miaou
/
miaou-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

change debian-bash to miaou-bash

main
pvincent 9 months ago
parent
6357409ec8
commit
353a553bc0
15 changed files with 57 additions and 56 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 47
      lib/functions.sh
  2. 12
      lib/harden.sh
  3. 2
      lib/images/bullseye-miaou.sh
  4. 2
      lib/images/buster-miaou.sh
  5. 4
      lib/install.sh
  6. 2
      recipes/dolibarr/crud.sh
  7. 2
      recipes/dolibarr/install.sh
  8. 10
      recipes/mariadb/install.sh
  9. 2
      recipes/odoo12/install.sh
  10. 2
      recipes/odoo15/install.sh
  11. 8
      recipes/postgresql/install.sh
  12. 2
      scripts/db-maria
  13. 2
      scripts/db-psql
  14. 12
      scripts/lxc-miaou-create
  15. 4
      scripts/lxc-miaou-enable-ssh

47
lib/functions.sh
View File

@ -110,7 +110,7 @@ function prepare_nftables() {
function miaou_init() {
# shellcheck source=/dev/null
[[ -f /opt/debian-bash/lib/functions.sh ]] && source /opt/debian-bash/lib/functions.sh
[[ -f /opt/miaou-bash/lib/functions.sh ]] && source /opt/miaou-bash/lib/functions.sh
# shellcheck source=/dev/null
. "$MIAOU_BASEDIR/lib/functions.sh"
@ -215,7 +215,7 @@ function container_exists() {
lxc list "$1" -c n -f csv | grep -q "^$1\$"
}
# build debian image with prebuild debian-bash and various useful settings
# build debian image with prebuild miaou-bash and various useful settings
# ARG1=release [bullseye, buster]
function build_miaou_image() {
local RELEASE="$1"
@ -230,7 +230,7 @@ function build_miaou_image() {
echo "building lxc image <$IMAGE_LABEL> ... "
echo "image will reuse same local repository <$DEB_REPOSITORY>"
creation_date=$(date +%s)
sudo /opt/debian-bash/tools/idem_apt_install debootstrap
sudo /opt/miaou-bash/tools/idem_apt_install debootstrap
cat <<EOF1 | sudo bash
set -euo pipefail
@ -263,8 +263,11 @@ EOF3
apt update && apt dist-upgrade -y
apt install -y curl wget file git sudo bash-completion
curl https://git.artcode.re/pvincent/debian-bash/raw/branch/master/install.sh | sudo bash -s -- --host
ln -sf /usr/share/zoneinfo/Indian/Reunion /etc/localtime
curl https://git.artcode.re/miaou/miaou-bash/raw/branch/main/install.sh | sudo bash -s -- --host
# TODO: remove line below
# ln -sf /usr/share/zoneinfo/Indian/Reunion /etc/localtime
cat <<EOF3 >/etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
@ -418,26 +421,24 @@ function env_or_ask {
fi
}
# install_debian_bash()
# grab and install related project
function install_debian_bash() {
local PREFIX="debian-bash:install"
if [[ ! -d /opt/debian-bash ]]; then
function install_miaou_bash() {
local PREFIX="miaou-bash:install"
if [[ ! -d /opt/miaou-bash ]]; then
echo "installing curl wget commands ..."
apt install -y curl wget
echo "installing debian-bash..."
curl https://git.artcode.re/pvincent/debian-bash/raw/branch/master/install.sh | sudo bash -s -- --host
export PATH=$PATH:/opt/debian-bash/tools/
echo "installing miaou-bash..."
curl https://git.artcode.re/miaou/miaou-bash/raw/branch/main/install.sh | sudo bash -s -- --host
export PATH=$PATH:/opt/miaou-bash/tools/
echo "OK"
else
# /opt/debian-bash/tools/debian_bash_upgrade
echo "addon <debian-bash> already installed!"
echo "addon <miaou-bash> already installed!"
fi
# shellcheck source=/dev/null
source /etc/bash.bashrc
sudo /opt/debian-bash/tools/idem_apt_install bash-completion
sudo /opt/miaou-bash/tools/idem_apt_install bash-completion
}
function add_toolbox_sudoers {
@ -463,7 +464,7 @@ function prepare_toolbox() {
curl -sSf https://sh.rustup.rs | sh -s -- -y
# shellcheck source=/dev/null
source "$HOME/.cargo/env"
/opt/debian-bash/tools/append_or_replace "^PATH=\$PATH:\$HOME/\\.cargo/bin" "PATH=\$PATH:\$HOME/.cargo/bin" ~/.bashrc
/opt/miaou-bash/tools/append_or_replace "^PATH=\$PATH:\$HOME/\\.cargo/bin" "PATH=\$PATH:\$HOME/.cargo/bin" ~/.bashrc
PREFIX="" echo "OK"
else
echo "command <cargo> already installed!"
@ -490,7 +491,7 @@ function prepare_toolbox() {
echo -n "installing <rg> alias <ripgrep> ... "
if [ ! -f "/TOOLBOX/rg" ]; then
sudo /opt/debian-bash/tools/idem_apt_install ripgrep
sudo /opt/miaou-bash/tools/idem_apt_install ripgrep
sudo ln /usr/bin/rg /TOOLBOX/
PREFIX="" echo "successfully installed"
else
@ -499,7 +500,7 @@ function prepare_toolbox() {
echo -n "installing <ag> alias <silversearcher-ag> ... "
if [ ! -f "/TOOLBOX/ag" ]; then
sudo /opt/debian-bash/tools/idem_apt_install silversearcher-ag
sudo /opt/miaou-bash/tools/idem_apt_install silversearcher-ag
sudo ln /usr/bin/ag /TOOLBOX/
PREFIX="" echo "successfully installed"
else
@ -541,7 +542,7 @@ function prepare_toolbox() {
echo -n "installing <ncdu> ... "
if [ ! -f "/TOOLBOX/ncdu" ]; then
sudo /opt/debian-bash/tools/idem_apt_install ncdu
sudo /opt/miaou-bash/tools/idem_apt_install ncdu
sudo cp /usr/bin/ncdu /TOOLBOX/ncdu
PREFIX="" echo "successfully installed"
else
@ -550,7 +551,7 @@ function prepare_toolbox() {
echo -n "installing <unzip> ... "
if [ ! -f "/TOOLBOX/unzip" ]; then
sudo /opt/debian-bash/tools/idem_apt_install unzip
sudo /opt/miaou-bash/tools/idem_apt_install unzip
sudo cp /usr/bin/unzip /TOOLBOX/unzip
PREFIX="" echo "successfully installed"
else
@ -559,7 +560,7 @@ function prepare_toolbox() {
echo -n "installing <tree> ... "
if [ ! -f "/TOOLBOX/tree" ]; then
sudo /opt/debian-bash/tools/idem_apt_install tree
sudo /opt/miaou-bash/tools/idem_apt_install tree
sudo cp /bin/tree /TOOLBOX/tree
PREFIX="" echo "successfully installed"
else
@ -568,7 +569,7 @@ function prepare_toolbox() {
echo -n "installing <duf> ... "
if [ ! -f "/TOOLBOX/duf" ]; then
VERSION=$(/opt/debian-bash/tools/wget_semver github muesli/duf)
VERSION=$(/opt/miaou-bash/tools/wget_semver github muesli/duf)
VERSION_WITHOUT_V=${VERSION#v}
wget -O /tmp/duf.deb "https://github.com/muesli/duf/releases/download/${VERSION}/duf_${VERSION_WITHOUT_V}_linux_amd64.deb"
sudo dpkg -i /tmp/duf.deb
@ -601,7 +602,7 @@ function prepare_toolbox() {
function install_mandatory_commands() {
local PREFIX="mandatory:commands"
sudo /opt/debian-bash/tools/idem_apt_install dnsutils build-essential curl mariadb-client postgresql-client
sudo /opt/miaou-bash/tools/idem_apt_install dnsutils build-essential curl mariadb-client postgresql-client
if ! exist_command tera; then
echo "installing <tera> ..."

12
lib/harden.sh
View File

@ -87,7 +87,7 @@ function prepare_proxy() {
if ! grep -Eq "^precedence ::ffff:0:0/96.*" /etc/gai.conf; then
echo "prefer ipv4 ..."
sudo /opt/debian-bash/tools/append_or_replace "^precedence ::ffff:0:0/96.*" "precedence ::ffff:0:0/96 100" /etc/gai.conf
sudo /opt/miaou-bash/tools/append_or_replace "^precedence ::ffff:0:0/96.*" "precedence ::ffff:0:0/96 100" /etc/gai.conf
echo "OK"
else
echo "ipv4 already prefered!"
@ -95,7 +95,7 @@ function prepare_proxy() {
if ! grep -Eq "^net.ipv4.ip_forward=1" /etc/sysctl.conf; then
echo "allow forwarding from kernel ..."
sudo /opt/debian-bash/tools/append_or_replace "^net.ipv4.ip_forward=1.*" "net.ipv4.ip_forward=1" /etc/sysctl.conf
sudo /opt/miaou-bash/tools/append_or_replace "^net.ipv4.ip_forward=1.*" "net.ipv4.ip_forward=1" /etc/sysctl.conf
sudo sysctl -p
echo "OK"
else
@ -163,7 +163,7 @@ function mailer_alert() {
done
echo "installing <msmtp> ..."
sudo /opt/debian-bash/tools/idem_apt_install msmtp msmtp-mta mailutils bsd-mailx
sudo /opt/miaou-bash/tools/idem_apt_install msmtp msmtp-mta mailutils bsd-mailx
echo "OK"
echo "configuring </etc/aliases>"
@ -232,7 +232,7 @@ function alert_at_ssh_password() {
echo "installing alert_at_ssh_password..."
sudo cp "$MIAOU_BASEDIR/templates/hardened/pam/alert_ssh_password.sh" /usr/local/bin/
sudo chmod 700 /usr/local/bin/alert_ssh_password.sh
sudo /opt/debian-bash/tools/append_or_replace "^session optional pam_exec.so /usr/local/bin/alert_ssh_password.sh" "session optional pam_exec.so /usr/local/bin/alert_ssh_password.sh" /etc/pam.d/sshd
sudo /opt/miaou-bash/tools/append_or_replace "^session optional pam_exec.so /usr/local/bin/alert_ssh_password.sh" "session optional pam_exec.so /usr/local/bin/alert_ssh_password.sh" /etc/pam.d/sshd
echo "OK"
else
echo "alert_at_ssh_password already enabled!"
@ -243,7 +243,7 @@ function customize_motd {
local PREFIX="harden:motd:customize"
if [[ ! -f /etc/update-motd.d/80-users ]]; then
echo "customizing motd..."
sudo /opt/debian-bash/tools/idem_apt_install figlet lsb-release
sudo /opt/miaou-bash/tools/idem_apt_install figlet lsb-release
sudo rm -f /etc/motd
sudo mkdir -p /etc/update-motd.d
sudo rm -f /etc/update-motd.d/*
@ -274,7 +274,7 @@ PREFIX="harden"
: $PREFIX
sudo_required
install_debian_bash
install_miaou_bash
install_mandatory_commands
prepare_config_hardened
set_current_user

2
lib/images/bullseye-miaou.sh
View File

@ -8,7 +8,7 @@ function init_strict() {
# shellcheck source=/dev/null
source "$MIAOU_DIR/lib/functions.sh"
# shellcheck source=/dev/null
source "/opt/debian-bash/lib/functions.sh"
source "/opt/miaou-bash/lib/functions.sh"
trap 'trap_error $? $LINENO $BASH_LINENO "$BASH_COMMAND" $(printf "::%s" ${FUNCNAME[@]})' ERR
}

2
lib/images/buster-miaou.sh
View File

@ -8,7 +8,7 @@ function init_strict() {
# shellcheck source=/dev/null
source "$MIAOU_DIR/lib/functions.sh"
# shellcheck source=/dev/null
source "/opt/debian-bash/lib/functions.sh"
source "/opt/miaou-bash/lib/functions.sh"
trap 'trap_error $? $LINENO $BASH_LINENO "$BASH_COMMAND" $(printf "::%s" ${FUNCNAME[@]})' ERR
}

4
lib/install.sh
View File

@ -38,7 +38,7 @@ function prepare_lxd {
echo "user <$USER> already belongs to group <lxd>!"
fi
sudo /opt/debian-bash/tools/idem_apt_install lxd btrfs-progs
sudo /opt/miaou-bash/tools/idem_apt_install lxd btrfs-progs
# test lxdbr0
if ! lxc network info lxdbr0 &>/dev/null; then
@ -181,7 +181,7 @@ function set_alias {
function miaou_evalfrombashrc() {
local PREFIX="miaou:bashrc"
output=$(
/opt/debian-bash/tools/append_or_replace \
/opt/miaou-bash/tools/append_or_replace \
"^eval \"\\$\($MIAOU_BASEDIR/lib/install.sh shellenv\)\"$" \
"eval \"\$($MIAOU_BASEDIR/lib/install.sh shellenv)\"" \
"$HOME/.bashrc"

2
recipes/dolibarr/crud.sh
View File

@ -39,7 +39,7 @@ function _create() {
set -Eeuo pipefail
echo "install latest release ... "
cd /var/www
PATH="\$PATH:/opt/debian-bash/tools"
PATH="\$PATH:/opt/miaou-bash/tools"
VERSION="\$(wget_semver github Dolibarr/dolibarr)"
if [[ ! -f "dolibarr-\$VERSION.tgz" ]]; then
wget_release github Dolibarr/dolibarr

2
recipes/dolibarr/install.sh
View File

@ -34,7 +34,7 @@ function install() {
apt update
apt install -y $MANDATORY_PACKAGES_STRING
cd /var/www
PATH="\$PATH:/opt/debian-bash/tools"
PATH="\$PATH:/opt/miaou-bash/tools"
VERSION="\$(wget_semver github Dolibarr/dolibarr)"
if [[ ! -f "dolibarr-\$VERSION.tgz" ]]; then
wget_release github Dolibarr/dolibarr

10
recipes/mariadb/install.sh
View File

@ -30,7 +30,7 @@ function install() {
PREFIX="recipe:mariadb:install"
: $PREFIX
sudo /opt/debian-bash/tools/idem_apt_install mariadb-client
sudo /opt/miaou-bash/tools/idem_apt_install mariadb-client
echowarn "initializing ..."
launch_container "$CONTAINER"
build_device_backup
@ -38,16 +38,16 @@ function install() {
lxc exec "$CONTAINER" -- bash <<EOF
set -Eeuo pipefail
cloud-init status --wait >/dev/null
. /opt/debian-bash/lib/functions.sh
. /opt/miaou-bash/lib/functions.sh
apt update && apt dist-upgrade -y
/opt/debian-bash/tools/idem_apt_install mariadb-server automysqlbackup
/opt/miaou-bash/tools/idem_apt_install mariadb-server automysqlbackup
echo "change bind-adress"
/opt/debian-bash/tools/append_or_replace "^bind-address.*$" "bind-address = 0.0.0.0" /etc/mysql/mariadb.conf.d/50-server.cnf
/opt/miaou-bash/tools/append_or_replace "^bind-address.*$" "bind-address = 0.0.0.0" /etc/mysql/mariadb.conf.d/50-server.cnf
systemctl restart mariadb.service
function systemctl-exists() ([ \$(systemctl list-unit-files "\${1}*" | wc -l) -gt 3 ])
systemctl-exists exim4.service && systemctl stop exim4.service && systemctl disable exim4.service
/opt/debian-bash/tools/append_or_replace "^BACKUPDIR=.*$" "BACKUPDIR=\"/mnt/BACKUP/mariadb\"" /etc/default/automysqlbackup
/opt/miaou-bash/tools/append_or_replace "^BACKUPDIR=.*$" "BACKUPDIR=\"/mnt/BACKUP/mariadb\"" /etc/default/automysqlbackup
exit 0
EOF
echo DONE

2
recipes/odoo12/install.sh
View File

@ -108,7 +108,7 @@ function install() {
fi
echo "community-color change to $BACKGROUND_COLOR"
/opt/debian-bash/tools/append_or_replace "^.*o-community-color:.*" "\\\\\\\$o-community-color: $BACKGROUND_COLOR;" /home/odoo/odoo12/addons/web/static/src/scss/primary_variables.scss
/opt/miaou-bash/tools/append_or_replace "^.*o-community-color:.*" "\\\\\\\$o-community-color: $BACKGROUND_COLOR;" /home/odoo/odoo12/addons/web/static/src/scss/primary_variables.scss
EOT
mkdir -p /etc/odoo12

2
recipes/odoo15/install.sh
View File

@ -92,7 +92,7 @@ function install() {
echo "git odoo15 already downloaded!"
fi
echo "community-color change to $BACKGROUND_COLOR"
/opt/debian-bash/tools/append_or_replace "^.*o-community-color:.*" "\\\\\\\$o-community-color: $BACKGROUND_COLOR !default;" /home/odoo/odoo15/addons/web/static/src/legacy/scss/primary_variables.scss
/opt/miaou-bash/tools/append_or_replace "^.*o-community-color:.*" "\\\\\\\$o-community-color: $BACKGROUND_COLOR !default;" /home/odoo/odoo15/addons/web/static/src/legacy/scss/primary_variables.scss
EOT
mkdir -p /etc/odoo15

8
recipes/postgresql/install.sh
View File

@ -29,8 +29,8 @@ function install() {
set -Eeuo pipefail
apt update
. /opt/debian-bash/lib/functions.sh
/opt/debian-bash/tools/idem_apt_install postgresql
. /opt/miaou-bash/lib/functions.sh
/opt/miaou-bash/tools/idem_apt_install postgresql
echo -n "start postgresql now..."
PG_VERSION=\$(pg_lsclusters -h | cut -d' ' -f1)
@ -40,8 +40,8 @@ function install() {
function systemctl-exists() ([ \$(systemctl list-unit-files "\${1}*" | wc -l) -gt 3 ])
systemctl-exists exim4.service && systemctl disable exim4.service
/opt/debian-bash/tools/append_or_replace "^listen_addresses = .*$" "listen_addresses = '0.0.0.0'" /etc/postgresql/\$PG_VERSION/main/postgresql.conf
/opt/debian-bash/tools/append_or_replace "^host.*all.*all.*$BRIDGE_SUBNET.*md5" "host\tall\t\tall\t\t$BRIDGE_SUBNET\t\tmd5" /etc/postgresql/\$PG_VERSION/main/pg_hba.conf
/opt/miaou-bash/tools/append_or_replace "^listen_addresses = .*$" "listen_addresses = '0.0.0.0'" /etc/postgresql/\$PG_VERSION/main/postgresql.conf
/opt/miaou-bash/tools/append_or_replace "^host.*all.*all.*$BRIDGE_SUBNET.*md5" "host\tall\t\tall\t\t$BRIDGE_SUBNET\t\tmd5" /etc/postgresql/\$PG_VERSION/main/pg_hba.conf
systemctl restart postgresql.service
EOF

2
scripts/db-maria
View File

@ -46,7 +46,7 @@ use() {
create() {
# shellcheck disable=SC1091
source /opt/debian-bash/lib/functions.sh
source /opt/miaou-bash/lib/functions.sh
# shellcheck disable=SC2034
mapfile -t DBs < <(list)

2
scripts/db-psql
View File

@ -52,7 +52,7 @@ use() {
create() {
echo >&2 "about to create to <${DB_NAME}> ..."
source /opt/debian-bash/lib/functions.sh
source /opt/miaou-bash/lib/functions.sh
local DBs=($(list))
if ! $(containsElement DBs $DB_NAME); then
local SQL="CREATE USER \\\\\\\"$DB_NAME\\\\\\\" WITH PASSWORD '$DB_PASSWORD'"

12
scripts/lxc-miaou-create
View File

@ -105,8 +105,8 @@ EOF
lxc config device add "$CONTAINER" SHARED disk source="$HOME/LXD/SHARED/$CONTAINER" path=/mnt/SHARED -q
lxc config device add "$CONTAINER" TOOLBOX disk source=/TOOLBOX path=/TOOLBOX -q
lxc config device add "$CONTAINER" DEBIAN_BASH disk source=$(realpath /opt/debian-bash) path=/opt/debian-bash -q
lxc config set "$CONTAINER" environment.PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/debian-bash/tools:/TOOLBOX -q
lxc config device add "$CONTAINER" DEBIAN_BASH disk source=$(realpath /opt/miaou-bash) path=/opt/miaou-bash -q
lxc config set "$CONTAINER" environment.PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/miaou-bash/tools:/TOOLBOX -q
if [[ "$OPTION_NESTING" == true ]]; then
lxc config set $CONTAINER security.nesting true -q
@ -115,8 +115,8 @@ EOF
lxc start "$CONTAINER" -q
# initializing debian-bash
lxc exec "$CONTAINER" -- /opt/debian-bash/init.sh
# initializing miaou-bash
lxc exec "$CONTAINER" -- /opt/miaou-bash/init.sh
# default configuration files (btm,)
lxc exec "$CONTAINER" -- mkdir -p /root/.config/bottom
@ -141,12 +141,12 @@ EOF
if ! lxc exec "$CONTAINER" -- passwd -S "$miaou_user" | cut -d ' ' -f2 | grep -q ^P; then
shadow_passwd=$(load_yaml_from_expanded credential.shadow)
shadow_remainder=$(lxc exec "$CONTAINER" -- bash -c "grep $miaou_user /etc/shadow | cut -d':' -f3-")
lxc exec "$CONTAINER" -- /opt/debian-bash/tools/append_or_replace "^$miaou_user:.*:" "$miaou_user:$shadow_passwd:$shadow_remainder" /etc/shadow >/dev/null
lxc exec "$CONTAINER" -- /opt/miaou-bash/tools/append_or_replace "^$miaou_user:.*:" "$miaou_user:$shadow_passwd:$shadow_remainder" /etc/shadow >/dev/null
fi
fi
if [[ "$OPTION_SSH" == true ]]; then
lxc exec "$CONTAINER" -- /opt/debian-bash/tools/idem_apt_install openssh-server
lxc exec "$CONTAINER" -- /opt/miaou-bash/tools/idem_apt_install openssh-server
fi
if [[ "$OPTION_SSH" == true && "$OPTION_SAMEUSER" == true ]]; then

4
scripts/lxc-miaou-enable-ssh
View File

@ -34,9 +34,9 @@ EOF
miaou_user=$(whoami)
shadow_passwd=$(load_yaml_from_expanded credential.shadow)
shadow_remainder=$(lxc exec "$CONTAINER" -- bash -c "grep $SSH_USER /etc/shadow | cut -d':' -f3-")
lxc exec "$CONTAINER" -- /opt/debian-bash/tools/append_or_replace "^$SSH_USER:.*:" "$SSH_USER:$shadow_passwd:$shadow_remainder" /etc/shadow >/dev/null
lxc exec "$CONTAINER" -- /opt/miaou-bash/tools/append_or_replace "^$SSH_USER:.*:" "$SSH_USER:$shadow_passwd:$shadow_remainder" /etc/shadow >/dev/null
lxc exec "$CONTAINER" -- /opt/debian-bash/tools/idem_apt_install openssh-server
lxc exec "$CONTAINER" -- /opt/miaou-bash/tools/idem_apt_install openssh-server
previous_users=($(
lxc exec "$CONTAINER" -- bash <<EOF
set -Eeuo pipefail

Write Preview
Loading…
Cancel
Save