diff options
Diffstat (limited to 'scripts')
-rwxr-xr-x | scripts/encrypt_file.sh | 12 | ||||
-rw-r--r-- | scripts/multiconfig-cron.sh | 2 | ||||
-rwxr-xr-x | scripts/multiconfig.sh | 73 | ||||
-rwxr-xr-x | scripts/setup.sh | 38 |
4 files changed, 125 insertions, 0 deletions
diff --git a/scripts/encrypt_file.sh b/scripts/encrypt_file.sh new file mode 100755 index 0000000..cee8c86 --- /dev/null +++ b/scripts/encrypt_file.sh @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +F="$(readlink -f "$1")" + +cd "$(dirname "$0")/.." + +TMP="$(mktemp)" +KEY="$(gpg2 --decrypt files/keys/primary.gpg)" + +PASS_ENC="$KEY" openssl aes-192-cbc -e -a -pass env:PASS_ENC -in "$F" -out "$TMP" +mv "$TMP" "$F" diff --git a/scripts/multiconfig-cron.sh b/scripts/multiconfig-cron.sh new file mode 100644 index 0000000..97bd82d --- /dev/null +++ b/scripts/multiconfig-cron.sh @@ -0,0 +1,2 @@ +#!/bin/sh +/usr/local/bin/multiconfig.sh --syslog -v -v diff --git a/scripts/multiconfig.sh b/scripts/multiconfig.sh new file mode 100755 index 0000000..1519e48 --- /dev/null +++ b/scripts/multiconfig.sh @@ -0,0 +1,73 @@ +#!/bin/sh +set -e + +ARGS="" +LOCAL=false +SYSLOG=false + +# TODO email notifications + +while [ $# -gt 0 ]; do + case "$1" in + -h|--help) + echo "Multiconfig system call script" + echo "Usage: multiconfig.sh [OPTION]..." + echo + echo "Options:" + echo "--local - Use current working directory as multiconfig source." + echo "--syslog - pipe output to syslog" + echo "Passed options:" + echo "--verbose - Make output more verbose" + echo "--quiet - Make output more quiet" + echo "--operation OPT - run only given operation" + exit 0 + ;; + --verbose|-v|--quiet|-q) + ARGS="$ARGS $1" + ;; + --operation|-o) + ARGS="$ARGS $1 $2" + shift + ;; + --local) + LOCAL=true + ;; + --syslog) + SYSLOG=true + ;; + esac + shift +done + +[ "$(id -u)" == 0 ] || { + echo "Please run this script only as root." + exit 1 +} + +PREFIX="/root/.multiconfig" + +# Check if we have key +if [ ! -f "$PREFIX/key" ]; then + echo "Key is not in expected path. Please setup this host for multiconfig." + exit 1 +fi + +# TODO check key access rights + +if ! $LOCAL; then + if [ -d "$PREFIX/repo" ]; then + true + # TODO git clone + fi + cd "$PREFIX/repo" + # Pull git repository + git fetch + git reset --hard origin/master + git clean -xdf +fi + +# TODO check repository signature + +CMD="./run.sh --key $PREFIX/key $ARGS" +# Run command +$CMD diff --git a/scripts/setup.sh b/scripts/setup.sh new file mode 100755 index 0000000..5ca4211 --- /dev/null +++ b/scripts/setup.sh @@ -0,0 +1,38 @@ +#!/bin/sh +set -e + +while [ $# -gt 0 ]; do + case "$1" in + -h|--help) + echo "Multiconfig system setup script" + echo "Usage: setup.sh" + exit 0 + ;; + esac + shift +done + +# Move to multiconfig root +cd "$(dirname "$(dirname "$(readlink -f "$1")")")" + +PREFIX="/root/.multiconfig" + +echo "Creating directory $PREFIX" +sudo mkdir -p "$PREFIX" + +# Manage new key +echo "Generating new key for this host" +KEY="$(tr -dc A-Za-z0-9_ < /dev/urandom | head -c 128 | xargs)" +sudo -- sh -c "echo -n '$KEY' > '$PREFIX/key'" +# TODO setup access rights + +echo -n "$KEY" > wkey +FKEY="files/keys/$(hostname)" +echo "Writing key to repository" +gpg2 --decrypt files/keys/primary.gpg | \ + openssl aes-192-cbc -e -a -kfile wkey -out "$FKEY" +rm -f wkey +echo "Don't forget to add key to git!" + +# Deploy multiconfig script +sudo cp scripts/multiconfig.sh /usr/local/bin/multiconfig.sh |