fatalerrors/init.sh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: fatalerrors:7542fba94e3f6d4f3646a0e2e3e95efa6ee39c8f
Branches Tags
fatalerrors:master
..
compare: fatalerrors:master
Branches Tags
fatalerrors:master

85 Commits
7542fba94e ... master

Author SHA1 Message Date
fatalerrors
a229263c25 reconfigure arayat 2025-10-30 15:56:40 +01:00
fatalerrors
6865b4f967 fix download file name 2025-10-30 15:56:40 +01:00
fatalerrors
cbea670dd8 conf update 2025-10-18 10:58:39 +02:00
fatalerrors
cf76b4e7c3 typos 2025-10-16 18:05:27 +02:00
fatalerrors
900801e27c remove way too long ago obsolete file 2025-10-16 16:09:05 +02:00
fatalerrors
f7bdab1bdb created var management lib, embryo removed from filefct lib 2025-10-16 15:36:35 +02:00
fatalerrors
1132d20796 detect mk version if latest not provided, install xinetd before agent where required 2025-10-16 15:28:46 +02:00
root
cf631ea9a3 adapted to devuan excalibur 2025-10-02 21:33:32 +02:00
fatalerrors
8985f3114f added new debian/devuan versions 2025-10-02 19:38:30 +02:00
fatalerrors
aea656675b add output, made some command verbose 2025-09-25 22:37:58 +02:00
fatalerrors
fdce8fd76d typo 2025-09-25 22:24:23 +02:00
fatalerrors
f2e3d3e3b9 latest not provided, back to fixed version 2025-09-25 22:22:18 +02:00
fatalerrors
6343d4185d premature ip change 2025-09-25 22:16:14 +02:00
fatalerrors
717b240d02 fix ceph mount point creation 2025-09-25 22:13:30 +02:00
fatalerrors
3e4ac11d5b fix typo 2025-09-25 22:02:48 +02:00
fatalerrors
5dfcfb383a typo 2025-09-25 22:01:51 +02:00
fatalerrors
1251ae519f fix comment 2025-09-25 21:55:38 +02:00
fatalerrors
7c5f280039 test over 2025-09-25 21:55:06 +02:00
fatalerrors
6538bb0305 test 2025-09-25 21:44:15 +02:00
fatalerrors
59acdb2ac8 typo 2025-09-25 21:37:32 +02:00
fatalerrors
e3714fb61d conf updated 2025-09-25 21:36:24 +02:00
fatalerrors
850831f51c restart network will have better success 2025-09-25 21:35:59 +02:00
fatalerrors
57cf93ac41 rework conf_ntp module 2025-09-25 20:44:35 +02:00
fatalerrors
e32501537d fusion commit 2025-09-25 20:42:59 +02:00
fatalerrors
b894c793c1 fix variable name 2025-09-25 10:54:18 +02:00
fatalerrors
7e8b3fb656 fix typo 2025-09-24 18:37:27 +02:00
fatalerrors
a05f3b25ab depends on ceph to install ceph... 2025-09-24 18:05:23 +02:00
fatalerrors
624b8d4c6e revert redirection change, change approach 2025-09-24 18:01:27 +02:00
fatalerrors
da53bfd721 version bump 2025-09-24 17:24:55 +02:00
fatalerrors
834cb9d307 prnt now output to STDERR allowing printing in functions returning results on STDOUT 2025-09-24 17:23:22 +02:00
fatalerrors
90be985777 fixed error on file detection 2025-09-24 17:00:56 +02:00
fatalerrors
ccc973c5ef check secret availability before run 2025-09-24 16:51:25 +02:00
fatalerrors
9803c4b312 added secrets availability checks 2025-09-24 16:50:42 +02:00
fatalerrors
a3b69a7c88 updated README file 2025-09-24 15:41:04 +02:00
fatalerrors
1e277ac209 fixed secret lib 2025-09-24 15:40:29 +02:00
fatalerrors
a02cb3b3bd prepare for rework, in near future, typo 2025-09-24 15:17:14 +02:00
fatalerrors
1d45ceec9b fix typo, minor optimisation, identation fix 2025-09-24 12:32:00 +02:00
fatalerrors
453c2d84f7 conf change 2025-09-24 12:23:38 +02:00
fatalerrors
af0d6c51a8 updated conf to new version of ceph module 2025-09-24 12:20:17 +02:00
fatalerrors
5ae7fd861b optimisation and correction 2025-09-24 12:08:09 +02:00
fatalerrors
34c917d2d2 use fetch_secret for ceph secret 2025-09-22 18:37:42 +02:00
fatalerrors
1a23968a9d updated gl.conf to new checkmk module 2025-09-22 18:35:37 +02:00
fatalerrors
dab7132d31 reworked the checkmk module 2025-09-22 18:34:48 +02:00
fatalerrors
d292e0e486 added secret management lib 2025-09-22 18:33:55 +02:00
fatalerrors
10e2150353 updated ntp.conf to modern ntpsec serveur 2025-09-19 15:31:29 +02:00
fatalerrors
9144f48000 adapt to modern ntp.conf file used by ntpsec 2025-09-16 12:10:30 +02:00
fatalerrors
a0889fe3ee add ntpsec specific configuration 2025-09-16 12:06:13 +02:00
fatalerrors
40b4428ebc first shot of Ceph rework 2025-08-11 20:04:58 +02:00
fatalerrors
bb53e99894 made user manipulation functions usable for a list of users 2025-08-11 20:03:46 +02:00
fatalerrors
7319aec087 moved user manipulation functions in lib 2025-08-11 20:02:42 +02:00
root
450c74e1b1 conf: added nisyros 2025-04-24 22:17:52 +02:00
fatalerrors
c4d891bdf9 conf update 2 2025-03-25 12:16:25 +01:00
fatalerrors
63bd14a221 conf update 2025-03-25 11:20:37 +01:00
fatalerrors
84a90cefaa Updated copyright info, added separators and missing exports 2024-11-01 22:25:15 +01:00
fatalerrors
ee28727313 Merge branch 'master' of https://git.geoffray-levasseur.org/fatalerrors/init.sh 2024-10-23 20:09:05 +02:00
fatalerrors
dfb05f40fd fix bug when giving config file through command line 2024-10-23 20:07:50 +02:00
fatalerrors
c258e698ab added proxy cleanup before changing it 2024-10-23 20:02:08 +02:00
fatalerrors
81d7f68a19 cleaned debian and devuan repository mess 2024-09-20 19:05:29 +02:00
fatalerrors
7ed72e1c70 long ago, upgrade_dist was required, not any more some module unmaintained marked obsolete 2024-09-20 18:53:56 +02:00
fatalerrors
b244ad8ef3 fixed conf on latukan 2024-09-20 18:08:47 +02:00
fatalerrors
66dd6f2843 updated check_mk version 2024-09-20 17:04:06 +02:00
fatalerrors
574b57001e bugfix on install_mkagent and patch_snmp 2024-09-20 16:38:26 +02:00
fatalerrors
092dd214c1 latukan conf change 2024-09-20 16:36:58 +02:00
fatalerrors
ba112e9ed9 some checkmk installation adjustment 2024-02-06 11:48:22 +01:00
fatalerrors
e207168ae7 configuration changes 2024-02-06 11:47:46 +01:00
fatalerrors
a23fb505b3 fixed module list 2024-02-04 19:04:38 +01:00
fatalerrors
8de818a3d0 updated mk agent version 2024-02-04 18:46:57 +01:00
root
15ac387271 removed sysbench, do not uninstall xauth, too dangerous on some confs 2024-01-30 10:37:32 +01:00
fatalerrors
cc76af7367 added new server 2024-01-23 01:08:10 +01:00
fatalerrors
57a92bf640 add support for check_mk >= 2.1 with registration 2023-10-27 22:46:11 +02:00
fatalerrors
89fcbd4f05 remove debug 2023-10-23 00:40:28 +02:00
fatalerrors
3fb06c257c implemented realm detection and improved configuration files loading 2023-10-23 00:00:27 +02:00
fatalerrors
7464ad6555 moved conf file in their realm directory 2023-10-22 23:09:10 +02:00
fatalerrors
cbf2117266 fix nfs_opts default application 2023-10-22 21:22:22 +02:00
root
6e1344691d add ca-certificates to package base 2023-10-20 19:34:55 +02:00
Geoffray Levasseur
c95af2a1e3 fix typo and conflict 2023-10-06 11:01:55 +02:00
fatalerrors
0eba77e3d5 hardening code and moved stage file removal later 2023-09-08 20:16:35 +02:00
root
264537e9ea removed obsolete profile file 2023-09-08 20:11:52 +02:00
Geoffray Levasseur
cd35f52509 improved code quality, few bug fixes 2023-08-02 11:36:01 +02:00
fatalerrors
e16ce485f9 fix chaotic codium tabs management 2023-05-16 11:05:20 +02:00
fatalerrors
2293fdde90 pkgsel.base.conf.sh: removed duplicate "whois" in list 2023-05-16 10:57:42 +02:00
fatalerrors
e56dadbc2b conf_nfs: modernised code, added possibility to pass mount options 2023-05-16 10:55:36 +02:00
fatalerrors
90e603be0c moved stage file deletion so resume can be used after using --shell or --check-only options 2023-05-16 10:52:56 +02:00
fatalerrors
e5429bee9d prepare check_mk agents upgrade 2023-05-10 19:43:36 +02:00
fatalerrors
dd1d97e625 conf change 2023-05-05 20:37:36 +02:00
104 changed files with 1805 additions and 1673 deletions
Expand all files Collapse all files

10
README.md
View File

@@ -326,6 +326,14 @@ The following table is giving a list of error codes with explanation:
| 16 | Invalid options provided with cron mode activated |
| 17 | Missing or invalid status file, can't resume |
| 18 | Module file don't exists or is empty |
| 20 | Ambigous realm with autodetection |
| 21 | Unconsistant directory structure with configured realm |
| 22 | Required secret management software missing |
| 23 | Secret key not found in secret database |
| 24 | File is not readable |
| 25 | Needed variable not set or not declared |
| 26 | Secret reference missing or malformed |
| 27 | Unknown secret reference |
| 50..100 | Error in module execution |
| 126 | Command exists but is not executable |
| 127 | Command not found |
@@ -392,7 +400,7 @@ You can mail author to fatalerrors \<at\> geoffray-levasseur \<dot\> org.
-----------------------------------------------------------------------------
Documentation (c) 2019-2022 Geoffray Levasseur.
Documentation (c) 2019-2025 Geoffray Levasseur.
This file is distributed under3-clause BSD license. The complete license
agreement can be obtained at: https://opensource.org/licenses/BSD-3-Clause

4
README.txt
View File

@@ -1,4 +0,0 @@
This is deployment scripts for LEGOS git repository created on 2021-05-31-11:31:04
An english version for general purpose is available at https://www.geoffray-levasseur.org/init
Check README.md for details.

4
conf/auto/debian-12.conf.sh Normal file
View File

@@ -0,0 +1,4 @@
# Check debian.conf file for general declaration
# This is specific for version 12
export NTP_SERV=ntpsec

6
conf/auto/debian-13.conf.sh Normal file
View File

@@ -0,0 +1,6 @@
# Check debian.conf file for general declaration
# This is specific for version 13
export NTP_SERV=ntpsec
export SOURCE_EXT=source
export NO_MAIN_SOURCE=true

3
conf/auto/debian.conf.sh
View File

@@ -19,6 +19,9 @@ export COM_AUTOREM="autoremove --purge -y"
# This is not used by init.sh
export DEBIAN_FRONTEND=noninteractive
# Configure how apt behave regarding source.list files
export NO_MAIN_SOURCE=false
# Conf chemin
export RC_SCRIPTS_PATH="/etc/init.d"

2
conf/auto/devuan-5.conf.sh
View File

@@ -1,2 +1,4 @@
# Check devuan.conf file for general declaration
# This is specific for version 5
export NTP_SERV=ntpsec

4
conf/auto/devuan-6.conf.sh Normal file
View File

@@ -0,0 +1,4 @@
# Check devuan.conf file for general declaration
# This is specific for version 6
export NTP_SERV=ntpsec

2
conf/auto/devuan.conf.sh
View File

@@ -11,8 +11,10 @@
. $MYPATH/conf/auto/debian.conf.sh
# Except init system :
# Note that as Devuan allow also Runit, we should be able to detect correct init system.
# Init SystemV ou OpenRC:
export INIT_COM="$RC_SCRIPTS_PATH/%srv% %com%"
# Init Systemd:
#export INIT_COM="systemctl %comm% %srv%"
# Init Upstart (plus ou moins universel)

0
conf/apagado.conf.sh → conf/e-3s.lan/apagado.conf.sh
View File

0
conf/sokol.conf.sh → conf/e-3s.lan/sokol.conf.sh
View File

0
conf/apo.conf.sh → conf/geoffray-levasseur.org/apo.conf.sh
View File

6
conf/arayat.conf.sh → conf/geoffray-levasseur.org/arayat.conf.sh
View File

@@ -41,10 +41,10 @@ NET4_NS_eth0="192.168.1.205 192.168.1.206"
NET4_NS_SEARCH_eth0=$REALM
NET4_MODE_eth1="static"
NET4_IP_eth1="192.168.74.220/24"
NET4_IP_eth1="192.168.74.100/24"
NET4_MODE_eth2="static"
NET4_IP_eth2="10.0.254.220/16"
NET4_IP_eth2="10.42.250.100/16"
IPV6_IFACES="eth0 eth1"
@@ -63,7 +63,7 @@ NET6_IP_eth1="2a03:7220:8081:b34a::dc/64"
INTALL_MODE=full
# Paquets additionnels
PKGSEL="$PKGSEL iptables fail2ban curl"
PKGSEL="$PKGSEL iptables curl"
# ------------------------------------------------------------------------------
# -------------------------- Section modules d'init ----------------------------

73
conf/geoffray-levasseur.org/balut.conf.sh Normal file
View File

@@ -0,0 +1,73 @@
# Fichier de configuration principal
# ------------------------------------------------------------------------------
# -------------------- Importation de paramêtres globaux -----------------------
# ------------------------------------------------------------------------------
# Importe les paramètres geoffray-levasseur.org
. $MYPATH/conf/includes/gl.conf.sh
# Importe la sélection de paquets par défaut
. $MYPATH/conf/includes/pkgsel.base.conf.sh
# Les paramètres précédemment importés sont surchargeable après cette ligne
# ------------------------------------------------------------------------------
# ------------------------------ General Section -------------------------------
# ------------------------------------------------------------------------------
# User of the machine (must exists)
MAINUSER=root
# Pilotes X11 non libre à installer ?
#X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
# Authentication: use LDAP+Kerberos ?
WITH_LDAP_KERB=no
# Users to create, add or remove
REMOVE_USERS=fatal
# Network
IPV4_IFACES="eth0 eth1 eth2"
NET4_MODE_eth0="static"
NET4_IP_eth0="192.168.1.221/24"
NET4_GW_eth0="192.168.1.231"
NET4_NS_eth0="192.168.1.206 192.168.1.205"
NET4_NS_SEARCH_eth0=$REALM
NET4_MODE_eth1="static"
NET4_IP_eth1="192.168.74.221/24"
NET4_MODE_eth2="static"
NET4_IP_eth2="10.0.254.221/16"
IPV6_IFACES="eth0 eth1"
NET6_MODE_eth0="static"
NET6_IP_eth0="2a03:7220:8081:b301::dd/64"
NET6_GW_eth0="2a03:7220:8081:b301::e7"
NET6_NS_eth0="2a03:7220:8081:b301::ce 2a03:7220:8081:b301::cd"
NET6_NS_SEARCH_eth0=$REALM
NET6_MODE_eth1="static"
NET6_IP_eth1="2a03:7220:8081:b34a::dd/64"
# Mode d'installation :
# * dev : installe les paquets un par un avec apt (lent)
# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
INTALL_MODE=full
# Paquets additionnels
PKGSEL="$PKGSEL iptables fail2ban curl"
# ------------------------------------------------------------------------------
# -------------------------- Section modules d'init ----------------------------
# ------------------------------------------------------------------------------
# Liste des modules à executer (surchargeable en ligne de commande)
MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
conf_mail install_pkg install_profile patch_snmp install_mkagent \
conf_syslog conf_network"

71
conf/geoffray-levasseur.org/banahaw.conf.sh Normal file
View File

@@ -0,0 +1,71 @@
# Fichier de configuration principal
# ------------------------------------------------------------------------------
# -------------------- Importation de paramêtres globaux -----------------------
# ------------------------------------------------------------------------------
# Importe les paramètres geoffray-levasseur.org
. $MYPATH/conf/includes/gl.conf.sh
# Importe la sélection de paquets par défaut
. $MYPATH/conf/includes/pkgsel.base.conf.sh
# Les paramètres précédemment importés sont surchargeable après cette ligne
# ------------------------------------------------------------------------------
# ------------------------------ General Section -------------------------------
# ------------------------------------------------------------------------------
# User of the machine (must exists)
MAINUSER=root
# Pilotes X11 non libre à installer ?
#X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
# Authentication: use LDAP+Kerberos ?
WITH_LDAP_KERB=no
# Users to create, add or remove
REMOVE_USERS=fatal
# Network
IPV4_IFACES="eth0 eth1"
NET4_MODE_eth0="static"
NET4_IP_eth0="192.168.1.201/24"
NET4_GW_eth0="192.168.1.230"
NET4_NS_eth0="192.168.1.205 192.168.1.206"
NET4_NS_SEARCH_eth0=$REALM
NET4_MODE_eth1="static"
NET4_IP_eth1="10.42.0.201/16"
IPV6_IFACES=""
#NET6_MODE_eth0="static"
#NET6_IP_eth0="2a03:7220:8081:b301::dd/64"
#NET6_GW_eth0="2a03:7220:8081:b301::e7"
#NET6_NS_eth0="2a03:7220:8081:b301::ce 2a03:7220:8081:b301::cd"
#NET6_NS_SEARCH_eth0=$REALM
#NET6_MODE_eth1="static"
#NET6_IP_eth1="2a03:7220:8081:b34a::dd/64"
# Mode d'installation :
# * dev : installe les paquets un par un avec apt (lent)
# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
INTALL_MODE=full
# Paquets additionnels
PKGSEL="$PKGSEL time traceroute apache2 graphviz php smbclient poppler-utils \
php-cgi php-cli php-gd php-sqlite3 php-pear rsync"
# ------------------------------------------------------------------------------
# -------------------------- Section modules d'init ----------------------------
# ------------------------------------------------------------------------------
# Liste des modules à executer (surchargeable en ligne de commande)
MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
conf_mail install_pkg install_profile patch_snmp install_mkagent \
conf_syslog conf_network"

74
conf/geoffray-levasseur.org/biliran.conf.sh Normal file
View File

@@ -0,0 +1,74 @@
# Fichier de configuration principal
# ------------------------------------------------------------------------------
# -------------------- Importation de paramêtres globaux -----------------------
# ------------------------------------------------------------------------------
# Importe les paramètres geoffray-levasseur.org
. $MYPATH/conf/includes/gl.conf.sh
# Importe la sélection de paquets par défaut
. $MYPATH/conf/includes/pkgsel.base.conf.sh
# Les paramètres précédemment importés sont surchargeable après cette ligne
# ------------------------------------------------------------------------------
# ------------------------------ General Section -------------------------------
# ------------------------------------------------------------------------------
# User of the machine (must exists)
MAINUSER=root
# Pilotes X11 non libre à installer ?
#X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
# Authentication: use LDAP+Kerberos ?
WITH_LDAP_KERB=no
# Users to create, add or remove
#LOCAL_USERS="$MAINUSER"
#REMOTE_USERS="kroot"
REMOVE_USERS=fatal
# Network
IPV4_IFACES="eth0 eth1 eth2"
NET4_MODE_eth0="static"
NET4_IP_eth0="192.168.1.202/24"
NET4_GW_eth0="192.168.1.230"
NET4_NS_eth0="192.168.1.205 192.168.1.206"
NET4_NS_SEARCH_eth0=$REALM
NET4_MODE_eth1="static"
NET4_IP_eth1="192.168.74.220/24"
NET4_MODE_eth2="static"
NET4_IP_eth2="10.42.250.220/16"
IPV6_IFACES=""
NET6_MODE_eth0="static"
NET6_IP_eth0="2a03:7220:8081:b301::cd/64"
NET6_GW_eth0="2a03:7220:8081:b301::e6"
NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
NET6_NS_SEARCH_eth0=$REALM
NET6_MODE_eth1="static"
NET6_IP_eth1="2a03:7220:8081:b34a::ce/64"
# Mode d'installation :
# * dev : installe les paquets un par un avec apt (lent)
# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
INTALL_MODE=full
# Paquets additionnels
PKGSEL="$PKGSEL"
# ------------------------------------------------------------------------------
# -------------------------- Section modules d'init ----------------------------
# ------------------------------------------------------------------------------
# Liste des modules à executer (surchargeable en ligne de commande)
MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
conf_mail install_pkg install_profile patch_snmp install_mkagent \
conf_syslog conf_network"

0
conf/cagua.conf.sh → conf/geoffray-levasseur.org/cagua.conf.sh
View File

0
conf/didicas.conf.sh → conf/geoffray-levasseur.org/didicas.conf.sh
View File

22
conf/labo.conf.sh → conf/geoffray-levasseur.org/labo.conf.sh
View File

@@ -26,12 +26,10 @@ MAINUSER=root
WITH_LDAP_KERB=no
# Users to create, add or remove
#LOCAL_USERS="$MAINUSER"
#REMOTE_USERS="kroot"
REMOVE_USERS="fatal"
# Network
IPV4_IFACES="eth0 eth1 eth2"
IPV4_IFACES="eth0 eth1"
NET4_MODE_eth0="static"
NET4_IP_eth0="192.168.1.207/24"
@@ -40,15 +38,15 @@ NET4_NS_eth0="192.168.1.205 192.168.1.206"
NET4_NS_SEARCH_eth0=$REALM
NET4_MODE_eth1="static"
NET4_IP_eth1="10.0.254.207/16"
NET4_IP_eth1="10.42.250.180/16"
IPV6_IFACES="eth0"
IPV6_IFACES=""
NET6_MODE_eth0="static"
NET6_IP_eth0="2a03:7220:8081:b301::cf/64"
NET6_GW_eth0="2a03:7220:8081:b301::e6"
NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
NET6_NS_SEARCH_eth0=$REALM
#NET6_MODE_eth0="static"
#NET6_IP_eth0="2a03:7220:8081:b301::cf/64"
#NET6_GW_eth0="2a03:7220:8081:b301::e6"
#NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
#NET6_NS_SEARCH_eth0=$REALM
# Mode d'installation :
# * dev : installe les paquets un par un avec apt (lent)
@@ -56,7 +54,7 @@ NET6_NS_SEARCH_eth0=$REALM
INTALL_MODE=full
# Paquets additionnels
PKGSEL="$PKGSEL nsd"
PKGSEL="$PKGSEL nsd ldnsutils haveged"
# ------------------------------------------------------------------------------
# -------------------------- Section modules d'init ----------------------------
@@ -64,5 +62,5 @@ PKGSEL="$PKGSEL nsd"
# Liste des modules à executer (surchargeable en ligne de commande)
MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
conf_mail install_pkg install_profile patch_snmp install_mkagent \
conf_mail install_pkg install_profile patch_snmp \
conf_syslog conf_network"

9
conf/latukan.conf.sh → conf/geoffray-levasseur.org/latukan.conf.sh
View File

@@ -31,7 +31,7 @@ WITH_LDAP_KERB=no
REMOVE_USERS=
# Network
IPV4_IFACES="ens18 ens19"
IPV4_IFACES="eth0 eth1"
NET4_MODE_eth0="static"
NET4_IP_eth0="192.168.1.235/24"
@@ -40,20 +40,21 @@ NET4_NS_eth0="192.168.1.205 192.168.1.206"
NET4_NS_SEARCH_eth0=$REALM
NET4_MODE_eth1="static"
NET4_IP_eth1="10.0.254.235/16"
NET4_IP_eth1="10.42.250.30/24"
IPV6_IFACES="eth0"
NET6_MODE_eth0="static"
NET6_IP_eth0="2a03:7220:8081:b301::eb/64"
NET6_IP_eth0="2a03:7220:8081:b301::1e/64"
NET6_GW_eth0="2a03:7220:8081:b301::e7"
NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
NET6_NS_SEARCH_eth0=$REALM
# Gestionnaire de paquet :
# Mode d'installation :
# * dev : installe les paquets un par un avec apt (lent)
# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
NO_MAIN_SOURCE=false
INTALL_MODE=full
# Paquets additionnels

21
conf/mariveles.conf.sh → conf/geoffray-levasseur.org/mariveles.conf.sh
View File

@@ -26,37 +26,24 @@ MAINUSER=root
WITH_LDAP_KERB=no
# Users to create, add or remove
#LOCAL_USERS="$MAINUSER"
#REMOTE_USERS="kroot"
REMOVE_USERS=fatal
# Network
IPV4_IFACES="eth0"
IPV4_IFACES="eth0 "
NET4_MODE_eth0="static"
NET4_IP_eth0="192.168.1.241/24"
NET4_GW_eth0="192.168.1.230"
NET4_NS_eth0="192.168.1.205 192.168.1.206"
NET4_GW_eth0="192.168.1.232"
NET4_NS_eth0="192.168.1.202 192.168.1.206"
NET4_NS_SEARCH_eth0=$REALM
NET4_MODE_eth1="static"
NET4_IP_eth1="10.0.254.241/16"
IPV6_IFACES="eth0"
NET6_MODE_eth0="static"
NET6_IP_eth0="2a03:7220:8081:b301::f1/64"
NET6_GW_eth0="2a03:7220:8081:b301::e6"
NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
NET6_NS_SEARCH_eth0=$REALM
# Mode d'installation :
# * dev : installe les paquets un par un avec apt (lent)
# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
INTALL_MODE=full
# Paquets additionnels
PKGSEL="$PKGSEL cups printer-driver-hpcups printer-driver-postscript-hp hplip avahi-daemon printer-driver-gutenprint cups-browsed policykit-1"
PKGSEL="$PKGSEL qbittorrent xhost falkon"
# ------------------------------------------------------------------------------
# -------------------------- Section modules d'init ----------------------------

6
conf/natib.conf.sh → conf/geoffray-levasseur.org/natib.conf.sh
View File

@@ -40,9 +40,9 @@ NET4_NS_eth0="192.168.1.206 192.168.1.205"
NET4_NS_SEARCH_eth0=$REALM
NET4_MODE_eth1="static"
NET4_IP_eth1="10.0.254.208/16"
NET4_IP_eth1="10.42.0.208/16"
IPV6_IFACES="eth0"
IPV6_IFACES=""
NET6_MODE_eth0="static"
NET6_IP_eth0="2a03:7220:8081:b301::d0/64"
@@ -56,7 +56,7 @@ NET6_NS_SEARCH_eth0=$REALM
INTALL_MODE=full
# Paquets additionnels
PKGSEL="$PKGSEL nsd"
PKGSEL="$PKGSEL nsd ldnsutils haveged"
# ------------------------------------------------------------------------------
# -------------------------- Section modules d'init ----------------------------

0
conf/panay.conf.sh → conf/geoffray-levasseur.org/panay.conf.sh
View File

0
conf/silay.conf.sh → conf/geoffray-levasseur.org/silay.conf.sh
View File

15
conf/includes/gl.conf.sh
View File

@@ -19,22 +19,27 @@ export REMOVE_USERS="fatal"
export NTP_SERVERS="didicas.$REALM cagua.$REALM"
# Ceph share
export CEPH_SRV_NAMES="mayon pinatubo ragang taal jolo"
export CEPH_SRV_NAMES="mayon pinatubo ragang taal"
export CEPHIP_mayon="192.168.1.254"
export CEPHIP_pinatubo="192.168.1.253"
export CEPHIP_ragang="192.168.1.252"
export CEPHIP_taal="192.168.1.251"
export CEPHIP_jolo="192.168.1.30"
export CEPH_SECRET="AQAxSf5c2A/CMxAAnOu1RrSf7Yr2h60CLttq4g=="
export CEPH_SECRET="file:/tmp/ceph_secret"
export CEPH_MOUNTS="datastore mediastore"
export CEPH_MP_datastore="/srv/ceph"
export CEPH_MP_mediastore="/srv/media"
export SHARED_HOME="false"
# SSH
export SSHD_PERMITROOT_RANGE="192.168.1.0/24"
# Check MK
export MK_VERSION="2.0.0p20-1"
export MK_URL="https://nagios.geoffray-levasseur.org/check_mk/check_mk/agents/check-mk-agent_${MK_VERSION}_all.deb"
#export MK_VERSION="2.4.0p12-1" #shoud be autodetected now
export MK_SERVER_IP="192.168.1.201"
export MK_SITE="check_mk"
export MK_URL="http://$MK_SERVER_IP/$MK_SITE/check_mk/agents/check-mk-agent_latest_all.deb"
export MK_SECRET="file:/share/services/gestparc/mk_secret"
export MK_USER="cmk-agent"
# Samba
export SMBSRV="silay.$REALM"

6
conf/includes/mam.conf.sh
View File

@@ -41,9 +41,9 @@ export MOUNTPOINT_data="/data"
export SSHD_PERMITROOT_RANGE="10.254.1.0/24"
# Check MK
export MK_VERSION="2.0.0p20-1"
export MK_URL="https://cmk.mixart-myrys.org/cmk/check_mk/agents/check-mk-agent_${MK_VERSION}_all.deb"
export MK_SERVER_IP="10.254.1.65"
export MK_VERSION="2.2.0p21-1"
export MK_URL="http://192.168.1.201/check_mk/check_mk/agents/check-mk-agent_${MK_VERSION}_all.deb"
export MK_SERVER_IP="192.168.1.201"
# Syslog
export SYSLOG_SRV="syslog.$REALM"

10
conf/includes/pkgsel.base.conf.sh
View File

@@ -1,19 +1,19 @@
# List of package to install - Minimal server
# Packages to remove after installation
export PKGS_RMLIST="apparmor laptop-detect resolvconf snapd xauth wamerican chafa"
export PKGS_RMLIST="apparmor laptop-detect resolvconf snapd wamerican chafa"
# Packages where installation is forbidden
export PKGS_BLACKLIST="apparmor resolvconf chafa snapd"
# Base
export PKGS_BASE="debconf-utils debhelper deborphan ethtool cpufrequtils \
export PKGS_BASE="debconf-utils debhelper ethtool \
curl hwinfo lm-sensors libatasmart-bin lsscsi pciutils vim emacs-nox \
mailutils htop lsof ltrace strace bash-completion host dnsutils \
sysbench sysstat ifstat iftop iotop mtr-tiny tcpdump mc pbzip2 pigz \
sysstat ifstat iftop iotop mtr-tiny tcpdump mc pbzip2 pigz \
xz-utils zip unzip plzip lzip ftp lftp bc dc dos2unix psmisc udunits-bin \
whois tmux screen debconf-doc dump figlet gawk gpm multitail neofetch nmap \
oping pv whois traceroute rsync tree git qemu-guest-agent"
whois tmux screen debconf-doc dump figlet gawk multitail fastfetch nmap \
oping pv traceroute rsync tree git qemu-guest-agent ca-certificates"
# Agregation of the package lists
export PKGSEL="$PKGS_BASE"

4
conf/includes/tetalab.conf.sh
View File

@@ -6,8 +6,8 @@ export REALM="tetalab.local"
export NTP_SERVERS="ntp1.$REALM"
# Upgrade_dist variables
#export PROXYAPT="acng.$REALM"
#export PROXYAPTPORT="3142"
export PROXYAPT="acng.$REALM"
export PROXYAPTPORT="3142"
# Authnz variables
export DEFAULT_SHELL="/bin/bash"

0
conf/amak.conf.sh → conf/mixart-myrys.org/amak.conf.sh
View File

0
conf/amukta.conf.sh → conf/mixart-myrys.org/amukta.conf.sh
View File

0
conf/augustine.conf.sh → conf/mixart-myrys.org/augustine.conf.sh
View File

0
conf/carlisle.conf.sh → conf/mixart-myrys.org/carlisle.conf.sh
View File

0
conf/dana.conf.sh → conf/mixart-myrys.org/dana.conf.sh
View File

0
conf/fuji.conf.sh → conf/mixart-myrys.org/fuji.conf.sh
View File

0
conf/gilbert.conf.sh → conf/mixart-myrys.org/gilbert.conf.sh
View File

0
conf/kanaga.conf.sh → conf/mixart-myrys.org/kanaga.conf.sh
View File

0
conf/katmai.conf.sh → conf/mixart-myrys.org/katmai.conf.sh
View File

0
conf/kiska.conf.sh → conf/mixart-myrys.org/kiska.conf.sh
View File

62
conf/mixart-myrys.org/kronotsky.conf.sh Normal file
View File

@@ -0,0 +1,62 @@
# Fichier de configuration principal
# ------------------------------------------------------------------------------
# -------------------- Importation de paramêtres globaux -----------------------
# ------------------------------------------------------------------------------
# Importe les paramètres geoffray-levasseur.org
. $MYPATH/conf/includes/mam.conf.sh
# Importe la sélection de paquets par défaut
. $MYPATH/conf/includes/pkgsel.base.conf.sh
# Les paramètres précédemment importés sont surchargeable après cette ligne
# ------------------------------------------------------------------------------
# ------------------------------ General Section -------------------------------
# ------------------------------------------------------------------------------
# User of the machine (must exists)
MAINUSER=root
# Authentication: use LDAP+Kerberos ?
WITH_LDAP_KERB=no
# Users to create, add or remove
#REMOVE_USERS=fatal
# Network
IPV4_IFACES="eth0 eth1"
NET4_MODE_eth0="static"
NET4_IP_eth0="10.254.1.20/24"
NET4_MODE_eth1="static"
NET4_IP_eth1="10.0.254.20/16"
NET4_GW_eth1="10.0.254.254"
NET4_NS_eth1="10.0.254.250"
NET4_NS_SEARCH_eth1=$REALM
#IPV6_IFACES="eth0"
NET6_MODE_eth0="static"
NET6_IP_eth0="2a03:7220:8085:6b01::a/64"
NET6_GW_eth0="2a03:7220:8085:6b01::1"
NET6_NS_eth0="2a03:7220:8085:6b01::a"
NET6_NS_SEARCH_eth0=$REALM
# Mode d'installation :
# * dev : installe les paquets un par un avec apt (lent)
# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
INTALL_MODE=full
# Paquets additionnels
PKGSEL="$PKGSEL"
# ------------------------------------------------------------------------------
# -------------------------- Section modules d'init ----------------------------
# ------------------------------------------------------------------------------
# Liste des modules à executer (surchargeable en ligne de commande)
MODULE_LIST="conf_ntp upgrade_dist authnz conf_locale conf_ssh conf_syslog \
install_pkg install_profile conf_network conf_nfs"

0
conf/mageik.conf.sh → conf/mixart-myrys.org/mageik.conf.sh
View File

0
conf/okmok.conf.sh → conf/mixart-myrys.org/okmok.conf.sh
View File

0
conf/ontake.conf.sh → conf/mixart-myrys.org/ontake.conf.sh
View File

0
conf/seguam.conf.sh → conf/mixart-myrys.org/seguam.conf.sh
View File

0
conf/segula.conf.sh → conf/mixart-myrys.org/segula.conf.sh
View File

0
conf/spurr.conf.sh → conf/mixart-myrys.org/spurr.conf.sh
View File

0
conf/trident.conf.sh → conf/mixart-myrys.org/trident.conf.sh
View File

46
conf/pcp-e3s.conf.sh Normal file
View File

@@ -0,0 +1,46 @@
# Fichier de configuration principal
# ------------------------------------------------------------------------------
# -------------------- Importation de paramêtres globaux -----------------------
# ------------------------------------------------------------------------------
# Importe les paramètres pour le lan E-3S
. $MYPATH/conf/includes/e3s.conf.sh
# Importe la sélection de paquets par défaut
. $MYPATH/conf/includes/pkgsel.base.conf.sh
# Les paramètres précédemment importés sont surchargeable après cette ligne
# ------------------------------------------------------------------------------
# ------------------------------ General Section -------------------------------
# ------------------------------------------------------------------------------
# User of the machine (must exists)
MAINUSER=root
# Authentication: use LDAP+Kerberos ?
WITH_LDAP_KERB=no
# Network
IPV4_IFACES="ens192"
NET4_MODE_ens192="dhcp"
IPV6_IFACES=""
# Mode d'installation :
# * dev : installe les paquets un par un avec apt (lent)
# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
INTALL_MODE=full
# Paquets additionnels
PKGSEL="$PKGSEL"
# ------------------------------------------------------------------------------
# -------------------------- Section modules d'init ----------------------------
# ------------------------------------------------------------------------------
# Liste des modules à executer (surchargeable en ligne de commande)
MODULE_LIST="conf_ntp upgrade_dist conf_locale conf_ssh \
install_pkg install_profile"

0
conf/croscat.conf.sh → conf/tetalab.local/croscat.conf.sh
View File

0
conf/etna.conf.sh → conf/tetalab.local/etna.conf.sh
View File

0
conf/ischia.conf.sh → conf/tetalab.local/ischia.conf.sh
View File

0
conf/kos.conf.sh → conf/tetalab.local/kos.conf.sh
View File

0
conf/milos.conf.sh → conf/tetalab.local/milos.conf.sh
View File

44
conf/tetalab.local/nisyros.conf.sh Normal file
View File

@@ -0,0 +1,44 @@
# Fichier de configuration principal
# ------------------------------------------------------------------------------
# -------------------- Importation de paramêtres globaux -----------------------
# ------------------------------------------------------------------------------
# Importe les parametres tetalab.local
. $MYPATH/conf/includes/tetalab.conf.sh
# Importe la selection de paquets par defaut
. $MYPATH/conf/includes/pkgsel.base.conf.sh
# Les paramètres précédemment importés sont surchargeable après cette ligne
# ------------------------------------------------------------------------------
# ------------------------------ General Section -------------------------------
# ------------------------------------------------------------------------------
# User of the machine (must exists)
MAINUSER=root
# Authentication: use LDAP+Kerberos ?
WITH_LDAP_KERB=no
# Users to create, add or remove
REMOVE_USERS=fatal
# Mode d'installation :
# * dev : installe les paquets un par un avec apt (lent)
# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
INTALL_MODE=full
# Paquets additionnels
PKGSEL="$PKGSEL nfs-kernel-server"
PKGS_RMLIST=""
PKGS_BLACKLIST=""
# ------------------------------------------------------------------------------
# -------------------------- Section modules d'init ----------------------------
# ------------------------------------------------------------------------------
# Liste des modules à executer (surchargeable en ligne de commande)
MODULE_LIST="conf_ntp upgrade_dist authnz conf_locale \
install_pkg install_profile patch_snmp"

0
conf/santorini.conf.sh → conf/tetalab.local/santorini.conf.sh
View File

0
conf/stromboli.conf.sh → conf/tetalab.local/stromboli.conf.sh
View File

0
conf/vesuvius.conf.sh → conf/tetalab.local/vesuvius.conf.sh
View File

1
conf/tetamix.local Symbolic link
View File

@@ -0,0 +1 @@
/share/services/scripts/init.sh/conf/mixart-myrys.org

65
init.sh
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env bash
# ------------------------------------------------------------------------------
# Init.sh: initialise a computer and conform it
# Copyright (c) 2019-2021 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -36,17 +36,20 @@ export LC_ALL=C
export LANG=C
# Version of init
export VERSION="0.99.18"
export VERSION="0.99.24"
# Store script's path (realpath -s resolve symlinks if init.sh is a symlink)
export MYPATH=$(dirname $(realpath -s $0))
export MYPATH=$(dirname "$(realpath -s "$0")")
# Get hostname
export HOSTNAME=$(hostname)
# Get realm or domain name
export REALM=${REALM:-$(hostname -d)}
# Load libraries
for lib in $MYPATH/lib/*.sh; do
. $lib
. "$lib"
done
unset lib
@@ -65,7 +68,7 @@ function_exists prnt || (
# ==== Main Program ====
# ======================
# Set system dependent vars (OS, distro and version)
# Set system dependent vars (arch, OS, distro and version)
set_sys_vars $(uname -m) $(get_os_version)
# Initializing global variables
@@ -84,22 +87,22 @@ check_root
# ------------------------------------------------------------------------------
# Logfile variable treatment -- cannot be a function
if [[ -n $NEW_LOGFILE ]]; then
export LOGFILE=$NEW_LOGFILE
if [[ -n "$NEW_LOGFILE" ]]; then
export LOGFILE="$NEW_LOGFILE"
else
export LOGFILE=${LOGFILE:-"$MYPATH/log/init-$(uname -n)-$(stdtime).log"}
fi
prnt I "Creating log files welcoming directory..."
if [[ ! -d $(dirname $LOGFILE) ]]; then
mkdir -pv $(dirname $LOGFILE)
if [[ ! -d $(dirname "$LOGFILE") ]]; then
mkdir -pv $(dirname "$LOGFILE")
fi
# Log all outputs to the logfile
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec > >(tee -a $LOGFILE)
exec 2> >(tee -a $LOGFILE >&2)
exec > >(tee -a "$LOGFILE")
exec 2> >(tee -a "$LOGFILE" >&2)
prnt I "Starting init.sh version $VERSION."
prnt I "The log file is $LOGFILE."
if [[ -n $SYS_CODE ]]; then
@@ -113,7 +116,7 @@ fi
separator
if [[ -n $CHROOT_PATH && -z $CHROOT_DONE ]]; then
if [[ -n "$CHROOT_PATH" && -z $CHROOT_DONE ]]; then
chroot_bootstrap $@
prnt I "Normal end of chrooted execution!"
exit 0
@@ -129,11 +132,6 @@ process_commandline_and_vars
set_system_proxy
# Reinit stage file if no resuming
if [[ $RESUME != true ]] && [[ -f $STAGE_FILE ]]; then
rm -f $STAGE_FILE
fi
# Loading activated modules
for mod in $MODULE_LIST; do
. modules/$mod.sh
@@ -144,7 +142,7 @@ separator
if [[ $RUN_SHELL == true ]]; then
prnt I "Launching an interactive shell..."
bash --rcfile $MYPATH/bash.rc -i
bash --rcfile "$MYPATH/bash.rc" -i
prnt I "Script execution terminated after interactive shell execution."
exit 0
fi
@@ -170,8 +168,8 @@ if ! command -v wget &> /dev/null; then
fi
# Run prechecks
if [[ JUMP != true ]]; then
tmpfile=$(mktemp /tmp/init-XXXXXX)
if [[ $JUMP != true ]]; then
tmpfile="$(mktemp /tmp/init-XXXXXX)"
if [[ -n $MANUAL_MODULE_LIST ]]; then
prnt W "Dependency checks are deactivated with a manual module list."
fi
@@ -179,11 +177,11 @@ if [[ JUMP != true ]]; then
prnt W "Dependency checks have been deactivated manually."
fi
if [[ $RESUME == true ]]; then
cat $STAGE_FILE >> $tmpfile
cat "$STAGE_FILE" >> $tmpfile
fi
for mod in $MODULE_LIST; do
version=VER_$mod
if [[ $RESUME == true ]] && [[ $(grep $mod $STAGE_FILE) ]]; then
if [[ $RESUME == true ]] && [[ $(grep $mod "$STAGE_FILE") ]]; then
prnt I "Checks previously executed for $mod version ${!version}."
continue
fi
@@ -191,7 +189,7 @@ if [[ JUMP != true ]]; then
if [[ -z $MANUAL_MODULE_LIST && $NO_DEPS != true ]]; then
deps=DEP_$mod
for dep in ${!deps}; do
if [[ ! $(grep $dep $tmpfile) ]]; then
if [[ ! $(grep $dep "$tmpfile") ]]; then
prnt E "Module $mod have unsatisfied dependencies or is executed too early."
prnt E " * $dep must be executed before $mod, please check your module list."
die 9
@@ -203,9 +201,9 @@ if [[ JUMP != true ]]; then
(
precheck_$mod
)
echo $mod >> $tmpfile
echo $mod >> "$tmpfile"
done
rm -f $tmpfile
rm -f "$tmpfile"
unset mod
fi
@@ -237,9 +235,14 @@ read -n 1 -rsp $"Press <C> key to continue or an other one to stop now..." key &
echo && separator && echo
if [[ $key == "C" || $key == 'c' ]]; then
# Reinit stage file if no resuming
if [[ $RESUME != true ]] && [[ -f $STAGE_FILE ]]; then
rm -f "$STAGE_FILE"
fi
# We launch modules one after one
for mod in $MODULE_LIST; do
if [[ $RESUME == true ]] && [[ $(grep $mod $STAGE_FILE) ]]; then
if [[ $RESUME == true ]] && [[ $(grep $mod "$STAGE_FILE") ]]; then
continue
fi
# We need this only if JUMP is set but doesn't matter if it's done again
@@ -250,9 +253,9 @@ if [[ $key == "C" || $key == 'c' ]]; then
export REBOOT_NEEDED=false
$mod
if [[ $REBOOT_NEEDED == true ]]; then
echo "$mod reboot" >> $STAGE_FILE # Mark as done for resuming
echo "$mod reboot" >> "$STAGE_FILE" # Mark as done for resuming
else
echo $mod >> $STAGE_FILE # Mark as done for resuming function
echo "$mod" >> "$STAGE_FILE" # Mark as done for resuming function
fi
)
separator
@@ -265,15 +268,15 @@ fi
prnt I "That's all folks !"
echo
if [[ -s $STAGE_FILE && $(grep " reboot" $STAGE_FILE) ]]; then
if [[ -s "$STAGE_FILE" && $(grep " reboot" "$STAGE_FILE") ]]; then
prnt W "A reboot is required to apply some changes by the following packages:"
prnt m " * $(grep ' reboot' $STAGE_FILE | \
prnt m " * $(grep ' reboot' "$STAGE_FILE" | \
sed 's/ reboot//' | \
sed ':a' -e 'N' -e '$!ba' -e 's/\n/ /g')"
prnt I "Please reboot now or as soon as possible!"
echo
fi
rm -f $STAGEFILE
rm -f "$STAGE_FILE"
exit 0
# EOF

27
lib/aaa_errors.sh
View File

@@ -1,13 +1,14 @@
#!/bin/bash
# ------------------------------------------------------------------------------
# Error management functions
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
# https://opensource.org/licenses/BSD-3-Clause
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Exit with error
@@ -29,9 +30,10 @@ function die()
unset errorcode
# Put the trigger back (only executed with --keepgoing)
trap "error ${LINENO}" ERR
trap 'error ${LINENO}' ERR
}
export -f die
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -41,8 +43,10 @@ function terminate()
prnt E "$1 recieved, exiting at once."
die 128 --force
}
export -f terminate
trap "terminate 'Ctrl + C'" SIGINT
trap "terminate 'SIGTERM'" SIGTERM
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -64,8 +68,10 @@ function error()
fi
unset parent_lineno message code
}
export -f error
# Trigger error function on error
trap "error ${LINENO}; backtrace; err_exit" ERR
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -73,12 +79,14 @@ trap "error ${LINENO}; backtrace; err_exit" ERR
function err_exit
{
if [[ $KEEPGOING != true ]]; then
if [[ -f $tmpfile ]]; then
rm -f $tmpfile
if [[ -f "$tmpfile" ]]; then
rm -f "$tmpfile"
fi
exit 255
fi
}
export -f err_exit
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -94,11 +102,14 @@ function backtrace
printf '%15s() %s:%d\n' \
"$func" "${BASH_SOURCE[$i]}" "${BASH_LINENO[ (( $i - 1)) ]}"
fi
let i++ || true
(( i++ )) || true
done
unset func i
echo "=============================="
}
export -f backtrace
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -120,10 +131,11 @@ noerror()
fi
echo $?
trap "error ${LINENO}" ERR
trap 'error ${LINENO}' ERR
set -o errexit
}
export -f noerror
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -139,5 +151,6 @@ check_root()
fi
}
export -f check_root
# ------------------------------------------------------------------------------
# EOF

21
lib/chroot.sh
View File

@@ -1,7 +1,8 @@
#!/bin/bash
# ------------------------------------------------------------------------------
# Chroot system functions
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -13,36 +14,38 @@
# If chrooted, we need to bootstrap to a new copy of our directory tree
chroot_bootstrap()
{
if [[ ! -d $CHROOT_PATH ]]; then
if [[ ! -d "$CHROOT_PATH" ]]; then
prnt E "The path given to chroot don't exists."
die 14
fi
if [[ ! -d $CHROOT_PATH/tmp ]]; then
if [[ ! -d "$CHROOT_PATH/tmp" ]]; then
prnt E "The target filesystem doesn't seems to be a valid installation."
die 15
fi
local tmpdir=$(mktemp -d $CHROOT_PATH/tmp/init.sh-XXXX)
local tmpdir=$(mktemp -d "$CHROOT_PATH/tmp/init.sh-XXXX")
local bootstrap_items="conf lib modules repo bash.rc init.sh prepost.d"
if [[ $RESUME == true ]]; then
bootstrap_items="$bootstrap_items $STAGE_FILE"
fi
prnt I "Preparing root change."
cp -av $bootstrap_items $tmpdir
cp -av $bootstrap_items "$tmpdir"
prnt I "Changing root and starting a fork of init.sh..."
# on the following line, true allows to correctly exit in case of error since
# errors are managed by the chrooted environment
chroot $CHROOT_PATH /bin/bash -c 'CHROOT_DONE=true; $tmpdir/init.sh $@' || true
chroot "$CHROOT_PATH" /bin/bash -c 'CHROOT_DONE=true; "$tmpdir/init.sh" "$@"' || true
# If stage file still exists we copy it to be able to resume later
if [[ -e $tmpdir/$(basename $STAGE_FILE) ]]; then
cp $tmpdir/$(basename $STAGE_FILE) $STAGE_FILE
if [[ -e "$tmpdir/$(basename "$STAGE_FILE")" ]]; then
cp "$tmpdir/$(basename "$STAGE_FILE")" "$STAGE_FILE"
fi
prnt I "Back to host system and clean up."
rm -rf $tmpdir
rm -rf "$tmpdir"
}
export -f chroot_bootstrap
# ------------------------------------------------------------------------------
# EOF

134
lib/command_line.sh
View File

@@ -1,7 +1,8 @@
#!/bin/env bash
# ------------------------------------------------------------------------------
# Main program functions
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -14,39 +15,46 @@
# errors with immediate exit.
read_commandline()
{
syntax_error()
{
prnt E "Error while analysing command line parameters."
die 1 --force
}
# Processing command line options
local want_module=false
local want_logfile=false
local want_conffile=false
local want_chroot=false
local opt=
for opt in $@; do
case $opt in
local params=''
params=$(getopt -n init.sh -o hvm:cjkrRDoPl:f:s \
--long help,version,module:,check-only,jump,keep-going,resume,no-root-check,no-deps,offline,no-proxy,logfile:,file:,shell,chroot,cron \
-- "$@")
eval set -- "$params"
while true; do
case $1 in
"-h"|"--help")
disp_help
shift
exit 0
;;
"-v"|"--version")
show_version
shift
exit 0
;;
"-m"|"--module")
local want_module=true
if [[ -z $MANUAL_MODULE_LIST ]]; then
export MANUAL_MODULE_LIST="$2"
else
prnt E "A module list have already been given!"
prnt E "Commande line only tolerate one --module parameter."
die 1 --force
fi
shift 2
;;
"-c"|"--check-only")
export CHECK_ONLY=true
shift
;;
"-j"|"--jump")
export JUMP=true
shift
;;
"-k"|"--keep-going")
export KEEPGOING=true
shift
;;
"-r"|"--resume")
if [[ -s $STAGE_FILE ]]; then
@@ -56,93 +64,71 @@ read_commandline()
prnt E "Without it, resuming is impossible."
die 17 --force
fi
shift
;;
"-R"|"--no-root-check")
export NO_ROOT_CHECK=true
shift
;;
"-D"|"--no-deps")
export NO_DEPS=true
shift
;;
"-o"|"--offline")
export OFFLINE=true
shift
;;
"-P"|"--no-proxy")
export NO_PROXY=true
shift
;;
"-l"|"--logfile")
local want_logfile=true
if [[ -z $NEW_LOGFILE ]]; then
export NEW_LOGFILE=$2
else
prnt E "Impossible to specify several log files."
die 1 --force
fi
shift 2
;;
"-f"|"--file")
local want_conffile=true
export CONFFILES="$CONFFILES $2"
shift 2
;;
"-s"|"--shell")
export RUN_SHELL=true
shift
;;
"--chroot")
local want_chroot=true
if [[ -z $CHROOT_PATH ]]; then
export CHROOT_PATH=$2
else
prnt E "A chroot path have already been given."
die 1 --force
fi
shift 2
;;
"--cron")
export CRON_MODE=true
shift
;;
--)
shift
break
;;
*)
if [[ $want_module == true ]]; then
[[ $want_logfile == true ]] && synthax_error
[[ $want_conffile == true ]] && synthax_error
[[ $want_chroot == true ]] && synthax_error
if [[ -z $MANUAL_MODULE_LIST ]]; then
export MANUAL_MODULE_LIST=$opt
want_module=false
else
prnt E "A module list have already been given!"
prnt E "Commande line only tolerate one --module parameter."
die 1 --force
fi
elif [[ $want_logfile == true ]]; then
[[ $want_module == true ]] && synthax_error
[[ $want_conffile == true ]] && synthax_error
[[ $want_chroot == true ]] && synthax_error
if [[ -z $NEW_LOGFILE ]]; then
export NEW_LOGFILE=$opt
want_logfile=false
else
prnt E "Impossible to specify several log files."
die 1 --force
fi
elif [[ $want_conffile == true ]]; then
[[ $want_module == true ]] && synthax_error
[[ $want_logfile == true ]] && synthax_error
[[ $want_chroot == true ]] && synthax_error
export CONFFILES="$CONFFILES $opt"
want_logfile=false
elif [[ $want_chroot == true ]]; then
[[ $want_module == true ]] && synthax_error
[[ $want_logfile == true ]] && synthax_error
[[ $want_conffile == true ]] && synthax_error
if [[ -z $CHROOT_PATH ]]; then
export CHROOT_PATH=$opt
want_chroot=false
else
prnt E "A chroot path have already been given."
die 1 --force
fi
else
prnt E "Unknow parameter \"$opt\"."
die 1 --force
fi
if [[ -n $1 ]]; then
prnt E "Unknow parameter \"$1\" !"
die 1
fi
break
;;
esac
done
unset opt
# If those var are true at that point, something is wrong
if [[ $want_logfile == true ]] || [[ $want_module == true ]] ||
[[ $want_conffile == true ]] || [[ $want_chroot == true ]]; then
syntax_error
fi
unset want_conffile want_logfile want_module want_chroot
}
export -f read_commandline
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -180,11 +166,12 @@ process_commandline_and_vars()
# Configure module list
if [[ -n $MANUAL_MODULE_LIST ]]; then
prnt W "A manual module list will be used."
export MODULE_LIST=$(echo $MANUAL_MODULE_LIST | sed "s/,/ /g")
prnt W "A manual module list will be used:"
export MODULE_LIST=${MANUAL_MODULE_LIST//,/ }
prnt m " * $MODULE_LIST"
fi
# Check for module list existance and basic syntax
# Check for module list exis<tance and basic syntax
if [[ -n $MODULE_LIST ]]; then
for mod in $MODULE_LIST; do
if [[ $mod =~ ['-!@#$%\&*=+'] ]]; then
@@ -196,11 +183,12 @@ process_commandline_and_vars()
die 18
fi
done
else
elif [[ $RUN_SHELL != "true" ]]; then
prnt E "No module to execute!"
die 5
fi
}
export -f process_commandline_and_vars
# ------------------------------------------------------------------------------
# EOF

17
lib/diskman.sh
View File

@@ -1,7 +1,8 @@
#!/bin/bash
# ------------------------------------------------------------------------------
# Disks and partitions manipulation function
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -34,6 +35,7 @@ blank_disk()
fi
}
export -f blank_disk
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -57,6 +59,7 @@ is_blank()
fi
}
export -f is_blank
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -65,6 +68,8 @@ export -f is_blank
# Partition size like 10G for 10 GiB, 600M for 600 MiB and so on... Without unit
# it will use a number of cylinder. 0 will stand for all remaining size.
# If no partition size is provided we create a single whole disk partition.
# TODO: support extended partition for DOS type, add error if trying to create
# more than 4 primary partitions
mkparts()
{
local device=$1 && shit
@@ -82,7 +87,7 @@ mkparts()
local tmpfile=$(mktemp sfd.XXXX)
if [[ -n $1 ]]; then
# For each given size we make a partition
for $part in $@; do
for part in $@; do
# If size is zero we interpret it as all available space
if [[ $part == 0 ]]; then
echo ",,L" >> $tmpfile
@@ -104,6 +109,7 @@ mkparts()
unset device parttype
}
export -f mkparts
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -119,6 +125,8 @@ mkfs_gen()
fi
done
}
export -f mkfs_gen
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -130,6 +138,7 @@ mkext4()
unset mkfstool
}
export -f mkext4
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -141,6 +150,7 @@ mkxfs()
unset mkfstool
}
export -f mkxfs
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -152,6 +162,7 @@ mkntfs()
unset mkfstool
}
export -f mkntfs
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -163,6 +174,7 @@ mkfat32()
unset mkfstool
}
export -f mkfat32
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -174,6 +186,7 @@ mkbtrfs()
unset mkfstool
}
export -f mkbtrfs
# ------------------------------------------------------------------------------
# EOF

44
lib/display.sh
View File

@@ -1,7 +1,8 @@
#!/bin/bash
# ------------------------------------------------------------------------------
# Some display functions and defines color codes
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -94,34 +95,35 @@ export On_IWhite='\e[0;107m'
prnt()
{
if [[ $1 == "-n" ]]; then
local echoopt=$1
shift
local echoopt=$1
shift
else
local echoopt=""
local echoopt=""
fi
case $1 in
"I")
local heads="[ ${IGreen}info${DEFAULTFG} ]"
shift
;;
"W")
local heads="[${IYellow}Warning${DEFAULTFG}]"
shift
;;
"E")
local heads="[ ${IRed}ERROR${DEFAULTFG} ]"
shift
;;
"m")
local heads=" "
shift
;;
"I")
local heads="[ ${IGreen}info${DEFAULTFG} ]"
shift
;;
"W")
local heads="[${IYellow}Warning${DEFAULTFG}]"
shift
;;
"E")
local heads="[ ${IRed}ERROR${DEFAULTFG} ]"
shift
;;
"m")
local heads=" "
shift
;;
esac
echo $echoopt -e "${IWhite}$(date $DATEFORMAT)${DEFAULTFG} ${heads} $@"
unset heads echoopt
}
export -f prnt
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -141,6 +143,7 @@ separator()
unset i length
}
export -f separator
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -160,6 +163,7 @@ dsleep()
echo
}
export -f dsleep
# ------------------------------------------------------------------------------
# EOF

235
lib/filefct.sh
View File

@@ -1,7 +1,8 @@
#!/bin/bash
# ------------------------------------------------------------------------------
# File manipulation function
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -24,39 +25,40 @@ export COMM_REPO_PATH=${COMM_REPO_PATH:-"$MYPATH/repo/common"}
backup_dist()
{
if [[ $# -lt 1 ]]; then
prnt E "backup_dist(): At least one argument is required."
exit 11
prnt E "backup_dist(): At least one argument is required."
exit 11
fi
local file=
for file in $@; do
local tmstmp=$(stdtime)
if [[ -L ${file} ]]; then
# With symbolik links we call again backup_dist to treat target
prnt I "Following the symbolic link $file to do a proper backup..."
backup_dist $(readlink -f ${file})
elif [[ -f ${file} ]]; then
prnt I "Creating a backup of ${file} on $tmstmp..."
cp -av $file ${file}.dist.${tmstmp}
if [[ $? -ne 0 ]]; then
prnt E "backup_dist(): Failed copying file."
die 12
fi
elif [[ -d ${file} ]]; then
prnt I "Creating a backup of the directory ${file} on $tmstmp..."
cp -av $file ${file}.dist.${tmstmp}
if [[ $? -ne 0 ]]; then
prnt E "backup_dist(): Failed copying directory recursively."
die 12
fi
else
prnt W "backup_dist(): $file don't exists, nothing to do."
fi
unset tmstmp
local tmstmp=$(stdtime)
if [[ -L ${file} ]]; then
# With symbolik links we call again backup_dist to treat target
prnt I "Following the symbolic link $file to do a proper backup..."
backup_dist $(readlink -f "${file}")
elif [[ -f ${file} ]]; then
prnt I "Creating a backup of ${file} on $tmstmp..."
cp -av $file ${file}.dist.${tmstmp}
if [[ $? -ne 0 ]]; then
prnt E "backup_dist(): Failed copying file."
die 12
fi
elif [[ -d ${file} ]]; then
prnt I "Creating a backup of the directory ${file} on $tmstmp..."
cp -av $file ${file}.dist.${tmstmp}
if [[ $? -ne 0 ]]; then
prnt E "backup_dist(): Failed copying directory recursively."
die 12
fi
else
prnt W "backup_dist(): $file don't exists, nothing to do."
fi
unset tmstmp
done
unset file
}
export -f backup_dist
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -72,26 +74,27 @@ select_file()
{
local infile=$1
if [[ -f $RLMHST_REPO_PATH/$infile ]]; then
local source="$RLMHST_REPO_PATH/$infile"
local source="$RLMHST_REPO_PATH/$infile"
elif [[ -f $RLMGRP_REPO_PATH/$infile ]]; then
local source="$RLMGRP_REPO_PATH/$infile"
local source="$RLMGRP_REPO_PATH/$infile"
elif [[ -f $HOST_REPO_PATH/$infile ]]; then
local source="$HOST_REPO_PATH/$infile"
local source="$HOST_REPO_PATH/$infile"
elif [[ -f $GROUP_REPO_PATH/$infile ]]; then
local source="$GROUP_REPO_PATH/$infile"
local source="$GROUP_REPO_PATH/$infile"
elif [[ -f $REALM_REPO_PATH/$infile ]]; then
local source="$REALM_REPO_PATH/$infile"
local source="$REALM_REPO_PATH/$infile"
elif [[ -f $COMM_REPO_PATH/$infile ]]; then
local source="$COMM_REPO_PATH/$infile"
local source="$COMM_REPO_PATH/$infile"
else
# Not found in repository, we expect full name
local source="$infile"
# Not found in repository, we expect full name
local source="$infile"
fi
unset infile
echo $source
unset source
}
export -f select_file
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -100,26 +103,27 @@ select_directory()
{
local indir=$1
if [[ -d $RLMHST_REPO_PATH/$indir ]]; then
local source="$RLMHST_REPO_PATH/$indir"
local source="$RLMHST_REPO_PATH/$indir"
elif [[ -d $RLMGRP_REPO_PATH/$indir ]]; then
local source="$RLMGRP_REPO_PATH/$indir"
local source="$RLMGRP_REPO_PATH/$indir"
elif [[ -d $HOST_REPO_PATH/$indir ]]; then
local source="$HOST_REPO_PATH/$indir"
local source="$HOST_REPO_PATH/$indir"
elif [[ -d $GROUP_REPO_PATH/$indir ]]; then
local source="$GROUP_REPO_PATH/$indir"
local source="$GROUP_REPO_PATH/$indir"
elif [[ -d $REALM_REPO_PATH/$indir ]]; then
local source="$REALM_REPO_PATH/$indir"
local source="$REALM_REPO_PATH/$indir"
elif [[ -d $COMM_REPO_PATH/$indir ]]; then
local source="$COMM_REPO_PATH/$indir"
local source="$COMM_REPO_PATH/$indir"
else
# Not found in repository, we expect full name
local source="$indir"
# Not found in repository, we expect full name
local source="$indir"
fi
unset indir
echo $source
unset source
}
export -f select_directory
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -131,44 +135,45 @@ install_file()
local i=0
if [[ $# -lt 2 ]]; then
prnt E "install_file(): At least two arguments are required."
die 11
prnt E "install_file(): At least two arguments are required."
die 11
fi
if [[ $(echo $@ | grep "\*\|\?") ]]; then
prnt E "install_file(): Wildcards are not authorized."
die 7
if [[ -n $(echo $@ | grep "\*\|\?") ]]; then
prnt E "install_file(): Wildcards are not authorized."
die 7
fi
local arg=
for arg in $@; do
filelist="$filelist $(select_file $arg)"
filelist="$filelist $(select_file $arg)"
# We always replace until the last argument being the target
target="$arg"
done
unset arg
if [[ ! $target == /* ]]; then
prnt E "install_file(): Target must be on the root filesystem and full path must be provided."
die 13
prnt E "install_file(): Target must be on the root filesystem and full path must be provided."
die 13
fi
unset target
if [[ -d $(dirname $i) ]]; then
prnt I "Creating required target directory $(dirname $i)..."
mkdir -pv $(dirname $i)
if [[ $? -ne 0 ]]; then
prnt E "install_file(): Can't create target directory!"
die 12
fi
prnt I "Creating required target directory $(dirname $i)..."
mkdir -pv $(dirname $i)
if [[ $? -ne 0 ]]; then
prnt E "install_file(): Can't create target directory!"
die 12
fi
fi
prnt I "Copying files ${filelist} to target directory $(dirname $i)..."
cp -av $filelist
if [[ $? -ne 0 ]]; then
prnt E "install_file(): Couldn't copy some required files!"
die 12
prnt E "install_file(): Couldn't copy some required files!"
die 12
fi
}
export -f install_file
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -176,29 +181,30 @@ export -f install_file
append_file()
{
if [[ $# -ne 2 ]]; then
prnt E "append_file(): Two arguments are required, source and destination."
die 11
prnt E "append_file(): Two arguments are required, source and destination."
die 11
fi
local srcfile=$(select_file $1)
local dstfile=$2
if [[ ! $dstfile == /* ]]; then
prnt E "append_file(): Target must be on the root filesystem and full path must be provided."
die 13
prnt E "append_file(): Target must be on the root filesystem and full path must be provided."
die 13
fi
if [[ -e $dstfile ]]; then
prnt E "append_file(): Target file must exist (use touch first to create it if required)."
die 13
prnt E "append_file(): Target file must exist (use touch first to create it if required)."
die 13
fi
prnt I "Adding content to file $dstfile..."
cat $srcfile >> $dstfile
if [[ $? -ne 0 ]]; then
prnt E "append_file(): Couldn't append a file!"
die 12
prnt E "append_file(): Couldn't append a file!"
die 12
fi
}
export -f append_file
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -208,66 +214,21 @@ is_dir_empty()
dir=$1
if [[ -f $dir ]]; then
prnt E "is_dir_empty(): The given parameter is not a directory."
die 15
prnt E "is_dir_empty(): The given parameter is not a directory."
die 15
fi
if [[ ! -d $dir ]]; then
return 0
return 0
fi
nbfiles=$(ls -a1 $dir | egrep -v '^.$|^..$' | wc -l)
nbfiles=$(ls -a1 $dir | grep -Evc '^.$|^..$')
if [[ $nbfiles -eq 0 ]]; then
return 0
return 0
fi
return 1
}
export -f is_dir_empty
# ------------------------------------------------------------------------------
# copy and patch a file replacing all @var@ by the corresponding value in
# the environment or the variable list given in parameter
patch_file()
{
local srcfile=$(select_file $1) && shift
local dstfile=$1 && shift
local workfile=${dstfile}.work
if [[ ! -s $srcfile ]]; then
prnt E "patch_file(): Source file is empty, is not a file or don't exists!"
die 10
fi
# Create a sub-process, to avoid bash environment pollution
(
local varlist= pattern=
if [[ $# -eq 0 ]] ; then
pattern="-e s/<\(.*\)>/\$\1\$\1/g"
else
local var=
for var in $* ; do
if ! declare -p $var >/dev/null 2>&1 ; then
local $var=$(eval echo \$$var)
fi
export $var
pattern="$pattern -e s/@$var@/\$$var/g"
varlist=$varlist\$$var
done
fi
# sed replace <VAR> with \$$VAR and envsubst do the replace by value
sed $pattern $srcfile | envsubst ${varlist:+"$varlist"} > "$workfile"
)
local -a rights=( $(stat --printf="%a %u %g" "$srcfile") )
unset srcfile
mv "$workfile" "$dstfile"
chmod ${rights[0]} "$dstfile"
chown ${rights[1]}:${rights[2]} "$dstfile"
unset rights dstfile
}
export -f patch_file
# ------------------------------------------------------------------------------
@@ -275,16 +236,16 @@ export -f patch_file
tag_file()
{
for f in $@; do
local text="# File automatically modified by init.sh on $(stdtime)."
if [[ -e $f ]]; then
sed -i "1s/^/$text\n/" $f
else
echo $text > $f
sed -i -e "s/modified/generated/" $f
fi
local text="# File automatically modified by init.sh on $(stdtime)."
if [[ -e $f ]]; then
sed -i "1s/^/$text\n/" $f
else
echo $text | sed "s/modified/generated/" > $f
fi
done
}
export -f tag_file
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -292,14 +253,15 @@ export -f tag_file
file_exists()
{
for f in $@; do
if [[ ! -f $(select_file $f) ]]; then
echo $f
return 1
fi
if [[ ! -f $(select_file $f) ]]; then
echo $f
return 1
fi
done
return 0
}
export -f file_exists
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -309,12 +271,13 @@ file_must_exists()
prnt I "Checking $@ files existance..."
local mf=$(file_exists $@)
if [[ $? -ne 0 ]]; then
prnt E "file_must_exists(): The $mf file is missing, can't continue."
die 10
prnt E "file_must_exists(): The $mf file is missing, can't continue."
die 10
fi
unset mf
}
export -f file_must_exists
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -322,14 +285,15 @@ export -f file_must_exists
directory_exists()
{
for d in $@; do
if [[ ! -d $(select_directory $d) ]]; then
echo $d
return 1
fi
if [[ ! -d $(select_directory $d) ]]; then
echo $d
return 1
fi
done
return 0
}
export -f directory_exists
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -339,12 +303,13 @@ directory_must_exists()
prnt I "Checking $@ directories existance..."
local md=$(directory_exists $@)
if [[ $? -ne 0 ]]; then
prnt E "directory_must_exists(): The $md directory is missing, can't continue."
die 10
prnt E "directory_must_exists(): The $md directory is missing, can't continue."
die 10
fi
unset md
}
export -f directory_must_exists
# ------------------------------------------------------------------------------
# EOF

50
lib/loaders.sh
View File

@@ -1,7 +1,8 @@
#!/bin/bash
# ------------------------------------------------------------------------------
# Loaders for conf and prepost functions
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -48,6 +49,7 @@ load_autoconf()
unset prefix
}
export -f load_autoconf
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -58,6 +60,17 @@ export -f load_autoconf
# 3) <workingdir>/conf/init.conf.sh (Generic default, for testing)
load_configuration()
{
# --------------------------------------------------------------------------
# Get list of possible files to load when REALM is not declared
get_files()
{
for d in $MYPATH/conf/*; do
if [[ -d $d ]]; then
find $d -maxdepth 1 -name "$HOSTNAME.conf.sh"
fi
done
}
if [[ -n $CONFFILES ]]; then
local f=
for f in $CONFFILES; do
@@ -72,24 +85,52 @@ load_configuration()
unset f
else
prnt I "Loading configuration..."
if [[ -z $REALM ]]; then
prnt W "REALM is undeclared, trying to scan configuration subdirectories for this host..."
local found_realms=$(get_files)
case "$(echo $found_realms | wc -w)" in
"0")
: # We do nothing as we'll check for other scenario
;;
"1")
export REALM="$(basename $(dirname $found_realms))"
local auto_realm="$REALM"
;;
*)
prnt E "More than one file correspond to that host. This is ambigous and need to be fixed."
prnt m "You can fix that situation with one of those actions:"
prnt m "\t * Declare a REALM variable with the actual domain name of the host."
prnt m "\t * Give manually the configuration file using the --file option."
prnt m "\t * Configure the domain name of the host."
die 20 --force
;;
esac
fi
if [[ -e $MYPATH/conf/$REALM/$HOSTNAME.conf.sh ]]; then
prnt I "A specific configuration will be used."
. $MYPATH/conf/$HOSTNAME.conf.sh
local cnffile=$MYPATH/conf/$REALM/$HOSTNAME.conf.sh
if [[ -n $auto_realm && $REALM != $auto_realm ]]; then
prnt E "The domain name in the confinguration file don't correspond to the detected domain through directory structure."
die 21 --force
fi
elif [[ -e $MYPATH/conf/$HOSTNAME.conf.sh ]]; then
prnt I "A specific configuration will be used."
. $MYPATH/conf/$HOSTNAME.conf.sh
local cnffile=$MYPATH/conf/$HOSTNAME.conf.sh
else
if [[ -e $MYPATH/conf/init.conf.sh ]]; then
prnt I "A generic configuration will be used."
. $MYPATH/conf/init.conf.sh
local cnffile=$MYPATH/conf/init.conf.sh
else
prnt E "No configuration found, impossible to continue."
die 6 --force
fi
fi
prnt I "Loading $cnffile ..."
. $cnffile
fi
}
export -f load_configuration
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -104,5 +145,6 @@ load_prepost_actions()
unset prepost
}
export -f load_prepost_actions
# ------------------------------------------------------------------------------
# EOF

12
lib/net.sh
View File

@@ -1,7 +1,8 @@
#!/bin/bash
# ------------------------------------------------------------------------------
# Network functions
# This file is part of the init.sh project
# Copyright (c) 2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -33,6 +34,7 @@ set_system_proxy()
fi
}
export -f set_system_proxy
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -46,6 +48,7 @@ mask2cidr4()
echo $(( $2 + (${#x}/4) ))
}
export -f mask2cidr4
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -58,6 +61,7 @@ cidr2mask4()
echo ${1-0}.${2-0}.${3-0}.${4-0}
}
export -f cidr2mask4
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -81,6 +85,7 @@ isipv4 ()
return 1
}
export -f isipv4
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -95,6 +100,7 @@ isipv6 ()
return 1
}
export -f isipv6
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -134,6 +140,7 @@ get_network_info()
done
}
export -f get_network_info
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -175,3 +182,6 @@ check_network()
esac
}
export -f check_network
# ------------------------------------------------------------------------------
# EOF

15
lib/pkgman.sh
View File

@@ -1,7 +1,8 @@
#!/bin/bash
# ------------------------------------------------------------------------------
# Package manager integration
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -17,6 +18,7 @@ pkgupdt()
$PKG_MAN $COM_UPDATE
}
export -f pkgupdt
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -55,6 +57,7 @@ pkgupgd()
exec_postupgd
}
export -f pkgupgd
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -81,6 +84,7 @@ pkgrm()
fi
}
export -f pkgrm
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -93,6 +97,7 @@ pkgautorm()
exec_postautorm
}
export -f pkgautorm
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -110,6 +115,7 @@ exec_preinst()
unset pkglist
}
export -f exec_preinst
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -128,6 +134,7 @@ exec_postinst()
unset POSTINSTLIST
}
export -f exec_postinst
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -146,6 +153,7 @@ exec_prerm()
unset pkglist
}
export -f exec_prerm
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -164,6 +172,7 @@ exec_postrm()
unset POSTRMLIST
}
export -f exec_postrm
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -181,6 +190,7 @@ exec_preupgd()
unset pkglist
}
export -f exec_preupgd
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -199,6 +209,7 @@ exec_postupgd()
unset POSTUPGDLIST
}
export -f exec_postupgd
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -216,6 +227,7 @@ exec_preautorm()
unset pkglist
}
export -f exec_preautorm
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -225,6 +237,7 @@ exec_postautorm()
exec_postrm
}
export -f exec_postautorm
# ------------------------------------------------------------------------------
# EOF

194
lib/secret.sh Normal file
View File

@@ -0,0 +1,194 @@
#!/bin/bash
# ------------------------------------------------------------------------------
# Secret management functions
# This file is part of the init.sh project
# Copyright (c) 2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
# https://opensource.org/licenses/BSD-3-Clause
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Get Passbolt
get_passbolt_secret()
{
local name="$1" secret
if ! command -v passbolt >/dev/null 2>&1; then
prnt E "Passbolt CLI not found (required to fetch passbolt:$name)."
die 22
fi
# Exemple basé sur CLI Passbolt + jq
secret=$(passbolt secret list --json 2>/dev/null | jq -r --arg NAME "$name" \
'.[] | select(.name == $NAME) | .secrets[0].data' 2>/dev/null)
if [[ -z "$secret" || "$secret" == "null" ]]; then
prnt E "Secret '$name' not found in Passbolt."
die 23
fi
printf '%s' "$secret"
}
export -f get_passbolt_secret
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Get File
get_file_secret()
{
local path="$1" secret
if [[ ! -s "$path" ]]; then
prnt E "get_file_secret: missing secret file"
die 10
fi
if [[ ! -r "$path" ]]; then
prnt E "get_file_secret: '$path' not readable"
die 24
fi
secret=$(<"$path")
secret="${secret%$'\r'}"
secret="${secret%$'\n'}"
printf '%s' "$secret"
}
export -f get_file_secret
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Get Environment variable
get_var_secret()
{
local var="$1" secret
if [[ -z "$var" ]]; then
prnt E "get_var_secret: missing variable name"
die 25
fi
if ! printenv "$var" >/dev/null 2>&1; then
prnt E "get_var_secret: variable '$var' not set"
die 25
fi
secret="$(printenv "$var")"
secret="${secret%$'\r'}"
secret="${secret%$'\n'}"
printf '%s' "$secret"
}
export -f get_var_secret
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Main get dispatcher
# Usage: fetch_secret "scheme:identifier"
fetch_secret()
{
local ref="$1"
local scheme identifier func
if [[ -z "$ref" ]]; then
prnt E "fetch_secret: no reference provided"
die 26
fi
# par défaut, si pas de scheme -> "file"
if [[ "$ref" != *:* ]]; then
scheme="file"
identifier="$ref"
else
scheme="${ref%%:*}"
identifier="${ref#*:}"
fi
func="get_${scheme}_secret"
if ! declare -f "$func" >/dev/null 2>&1; then
prnt E "fetch_secret: unsupported scheme '$scheme' (no function $func)"
die 27
fi
"$func" "$identifier"
}
export -f fetch_secret
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Check Passbolt
check_passbolt_secret() {
local name="$1" found
if ! command -v passbolt >/dev/null 2>&1; then
return 1
fi
found=$(passbolt secret list --json 2>/dev/null | jq -e --arg NAME "$name" \
'.[] | select(.name == $NAME) | .secrets[0].data' 2>/dev/null)
[[ -n "$found" && "$found" != "null" ]]
}
export -f check_passbolt_secret
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Check File
check_file_secret() {
local path="$1"
[[ -r "$path" && -s "$path" ]]
}
export -f check_file_secret
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Check Environment variable
check_var_secret() {
local var="$1"
[[ -n "$var" ]] && printenv "$var" >/dev/null 2>&1
}
export -f check_var_secret
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Check Dispatcher
check_secret() {
local ref="$1"
local scheme identifier func
if [[ -z "$ref" ]]; then
prnt E "check_secret: no reference provided"
return 1
fi
if [[ "$ref" != *:* ]]; then
scheme="file"
identifier="$ref"
else
scheme="${ref%%:*}"
identifier="${ref#*:}"
fi
func="check_${scheme}_secret"
if ! declare -f "$func" >/dev/null 2>&1; then
prnt E "check_secret: unsupported scheme '$scheme' (no function $func)"
return 1
fi
"$func" "$identifier"
}
export -f check_secret
# ------------------------------------------------------------------------------
# EOF

8
lib/services.sh
View File

@@ -1,7 +1,8 @@
#!/bin/bash
# ------------------------------------------------------------------------------
# Services manipulation functions
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -33,6 +34,7 @@ exec_serv()
unset lineexec
}
export exec_serv
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -46,6 +48,7 @@ svc_start()
unset svc
}
export -f svc_start
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -57,6 +60,7 @@ svc_reload()
done
}
export -f svc_reload
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -70,6 +74,7 @@ svc_restart()
unset svc
}
export -f svc_restart
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -83,5 +88,6 @@ svc_stop()
unset svc
}
export -f svc_stop
# ------------------------------------------------------------------------------
# EOF

5
lib/support.sh
View File

@@ -1,7 +1,8 @@
#!/bin/bash
# ------------------------------------------------------------------------------
# Base support function
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -72,6 +73,7 @@ Fichiers de configuration :
EOF
}
export -f disp_help
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -102,5 +104,6 @@ show_version()
fi
}
export -f show_version
# ------------------------------------------------------------------------------
# EOF

82
lib/users.sh Normal file
View File

@@ -0,0 +1,82 @@
#!/bin/bash
# ------------------------------------------------------------------------------
# Users related functions
# This file is part of the init.sh project
# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
# https://opensource.org/licenses/BSD-3-Clause
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Users (from Ldap)
add_remote_user()
{
local users=$@
for usr in ${users[@]}; do
if [[ -n $(grep "^$usr:" /etc/passwd) ]]; then
prnt W "A local user with name $usr already exists, adding anyway!"
fi
if [[ -n $(grep "^+$usr:" /etc/passwd) ]]; then
prnt W "The remote user $usr is already declared, nothing to do in passwd."
else
echo "+$usr::::::" >> /etc/passwd
prnt I "User $usr added to passwd..."
fi
if [[ -n $(grep "^+$usr:" /etc/shadow) ]]; then
prnt W "The remote user $usr is already connectable, nothing to do in shadow."
else
echo "+$usr::::::::" >> /etc/shadow
prnt I "User $usr added to shadow..."
fi
done
}
export -f add_remote_user
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Remove users
remove_user()
{
local users=$@
for usr in ${users[@]}; do
if [[ -n $(grep "^$usr:" /etc/{passwd,shadow,group,gshadow}) ]]; then
# Using sed is more universal than any distro commands - local case
sed -i -e "/^$usr:/d" /etc/{passwd,shadow,group,gshadow}
elif [[ -n $(grep "^+$usr:" /etc/{passwd,shadow,group,gshadow}) ]]; then
# remote case
sed -i -e "/^+$usr:/d" /etc/{passwd,shadow,group,gshadow}
else
prnt W "User $usr don't exists in auth files, nothing to do."
fi
done
}
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Create a local user
create_local_user()
{
local users=$@
for usr in ${users[@]}; do
if [[ $(noerror --noout id $usr) != 0 ]]; then
prnt I "Creating user $usr..."
if [[ $(directory_exists home_skell) ]]; then
useradd --create-home --shell $DEFAULT_SHELL \
--user-group $usr \
--skell $(select_directory home_skell)
else
useradd --create-home --shell $DEFAULT_SHELL --user-group $usr
fi
else
prnt W "The user $usr already exists. Nothing to do..."
fi
done
}
# ------------------------------------------------------------------------------
# EOF

15
lib/utils.sh
View File

@@ -1,7 +1,8 @@
#!/bin/bash
# ------------------------------------------------------------------------------
# Various utilitary functions
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -15,6 +16,7 @@ stdtime()
date --rfc-3339=seconds | sed -e 's/ /-/' -e 's/://g' | cut -d'+' -f1
}
export -f stdtime
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -25,13 +27,14 @@ function_exists() {
die 11 --force
fi
if [[ $(LC_ALL=C type -t $1 | grep function) ]]; then
if [[ -n $(LC_ALL=C type -t $1 | grep function) ]]; then
return 0
else
return 1
fi
}
export -f function_exists
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -42,9 +45,10 @@ get_mod_name()
prnt E "get_mod_name(): Bad number of parameters."
die 11 --force
fi
echo $(basename $1 | cut -f 1 -d '.')
basename $1 | cut -f 1 -d '.'
}
export -f get_mod_name
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -52,10 +56,12 @@ export -f get_mod_name
trim()
{
local string="$@"
echo "$(sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//'<<<"${string}")"
sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//'<<<"${string}"
unset string
}
export -f trim
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Dump the keyboard's buffer
@@ -66,6 +72,7 @@ dump_key_buffer()
done
}
export -f dump_key_buffer
# ------------------------------------------------------------------------------
# EOF

108
lib/vars.sh Normal file
View File

@@ -0,0 +1,108 @@
#!/bin/bash
# ------------------------------------------------------------------------------
# Variables substitution function
# This file is part of the init.sh project
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
# https://opensource.org/licenses/BSD-3-Clause
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Replace @VAR@ in a text file by the corresponding $VAR value
# The --delimiter or -d option allow to use something else than @
setvar()
{
local delimiter="@"
local vars=()
local file
# Parse arguments
while [[ $# -gt 0 ]]; do
case "$1" in
--delimiter|-d)
shift
delimiter="${1:-@}"
;;
-*)
prnt E "setvar(): Unknown option: $1"
die 7
;;
*)
if [[ -f $1 && $# -eq 1 ]]; then
file="$1"
else
vars+=("$1")
fi
;;
esac
shift
done
if [[ -z $file ]]; then
prnt E "Usage: setvar [--delimiter D] VAR1 [VAR2 ...] <file>"
die 7
fi
if [[ ${#vars[@]} -eq 0 ]]; then
prnt E "No variable name(s) provided."
die 7
fi
local var val escaped pattern
for var in "${vars[@]}"; do
val="${!var}"
if [[ -z $val ]]; then
prnt W "Variable '$var' is unset or empty; skipped."
continue
fi
# Échapper les caractères spéciaux pour sed
escaped=$(printf '%s' "$val" | sed -e 's/[\/&]/\\&/g')
pattern="${delimiter}${var}${delimiter}"
prnt I "Replacing $pattern with $val in $file"
sed -i -e "s|$pattern|$escaped|g" "$file"
done
}
export -f setvar
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Replace @VAR@ in a text file by the corresponding values available in the
# environment. The --delimiter or -d option allow to use something else than @
setvars_from_env()
{
local file delimiter="@"
while [[ $# -gt 0 ]]; do
case "$1" in
-d|--delimiter)
shift
delimiter="${1:-@}"
;;
*)
file="$1"
;;
esac
shift
done
[[ -f $file ]] || {
prnt E "File not found: $file"
die 10
}
local vars
vars=$(grep -o "${delimiter}[A-Z0-9_]\+${delimiter}" "$file" | sort -u | tr -d "$delimiter")
[[ -z $vars ]] && return 0
setvar --delimiter "$delimiter" $vars "$file"
}
export -f setvars_from_env
# ------------------------------------------------------------------------------
# EOF

7
lib/version.sh
View File

@@ -1,7 +1,8 @@
#!/bin/bash
# ------------------------------------------------------------------------------
# Version determination function
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -37,13 +38,14 @@ get_os_version()
unset maj min
fi
# Return values on stdout
# Return values on stdout (awk used to retreave primary codename when using testing or unstable)
echo ${ID,,} ${VERSION_ID} $(echo ${VERSION_CODENAME,,} | awk '{print $1}')
)
}
export read_os_release
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -66,5 +68,6 @@ set_sys_vars()
fi
}
export -f get_os_version
# ------------------------------------------------------------------------------
# EOF

55
modules/authnz.sh
View File

@@ -1,7 +1,7 @@
# ------------------------------------------------------------------------------
# Add local or remote users
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -20,58 +20,9 @@
# * DEFAULT_SHELL: The shell to use when creating new users
# ------------------------------------------------------------------------------
export VER_authnz=0.2.2
export DEP_authnz="upgrade_dist"
export VER_authnz="0.2.2"
export DEP_authnz=""
# Users (from Ldap)
add_remote_user()
{
if [[ $(grep "^$1:" /etc/passwd) ]]; then
prnt W "A local user with name $1 already exists, adding anyway!"
fi
if [[ $(grep "^+$1:" /etc/passwd) ]]; then
prnt W "The remote user $1 is already declared, nothing to do in passwd."
else
echo "+$1::::::" >> /etc/passwd
prnt I "User $1 added to passwd..."
fi
if [[ $(grep "^+$1:" /etc/shadow) ]]; then
prnt W "The remote user $1 is already connectable, nothing to do in shadow."
else
echo "+$1::::::::" >> /etc/shadow
prnt I "User $1 added to shadow..."
fi
}
# Remove users
remove_user()
{
if [[ $(grep "^$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then
# Using sed is more universal than any distro commands - local case
sed -i -e "/^$1:/d" /etc/{passwd,shadow,group,gshadow}
elif [[ $(grep "^+$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then
# remote case
sed -i -e "/^+$1:/d" /etc/{passwd,shadow,group,gshadow}
else
prnt W "User $1 don't exists in auth files, nothing to do."
fi
}
# Create a local user
create_local_user()
{
if [[ $(noerror --noout id $1) != 0 ]]; then
prnt I "Creating user $1..."
if [[ $(directory_exists home_skell) ]]; then
useradd --create-home --shell $DEFAULT_SHELL --user-group $1 \
--skell $(select_directory home_skell)
else
useradd --create-home --shell $DEFAULT_SHELL --user-group $1
fi
else
prnt W "The user $1 already exists. Nothing to do..."
fi
}
# Authentication
authnz()

113
modules/conf_ceph.sh
View File

@@ -1,7 +1,7 @@
# ------------------------------------------------------------------------------
# Configure machine for ceph (or samba) mount
# Configure machine for ceph (or samba / NFS) mount
# This file is part of the init.sh project
# Copyright (c) 2019-2021 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -10,43 +10,52 @@
# Variable:
# * CEPH_SRV_NAMES: hosts names of ceph servers
# * CEPHIP_srv: with "srv" being a ceph server hostname, its corresponding IP
# * SHARED_HOME: Set at yes if homedir is a directory of the ceph mount
# * SMBSRV: Fallback samba server on unsupported architectures
# Mount points are hardcoded and should bet set differently
# * CEPH_MOUNTS: list of mounts to create
# * CEPH_MP_mount: mount point for the given "mount"
# * SHARED_HOME: Set at yes if homedir is a directory of the ceph mount (to be removed)
# * SMBSRV: Fallback samba server on unsupported architectures (not doing
# anything if undeclared)
# * NFSSRV: Fallback NFS server on unsupported architectures (not doing
# anything if undeclared)
# If both SMBSRV and NFSSRV are set on unsupported hardware, Samba will have a
# higher priority.
# ------------------------------------------------------------------------------
export VER_conf_ceph="0.0.5"
export DEP_conf_ceph="upgrade_dist"
export VER_conf_ceph="1.0.2"
export DEP_conf_ceph=""
conf_ceph()
{
# Create mount point directories
echo "Creating mount points"
mkdir -pv /srv/ceph/share
mkdir -pv /share
local success=undef
local fstabchanged=false
# Determine the type of installation
if [[ $SYS_ARCH == "x86_64" || $SYS_ARCH == "i386" ]]; then
export CEPH_STATUS=ceph
else
elif [[ -n $SMBSRV ]]; then
export CEPH_STATUS=smb
elif [[ -n $NFSSRV ]]; then
export CEPH_STATUS=nfs
else
export CEPH_STATUS=none
fi
if [[ $CEPH_STATUS == ceph ]]; then
# Install ceph package
pkginst ceph-common
# hosts files required for Ceph bootstrap when DNS not yet started
if [[ ! $(grep "# Ceph" /etc/hosts) ]]; then
if ! grep -q "^# Ceph" /etc/hosts; then
prnt I "Adding server list to /etc/hosts"
backup_dist /etc/hosts
tag_file /etc/hosts
echo >> /etc/hosts
echo "# Ceph servers:" >> /etc/hosts
for srv in $CEPH_SRV_NAMES; do
local line="$(eval echo \$CEPHIP_$srv) $srv.$REALM $srv"
local line
line="$(eval echo \$CEPHIP_$srv) $srv.$REALM $srv"
prnt m " - Adding line $line to /etc/hosts"
echo "$line" >> /etc/hosts
unset line
done
else
prnt W "Ceph servers already in /etc/hosts, nothing to do"
@@ -54,37 +63,59 @@ conf_ceph()
backup_dist /etc/fstab
prnt I "Adding ceph entries to /etc/fstab"
fstabchanged=true
tag_file /etc/fstab
echo >> /etc/fstab
local srvlist=$(echo $CEPH_SRV_NAMES | sed "s/ /,/g")
if [[ ! $(grep $srvlist /etc/fstab) ]]; then
local srvlist=${CEPH_SRV_NAMES// /,}
prnt I "Fetching secret $CEPH_SECRET..."
local secret
secret=$(fetch_secret "$CEPH_SECRET")
if ! grep -q "$srvlist" /etc/fstab; then
echo "# Ceph :" >> /etc/fstab
echo "$srvlist:/ /srv/ceph ceph defaults,_netdev,name=admin,secret=$CEPH_SECRET 0 0" >> /etc/fstab
for mnt in $CEPH_MOUNTS; do
local mp=$(eval echo \$CEPH_MP_$mnt)
mkdir -pv "$mp"
echo "$srvlist:/ $mp ceph defaults,_netdev,name=admin,secret=$secret,mds_namespace=$mnt 0 0" >> /etc/fstab
unset mp
done
else
prnt W "Ceph entry already in /etc/fstab, nothing to do"
fi
unset srvlist
unset srvlist secret
success=yes
elif [[ $CEPH_STATUS == smb ]]; then
pkginst smbclient
backup_dist /etc/fstab
prnt I "Adding Samba entries to /etc/fstab"
fstabchanged=true
echo >> /etc/fstab
if [[ ! $(grep $SMBSRV /etc/fstab) ]]; then
tag_file /etc/fstab
if ! grep -q "$SMBSRV" /etc/fstab; then
echo "# Samba:" >> /etc/fstab
echo "//$SMBSRV/share /srv/ceph/share cifs defaults,_netdev,username=root,password= 0 0" >> /etc/fstab
for mnt in $CEPH_MOUNTS; do
local mp=$(eval echo \$CEPH_MP_$mnt)
mkdir -pv $mp
echo "//$SMBSRV/$mnt $mp cifs defaults,_netdev,username=root,password= 0 0" >> /etc/fstab
unset $mp
done
else
prnt W "Samba entry already in /etc/fstab, nothing to do"
fi
success=yes
elif [[ $CEPH_STATUS == nfs ]]; then
tag_file /etc/fstab
# To be implemented
elif [[ $CEPH_STATUS == none ]]; then
prnt W "No alternative set for unsuported hardware, nothing will be done."
return 0
else
prnt E "Ceph status not understood, the next tasks will probably fail"
prnt E "Ceph status not understood, something is wrong."
return 1
fi
if [[ $success == yes ]]; then
if [[ ! $(grep "^/srv/ceph/share" /etc/fstab) ]]; then
fstabchanged=true
# Create some mount binds for convenience
# TODO: That part should be a different module with own configuration
if grep -q "^/srv/ceph/share" /etc/fstab; then
echo "/srv/ceph/share /share none defaults,_netdev,bind 0 0" >> /etc/fstab
if [[ $SHARED_HOME == 1 ]]; then
echo "/srv/ceph/share/home /home none defaults,_netdev,bind 0 0" >> /etc/fstab
@@ -94,18 +125,15 @@ conf_ceph()
prnt E "Failed creating original mount, not adding binded ones"
fi
if [[ $fstabchanged == true ]]; then
tag_file /etc/fstab
fi
unset fstabchanged
# Mount Ceph volumes if required
prnt I "Mounting ceph volumes"
[[ ! $(mount | grep "on /srv/ceph") ]] && mount -v /srv/ceph || mount -v /srv/ceph/share
[[ ! $(mount | grep "on /share") ]] && mount -v /share
if [[ $SHARED_HOME == "true" ]]; then
[[ ! $(mount | grep "on /home") ]] && mount -v /home
fi
for mnt in $CEPH_MOUNTS; do
if ! mountpoint -q "$(eval echo \$CEPH_MP_$mnt)"; then
mount -v "$(eval echo \$CEPH_MP_$mnt)" ||
prnt W "Error while mounting CEPH filesystem (check CEPH logs), ignoring"
fi
done
}
precheck_conf_ceph()
@@ -124,17 +152,24 @@ precheck_conf_ceph()
done
if [[ -z $CEPH_SECRET ]]; then
prnt E "CEPH secret key is not declared, can't continue!"
prnt I "If you don't want to put tour CEPH secret in configuration file,"
prnt I "If you don't want to put a CEPH secret var in configuration file,"
prnt m "you need to export it temporarily in your environment, using the"
prnt m "\"CEPH_SECRET\" variable."
exit 181
die 181
elif ! check_secret $CEPH_SECRET; then
prnt E "The declared $CEPH_SECRET is not accessible."
die 183
fi
if [[ -z $CEPH_MOUNTS ]]; then
prnt E "No CEPH mounts declared, despite reachable servers."
die 182
fi
else
prnt E "No CEPH server declared!"
die 182
fi
else
prnt W "System incompatible with ceph, falling back to samba..."
prnt W "System incompatible with ceph, falling back to Samba or NFS..."
fi
}

8
modules/conf_disks.sh
View File

@@ -16,7 +16,7 @@
# * CALCDRV: Target drives, preferably through ID.
# ------------------------------------------------------------------------------
export VER_conf_disks="0.0.9"
export VER_conf_disks="0.0.9-obsolete"
export DEP_conf_disks="upgrade_dist"
# ------------------------------------------------------------------------------
@@ -96,7 +96,7 @@ precheck_conf_disks()
prnt E "Format de disque inconnu ($CALCTYPE) !"
die 150
fi
prnt I "Vérification des lecteurs pour disque de calcul."
local drvcount=0
for drv in $CALCDRV; do
@@ -105,7 +105,7 @@ precheck_conf_disks()
prnt I "Le dique $drv est vierge, il sera formaté en $CALCTYPE."
else
prnt W "Le disque $drv n'est pas vierge !"
if [[ $FORCEBLANK==true ]]; then
if [[ $FORCEBLANK == true ]]; then
prnt W "Le disque $drv sera réinitialisé !"
else
prnt E "La réinitialisation de $drv n'est pas autorisé, rien ne sera fait !"
@@ -119,7 +119,7 @@ precheck_conf_disks()
(( drvcount+=1 ))
done
if [[ ! $CALCTYPE=="zfs" && drvcount -gt 1 ]]; then
if [[ ! $CALCTYPE == "zfs" && drvcount -gt 1 ]]; then
prnt E "Plusieurs diques impossibles avec Ext4 ou XFS !"
die 150
fi

2
modules/conf_locale.sh
View File

@@ -31,7 +31,7 @@ conf_locale()
# Removing locales not in the list
prnt I "Deactivating initial locales from installation..."
if [[ $(grep -v '^#' $gen_fname | grep -v -e '^[[:space:]]*$') ]]; then
if [[ -n $(grep -v '^#' $gen_fname | grep -v -e '^[[:space:]]*$') ]]; then
grep -v '^#' $gen_fname | grep -v -e '^[[:space:]]*$' |
while read -r line; do
sed -i "s/$line/# $line/" $gen_fname

6
modules/conf_mail.sh
View File

@@ -13,8 +13,8 @@
# * MAIL_RELAY: Name of the mail relay server
# ------------------------------------------------------------------------------
export VER_conf_mail="0.0.7"
export DEP_conf_mail="upgrade_dist"
export VER_conf_mail="0.0.8"
export DEP_conf_mail=""
conf_mail()
{
@@ -30,7 +30,7 @@ conf_mail()
-e "s/@MAIL_RELAY@/$MAIL_RELAY/" $pfmain
echo $HOSTNAME.$REALM > /etc/mailname
tag_file /etc/mailname
#tag_file /etc/mailname
svc_restart postfix
}

11
modules/conf_network.sh
View File

@@ -100,11 +100,10 @@ conf_network()
fi
done
prnt I "Trying to raise down iface up. Allready configured iface will require a reboot"
ifup -a || true && prnt W "Ignoring errors here."
prnt I "Restart network to apply changes"
svc_restart networking || true && prnt W "Ignoring errors here."
unset iface if_file
NEED_REBOOT=true
}
precheck_conf_network()
@@ -117,9 +116,9 @@ precheck_conf_network()
if [[ ! -d /sys/class/net/$iface ]]; then
prnt E "The iface $iface, asked to configure, do not exist!"
die 175
else
else
if [[ $(grep "up" /sys/class/net/$iface/operstate) ]]; then
prnt W "The IPv4 iface $iface, is already configured, a reboot will be required."
prnt W "The IPv4 iface $iface, is already configured, a reboot could be required."
fi
fi
if [[ -z $(eval echo \$NET4_MODE_$iface) ]]; then
@@ -157,7 +156,7 @@ precheck_conf_network()
die 175
else
if [[ $(grep "up" /sys/class/net/$iface/operstate) ]]; then
prnt W "The IPv6 iface $iface, is already configured, a reboot will be required."
prnt W "The IPv6 iface $iface, is already configured, a reboot could be required."
fi
fi
if [[ -z $(eval echo \$NET6_MODE_$iface) ]]; then

35
modules/conf_nfs.sh
View File

@@ -1,28 +1,43 @@
# ------------------------------------------------------------------------------
# Description of module conf_nfs
# Copyright (c) Year Your Name <your.mail@host.tld>
# Configure NFS mounts
# This file is part of the init.sh project
# Copyright (c) 2019-2023 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# <Licence header compatible with BSD-3 licence, you want to use>
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
# https://opensource.org/licenses/BSD-3-Clause
# ------------------------------------------------------------------------------
# Variable list:
# * <VARNAME>: role explaination
# * NFS_MOUNTS: list of mounts used in other variable names
# * MOUNTSERV_<mnt>: server acces to mount <mnt>
# * MOUNTPOINT_<mnt>: mount point for <mnt>
# * MOUNTOPTS_<mnt>: optionnaly, extra mount options for <mnt>
# ("defaults,_netdev" by default)
# ------------------------------------------------------------------------------
# Module version
export VER_conf_nfs="0.0.1"
export VER_conf_nfs="0.0.3"
# Module's code
conf_nfs()
{
pkginst nfs-common
for mnt in $NFS_MOUNTS; do
if [[ ! $(grep "$(eval echo \$MOUNTSERV_$mnt)/d" /etc/fstab) ]]; then
echo -e "$(eval echo \$MOUNTSERV_$mnt)\t$(eval echo \$MOUNTPOINT_$mnt)\tnfs4\tdefaults,_netdev\t0\t0" >> /etc/fstab
local mnt_serv=$(eval echo \$MOUNTSERV_$mnt)
local mnt_point=$(eval echo \$MOUNTPOINT_$mnt)
local mnt_opts=$(eval echo \$MOUNTOPTS_$mnt)
if [[ $(echo $mnt_opts | wc -w) == "0" ]]; then
mnt_opts="defaults,_netdev"
fi
if [[ ! -d $(eval echo \$MOUNTPOINT_$mnt) ]]; then
mkdir -pv $(eval echo \$MOUNTPOINT_$mnt)
if [[ -z $(grep "$mnt_serv" /etc/fstab) ]]; then
echo -e "${mnt_serv}\t${mnt_point}\tnfs4\t${mnt_opts}\t0\t0" >> /etc/fstab
fi
mount $(eval echo \$MOUNTPOINT_$mnt)
unset mnt_serv
if [[ ! -d $mnt_point ]]; then
mkdir -pv "$mnt_point"
fi
mount -v "$mnt_point"
unset mnt_point
done
}

27
modules/conf_ntp.sh
View File

@@ -11,7 +11,7 @@
# * NTPSERVERS: list of NTP servers
# ------------------------------------------------------------------------------
export VER_conf_ntp="0.1.6"
export VER_conf_ntp="0.2.0"
export DEP_conf_ntp=""
conf_ntp()
@@ -21,16 +21,13 @@ conf_ntp()
systemctl disable systemd-timesyncd || true
fi
NTP_SERV=${NTP_SERV:-ntp}
prnt I "Installing ntp daemon..."
pkginst ntp
pkginst $NTP_SERV
prnt I "Stopping service ntp..."
if [[ -n $NTP_SERV ]]; then
svc_stop $NTP_SERV
else
svc_stop ntp
fi
svc_stop $NTP_SERV
if [[ -n $NTP_SERV ]]; then
if [[ $NTP_SERV == ntpsec ]]; then
local conf_file="/etc/$NTP_SERV/ntp.conf"
else
local conf_file="/etc/ntp.conf"
@@ -38,15 +35,19 @@ conf_ntp()
prnt I "Installing NTP configuration file..."
local dest="${conf_file}.work"
backup_dist $conf_file
install_file ntp.conf $dest
tag_file $dest
backup_dist "$conf_file"
if [[ -s $NTP_SERV ]]; then
install_file ${NTP_SERV}.conf "$dest"
else
install_file ntp.conf "$dest"
fi
tag_file "$dest"
local line=""
for srv in $NTP_SERVERS; do
line="${line}server $srv iburst\n"
done
sed -i -e "s/@SERVERLIST@/$line/" $dest &&
mv -fv $dest $conf_file
sed -i -e "s/@SERVERLIST@/$line/" "$dest" &&
mv -fv "$dest" "$conf_file"
prnt I "Starting service ntp..."

2
modules/conf_ssh.sh
View File

@@ -12,7 +12,7 @@
# ------------------------------------------------------------------------------
export VER_conf_ssh="0.1.4"
export DEP_conf_ssh="upgrade_dist"
export DEP_conf_ssh=""
conf_ssh()
{

1
modules/conf_syslog.sh
View File

@@ -15,6 +15,7 @@ export VER_conf_syslog="0.0.5"
conf_syslog()
{
pkginst rsyslog
local syslogconf=/etc/rsyslog.conf
prnt I "Configuring rsyslog..."
backup_dist $syslogconf

2
modules/create_vm.sh
View File

@@ -11,7 +11,7 @@
# To be defined
# ------------------------------------------------------------------------------
export VER_create_vm="0.0.2"
export VER_create_vm="0.0.2-obsolete"
export DEP_create_vm="upgrade_dist install_pkg"
create_vm()

15
modules/install_chromium.sh
View File

@@ -32,13 +32,17 @@ install_chromium()
prnt I "Adding Debian Bullseye repository to software sources..."
install_file debian_bullseye.list /etc/apt/sources.list.d/
;;
22.04|22.10|23.04|23.10)
prnt I "Adding Debian Bookworm repository to software sources..."
install_file debian_bookworm.list /etc/apt/sources.list.d/
;;
esac
# Install Debian GPG keys
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys DCC9EFBF77E11517
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys AA8E81B4331F7F50
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 112695A0E562B32A
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "DCC9EFBF77E11517"
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "648ACFD622F3D138"
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "AA8E81B4331F7F50"
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "112695A0E562B32A"
# Install package manager conf file for Chromium
install_file apt_chromium.conf /etc/apt/preferences.d/
@@ -69,6 +73,9 @@ precheck_install_chromium()
20.04|20.10|21.04|21.10)
prnt m " * Detected Ubuntu $SYS_VER, will install Bullseye version of Chromium"
;;
22.04|22.10|23.04|23.10)
prnt m " * Detected Ubuntu $SYS_VER, will install Bookworm version of Chromium"
;;
*)
prnt E "Unable to determine the corresponding Debian version."
die 165

6
modules/install_desktop.sh
View File

@@ -16,7 +16,7 @@
# ------------------------------------------------------------------------------
export VER_install_desktop="0.0.5"
export DEP_install_desktop="upgrade_dist"
export DEP_install_desktop=""
install_desktop()
{
@@ -24,12 +24,12 @@ install_desktop()
prnt I "Installing additionnal X11 drivers..."
pkginst $X11_DRV
fi
if [[ $UBUNTU_FLAVOR ]]; then
if [[ -n $UBUNTU_FLAVOR ]]; then
prnt I "Installing $UBUNTU_FLAVOR environment..."
pkginst ${UBUNTU_FLAVOR}-desktop
fi
# Because we're lazy but manual actions can avoid reboot...
NEED_REBOOT=true
export NEED_REBOOT=true
}
precheck_install_desktop()

164
modules/install_mkagent.sh
View File

@@ -1,7 +1,7 @@
# ------------------------------------------------------------------------------
# Install check_mk agent using xinetd superserver
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2023 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -9,44 +9,164 @@
# ------------------------------------------------------------------------------
# Variable:
# * MK_SERVER: Server IP address
# * MK_PORT: Port check_mk agent will use to communicate with server
# * MK_SITE: The check_mk site (or instance) to use
# * MK_URL: The URL to use to download the agent
# * MK_SECRET: The secret to use to register the agent
# * MK_USER: The user to use to register
# ------------------------------------------------------------------------------
export VER_install_mkagent="0.0.6"
export DEP_install_mkagent="upgrade_dist install_pkg"
export VER_install_mkagent="0.1.0"
export DEP_install_mkagent=""
# ------------------------------------------------------------------------------
# Extract CheckMK version from the server
get_checkmk_version_from_server()
{
local ip="$1"
local site="${2:-$MK_SITE}"
local proto out v header
local re_version='[0-9]+\.[0-9]+(\.[0-9]+)?p?[0-9]+'
[[ -n "$MK_VERSION" ]] && { printf '%s' "$MK_VERSION"; return 0; }
for proto in http https; do
# 1) Tentative via version.py (souvent non protégée)
if out=$(curl -fsS --max-time 3 "$proto://$ip/$site/check_mk/version.py" 2>/dev/null); then
v=$(grep -oE "$re_version" <<<"$out" | head -n1)
[[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
fi
# 2) Tentative via login.py (page de connexion)
if out=$(curl -fsS --max-time 3 "$proto://$ip/$site/check_mk/login.py" 2>/dev/null); then
v=$(grep -oE "$re_version" <<<"$out" | grep -vE '2\.[0-9]{1,3}\.[0-9]{2,3}' | head -n1)
[[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
fi
# 3) En-têtes HTTP éventuels
header=$(curl -fsSI --max-time 3 "$proto://$ip/$site/" 2>/dev/null || true)
if [[ -n "$header" ]]; then
v=$(grep -oiE "$re_version" <<<"$header" | head -n1)
[[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
fi
# 4) Fallback : page d'accueil, mais filtrer les faux positifs du JS
out=$(curl -fsS --max-time 5 "$proto://$ip/$site/" 2>/dev/null || true)
if [[ -n "$out" ]]; then
# Filtre plus strict : commence par 1.x ou 2.x et max 2 chiffres après le point
v=$(grep -oE "$re_version" <<<"$out" \
| grep -E '^2\.[0-9]+(\.[0-9]+)?p?[0-9]*$' \
| grep -vE '\.[0-9]{3,}' \
| head -n1)
[[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
fi
done
return 1
}
install_mkagent()
{
wget $MK_URL -O /tmp/check-mk-agent_${MK_VERSION}_all.deb
pkginst xinetd /tmp/check-mk-agent_${MK_VERSION}_all.deb
rm /tmp/check-mk-agent_${MK_VERSION}_all.deb
local debfile="/tmp/check-mk-agent_latest_all.deb"
prnt I "Downloading CheckMK agent from: $MK_URL"
backup_dist /etc/xinetd.d/check_mk
install_file cmk/check_mk /etc/xinetd.d/check_mk
tag_file /etc/xinetd.d/check_mk
sed -i -e "s/@MK_SERVER_IP@/$MK_SERVER_IP/" /etc/xinetd.d/check_mk
# try primary URL
if ! wget -q "$MK_URL" -O "$debfile"; then
prnt W "Primary download failed. Attempting to detect server version and fallback..."
local mkver
mkver=$(get_checkmk_version_from_server "$MK_SERVER_IP" 2>/dev/null || true)
mkdir -pv /usr/lib/check_mk_agent/plugins/28800
install_file cmk/mk_apt /usr/lib/check_mk_agent/plugins/28800/mk_apt
if [[ -n "$mkver" ]]; then
prnt I "Detected Check_MK version: $mkver — building fallback URL"
# replace the literal 'latest' token in MK_URL with the detected version
local fallback_url
fallback_url="${MK_URL/latest/$mkver-1}"
prnt I "Trying fallback URL: $fallback_url"
if ! wget -q "$fallback_url" -O "$debfile"; then
prnt E "Fallback download with version $mkver failed."
die 163
fi
else
prnt E "Unable to detect Check_MK version on $MK_SERVER_IP and primary download failed."
die 163
fi
fi
svc_restart xinetd
# On non-systemd systems, install xinetd before the .deb to avoid postinst failures
if ! pidof systemd >/dev/null; then
pkginst xinetd
fi
# Install agent package
pkginst "$debfile"
rm -f "$debfile"
# Enable service depending on init system
if pidof systemd >/dev/null; then
systemctl enable --now check-mk-agent.socket
else
backup_dist /etc/xinetd.d/check-mk-agent
install_file cmk/check_mk /etc/xinetd.d/check-mk-agent
tag_file /etc/xinetd.d/check-mk-agent
sed -i -e "s/@MK_SERVER_IP@/$MK_SERVER_IP/" /etc/xinetd.d/check-mk-agent
svc_restart xinetd
fi
# Debian plugin
if [[ $PKG_MAN == "apt-get" ]]; then
mkdir -pv /usr/lib/check_mk_agent/plugins/3600
install_file cmk/mk_apt /usr/lib/check_mk_agent/plugins/3600/mk_apt
fi
# Registration (if secret provided)
if [[ -n $MK_SECRET ]]; then
local secret
prnt I "Fetching secret $MK_SECRET..."
secret=$(fetch_secret "$MK_SECRET")
if [[ -e /var/lib/cmk-agent/cmk-agent-ctl.gz ]]; then
gunzip -v -f /var/lib/cmk-agent/cmk-agent-ctl.gz
chmod -v +x /var/lib/cmk-agent/cmk-agent-ctl
fi
if [[ -x /var/lib/cmk-agent/cmk-agent-ctl ]]; then
/var/lib/cmk-agent/cmk-agent-ctl register \
--hostname "$HOSTNAME" \
--server "$MK_SERVER_IP" \
--site "$MK_SITE" \
--user "$MK_USER" \
--password "$secret"
else
prnt W "Agent control tool not found; skipping registration."
fi
unset secret
else
prnt W "No secret configured, agent cannot be registered."
fi
}
precheck_install_mkagent()
{
if [[ -z $MK_VERSION ]]; then
prnt E "Undeclared check_mk version of the agent to install."
die 162
if [[ -z $MK_SITE ]]; then
prnt E "Undeclared check_mk site to use."
die 162
fi
if [[ -z $MK_URL ]]; then
prnt E "Undeclared check_mk download URL."
die 162
prnt E "Undeclared check_mk download URL."
die 162
fi
if [[ -z $MK_SERVER_IP ]]; then
prnt E "Undeclared check_mk server."
die 162
prnt E "Undeclared check_mk server."
die 162
fi
if [[ $PKG_MAN == "apt-get" ]]; then
file_must_exists cmk/check_mk cmk/mk_apt
fi
if [[ -z $MK_SECRET ]]; then
prnt W "No secret set for CheckMK, registration won't be possible."
if [[ -z $MK_USER ]]; then
prnt E "A CheckMK user is required to register."
die 162
fi
fi
file_must_exists cmk/check_mk cmk/mk_apt
}
export -f install_mkagent

6
modules/install_pkg.sh
View File

@@ -25,7 +25,7 @@ install_pkg()
fi
# Blacklist some anoying packages (and remove them if needed)
if [[ -n PKGS_BLACKLIST ]]; then
if [[ -n $PKGS_BLACKLIST ]]; then
for pkg in $PKGS_BLACKLIST; do
prnt I "Placing $pkg into the blacklist..."
local dest=/etc/apt/preferences.d/blacklist_$pkg
@@ -51,13 +51,13 @@ install_pkg()
precheck_install_pkg()
{
if [[ -z PKGS_RMLIST ]]; then
if [[ -z $PKGS_RMLIST ]]; then
prnt m " * No package to remove."
else
prnt m " * $(echo $PKGS_RMLIST | wc -w) package to remove."
fi
if [[ -z PKGS_BLACKLIST ]]; then
if [[ -z $PKGS_BLACKLIST ]]; then
prnt m " * The packages $pkg will be placed into the blacklist !"
file_must_exists pkgman/blacklist.conf
else

2
modules/install_profile.sh
View File

@@ -30,7 +30,7 @@ install_profile()
#tag_file $usr/.tmux.conf{,.local}
if [[ ! -d $usr/profile ]]; then
(
cd $usr
cd $usr || return 205
git config --global http.sslverify false
git clone https://git.geoffray-levasseur.org/fatalerrors/profile.git
git config --global http.sslverify true

4
modules/patch_snmp.sh
View File

@@ -8,8 +8,8 @@
# https://opensource.org/licenses/BSD-3-Clause
# ------------------------------------------------------------------------------
export VER_patch_snmp="0.1.2"
export DEP_patch_snmp="install_pkg"
export VER_patch_snmp="0.1.3"
export DEP_patch_snmp=""
patch_snmp()
{

4
modules/select_system_proxy.sh
View File

@@ -9,7 +9,7 @@
# ------------------------------------------------------------------------------
export VER_select_system_proxy="0.0.5"
export DEP_select_system_proxy="upgrade_dist"
export DEP_select_system_proxy=""
select_system_proxy()
{
@@ -20,7 +20,7 @@ select_system_proxy()
else
prnt I "No proxy configuration set, nothing to do."
fi
NEED_REBOOT=true
export NEED_REBOOT=true
}
precheck_select_system_proxy()

72
modules/upgrade_dist.sh
View File

@@ -13,14 +13,19 @@
# * PROXY_APT_PORT: Working port for APT proxy if one declared
# * PROXY_SRV: General purpose proxy if PROXY_APT is undefined
# * PROXY_SRV_PORT: Working port for general purpose proxy if one declared
# TODO: Split apt conf and actuel update to avoid repeating configuration if
# for a reason apt fail
# TODO: This is Debian only, make this universal (at least yum/dnf compatible)
# ------------------------------------------------------------------------------
export VER_upgrade_dist="0.2.3"
export VER_upgrade_dist="0.3.0"
# As aptitude might fail if clock is too far from real time, we need to depend
# on ntp
export DEP_upgrade_dist="conf_ntp"
export SOURCE_EXT="${SOURCE_EXT:-list}"
upgrade_dist()
{
local proxyfile=/etc/apt/apt.conf.d/00proxy
@@ -29,30 +34,47 @@ upgrade_dist()
# We backup entire apt dir
backup_dist /etc/apt
prnt I "Basic apt configuration..."
tag_file $norecommend
echo 'APT::Install-Recommends "false";' >> $norecommends
echo 'APT::AutoRemove::RecommendsImportant "false";' >> $norecommends
echo 'APT::AutoRemove::SuggestsImportant "false";' >> $norecommends
# TODO: No recommend section should be optionnal
tag_file $norecommends
{
echo 'APT::Install-Recommends "false";'
echo 'APT::AutoRemove::RecommendsImportant "false";'
echo 'APT::AutoRemove::SuggestsImportant "false";'
} >> $norecommends
prnt I "Configuring proxy for APT..."
if [[ -n $PROXY_APT ]]; then
if [[ ! -d $(dirname $proxyfile) ]]; then
mkdir -pv $(dirname $proxyfile) || (
prnt E "Impossible to create directory to receive APT configuration."
die 60
)
fi
tag_file $proxyfile
echo "Acquire::http::Proxy \"http://${PROXY_APT}:${PROXY_APT_PORT}\";" >> $proxyfile
if [[ ! -d $(dirname $proxyfile) ]]; then
mkdir -pv "$(dirname $proxyfile)" || (
prnt E "Impossible to create directory to receive APT configuration."
die 60
)
else
# Cleanup
if [[ -s $proxyfile ]]; then
true > "$proxyfile"
fi
if grep -q "^Acquire::http::Proxy" /etc/apt/apt.conf; then
sed -i -e "/^Acquire::http::Proxy/d" /etc/apt/apt.conf
fi
fi
tag_file $proxyfile
echo "Acquire::http::Proxy \"http://${PROXY_APT}:${PROXY_APT_PORT}\";" >> $proxyfile
elif [[ -n $PROXY_SRV ]]; then
tag_file $proxyfile
echo "Acquire::http::Proxy \"http://${PROXY_SRV}:${PROXY_SRV_PORT}\";" >> $proxyfile
tag_file $proxyfile
echo "Acquire::http::Proxy \"http://${PROXY_SRV}:${PROXY_SRV_PORT}\";" >> $proxyfile
else
prnt I "No proxy configured, nothing to do."
prnt I "No proxy configured, nothing to do."
fi
# Remplace source.list from dist with ours (be smarter)
install_file "pkgman/${SYS_DIST}_${SYS_VER}.list" /etc/apt/sources.list
if [[ NO_MAIN_SOURCE == true ]]; then
install_file "pkgman/${SYS_DIST}_${SYS_VER}.list" "/etc/apt/sources.list.d/debian.${SOURCE_EXT}"
else
# We don't use SOURCE_EXT
install_file "pkgman/${SYS_DIST}_${SYS_VER}.list" "/etc/apt/sources.list"
fi
prnt I "Updating package list..."
pkgupdt
@@ -69,18 +91,22 @@ precheck_upgrade_dist()
prnt I "Checking network connectivity..."
if [[ $(noerror wget -q --tries=10 --timeout=20 --spider http://www.tetaneutral.net) != 0 ]]; then
prnt E "It seems network configuration is not functionnal! Giving up."
die 160
prnt E "It seems network configuration is not functionnal! Giving up."
die 160
fi
if [[ -n $PROXY_APT && -z $PROXY_APT_PORT ]]; then
prnt E "An APT proxy server have been specified but not its working port."
die 160
prnt E "An APT proxy server have been specified but not its working port."
die 160
fi
if [[ -n $PROXY_SRV && -z $PROXY_SRV_PORT ]]; then
prnt E "A general proxy server have been specified but not its working port."
die 160
prnt E "A general proxy server have been specified but not its working port."
die 160
fi
file_must_exists pkgman/${SYS_DIST}_${SYS_VER}.list
if [[ -z $NO_MAIN_SOURCE ]]; then
prnt E "A required variable to configure apt is not defined."
die 160
fi
}
cron_upgrade_dist()

53
repo/common/ntpsec.conf Normal file
View File

@@ -0,0 +1,53 @@
# /etc/ntpsec/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile /var/lib/ntpsec/ntp.drift
leapfile /usr/share/zoneinfo/leap-seconds.list
# To enable Network Time Security support as a server, obtain a certificate
# (e.g., with Let's Encrypt), place the cert and key in the paths below, and
# uncomment:
# nts cert /etc/ntpsec/cert-chain.pem
# nts key /etc/ntpsec/key.pem
# nts enable
# You must create /var/log/ntpsec (owned by ntpsec:ntpsec) to enable logging.
#statsdir /var/log/ntpsec/
#statistics loopstats peerstats clockstats
#filegen loopstats file loopstats type day enable
#filegen peerstats file peerstats type day enable
#filegen clockstats file clockstats type day enable
# This should be maxclock 7, but the pool entries count towards maxclock.
tos maxclock 11
# Comment this out if you have a refclock and want it to be able to discipline
# the clock by itself (e.g. if the system is not connected to the network).
tos minclock 4 minsane 3
# Specify one or more NTP servers.
# Public NTP servers supporting Network Time Security:
# server time.cloudflare.com nts
@SERVERLIST@
# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
# pick a different set every time it starts up. Please consider joining the
# pool: <https://www.pool.ntp.org/join.html>
#pool 0.debian.pool.ntp.org iburst
#pool 1.debian.pool.ntp.org iburst
#pool 2.debian.pool.ntp.org iburst
#pool 3.debian.pool.ntp.org iburst
# Access control configuration; see /usr/share/doc/ntpsec-doc/html/accopt.html
# for details.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
restrict default kod nomodify noquery limited
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

15
repo/common/pkgman/debian_10.list
View File

@@ -1,5 +1,10 @@
# Basic Debian Buster repositories
deb http://deb.debian.org/debian buster main
deb http://deb.debian.org/debian buster-updates main
deb http://deb.debian.org/debian-security buster/updates main
# Basic Debian Buster repositories
deb http://deb.debian.org/debian buster main contrib non-free
deb-src http://deb.debian.org/debian buster main contrib non-free
deb http://deb.debian.org/debian buster-updates main contrib non-free
deb-src http://deb.debian.org/debian buster-updates main contrib non-free
deb http://deb.debian.org/debian-security buster/updates main contrib non-free
deb-src http://deb.debian.org/debian-security buster/updates main contrib non-free

24
repo/common/pkgman/debian_11.list
View File

@@ -1,20 +1,10 @@
# deb cdrom:[Debian GNU/Linux 11.0.0 _Bullseye_ - Official amd64 NETINST 20210814-10:07]/ bullseye main
# Basic debian Bullseye reop
#deb cdrom:[Debian GNU/Linux 11.0.0 _Bullseye_ - Official amd64 NETINST 20210814-10:07]/ bullseye main
deb http://debian.univ-tlse2.fr/debian/ bullseye main contrib non-free
deb-src http://debian.univ-tlse2.fr/debian/ bullseye main contrib non-free
deb http://debian.univ-tlse2.fr/debian/ bullseye main contrib
deb-src http://debian.univ-tlse2.fr/debian/ bullseye main contrib
deb http://security.debian.org/debian-security bullseye-security main contrib non-free
deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free
deb http://security.debian.org/debian-security bullseye-security main contrib
deb-src http://security.debian.org/debian-security bullseye-security main contrib
# bullseye-updates, to get updates before a point release is made;
# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb http://debian.univ-tlse2.fr/debian/ bullseye-updates main contrib
deb-src http://debian.univ-tlse2.fr/debian/ bullseye-updates main contrib
# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.
deb http://debian.univ-tlse2.fr/debian/ bullseye-updates main contrib non-free
deb-src http://debian.univ-tlse2.fr/debian/ bullseye-updates main contrib non-free

10
repo/common/pkgman/debian_12.list Normal file
View File

@@ -0,0 +1,10 @@
# Basic Debian Bookworm repo
deb http://debian.univ-tlse2.fr/debian/ bookworm main contrib non-free non-free-firmware
deb-src http://debian.univ-tlse2.fr/debian/ bookworm main contrib non-free non-free-firmware
deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
deb-src http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
deb http://debian.univ-tlse2.fr/debian/ bookworm-updates main contrib non-free non-free-firmware
deb-src http://debian.univ-tlse2.fr/debian/ bookworm-updates main contrib non-free non-free-firmware

4
repo/common/pkgman/devuan_3.list
View File

@@ -5,5 +5,5 @@ deb-src http://fr.deb.devuan.org/merged beowulf main contrib non-free
deb http://fr.deb.devuan.org/merged beowulf-updates main contrib non-free
deb-src http://fr.deb.devuan.org/merged beowulf-updates main contrib non-free
deb http://fr.deb.devuan.org/merged beowulf-backports main contrib non-free
deb-src http://fr.deb.devuan.org/merged beowulf-backports main contrib non-free
deb http://fr.deb.devuan.org/merged beowulf-security main contrib non-free
deb-src http://fr.deb.devuan.org/merged beowulf-security main contrib non-free

4
repo/common/pkgman/devuan_4.list
View File

@@ -5,5 +5,5 @@ deb-src http://fr.deb.devuan.org/merged chimaera main contrib non-free
deb http://fr.deb.devuan.org/merged chimaera-updates main contrib non-free
deb-src http://fr.deb.devuan.org/merged chimaera-updates main contrib non-free
deb http://fr.deb.devuan.org/merged chimaera-backports main contrib non-free
deb-src http://fr.deb.devuan.org/merged chimaera-backports main contrib non-free
deb http://fr.deb.devuan.org/merged chimaera-security main contrib non-free
deb-src http://fr.deb.devuan.org/merged chimaera-security main contrib non-free

14
repo/common/pkgman/devuan_5.list
View File

@@ -1,9 +1,9 @@
#
deb http://fr.deb.devuan.org/merged daedalus main contrib non-free
deb-src http://fr.deb.devuan.org/merged daedalus main contrib non-free
#
deb http://fr.deb.devuan.org/merged daedalus main contrib non-free non-free-firmware
deb-src http://fr.deb.devuan.org/merged daedalus main contrib non-free non-free-firmware
#deb http://fr.deb.devuan.org/merged daedalus-updates main contrib non-free
#deb-src http://fr.deb.devuan.org/merged daedalus-updates main contrib non-free
deb http://fr.deb.devuan.org/merged daedalus-updates main contrib non-free non-free-firmware
deb-src http://fr.deb.devuan.org/merged daedalus-updates main contrib non-free non-free-firmware
#deb http://fr.deb.devuan.org/merged daedalus-backports main contrib non-free
#deb-src http://fr.deb.devuan.org/merged daedalus-backports main contrib non-free
deb http://fr.deb.devuan.org/merged daedalus-security main contrib non-free non-free-firmware
deb-src http://fr.deb.devuan.org/merged daedalus-security main contrib non-free non-free-firmware

10
repo/common/pkgman/devuan_6.list Normal file
View File

@@ -0,0 +1,10 @@
deb http://fr.deb.devuan.org/merged excalibur main non-free-firmware contrib
deb-src http://fr.deb.devuan.org/merged excalibur main non-free-firmware contrib
deb http://fr.deb.devuan.org/merged excalibur-security main non-free-firmware contrib
deb-src http://fr.deb.devuan.org/merged excalibur-security main non-free-firmware contrib
# excalibur-updates, to get updates before a point release is made;
# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb http://fr.deb.devuan.org/merged excalibur-updates main non-free-firmware contrib
deb-src http://fr.deb.devuan.org/merged excalibur-updates main non-free-firmware contrib

Some files were not shown because too many files have changed in this diff Show More