over the
-# sshd_config and restart ssh daemon.
-#
-# This could be a line or two shorter by using ssh-copy-id, but that
-# would require setting a password for user plom otherwise not needed.
-sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys
-sshpass -e ssh root@"${server}" \
-        'useradd -m plom && '\
-        'mkdir /home/plom/.ssh && '\
-        'chown plom:plom /home/plom/.ssh && '\
-        'chown plom:plom /tmp/authorized_keys && '\
-        'chmod u=rw,go= /tmp/authorized_keys && '\
-        'mv /tmp/authorized_keys /home/plom/.ssh/'
-sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
-sshpass -e ssh root@"${server}" 'service ssh restart'
diff --git a/all_new_2018/install_for_target.sh b/all_new_2018/install_for_target.sh
deleted file mode 100755 (executable)
index 9d765aa..0000000
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/sh
-# Walks through the package names in the argument-selected files of
-# apt-mark/ and ensures the respective packages are installed.
-#
-# Ignores anything in an apt-mark/ file after the last newline.
-set -e
-
-config_tree_prefix="${HOME}/config/all_new_2018/apt-mark/"
-
-for target in "$@"; do
-    path="${config_tree_prefix}${target}"
-    cat "${path}" | while read line; do
-        echo "$line"
-        if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
-            apt-get -y install "${line}"
-        fi
-    done
-done
diff --git a/all_new_2018/letsencrypt.sh b/all_new_2018/letsencrypt.sh
deleted file mode 100755 (executable)
index 5fdf703..0000000
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/sh
-set -e
-
-# Ensure we have a mail address as argument.
-if [ $# -lt 1 ]; then
-    echo "Need mail address as argument."
-    false
-fi
-mail_address="$1"
-
-# We need certbot to get LetsEncrypt certificates.
-apt install -y certbot
-
-# If port 80 blocked by iptables, open it.
-set +e
-iptables -C INPUT -p tcp --dport 80 -j ACCEPT
-open_iptables="$?"
-set -e
-if [ "${open_iptables}" -eq "1" ]; then
-    iptables -A INPUT -p tcp --dport 80 -j ACCEPT
-fi
-
-# Create new certificate and copy it to /etc/letsencrypt.
-certbot certonly --standalone --agree-tos -m "${mail_address}" -d "$(hostname -f)"
-
-# Remove iptables rule to open port 80 if we added it.
-if [ "${open_iptables}" -eq "1" ]; then
-    iptables -D INPUT -p tcp --dport 80 -j ACCEPT
-fi
diff --git a/all_new_2018/letsencrypt_get.sh b/all_new_2018/letsencrypt_get.sh
deleted file mode 100755 (executable)
index c2b3e9f..0000000
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/sh
-# Copy over LetsEncrypt certificates from another server.
-set -e
-
-# Ensure we have a server name as argument.
-if [ $# -lt 1 ]; then
-    echo "Need server as argument."
-    false
-fi
-server="$1"
-
-# Copy over.
-ssh -t plom@${server} 'su -c "cd /etc/ && tar cf letsencrypt.tar letsencrypt && chown plom:plom letsencrypt.tar && mv letsencrypt.tar /home/plom/"'
-scp plom@${server}:~/letsencrypt.tar .
-apt -y install certbot
-rmdir /etc/letsencrypt
-mv letsencrypt.tar /etc/
-cd /etc/
-tar xf letsencrypt.tar
-rm letsencrypt.tar
diff --git a/all_new_2018/mirror_dir.sh b/all_new_2018/mirror_dir.sh
deleted file mode 100755 (executable)
index cb943c9..0000000
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/sh
-set -e
-
-if [ $# -lt 2 ]; then
-    echo "Need server and directory as arguments."
-    false
-fi
-server=$1
-dir=$2
-path_package=/tmp/delete.tar
-
-eval `ssh-agent`
-ssh-add
-cd
-ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ."
-scp plom@"${server}":"${path_package}" "${path_package}"
-mkdir -p "${dir}"
-cd "${dir}"
-tar xf "${path_package}"
-cd
-rm "${path_package}"
-ssh plom@"${server}" rm "${path_package}"
diff --git a/all_new_2018/prepare_to_meet_server.sh b/all_new_2018/prepare_to_meet_server.sh
deleted file mode 100755 (executable)
index 13d05ca..0000000
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/sh
-# Do some of the steps necessary to SSH (key-based) with another server.
-set -e
-
-target="$1"
-
-# We need a public key to copy over, so generate it if not found.
-if [ ! -f ~/.ssh/id_rsa.pub ]; then
-    ssh-keygen
-fi
-
-# Add target to ~/.ssh/known_hosts so we don't get
-# asked for permission at inopportune moments.
-ssh-keyscan -H "$target" >> ~/.ssh/known_hosts
-
-# Tell user what to do.
-echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:"
-cat ~/.ssh/id_rsa.pub
diff --git a/all_new_2018/purge_nonrequireds.sh b/all_new_2018/purge_nonrequireds.sh
deleted file mode 100755 (executable)
index 5b63ddf..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/sh
-# This script removes all Debian packages that are not of Priority
-# "required" or not depended on by packages of priority "required"
-# or not listed in the argument-selected files of apt-mark/.
-set -e
-
-config_tree_prefix="${HOME}/config/all_new_2018/apt-mark/"
-
-dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted
-for target in "$@"; do
-    path="${config_tree_prefix}${target}"
-    cat "${path}" | while read line; do
-        if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
-            echo "${line}" >> /tmp/list_white_unsorted
-        fi
-    done
-done
-sort /tmp/list_white_unsorted > /tmp/list_white
-dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages
-sort /tmp/list_all_packages > /tmp/foo
-mv /tmp/foo /tmp/list_all_packages
-comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black
-apt-mark auto `cat /tmp/list_black`
-DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove
-rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black
diff --git a/all_new_2018/set_hostname_and_fqdn.sh b/all_new_2018/set_hostname_and_fqdn.sh
deleted file mode 100755 (executable)
index 3f95590..0000000
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/sh
-# Sets hostname and optionally FQDN.
-#
-# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts
-# writing follows recommendations from Debian manual at
-# <https://www.debian.org/doc/manuals/debian-reference/ch05.en.html>
-# (section "The hostname resolution") on how to map hostname and possibly
-# FQDN to a permanent IP if present (we assume here any non-private IP
-# and non-loopback IP returned by hostname -I to fulfill that criterion
-# on our systems) or to 127.0.1.1 if not. On the reasoning for separating
-# localhost and hostname mapping to different IPs, see
-# <https://unix.stackexchange.com/a/13087>.
-set -e
-
-hostname="$1"
-fqdn="$2"
-if [ "${hostname}" = "" ]; then
-    echo "Need hostname as argument."
-    false
-fi
-echo "${hostname}" > /etc/hostname
-hostname "${hostname}"
-
-final_ip="127.0.1.1"
-for ip in $(hostname -I); do
-    range_1=$(echo "${ip}" | cut -d "." -f 1)
-    range_2=$(echo "${ip}" | cut -d "." -f 2)
-    if [ "${range_1}" -eq 127 ]; then
-        continue
-    elif [ "${range_1}" -eq 10 ]; then
-        continue
-    elif [ "${range_1}" -eq 172 ]; then
-        if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then
-            continue
-        fi
-    elif [ "${range_1}" -eq 192 ]; then
-        if [ "${range_2}" -eq 168 ]; then
-            continue
-        fi
-    fi
-    final_ip="${ip}"
-done
-
-echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
-echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts
diff --git a/all_new_2018/setup_mail.sh b/all_new_2018/setup_mail.sh
deleted file mode 100755 (executable)
index 60eda31..0000000
+++ /dev/null
@@ -1,69 +0,0 @@
-#/bin/sh
-set -e
-
-if [ $# -lt 2 ]; then
-    echo "Give arguments of mail domain and DKIM selector."
-    echo "Also, if hosting mail for entire domain, give third argument 'domainwide'."
-    false
-fi
-mail_domain="$1"
-dkim_selector="$2"
-domainwide="$3"
-
-# Set up DKIM key if necessary.
-mkdir -p /etc/dkimkeys/
-add_dkim_record=0
-if [ ! -f "/etc/dkimkeys/${dkim_selector}.private" ]; then
-    add_dkim_record=1
-    set +e
-    dpkg -s opendkim-tools &> /dev/null
-    preinstalled="$?"
-    set -e
-    if [ ! "${preinstalled}" -eq "0" ]; then
-        apt install -y opendkim-tools
-    fi
-    opendkim-genkey -s "${dkim_selector}"
-    mv "${dkim_selector}.private" /etc/dkimkeys/
-    if [ ! "${preinstalled}" -eq "0" ]; then
-        apt -y --purge autoremove opendkim-tools
-    fi
-fi
-
-# Link and adapt mail-server-specific /etc/ files.
-./hardlink_etc.sh mail
-sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/mailutils.conf
-sed -i "s/REPLACE_Domain_ECALPER/${mail_domain}/g" /etc/opendkim.conf
-sed -i "s/REPLACE_Selector_ECALPER/${dkim_selector}/g" /etc/opendkim.conf
-sed -i "s/REPLACE_myhostname_ECALPER/$(hostname -f)/g" /etc/postfix/main.cf
-if [ "${domainwide}" = "domainwide" ]; then
-    sed -i 's/REPLACE_mydomain_if_domainwide_ECALPER/$mydomain/g' /etc/postfix/main.cf
-else
-    sed -i 's/REPLACE_mydomain_if_domainwide_ECALPER//g' /etc/postfix/main.cf
-fi
-# Since we re-set the iptables rules, we need to reload them.
-iptables-restore /etc/iptables/rules.v4
-
-# Some useful debconf selections.
-echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
-echo "ssl_cert = </etc/letsencrypt/live/$(hostname -f)/fullchain.pem" > /etc/dovecot/conf.d/99-ssl-certs.conf
-echo "ssl_key = </etc/letsencrypt/live/$(hostname -f)/privkey.pem" >> /etc/dovecot/conf.d/99-ssl-certs.conf
-
-# The second line should not be necessary due to the first line, but for
-# some reason the installation forgets to set up /etc/mailname early
-# enough to not (when running newaliases) stumble over its absence.
-echo "postfix postfix/mailname string ${mail_domain}" | debconf-set-selections
-echo "${mail_domain}" > /etc/mailname
-
-# Everything should now be ready for installations. Note that we don't
-# strictly need dovecot-lmtpd, as postfix will deliver mail to /var/mail/USER
-# in any case, to be found by dovecot; we use it as a transport mechanism to
-# allow for sophisticated stuff like dovecot-side sieve filtering (installed
-# with dovecot-sieve).
-apt install -y -o Dpkg::Options::=--force-confold postfix dovecot-imapd dovecot-lmtpd dovecot-sieve opendkim
-echo "TODO: Ensure MX entry for your system in your DNS configuration."
-echo "TODO: Ensure a proper SPF entry for this system in your DNS configuration; something like 'v=spf1 mx -all' mapped to your host."
-if [ "${add_dkim_record}" -eq "1" ]; then
-    echo "TODO: Add the following DKIM entry to your DNS configuration (possibly with slightly changed host entry – if your mail domain includes a subdomain, append that with a dot):"
-    cat "${dkim_selector}.txt"
-fi
-echo "TODO: passwd plom"
diff --git a/all_new_2018/setup_play.sh b/all_new_2018/setup_play.sh
deleted file mode 100755 (executable)
index 233219d..0000000
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/sh
-set -e
-
-# Ensure we have a GPG target to encrypt to.
-if [ $# -lt 1 ]; then
-    echo "Need public key ID as argument."
-    false
-fi
-gpg_key="$1"
-
-./hardlink_etc.sh play
-config_tree_prefix="${HOME}/config/all_new_2018/"
-apt -y install weechat screen vim
-cp "${config_tree_prefix}user_files/encrypter.sh" /home/plom/
-chown plom:plom /home/plom/encrypter.sh
-cp "${config_tree_prefix}user_files/weechat-wrapper.sh" /home/plom/
-chown plom:plom /home/plom/weechat-wrapper.sh
-cp "${config_tree_prefix}user_files/weechatrc" /home/plom/.weechatrc
-chown plom:plom /home/plom/.weechatrc
-apt -y install screen gnupg dirmngr
-keyservers='sks-keyservers.net/ keys.gnupg.net'
-set +e
-while true; do
-    do_break=0
-    for keyserver in $(echo "${keyservers}"); do
-        su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}"
-        if [ $? -eq "0" ]; then
-            do_break=1
-            break
-        fi
-        echo "Attempt with keyserver ${keyserver} unsuccessful, trying other."
-    done
-    if [ "${do_break}" -eq "1" ]; then
-        break
-    fi
-done
-set -e
-echo "$gpg_key" > /home/plom/.encrypt_target
-chown plom:plom /home/plom/.encrypt_target
-# TODO: We may remove dirmngr here if only this script installed it.
-systemctl daemon-reload
-systemctl start encrypt_chatlogs.timer
diff --git a/all_new_2018/setup_plomlombot.sh b/all_new_2018/setup_plomlombot.sh
deleted file mode 100755 (executable)
index 3c9efa3..0000000
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/sh
-set -e
-
-# Ensure we have a GPG target to encrypt to.
-if [ $# -lt 1 ]; then
-    echo "Need public key ID as argument."
-    false
-fi
-gpg_key="$1"
-
-config_tree_prefix="${HOME}/config/all_new_2018/"
-irclogs_dir=/var/www/html/irclogs
-irclogs_pw_dir=/var/www/irclogs_pw
-cp "${config_tree_prefix}"/user_files/plomlombot_daemon.sh /home/plom/
-chown plom:plom /home/plom/plomlombot_daemon.sh
-apt -y install screen python3-venv gnupg dirmngr
-keyservers='sks-keyservers.net/ keys.gnupg.net'
-set +e
-while true; do
-    do_break=0
-    for keyserver in $(echo "${keyservers}"); do
-        su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}"
-        if [ $? -eq "0" ]; then
-            do_break=1
-            break
-        fi
-        echo "Attempt with keyserver ${keyserver} unsuccessful, trying other."
-    done
-    if [ "${do_break}" -eq "1" ]; then
-        break
-    fi
-done
-set -e
-# TODO: We may remove dirmngr here if only this script installed it.
-su plom -c "cd && git clone /var/public_repos/plomlombot-irc"
-systemctl enable /etc/systemd/system/plomlombot.service
-service plomlombot start
-mkdir -p "${irclogs_dir}"
-chown -R plom:plom "${irclogs_dir}"
-mkdir -p "${irclogs_pw_dir}"
-chown -R plom:plom "${irclogs_pw_dir}"
-echo "Don't forget to add a file ~/.plomlombot with content such as:"
-echo "gpg_key ${gpg_key}"
-echo "bot: SCREEN_SESSION_NAME BOT_NAME #CHANNEL_NAME IRC_SERVER_NAME LOGS_USER LOGS_PW"
-echo "# file should end in newline or non-interpreted line such as this"
diff --git a/all_new_2018/setup_scripts/hardlink_etc.sh b/all_new_2018/setup_scripts/hardlink_etc.sh
new file mode 100755 (executable)
index 0000000..d6f2987
--- /dev/null
@@ -0,0 +1,24 @@
+#!/bin/sh
+# Hard link files to those in argument-selected subdirectories of
+# linkable_etc_files//, e.g. link /etc/foo/bar to
+# linkable_etc_files/$1/etc/foo/bar and so on. Create directories as
+# necessary. We do the hard linking so files that should be readable to
+# non-root in /etc/ remain so despite having a path below /root/, as
+# symbolic links point into /root/ without making the targets readable
+# to non-root.
+# CAUTION: This removes original files at the affected paths.
+set -e
+
+config_tree_prefix="${HOME}/config/all_new_2018/linkable_etc_files"
+linkable_files_dir="${config_tree_prefix}/linkable_etc_files"
+
+for target in "$@"; do
+    cd "${linkable_files_dir}/${target}"
+    for path in $(find . -type f); do
+        linking=$(echo "${path}" | cut -c2-)
+        linked=$(realpath "${path}")
+        dir=$(dirname "${linking}")
+        mkdir -p "${dir}"
+        ln -f "${linked}" "${linking}"
+    done
+done
diff --git a/all_new_2018/setup_scripts/init_user_and_keybased_login.sh b/all_new_2018/setup_scripts/init_user_and_keybased_login.sh
new file mode 100755 (executable)
index 0000000..6a46c20
--- /dev/null
@@ -0,0 +1,52 @@
+#!/bin/sh
+# This script turns a fresh server with password-based root access to
+# one of only key-based access and only to new non-root account plom.
+#
+# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
+# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
+# contains the local ~/.ssh/id_rsa.pub, and also any old
+# /etc/ssh/sshd_config.
+#
+# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly
+# configured sshd_config file in reach.
+set -e
+
+# Location auf a sshd_config with "PermitRootLogin no" and
+# "PasswordAuthentication no".
+config_tree_prefix="${HOME}/config/all_new_2018"
+linkable_files_dir="${config_tree_prefix}/linkable_etc_files/server"
+system_path_sshd_config='/etc/ssh/sshd_config'
+local_path_sshd_config="${linkable_files_dir}/${system_path_sshd_config}"
+
+# Ensure we have a server name as argument.
+if [ $# -eq 0 ]; then
+    echo "Need server as argument."
+    false
+fi
+server="$1"
+
+# Ask for root password only once, sshpass will re-use it then often.
+stty -echo
+printf "Server root password: "
+read PW_ROOT
+stty echo
+printf "\n"
+export SSHPASS="${PW_ROOT}"
+
+# Create user plom, and his ~/.ssh/authorized_keys based on the local
+# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and
+# ownerships. Then disable root and pw login by copying over the
+# sshd_config and restart ssh daemon.
+#
+# This could be a line or two shorter by using ssh-copy-id, but that
+# would require setting a password for user plom otherwise not needed.
+sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys
+sshpass -e ssh root@"${server}" \
+        'useradd -m plom && '\
+        'mkdir /home/plom/.ssh && '\
+        'chown plom:plom /home/plom/.ssh && '\
+        'chown plom:plom /tmp/authorized_keys && '\
+        'chmod u=rw,go= /tmp/authorized_keys && '\
+        'mv /tmp/authorized_keys /home/plom/.ssh/'
+sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
+sshpass -e ssh root@"${server}" 'service ssh restart'
diff --git a/all_new_2018/setup_scripts/install_for_target.sh b/all_new_2018/setup_scripts/install_for_target.sh
new file mode 100755 (executable)
index 0000000..53914d6
--- /dev/null
@@ -0,0 +1,19 @@
+#!/bin/sh
+# Walks through the package names in the argument-selected files of
+# apt-mark/ and ensures the respective packages are installed.
+#
+# Ignores anything in an apt-mark/ file after the last newline.
+set -e
+
+config_tree_prefix="${HOME}/config/all_new_2018"
+aptmark_dir="${config_tree_prefix}/apt-mark"
+
+for target in "$@"; do
+    path="${aptmark_dir}/${target}"
+    cat "${path}" | while read line; do
+        echo "$line"
+        if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
+            apt-get -y install "${line}"
+        fi
+    done
+done
diff --git a/all_new_2018/setup_scripts/letsencrypt.sh b/all_new_2018/setup_scripts/letsencrypt.sh
new file mode 100755 (executable)
index 0000000..29ed3b6
--- /dev/null
@@ -0,0 +1,31 @@
+#!/bin/sh
+# Certify current server with LetsEncrypt.
+# Uses hostname -f for the domain we want to certify.
+set -e
+
+# Ensure we have a mail address as argument.
+if [ $# -lt 1 ]; then
+    echo "Need mail address as argument."
+    false
+fi
+mail_address="$1"
+
+# We need certbot to get LetsEncrypt certificates.
+apt install -y certbot
+
+# If port 80 blocked by iptables, open it.
+set +e
+iptables -C INPUT -p tcp --dport 80 -j ACCEPT
+open_iptables="$?"
+set -e
+if [ "${open_iptables}" -eq "1" ]; then
+    iptables -A INPUT -p tcp --dport 80 -j ACCEPT
+fi
+
+# Create new certificate and copy it to /etc/letsencrypt.
+certbot certonly --standalone --agree-tos -m "${mail_address}" -d "$(hostname -f)"
+
+# Remove iptables rule to open port 80 if we added it.
+if [ "${open_iptables}" -eq "1" ]; then
+    iptables -D INPUT -p tcp --dport 80 -j ACCEPT
+fi
diff --git a/all_new_2018/setup_scripts/letsencrypt_get.sh b/all_new_2018/setup_scripts/letsencrypt_get.sh
new file mode 100755 (executable)
index 0000000..c2b3e9f
--- /dev/null
@@ -0,0 +1,20 @@
+#!/bin/sh
+# Copy over LetsEncrypt certificates from another server.
+set -e
+
+# Ensure we have a server name as argument.
+if [ $# -lt 1 ]; then
+    echo "Need server as argument."
+    false
+fi
+server="$1"
+
+# Copy over.
+ssh -t plom@${server} 'su -c "cd /etc/ && tar cf letsencrypt.tar letsencrypt && chown plom:plom letsencrypt.tar && mv letsencrypt.tar /home/plom/"'
+scp plom@${server}:~/letsencrypt.tar .
+apt -y install certbot
+rmdir /etc/letsencrypt
+mv letsencrypt.tar /etc/
+cd /etc/
+tar xf letsencrypt.tar
+rm letsencrypt.tar
diff --git a/all_new_2018/setup_scripts/mirror_dir.sh b/all_new_2018/setup_scripts/mirror_dir.sh
new file mode 100755 (executable)
index 0000000..0fc03aa
--- /dev/null
@@ -0,0 +1,23 @@
+#!/bin/sh
+# Mirror directory tree from remote to local server, keeping the path.
+set -e
+
+if [ $# -lt 2 ]; then
+    echo "Need server and directory as arguments."
+    false
+fi
+server=$1
+dir=$2
+path_package=/tmp/delete.tar
+
+eval `ssh-agent`
+ssh-add
+cd
+ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ."
+scp plom@"${server}":"${path_package}" "${path_package}"
+mkdir -p "${dir}"
+cd "${dir}"
+tar xf "${path_package}"
+cd
+rm "${path_package}"
+ssh plom@"${server}" rm "${path_package}"
diff --git a/all_new_2018/setup_scripts/prepare_to_meet_server.sh b/all_new_2018/setup_scripts/prepare_to_meet_server.sh
new file mode 100755 (executable)
index 0000000..13d05ca
--- /dev/null
@@ -0,0 +1,18 @@
+#!/bin/sh
+# Do some of the steps necessary to SSH (key-based) with another server.
+set -e
+
+target="$1"
+
+# We need a public key to copy over, so generate it if not found.
+if [ ! -f ~/.ssh/id_rsa.pub ]; then
+    ssh-keygen
+fi
+
+# Add target to ~/.ssh/known_hosts so we don't get
+# asked for permission at inopportune moments.
+ssh-keyscan -H "$target" >> ~/.ssh/known_hosts
+
+# Tell user what to do.
+echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:"
+cat ~/.ssh/id_rsa.pub
diff --git a/all_new_2018/setup_scripts/purge_nonrequireds.sh b/all_new_2018/setup_scripts/purge_nonrequireds.sh
new file mode 100755 (executable)
index 0000000..e444a55
--- /dev/null
@@ -0,0 +1,26 @@
+#!/bin/sh
+# This script removes all Debian packages that are not of Priority
+# "required" or not depended on by packages of priority "required"
+# or not listed in the argument-selected files of apt-mark/.
+set -e
+
+config_tree_prefix="${HOME}/config/all_new_2018"
+aptmark_dir="${config_tree_prefix}/apt-mark"
+
+dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted
+for target in "$@"; do
+    path="${aptmark_dir}/${target}"
+    cat "${path}" | while read line; do
+        if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
+            echo "${line}" >> /tmp/list_white_unsorted
+        fi
+    done
+done
+sort /tmp/list_white_unsorted > /tmp/list_white
+dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages
+sort /tmp/list_all_packages > /tmp/foo
+mv /tmp/foo /tmp/list_all_packages
+comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black
+apt-mark auto `cat /tmp/list_black`
+DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove
+rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black
diff --git a/all_new_2018/setup_scripts/set_hostname_and_fqdn.sh b/all_new_2018/setup_scripts/set_hostname_and_fqdn.sh
new file mode 100755 (executable)
index 0000000..3f95590
--- /dev/null
@@ -0,0 +1,45 @@
+#!/bin/sh
+# Sets hostname and optionally FQDN.
+#
+# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts
+# writing follows recommendations from Debian manual at
+# <https://www.debian.org/doc/manuals/debian-reference/ch05.en.html>
+# (section "The hostname resolution") on how to map hostname and possibly
+# FQDN to a permanent IP if present (we assume here any non-private IP
+# and non-loopback IP returned by hostname -I to fulfill that criterion
+# on our systems) or to 127.0.1.1 if not. On the reasoning for separating
+# localhost and hostname mapping to different IPs, see
+# <https://unix.stackexchange.com/a/13087>.
+set -e
+
+hostname="$1"
+fqdn="$2"
+if [ "${hostname}" = "" ]; then
+    echo "Need hostname as argument."
+    false
+fi
+echo "${hostname}" > /etc/hostname
+hostname "${hostname}"
+
+final_ip="127.0.1.1"
+for ip in $(hostname -I); do
+    range_1=$(echo "${ip}" | cut -d "." -f 1)
+    range_2=$(echo "${ip}" | cut -d "." -f 2)
+    if [ "${range_1}" -eq 127 ]; then
+        continue
+    elif [ "${range_1}" -eq 10 ]; then
+        continue
+    elif [ "${range_1}" -eq 172 ]; then
+        if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then
+            continue
+        fi
+    elif [ "${range_1}" -eq 192 ]; then
+        if [ "${range_2}" -eq 168 ]; then
+            continue
+        fi
+    fi
+    final_ip="${ip}"
+done
+
+echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
+echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts
diff --git a/all_new_2018/setup_scripts/setup_mail.sh b/all_new_2018/setup_scripts/setup_mail.sh
new file mode 100755 (executable)
index 0000000..c8d4254
--- /dev/null
@@ -0,0 +1,73 @@
+#/bin/sh
+set -e
+
+if [ $# -lt 2 ]; then
+    echo "Give arguments of mail domain and DKIM selector."
+    echo "Also, if hosting mail for entire domain, give third argument 'domainwide'."
+    false
+fi
+mail_domain="$1"
+dkim_selector="$2"
+domainwide="$3"
+
+config_tree_prefix="${HOME}/config/all_new_2018"
+setup_scripts_dir="${config_tree_prefix}/setup_scripts"
+cd "${setup_scripts_dir}"
+
+# Set up DKIM key if necessary.
+mkdir -p /etc/dkimkeys/
+add_dkim_record=0
+if [ ! -f "/etc/dkimkeys/${dkim_selector}.private" ]; then
+    add_dkim_record=1
+    set +e
+    dpkg -s opendkim-tools &> /dev/null
+    preinstalled="$?"
+    set -e
+    if [ ! "${preinstalled}" -eq "0" ]; then
+        apt install -y opendkim-tools
+    fi
+    opendkim-genkey -s "${dkim_selector}"
+    mv "${dkim_selector}.private" /etc/dkimkeys/
+    if [ ! "${preinstalled}" -eq "0" ]; then
+        apt -y --purge autoremove opendkim-tools
+    fi
+fi
+
+# Link and adapt mail-server-specific /etc/ files.
+./hardlink_etc.sh mail
+sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/mailutils.conf
+sed -i "s/REPLACE_Domain_ECALPER/${mail_domain}/g" /etc/opendkim.conf
+sed -i "s/REPLACE_Selector_ECALPER/${dkim_selector}/g" /etc/opendkim.conf
+sed -i "s/REPLACE_myhostname_ECALPER/$(hostname -f)/g" /etc/postfix/main.cf
+if [ "${domainwide}" = "domainwide" ]; then
+    sed -i 's/REPLACE_mydomain_if_domainwide_ECALPER/$mydomain/g' /etc/postfix/main.cf
+else
+    sed -i 's/REPLACE_mydomain_if_domainwide_ECALPER//g' /etc/postfix/main.cf
+fi
+# Since we re-set the iptables rules, we need to reload them.
+iptables-restore /etc/iptables/rules.v4
+
+# Some useful debconf selections.
+echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
+echo "ssl_cert = </etc/letsencrypt/live/$(hostname -f)/fullchain.pem" > /etc/dovecot/conf.d/99-ssl-certs.conf
+echo "ssl_key = </etc/letsencrypt/live/$(hostname -f)/privkey.pem" >> /etc/dovecot/conf.d/99-ssl-certs.conf
+
+# The second line should not be necessary due to the first line, but for
+# some reason the installation forgets to set up /etc/mailname early
+# enough to not (when running newaliases) stumble over its absence.
+echo "postfix postfix/mailname string ${mail_domain}" | debconf-set-selections
+echo "${mail_domain}" > /etc/mailname
+
+# Everything should now be ready for installations. Note that we don't
+# strictly need dovecot-lmtpd, as postfix will deliver mail to /var/mail/USER
+# in any case, to be found by dovecot; we use it as a transport mechanism to
+# allow for sophisticated stuff like dovecot-side sieve filtering (installed
+# with dovecot-sieve).
+apt install -y -o Dpkg::Options::=--force-confold postfix dovecot-imapd dovecot-lmtpd dovecot-sieve opendkim
+echo "TODO: Ensure MX entry for your system in your DNS configuration."
+echo "TODO: Ensure a proper SPF entry for this system in your DNS configuration; something like 'v=spf1 mx -all' mapped to your host."
+if [ "${add_dkim_record}" -eq "1" ]; then
+    echo "TODO: Add the following DKIM entry to your DNS configuration (possibly with slightly changed host entry – if your mail domain includes a subdomain, append that with a dot):"
+    cat "${dkim_selector}.txt"
+fi
+echo "TODO: passwd plom"
diff --git a/all_new_2018/setup_scripts/setup_play.sh b/all_new_2018/setup_scripts/setup_play.sh
new file mode 100755 (executable)
index 0000000..020c13d
--- /dev/null
@@ -0,0 +1,46 @@
+#!/bin/sh
+set -e
+
+# Ensure we have a GPG target to encrypt to.
+if [ $# -lt 1 ]; then
+    echo "Need public key ID as argument."
+    false
+fi
+gpg_key="$1"
+
+config_tree_prefix="${HOME}/config/all_new_2018"
+setup_scripts_dir="${config_tree_prefix}/setup_scripts"
+cd "${setup_scripts_dir}"
+
+config_tree_prefix="${HOME}/config/all_new_2018/"
+./hardlink_etc.sh play
+apt -y install weechat screen vim
+cp "${config_tree_prefix}user_files/encrypter.sh" /home/plom/
+chown plom:plom /home/plom/encrypter.sh
+cp "${config_tree_prefix}user_files/weechat-wrapper.sh" /home/plom/
+chown plom:plom /home/plom/weechat-wrapper.sh
+cp "${config_tree_prefix}user_files/weechatrc" /home/plom/.weechatrc
+chown plom:plom /home/plom/.weechatrc
+apt -y install screen gnupg dirmngr
+keyservers='sks-keyservers.net/ keys.gnupg.net'
+set +e
+while true; do
+    do_break=0
+    for keyserver in $(echo "${keyservers}"); do
+        su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}"
+        if [ $? -eq "0" ]; then
+            do_break=1
+            break
+        fi
+        echo "Attempt with keyserver ${keyserver} unsuccessful, trying other."
+    done
+    if [ "${do_break}" -eq "1" ]; then
+        break
+    fi
+done
+set -e
+echo "$gpg_key" > /home/plom/.encrypt_target
+chown plom:plom /home/plom/.encrypt_target
+# TODO: We may remove dirmngr here if only this script installed it.
+systemctl daemon-reload
+systemctl start encrypt_chatlogs.timer
diff --git a/all_new_2018/setup_scripts/setup_plomlombot.sh b/all_new_2018/setup_scripts/setup_plomlombot.sh
new file mode 100755 (executable)
index 0000000..5a45b6f
--- /dev/null
@@ -0,0 +1,45 @@
+#!/bin/sh
+set -e
+
+# Ensure we have a GPG target to encrypt to.
+if [ $# -lt 1 ]; then
+    echo "Need public key ID as argument."
+    false
+fi
+gpg_key="$1"
+
+config_tree_prefix="${HOME}/config/all_new_2018"
+irclogs_dir=/var/www/html/irclogs
+irclogs_pw_dir=/var/www/irclogs_pw
+cp "${config_tree_prefix}"/user_files/plomlombot_daemon.sh /home/plom/
+chown plom:plom /home/plom/plomlombot_daemon.sh
+apt -y install screen python3-venv gnupg dirmngr
+keyservers='sks-keyservers.net/ keys.gnupg.net'
+set +e
+while true; do
+    do_break=0
+    for keyserver in $(echo "${keyservers}"); do
+        su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}"
+        if [ $? -eq "0" ]; then
+            do_break=1
+            break
+        fi
+        echo "Attempt with keyserver ${keyserver} unsuccessful, trying other."
+    done
+    if [ "${do_break}" -eq "1" ]; then
+        break
+    fi
+done
+set -e
+# TODO: We may remove dirmngr here if only this script installed it.
+su plom -c "cd && git clone /var/public_repos/plomlombot-irc"
+systemctl enable /etc/systemd/system/plomlombot.service
+service plomlombot start
+mkdir -p "${irclogs_dir}"
+chown -R plom:plom "${irclogs_dir}"
+mkdir -p "${irclogs_pw_dir}"
+chown -R plom:plom "${irclogs_pw_dir}"
+echo "Don't forget to add a file ~/.plomlombot with content such as:"
+echo "gpg_key ${gpg_key}"
+echo "bot: SCREEN_SESSION_NAME BOT_NAME #CHANNEL_NAME IRC_SERVER_NAME LOGS_USER LOGS_PW"
+echo "# file should end in newline or non-interpreted line such as this"
diff --git a/all_new_2018/setup_scripts/setup_sendonly.sh b/all_new_2018/setup_scripts/setup_sendonly.sh
new file mode 100755 (executable)
index 0000000..e761eeb
--- /dev/null
@@ -0,0 +1,14 @@
+#!/bin/sh
+# This sets up the minimum of a mail server necessary to send out mails
+# to the world.
+set -e
+
+config_tree_prefix="${HOME}/config/all_new_2018"
+setup_scripts_dir="${config_tree_prefix}/setup_scripts"
+cd "${setup_scripts_dir}"
+
+./hardlink_etc.sh sendonly
+echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
+echo "postfix postfix/mailname string $(hostname -f)" | debconf-set-selections
+echo "$(hostname -f)" > /etc/mailname
+apt install -y postfix
diff --git a/all_new_2018/setup_scripts/setup_server.sh b/all_new_2018/setup_scripts/setup_server.sh
new file mode 100755 (executable)
index 0000000..b47a495
--- /dev/null
@@ -0,0 +1,46 @@
+#!/bin/sh
+# Next setup steps for a server whose login policy has just been set from
+# the outside via ./init_user_and_keybased_login.sh.
+set -e
+
+# Provide maximum input for set_hostname_and_fqdn.sh.
+if [ "$#" -ne 2 ]; then
+    echo 'Need exactly two arguments (hostname, FQDN).'
+    false
+fi
+hostname="$1"
+fqdn="$2"
+
+config_tree_prefix="${HOME}/config/all_new_2018"
+setup_scripts_dir="${config_tree_prefix}/setup_scripts"
+cd "${setup_scripts_dir}"
+
+# Adapt /etc/ to our needs by hardlinking into ./linkable_etc_files. This
+# will set basic configurations affecting following steps, such as setup
+# of APT and the locale selection, so needs to be right at the beginning.
+./hardlink_etc.sh all server
+
+# Set hostname and FQDN.
+./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}"
+
+# Some debconf selections we don't want to get asked during coming
+# install actions.
+echo 'iptables-persistent iptables-persistent/autosave_v4 boolean false' | debconf-set-selections
+echo 'iptables-persistent iptables-persistent/autosave_v6 boolean false' | debconf-set-selections
+
+# Ensure package installation state as defined by what packages are
+# defined as required by Debian policy and by settings in ./apt-mark/.
+apt update
+./install_for_target.sh all server
+./purge_nonrequireds.sh all server
+
+# Only upgrade after reducing the system to the desired minimum, so that
+# we don't need to get more data than necessary.
+apt -y dist-upgrade
+
+# Set Berlin localtime.
+ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
+
+# If we have not yet set the shell for user plom, ensure it here. This
+# is mostly for convenience.
+usermod -s /bin/bash plom
diff --git a/all_new_2018/setup_scripts/setup_web.sh b/all_new_2018/setup_scripts/setup_web.sh
new file mode 100755 (executable)
index 0000000..7adb62f
--- /dev/null
@@ -0,0 +1,18 @@
+#!/bin/sh
+# Set up plomlompom.com web server.
+set -e
+
+config_tree_prefix="${HOME}/config/all_new_2018"
+setup_scripts_dir="${config_tree_prefix}/setup_scripts"
+cd "${setup_scripts_dir}"
+
+./hardlink_etc.sh web
+sed -i "s/REPLACE_fqdn_ECALPER/$(hostname -f)/g" /etc/nginx/nginx.conf
+sed -i "s/REPLACE_fqdn_ECALPER/$(hostname -f)/g" /etc/gitweb.conf
+cd /var/
+rm -rf www
+git clone plom@core.plomlompom.com:repos/website www
+apt -y -o Dpkg::Options::=--force-confold install nginx gitweb fcgiwrap
+mkdir /var/public_repos
+chown plom:plom /var/public_repos
+iptables-restore /etc/iptables/rules.v4
diff --git a/all_new_2018/setup_sendonly.sh b/all_new_2018/setup_sendonly.sh
deleted file mode 100755 (executable)
index 641c16b..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/sh
-# This sets up the minimum of a mail server necessary to send out mails
-# to the world.
-set -e
-
-./hardlink_etc.sh sendonly
-echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
-echo "postfix postfix/mailname string $(hostname -f)" | debconf-set-selections
-echo "$(hostname -f)" > /etc/mailname
-apt install -y postfix
diff --git a/all_new_2018/setup_server.sh b/all_new_2018/setup_server.sh
deleted file mode 100755 (executable)
index ea3437a..0000000
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/sh
-# Next setup steps for a server whose login policy has just been set from
-# the outside via ./init_user_and_keybased_login.sh.
-set -e
-
-# Provide maximum input for set_hostname_and_fqdn.sh.
-if [ "$#" -ne 2 ]; then
-    echo 'Need exactly two arguments (hostname, FQDN).'
-    false
-fi
-hostname="$1"
-fqdn="$2"
-
-# Adapt /etc/ to our needs by hardlinking into ./linkable_etc_files. This
-# will set basic configurations affecting following steps, such as setup
-# of APT and the locale selection, so needs to be right at the beginning.
-./hardlink_etc.sh all server
-
-# Set hostname and FQDN.
-./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}"
-
-# Some debconf selections we don't want to get asked during coming
-# install actions.
-echo 'iptables-persistent iptables-persistent/autosave_v4 boolean false' | debconf-set-selections
-echo 'iptables-persistent iptables-persistent/autosave_v6 boolean false' | debconf-set-selections
-
-# Ensure package installation state as defined by what packages are
-# defined as required by Debian policy and by settings in ./apt-mark/.
-apt update
-./install_for_target.sh all server
-./purge_nonrequireds.sh all server
-
-# Only upgrade after reducing the system to the desired minimum, so that
-# we don't need to get more data than necessary.
-apt -y dist-upgrade
-
-# Set Berlin localtime.
-ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
-
-# If we have not yet set the shell for user plom, ensure it here. This
-# is mostly for convenience.
-usermod -s /bin/bash plom
diff --git a/all_new_2018/setup_web.sh b/all_new_2018/setup_web.sh
deleted file mode 100755 (executable)
index 661aa74..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh
-set -e
-
-./hardlink_etc.sh web
-sed -i "s/REPLACE_fqdn_ECALPER/$(hostname -f)/g" /etc/nginx/nginx.conf
-sed -i "s/REPLACE_fqdn_ECALPER/$(hostname -f)/g" /etc/gitweb.conf
-cd /var/
-rm -rf www
-git clone plom@core.plomlompom.com:repos/website www
-apt -y -o Dpkg::Options::=--force-confold install nginx gitweb fcgiwrap
-mkdir /var/public_repos
-chown plom:plom /var/public_repos
-iptables-restore /etc/iptables/rules.v4