fatalerrors/init.sh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: fatalerrors:a23fb505b336d0fdd4b47ca69394d89dd855c8f1
Branches Tags
fatalerrors:master
..
compare: fatalerrors:master
Branches Tags
fatalerrors:master

65 Commits
a23fb505b3 ... master

Author SHA1 Message Date
fatalerrors
a229263c25 reconfigure arayat 2025-10-30 15:56:40 +01:00
fatalerrors
6865b4f967 fix download file name 2025-10-30 15:56:40 +01:00
fatalerrors
cbea670dd8 conf update 2025-10-18 10:58:39 +02:00
fatalerrors
cf76b4e7c3 typos 2025-10-16 18:05:27 +02:00
fatalerrors
900801e27c remove way too long ago obsolete file 2025-10-16 16:09:05 +02:00
fatalerrors
f7bdab1bdb created var management lib, embryo removed from filefct lib 2025-10-16 15:36:35 +02:00
fatalerrors
1132d20796 detect mk version if latest not provided, install xinetd before agent where required 2025-10-16 15:28:46 +02:00
root
cf631ea9a3 adapted to devuan excalibur 2025-10-02 21:33:32 +02:00
fatalerrors
8985f3114f added new debian/devuan versions 2025-10-02 19:38:30 +02:00
fatalerrors
aea656675b add output, made some command verbose 2025-09-25 22:37:58 +02:00
fatalerrors
fdce8fd76d typo 2025-09-25 22:24:23 +02:00
fatalerrors
f2e3d3e3b9 latest not provided, back to fixed version 2025-09-25 22:22:18 +02:00
fatalerrors
6343d4185d premature ip change 2025-09-25 22:16:14 +02:00
fatalerrors
717b240d02 fix ceph mount point creation 2025-09-25 22:13:30 +02:00
fatalerrors
3e4ac11d5b fix typo 2025-09-25 22:02:48 +02:00
fatalerrors
5dfcfb383a typo 2025-09-25 22:01:51 +02:00
fatalerrors
1251ae519f fix comment 2025-09-25 21:55:38 +02:00
fatalerrors
7c5f280039 test over 2025-09-25 21:55:06 +02:00
fatalerrors
6538bb0305 test 2025-09-25 21:44:15 +02:00
fatalerrors
59acdb2ac8 typo 2025-09-25 21:37:32 +02:00
fatalerrors
e3714fb61d conf updated 2025-09-25 21:36:24 +02:00
fatalerrors
850831f51c restart network will have better success 2025-09-25 21:35:59 +02:00
fatalerrors
57cf93ac41 rework conf_ntp module 2025-09-25 20:44:35 +02:00
fatalerrors
e32501537d fusion commit 2025-09-25 20:42:59 +02:00
fatalerrors
b894c793c1 fix variable name 2025-09-25 10:54:18 +02:00
fatalerrors
7e8b3fb656 fix typo 2025-09-24 18:37:27 +02:00
fatalerrors
a05f3b25ab depends on ceph to install ceph... 2025-09-24 18:05:23 +02:00
fatalerrors
624b8d4c6e revert redirection change, change approach 2025-09-24 18:01:27 +02:00
fatalerrors
da53bfd721 version bump 2025-09-24 17:24:55 +02:00
fatalerrors
834cb9d307 prnt now output to STDERR allowing printing in functions returning results on STDOUT 2025-09-24 17:23:22 +02:00
fatalerrors
90be985777 fixed error on file detection 2025-09-24 17:00:56 +02:00
fatalerrors
ccc973c5ef check secret availability before run 2025-09-24 16:51:25 +02:00
fatalerrors
9803c4b312 added secrets availability checks 2025-09-24 16:50:42 +02:00
fatalerrors
a3b69a7c88 updated README file 2025-09-24 15:41:04 +02:00
fatalerrors
1e277ac209 fixed secret lib 2025-09-24 15:40:29 +02:00
fatalerrors
a02cb3b3bd prepare for rework, in near future, typo 2025-09-24 15:17:14 +02:00
fatalerrors
1d45ceec9b fix typo, minor optimisation, identation fix 2025-09-24 12:32:00 +02:00
fatalerrors
453c2d84f7 conf change 2025-09-24 12:23:38 +02:00
fatalerrors
af0d6c51a8 updated conf to new version of ceph module 2025-09-24 12:20:17 +02:00
fatalerrors
5ae7fd861b optimisation and correction 2025-09-24 12:08:09 +02:00
fatalerrors
34c917d2d2 use fetch_secret for ceph secret 2025-09-22 18:37:42 +02:00
fatalerrors
1a23968a9d updated gl.conf to new checkmk module 2025-09-22 18:35:37 +02:00
fatalerrors
dab7132d31 reworked the checkmk module 2025-09-22 18:34:48 +02:00
fatalerrors
d292e0e486 added secret management lib 2025-09-22 18:33:55 +02:00
fatalerrors
10e2150353 updated ntp.conf to modern ntpsec serveur 2025-09-19 15:31:29 +02:00
fatalerrors
9144f48000 adapt to modern ntp.conf file used by ntpsec 2025-09-16 12:10:30 +02:00
fatalerrors
a0889fe3ee add ntpsec specific configuration 2025-09-16 12:06:13 +02:00
fatalerrors
40b4428ebc first shot of Ceph rework 2025-08-11 20:04:58 +02:00
fatalerrors
bb53e99894 made user manipulation functions usable for a list of users 2025-08-11 20:03:46 +02:00
fatalerrors
7319aec087 moved user manipulation functions in lib 2025-08-11 20:02:42 +02:00
root
450c74e1b1 conf: added nisyros 2025-04-24 22:17:52 +02:00
fatalerrors
c4d891bdf9 conf update 2 2025-03-25 12:16:25 +01:00
fatalerrors
63bd14a221 conf update 2025-03-25 11:20:37 +01:00
fatalerrors
84a90cefaa Updated copyright info, added separators and missing exports 2024-11-01 22:25:15 +01:00
fatalerrors
ee28727313 Merge branch 'master' of https://git.geoffray-levasseur.org/fatalerrors/init.sh 2024-10-23 20:09:05 +02:00
fatalerrors
dfb05f40fd fix bug when giving config file through command line 2024-10-23 20:07:50 +02:00
fatalerrors
c258e698ab added proxy cleanup before changing it 2024-10-23 20:02:08 +02:00
fatalerrors
81d7f68a19 cleaned debian and devuan repository mess 2024-09-20 19:05:29 +02:00
fatalerrors
7ed72e1c70 long ago, upgrade_dist was required, not any more some module unmaintained marked obsolete 2024-09-20 18:53:56 +02:00
fatalerrors
b244ad8ef3 fixed conf on latukan 2024-09-20 18:08:47 +02:00
fatalerrors
66dd6f2843 updated check_mk version 2024-09-20 17:04:06 +02:00
fatalerrors
574b57001e bugfix on install_mkagent and patch_snmp 2024-09-20 16:38:26 +02:00
fatalerrors
092dd214c1 latukan conf change 2024-09-20 16:36:58 +02:00
fatalerrors
ba112e9ed9 some checkmk installation adjustment 2024-02-06 11:48:22 +01:00
fatalerrors
e207168ae7 configuration changes 2024-02-06 11:47:46 +01:00
59 changed files with 1355 additions and 508 deletions
Expand all files Collapse all files

8
README.md
View File

@@ -328,6 +328,12 @@ The following table is giving a list of error codes with explanation:
| 18 | Module file don't exists or is empty |
| 20 | Ambigous realm with autodetection |
| 21 | Unconsistant directory structure with configured realm |
| 22 | Required secret management software missing |
| 23 | Secret key not found in secret database |
| 24 | File is not readable |
| 25 | Needed variable not set or not declared |
| 26 | Secret reference missing or malformed |
| 27 | Unknown secret reference |
| 50..100 | Error in module execution |
| 126 | Command exists but is not executable |
| 127 | Command not found |
@@ -394,7 +400,7 @@ You can mail author to fatalerrors \<at\> geoffray-levasseur \<dot\> org.
-----------------------------------------------------------------------------
Documentation (c) 2019-2022 Geoffray Levasseur.
Documentation (c) 2019-2025 Geoffray Levasseur.
This file is distributed under3-clause BSD license. The complete license
agreement can be obtained at: https://opensource.org/licenses/BSD-3-Clause

4
README.txt
View File

@@ -1,4 +0,0 @@
This is deployment scripts for LEGOS git repository created on 2021-05-31-11:31:04
An english version for general purpose is available at https://www.geoffray-levasseur.org/init
Check README.md for details.

6
conf/auto/debian-13.conf.sh Normal file
View File

@@ -0,0 +1,6 @@
# Check debian.conf file for general declaration
# This is specific for version 13
export NTP_SERV=ntpsec
export SOURCE_EXT=source
export NO_MAIN_SOURCE=true

3
conf/auto/debian.conf.sh
View File

@@ -19,6 +19,9 @@ export COM_AUTOREM="autoremove --purge -y"
# This is not used by init.sh
export DEBIAN_FRONTEND=noninteractive
# Configure how apt behave regarding source.list files
export NO_MAIN_SOURCE=false
# Conf chemin
export RC_SCRIPTS_PATH="/etc/init.d"

4
conf/auto/devuan-6.conf.sh Normal file
View File

@@ -0,0 +1,4 @@
# Check devuan.conf file for general declaration
# This is specific for version 6
export NTP_SERV=ntpsec

6
conf/geoffray-levasseur.org/arayat.conf.sh
View File

@@ -41,10 +41,10 @@ NET4_NS_eth0="192.168.1.205 192.168.1.206"
NET4_NS_SEARCH_eth0=$REALM
NET4_MODE_eth1="static"
NET4_IP_eth1="192.168.74.220/24"
NET4_IP_eth1="192.168.74.100/24"
NET4_MODE_eth2="static"
NET4_IP_eth2="10.0.254.220/16"
NET4_IP_eth2="10.42.250.100/16"
IPV6_IFACES="eth0 eth1"
@@ -63,7 +63,7 @@ NET6_IP_eth1="2a03:7220:8081:b34a::dc/64"
INTALL_MODE=full
# Paquets additionnels
PKGSEL="$PKGSEL iptables fail2ban curl"
PKGSEL="$PKGSEL iptables curl"
# ------------------------------------------------------------------------------
# -------------------------- Section modules d'init ----------------------------

4
conf/geoffray-levasseur.org/banahaw.conf.sh
View File

@@ -37,8 +37,8 @@ NET4_GW_eth0="192.168.1.230"
NET4_NS_eth0="192.168.1.205 192.168.1.206"
NET4_NS_SEARCH_eth0=$REALM
NET4_MODE_eth2="static"
NET4_IP_eth2="10.42.0.201/16"
NET4_MODE_eth1="static"
NET4_IP_eth1="10.42.0.201/16"
IPV6_IFACES=""

74
conf/geoffray-levasseur.org/biliran.conf.sh Normal file
View File

@@ -0,0 +1,74 @@
# Fichier de configuration principal
# ------------------------------------------------------------------------------
# -------------------- Importation de paramêtres globaux -----------------------
# ------------------------------------------------------------------------------
# Importe les paramètres geoffray-levasseur.org
. $MYPATH/conf/includes/gl.conf.sh
# Importe la sélection de paquets par défaut
. $MYPATH/conf/includes/pkgsel.base.conf.sh
# Les paramètres précédemment importés sont surchargeable après cette ligne
# ------------------------------------------------------------------------------
# ------------------------------ General Section -------------------------------
# ------------------------------------------------------------------------------
# User of the machine (must exists)
MAINUSER=root
# Pilotes X11 non libre à installer ?
#X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
# Authentication: use LDAP+Kerberos ?
WITH_LDAP_KERB=no
# Users to create, add or remove
#LOCAL_USERS="$MAINUSER"
#REMOTE_USERS="kroot"
REMOVE_USERS=fatal
# Network
IPV4_IFACES="eth0 eth1 eth2"
NET4_MODE_eth0="static"
NET4_IP_eth0="192.168.1.202/24"
NET4_GW_eth0="192.168.1.230"
NET4_NS_eth0="192.168.1.205 192.168.1.206"
NET4_NS_SEARCH_eth0=$REALM
NET4_MODE_eth1="static"
NET4_IP_eth1="192.168.74.220/24"
NET4_MODE_eth2="static"
NET4_IP_eth2="10.42.250.220/16"
IPV6_IFACES=""
NET6_MODE_eth0="static"
NET6_IP_eth0="2a03:7220:8081:b301::cd/64"
NET6_GW_eth0="2a03:7220:8081:b301::e6"
NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
NET6_NS_SEARCH_eth0=$REALM
NET6_MODE_eth1="static"
NET6_IP_eth1="2a03:7220:8081:b34a::ce/64"
# Mode d'installation :
# * dev : installe les paquets un par un avec apt (lent)
# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
INTALL_MODE=full
# Paquets additionnels
PKGSEL="$PKGSEL"
# ------------------------------------------------------------------------------
# -------------------------- Section modules d'init ----------------------------
# ------------------------------------------------------------------------------
# Liste des modules à executer (surchargeable en ligne de commande)
MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
conf_mail install_pkg install_profile patch_snmp install_mkagent \
conf_syslog conf_network"

22
conf/geoffray-levasseur.org/labo.conf.sh
View File

@@ -26,12 +26,10 @@ MAINUSER=root
WITH_LDAP_KERB=no
# Users to create, add or remove
#LOCAL_USERS="$MAINUSER"
#REMOTE_USERS="kroot"
REMOVE_USERS="fatal"
# Network
IPV4_IFACES="eth0 eth1 eth2"
IPV4_IFACES="eth0 eth1"
NET4_MODE_eth0="static"
NET4_IP_eth0="192.168.1.207/24"
@@ -40,15 +38,15 @@ NET4_NS_eth0="192.168.1.205 192.168.1.206"
NET4_NS_SEARCH_eth0=$REALM
NET4_MODE_eth1="static"
NET4_IP_eth1="10.0.254.207/16"
NET4_IP_eth1="10.42.250.180/16"
IPV6_IFACES="eth0"
IPV6_IFACES=""
NET6_MODE_eth0="static"
NET6_IP_eth0="2a03:7220:8081:b301::cf/64"
NET6_GW_eth0="2a03:7220:8081:b301::e6"
NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
NET6_NS_SEARCH_eth0=$REALM
#NET6_MODE_eth0="static"
#NET6_IP_eth0="2a03:7220:8081:b301::cf/64"
#NET6_GW_eth0="2a03:7220:8081:b301::e6"
#NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
#NET6_NS_SEARCH_eth0=$REALM
# Mode d'installation :
# * dev : installe les paquets un par un avec apt (lent)
@@ -56,7 +54,7 @@ NET6_NS_SEARCH_eth0=$REALM
INTALL_MODE=full
# Paquets additionnels
PKGSEL="$PKGSEL nsd"
PKGSEL="$PKGSEL nsd ldnsutils haveged"
# ------------------------------------------------------------------------------
# -------------------------- Section modules d'init ----------------------------
@@ -64,5 +62,5 @@ PKGSEL="$PKGSEL nsd"
# Liste des modules à executer (surchargeable en ligne de commande)
MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
conf_mail install_pkg install_profile patch_snmp install_mkagent \
conf_mail install_pkg install_profile patch_snmp \
conf_syslog conf_network"

9
conf/geoffray-levasseur.org/latukan.conf.sh
View File

@@ -31,7 +31,7 @@ WITH_LDAP_KERB=no
REMOVE_USERS=
# Network
IPV4_IFACES="ens18 ens19"
IPV4_IFACES="eth0 eth1"
NET4_MODE_eth0="static"
NET4_IP_eth0="192.168.1.235/24"
@@ -40,20 +40,21 @@ NET4_NS_eth0="192.168.1.205 192.168.1.206"
NET4_NS_SEARCH_eth0=$REALM
NET4_MODE_eth1="static"
NET4_IP_eth1="10.0.254.235/16"
NET4_IP_eth1="10.42.250.30/24"
IPV6_IFACES="eth0"
NET6_MODE_eth0="static"
NET6_IP_eth0="2a03:7220:8081:b301::eb/64"
NET6_IP_eth0="2a03:7220:8081:b301::1e/64"
NET6_GW_eth0="2a03:7220:8081:b301::e7"
NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
NET6_NS_SEARCH_eth0=$REALM
# Gestionnaire de paquet :
# Mode d'installation :
# * dev : installe les paquets un par un avec apt (lent)
# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
NO_MAIN_SOURCE=false
INTALL_MODE=full
# Paquets additionnels

21
conf/geoffray-levasseur.org/mariveles.conf.sh
View File

@@ -26,37 +26,24 @@ MAINUSER=root
WITH_LDAP_KERB=no
# Users to create, add or remove
#LOCAL_USERS="$MAINUSER"
#REMOTE_USERS="kroot"
REMOVE_USERS=fatal
# Network
IPV4_IFACES="eth0"
IPV4_IFACES="eth0 "
NET4_MODE_eth0="static"
NET4_IP_eth0="192.168.1.241/24"
NET4_GW_eth0="192.168.1.230"
NET4_NS_eth0="192.168.1.205 192.168.1.206"
NET4_GW_eth0="192.168.1.232"
NET4_NS_eth0="192.168.1.202 192.168.1.206"
NET4_NS_SEARCH_eth0=$REALM
NET4_MODE_eth1="static"
NET4_IP_eth1="10.0.254.241/16"
IPV6_IFACES="eth0"
NET6_MODE_eth0="static"
NET6_IP_eth0="2a03:7220:8081:b301::f1/64"
NET6_GW_eth0="2a03:7220:8081:b301::e6"
NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
NET6_NS_SEARCH_eth0=$REALM
# Mode d'installation :
# * dev : installe les paquets un par un avec apt (lent)
# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
INTALL_MODE=full
# Paquets additionnels
PKGSEL="$PKGSEL cups printer-driver-hpcups printer-driver-postscript-hp hplip avahi-daemon printer-driver-gutenprint cups-browsed policykit-1"
PKGSEL="$PKGSEL qbittorrent xhost falkon"
# ------------------------------------------------------------------------------
# -------------------------- Section modules d'init ----------------------------

6
conf/geoffray-levasseur.org/natib.conf.sh
View File

@@ -40,9 +40,9 @@ NET4_NS_eth0="192.168.1.206 192.168.1.205"
NET4_NS_SEARCH_eth0=$REALM
NET4_MODE_eth1="static"
NET4_IP_eth1="10.0.254.208/16"
NET4_IP_eth1="10.42.0.208/16"
IPV6_IFACES="eth0"
IPV6_IFACES=""
NET6_MODE_eth0="static"
NET6_IP_eth0="2a03:7220:8081:b301::d0/64"
@@ -56,7 +56,7 @@ NET6_NS_SEARCH_eth0=$REALM
INTALL_MODE=full
# Paquets additionnels
PKGSEL="$PKGSEL nsd"
PKGSEL="$PKGSEL nsd ldnsutils haveged"
# ------------------------------------------------------------------------------
# -------------------------- Section modules d'init ----------------------------

13
conf/includes/gl.conf.sh
View File

@@ -24,17 +24,22 @@ export CEPHIP_mayon="192.168.1.254"
export CEPHIP_pinatubo="192.168.1.253"
export CEPHIP_ragang="192.168.1.252"
export CEPHIP_taal="192.168.1.251"
#export CEPHIP_jolo="192.168.1.30"
export CEPH_SECRET="AQAxSf5c2A/CMxAAnOu1RrSf7Yr2h60CLttq4g=="
export CEPH_SECRET="file:/tmp/ceph_secret"
export CEPH_MOUNTS="datastore mediastore"
export CEPH_MP_datastore="/srv/ceph"
export CEPH_MP_mediastore="/srv/media"
export SHARED_HOME="false"
# SSH
export SSHD_PERMITROOT_RANGE="192.168.1.0/24"
# Check MK
export MK_VERSION="2.2.0p21-1"
export MK_URL="https://nagios.geoffray-levasseur.org/check_mk/check_mk/agents/check-mk-agent_${MK_VERSION}_all.deb"
#export MK_VERSION="2.4.0p12-1" #shoud be autodetected now
export MK_SERVER_IP="192.168.1.201"
export MK_SITE="check_mk"
export MK_URL="http://$MK_SERVER_IP/$MK_SITE/check_mk/agents/check-mk-agent_latest_all.deb"
export MK_SECRET="file:/share/services/gestparc/mk_secret"
export MK_USER="cmk-agent"
# Samba
export SMBSRV="silay.$REALM"

4
conf/includes/pkgsel.base.conf.sh
View File

@@ -7,12 +7,12 @@ export PKGS_RMLIST="apparmor laptop-detect resolvconf snapd wamerican chafa"
export PKGS_BLACKLIST="apparmor resolvconf chafa snapd"
# Base
export PKGS_BASE="debconf-utils debhelper deborphan ethtool cpufrequtils \
export PKGS_BASE="debconf-utils debhelper ethtool \
curl hwinfo lm-sensors libatasmart-bin lsscsi pciutils vim emacs-nox \
mailutils htop lsof ltrace strace bash-completion host dnsutils \
sysstat ifstat iftop iotop mtr-tiny tcpdump mc pbzip2 pigz \
xz-utils zip unzip plzip lzip ftp lftp bc dc dos2unix psmisc udunits-bin \
whois tmux screen debconf-doc dump figlet gawk gpm multitail neofetch nmap \
whois tmux screen debconf-doc dump figlet gawk multitail fastfetch nmap \
oping pv traceroute rsync tree git qemu-guest-agent ca-certificates"
# Agregation of the package lists

4
conf/includes/tetalab.conf.sh
View File

@@ -6,8 +6,8 @@ export REALM="tetalab.local"
export NTP_SERVERS="ntp1.$REALM"
# Upgrade_dist variables
#export PROXYAPT="acng.$REALM"
#export PROXYAPTPORT="3142"
export PROXYAPT="acng.$REALM"
export PROXYAPTPORT="3142"
# Authnz variables
export DEFAULT_SHELL="/bin/bash"

46
conf/pcp-e3s.conf.sh Normal file
View File

@@ -0,0 +1,46 @@
# Fichier de configuration principal
# ------------------------------------------------------------------------------
# -------------------- Importation de paramêtres globaux -----------------------
# ------------------------------------------------------------------------------
# Importe les paramètres pour le lan E-3S
. $MYPATH/conf/includes/e3s.conf.sh
# Importe la sélection de paquets par défaut
. $MYPATH/conf/includes/pkgsel.base.conf.sh
# Les paramètres précédemment importés sont surchargeable après cette ligne
# ------------------------------------------------------------------------------
# ------------------------------ General Section -------------------------------
# ------------------------------------------------------------------------------
# User of the machine (must exists)
MAINUSER=root
# Authentication: use LDAP+Kerberos ?
WITH_LDAP_KERB=no
# Network
IPV4_IFACES="ens192"
NET4_MODE_ens192="dhcp"
IPV6_IFACES=""
# Mode d'installation :
# * dev : installe les paquets un par un avec apt (lent)
# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
INTALL_MODE=full
# Paquets additionnels
PKGSEL="$PKGSEL"
# ------------------------------------------------------------------------------
# -------------------------- Section modules d'init ----------------------------
# ------------------------------------------------------------------------------
# Liste des modules à executer (surchargeable en ligne de commande)
MODULE_LIST="conf_ntp upgrade_dist conf_locale conf_ssh \
install_pkg install_profile"

44
conf/tetalab.local/nisyros.conf.sh Normal file
View File

@@ -0,0 +1,44 @@
# Fichier de configuration principal
# ------------------------------------------------------------------------------
# -------------------- Importation de paramêtres globaux -----------------------
# ------------------------------------------------------------------------------
# Importe les parametres tetalab.local
. $MYPATH/conf/includes/tetalab.conf.sh
# Importe la selection de paquets par defaut
. $MYPATH/conf/includes/pkgsel.base.conf.sh
# Les paramètres précédemment importés sont surchargeable après cette ligne
# ------------------------------------------------------------------------------
# ------------------------------ General Section -------------------------------
# ------------------------------------------------------------------------------
# User of the machine (must exists)
MAINUSER=root
# Authentication: use LDAP+Kerberos ?
WITH_LDAP_KERB=no
# Users to create, add or remove
REMOVE_USERS=fatal
# Mode d'installation :
# * dev : installe les paquets un par un avec apt (lent)
# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
INTALL_MODE=full
# Paquets additionnels
PKGSEL="$PKGSEL nfs-kernel-server"
PKGS_RMLIST=""
PKGS_BLACKLIST=""
# ------------------------------------------------------------------------------
# -------------------------- Section modules d'init ----------------------------
# ------------------------------------------------------------------------------
# Liste des modules à executer (surchargeable en ligne de commande)
MODULE_LIST="conf_ntp upgrade_dist authnz conf_locale \
install_pkg install_profile patch_snmp"

4
init.sh
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env bash
# ------------------------------------------------------------------------------
# Init.sh: initialise a computer and conform it
# Copyright (c) 2019-2023 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -36,7 +36,7 @@ export LC_ALL=C
export LANG=C
# Version of init
export VERSION="0.99.21"
export VERSION="0.99.24"
# Store script's path (realpath -s resolve symlinks if init.sh is a symlink)
export MYPATH=$(dirname "$(realpath -s "$0")")

14
lib/aaa_errors.sh
View File

@@ -2,7 +2,7 @@
# ------------------------------------------------------------------------------
# Error management functions
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -33,6 +33,7 @@ function die()
trap 'error ${LINENO}' ERR
}
export -f die
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -42,8 +43,10 @@ function terminate()
prnt E "$1 recieved, exiting at once."
die 128 --force
}
export -f terminate
trap "terminate 'Ctrl + C'" SIGINT
trap "terminate 'SIGTERM'" SIGTERM
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -65,8 +68,10 @@ function error()
fi
unset parent_lineno message code
}
export -f error
# Trigger error function on error
trap "error ${LINENO}; backtrace; err_exit" ERR
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -80,6 +85,8 @@ function err_exit
exit 255
fi
}
export -f err_exit
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -100,6 +107,9 @@ function backtrace
unset func i
echo "=============================="
}
export -f backtrace
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -125,6 +135,7 @@ noerror()
set -o errexit
}
export -f noerror
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -140,5 +151,6 @@ check_root()
fi
}
export -f check_root
# ------------------------------------------------------------------------------
# EOF

4
lib/chroot.sh
View File

@@ -2,7 +2,7 @@
# ------------------------------------------------------------------------------
# Chroot system functions
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -45,5 +45,7 @@ chroot_bootstrap()
prnt I "Back to host system and clean up."
rm -rf "$tmpdir"
}
export -f chroot_bootstrap
# ------------------------------------------------------------------------------
# EOF

6
lib/command_line.sh
View File

@@ -2,7 +2,7 @@
# ------------------------------------------------------------------------------
# Main program functions
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -92,7 +92,7 @@ read_commandline()
shift 2
;;
"-f"|"--file")
export CONFFILES="$CONFFILES $opt"
export CONFFILES="$CONFFILES $2"
shift 2
;;
"-s"|"--shell")
@@ -128,6 +128,7 @@ read_commandline()
unset opt
}
export -f read_commandline
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -188,5 +189,6 @@ process_commandline_and_vars()
fi
}
export -f process_commandline_and_vars
# ------------------------------------------------------------------------------
# EOF

12
lib/diskman.sh
View File

@@ -2,7 +2,7 @@
# ------------------------------------------------------------------------------
# Disks and partitions manipulation function
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -35,6 +35,7 @@ blank_disk()
fi
}
export -f blank_disk
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -58,6 +59,7 @@ is_blank()
fi
}
export -f is_blank
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -107,6 +109,7 @@ mkparts()
unset device parttype
}
export -f mkparts
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -122,6 +125,8 @@ mkfs_gen()
fi
done
}
export -f mkfs_gen
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -133,6 +138,7 @@ mkext4()
unset mkfstool
}
export -f mkext4
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -144,6 +150,7 @@ mkxfs()
unset mkfstool
}
export -f mkxfs
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -155,6 +162,7 @@ mkntfs()
unset mkfstool
}
export -f mkntfs
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -166,6 +174,7 @@ mkfat32()
unset mkfstool
}
export -f mkfat32
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -177,6 +186,7 @@ mkbtrfs()
unset mkfstool
}
export -f mkbtrfs
# ------------------------------------------------------------------------------
# EOF

43
lib/display.sh
View File

@@ -2,7 +2,7 @@
# ------------------------------------------------------------------------------
# Some display functions and defines color codes
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -95,34 +95,35 @@ export On_IWhite='\e[0;107m'
prnt()
{
if [[ $1 == "-n" ]]; then
local echoopt=$1
shift
local echoopt=$1
shift
else
local echoopt=""
local echoopt=""
fi
case $1 in
"I")
local heads="[ ${IGreen}info${DEFAULTFG} ]"
shift
;;
"W")
local heads="[${IYellow}Warning${DEFAULTFG}]"
shift
;;
"E")
local heads="[ ${IRed}ERROR${DEFAULTFG} ]"
shift
;;
"m")
local heads=" "
shift
;;
"I")
local heads="[ ${IGreen}info${DEFAULTFG} ]"
shift
;;
"W")
local heads="[${IYellow}Warning${DEFAULTFG}]"
shift
;;
"E")
local heads="[ ${IRed}ERROR${DEFAULTFG} ]"
shift
;;
"m")
local heads=" "
shift
;;
esac
echo $echoopt -e "${IWhite}$(date $DATEFORMAT)${DEFAULTFG} ${heads} $@"
unset heads echoopt
}
export -f prnt
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -142,6 +143,7 @@ separator()
unset i length
}
export -f separator
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -161,6 +163,7 @@ dsleep()
echo
}
export -f dsleep
# ------------------------------------------------------------------------------
# EOF

229
lib/filefct.sh
View File

@@ -2,7 +2,7 @@
# ------------------------------------------------------------------------------
# File manipulation function
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -25,39 +25,40 @@ export COMM_REPO_PATH=${COMM_REPO_PATH:-"$MYPATH/repo/common"}
backup_dist()
{
if [[ $# -lt 1 ]]; then
prnt E "backup_dist(): At least one argument is required."
exit 11
prnt E "backup_dist(): At least one argument is required."
exit 11
fi
local file=
for file in $@; do
local tmstmp=$(stdtime)
if [[ -L ${file} ]]; then
# With symbolik links we call again backup_dist to treat target
prnt I "Following the symbolic link $file to do a proper backup..."
backup_dist $(readlink -f "${file}")
elif [[ -f ${file} ]]; then
prnt I "Creating a backup of ${file} on $tmstmp..."
cp -av $file ${file}.dist.${tmstmp}
if [[ $? -ne 0 ]]; then
prnt E "backup_dist(): Failed copying file."
die 12
fi
elif [[ -d ${file} ]]; then
prnt I "Creating a backup of the directory ${file} on $tmstmp..."
cp -av $file ${file}.dist.${tmstmp}
if [[ $? -ne 0 ]]; then
prnt E "backup_dist(): Failed copying directory recursively."
die 12
fi
else
prnt W "backup_dist(): $file don't exists, nothing to do."
fi
unset tmstmp
local tmstmp=$(stdtime)
if [[ -L ${file} ]]; then
# With symbolik links we call again backup_dist to treat target
prnt I "Following the symbolic link $file to do a proper backup..."
backup_dist $(readlink -f "${file}")
elif [[ -f ${file} ]]; then
prnt I "Creating a backup of ${file} on $tmstmp..."
cp -av $file ${file}.dist.${tmstmp}
if [[ $? -ne 0 ]]; then
prnt E "backup_dist(): Failed copying file."
die 12
fi
elif [[ -d ${file} ]]; then
prnt I "Creating a backup of the directory ${file} on $tmstmp..."
cp -av $file ${file}.dist.${tmstmp}
if [[ $? -ne 0 ]]; then
prnt E "backup_dist(): Failed copying directory recursively."
die 12
fi
else
prnt W "backup_dist(): $file don't exists, nothing to do."
fi
unset tmstmp
done
unset file
}
export -f backup_dist
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -73,26 +74,27 @@ select_file()
{
local infile=$1
if [[ -f $RLMHST_REPO_PATH/$infile ]]; then
local source="$RLMHST_REPO_PATH/$infile"
local source="$RLMHST_REPO_PATH/$infile"
elif [[ -f $RLMGRP_REPO_PATH/$infile ]]; then
local source="$RLMGRP_REPO_PATH/$infile"
local source="$RLMGRP_REPO_PATH/$infile"
elif [[ -f $HOST_REPO_PATH/$infile ]]; then
local source="$HOST_REPO_PATH/$infile"
local source="$HOST_REPO_PATH/$infile"
elif [[ -f $GROUP_REPO_PATH/$infile ]]; then
local source="$GROUP_REPO_PATH/$infile"
local source="$GROUP_REPO_PATH/$infile"
elif [[ -f $REALM_REPO_PATH/$infile ]]; then
local source="$REALM_REPO_PATH/$infile"
local source="$REALM_REPO_PATH/$infile"
elif [[ -f $COMM_REPO_PATH/$infile ]]; then
local source="$COMM_REPO_PATH/$infile"
local source="$COMM_REPO_PATH/$infile"
else
# Not found in repository, we expect full name
local source="$infile"
# Not found in repository, we expect full name
local source="$infile"
fi
unset infile
echo $source
unset source
}
export -f select_file
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -101,26 +103,27 @@ select_directory()
{
local indir=$1
if [[ -d $RLMHST_REPO_PATH/$indir ]]; then
local source="$RLMHST_REPO_PATH/$indir"
local source="$RLMHST_REPO_PATH/$indir"
elif [[ -d $RLMGRP_REPO_PATH/$indir ]]; then
local source="$RLMGRP_REPO_PATH/$indir"
local source="$RLMGRP_REPO_PATH/$indir"
elif [[ -d $HOST_REPO_PATH/$indir ]]; then
local source="$HOST_REPO_PATH/$indir"
local source="$HOST_REPO_PATH/$indir"
elif [[ -d $GROUP_REPO_PATH/$indir ]]; then
local source="$GROUP_REPO_PATH/$indir"
local source="$GROUP_REPO_PATH/$indir"
elif [[ -d $REALM_REPO_PATH/$indir ]]; then
local source="$REALM_REPO_PATH/$indir"
local source="$REALM_REPO_PATH/$indir"
elif [[ -d $COMM_REPO_PATH/$indir ]]; then
local source="$COMM_REPO_PATH/$indir"
local source="$COMM_REPO_PATH/$indir"
else
# Not found in repository, we expect full name
local source="$indir"
# Not found in repository, we expect full name
local source="$indir"
fi
unset indir
echo $source
unset source
}
export -f select_directory
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -132,44 +135,45 @@ install_file()
local i=0
if [[ $# -lt 2 ]]; then
prnt E "install_file(): At least two arguments are required."
die 11
prnt E "install_file(): At least two arguments are required."
die 11
fi
if [[ -n $(echo $@ | grep "\*\|\?") ]]; then
prnt E "install_file(): Wildcards are not authorized."
die 7
prnt E "install_file(): Wildcards are not authorized."
die 7
fi
local arg=
for arg in $@; do
filelist="$filelist $(select_file $arg)"
filelist="$filelist $(select_file $arg)"
# We always replace until the last argument being the target
target="$arg"
done
unset arg
if [[ ! $target == /* ]]; then
prnt E "install_file(): Target must be on the root filesystem and full path must be provided."
die 13
prnt E "install_file(): Target must be on the root filesystem and full path must be provided."
die 13
fi
unset target
if [[ -d $(dirname $i) ]]; then
prnt I "Creating required target directory $(dirname $i)..."
mkdir -pv $(dirname $i)
if [[ $? -ne 0 ]]; then
prnt E "install_file(): Can't create target directory!"
die 12
fi
prnt I "Creating required target directory $(dirname $i)..."
mkdir -pv $(dirname $i)
if [[ $? -ne 0 ]]; then
prnt E "install_file(): Can't create target directory!"
die 12
fi
fi
prnt I "Copying files ${filelist} to target directory $(dirname $i)..."
cp -av $filelist
if [[ $? -ne 0 ]]; then
prnt E "install_file(): Couldn't copy some required files!"
die 12
prnt E "install_file(): Couldn't copy some required files!"
die 12
fi
}
export -f install_file
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -177,29 +181,30 @@ export -f install_file
append_file()
{
if [[ $# -ne 2 ]]; then
prnt E "append_file(): Two arguments are required, source and destination."
die 11
prnt E "append_file(): Two arguments are required, source and destination."
die 11
fi
local srcfile=$(select_file $1)
local dstfile=$2
if [[ ! $dstfile == /* ]]; then
prnt E "append_file(): Target must be on the root filesystem and full path must be provided."
die 13
prnt E "append_file(): Target must be on the root filesystem and full path must be provided."
die 13
fi
if [[ -e $dstfile ]]; then
prnt E "append_file(): Target file must exist (use touch first to create it if required)."
die 13
prnt E "append_file(): Target file must exist (use touch first to create it if required)."
die 13
fi
prnt I "Adding content to file $dstfile..."
cat $srcfile >> $dstfile
if [[ $? -ne 0 ]]; then
prnt E "append_file(): Couldn't append a file!"
die 12
prnt E "append_file(): Couldn't append a file!"
die 12
fi
}
export -f append_file
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -209,65 +214,21 @@ is_dir_empty()
dir=$1
if [[ -f $dir ]]; then
prnt E "is_dir_empty(): The given parameter is not a directory."
die 15
prnt E "is_dir_empty(): The given parameter is not a directory."
die 15
fi
if [[ ! -d $dir ]]; then
return 0
return 0
fi
nbfiles=$(ls -a1 $dir | grep -Evc '^.$|^..$')
if [[ $nbfiles -eq 0 ]]; then
return 0
return 0
fi
return 1
}
export -f is_dir_empty
# ------------------------------------------------------------------------------
# copy and patch a file replacing all @var@ by the corresponding value in
# the environment or the variable list given in parameter
patch_file()
{
local srcfile=$(select_file $1) && shift
local dstfile=$1 && shift
local workfile=${dstfile}.work
if [[ ! -s $srcfile ]]; then
prnt E "patch_file(): Source file is empty, is not a file or don't exists!"
die 10
fi
# Create a sub-process, to avoid bash environment pollution
(
local varlist='' pattern=''
if [[ $# -eq 0 ]] ; then
pattern="-e s/<\(.*\)>/\$\1\$\1/g"
else
local var=
for var in $* ; do
if ! declare -p $var >/dev/null 2>&1 ; then
local $var=$(eval echo \$$var)
fi
pattern="$pattern -e s/@$var@/\$$var/g"
varlist=$varlist\$$var
done
fi
# sed replace <VAR> with \$$VAR and envsubst do the replace by value
sed $pattern $srcfile | envsubst ${varlist:+"$varlist"} > "$workfile"
)
local -a rights=( $(stat --printf="%a %u %g" "$srcfile") )
unset srcfile
mv "$workfile" "$dstfile"
chmod ${rights[0]} "$dstfile"
chown ${rights[1]}:${rights[2]} "$dstfile"
unset rights dstfile
}
export -f patch_file
# ------------------------------------------------------------------------------
@@ -275,16 +236,16 @@ export -f patch_file
tag_file()
{
for f in $@; do
local text="# File automatically modified by init.sh on $(stdtime)."
if [[ -e $f ]]; then
sed -i "1s/^/$text\n/" $f
else
echo $text > $f
sed -i -e "s/modified/generated/" $f
fi
local text="# File automatically modified by init.sh on $(stdtime)."
if [[ -e $f ]]; then
sed -i "1s/^/$text\n/" $f
else
echo $text | sed "s/modified/generated/" > $f
fi
done
}
export -f tag_file
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -292,14 +253,15 @@ export -f tag_file
file_exists()
{
for f in $@; do
if [[ ! -f $(select_file $f) ]]; then
echo $f
return 1
fi
if [[ ! -f $(select_file $f) ]]; then
echo $f
return 1
fi
done
return 0
}
export -f file_exists
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -309,12 +271,13 @@ file_must_exists()
prnt I "Checking $@ files existance..."
local mf=$(file_exists $@)
if [[ $? -ne 0 ]]; then
prnt E "file_must_exists(): The $mf file is missing, can't continue."
die 10
prnt E "file_must_exists(): The $mf file is missing, can't continue."
die 10
fi
unset mf
}
export -f file_must_exists
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -322,14 +285,15 @@ export -f file_must_exists
directory_exists()
{
for d in $@; do
if [[ ! -d $(select_directory $d) ]]; then
echo $d
return 1
fi
if [[ ! -d $(select_directory $d) ]]; then
echo $d
return 1
fi
done
return 0
}
export -f directory_exists
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -339,12 +303,13 @@ directory_must_exists()
prnt I "Checking $@ directories existance..."
local md=$(directory_exists $@)
if [[ $? -ne 0 ]]; then
prnt E "directory_must_exists(): The $md directory is missing, can't continue."
die 10
prnt E "directory_must_exists(): The $md directory is missing, can't continue."
die 10
fi
unset md
}
export -f directory_must_exists
# ------------------------------------------------------------------------------
# EOF

5
lib/loaders.sh
View File

@@ -2,7 +2,7 @@
# ------------------------------------------------------------------------------
# Loaders for conf and prepost functions
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -49,6 +49,7 @@ load_autoconf()
unset prefix
}
export -f load_autoconf
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -129,6 +130,7 @@ load_configuration()
fi
}
export -f load_configuration
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -143,5 +145,6 @@ load_prepost_actions()
unset prepost
}
export -f load_prepost_actions
# ------------------------------------------------------------------------------
# EOF

11
lib/net.sh
View File

@@ -2,7 +2,7 @@
# ------------------------------------------------------------------------------
# Network functions
# This file is part of the init.sh project
# Copyright (c) 2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -34,6 +34,7 @@ set_system_proxy()
fi
}
export -f set_system_proxy
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -47,6 +48,7 @@ mask2cidr4()
echo $(( $2 + (${#x}/4) ))
}
export -f mask2cidr4
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -59,6 +61,7 @@ cidr2mask4()
echo ${1-0}.${2-0}.${3-0}.${4-0}
}
export -f cidr2mask4
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -82,6 +85,7 @@ isipv4 ()
return 1
}
export -f isipv4
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -96,6 +100,7 @@ isipv6 ()
return 1
}
export -f isipv6
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -135,6 +140,7 @@ get_network_info()
done
}
export -f get_network_info
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -176,3 +182,6 @@ check_network()
esac
}
export -f check_network
# ------------------------------------------------------------------------------
# EOF

14
lib/pkgman.sh
View File

@@ -2,7 +2,7 @@
# ------------------------------------------------------------------------------
# Package manager integration
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -18,6 +18,7 @@ pkgupdt()
$PKG_MAN $COM_UPDATE
}
export -f pkgupdt
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -56,6 +57,7 @@ pkgupgd()
exec_postupgd
}
export -f pkgupgd
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -82,6 +84,7 @@ pkgrm()
fi
}
export -f pkgrm
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -94,6 +97,7 @@ pkgautorm()
exec_postautorm
}
export -f pkgautorm
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -111,6 +115,7 @@ exec_preinst()
unset pkglist
}
export -f exec_preinst
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -129,6 +134,7 @@ exec_postinst()
unset POSTINSTLIST
}
export -f exec_postinst
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -147,6 +153,7 @@ exec_prerm()
unset pkglist
}
export -f exec_prerm
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -165,6 +172,7 @@ exec_postrm()
unset POSTRMLIST
}
export -f exec_postrm
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -182,6 +190,7 @@ exec_preupgd()
unset pkglist
}
export -f exec_preupgd
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -200,6 +209,7 @@ exec_postupgd()
unset POSTUPGDLIST
}
export -f exec_postupgd
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -217,6 +227,7 @@ exec_preautorm()
unset pkglist
}
export -f exec_preautorm
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -226,6 +237,7 @@ exec_postautorm()
exec_postrm
}
export -f exec_postautorm
# ------------------------------------------------------------------------------
# EOF

194
lib/secret.sh Normal file
View File

@@ -0,0 +1,194 @@
#!/bin/bash
# ------------------------------------------------------------------------------
# Secret management functions
# This file is part of the init.sh project
# Copyright (c) 2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
# https://opensource.org/licenses/BSD-3-Clause
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Get Passbolt
get_passbolt_secret()
{
local name="$1" secret
if ! command -v passbolt >/dev/null 2>&1; then
prnt E "Passbolt CLI not found (required to fetch passbolt:$name)."
die 22
fi
# Exemple basé sur CLI Passbolt + jq
secret=$(passbolt secret list --json 2>/dev/null | jq -r --arg NAME "$name" \
'.[] | select(.name == $NAME) | .secrets[0].data' 2>/dev/null)
if [[ -z "$secret" || "$secret" == "null" ]]; then
prnt E "Secret '$name' not found in Passbolt."
die 23
fi
printf '%s' "$secret"
}
export -f get_passbolt_secret
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Get File
get_file_secret()
{
local path="$1" secret
if [[ ! -s "$path" ]]; then
prnt E "get_file_secret: missing secret file"
die 10
fi
if [[ ! -r "$path" ]]; then
prnt E "get_file_secret: '$path' not readable"
die 24
fi
secret=$(<"$path")
secret="${secret%$'\r'}"
secret="${secret%$'\n'}"
printf '%s' "$secret"
}
export -f get_file_secret
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Get Environment variable
get_var_secret()
{
local var="$1" secret
if [[ -z "$var" ]]; then
prnt E "get_var_secret: missing variable name"
die 25
fi
if ! printenv "$var" >/dev/null 2>&1; then
prnt E "get_var_secret: variable '$var' not set"
die 25
fi
secret="$(printenv "$var")"
secret="${secret%$'\r'}"
secret="${secret%$'\n'}"
printf '%s' "$secret"
}
export -f get_var_secret
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Main get dispatcher
# Usage: fetch_secret "scheme:identifier"
fetch_secret()
{
local ref="$1"
local scheme identifier func
if [[ -z "$ref" ]]; then
prnt E "fetch_secret: no reference provided"
die 26
fi
# par défaut, si pas de scheme -> "file"
if [[ "$ref" != *:* ]]; then
scheme="file"
identifier="$ref"
else
scheme="${ref%%:*}"
identifier="${ref#*:}"
fi
func="get_${scheme}_secret"
if ! declare -f "$func" >/dev/null 2>&1; then
prnt E "fetch_secret: unsupported scheme '$scheme' (no function $func)"
die 27
fi
"$func" "$identifier"
}
export -f fetch_secret
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Check Passbolt
check_passbolt_secret() {
local name="$1" found
if ! command -v passbolt >/dev/null 2>&1; then
return 1
fi
found=$(passbolt secret list --json 2>/dev/null | jq -e --arg NAME "$name" \
'.[] | select(.name == $NAME) | .secrets[0].data' 2>/dev/null)
[[ -n "$found" && "$found" != "null" ]]
}
export -f check_passbolt_secret
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Check File
check_file_secret() {
local path="$1"
[[ -r "$path" && -s "$path" ]]
}
export -f check_file_secret
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Check Environment variable
check_var_secret() {
local var="$1"
[[ -n "$var" ]] && printenv "$var" >/dev/null 2>&1
}
export -f check_var_secret
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Check Dispatcher
check_secret() {
local ref="$1"
local scheme identifier func
if [[ -z "$ref" ]]; then
prnt E "check_secret: no reference provided"
return 1
fi
if [[ "$ref" != *:* ]]; then
scheme="file"
identifier="$ref"
else
scheme="${ref%%:*}"
identifier="${ref#*:}"
fi
func="check_${scheme}_secret"
if ! declare -f "$func" >/dev/null 2>&1; then
prnt E "check_secret: unsupported scheme '$scheme' (no function $func)"
return 1
fi
"$func" "$identifier"
}
export -f check_secret
# ------------------------------------------------------------------------------
# EOF

7
lib/services.sh
View File

@@ -2,7 +2,7 @@
# ------------------------------------------------------------------------------
# Services manipulation functions
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -34,6 +34,7 @@ exec_serv()
unset lineexec
}
export exec_serv
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -47,6 +48,7 @@ svc_start()
unset svc
}
export -f svc_start
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -58,6 +60,7 @@ svc_reload()
done
}
export -f svc_reload
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -71,6 +74,7 @@ svc_restart()
unset svc
}
export -f svc_restart
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -84,5 +88,6 @@ svc_stop()
unset svc
}
export -f svc_stop
# ------------------------------------------------------------------------------
# EOF

4
lib/support.sh
View File

@@ -2,7 +2,7 @@
# ------------------------------------------------------------------------------
# Base support function
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -73,6 +73,7 @@ Fichiers de configuration :
EOF
}
export -f disp_help
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -103,5 +104,6 @@ show_version()
fi
}
export -f show_version
# ------------------------------------------------------------------------------
# EOF

82
lib/users.sh Normal file
View File

@@ -0,0 +1,82 @@
#!/bin/bash
# ------------------------------------------------------------------------------
# Users related functions
# This file is part of the init.sh project
# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
# https://opensource.org/licenses/BSD-3-Clause
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Users (from Ldap)
add_remote_user()
{
local users=$@
for usr in ${users[@]}; do
if [[ -n $(grep "^$usr:" /etc/passwd) ]]; then
prnt W "A local user with name $usr already exists, adding anyway!"
fi
if [[ -n $(grep "^+$usr:" /etc/passwd) ]]; then
prnt W "The remote user $usr is already declared, nothing to do in passwd."
else
echo "+$usr::::::" >> /etc/passwd
prnt I "User $usr added to passwd..."
fi
if [[ -n $(grep "^+$usr:" /etc/shadow) ]]; then
prnt W "The remote user $usr is already connectable, nothing to do in shadow."
else
echo "+$usr::::::::" >> /etc/shadow
prnt I "User $usr added to shadow..."
fi
done
}
export -f add_remote_user
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Remove users
remove_user()
{
local users=$@
for usr in ${users[@]}; do
if [[ -n $(grep "^$usr:" /etc/{passwd,shadow,group,gshadow}) ]]; then
# Using sed is more universal than any distro commands - local case
sed -i -e "/^$usr:/d" /etc/{passwd,shadow,group,gshadow}
elif [[ -n $(grep "^+$usr:" /etc/{passwd,shadow,group,gshadow}) ]]; then
# remote case
sed -i -e "/^+$usr:/d" /etc/{passwd,shadow,group,gshadow}
else
prnt W "User $usr don't exists in auth files, nothing to do."
fi
done
}
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Create a local user
create_local_user()
{
local users=$@
for usr in ${users[@]}; do
if [[ $(noerror --noout id $usr) != 0 ]]; then
prnt I "Creating user $usr..."
if [[ $(directory_exists home_skell) ]]; then
useradd --create-home --shell $DEFAULT_SHELL \
--user-group $usr \
--skell $(select_directory home_skell)
else
useradd --create-home --shell $DEFAULT_SHELL --user-group $usr
fi
else
prnt W "The user $usr already exists. Nothing to do..."
fi
done
}
# ------------------------------------------------------------------------------
# EOF

8
lib/utils.sh
View File

@@ -2,7 +2,7 @@
# ------------------------------------------------------------------------------
# Various utilitary functions
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -16,6 +16,7 @@ stdtime()
date --rfc-3339=seconds | sed -e 's/ /-/' -e 's/://g' | cut -d'+' -f1
}
export -f stdtime
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -33,6 +34,7 @@ function_exists() {
fi
}
export -f function_exists
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -46,6 +48,7 @@ get_mod_name()
basename $1 | cut -f 1 -d '.'
}
export -f get_mod_name
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -57,6 +60,8 @@ trim()
unset string
}
export -f trim
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Dump the keyboard's buffer
@@ -67,6 +72,7 @@ dump_key_buffer()
done
}
export -f dump_key_buffer
# ------------------------------------------------------------------------------
# EOF

108
lib/vars.sh Normal file
View File

@@ -0,0 +1,108 @@
#!/bin/bash
# ------------------------------------------------------------------------------
# Variables substitution function
# This file is part of the init.sh project
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
# https://opensource.org/licenses/BSD-3-Clause
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Replace @VAR@ in a text file by the corresponding $VAR value
# The --delimiter or -d option allow to use something else than @
setvar()
{
local delimiter="@"
local vars=()
local file
# Parse arguments
while [[ $# -gt 0 ]]; do
case "$1" in
--delimiter|-d)
shift
delimiter="${1:-@}"
;;
-*)
prnt E "setvar(): Unknown option: $1"
die 7
;;
*)
if [[ -f $1 && $# -eq 1 ]]; then
file="$1"
else
vars+=("$1")
fi
;;
esac
shift
done
if [[ -z $file ]]; then
prnt E "Usage: setvar [--delimiter D] VAR1 [VAR2 ...] <file>"
die 7
fi
if [[ ${#vars[@]} -eq 0 ]]; then
prnt E "No variable name(s) provided."
die 7
fi
local var val escaped pattern
for var in "${vars[@]}"; do
val="${!var}"
if [[ -z $val ]]; then
prnt W "Variable '$var' is unset or empty; skipped."
continue
fi
# Échapper les caractères spéciaux pour sed
escaped=$(printf '%s' "$val" | sed -e 's/[\/&]/\\&/g')
pattern="${delimiter}${var}${delimiter}"
prnt I "Replacing $pattern with $val in $file"
sed -i -e "s|$pattern|$escaped|g" "$file"
done
}
export -f setvar
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Replace @VAR@ in a text file by the corresponding values available in the
# environment. The --delimiter or -d option allow to use something else than @
setvars_from_env()
{
local file delimiter="@"
while [[ $# -gt 0 ]]; do
case "$1" in
-d|--delimiter)
shift
delimiter="${1:-@}"
;;
*)
file="$1"
;;
esac
shift
done
[[ -f $file ]] || {
prnt E "File not found: $file"
die 10
}
local vars
vars=$(grep -o "${delimiter}[A-Z0-9_]\+${delimiter}" "$file" | sort -u | tr -d "$delimiter")
[[ -z $vars ]] && return 0
setvar --delimiter "$delimiter" $vars "$file"
}
export -f setvars_from_env
# ------------------------------------------------------------------------------
# EOF

4
lib/version.sh
View File

@@ -2,7 +2,7 @@
# ------------------------------------------------------------------------------
# Version determination function
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -45,6 +45,7 @@ get_os_version()
)
}
export read_os_release
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
@@ -67,5 +68,6 @@ set_sys_vars()
fi
}
export -f get_os_version
# ------------------------------------------------------------------------------
# EOF

53
modules/authnz.sh
View File

@@ -1,7 +1,7 @@
# ------------------------------------------------------------------------------
# Add local or remote users
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -21,57 +21,8 @@
# ------------------------------------------------------------------------------
export VER_authnz="0.2.2"
export DEP_authnz="upgrade_dist"
export DEP_authnz=""
# Users (from Ldap)
add_remote_user()
{
if [[ -n $(grep "^$1:" /etc/passwd) ]]; then
prnt W "A local user with name $1 already exists, adding anyway!"
fi
if [[ -n $(grep "^+$1:" /etc/passwd) ]]; then
prnt W "The remote user $1 is already declared, nothing to do in passwd."
else
echo "+$1::::::" >> /etc/passwd
prnt I "User $1 added to passwd..."
fi
if [[ -n $(grep "^+$1:" /etc/shadow) ]]; then
prnt W "The remote user $1 is already connectable, nothing to do in shadow."
else
echo "+$1::::::::" >> /etc/shadow
prnt I "User $1 added to shadow..."
fi
}
# Remove users
remove_user()
{
if [[ -n $(grep "^$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then
# Using sed is more universal than any distro commands - local case
sed -i -e "/^$1:/d" /etc/{passwd,shadow,group,gshadow}
elif [[ -n $(grep "^+$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then
# remote case
sed -i -e "/^+$1:/d" /etc/{passwd,shadow,group,gshadow}
else
prnt W "User $1 don't exists in auth files, nothing to do."
fi
}
# Create a local user
create_local_user()
{
if [[ $(noerror --noout id $1) != 0 ]]; then
prnt I "Creating user $1..."
if [[ $(directory_exists home_skell) ]]; then
useradd --create-home --shell $DEFAULT_SHELL --user-group $1 \
--skell $(select_directory home_skell)
else
useradd --create-home --shell $DEFAULT_SHELL --user-group $1
fi
else
prnt W "The user $1 already exists. Nothing to do..."
fi
}
# Authentication
authnz()

113
modules/conf_ceph.sh
View File

@@ -1,7 +1,7 @@
# ------------------------------------------------------------------------------
# Configure machine for ceph (or samba) mount
# Configure machine for ceph (or samba / NFS) mount
# This file is part of the init.sh project
# Copyright (c) 2019-2021 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -10,43 +10,52 @@
# Variable:
# * CEPH_SRV_NAMES: hosts names of ceph servers
# * CEPHIP_srv: with "srv" being a ceph server hostname, its corresponding IP
# * SHARED_HOME: Set at yes if homedir is a directory of the ceph mount
# * SMBSRV: Fallback samba server on unsupported architectures
# Mount points are hardcoded and should bet set differently
# * CEPH_MOUNTS: list of mounts to create
# * CEPH_MP_mount: mount point for the given "mount"
# * SHARED_HOME: Set at yes if homedir is a directory of the ceph mount (to be removed)
# * SMBSRV: Fallback samba server on unsupported architectures (not doing
# anything if undeclared)
# * NFSSRV: Fallback NFS server on unsupported architectures (not doing
# anything if undeclared)
# If both SMBSRV and NFSSRV are set on unsupported hardware, Samba will have a
# higher priority.
# ------------------------------------------------------------------------------
export VER_conf_ceph="0.0.5"
export DEP_conf_ceph="upgrade_dist"
export VER_conf_ceph="1.0.2"
export DEP_conf_ceph=""
conf_ceph()
{
# Create mount point directories
echo "Creating mount points"
mkdir -pv /srv/ceph/share
mkdir -pv /share
local success=undef
local fstabchanged=false
# Determine the type of installation
if [[ $SYS_ARCH == "x86_64" || $SYS_ARCH == "i386" ]]; then
export CEPH_STATUS=ceph
else
elif [[ -n $SMBSRV ]]; then
export CEPH_STATUS=smb
elif [[ -n $NFSSRV ]]; then
export CEPH_STATUS=nfs
else
export CEPH_STATUS=none
fi
if [[ $CEPH_STATUS == ceph ]]; then
# Install ceph package
pkginst ceph-common
# hosts files required for Ceph bootstrap when DNS not yet started
if [[ -z $(grep "# Ceph" /etc/hosts) ]]; then
if ! grep -q "^# Ceph" /etc/hosts; then
prnt I "Adding server list to /etc/hosts"
backup_dist /etc/hosts
tag_file /etc/hosts
echo >> /etc/hosts
echo "# Ceph servers:" >> /etc/hosts
for srv in $CEPH_SRV_NAMES; do
local line="$(eval echo \$CEPHIP_$srv) $srv.$REALM $srv"
local line
line="$(eval echo \$CEPHIP_$srv) $srv.$REALM $srv"
prnt m " - Adding line $line to /etc/hosts"
echo "$line" >> /etc/hosts
unset line
done
else
prnt W "Ceph servers already in /etc/hosts, nothing to do"
@@ -54,37 +63,59 @@ conf_ceph()
backup_dist /etc/fstab
prnt I "Adding ceph entries to /etc/fstab"
fstabchanged=true
tag_file /etc/fstab
echo >> /etc/fstab
local srvlist=$(echo $CEPH_SRV_NAMES | sed "s/ /,/g")
if [[ -z $(grep $srvlist /etc/fstab) ]]; then
local srvlist=${CEPH_SRV_NAMES// /,}
prnt I "Fetching secret $CEPH_SECRET..."
local secret
secret=$(fetch_secret "$CEPH_SECRET")
if ! grep -q "$srvlist" /etc/fstab; then
echo "# Ceph :" >> /etc/fstab
echo "$srvlist:/ /srv/ceph ceph defaults,_netdev,name=admin,secret=$CEPH_SECRET 0 0" >> /etc/fstab
for mnt in $CEPH_MOUNTS; do
local mp=$(eval echo \$CEPH_MP_$mnt)
mkdir -pv "$mp"
echo "$srvlist:/ $mp ceph defaults,_netdev,name=admin,secret=$secret,mds_namespace=$mnt 0 0" >> /etc/fstab
unset mp
done
else
prnt W "Ceph entry already in /etc/fstab, nothing to do"
fi
unset srvlist
unset srvlist secret
success=yes
elif [[ $CEPH_STATUS == smb ]]; then
pkginst smbclient
backup_dist /etc/fstab
prnt I "Adding Samba entries to /etc/fstab"
fstabchanged=true
echo >> /etc/fstab
if [[ -z $(grep $SMBSRV /etc/fstab) ]]; then
tag_file /etc/fstab
if ! grep -q "$SMBSRV" /etc/fstab; then
echo "# Samba:" >> /etc/fstab
echo "//$SMBSRV/share /srv/ceph/share cifs defaults,_netdev,username=root,password= 0 0" >> /etc/fstab
for mnt in $CEPH_MOUNTS; do
local mp=$(eval echo \$CEPH_MP_$mnt)
mkdir -pv $mp
echo "//$SMBSRV/$mnt $mp cifs defaults,_netdev,username=root,password= 0 0" >> /etc/fstab
unset $mp
done
else
prnt W "Samba entry already in /etc/fstab, nothing to do"
fi
success=yes
elif [[ $CEPH_STATUS == nfs ]]; then
tag_file /etc/fstab
# To be implemented
elif [[ $CEPH_STATUS == none ]]; then
prnt W "No alternative set for unsuported hardware, nothing will be done."
return 0
else
prnt E "Ceph status not understood, the next tasks will probably fail"
prnt E "Ceph status not understood, something is wrong."
return 1
fi
if [[ $success == yes ]]; then
if [[ -z $(grep "^/srv/ceph/share" /etc/fstab) ]]; then
fstabchanged=true
# Create some mount binds for convenience
# TODO: That part should be a different module with own configuration
if grep -q "^/srv/ceph/share" /etc/fstab; then
echo "/srv/ceph/share /share none defaults,_netdev,bind 0 0" >> /etc/fstab
if [[ $SHARED_HOME == 1 ]]; then
echo "/srv/ceph/share/home /home none defaults,_netdev,bind 0 0" >> /etc/fstab
@@ -94,18 +125,15 @@ conf_ceph()
prnt E "Failed creating original mount, not adding binded ones"
fi
if [[ $fstabchanged == true ]]; then
tag_file /etc/fstab
fi
unset fstabchanged
# Mount Ceph volumes if required
prnt I "Mounting ceph volumes"
[[ -z $(mount | grep "on /srv/ceph") ]] && mount -v /srv/ceph || mount -v /srv/ceph/share
[[ -z $(mount | grep "on /share") ]] && mount -v /share
if [[ $SHARED_HOME == "true" ]]; then
[[ -z $(mount | grep "on /home") ]] && mount -v /home
fi
for mnt in $CEPH_MOUNTS; do
if ! mountpoint -q "$(eval echo \$CEPH_MP_$mnt)"; then
mount -v "$(eval echo \$CEPH_MP_$mnt)" ||
prnt W "Error while mounting CEPH filesystem (check CEPH logs), ignoring"
fi
done
}
precheck_conf_ceph()
@@ -124,17 +152,24 @@ precheck_conf_ceph()
done
if [[ -z $CEPH_SECRET ]]; then
prnt E "CEPH secret key is not declared, can't continue!"
prnt I "If you don't want to put tour CEPH secret in configuration file,"
prnt I "If you don't want to put a CEPH secret var in configuration file,"
prnt m "you need to export it temporarily in your environment, using the"
prnt m "\"CEPH_SECRET\" variable."
exit 181
die 181
elif ! check_secret $CEPH_SECRET; then
prnt E "The declared $CEPH_SECRET is not accessible."
die 183
fi
if [[ -z $CEPH_MOUNTS ]]; then
prnt E "No CEPH mounts declared, despite reachable servers."
die 182
fi
else
prnt E "No CEPH server declared!"
die 182
fi
else
prnt W "System incompatible with ceph, falling back to samba..."
prnt W "System incompatible with ceph, falling back to Samba or NFS..."
fi
}

2
modules/conf_disks.sh
View File

@@ -16,7 +16,7 @@
# * CALCDRV: Target drives, preferably through ID.
# ------------------------------------------------------------------------------
export VER_conf_disks="0.0.9"
export VER_conf_disks="0.0.9-obsolete"
export DEP_conf_disks="upgrade_dist"
# ------------------------------------------------------------------------------

2
modules/conf_mail.sh
View File

@@ -14,7 +14,7 @@
# ------------------------------------------------------------------------------
export VER_conf_mail="0.0.8"
export DEP_conf_mail="upgrade_dist"
export DEP_conf_mail=""
conf_mail()
{

9
modules/conf_network.sh
View File

@@ -100,11 +100,10 @@ conf_network()
fi
done
prnt I "Trying to raise down iface up. Allready configured iface will require a reboot"
ifup -a || true && prnt W "Ignoring errors here."
prnt I "Restart network to apply changes"
svc_restart networking || true && prnt W "Ignoring errors here."
unset iface if_file
export NEED_REBOOT=true
}
precheck_conf_network()
@@ -119,7 +118,7 @@ precheck_conf_network()
die 175
else
if [[ $(grep "up" /sys/class/net/$iface/operstate) ]]; then
prnt W "The IPv4 iface $iface, is already configured, a reboot will be required."
prnt W "The IPv4 iface $iface, is already configured, a reboot could be required."
fi
fi
if [[ -z $(eval echo \$NET4_MODE_$iface) ]]; then
@@ -157,7 +156,7 @@ precheck_conf_network()
die 175
else
if [[ $(grep "up" /sys/class/net/$iface/operstate) ]]; then
prnt W "The IPv6 iface $iface, is already configured, a reboot will be required."
prnt W "The IPv6 iface $iface, is already configured, a reboot could be required."
fi
fi
if [[ -z $(eval echo \$NET6_MODE_$iface) ]]; then

19
modules/conf_ntp.sh
View File

@@ -11,7 +11,7 @@
# * NTPSERVERS: list of NTP servers
# ------------------------------------------------------------------------------
export VER_conf_ntp="0.1.6"
export VER_conf_ntp="0.2.0"
export DEP_conf_ntp=""
conf_ntp()
@@ -21,16 +21,13 @@ conf_ntp()
systemctl disable systemd-timesyncd || true
fi
NTP_SERV=${NTP_SERV:-ntp}
prnt I "Installing ntp daemon..."
pkginst ntp
pkginst $NTP_SERV
prnt I "Stopping service ntp..."
if [[ -n $NTP_SERV ]]; then
svc_stop $NTP_SERV
else
svc_stop ntp
fi
svc_stop $NTP_SERV
if [[ -n $NTP_SERV ]]; then
if [[ $NTP_SERV == ntpsec ]]; then
local conf_file="/etc/$NTP_SERV/ntp.conf"
else
local conf_file="/etc/ntp.conf"
@@ -39,7 +36,11 @@ conf_ntp()
prnt I "Installing NTP configuration file..."
local dest="${conf_file}.work"
backup_dist "$conf_file"
install_file ntp.conf "$dest"
if [[ -s $NTP_SERV ]]; then
install_file ${NTP_SERV}.conf "$dest"
else
install_file ntp.conf "$dest"
fi
tag_file "$dest"
local line=""
for srv in $NTP_SERVERS; do

2
modules/conf_ssh.sh
View File

@@ -12,7 +12,7 @@
# ------------------------------------------------------------------------------
export VER_conf_ssh="0.1.4"
export DEP_conf_ssh="upgrade_dist"
export DEP_conf_ssh=""
conf_ssh()
{

1
modules/conf_syslog.sh
View File

@@ -15,6 +15,7 @@ export VER_conf_syslog="0.0.5"
conf_syslog()
{
pkginst rsyslog
local syslogconf=/etc/rsyslog.conf
prnt I "Configuring rsyslog..."
backup_dist $syslogconf

2
modules/create_vm.sh
View File

@@ -11,7 +11,7 @@
# To be defined
# ------------------------------------------------------------------------------
export VER_create_vm="0.0.2"
export VER_create_vm="0.0.2-obsolete"
export DEP_create_vm="upgrade_dist install_pkg"
create_vm()

2
modules/install_desktop.sh
View File

@@ -16,7 +16,7 @@
# ------------------------------------------------------------------------------
export VER_install_desktop="0.0.5"
export DEP_install_desktop="upgrade_dist"
export DEP_install_desktop=""
install_desktop()
{

170
modules/install_mkagent.sh
View File

@@ -9,54 +9,164 @@
# ------------------------------------------------------------------------------
# Variable:
# * MK_SERVER: Server IP address
# * MK_PORT: Port check_mk agent will use to communicate with server
# * MK_SITE: The check_mk site (or instance) to use
# * MK_URL: The URL to use to download the agent
# * MK_SECRET: The secret to use to register the agent
# * MK_USER: The user to use to register
# ------------------------------------------------------------------------------
export VER_install_mkagent="0.0.6"
export DEP_install_mkagent="upgrade_dist install_pkg"
export VER_install_mkagent="0.1.0"
export DEP_install_mkagent=""
# ------------------------------------------------------------------------------
# Extract CheckMK version from the server
get_checkmk_version_from_server()
{
local ip="$1"
local site="${2:-$MK_SITE}"
local proto out v header
local re_version='[0-9]+\.[0-9]+(\.[0-9]+)?p?[0-9]+'
[[ -n "$MK_VERSION" ]] && { printf '%s' "$MK_VERSION"; return 0; }
for proto in http https; do
# 1) Tentative via version.py (souvent non protégée)
if out=$(curl -fsS --max-time 3 "$proto://$ip/$site/check_mk/version.py" 2>/dev/null); then
v=$(grep -oE "$re_version" <<<"$out" | head -n1)
[[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
fi
# 2) Tentative via login.py (page de connexion)
if out=$(curl -fsS --max-time 3 "$proto://$ip/$site/check_mk/login.py" 2>/dev/null); then
v=$(grep -oE "$re_version" <<<"$out" | grep -vE '2\.[0-9]{1,3}\.[0-9]{2,3}' | head -n1)
[[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
fi
# 3) En-têtes HTTP éventuels
header=$(curl -fsSI --max-time 3 "$proto://$ip/$site/" 2>/dev/null || true)
if [[ -n "$header" ]]; then
v=$(grep -oiE "$re_version" <<<"$header" | head -n1)
[[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
fi
# 4) Fallback : page d'accueil, mais filtrer les faux positifs du JS
out=$(curl -fsS --max-time 5 "$proto://$ip/$site/" 2>/dev/null || true)
if [[ -n "$out" ]]; then
# Filtre plus strict : commence par 1.x ou 2.x et max 2 chiffres après le point
v=$(grep -oE "$re_version" <<<"$out" \
| grep -E '^2\.[0-9]+(\.[0-9]+)?p?[0-9]*$' \
| grep -vE '\.[0-9]{3,}' \
| head -n1)
[[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
fi
done
return 1
}
install_mkagent()
{
wget $MK_URL -O /tmp/check-mk-agent_${MK_VERSION}_all.deb
pkginst xinetd /tmp/check-mk-agent_${MK_VERSION}_all.deb
rm /tmp/check-mk-agent_${MK_VERSION}_all.deb
local debfile="/tmp/check-mk-agent_latest_all.deb"
prnt I "Downloading CheckMK agent from: $MK_URL"
backup_dist /etc/xinetd.d/check_mk
install_file cmk/check_mk /etc/xinetd.d/check_mk
tag_file /etc/xinetd.d/check_mk
sed -i -e "s/@MK_SERVER_IP@/$MK_SERVER_IP/" /etc/xinetd.d/check_mk
# try primary URL
if ! wget -q "$MK_URL" -O "$debfile"; then
prnt W "Primary download failed. Attempting to detect server version and fallback..."
local mkver
mkver=$(get_checkmk_version_from_server "$MK_SERVER_IP" 2>/dev/null || true)
mkdir -pv /usr/lib/check_mk_agent/plugins/28800
install_file cmk/mk_apt /usr/lib/check_mk_agent/plugins/28800/mk_apt
# Cmk > 2.1, configure agent
if [[ -e /var/lib/cmk-agent/cmk-agent-ctl.gz ]]; then
gunzip /var/lib/cmk-agent/cmk-agent-ctl.gz
chmod +x /var/lib/cmk-agent/cmk-agent-ctl
scp -O $MK_SERVER_IP:/etc/check_mk/agentpwd /tmp/mk-pwd
/var/lib/cmk-agent/cmk-agent-ctl register --hostname $HOSTNAME \
--server $MK_SERVER_IP --site check_mk --user check_mk --password \
"$(read /etc/mk-pwd)"
if [[ -n "$mkver" ]]; then
prnt I "Detected Check_MK version: $mkver — building fallback URL"
# replace the literal 'latest' token in MK_URL with the detected version
local fallback_url
fallback_url="${MK_URL/latest/$mkver-1}"
prnt I "Trying fallback URL: $fallback_url"
if ! wget -q "$fallback_url" -O "$debfile"; then
prnt E "Fallback download with version $mkver failed."
die 163
fi
else
prnt E "Unable to detect Check_MK version on $MK_SERVER_IP and primary download failed."
die 163
fi
fi
svc_restart xinetd
# On non-systemd systems, install xinetd before the .deb to avoid postinst failures
if ! pidof systemd >/dev/null; then
pkginst xinetd
fi
# Install agent package
pkginst "$debfile"
rm -f "$debfile"
# Enable service depending on init system
if pidof systemd >/dev/null; then
systemctl enable --now check-mk-agent.socket
else
backup_dist /etc/xinetd.d/check-mk-agent
install_file cmk/check_mk /etc/xinetd.d/check-mk-agent
tag_file /etc/xinetd.d/check-mk-agent
sed -i -e "s/@MK_SERVER_IP@/$MK_SERVER_IP/" /etc/xinetd.d/check-mk-agent
svc_restart xinetd
fi
# Debian plugin
if [[ $PKG_MAN == "apt-get" ]]; then
mkdir -pv /usr/lib/check_mk_agent/plugins/3600
install_file cmk/mk_apt /usr/lib/check_mk_agent/plugins/3600/mk_apt
fi
# Registration (if secret provided)
if [[ -n $MK_SECRET ]]; then
local secret
prnt I "Fetching secret $MK_SECRET..."
secret=$(fetch_secret "$MK_SECRET")
if [[ -e /var/lib/cmk-agent/cmk-agent-ctl.gz ]]; then
gunzip -v -f /var/lib/cmk-agent/cmk-agent-ctl.gz
chmod -v +x /var/lib/cmk-agent/cmk-agent-ctl
fi
if [[ -x /var/lib/cmk-agent/cmk-agent-ctl ]]; then
/var/lib/cmk-agent/cmk-agent-ctl register \
--hostname "$HOSTNAME" \
--server "$MK_SERVER_IP" \
--site "$MK_SITE" \
--user "$MK_USER" \
--password "$secret"
else
prnt W "Agent control tool not found; skipping registration."
fi
unset secret
else
prnt W "No secret configured, agent cannot be registered."
fi
}
precheck_install_mkagent()
{
if [[ -z $MK_VERSION ]]; then
prnt E "Undeclared check_mk version of the agent to install."
die 162
if [[ -z $MK_SITE ]]; then
prnt E "Undeclared check_mk site to use."
die 162
fi
if [[ -z $MK_URL ]]; then
prnt E "Undeclared check_mk download URL."
die 162
prnt E "Undeclared check_mk download URL."
die 162
fi
if [[ -z $MK_SERVER_IP ]]; then
prnt E "Undeclared check_mk server."
die 162
prnt E "Undeclared check_mk server."
die 162
fi
if [[ $PKG_MAN == "apt-get" ]]; then
file_must_exists cmk/check_mk cmk/mk_apt
fi
if [[ -z $MK_SECRET ]]; then
prnt W "No secret set for CheckMK, registration won't be possible."
if [[ -z $MK_USER ]]; then
prnt E "A CheckMK user is required to register."
die 162
fi
fi
file_must_exists cmk/check_mk cmk/mk_apt
}
export -f install_mkagent

4
modules/patch_snmp.sh
View File

@@ -8,8 +8,8 @@
# https://opensource.org/licenses/BSD-3-Clause
# ------------------------------------------------------------------------------
export VER_patch_snmp="0.1.2"
export DEP_patch_snmp="install_pkg"
export VER_patch_snmp="0.1.3"
export DEP_patch_snmp=""
patch_snmp()
{

2
modules/select_system_proxy.sh
View File

@@ -9,7 +9,7 @@
# ------------------------------------------------------------------------------
export VER_select_system_proxy="0.0.5"
export DEP_select_system_proxy="upgrade_dist"
export DEP_select_system_proxy=""
select_system_proxy()
{

62
modules/upgrade_dist.sh
View File

@@ -13,14 +13,19 @@
# * PROXY_APT_PORT: Working port for APT proxy if one declared
# * PROXY_SRV: General purpose proxy if PROXY_APT is undefined
# * PROXY_SRV_PORT: Working port for general purpose proxy if one declared
# TODO: Split apt conf and actuel update to avoid repeating configuration if
# for a reason apt fail
# TODO: This is Debian only, make this universal (at least yum/dnf compatible)
# ------------------------------------------------------------------------------
export VER_upgrade_dist="0.2.3"
export VER_upgrade_dist="0.3.0"
# As aptitude might fail if clock is too far from real time, we need to depend
# on ntp
export DEP_upgrade_dist="conf_ntp"
export SOURCE_EXT="${SOURCE_EXT:-list}"
upgrade_dist()
{
local proxyfile=/etc/apt/apt.conf.d/00proxy
@@ -29,6 +34,8 @@ upgrade_dist()
# We backup entire apt dir
backup_dist /etc/apt
prnt I "Basic apt configuration..."
# TODO: No recommend section should be optionnal
tag_file $norecommends
{
echo 'APT::Install-Recommends "false";'
@@ -38,23 +45,36 @@ upgrade_dist()
prnt I "Configuring proxy for APT..."
if [[ -n $PROXY_APT ]]; then
if [[ ! -d $(dirname $proxyfile) ]]; then
mkdir -pv $(dirname $proxyfile) || (
prnt E "Impossible to create directory to receive APT configuration."
die 60
)
fi
tag_file $proxyfile
echo "Acquire::http::Proxy \"http://${PROXY_APT}:${PROXY_APT_PORT}\";" >> $proxyfile
if [[ ! -d $(dirname $proxyfile) ]]; then
mkdir -pv "$(dirname $proxyfile)" || (
prnt E "Impossible to create directory to receive APT configuration."
die 60
)
else
# Cleanup
if [[ -s $proxyfile ]]; then
true > "$proxyfile"
fi
if grep -q "^Acquire::http::Proxy" /etc/apt/apt.conf; then
sed -i -e "/^Acquire::http::Proxy/d" /etc/apt/apt.conf
fi
fi
tag_file $proxyfile
echo "Acquire::http::Proxy \"http://${PROXY_APT}:${PROXY_APT_PORT}\";" >> $proxyfile
elif [[ -n $PROXY_SRV ]]; then
tag_file $proxyfile
echo "Acquire::http::Proxy \"http://${PROXY_SRV}:${PROXY_SRV_PORT}\";" >> $proxyfile
tag_file $proxyfile
echo "Acquire::http::Proxy \"http://${PROXY_SRV}:${PROXY_SRV_PORT}\";" >> $proxyfile
else
prnt I "No proxy configured, nothing to do."
prnt I "No proxy configured, nothing to do."
fi
# Remplace source.list from dist with ours (be smarter)
install_file "pkgman/${SYS_DIST}_${SYS_VER}.list" /etc/apt/sources.list
if [[ NO_MAIN_SOURCE == true ]]; then
install_file "pkgman/${SYS_DIST}_${SYS_VER}.list" "/etc/apt/sources.list.d/debian.${SOURCE_EXT}"
else
# We don't use SOURCE_EXT
install_file "pkgman/${SYS_DIST}_${SYS_VER}.list" "/etc/apt/sources.list"
fi
prnt I "Updating package list..."
pkgupdt
@@ -71,18 +91,22 @@ precheck_upgrade_dist()
prnt I "Checking network connectivity..."
if [[ $(noerror wget -q --tries=10 --timeout=20 --spider http://www.tetaneutral.net) != 0 ]]; then
prnt E "It seems network configuration is not functionnal! Giving up."
die 160
prnt E "It seems network configuration is not functionnal! Giving up."
die 160
fi
if [[ -n $PROXY_APT && -z $PROXY_APT_PORT ]]; then
prnt E "An APT proxy server have been specified but not its working port."
die 160
prnt E "An APT proxy server have been specified but not its working port."
die 160
fi
if [[ -n $PROXY_SRV && -z $PROXY_SRV_PORT ]]; then
prnt E "A general proxy server have been specified but not its working port."
die 160
prnt E "A general proxy server have been specified but not its working port."
die 160
fi
file_must_exists pkgman/${SYS_DIST}_${SYS_VER}.list
if [[ -z $NO_MAIN_SOURCE ]]; then
prnt E "A required variable to configure apt is not defined."
die 160
fi
}
cron_upgrade_dist()

53
repo/common/ntpsec.conf Normal file
View File

@@ -0,0 +1,53 @@
# /etc/ntpsec/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile /var/lib/ntpsec/ntp.drift
leapfile /usr/share/zoneinfo/leap-seconds.list
# To enable Network Time Security support as a server, obtain a certificate
# (e.g., with Let's Encrypt), place the cert and key in the paths below, and
# uncomment:
# nts cert /etc/ntpsec/cert-chain.pem
# nts key /etc/ntpsec/key.pem
# nts enable
# You must create /var/log/ntpsec (owned by ntpsec:ntpsec) to enable logging.
#statsdir /var/log/ntpsec/
#statistics loopstats peerstats clockstats
#filegen loopstats file loopstats type day enable
#filegen peerstats file peerstats type day enable
#filegen clockstats file clockstats type day enable
# This should be maxclock 7, but the pool entries count towards maxclock.
tos maxclock 11
# Comment this out if you have a refclock and want it to be able to discipline
# the clock by itself (e.g. if the system is not connected to the network).
tos minclock 4 minsane 3
# Specify one or more NTP servers.
# Public NTP servers supporting Network Time Security:
# server time.cloudflare.com nts
@SERVERLIST@
# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
# pick a different set every time it starts up. Please consider joining the
# pool: <https://www.pool.ntp.org/join.html>
#pool 0.debian.pool.ntp.org iburst
#pool 1.debian.pool.ntp.org iburst
#pool 2.debian.pool.ntp.org iburst
#pool 3.debian.pool.ntp.org iburst
# Access control configuration; see /usr/share/doc/ntpsec-doc/html/accopt.html
# for details.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
restrict default kod nomodify noquery limited
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

15
repo/common/pkgman/debian_10.list
View File

@@ -1,5 +1,10 @@
# Basic Debian Buster repositories
deb http://deb.debian.org/debian buster main
deb http://deb.debian.org/debian buster-updates main
deb http://deb.debian.org/debian-security buster/updates main
# Basic Debian Buster repositories
deb http://deb.debian.org/debian buster main contrib non-free
deb-src http://deb.debian.org/debian buster main contrib non-free
deb http://deb.debian.org/debian buster-updates main contrib non-free
deb-src http://deb.debian.org/debian buster-updates main contrib non-free
deb http://deb.debian.org/debian-security buster/updates main contrib non-free
deb-src http://deb.debian.org/debian-security buster/updates main contrib non-free

24
repo/common/pkgman/debian_11.list
View File

@@ -1,20 +1,10 @@
# deb cdrom:[Debian GNU/Linux 11.0.0 _Bullseye_ - Official amd64 NETINST 20210814-10:07]/ bullseye main
# Basic debian Bullseye reop
#deb cdrom:[Debian GNU/Linux 11.0.0 _Bullseye_ - Official amd64 NETINST 20210814-10:07]/ bullseye main
deb http://debian.univ-tlse2.fr/debian/ bullseye main contrib non-free
deb-src http://debian.univ-tlse2.fr/debian/ bullseye main contrib non-free
deb http://debian.univ-tlse2.fr/debian/ bullseye main contrib
deb-src http://debian.univ-tlse2.fr/debian/ bullseye main contrib
deb http://security.debian.org/debian-security bullseye-security main contrib non-free
deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free
deb http://security.debian.org/debian-security bullseye-security main contrib
deb-src http://security.debian.org/debian-security bullseye-security main contrib
# bullseye-updates, to get updates before a point release is made;
# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb http://debian.univ-tlse2.fr/debian/ bullseye-updates main contrib
deb-src http://debian.univ-tlse2.fr/debian/ bullseye-updates main contrib
# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.
deb http://debian.univ-tlse2.fr/debian/ bullseye-updates main contrib non-free
deb-src http://debian.univ-tlse2.fr/debian/ bullseye-updates main contrib non-free

10
repo/common/pkgman/debian_12.list Normal file
View File

@@ -0,0 +1,10 @@
# Basic Debian Bookworm repo
deb http://debian.univ-tlse2.fr/debian/ bookworm main contrib non-free non-free-firmware
deb-src http://debian.univ-tlse2.fr/debian/ bookworm main contrib non-free non-free-firmware
deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
deb-src http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
deb http://debian.univ-tlse2.fr/debian/ bookworm-updates main contrib non-free non-free-firmware
deb-src http://debian.univ-tlse2.fr/debian/ bookworm-updates main contrib non-free non-free-firmware

4
repo/common/pkgman/devuan_3.list
View File

@@ -5,5 +5,5 @@ deb-src http://fr.deb.devuan.org/merged beowulf main contrib non-free
deb http://fr.deb.devuan.org/merged beowulf-updates main contrib non-free
deb-src http://fr.deb.devuan.org/merged beowulf-updates main contrib non-free
deb http://fr.deb.devuan.org/merged beowulf-backports main contrib non-free
deb-src http://fr.deb.devuan.org/merged beowulf-backports main contrib non-free
deb http://fr.deb.devuan.org/merged beowulf-security main contrib non-free
deb-src http://fr.deb.devuan.org/merged beowulf-security main contrib non-free

4
repo/common/pkgman/devuan_4.list
View File

@@ -5,5 +5,5 @@ deb-src http://fr.deb.devuan.org/merged chimaera main contrib non-free
deb http://fr.deb.devuan.org/merged chimaera-updates main contrib non-free
deb-src http://fr.deb.devuan.org/merged chimaera-updates main contrib non-free
deb http://fr.deb.devuan.org/merged chimaera-backports main contrib non-free
deb-src http://fr.deb.devuan.org/merged chimaera-backports main contrib non-free
deb http://fr.deb.devuan.org/merged chimaera-security main contrib non-free
deb-src http://fr.deb.devuan.org/merged chimaera-security main contrib non-free

14
repo/common/pkgman/devuan_5.list
View File

@@ -1,9 +1,9 @@
#
deb http://fr.deb.devuan.org/merged daedalus main contrib non-free
deb-src http://fr.deb.devuan.org/merged daedalus main contrib non-free
#
deb http://fr.deb.devuan.org/merged daedalus main contrib non-free non-free-firmware
deb-src http://fr.deb.devuan.org/merged daedalus main contrib non-free non-free-firmware
#deb http://fr.deb.devuan.org/merged daedalus-updates main contrib non-free
#deb-src http://fr.deb.devuan.org/merged daedalus-updates main contrib non-free
deb http://fr.deb.devuan.org/merged daedalus-updates main contrib non-free non-free-firmware
deb-src http://fr.deb.devuan.org/merged daedalus-updates main contrib non-free non-free-firmware
#deb http://fr.deb.devuan.org/merged daedalus-backports main contrib non-free
#deb-src http://fr.deb.devuan.org/merged daedalus-backports main contrib non-free
deb http://fr.deb.devuan.org/merged daedalus-security main contrib non-free non-free-firmware
deb-src http://fr.deb.devuan.org/merged daedalus-security main contrib non-free non-free-firmware

10
repo/common/pkgman/devuan_6.list Normal file
View File

@@ -0,0 +1,10 @@
deb http://fr.deb.devuan.org/merged excalibur main non-free-firmware contrib
deb-src http://fr.deb.devuan.org/merged excalibur main non-free-firmware contrib
deb http://fr.deb.devuan.org/merged excalibur-security main non-free-firmware contrib
deb-src http://fr.deb.devuan.org/merged excalibur-security main non-free-firmware contrib
# excalibur-updates, to get updates before a point release is made;
# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb http://fr.deb.devuan.org/merged excalibur-updates main non-free-firmware contrib
deb-src http://fr.deb.devuan.org/merged excalibur-updates main non-free-firmware contrib

103
repo/hosts/biliran/rsyslog.conf Normal file
View File

@@ -0,0 +1,103 @@
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#################
#### MODULES ####
#################
module(load="imuxsock") # provides support for local system logging
module(load="imklog") # provides kernel logging support
#module(load="immark") # provides --MARK-- message capability
# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
###############
#### RULES ####
###############
#
# First some standard log files. Log by facility.
#
auth,authpriv.* /share/services/syslog/auth.log
*.*;auth,authpriv.none -/share/services/syslog/syslog
cron.* /share/services/syslog/cron.log
daemon.* -/share/services/syslog/daemon.log
kern.* -/share/services/syslog/kern.log
lpr.* -/share/services/syslog/lpr.log
mail.* -/share/services/syslog/mail.log
user.* -/share/services/syslog/user.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/share/services/syslog/mail.info
mail.warn -/share/services/syslog/mail.warn
mail.err /share/services/syslog/mail.err
# Miscelanious logging facilities
local0.* /share/services/syslog/local0.log
local1.* /share/services/syslog/local1.log
local2.* /share/services/syslog/local2.log
local3.* /share/services/syslog/local3.log
local4.* /share/services/syslog/local4.log
local5.* /share/services/syslog/local5.log
local6.* /share/services/syslog/local6.log
local7.* /share/services/syslog/local7.log
#
# Some "catch-all" log files.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/share/services/syslog/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/share/services/syslog/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg :omusrmsg:*

78
repo/hosts/cagua/ntp.conf
View File

@@ -1,64 +1,48 @@
*# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
# State files
driftfile /var/lib/ntp/ntp.drift
leapfile /usr/share/zoneinfo/leap-seconds.list
# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/
# Statistics
statistics loopstats peerstats clockstats
statistics loopstats peerstats clockstats sysstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
filegen sysstats file sysstats type day enable
# Interfaces to listen on:
interface listen 192.168.1.0/24
interface listen 10.250.42.0/24
interface listen 10.42.250.0/16
interface ignore wildcard
# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example
# NTP sources
# Our other NTP server, to have consistant REFID
server didicas prefer iburst
# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
# pick a different set every time it starts up. Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
server ntp.laas.fr iburst
server ntp.sophia.cnrs.fr iburst
server ntp2.emn.fr iburst
server delphi.phys.univ-tours.fr iburst
server ntp.crashdump.fr iburst
server ntp.ilianum.com iburst
server ntp.unice.fr iburst
server ntp.accelance.net iburst
server ntp.deuza.net iburst
server ntp1.jussieu.fr iburst
server time.resolvlab.com iburst
server ntp.laas.fr iburst
server ntp.sophia.cnrs.fr iburst
server ntp2.emn.fr iburst
server delphi.phys.univ-tours.fr iburst
server ntp.crashdump.fr iburst
server ntp.ilianum.com iburst
server ntp.unice.fr iburst
server ntp.accelance.net iburst
server ntp.deuza.net iburst
server ntp1.jussieu.fr iburst
server time.resolvlab.com iburst
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited
# Local users may interrogate the ntp server more closely.
restrict 192.168.1.0/24
restrict 127.0.0.1
restrict ::1
# Needed for adding pool entries
restrict default limited nomodify notrap nopeer noquery
restrict source notrap nomodify noquery
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
restrict 192.168.0.0 mask 255.255.0.0 trust
# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
broadcast 192.168.1.255
# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines. Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient
restrict 192.168.1.0/24
restrict 10.250.42.0/24
restrict 10.42.250.0/16
restrict 127.0.0.1
restrict ::1

78
repo/hosts/didicas/ntp.conf
View File

@@ -1,64 +1,48 @@
*# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
# State files
driftfile /var/lib/ntp/ntp.drift
leapfile /usr/share/zoneinfo/leap-seconds.list
# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/
# Statistics
statistics loopstats peerstats clockstats
statistics loopstats peerstats clockstats sysstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
filegen sysstats file sysstats type day enable
# Interfaces to listen on:
interface listen 192.168.1.0/24
interface listen 10.250.42.0/24
interface listen 10.42.250.0/16
interface ignore wildcard
# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example
# NTP sources
# Our other NTP server, to have consistant REFID
server cagua prefer iburst
# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
# pick a different set every time it starts up. Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
server ntp.laas.fr iburst
server ntp.sophia.cnrs.fr iburst
server ntp2.emn.fr iburst
server delphi.phys.univ-tours.fr iburst
server ntp.crashdump.fr iburst
server ntp.ilianum.com iburst
server ntp.unice.fr iburst
server ntp.accelance.net iburst
server ntp.deuza.net iburst
server ntp1.jussieu.fr iburst
server time.resolvlab.com iburst
server ntp.laas.fr iburst
server ntp.sophia.cnrs.fr iburst
server ntp2.emn.fr iburst
server delphi.phys.univ-tours.fr iburst
server ntp.crashdump.fr iburst
server ntp.ilianum.com iburst
server ntp.unice.fr iburst
server ntp.accelance.net iburst
server ntp.deuza.net iburst
server ntp1.jussieu.fr iburst
server time.resolvlab.com iburst
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited
# Local users may interrogate the ntp server more closely.
restrict 192.168.1.0/24
restrict 127.0.0.1
restrict ::1
# Needed for adding pool entries
restrict default limited nomodify notrap nopeer noquery
restrict source notrap nomodify noquery
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
restrict 192.168.0.0 mask 255.255.0.0 trust
# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
broadcast 192.168.1.255
# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines. Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient
restrict 192.168.1.0/24
restrict 10.250.42.0/24
restrict 10.42.250.0/16
restrict 127.0.0.1
restrict ::1