aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2018-09-12 00:19:18 +0200
committerKarel Kočí <cynerd@email.cz>2018-09-12 00:19:18 +0200
commita8bfe6abb693150e9ee01ea6e8d672fc074d1f1c (patch)
treec5e6cc5166c56ad45a396d9af6d4063ad755d9d5
parent4e4d389127254c7404bc71a308129966bd9a8b07 (diff)
downloadmulticonfig-a8bfe6abb693150e9ee01ea6e8d672fc074d1f1c.tar.gz
multiconfig-a8bfe6abb693150e9ee01ea6e8d672fc074d1f1c.tar.bz2
multiconfig-a8bfe6abb693150e9ee01ea6e8d672fc074d1f1c.zip
New multiconfig design
-rw-r--r--README4
-rw-r--r--README.md2
-rw-r--r--bridge/dhcpd.conf13
-rw-r--r--bridge/init/bridge26
-rw-r--r--bridge/init/bridge-dhcp13
-rw-r--r--bridge/sysctl.conf3
-rw-r--r--common61
-rw-r--r--files/mpd-music/mpd.conf (renamed from mpd-music/mpd.conf)0
-rwxr-xr-xfiles/mpd-music/music.init (renamed from mpd-music/music.init)0
-rwxr-xr-xfiles/mpd-music/music_refresh (renamed from mpd-music/music_refresh)0
-rwxr-xr-xfiles/wireguard/mwg.init39
-rwxr-xr-xfirewall28
-rwxr-xr-xfirewall/multiconfig.sh35
-rwxr-xr-xhosts6
-rw-r--r--lib/utils119
-rwxr-xr-xmulticonfig12
-rwxr-xr-xmulticonfig.sh73
-rwxr-xr-xopenvpn15
-rw-r--r--openvpn/multiconfig.sh0
-rw-r--r--utils29
-rwxr-xr-xvirt/virt-monitor2
-rwxr-xr-xvirt/virt-serial8
-rwxr-xr-xvirt/virt.init51
23 files changed, 281 insertions, 258 deletions
diff --git a/README b/README
deleted file mode 100644
index e5946fb..0000000
--- a/README
+++ /dev/null
@@ -1,4 +0,0 @@
-Distributed configuration tool
-==============================
-This is tool for distributed configuration. It provides the way to distribute
-configuration trough git to every host.
diff --git a/README.md b/README.md
index e5946fb..76c1a71 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
Distributed configuration tool
==============================
This is tool for distributed configuration. It provides the way to distribute
-configuration trough git to every host.
+configuration trough git and ssh to every host.
diff --git a/bridge/dhcpd.conf b/bridge/dhcpd.conf
deleted file mode 100644
index 7aa8ab2..0000000
--- a/bridge/dhcpd.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-authoritative;
-
-default-lease-time 600;
-max-lease-time 7200;
-
-subnet 192.168.30.0 netmask 255.255.255.0 {
- range 192.168.30.10 192.168.30.250;
- option routers 192.168.30.1;
- option subnet-mask 255.255.255.0;
- option broadcast-address 192.168.30.255;
-}
-
-option domain-name-servers 217.31.204.130, 193.29.206.206;
diff --git a/bridge/init/bridge b/bridge/init/bridge
deleted file mode 100644
index 430f795..0000000
--- a/bridge/init/bridge
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-depend() {
- use logger
-}
-
-start() {
- # Add bridge interface
- if ! ip link list bridge 2>/dev/null >&2; then
- ip link add name bridge type bridge
- fi
- # Set bridge up
- ip link set bridge up
- # Set ip address
- if [ -z "$(ip addr show dev bridge to 192.168.30.1)" ]; then
- ip addr add 192.168.30.1/24 dev bridge
- fi
-}
-
-stop() {
- if ip link list bridge 2>/dev/null >&2; then
- ip link del dev bridge
- fi
-}
diff --git a/bridge/init/bridge-dhcp b/bridge/init/bridge-dhcp
deleted file mode 100644
index fd93116..0000000
--- a/bridge/init/bridge-dhcp
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-description="Bridge dhcp daemon"
-command="/usr/sbin/dhcpd"
-pidfile="/run/bridge-dhcp.pid"
-command_args="-4 -pf $pidfile -cf /etc/dhcp/bridge_dhcpd.conf bridge"
-
-depend() {
- need bridge
- use logger
-}
diff --git a/bridge/sysctl.conf b/bridge/sysctl.conf
deleted file mode 100644
index 9ad9779..0000000
--- a/bridge/sysctl.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-# vim: ft=sysctl
-# Enable ipv4 forwarding
-net.ipv4.ip_forward=1
diff --git a/common b/common
new file mode 100644
index 0000000..95a95fd
--- /dev/null
+++ b/common
@@ -0,0 +1,61 @@
+# vim: ft=sh
+set -e
+
+export MC_LOCAL_DIR=""
+while [ $# -gt 0 ]; do
+ case "$1" in
+ -h|--help)
+ echo "Usage: $0 [OPTION]..."
+ echo "Multiconfig system script."
+ echo "$MC_DESCRIPTION"
+ echo
+ echo "Options:"
+ echo " --description"
+ echo " Print description of this module and exit."
+ echo " --local [DIR]"
+ echo " Instead of accessing remote files storage use local directory."
+ echo " If no directory is provided or is empty then current working directory is used."
+ echo " -h, --help"
+ echo " Print this help text and exit."
+ exit 0
+ ;;
+ --description)
+ echo "$MC_DESCRIPTION"
+ exit 0
+ ;;
+ --local)
+ shift
+ MC_LOCAL_DIR="${1:-$PWD}"
+ ;;
+ *)
+ echo "Unknown option: $1" >&2
+ exit 1
+ ;;
+ esac
+ shift
+done
+
+if [ "$(id -u)" != "0" ]; then
+ die "Please run this script only as root"
+fi
+
+# Add path to our own libraries
+export PATH="$PATH:$(dirname "$(readlink -f "$0")")/lib"
+
+# Include utils
+. utils
+
+# Verify if distribution is supported
+[ "$(distribution)" != "unknown" ] || die "Running on unsupported distribution!"
+
+# Export some utility paths
+export MC_STATUS_DIR="/var/multiconfig/status"
+export MC_TRASH_DIR="/var/multiconfig/trash"
+case "$(distribution)" in
+ openwrt)
+ MC_STATUS_DIR="/usr/share/multiconfig/status"
+ MC_TRASH_DIR="/usr/share/multiconfig/trash"
+ ;;
+esac
+# Make sure that status directoruy
+mkdir -p "$MC_STATUS_DIR"
diff --git a/mpd-music/mpd.conf b/files/mpd-music/mpd.conf
index 4fd1b2b..4fd1b2b 100644
--- a/mpd-music/mpd.conf
+++ b/files/mpd-music/mpd.conf
diff --git a/mpd-music/music.init b/files/mpd-music/music.init
index 4a5c654..4a5c654 100755
--- a/mpd-music/music.init
+++ b/files/mpd-music/music.init
diff --git a/mpd-music/music_refresh b/files/mpd-music/music_refresh
index 6215de2..6215de2 100755
--- a/mpd-music/music_refresh
+++ b/files/mpd-music/music_refresh
diff --git a/files/wireguard/mwg.init b/files/wireguard/mwg.init
new file mode 100755
index 0000000..4e9d45d
--- /dev/null
+++ b/files/wireguard/mwg.init
@@ -0,0 +1,39 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+ use logger
+}
+
+reload() {
+ if [ -z "$IP" ]; then
+ eerror "Variable IP has to be defined in service config file"
+ exit 1
+ fi
+
+ ip link set down dev mwg
+
+ ip addr flush mwg
+ ip addr add "$IP/24" dev mwg
+
+ wg setconf mwg "/etc/mwg/config"
+
+ ip link set up dev mwg
+}
+
+start() {
+ # Add wireguard interface
+ if ! ip link list mwg 2>/dev/null >&2; then
+ ip link add dev mwg type wireguard
+ fi
+ # Reload/Load
+ reload
+
+ mark_service_started
+}
+
+stop() {
+ # Remove wireguard interface
+ ip link del dev mwg || true
+}
diff --git a/firewall b/firewall
new file mode 100755
index 0000000..a42f01d
--- /dev/null
+++ b/firewall
@@ -0,0 +1,28 @@
+#!/bin/sh
+MC_DESCRIPTION="Firewall configuration."
+. "$(dirname "$(readlink -f "$0")")/common" || exit
+
+# TODO add support for Turris/OpenWRT somehow?
+
+restart4=false
+inst ipv4 /etc/iptables/ipv4
+restart4=$change
+inst ipv4-config /etc/conf.d/iptables
+$restart4 || restart4=$change
+
+restart6=false
+inst ipv6 /etc/iptables/ipv6
+restart6=$change
+inst ipv6-config /etc/conf.d/ip6tables
+$restart6 || restart6=$change
+
+apply ############################################################################
+
+if $restart4; then
+ echo "Restarting IPv4 firewall"
+ rc-service iptables restart
+fi
+if $restart6; then
+ echo "Restarting IPv6 firewall"
+ rc-service ip6tables restart
+fi
diff --git a/firewall/multiconfig.sh b/firewall/multiconfig.sh
deleted file mode 100755
index 0befbf1..0000000
--- a/firewall/multiconfig.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh
-set -e
-LPATH="$(dirname "$0")"
-if [ -f "$LPATH/utils" ]; then
- . "$LPATH/utils"
-elif [ -f "$LPATH/../utils" ]; then
- . "$LPATH/../utils"
-else
- echo "Can't locate utilities!"
- exit 1
-fi
-######################################
-
-mkdir -p /etc/iptables
-
-configure() {
- if ! grep -q "$3_SAVE=\"/etc/iptables/$1\"" "/etc/conf.d/$2"; then
- echo "Reconfiguring $2 service configuration"
- sed -i "s#^$3_SAVE=.*\$#$3_SAVE=\"/etc/iptables/$1\"#" "/etc/conf.d/$2"
- fi
-}
-configure ipv4 iptables IPTABLES
-configure ipv6 ip6tables IP6TABLES
-
-H="$(hostname)"
-
-if inst "firewall/$H.ipv4" /etc/iptables/ipv4; then
- echo "Reloading IPv4 firewall"
- service iptables reload
-fi
-
-if inst "firewall/$H.ipv6" /etc/iptables/ipv6; then
- echo "Reloading IPv6 firewall"
- service ip6tables reload
-fi
diff --git a/hosts b/hosts
new file mode 100755
index 0000000..1afa5e4
--- /dev/null
+++ b/hosts
@@ -0,0 +1,6 @@
+#!/bin/sh
+MC_DESCRIPTION="/etc/hosts file"
+. "$(dirname "$(readlink -f "$0")")/common" || exit
+
+inst hosts /etc/hosts
+apply
diff --git a/lib/utils b/lib/utils
new file mode 100644
index 0000000..5281d19
--- /dev/null
+++ b/lib/utils
@@ -0,0 +1,119 @@
+# vim: ft=sh
+
+die() {
+ echo "$@" >&2
+ kill $$
+}
+
+# Returns name of this module
+module_id() {
+ $(basename "$0")
+}
+
+# Status file for this module
+MC_STATUS_FILE="$MC_STATUS_DIR/$(module_id)"
+
+# Return hash of given file from status file
+# First argument have to be a path to output file
+installed_hash() {
+ awk -F '\t' -v regex="^$1$" '/$2 ~ regex { print $1 }' "$MC_STATUS_FILE"
+}
+
+# Hash of currently installed file
+# Access remote resource
+# It connects to remote server and requests resource for given plugin.
+# It expects only one argument and that is resource identifier.
+remote_source() {
+ local res="$1"
+ local mod_id="$(module_id)"
+ if [ -n "$MC_LOCAL_DIR" ]; then
+ "$MC_LOCAL_DIR/request.sh" "$mod_id:$res"
+ else
+ ssh -i ~/.ssh/multiconfig multiconfig@cynerd.cz -- "$mod_id:$res"
+ fi
+}
+
+# Defined and create QUEUE file for this instance
+MC_QUEUE_FILE="$(mktemp multiconfig-$(module_id).queue.XXXXXX)"
+touch "$MC_QUEUE_FILE"
+
+# Variable signaling if file was updated or not
+change=false
+
+# Install given file
+# First argument has to be a identifier string for remote script
+# Second argument has to be an output file (absolute path).
+inst() {
+ local src="$1"
+ local out="$2"
+ [ -f "$MC_QUEUE_FILE" ] || die "inst can be called only before apply call!"
+ grep -q "\t$out$" || die "inst can be called on one output only once!"
+ # TODO verify that this output is not already in queue
+ local tmp="$(mktemp multiconfig.XXXXXXXXXX)"
+ remote_source "$src" > "$tmp"
+ local refhash="$(installed_hash "$out")"
+ if [ -n "$refhash" ]; then
+ change=false
+ if [ -f "$out" ]; then
+ local cursha="$(sha256 "$out")"
+ if [ "$cursha" != "$(sha256 "$tmp")" ]; then
+ echo "Updating file ($src): $out"
+ [ "$cursha" = "$refhash" ] || echo "File was edited manually! $out"
+ echo "$tmp $out" >> "$MC_QUEUE_FILE"
+ change=true
+ fi
+ else
+ echo "Output is not a file! $out"
+ echo "$tmp $out" >> "$MC_QUEUE_FILE"
+ change=true
+ fi
+ else
+ echo "New file ($src): $out"
+ echo "$tmp $out" >> "$MC_QUEUE_FILE"
+ change=true
+ fi
+}
+
+# Apply all queued changes and cleanup
+apply() {
+ local new="$MC_STATUS_FILE.new"
+ echo -n > "$new"
+ while IFS=\t read src out; do
+ if [ -e "$out" ]; then
+ local trash="$MC_TRASH_DIR/$out.$(date +%y%m%d%H%M%S)"
+ if [ -f "$out" ]; then
+ if [ "$(installed_hash "$out")" != "$(sha256 "$out")" ]; then
+ echo "File was manually changed: $out -> $trash"
+ cp "$out" "$trash"
+ fi
+ else
+ echo "Path exists but is not a file: $out -> $trash"
+ mv "$out" "$trash"
+ fi
+ fi
+ echo "Updating: $out"
+ mv "$src" "$out"
+ sha256 "$out" >> "$new"
+ done < "$MC_QUEUE_FILE"
+ rm "$MC_QUEUE_FILE"
+ mv "$new" "$MC_STATUS_FILE"
+ change=
+}
+
+# TODO somehow add support for installing directories. Most probably by having
+# remote script returning list of files in directory and then calling inst on
+# them.
+
+# Returns string informing you of distribution type but only if given distribution
+# is supported. If ditribution is not supported then it returns "unknown".
+distribution() {
+ if [ -f /etc/gentoo-release ]; then
+ echo "gentoo"
+ elif [ -f /etc/alpine-release ]; then
+ echo "alpine"
+ elif [ -f /etc/openwrt_version ]; then
+ echo "openwrt"
+ else
+ echo "unknown"
+ fi
+}
diff --git a/multiconfig b/multiconfig
new file mode 100755
index 0000000..68e94e6
--- /dev/null
+++ b/multiconfig
@@ -0,0 +1,12 @@
+#!/bin/sh
+MC_DESCRIPTION="Core configuration of multiconfig it self."
+. "$(dirname "$(readlink -f "$0")")/common" || exit
+
+inst cron /etc/cron.d/multiconfig
+dorestart=$change
+
+apply ############################################################################
+
+if $dorestart; then
+ rc-service cronie restart
+fi
diff --git a/multiconfig.sh b/multiconfig.sh
deleted file mode 100755
index 500d0de..0000000
--- a/multiconfig.sh
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/bin/sh
-set -e
-MODDIR="/usr/lib/multiconfig"
-
-MODS=""
-LOCAL=false
-
-# TODO email notifications
-# TODO version verification
-
-while [ $# -gt 0 ]; do
- case "$1" in
- -h|--help)
- echo "Multiconfig system script"
- echo "Usage: multiconfig.sh [OPTION]... [MODULE]..."
- echo
- echo "Options:"
- echo "--local - use current working directory as source for files"
- exit 0
- ;;
- --local)
- LOCAL=true
- ;;
- *)
- if [ -x "$1" ]; then
- MODS="$MODS $(pwd)/$1"
- elif [ -x "$MODDIR/$1" ]; then
- MODS="$MODS $MODDIR/$1"
- else
- echo "Requested unknown mod: $1"
- exit 1
- fi
- ;;
- esac
- shift
-done
-
-[ "$(id -u)" == 0 ] || {
- echo "Please run this script only as root."
- exit 1
-}
-
-if ! $LOCAL; then
- if [ ! -d "/root/.multiconfig" ]; then
- echo "No files directory. Please setup it first."
- exit 1
- fi
- cd "/root/.multiconfig"
- # Ensure that we have correct access rights on private key
- chmod 600 ssh_key
- # Update git repository
- git fetch
- git reset --hard origin/master
- git clean -xdf
- # Verify trunk
- # TODO gpg home?
- #git verify-commit HEAD
-fi
-
-# No modules given means to process all modules
-if [ -z "$MODS" ]; then
- for M in $(find "$MODDIR" -executable); do
- MODS="$MODS $MODDIR/$M"
- done
-fi
-
-[ -n "$MODS" ] || exit 0
-
-mkdir -p /var/log/multiconfig
-for M in $MODS; do
- LOG="/var/log/multiconfig/$(basename "$M")"
- "$M" | logger -s -t "multiconfig-$M" | tee "$LOG" || echo "TODO send email!"
-done
diff --git a/openvpn b/openvpn
new file mode 100755
index 0000000..8894c96
--- /dev/null
+++ b/openvpn
@@ -0,0 +1,15 @@
+#!/bin/sh
+MC_DESCRIPTION="OpenVPN configuration."
+. "$(dirname "$(readlink -f "$0")")/common" || exit
+
+inst conf /etc/openvpn/myvpn.conf
+vpn_restart=$change
+
+if [ "$(remote_source is_server)" = "y" ]; then
+ # TODO pull ccd directory
+ true
+fi
+
+apply ############################################################################
+
+
diff --git a/openvpn/multiconfig.sh b/openvpn/multiconfig.sh
deleted file mode 100644
index e69de29..0000000
--- a/openvpn/multiconfig.sh
+++ /dev/null
diff --git a/utils b/utils
deleted file mode 100644
index 0b94707..0000000
--- a/utils
+++ /dev/null
@@ -1,29 +0,0 @@
-# vim: ft=sh
-
-die() {
- kill $$
-}
-
-inst_f() {
- if [ -f "$2" ]; then
- else
- mkdir "$(basedir "$2")"
- echo "New file: $1 -> $2"
- fi
-}
-
-inst_d() {
- # TODO
- true
-}
-
-inst() {
- if [ -f "$1" ]; then
- inst_f "$1" "$2"
- elif [ -d "$1" ]; then
- inst_d "$1" "$2"
- else
- echo "Unsupported install target type of: $1"
- die
- fi
-}
diff --git a/virt/virt-monitor b/virt/virt-monitor
deleted file mode 100755
index cd6e173..0000000
--- a/virt/virt-monitor
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-socat - UNIX-CONNECT:/run/virt/$1/serial.sock
diff --git a/virt/virt-serial b/virt/virt-serial
deleted file mode 100755
index 487b97b..0000000
--- a/virt/virt-serial
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-
-# TODO check with root permission that virtual doesn't running
-
-. /etc/conf.d/virt.$1
-
-sudo qemu-system-x86_64 -runas qemu $ARGS -nographic
-#sudo qemu-system-x86_64 -runas qemu $ARGS -curses
diff --git a/virt/virt.init b/virt/virt.init
deleted file mode 100755
index 6ccbd9e..0000000
--- a/virt/virt.init
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/sbin/openrc-run
-# vim: ft=sh
-VM_NAME="${RC_SVCNAME#virt.}"
-
-depend() {
- need networking
- after iptables ip6tables
- use logger
-}
-
-pid_file="/run/virt/$VM_NAME/pid"
-
-status() {
- if [ -f "$pid_file" ]; then
- if kill -0 "$(cat "$pid_file")" >/dev/null 2>&1; then
- einfo "Virtual $VM_NAME is running"
- else
- eerror "Virtual $VM_NAME isn't running but some garbage was left"
- fi
- else
- ewarn "Virtual $VM_NAME isn't running"
- fi
-}
-
-start() {
- if [ "$RC_SVCNAME" = 'virt' ]; then
- eerror 'You are not supposed to run this runscript directly. Instead, you should create a symlink for the VM you want to run.'
- return 1
- fi
-
- mkdir -p /run/virt/$VM_NAME
- chown :qemu /run/virt/$VM_NAME
- chmod 775 /run/virt/$VM_NAME
-
- qemu-system-x86_64 $ARGS -daemonize -runas qemu \
- -pidfile "$pid_file" -D /var/log/virt.$VM_NAME.log \
- -monitor unix:/run/virt/$VM_NAME/monitor.sock,server,nowait \
- -serial unix:/run/virt/$VM_NAME/serial.sock,server,nowait
-}
-
-stop() {
- if [ -f "$pid_file" ] && kill -0 $(cat "$pid_file") >/dev/null 2>&1; then
- PID=$(cat "$pid_file")
- kill $PID
- # TODO if there are problems we should implement also timeout
- while kill -0 $PID >/dev/null 2>&1; do sleep 1; done
- else
- ewarn "Virtual $VM_NAME is not running"
- fi
-}
-