aboutsummaryrefslogtreecommitdiff
path: root/ops
diff options
context:
space:
mode:
Diffstat (limited to 'ops')
-rw-r--r--ops/bridge_net72
-rw-r--r--ops/cynerd_account65
-rw-r--r--ops/firewall65
-rw-r--r--ops/multiconfig41
-rw-r--r--ops/openvpn0
-rw-r--r--ops/wireguard0
6 files changed, 243 insertions, 0 deletions
diff --git a/ops/bridge_net b/ops/bridge_net
new file mode 100644
index 0000000..bab94ad
--- /dev/null
+++ b/ops/bridge_net
@@ -0,0 +1,72 @@
+# vim:ft=sh:noexpandtab
+# Bridge with dhcpd
+# TODO FreeBSD
+
+BRIDGE_NET_BRIDGE="./files/bridge_net/bridge.service"
+BRIDGE_NET_SYSCTL="./files/bridge_net/sysctl.conf"
+BRIDGE_NET_DHCPD="./files/bridge_net/dhcpd.conf"
+BRIDGE_NET_BRIDGE_DHCP="./files/bridge_net/bridge-dhcp.service"
+
+bridge_net_check() {
+ ops_set_current bridge_net
+ if ! ( which dhcpd ) >/dev/null; then
+ echo_error "Bridge_net expects dhcpd to be installed"
+ return 0
+ fi
+ # TODO check that we are using openrc otherwise this doesn't work
+
+ # Setup bridge service
+ if do_diff "$BRIDGE_NET_BRIDGE" "/etc/init.d/bridge" \
+ "Bridge service changes"; then
+ ops_require bridge_service
+ fi
+ # Setup ipv4 forward
+ if do_diff "$BRIDGE_NET_SYSCTL" "/etc/sysctl.d/bridge_net.conf" \
+ "Sysctl changes"; then
+ ops_require sysctl
+ fi
+ # DHCPd service
+ if do_diff "$BRIDGE_NET_BRIDGE_DHCP" "/etc/init.d/bridge-dhcp" \
+ "Bridge dhcp service changes"; then
+ ops_require bridge_dhcp_service
+ fi
+ # DHCPd configuration
+ if do_diff "$BRIDGE_NET_DHCPD" "/etc/dhcp/bridge_dhcpd.conf" \
+ "DHCPD configuration changes"; then
+ ops_require dhcpd_conf
+ fi
+
+ # TODO enable bridge_dhcp and bridge service
+
+ ops_required_any "Bridge_net" # return 1 fall trough
+}
+
+bridge_net_prepare() {
+ local BRIDGE_RESTART=false
+
+ if ops_is_required bridge_service; then
+ echo_trace "Updating bridge service"
+ cp "$BRIDGE_NET_BRIDGE" "/etc/init.d/bridge"
+ BRIDGE_RESTART=true
+ fi
+ if ops_is_required sysctl; then
+ echo_trace "Updating sysctl configuration for bridge"
+ cp "$BRIDGE_NET_SYSCTL" "/etc/sysctl.d/bridge"
+ fi
+
+ if $BRIDGE_RESTART; then
+ service bridge restart
+ fi
+}
+
+bridge_net_apply() {
+ # We have nothing to do for apply
+ # TODO
+ true
+}
+
+bridge_net_clean() {
+ # We have nothing to do for clean
+ # TODO
+ true
+}
diff --git a/ops/cynerd_account b/ops/cynerd_account
new file mode 100644
index 0000000..941ff66
--- /dev/null
+++ b/ops/cynerd_account
@@ -0,0 +1,65 @@
+# vim:ft=sh:noexpandtab
+# My personal account
+
+# Configuration options:
+# CYNERD_ACCOUNT_GROUPS - Additional groups to default cynerd,wheel
+# CYNERD_ACCOUNT_SSH_KEY - ssh public key to be added as authorized_keys
+# CYNERD_ACCOUNT_CONFIGS - myconfigs branch (currently accepting only server)
+
+. tools/grusr
+. tools/package
+. tools/git
+
+CYNERD_ACCOUNT_ARGS=""
+CYNERD_ACCOUNT_MYCNF_GIT=""
+
+cynerd_account_check() {
+ package_check zsh || CYNERD_ACCOUNT_NEED="zsh"
+ user_check $CYNERD_ACCOUNT_ARGS || CYNERD_ACCOUNT_NEED="$CYNERD_ACCOUNT_NEED user"
+ # TODO check that we have correct ssh key
+ package_check rsync || CYNERD_ACCOUNT_NEED="$CYNERD_ACCOUNT_NEED rsync"
+ git_check $CYNERD_ACCOUNT_MYCNF_GIT || CYNERD_ACCOUNT_NEED="$CYNERD_ACCOUNT_NEED myconfigs"
+ if [ -n "$CYNERD_ACCOUNT_NEED" ]; then
+ echo_info "Cynerd account requires update of these components: $CYNERD_ACCOUNT_NEED"
+ return 1
+ fi
+}
+
+cynerd_account_prepare() {
+ for N in $CYNERD_ACCOUNT_NEED; do
+ case "$N" in
+ zsh|rsync)
+ package_prepare "$N" || return 1
+ ;;
+ user)
+ user_prepare $CYNERD_ACCOUNT_ARGS || return 1
+ ;;
+ myconfigs)
+ git_prepare $CYNERD_ACCOUNT_MYCNF_GIT || return 1
+ ;;
+ esac
+ done
+}
+
+cynerd_account_apply() {
+ for N in $CYNERD_ACCOUNT_NEED; do
+ case "$N" in
+ zsh|rsync)
+ package_apply "$N" || return 1
+ ;;
+ user)
+ user_apply $CYNERD_ACCOUNT_ARGS || return 1
+ ;;
+ myconfigs)
+ git_apply $CYNERD_ACCOUNT_MYCNF_GIT || return 1
+ ;;
+ esac
+ done
+}
+
+cynerd_account_clean() {
+ local FAIL=0
+ package_clean zsh rsync || FAIL=1
+ git_clean $CYNERD_ACCOUNT_MYCNF_GIT || FAIL=1
+ return $FAIL
+}
diff --git a/ops/firewall b/ops/firewall
new file mode 100644
index 0000000..e20b730
--- /dev/null
+++ b/ops/firewall
@@ -0,0 +1,65 @@
+# vim:ft=sh:noexpandtab
+# Firewall configuration (iptables on linux)
+# TODO FreeBSD
+
+FIREWALL_PREFIX="./files/firewall/$(hostname)"
+
+firewall_check_common() {
+ if do_diff "./files/firewall/$2.conf" "/etc/conf.d/$2" \
+ "Firewall IPv$1 service config changes"; then
+ ops_require "ipv$1_config"
+ fi
+ if do_diff "$FIREWALL_PREFIX.ipv$1" "/etc/iptables/ipv$1" \
+ "Firewall IPv$1 changes"; then
+ ops_require "ipv$1"
+ fi
+}
+
+firewall_check() {
+ ops_set_current firewall
+ if ! ( which iptables && which ip6tables ) >/dev/null; then
+ echo_error "Firewall operation requires iptables and ip6tables."
+ return 0
+ fi
+
+ firewall_check_common 4 iptables
+ [ -n "$FIREWALL_NO_IPV6" ] && [ "$FIREWALL_NO_IPV6" = "true" ] || \
+ firewall_check_common 6 ip6tables
+
+ ops_required_any "Firewall" # return 1 fall trough
+}
+
+firewall_prepare() {
+ # We have nothing to do for prepare
+ true
+}
+
+firewall_apply_common() {
+ local RELOAD=false
+ if ops_is_required "ipv$1_config"; then
+ echo_trace "Updating $2 service config"
+ cp "./files/firewall/$2.conf" "/etc/conf.d/$2"
+ RELOAD=true
+ fi
+ if ops_is_required "ipv$1"; then
+ echo_trace "Updating ipv$1 tables"
+ mkdir -p /etc/iptables
+ cp "$FIREWALL_PREFIX.ipv$1" "/etc/iptables/ipv$1"
+ RELOAD=true
+ fi
+ if $RELOAD; then
+ echo_trace "Reloading service $2"
+ service "$2" reload
+ fi
+}
+
+firewall_apply() {
+ ops_set_current firewall
+ firewall_apply_common 4 iptables
+ firewall_apply_common 6 ip6tables
+}
+
+firewall_clean() {
+ # We have nothing to do for clean
+ true
+}
diff --git a/ops/multiconfig b/ops/multiconfig
new file mode 100644
index 0000000..cee4d78
--- /dev/null
+++ b/ops/multiconfig
@@ -0,0 +1,41 @@
+# vim:ft=sh:noexpandtab
+# Multiconfig system configuration
+
+# TODO setup cron
+# TODO configure sending email account
+# TODO configure keys
+# TODO setup root ssh key to access git repo
+
+MULTICONFIG_SCRIPT="./scripts/multiconfig.sh"
+MULTICONFIG_CRON_SCRIPT="./scripts/multiconfig-cron.sh"
+
+multiconfig_check() {
+ ops_set_current multiconfig
+
+ if do_diff "$MULTICONFIG_SCRIPT" "/usr/local/bin/multiconfig.sh" \
+ "Multiconfig script changes"; then
+ ops_require script
+ fi
+
+ if do_diff "$MULTICONFIG_CRON_SCRIPT" "/etc/cron.daily/multiconfig" \
+ "Multiconfig cron script changes"; then
+ ops_require cron
+ fi
+
+ ops_required_any "Multiconfig" # return 1 fall trough
+}
+
+multiconfig_prepare() {
+ # We have nothing to do for prepare
+ true
+}
+
+multiconfig_apply() {
+ ops_set_current multiconfig
+
+}
+
+multiconfig_clean() {
+ # We have nothing to do for clean
+ true
+}
diff --git a/ops/openvpn b/ops/openvpn
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/ops/openvpn
diff --git a/ops/wireguard b/ops/wireguard
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/ops/wireguard