New multiconfig design

23 files changed, 281 insertions, 258 deletions

diff --git a/README b/README
deleted file mode 100644
index e5946fb..0000000
--- a/README
+++ /dev/null
@@ -1,4 +0,0 @@
-Distributed configuration tool
-==============================
-This is tool for distributed configuration. It provides the way to distribute
-configuration trough git to every host.
diff --git a/README.md b/README.md
index e5946fb..76c1a71 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
 Distributed configuration tool
 ==============================
 This is tool for distributed configuration. It provides the way to distribute
-configuration trough git to every host.
+configuration trough git and ssh to every host.
diff --git a/bridge/dhcpd.conf b/bridge/dhcpd.conf
deleted file mode 100644
index 7aa8ab2..0000000
--- a/bridge/dhcpd.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-authoritative;
-
-default-lease-time 600;
-max-lease-time 7200;
-
-subnet 192.168.30.0 netmask 255.255.255.0 {
-	range 192.168.30.10 192.168.30.250;
-	option routers 192.168.30.1;
-	option subnet-mask 255.255.255.0;
-	option broadcast-address 192.168.30.255;
-}
-
-option domain-name-servers 217.31.204.130, 193.29.206.206;
diff --git a/bridge/init/bridge b/bridge/init/bridge
deleted file mode 100644
index 430f795..0000000
--- a/bridge/init/bridge
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-depend() {
-	use logger
-}
-
-start() {
-	# Add bridge interface
-	if ! ip link list bridge 2>/dev/null >&2; then
-		ip link add name bridge type bridge
-	fi
-	# Set bridge up
-	ip link set bridge up
-	# Set ip address
-	if [ -z "$(ip addr show dev bridge to 192.168.30.1)" ]; then
-		ip addr add 192.168.30.1/24 dev bridge
-	fi
-}
-
-stop() {
-	if ip link list bridge 2>/dev/null >&2; then
-		ip link del dev bridge
-	fi
-}
diff --git a/bridge/init/bridge-dhcp b/bridge/init/bridge-dhcp
deleted file mode 100644
index fd93116..0000000
--- a/bridge/init/bridge-dhcp
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-description="Bridge dhcp daemon"
-command="/usr/sbin/dhcpd"
-pidfile="/run/bridge-dhcp.pid"
-command_args="-4 -pf $pidfile -cf /etc/dhcp/bridge_dhcpd.conf bridge"
-
-depend() {
-	need bridge
-	use logger
-}
diff --git a/bridge/sysctl.conf b/bridge/sysctl.conf
deleted file mode 100644
index 9ad9779..0000000
--- a/bridge/sysctl.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-# vim: ft=sysctl
-# Enable ipv4 forwarding
-net.ipv4.ip_forward=1
diff --git a/common b/common
new file mode 100644
index 0000000..95a95fd
--- /dev/null
+++ b/common
@@ -0,0 +1,61 @@
+# vim: ft=sh
+set -e
+
+export MC_LOCAL_DIR=""
+while [ $# -gt 0 ]; do
+	case "$1" in
+		-h|--help)
+			echo "Usage: $0 [OPTION]..."
+			echo "Multiconfig system script."
+			echo "$MC_DESCRIPTION"
+			echo
+			echo "Options:"
+			echo "  --description"
+			echo "    Print description of this module and exit."
+			echo "  --local [DIR]"
+			echo "    Instead of accessing remote files storage use local directory."
+			echo "    If no directory is provided or is empty then current working directory is used."
+			echo "  -h, --help"
+			echo "    Print this help text and exit."
+			exit 0
+			;;
+		--description)
+			echo "$MC_DESCRIPTION"
+			exit 0
+			;;
+		--local)
+			shift
+			MC_LOCAL_DIR="${1:-$PWD}"
+			;;
+		*)
+			echo "Unknown option: $1" >&2
+			exit 1
+			;;
+	esac
+	shift
+done
+
+if [ "$(id -u)" != "0" ]; then
+	die "Please run this script only as root"
+fi
+
+# Add path to our own libraries
+export PATH="$PATH:$(dirname "$(readlink -f "$0")")/lib"
+
+# Include utils
+. utils
+
+# Verify if distribution is supported
+[ "$(distribution)" != "unknown" ] || die "Running on unsupported distribution!"
+
+# Export some utility paths
+export MC_STATUS_DIR="/var/multiconfig/status"
+export MC_TRASH_DIR="/var/multiconfig/trash"
+case "$(distribution)" in
+	openwrt)
+		MC_STATUS_DIR="/usr/share/multiconfig/status"
+		MC_TRASH_DIR="/usr/share/multiconfig/trash"
+		;;
+esac
+# Make sure that status directoruy
+mkdir -p "$MC_STATUS_DIR"
diff --git a/mpd-music/mpd.conf b/files/mpd-music/mpd.conf
index 4fd1b2b..4fd1b2b 100644
--- a/mpd-music/mpd.conf
+++ b/files/mpd-music/mpd.conf
diff --git a/mpd-music/music.init b/files/mpd-music/music.init
index 4a5c654..4a5c654 100755
--- a/mpd-music/music.init
+++ b/files/mpd-music/music.init
diff --git a/mpd-music/music_refresh b/files/mpd-music/music_refresh
index 6215de2..6215de2 100755
--- a/mpd-music/music_refresh
+++ b/files/mpd-music/music_refresh
diff --git a/files/wireguard/mwg.init b/files/wireguard/mwg.init
new file mode 100755
index 0000000..4e9d45d
--- /dev/null
+++ b/files/wireguard/mwg.init
@@ -0,0 +1,39 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+	use logger
+}
+
+reload() {
+	if [ -z "$IP" ]; then
+		eerror "Variable IP has to be defined in service config file"
+		exit 1
+	fi
+
+	ip link set down dev mwg
+
+	ip addr flush mwg
+	ip addr add "$IP/24" dev mwg
+
+	wg setconf mwg "/etc/mwg/config"
+
+	ip link set up dev mwg
+}
+
+start() {
+	# Add wireguard interface
+	if ! ip link list mwg 2>/dev/null >&2; then
+		ip link add dev mwg type wireguard
+	fi
+	# Reload/Load
+	reload
+
+	mark_service_started
+}
+
+stop() {
+	# Remove wireguard interface
+	ip link del dev mwg || true
+}
diff --git a/firewall b/firewall
new file mode 100755
index 0000000..a42f01d
--- /dev/null
+++ b/firewall
@@ -0,0 +1,28 @@
+#!/bin/sh
+MC_DESCRIPTION="Firewall configuration."
+. "$(dirname "$(readlink -f "$0")")/common" || exit
+
+# TODO add support for Turris/OpenWRT somehow?
+
+restart4=false
+inst ipv4 /etc/iptables/ipv4
+restart4=$change
+inst ipv4-config /etc/conf.d/iptables
+$restart4 || restart4=$change
+
+restart6=false
+inst ipv6 /etc/iptables/ipv6
+restart6=$change
+inst ipv6-config /etc/conf.d/ip6tables
+$restart6 || restart6=$change
+
+apply ############################################################################
+
+if $restart4; then
+	echo "Restarting IPv4 firewall"
+	rc-service iptables restart
+fi
+if $restart6; then
+	echo "Restarting IPv6 firewall"
+	rc-service ip6tables restart
+fi
diff --git a/firewall/multiconfig.sh b/firewall/multiconfig.sh
deleted file mode 100755
index 0befbf1..0000000
--- a/firewall/multiconfig.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh
-set -e
-LPATH="$(dirname "$0")"
-if [ -f "$LPATH/utils" ]; then
-	. "$LPATH/utils"
-elif [ -f "$LPATH/../utils" ]; then
-	. "$LPATH/../utils"
-else
-	echo "Can't locate utilities!"
-	exit 1
-fi
-######################################
-
-mkdir -p /etc/iptables
-
-configure() {
-	if ! grep -q "$3_SAVE=\"/etc/iptables/$1\"" "/etc/conf.d/$2"; then
-		echo "Reconfiguring $2 service configuration"
-		sed -i "s#^$3_SAVE=.*\$#$3_SAVE=\"/etc/iptables/$1\"#" "/etc/conf.d/$2"
-	fi
-}
-configure ipv4 iptables IPTABLES
-configure ipv6 ip6tables IP6TABLES
-
-H="$(hostname)"
-
-if inst "firewall/$H.ipv4" /etc/iptables/ipv4; then
-	echo "Reloading IPv4 firewall"
-	service iptables reload
-fi
-
-if inst "firewall/$H.ipv6" /etc/iptables/ipv6; then
-	echo "Reloading IPv6 firewall"
-	service ip6tables reload
-fi
diff --git a/hosts b/hosts
new file mode 100755
index 0000000..1afa5e4
--- /dev/null
+++ b/hosts
@@ -0,0 +1,6 @@
+#!/bin/sh
+MC_DESCRIPTION="/etc/hosts file"
+. "$(dirname "$(readlink -f "$0")")/common" || exit
+
+inst hosts /etc/hosts
+apply
diff --git a/lib/utils b/lib/utils
new file mode 100644
index 0000000..5281d19
--- /dev/null
+++ b/lib/utils
@@ -0,0 +1,119 @@
+# vim: ft=sh
+
+die() {
+	echo "$@" >&2
+	kill $$
+}
+
+# Returns name of this module
+module_id() {
+	$(basename "$0")
+}
+
+# Status file for this module
+MC_STATUS_FILE="$MC_STATUS_DIR/$(module_id)"
+
+# Return hash of given file from status file
+# First argument have to be a path to output file
+installed_hash() {
+	awk -F '\t' -v regex="^$1$" '/$2 ~ regex { print $1 }' "$MC_STATUS_FILE"
+}
+
+# Hash of currently installed file
+# Access remote resource
+# It connects to remote server and requests resource for given plugin.
+# It expects only one argument and that is resource identifier.
+remote_source() {
+	local res="$1"
+	local mod_id="$(module_id)"
+	if [ -n "$MC_LOCAL_DIR" ]; then
+		"$MC_LOCAL_DIR/request.sh" "$mod_id:$res"
+	else
+		ssh -i ~/.ssh/multiconfig multiconfig@cynerd.cz -- "$mod_id:$res"
+	fi
+}
+
+# Defined and create QUEUE file for this instance
+MC_QUEUE_FILE="$(mktemp multiconfig-$(module_id).queue.XXXXXX)"
+touch "$MC_QUEUE_FILE"
+
+# Variable signaling if file was updated or not
+change=false
+
+# Install given file
+# First argument has to be a identifier string for remote script
+# Second argument has to be an output file (absolute path).
+inst() {
+	local src="$1"
+	local out="$2"
+	[ -f "$MC_QUEUE_FILE" ] || die "inst can be called only before apply call!"
+	grep -q "\t$out$" || die "inst can be called on one output only once!"
+	# TODO verify that this output is not already in queue
+	local tmp="$(mktemp multiconfig.XXXXXXXXXX)"
+	remote_source "$src" > "$tmp"
+	local refhash="$(installed_hash "$out")"
+	if [ -n "$refhash" ]; then
+		change=false
+		if [ -f "$out" ]; then
+			local cursha="$(sha256 "$out")"
+			if [ "$cursha" != "$(sha256 "$tmp")" ]; then
+				echo "Updating file ($src): $out"
+				[ "$cursha" = "$refhash" ] || echo "File was edited manually! $out"
+				echo "$tmp	$out" >> "$MC_QUEUE_FILE"
+				change=true
+			fi
+		else
+			echo "Output is not a file! $out"
+			echo "$tmp	$out" >> "$MC_QUEUE_FILE"
+			change=true
+		fi
+	else
+		echo "New file ($src): $out"
+		echo "$tmp	$out" >> "$MC_QUEUE_FILE"
+		change=true
+	fi
+}
+
+# Apply all queued changes and cleanup
+apply() {
+	local new="$MC_STATUS_FILE.new"
+	echo -n > "$new"
+	while IFS=\t read src out; do
+		if [ -e "$out" ]; then
+			local trash="$MC_TRASH_DIR/$out.$(date +%y%m%d%H%M%S)"
+			if [ -f "$out" ]; then
+				if [ "$(installed_hash "$out")" != "$(sha256 "$out")" ]; then
+					echo "File was manually changed: $out -> $trash"
+					cp "$out" "$trash"
+				fi
+			else
+				echo "Path exists but is not a file: $out -> $trash"
+				mv "$out" "$trash"
+			fi
+		fi
+		echo "Updating: $out"
+		mv "$src" "$out"
+		sha256 "$out" >> "$new"
+	done < "$MC_QUEUE_FILE"
+	rm "$MC_QUEUE_FILE"
+	mv "$new" "$MC_STATUS_FILE"
+	change=
+}
+
+# TODO somehow add support for installing directories. Most probably by having
+# remote script returning list of files in directory and then calling inst on
+# them.
+
+# Returns string informing you of distribution type but only if given distribution
+# is supported. If ditribution is not supported then it returns "unknown".
+distribution() {
+	if [ -f /etc/gentoo-release ]; then
+		echo "gentoo"
+	elif [ -f /etc/alpine-release ]; then
+		echo "alpine"
+	elif [ -f /etc/openwrt_version ]; then
+		echo "openwrt"
+	else
+		echo "unknown"
+	fi
+}
diff --git a/multiconfig b/multiconfig
new file mode 100755
index 0000000..68e94e6
--- /dev/null
+++ b/multiconfig
@@ -0,0 +1,12 @@
+#!/bin/sh
+MC_DESCRIPTION="Core configuration of multiconfig it self."
+. "$(dirname "$(readlink -f "$0")")/common" || exit
+
+inst cron /etc/cron.d/multiconfig
+dorestart=$change
+
+apply ############################################################################
+
+if $dorestart; then
+	rc-service cronie restart
+fi
diff --git a/multiconfig.sh b/multiconfig.sh
deleted file mode 100755
index 500d0de..0000000
--- a/multiconfig.sh
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/bin/sh
-set -e
-MODDIR="/usr/lib/multiconfig"
-
-MODS=""
-LOCAL=false
-
-# TODO email notifications
-# TODO version verification
-
-while [ $# -gt 0 ]; do
-	case "$1" in
-		-h|--help)
-			echo "Multiconfig system script"
-			echo "Usage: multiconfig.sh [OPTION]... [MODULE]..."
-			echo
-			echo "Options:"
-			echo "--local - use current working directory as source for files"
-			exit 0
-			;;
-		--local)
-			LOCAL=true
-			;;
-		*)
-			if [ -x "$1" ]; then
-				MODS="$MODS $(pwd)/$1"
-			elif [ -x "$MODDIR/$1" ]; then
-				MODS="$MODS $MODDIR/$1"
-			else
-				echo "Requested unknown mod: $1"
-				exit 1
-			fi
-			;;
-	esac
-	shift
-done
-
-[ "$(id -u)" == 0 ] || {
-	echo "Please run this script only as root."
-	exit 1
-}
-
-if ! $LOCAL; then
-	if [ ! -d "/root/.multiconfig" ]; then
-		echo "No files directory. Please setup it first."
-		exit 1
-	fi
-	cd "/root/.multiconfig"
-	# Ensure that we have correct access rights on private key
-	chmod 600 ssh_key
-	# Update git repository
-	git fetch
-	git reset --hard origin/master
-	git clean -xdf
-	# Verify trunk
-	# TODO gpg home?
-	#git verify-commit HEAD
-fi
-
-# No modules given means to process all modules
-if [ -z "$MODS" ]; then
-	for M in $(find "$MODDIR" -executable); do
-		MODS="$MODS $MODDIR/$M"
-	done
-fi
-
-[ -n "$MODS" ] || exit 0
-
-mkdir -p /var/log/multiconfig
-for M in $MODS; do
-	LOG="/var/log/multiconfig/$(basename "$M")"
-	"$M" | logger -s -t "multiconfig-$M" | tee "$LOG" || echo "TODO send email!"
-done
diff --git a/openvpn b/openvpn
new file mode 100755
index 0000000..8894c96
--- /dev/null
+++ b/openvpn
@@ -0,0 +1,15 @@
+#!/bin/sh
+MC_DESCRIPTION="OpenVPN configuration."
+. "$(dirname "$(readlink -f "$0")")/common" || exit
+
+inst conf /etc/openvpn/myvpn.conf
+vpn_restart=$change
+
+if [ "$(remote_source is_server)" = "y" ]; then
+	# TODO pull ccd directory
+	true
+fi
+
+apply ############################################################################
+
+
diff --git a/openvpn/multiconfig.sh b/openvpn/multiconfig.sh
deleted file mode 100644
index e69de29..0000000
--- a/openvpn/multiconfig.sh
+++ /dev/null
diff --git a/utils b/utils
deleted file mode 100644
index 0b94707..0000000
--- a/utils
+++ /dev/null
@@ -1,29 +0,0 @@
-# vim: ft=sh
-
-die() {
-	kill $$
-}
-
-inst_f() {
-	if [ -f "$2" ]; then
-	else
-		mkdir "$(basedir "$2")"
-		echo "New file: $1 -> $2"
-	fi
-}
-
-inst_d() {
-	# TODO
-	true
-}
-
-inst() {
-	if [ -f "$1" ]; then
-		inst_f "$1" "$2"
-	elif [ -d "$1" ]; then
-		inst_d "$1" "$2"
-	else
-		echo "Unsupported install target type of: $1"
-		die
-	fi
-}
diff --git a/virt/virt-monitor b/virt/virt-monitor
deleted file mode 100755
index cd6e173..0000000
--- a/virt/virt-monitor
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-socat - UNIX-CONNECT:/run/virt/$1/serial.sock
diff --git a/virt/virt-serial b/virt/virt-serial
deleted file mode 100755
index 487b97b..0000000
--- a/virt/virt-serial
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-
-# TODO check with root permission that virtual doesn't running
-
-. /etc/conf.d/virt.$1
-
-sudo qemu-system-x86_64 -runas qemu $ARGS -nographic
-#sudo qemu-system-x86_64 -runas qemu $ARGS -curses
diff --git a/virt/virt.init b/virt/virt.init
deleted file mode 100755
index 6ccbd9e..0000000
--- a/virt/virt.init
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/sbin/openrc-run
-# vim: ft=sh
-VM_NAME="${RC_SVCNAME#virt.}"
-
-depend() {
-	need networking
-	after iptables ip6tables
-	use logger
-}
-
-pid_file="/run/virt/$VM_NAME/pid"
-
-status() {
-	if [ -f "$pid_file" ]; then
-		if kill -0 "$(cat "$pid_file")" >/dev/null 2>&1; then
-			einfo "Virtual $VM_NAME is running"
-		else
-			eerror "Virtual $VM_NAME isn't running but some garbage was left"
-		fi
-	else
-		ewarn "Virtual $VM_NAME isn't running"
-	fi
-}
-
-start() {
-	if [ "$RC_SVCNAME" = 'virt' ]; then
-		eerror 'You are not supposed to run this runscript directly. Instead, you should create a symlink for the VM you want to run.'
-		return 1
-	fi
-
-	mkdir -p /run/virt/$VM_NAME
-	chown :qemu /run/virt/$VM_NAME
-	chmod 775 /run/virt/$VM_NAME
-
-	qemu-system-x86_64 $ARGS -daemonize -runas qemu \
-		-pidfile "$pid_file" -D /var/log/virt.$VM_NAME.log \
-		-monitor unix:/run/virt/$VM_NAME/monitor.sock,server,nowait \
-		-serial unix:/run/virt/$VM_NAME/serial.sock,server,nowait
-}
-
-stop() {
-	if [ -f "$pid_file" ] && kill -0 $(cat "$pid_file") >/dev/null 2>&1; then
-		PID=$(cat "$pid_file")
-		kill $PID
-		# TODO if there are problems we should implement also timeout
-		while kill -0 $PID >/dev/null 2>&1; do sleep 1; done
-	else
-		ewarn "Virtual $VM_NAME is not running"
-	fi
-}
-