From 8b70cae2a1c2638df5942f570fcd3b4cc60e5efc Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Thu, 7 Oct 2021 23:19:35 +0200 Subject: [PATCH] Add Bullseye play server setup basics. --- bullseye/apt-mark/play | 4 ++ .../systemd/system/encrypt_chatlogs.service | 6 ++ .../etc/systemd/system/encrypt_chatlogs.timer | 8 +++ bullseye/other_files/weechat-wrapper.sh | 7 +++ bullseye/other_files/weechatlogs_encrypter.sh | 16 ++++++ bullseye/other_files/weechatrc | 8 +++ bullseye/setup_scripts/mirror_dir.sh | 23 ++++++++ .../setup_scripts/prepare_to_meet_server.sh | 22 ++++++++ bullseye/setup_scripts/setup_play.sh | 55 +++++++++++++++++++ 9 files changed, 149 insertions(+) create mode 100644 bullseye/apt-mark/play create mode 100644 bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.service create mode 100644 bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer create mode 100755 bullseye/other_files/weechat-wrapper.sh create mode 100755 bullseye/other_files/weechatlogs_encrypter.sh create mode 100644 bullseye/other_files/weechatrc create mode 100755 bullseye/setup_scripts/mirror_dir.sh create mode 100755 bullseye/setup_scripts/prepare_to_meet_server.sh create mode 100755 bullseye/setup_scripts/setup_play.sh diff --git a/bullseye/apt-mark/play b/bullseye/apt-mark/play new file mode 100644 index 0000000..154f7e7 --- /dev/null +++ b/bullseye/apt-mark/play @@ -0,0 +1,4 @@ +weechat +screen +gnupg +dirmngr diff --git a/bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.service b/bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.service new file mode 100644 index 0000000..bc81613 --- /dev/null +++ b/bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.service @@ -0,0 +1,6 @@ +[Unit] +Description=Attempt encryption of old chat logs +[Service] +Type=oneshot +User=plom +ExecStart=/bin/sh -c '~/weechatlogs_encrypter.sh' diff --git a/bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer b/bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer new file mode 100644 index 0000000..79a6e1e --- /dev/null +++ b/bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Attempt encryption of old chatlogs once every minute. + +[Timer] +OnCalendar=*-*-* *:*:00 + +[Install] +WantedBy=timers.target \ No newline at end of file diff --git a/bullseye/other_files/weechat-wrapper.sh b/bullseye/other_files/weechat-wrapper.sh new file mode 100755 index 0000000..b433574 --- /dev/null +++ b/bullseye/other_files/weechat-wrapper.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +# Enforce ~/.weechatrc as sole persistent weechat config file. +rm -rf ~/.weechat/ +WEECHATCONF=`tr '\n' ';' < ~/.weechatrc` +weechat -r "$WEECHATCONF" +rm -rf ~/.weechat/ diff --git a/bullseye/other_files/weechatlogs_encrypter.sh b/bullseye/other_files/weechatlogs_encrypter.sh new file mode 100755 index 0000000..9e177d3 --- /dev/null +++ b/bullseye/other_files/weechatlogs_encrypter.sh @@ -0,0 +1,16 @@ +#!/bin/sh +# Encrypt dated weechatlog files older than one day to GPG target defined in +# ~/.encrypt_target +set -e + +gpg_key=$(cat ~/.encrypt_target) +cd ~/weechatlogs/irc/ + +# Dirty hack: To avoid trouble with GPG key expiration, fake +# system to something reasonbly old (younger than key creation, +# older than expiration) by taking the mod datetime of +# /etc/hostname, which should have last be changed when the +# system was set up. +hostname_mod_epoch=$(stat -c%Y /etc/hostname) +find . -regextype posix-egrep -regex '^.*/.*/.*\.[0-9]{4}-[0-9]{2}-[0-9]{2}\.weechatlog$' -type f -mtime +1 -exec gpg --recipient "${gpg_key}" --trust-model always --faked-system-time="${hostname_mod_epoch}" --encrypt {} \; -exec rm {} \; + diff --git a/bullseye/other_files/weechatrc b/bullseye/other_files/weechatrc new file mode 100644 index 0000000..44cc506 --- /dev/null +++ b/bullseye/other_files/weechatrc @@ -0,0 +1,8 @@ +/set logger.file.path ~/weechatlogs +/set logger.file.flush_delay 0 +/set logger.mask.irc "irc/$server/$channel.%Y-%m-%d.weechatlog" +/set weechat.bar.status.items "[time],[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+buffer_zoom+buffer_filter,[lag],[hotlist],completion,scroll,[otr]" +/set weechat.color.chat_nick_colors "lightcyan" +/server add libera irc.libera.chat -nicks=plomlompom,plomlomp0m,ploml0mp0m,pl0ml0mp0m -realname="Christian Heller" -autojoin=#plomlomtest +/connect libera +/bar hide buflist diff --git a/bullseye/setup_scripts/mirror_dir.sh b/bullseye/setup_scripts/mirror_dir.sh new file mode 100755 index 0000000..0fc03aa --- /dev/null +++ b/bullseye/setup_scripts/mirror_dir.sh @@ -0,0 +1,23 @@ +#!/bin/sh +# Mirror directory tree from remote to local server, keeping the path. +set -e + +if [ $# -lt 2 ]; then + echo "Need server and directory as arguments." + false +fi +server=$1 +dir=$2 +path_package=/tmp/delete.tar + +eval `ssh-agent` +ssh-add +cd +ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ." +scp plom@"${server}":"${path_package}" "${path_package}" +mkdir -p "${dir}" +cd "${dir}" +tar xf "${path_package}" +cd +rm "${path_package}" +ssh plom@"${server}" rm "${path_package}" diff --git a/bullseye/setup_scripts/prepare_to_meet_server.sh b/bullseye/setup_scripts/prepare_to_meet_server.sh new file mode 100755 index 0000000..569bf74 --- /dev/null +++ b/bullseye/setup_scripts/prepare_to_meet_server.sh @@ -0,0 +1,22 @@ +#!/bin/sh +# Do some of the steps necessary to SSH (key-based) with another server. +set -e + +if [ "$#" -ne 1 ]; then + echo 'Need server IP as argument.' + false +fi +target="$1" + +# We need a public key to copy over, so generate it if not found. +if [ ! -f ~/.ssh/id_rsa.pub ]; then + ssh-keygen +fi + +# Add target to ~/.ssh/known_hosts so we don't get +# asked for permission at inopportune moments. +ssh-keyscan -H "$target" >> ~/.ssh/known_hosts + +# Tell user what to do. +echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:" +cat ~/.ssh/id_rsa.pub diff --git a/bullseye/setup_scripts/setup_play.sh b/bullseye/setup_scripts/setup_play.sh new file mode 100755 index 0000000..48f11ba --- /dev/null +++ b/bullseye/setup_scripts/setup_play.sh @@ -0,0 +1,55 @@ +#!/bin/sh +set -e +set -x + +if [ "$#" -lt 1 ]; then + echo "Need public key ID and optionally old server IP." + false +fi +gpg_key="$1" +old_server="$2" + +config_tree_prefix="${HOME}/config/bullseye" +./install_for_target.sh play +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" play +cp "${config_tree_prefix}/other_files/weechatrc" /home/plom/.weechatrc +cp "${config_tree_prefix}/other_files/weechat-wrapper.sh" /home/plom/ +cp "${config_tree_prefix}/other_files/weechatlogs_encrypter.sh" /home/plom/ +chown plom:plom /home/plom/*weechat* +chown plom:plom /home/plom/.weechatrc +echo "${gpg_key}" > /home/plom/.encrypt_target +chown plom:plom /home/plom/.encrypt_target + +# TODO refactor with setup_website.sh +# Add encryption key. +keyservers='sks-keyservers.net/ keys.gnupg.net' +set +e +while true; do + do_break=0 + for keyserver in $(echo "${keyservers}"); do + su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}" + if [ $? -eq "0" ]; then + do_break=1 + break + fi + echo "Attempt with keyserver ${keyserver} unsuccessful, trying other." + done + if [ "${do_break}" -eq "1" ]; then + break + fi +done +set -e + +if [ "${old_server}" != "" ]; then + cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/ + su -lc "./prepare_to_meet_server.sh ${old_server}" plom + read -p'Hit Enter when you are done.' ignore + rm /home/plom/prepare_to_meet_server.sh + su -lc "scp plom@${old_server}:.ssh/authorized_keys .ssh/authorized_keys" plom + su -lc "scp plom@${old_server}:.weechatrc ~" plom + cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ + su -lc "./mirror_dir.sh ${old_server} /home/plom/weechatlogs" plom + rm /home/plom/mirror_dir.sh +fi + +systemctl enable --now encrypt_chatlogs.timer -- 2.30.2