diff options
| -rw-r--r-- | README | 4 | ||||
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | bridge/dhcpd.conf | 13 | ||||
| -rw-r--r-- | bridge/init/bridge | 26 | ||||
| -rw-r--r-- | bridge/init/bridge-dhcp | 13 | ||||
| -rw-r--r-- | bridge/sysctl.conf | 3 | ||||
| -rw-r--r-- | common | 61 | ||||
| -rw-r--r-- | files/mpd-music/mpd.conf (renamed from mpd-music/mpd.conf) | 0 | ||||
| -rwxr-xr-x | files/mpd-music/music.init (renamed from mpd-music/music.init) | 0 | ||||
| -rwxr-xr-x | files/mpd-music/music_refresh (renamed from mpd-music/music_refresh) | 0 | ||||
| -rwxr-xr-x | files/wireguard/mwg.init | 39 | ||||
| -rwxr-xr-x | firewall | 28 | ||||
| -rwxr-xr-x | firewall/multiconfig.sh | 35 | ||||
| -rwxr-xr-x | hosts | 6 | ||||
| -rw-r--r-- | lib/utils | 119 | ||||
| -rwxr-xr-x | multiconfig | 12 | ||||
| -rwxr-xr-x | multiconfig.sh | 73 | ||||
| -rwxr-xr-x | openvpn | 15 | ||||
| -rw-r--r-- | openvpn/multiconfig.sh | 0 | ||||
| -rw-r--r-- | utils | 29 | ||||
| -rwxr-xr-x | virt/virt-monitor | 2 | ||||
| -rwxr-xr-x | virt/virt-serial | 8 | ||||
| -rwxr-xr-x | virt/virt.init | 51 |
23 files changed, 281 insertions, 258 deletions
@@ -1,4 +0,0 @@ -Distributed configuration tool -============================== -This is tool for distributed configuration. It provides the way to distribute -configuration trough git to every host. @@ -1,4 +1,4 @@ Distributed configuration tool ============================== This is tool for distributed configuration. It provides the way to distribute -configuration trough git to every host. +configuration trough git and ssh to every host. diff --git a/bridge/dhcpd.conf b/bridge/dhcpd.conf deleted file mode 100644 index 7aa8ab2..0000000 --- a/bridge/dhcpd.conf +++ /dev/null @@ -1,13 +0,0 @@ -authoritative; - -default-lease-time 600; -max-lease-time 7200; - -subnet 192.168.30.0 netmask 255.255.255.0 { - range 192.168.30.10 192.168.30.250; - option routers 192.168.30.1; - option subnet-mask 255.255.255.0; - option broadcast-address 192.168.30.255; -} - -option domain-name-servers 217.31.204.130, 193.29.206.206; diff --git a/bridge/init/bridge b/bridge/init/bridge deleted file mode 100644 index 430f795..0000000 --- a/bridge/init/bridge +++ /dev/null @@ -1,26 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -depend() { - use logger -} - -start() { - # Add bridge interface - if ! ip link list bridge 2>/dev/null >&2; then - ip link add name bridge type bridge - fi - # Set bridge up - ip link set bridge up - # Set ip address - if [ -z "$(ip addr show dev bridge to 192.168.30.1)" ]; then - ip addr add 192.168.30.1/24 dev bridge - fi -} - -stop() { - if ip link list bridge 2>/dev/null >&2; then - ip link del dev bridge - fi -} diff --git a/bridge/init/bridge-dhcp b/bridge/init/bridge-dhcp deleted file mode 100644 index fd93116..0000000 --- a/bridge/init/bridge-dhcp +++ /dev/null @@ -1,13 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -description="Bridge dhcp daemon" -command="/usr/sbin/dhcpd" -pidfile="/run/bridge-dhcp.pid" -command_args="-4 -pf $pidfile -cf /etc/dhcp/bridge_dhcpd.conf bridge" - -depend() { - need bridge - use logger -} diff --git a/bridge/sysctl.conf b/bridge/sysctl.conf deleted file mode 100644 index 9ad9779..0000000 --- a/bridge/sysctl.conf +++ /dev/null @@ -1,3 +0,0 @@ -# vim: ft=sysctl -# Enable ipv4 forwarding -net.ipv4.ip_forward=1 @@ -0,0 +1,61 @@ +# vim: ft=sh +set -e + +export MC_LOCAL_DIR="" +while [ $# -gt 0 ]; do + case "$1" in + -h|--help) + echo "Usage: $0 [OPTION]..." + echo "Multiconfig system script." + echo "$MC_DESCRIPTION" + echo + echo "Options:" + echo " --description" + echo " Print description of this module and exit." + echo " --local [DIR]" + echo " Instead of accessing remote files storage use local directory." + echo " If no directory is provided or is empty then current working directory is used." + echo " -h, --help" + echo " Print this help text and exit." + exit 0 + ;; + --description) + echo "$MC_DESCRIPTION" + exit 0 + ;; + --local) + shift + MC_LOCAL_DIR="${1:-$PWD}" + ;; + *) + echo "Unknown option: $1" >&2 + exit 1 + ;; + esac + shift +done + +if [ "$(id -u)" != "0" ]; then + die "Please run this script only as root" +fi + +# Add path to our own libraries +export PATH="$PATH:$(dirname "$(readlink -f "$0")")/lib" + +# Include utils +. utils + +# Verify if distribution is supported +[ "$(distribution)" != "unknown" ] || die "Running on unsupported distribution!" + +# Export some utility paths +export MC_STATUS_DIR="/var/multiconfig/status" +export MC_TRASH_DIR="/var/multiconfig/trash" +case "$(distribution)" in + openwrt) + MC_STATUS_DIR="/usr/share/multiconfig/status" + MC_TRASH_DIR="/usr/share/multiconfig/trash" + ;; +esac +# Make sure that status directoruy +mkdir -p "$MC_STATUS_DIR" diff --git a/mpd-music/mpd.conf b/files/mpd-music/mpd.conf index 4fd1b2b..4fd1b2b 100644 --- a/mpd-music/mpd.conf +++ b/files/mpd-music/mpd.conf diff --git a/mpd-music/music.init b/files/mpd-music/music.init index 4a5c654..4a5c654 100755 --- a/mpd-music/music.init +++ b/files/mpd-music/music.init diff --git a/mpd-music/music_refresh b/files/mpd-music/music_refresh index 6215de2..6215de2 100755 --- a/mpd-music/music_refresh +++ b/files/mpd-music/music_refresh diff --git a/files/wireguard/mwg.init b/files/wireguard/mwg.init new file mode 100755 index 0000000..4e9d45d --- /dev/null +++ b/files/wireguard/mwg.init @@ -0,0 +1,39 @@ +#!/sbin/openrc-run +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + use logger +} + +reload() { + if [ -z "$IP" ]; then + eerror "Variable IP has to be defined in service config file" + exit 1 + fi + + ip link set down dev mwg + + ip addr flush mwg + ip addr add "$IP/24" dev mwg + + wg setconf mwg "/etc/mwg/config" + + ip link set up dev mwg +} + +start() { + # Add wireguard interface + if ! ip link list mwg 2>/dev/null >&2; then + ip link add dev mwg type wireguard + fi + # Reload/Load + reload + + mark_service_started +} + +stop() { + # Remove wireguard interface + ip link del dev mwg || true +} diff --git a/firewall b/firewall new file mode 100755 index 0000000..a42f01d --- /dev/null +++ b/firewall @@ -0,0 +1,28 @@ +#!/bin/sh +MC_DESCRIPTION="Firewall configuration." +. "$(dirname "$(readlink -f "$0")")/common" || exit + +# TODO add support for Turris/OpenWRT somehow? + +restart4=false +inst ipv4 /etc/iptables/ipv4 +restart4=$change +inst ipv4-config /etc/conf.d/iptables +$restart4 || restart4=$change + +restart6=false +inst ipv6 /etc/iptables/ipv6 +restart6=$change +inst ipv6-config /etc/conf.d/ip6tables +$restart6 || restart6=$change + +apply ############################################################################ + +if $restart4; then + echo "Restarting IPv4 firewall" + rc-service iptables restart +fi +if $restart6; then + echo "Restarting IPv6 firewall" + rc-service ip6tables restart +fi diff --git a/firewall/multiconfig.sh b/firewall/multiconfig.sh deleted file mode 100755 index 0befbf1..0000000 --- a/firewall/multiconfig.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh -set -e -LPATH="$(dirname "$0")" -if [ -f "$LPATH/utils" ]; then - . "$LPATH/utils" -elif [ -f "$LPATH/../utils" ]; then - . "$LPATH/../utils" -else - echo "Can't locate utilities!" - exit 1 -fi -###################################### - -mkdir -p /etc/iptables - -configure() { - if ! grep -q "$3_SAVE=\"/etc/iptables/$1\"" "/etc/conf.d/$2"; then - echo "Reconfiguring $2 service configuration" - sed -i "s#^$3_SAVE=.*\$#$3_SAVE=\"/etc/iptables/$1\"#" "/etc/conf.d/$2" - fi -} -configure ipv4 iptables IPTABLES -configure ipv6 ip6tables IP6TABLES - -H="$(hostname)" - -if inst "firewall/$H.ipv4" /etc/iptables/ipv4; then - echo "Reloading IPv4 firewall" - service iptables reload -fi - -if inst "firewall/$H.ipv6" /etc/iptables/ipv6; then - echo "Reloading IPv6 firewall" - service ip6tables reload -fi @@ -0,0 +1,6 @@ +#!/bin/sh +MC_DESCRIPTION="/etc/hosts file" +. "$(dirname "$(readlink -f "$0")")/common" || exit + +inst hosts /etc/hosts +apply diff --git a/lib/utils b/lib/utils new file mode 100644 index 0000000..5281d19 --- /dev/null +++ b/lib/utils @@ -0,0 +1,119 @@ +# vim: ft=sh + +die() { + echo "$@" >&2 + kill $$ +} + +# Returns name of this module +module_id() { + $(basename "$0") +} + +# Status file for this module +MC_STATUS_FILE="$MC_STATUS_DIR/$(module_id)" + +# Return hash of given file from status file +# First argument have to be a path to output file +installed_hash() { + awk -F '\t' -v regex="^$1$" '/$2 ~ regex { print $1 }' "$MC_STATUS_FILE" +} + +# Hash of currently installed file +# Access remote resource +# It connects to remote server and requests resource for given plugin. +# It expects only one argument and that is resource identifier. +remote_source() { + local res="$1" + local mod_id="$(module_id)" + if [ -n "$MC_LOCAL_DIR" ]; then + "$MC_LOCAL_DIR/request.sh" "$mod_id:$res" + else + ssh -i ~/.ssh/multiconfig multiconfig@cynerd.cz -- "$mod_id:$res" + fi +} + +# Defined and create QUEUE file for this instance +MC_QUEUE_FILE="$(mktemp multiconfig-$(module_id).queue.XXXXXX)" +touch "$MC_QUEUE_FILE" + +# Variable signaling if file was updated or not +change=false + +# Install given file +# First argument has to be a identifier string for remote script +# Second argument has to be an output file (absolute path). +inst() { + local src="$1" + local out="$2" + [ -f "$MC_QUEUE_FILE" ] || die "inst can be called only before apply call!" + grep -q "\t$out$" || die "inst can be called on one output only once!" + # TODO verify that this output is not already in queue + local tmp="$(mktemp multiconfig.XXXXXXXXXX)" + remote_source "$src" > "$tmp" + local refhash="$(installed_hash "$out")" + if [ -n "$refhash" ]; then + change=false + if [ -f "$out" ]; then + local cursha="$(sha256 "$out")" + if [ "$cursha" != "$(sha256 "$tmp")" ]; then + echo "Updating file ($src): $out" + [ "$cursha" = "$refhash" ] || echo "File was edited manually! $out" + echo "$tmp $out" >> "$MC_QUEUE_FILE" + change=true + fi + else + echo "Output is not a file! $out" + echo "$tmp $out" >> "$MC_QUEUE_FILE" + change=true + fi + else + echo "New file ($src): $out" + echo "$tmp $out" >> "$MC_QUEUE_FILE" + change=true + fi +} + +# Apply all queued changes and cleanup +apply() { + local new="$MC_STATUS_FILE.new" + echo -n > "$new" + while IFS=\t read src out; do + if [ -e "$out" ]; then + local trash="$MC_TRASH_DIR/$out.$(date +%y%m%d%H%M%S)" + if [ -f "$out" ]; then + if [ "$(installed_hash "$out")" != "$(sha256 "$out")" ]; then + echo "File was manually changed: $out -> $trash" + cp "$out" "$trash" + fi + else + echo "Path exists but is not a file: $out -> $trash" + mv "$out" "$trash" + fi + fi + echo "Updating: $out" + mv "$src" "$out" + sha256 "$out" >> "$new" + done < "$MC_QUEUE_FILE" + rm "$MC_QUEUE_FILE" + mv "$new" "$MC_STATUS_FILE" + change= +} + +# TODO somehow add support for installing directories. Most probably by having +# remote script returning list of files in directory and then calling inst on +# them. + +# Returns string informing you of distribution type but only if given distribution +# is supported. If ditribution is not supported then it returns "unknown". +distribution() { + if [ -f /etc/gentoo-release ]; then + echo "gentoo" + elif [ -f /etc/alpine-release ]; then + echo "alpine" + elif [ -f /etc/openwrt_version ]; then + echo "openwrt" + else + echo "unknown" + fi +} diff --git a/multiconfig b/multiconfig new file mode 100755 index 0000000..68e94e6 --- /dev/null +++ b/multiconfig @@ -0,0 +1,12 @@ +#!/bin/sh +MC_DESCRIPTION="Core configuration of multiconfig it self." +. "$(dirname "$(readlink -f "$0")")/common" || exit + +inst cron /etc/cron.d/multiconfig +dorestart=$change + +apply ############################################################################ + +if $dorestart; then + rc-service cronie restart +fi diff --git a/multiconfig.sh b/multiconfig.sh deleted file mode 100755 index 500d0de..0000000 --- a/multiconfig.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/sh -set -e -MODDIR="/usr/lib/multiconfig" - -MODS="" -LOCAL=false - -# TODO email notifications -# TODO version verification - -while [ $# -gt 0 ]; do - case "$1" in - -h|--help) - echo "Multiconfig system script" - echo "Usage: multiconfig.sh [OPTION]... [MODULE]..." - echo - echo "Options:" - echo "--local - use current working directory as source for files" - exit 0 - ;; - --local) - LOCAL=true - ;; - *) - if [ -x "$1" ]; then - MODS="$MODS $(pwd)/$1" - elif [ -x "$MODDIR/$1" ]; then - MODS="$MODS $MODDIR/$1" - else - echo "Requested unknown mod: $1" - exit 1 - fi - ;; - esac - shift -done - -[ "$(id -u)" == 0 ] || { - echo "Please run this script only as root." - exit 1 -} - -if ! $LOCAL; then - if [ ! -d "/root/.multiconfig" ]; then - echo "No files directory. Please setup it first." - exit 1 - fi - cd "/root/.multiconfig" - # Ensure that we have correct access rights on private key - chmod 600 ssh_key - # Update git repository - git fetch - git reset --hard origin/master - git clean -xdf - # Verify trunk - # TODO gpg home? - #git verify-commit HEAD -fi - -# No modules given means to process all modules -if [ -z "$MODS" ]; then - for M in $(find "$MODDIR" -executable); do - MODS="$MODS $MODDIR/$M" - done -fi - -[ -n "$MODS" ] || exit 0 - -mkdir -p /var/log/multiconfig -for M in $MODS; do - LOG="/var/log/multiconfig/$(basename "$M")" - "$M" | logger -s -t "multiconfig-$M" | tee "$LOG" || echo "TODO send email!" -done @@ -0,0 +1,15 @@ +#!/bin/sh +MC_DESCRIPTION="OpenVPN configuration." +. "$(dirname "$(readlink -f "$0")")/common" || exit + +inst conf /etc/openvpn/myvpn.conf +vpn_restart=$change + +if [ "$(remote_source is_server)" = "y" ]; then + # TODO pull ccd directory + true +fi + +apply ############################################################################ + + diff --git a/openvpn/multiconfig.sh b/openvpn/multiconfig.sh deleted file mode 100644 index e69de29..0000000 --- a/openvpn/multiconfig.sh +++ /dev/null @@ -1,29 +0,0 @@ -# vim: ft=sh - -die() { - kill $$ -} - -inst_f() { - if [ -f "$2" ]; then - else - mkdir "$(basedir "$2")" - echo "New file: $1 -> $2" - fi -} - -inst_d() { - # TODO - true -} - -inst() { - if [ -f "$1" ]; then - inst_f "$1" "$2" - elif [ -d "$1" ]; then - inst_d "$1" "$2" - else - echo "Unsupported install target type of: $1" - die - fi -} diff --git a/virt/virt-monitor b/virt/virt-monitor deleted file mode 100755 index cd6e173..0000000 --- a/virt/virt-monitor +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -socat - UNIX-CONNECT:/run/virt/$1/serial.sock diff --git a/virt/virt-serial b/virt/virt-serial deleted file mode 100755 index 487b97b..0000000 --- a/virt/virt-serial +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -# TODO check with root permission that virtual doesn't running - -. /etc/conf.d/virt.$1 - -sudo qemu-system-x86_64 -runas qemu $ARGS -nographic -#sudo qemu-system-x86_64 -runas qemu $ARGS -curses diff --git a/virt/virt.init b/virt/virt.init deleted file mode 100755 index 6ccbd9e..0000000 --- a/virt/virt.init +++ /dev/null @@ -1,51 +0,0 @@ -#!/sbin/openrc-run -# vim: ft=sh -VM_NAME="${RC_SVCNAME#virt.}" - -depend() { - need networking - after iptables ip6tables - use logger -} - -pid_file="/run/virt/$VM_NAME/pid" - -status() { - if [ -f "$pid_file" ]; then - if kill -0 "$(cat "$pid_file")" >/dev/null 2>&1; then - einfo "Virtual $VM_NAME is running" - else - eerror "Virtual $VM_NAME isn't running but some garbage was left" - fi - else - ewarn "Virtual $VM_NAME isn't running" - fi -} - -start() { - if [ "$RC_SVCNAME" = 'virt' ]; then - eerror 'You are not supposed to run this runscript directly. Instead, you should create a symlink for the VM you want to run.' - return 1 - fi - - mkdir -p /run/virt/$VM_NAME - chown :qemu /run/virt/$VM_NAME - chmod 775 /run/virt/$VM_NAME - - qemu-system-x86_64 $ARGS -daemonize -runas qemu \ - -pidfile "$pid_file" -D /var/log/virt.$VM_NAME.log \ - -monitor unix:/run/virt/$VM_NAME/monitor.sock,server,nowait \ - -serial unix:/run/virt/$VM_NAME/serial.sock,server,nowait -} - -stop() { - if [ -f "$pid_file" ] && kill -0 $(cat "$pid_file") >/dev/null 2>&1; then - PID=$(cat "$pid_file") - kill $PID - # TODO if there are problems we should implement also timeout - while kill -0 $PID >/dev/null 2>&1; do sleep 1; done - else - ewarn "Virtual $VM_NAME is not running" - fi -} - |