From 198bd1da9c349a927e187230ea188dc8edae7199 Mon Sep 17 00:00:00 2001 From: pvincent Date: Sat, 6 Dec 2025 15:00:23 +0400 Subject: [PATCH] miaou-install-from_import-sympa --- sympa/doc/migration.md | 5 +++ sympa/miaou/miaou-install-from-import-sympa | 29 ++++++++++-- sympa/recipe/sympa_ldap_auth_remote.recipe | 50 ++++++++++++++------- 3 files changed, 64 insertions(+), 20 deletions(-) diff --git a/sympa/doc/migration.md b/sympa/doc/migration.md index b088772..16a6320 100644 --- a/sympa/doc/migration.md +++ b/sympa/doc/migration.md @@ -52,3 +52,8 @@ Future: debian13, sympa 6.2.76 * CONTAINER=sympa3 * miaou-create "$CONTAINER" * miaou/miaou-install-sympa "$CONTAINER" + +## miaou-install-from-import-sympa + +* CONTAINER=sympa3 +* miaou/miaou-install-from-import-sympa $CONTAINER ~/Downloads/listes.artcode.re-2025-11-14.sympa diff --git a/sympa/miaou/miaou-install-from-import-sympa b/sympa/miaou/miaou-install-from-import-sympa index 4470063..5a76e9a 100755 --- a/sympa/miaou/miaou-install-from-import-sympa +++ b/sympa/miaou/miaou-install-from-import-sympa @@ -31,10 +31,9 @@ function parse_options { shift 1 # Move to the next argument done - [[ -n $CONTAINER ]] || [[ -n $IMPORT_FILE ]] (usage && exit 1) + [[ -z $CONTAINER ]] && [[ ! -f $IMPORT_FILE ]] && (usage && exit 1) || true } - function assert_fake_sympa { [[ $(fqdn) == 'topcode' ]] && [[ -d /opt/miaou-incus ]] } @@ -45,6 +44,22 @@ function install_fake_additional { echo 'install fake additional...' miaou-push $CONTAINER $HOME/.ssh/id_ed25519 /root/.ssh/ miaou-push $CONTAINER $HOME/.ssh/id_ed25519.pub /root/.ssh/ + + local sympa_domain=$(miaou-exec $CONTAINER -- grep ^domain /etc/sympa/sympa/sympa.conf | cut -f2) + echo sympa_domain=$sympa_domain + local sympa_authenticity_key_host=$(ssh-keygen -lF $sympa_domain | grep "^$sympa_domain ED25519" | head -1) + [[ -z $sympa_authenticity_key_host ]] && + echo "fake additional has failed due to unknown machine: $sympa_domain. please connect once like: \`ssh $sympa_domain\` then retry" && + exit 11 + + miaou-exec $CONTAINER -- bash <> /root/.ssh/known_hosts +EOF + local sympa_authenticity_key_container=$(miaou-exec $CONTAINER -- ssh-keygen -lF $sympa_domain | grep "^$sympa_domain ED25519" | head -1) + [[ "$sympa_authenticity_key_host" != "$sympa_authenticity_key_container" ]] && + echo "authenticity key for machine: $sympa_domain mismatched!. please compare like: \`ssh-keygen -lF $sympa_domain\` both from host and container" && + exit 12 + miaou-recipe "$CONTAINER" "$BASEDIR"/../recipe/sympa_ldap_auth_remote.recipe echo 'install fake additional...OK' } @@ -55,6 +70,12 @@ set -Eue parse_options $* "$BASEDIR"/miaou-install-sympa "$CONTAINER" -# TODO: import from file... -install_fake_additional \ No newline at end of file +import_base=$(basename $IMPORT_FILE) +echo "copy import file: $import_base" +miaou-push $CONTAINER $IMPORT_FILE /root/ + +echo "launch the import process" +miaou-exec $CONTAINER -- /opt/miaou-sympa/tools/sympa_import.bash "/root/$import_base" + +install_fake_additional diff --git a/sympa/recipe/sympa_ldap_auth_remote.recipe b/sympa/recipe/sympa_ldap_auth_remote.recipe index bd9e48c..c143bb8 100644 --- a/sympa/recipe/sympa_ldap_auth_remote.recipe +++ b/sympa/recipe/sympa_ldap_auth_remote.recipe @@ -1,18 +1,36 @@ #!/usr/bin/env miaou-recipe -# changes in /etc/sympa/auth.conf -if grep -q '.*host 192.168.1.254:389.*' /etc/sympa/auth.conf; then - /opt/miaou-bash/tools/append_or_replace '.*host 192.168.1.254:389.*' "\thost 127.0.0.1:3890" /etc/sympa/auth.conf - echo 'sympa auth from LDAP local 127.0.0.1:3890 is now active' -else - echo 'sympa auth from LDAP local 127.0.0.1:3890 already enabled' -fi - -# start SSH port translation if needed -if ! ss -tln | grep -q 127.0.0.1:3890; then - ssh -fN listes.artcode.re -L 3890:192.168.1.254:389 - echo 'SSH port translation 3890 is now active!' - systemctl restart wwsympa.socket -else - echo 'SSH already enabled!' -fi +# CONSTANTS + +LDAP_SERVER=192.168.1.254 +LOCAL_PORT=3890 + +# FUNCTIONS + +function tweak_sympa_auth { + if grep -q ".*host $LDAP_SERVER.*" /etc/sympa/auth.conf; then + /opt/miaou-bash/tools/append_or_replace ".*host $LDAP_SERVER:389.*" "\thost 127.0.0.1:$LOCAL_PORT" /etc/sympa/auth.conf + echo "sympa auth from LDAP local 127.0.0.1:$LOCAL_PORT is now active" + else + echo "sympa auth from LDAP local 127.0.0.1:$LOCAL_PORT already enabled" + fi +} + +function ssh_port_translation { + if ! ss -tln | grep -q 127.0.0.1:$LOCAL_PORT; then + + local sympa_domain=$(grep ^domain /etc/sympa/sympa/sympa.conf | cut -f2) + + ssh -fN $sympa_domain -L $LOCAL_PORT:$LDAP_SERVER:389 + echo "SSH port translation $LOCAL_PORT is now listening!" + systemctl restart wwsympa.socket + else + echo 'SSH listener already enabled!' + fi +} + +# MAIN + +set -Eue +tweak_sympa_auth +ssh_port_translation