Browse Source

change debian-bash to miaou-bash

main
pvincent 10 months ago
parent
commit
353a553bc0
  1. 47
      lib/functions.sh
  2. 12
      lib/harden.sh
  3. 2
      lib/images/bullseye-miaou.sh
  4. 2
      lib/images/buster-miaou.sh
  5. 4
      lib/install.sh
  6. 2
      recipes/dolibarr/crud.sh
  7. 2
      recipes/dolibarr/install.sh
  8. 10
      recipes/mariadb/install.sh
  9. 2
      recipes/odoo12/install.sh
  10. 2
      recipes/odoo15/install.sh
  11. 8
      recipes/postgresql/install.sh
  12. 2
      scripts/db-maria
  13. 2
      scripts/db-psql
  14. 12
      scripts/lxc-miaou-create
  15. 4
      scripts/lxc-miaou-enable-ssh

47
lib/functions.sh

@ -110,7 +110,7 @@ function prepare_nftables() {
function miaou_init() {
# shellcheck source=/dev/null
[[ -f /opt/debian-bash/lib/functions.sh ]] && source /opt/debian-bash/lib/functions.sh
[[ -f /opt/miaou-bash/lib/functions.sh ]] && source /opt/miaou-bash/lib/functions.sh
# shellcheck source=/dev/null
. "$MIAOU_BASEDIR/lib/functions.sh"
@ -215,7 +215,7 @@ function container_exists() {
lxc list "$1" -c n -f csv | grep -q "^$1\$"
}
# build debian image with prebuild debian-bash and various useful settings
# build debian image with prebuild miaou-bash and various useful settings
# ARG1=release [bullseye, buster]
function build_miaou_image() {
local RELEASE="$1"
@ -230,7 +230,7 @@ function build_miaou_image() {
echo "building lxc image <$IMAGE_LABEL> ... "
echo "image will reuse same local repository <$DEB_REPOSITORY>"
creation_date=$(date +%s)
sudo /opt/debian-bash/tools/idem_apt_install debootstrap
sudo /opt/miaou-bash/tools/idem_apt_install debootstrap
cat <<EOF1 | sudo bash
set -euo pipefail
@ -263,8 +263,11 @@ EOF3
apt update && apt dist-upgrade -y
apt install -y curl wget file git sudo bash-completion
curl https://git.artcode.re/pvincent/debian-bash/raw/branch/master/install.sh | sudo bash -s -- --host
ln -sf /usr/share/zoneinfo/Indian/Reunion /etc/localtime
curl https://git.artcode.re/miaou/miaou-bash/raw/branch/main/install.sh | sudo bash -s -- --host
# TODO: remove line below
# ln -sf /usr/share/zoneinfo/Indian/Reunion /etc/localtime
cat <<EOF3 >/etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
@ -418,26 +421,24 @@ function env_or_ask {
fi
}
# install_debian_bash()
# grab and install related project
function install_debian_bash() {
local PREFIX="debian-bash:install"
if [[ ! -d /opt/debian-bash ]]; then
function install_miaou_bash() {
local PREFIX="miaou-bash:install"
if [[ ! -d /opt/miaou-bash ]]; then
echo "installing curl wget commands ..."
apt install -y curl wget
echo "installing debian-bash..."
curl https://git.artcode.re/pvincent/debian-bash/raw/branch/master/install.sh | sudo bash -s -- --host
export PATH=$PATH:/opt/debian-bash/tools/
echo "installing miaou-bash..."
curl https://git.artcode.re/miaou/miaou-bash/raw/branch/main/install.sh | sudo bash -s -- --host
export PATH=$PATH:/opt/miaou-bash/tools/
echo "OK"
else
# /opt/debian-bash/tools/debian_bash_upgrade
echo "addon <debian-bash> already installed!"
echo "addon <miaou-bash> already installed!"
fi
# shellcheck source=/dev/null
source /etc/bash.bashrc
sudo /opt/debian-bash/tools/idem_apt_install bash-completion
sudo /opt/miaou-bash/tools/idem_apt_install bash-completion
}
function add_toolbox_sudoers {
@ -463,7 +464,7 @@ function prepare_toolbox() {
curl -sSf https://sh.rustup.rs | sh -s -- -y
# shellcheck source=/dev/null
source "$HOME/.cargo/env"
/opt/debian-bash/tools/append_or_replace "^PATH=\$PATH:\$HOME/\\.cargo/bin" "PATH=\$PATH:\$HOME/.cargo/bin" ~/.bashrc
/opt/miaou-bash/tools/append_or_replace "^PATH=\$PATH:\$HOME/\\.cargo/bin" "PATH=\$PATH:\$HOME/.cargo/bin" ~/.bashrc
PREFIX="" echo "OK"
else
echo "command <cargo> already installed!"
@ -490,7 +491,7 @@ function prepare_toolbox() {
echo -n "installing <rg> alias <ripgrep> ... "
if [ ! -f "/TOOLBOX/rg" ]; then
sudo /opt/debian-bash/tools/idem_apt_install ripgrep
sudo /opt/miaou-bash/tools/idem_apt_install ripgrep
sudo ln /usr/bin/rg /TOOLBOX/
PREFIX="" echo "successfully installed"
else
@ -499,7 +500,7 @@ function prepare_toolbox() {
echo -n "installing <ag> alias <silversearcher-ag> ... "
if [ ! -f "/TOOLBOX/ag" ]; then
sudo /opt/debian-bash/tools/idem_apt_install silversearcher-ag
sudo /opt/miaou-bash/tools/idem_apt_install silversearcher-ag
sudo ln /usr/bin/ag /TOOLBOX/
PREFIX="" echo "successfully installed"
else
@ -541,7 +542,7 @@ function prepare_toolbox() {
echo -n "installing <ncdu> ... "
if [ ! -f "/TOOLBOX/ncdu" ]; then
sudo /opt/debian-bash/tools/idem_apt_install ncdu
sudo /opt/miaou-bash/tools/idem_apt_install ncdu
sudo cp /usr/bin/ncdu /TOOLBOX/ncdu
PREFIX="" echo "successfully installed"
else
@ -550,7 +551,7 @@ function prepare_toolbox() {
echo -n "installing <unzip> ... "
if [ ! -f "/TOOLBOX/unzip" ]; then
sudo /opt/debian-bash/tools/idem_apt_install unzip
sudo /opt/miaou-bash/tools/idem_apt_install unzip
sudo cp /usr/bin/unzip /TOOLBOX/unzip
PREFIX="" echo "successfully installed"
else
@ -559,7 +560,7 @@ function prepare_toolbox() {
echo -n "installing <tree> ... "
if [ ! -f "/TOOLBOX/tree" ]; then
sudo /opt/debian-bash/tools/idem_apt_install tree
sudo /opt/miaou-bash/tools/idem_apt_install tree
sudo cp /bin/tree /TOOLBOX/tree
PREFIX="" echo "successfully installed"
else
@ -568,7 +569,7 @@ function prepare_toolbox() {
echo -n "installing <duf> ... "
if [ ! -f "/TOOLBOX/duf" ]; then
VERSION=$(/opt/debian-bash/tools/wget_semver github muesli/duf)
VERSION=$(/opt/miaou-bash/tools/wget_semver github muesli/duf)
VERSION_WITHOUT_V=${VERSION#v}
wget -O /tmp/duf.deb "https://github.com/muesli/duf/releases/download/${VERSION}/duf_${VERSION_WITHOUT_V}_linux_amd64.deb"
sudo dpkg -i /tmp/duf.deb
@ -601,7 +602,7 @@ function prepare_toolbox() {
function install_mandatory_commands() {
local PREFIX="mandatory:commands"
sudo /opt/debian-bash/tools/idem_apt_install dnsutils build-essential curl mariadb-client postgresql-client
sudo /opt/miaou-bash/tools/idem_apt_install dnsutils build-essential curl mariadb-client postgresql-client
if ! exist_command tera; then
echo "installing <tera> ..."

12
lib/harden.sh

@ -87,7 +87,7 @@ function prepare_proxy() {
if ! grep -Eq "^precedence ::ffff:0:0/96.*" /etc/gai.conf; then
echo "prefer ipv4 ..."
sudo /opt/debian-bash/tools/append_or_replace "^precedence ::ffff:0:0/96.*" "precedence ::ffff:0:0/96 100" /etc/gai.conf
sudo /opt/miaou-bash/tools/append_or_replace "^precedence ::ffff:0:0/96.*" "precedence ::ffff:0:0/96 100" /etc/gai.conf
echo "OK"
else
echo "ipv4 already prefered!"
@ -95,7 +95,7 @@ function prepare_proxy() {
if ! grep -Eq "^net.ipv4.ip_forward=1" /etc/sysctl.conf; then
echo "allow forwarding from kernel ..."
sudo /opt/debian-bash/tools/append_or_replace "^net.ipv4.ip_forward=1.*" "net.ipv4.ip_forward=1" /etc/sysctl.conf
sudo /opt/miaou-bash/tools/append_or_replace "^net.ipv4.ip_forward=1.*" "net.ipv4.ip_forward=1" /etc/sysctl.conf
sudo sysctl -p
echo "OK"
else
@ -163,7 +163,7 @@ function mailer_alert() {
done
echo "installing <msmtp> ..."
sudo /opt/debian-bash/tools/idem_apt_install msmtp msmtp-mta mailutils bsd-mailx
sudo /opt/miaou-bash/tools/idem_apt_install msmtp msmtp-mta mailutils bsd-mailx
echo "OK"
echo "configuring </etc/aliases>"
@ -232,7 +232,7 @@ function alert_at_ssh_password() {
echo "installing alert_at_ssh_password..."
sudo cp "$MIAOU_BASEDIR/templates/hardened/pam/alert_ssh_password.sh" /usr/local/bin/
sudo chmod 700 /usr/local/bin/alert_ssh_password.sh
sudo /opt/debian-bash/tools/append_or_replace "^session optional pam_exec.so /usr/local/bin/alert_ssh_password.sh" "session optional pam_exec.so /usr/local/bin/alert_ssh_password.sh" /etc/pam.d/sshd
sudo /opt/miaou-bash/tools/append_or_replace "^session optional pam_exec.so /usr/local/bin/alert_ssh_password.sh" "session optional pam_exec.so /usr/local/bin/alert_ssh_password.sh" /etc/pam.d/sshd
echo "OK"
else
echo "alert_at_ssh_password already enabled!"
@ -243,7 +243,7 @@ function customize_motd {
local PREFIX="harden:motd:customize"
if [[ ! -f /etc/update-motd.d/80-users ]]; then
echo "customizing motd..."
sudo /opt/debian-bash/tools/idem_apt_install figlet lsb-release
sudo /opt/miaou-bash/tools/idem_apt_install figlet lsb-release
sudo rm -f /etc/motd
sudo mkdir -p /etc/update-motd.d
sudo rm -f /etc/update-motd.d/*
@ -274,7 +274,7 @@ PREFIX="harden"
: $PREFIX
sudo_required
install_debian_bash
install_miaou_bash
install_mandatory_commands
prepare_config_hardened
set_current_user

2
lib/images/bullseye-miaou.sh

@ -8,7 +8,7 @@ function init_strict() {
# shellcheck source=/dev/null
source "$MIAOU_DIR/lib/functions.sh"
# shellcheck source=/dev/null
source "/opt/debian-bash/lib/functions.sh"
source "/opt/miaou-bash/lib/functions.sh"
trap 'trap_error $? $LINENO $BASH_LINENO "$BASH_COMMAND" $(printf "::%s" ${FUNCNAME[@]})' ERR
}

2
lib/images/buster-miaou.sh

@ -8,7 +8,7 @@ function init_strict() {
# shellcheck source=/dev/null
source "$MIAOU_DIR/lib/functions.sh"
# shellcheck source=/dev/null
source "/opt/debian-bash/lib/functions.sh"
source "/opt/miaou-bash/lib/functions.sh"
trap 'trap_error $? $LINENO $BASH_LINENO "$BASH_COMMAND" $(printf "::%s" ${FUNCNAME[@]})' ERR
}

4
lib/install.sh

@ -38,7 +38,7 @@ function prepare_lxd {
echo "user <$USER> already belongs to group <lxd>!"
fi
sudo /opt/debian-bash/tools/idem_apt_install lxd btrfs-progs
sudo /opt/miaou-bash/tools/idem_apt_install lxd btrfs-progs
# test lxdbr0
if ! lxc network info lxdbr0 &>/dev/null; then
@ -181,7 +181,7 @@ function set_alias {
function miaou_evalfrombashrc() {
local PREFIX="miaou:bashrc"
output=$(
/opt/debian-bash/tools/append_or_replace \
/opt/miaou-bash/tools/append_or_replace \
"^eval \"\\$\($MIAOU_BASEDIR/lib/install.sh shellenv\)\"$" \
"eval \"\$($MIAOU_BASEDIR/lib/install.sh shellenv)\"" \
"$HOME/.bashrc"

2
recipes/dolibarr/crud.sh

@ -39,7 +39,7 @@ function _create() {
set -Eeuo pipefail
echo "install latest release ... "
cd /var/www
PATH="\$PATH:/opt/debian-bash/tools"
PATH="\$PATH:/opt/miaou-bash/tools"
VERSION="\$(wget_semver github Dolibarr/dolibarr)"
if [[ ! -f "dolibarr-\$VERSION.tgz" ]]; then
wget_release github Dolibarr/dolibarr

2
recipes/dolibarr/install.sh

@ -34,7 +34,7 @@ function install() {
apt update
apt install -y $MANDATORY_PACKAGES_STRING
cd /var/www
PATH="\$PATH:/opt/debian-bash/tools"
PATH="\$PATH:/opt/miaou-bash/tools"
VERSION="\$(wget_semver github Dolibarr/dolibarr)"
if [[ ! -f "dolibarr-\$VERSION.tgz" ]]; then
wget_release github Dolibarr/dolibarr

10
recipes/mariadb/install.sh

@ -30,7 +30,7 @@ function install() {
PREFIX="recipe:mariadb:install"
: $PREFIX
sudo /opt/debian-bash/tools/idem_apt_install mariadb-client
sudo /opt/miaou-bash/tools/idem_apt_install mariadb-client
echowarn "initializing ..."
launch_container "$CONTAINER"
build_device_backup
@ -38,16 +38,16 @@ function install() {
lxc exec "$CONTAINER" -- bash <<EOF
set -Eeuo pipefail
cloud-init status --wait >/dev/null
. /opt/debian-bash/lib/functions.sh
. /opt/miaou-bash/lib/functions.sh
apt update && apt dist-upgrade -y
/opt/debian-bash/tools/idem_apt_install mariadb-server automysqlbackup
/opt/miaou-bash/tools/idem_apt_install mariadb-server automysqlbackup
echo "change bind-adress"
/opt/debian-bash/tools/append_or_replace "^bind-address.*$" "bind-address = 0.0.0.0" /etc/mysql/mariadb.conf.d/50-server.cnf
/opt/miaou-bash/tools/append_or_replace "^bind-address.*$" "bind-address = 0.0.0.0" /etc/mysql/mariadb.conf.d/50-server.cnf
systemctl restart mariadb.service
function systemctl-exists() ([ \$(systemctl list-unit-files "\${1}*" | wc -l) -gt 3 ])
systemctl-exists exim4.service && systemctl stop exim4.service && systemctl disable exim4.service
/opt/debian-bash/tools/append_or_replace "^BACKUPDIR=.*$" "BACKUPDIR=\"/mnt/BACKUP/mariadb\"" /etc/default/automysqlbackup
/opt/miaou-bash/tools/append_or_replace "^BACKUPDIR=.*$" "BACKUPDIR=\"/mnt/BACKUP/mariadb\"" /etc/default/automysqlbackup
exit 0
EOF
echo DONE

2
recipes/odoo12/install.sh

@ -108,7 +108,7 @@ function install() {
fi
echo "community-color change to $BACKGROUND_COLOR"
/opt/debian-bash/tools/append_or_replace "^.*o-community-color:.*" "\\\\\\\$o-community-color: $BACKGROUND_COLOR;" /home/odoo/odoo12/addons/web/static/src/scss/primary_variables.scss
/opt/miaou-bash/tools/append_or_replace "^.*o-community-color:.*" "\\\\\\\$o-community-color: $BACKGROUND_COLOR;" /home/odoo/odoo12/addons/web/static/src/scss/primary_variables.scss
EOT
mkdir -p /etc/odoo12

2
recipes/odoo15/install.sh

@ -92,7 +92,7 @@ function install() {
echo "git odoo15 already downloaded!"
fi
echo "community-color change to $BACKGROUND_COLOR"
/opt/debian-bash/tools/append_or_replace "^.*o-community-color:.*" "\\\\\\\$o-community-color: $BACKGROUND_COLOR !default;" /home/odoo/odoo15/addons/web/static/src/legacy/scss/primary_variables.scss
/opt/miaou-bash/tools/append_or_replace "^.*o-community-color:.*" "\\\\\\\$o-community-color: $BACKGROUND_COLOR !default;" /home/odoo/odoo15/addons/web/static/src/legacy/scss/primary_variables.scss
EOT
mkdir -p /etc/odoo15

8
recipes/postgresql/install.sh

@ -29,8 +29,8 @@ function install() {
set -Eeuo pipefail
apt update
. /opt/debian-bash/lib/functions.sh
/opt/debian-bash/tools/idem_apt_install postgresql
. /opt/miaou-bash/lib/functions.sh
/opt/miaou-bash/tools/idem_apt_install postgresql
echo -n "start postgresql now..."
PG_VERSION=\$(pg_lsclusters -h | cut -d' ' -f1)
@ -40,8 +40,8 @@ function install() {
function systemctl-exists() ([ \$(systemctl list-unit-files "\${1}*" | wc -l) -gt 3 ])
systemctl-exists exim4.service && systemctl disable exim4.service
/opt/debian-bash/tools/append_or_replace "^listen_addresses = .*$" "listen_addresses = '0.0.0.0'" /etc/postgresql/\$PG_VERSION/main/postgresql.conf
/opt/debian-bash/tools/append_or_replace "^host.*all.*all.*$BRIDGE_SUBNET.*md5" "host\tall\t\tall\t\t$BRIDGE_SUBNET\t\tmd5" /etc/postgresql/\$PG_VERSION/main/pg_hba.conf
/opt/miaou-bash/tools/append_or_replace "^listen_addresses = .*$" "listen_addresses = '0.0.0.0'" /etc/postgresql/\$PG_VERSION/main/postgresql.conf
/opt/miaou-bash/tools/append_or_replace "^host.*all.*all.*$BRIDGE_SUBNET.*md5" "host\tall\t\tall\t\t$BRIDGE_SUBNET\t\tmd5" /etc/postgresql/\$PG_VERSION/main/pg_hba.conf
systemctl restart postgresql.service
EOF

2
scripts/db-maria

@ -46,7 +46,7 @@ use() {
create() {
# shellcheck disable=SC1091
source /opt/debian-bash/lib/functions.sh
source /opt/miaou-bash/lib/functions.sh
# shellcheck disable=SC2034
mapfile -t DBs < <(list)

2
scripts/db-psql

@ -52,7 +52,7 @@ use() {
create() {
echo >&2 "about to create to <${DB_NAME}> ..."
source /opt/debian-bash/lib/functions.sh
source /opt/miaou-bash/lib/functions.sh
local DBs=($(list))
if ! $(containsElement DBs $DB_NAME); then
local SQL="CREATE USER \\\\\\\"$DB_NAME\\\\\\\" WITH PASSWORD '$DB_PASSWORD'"

12
scripts/lxc-miaou-create

@ -105,8 +105,8 @@ EOF
lxc config device add "$CONTAINER" SHARED disk source="$HOME/LXD/SHARED/$CONTAINER" path=/mnt/SHARED -q
lxc config device add "$CONTAINER" TOOLBOX disk source=/TOOLBOX path=/TOOLBOX -q
lxc config device add "$CONTAINER" DEBIAN_BASH disk source=$(realpath /opt/debian-bash) path=/opt/debian-bash -q
lxc config set "$CONTAINER" environment.PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/debian-bash/tools:/TOOLBOX -q
lxc config device add "$CONTAINER" DEBIAN_BASH disk source=$(realpath /opt/miaou-bash) path=/opt/miaou-bash -q
lxc config set "$CONTAINER" environment.PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/miaou-bash/tools:/TOOLBOX -q
if [[ "$OPTION_NESTING" == true ]]; then
lxc config set $CONTAINER security.nesting true -q
@ -115,8 +115,8 @@ EOF
lxc start "$CONTAINER" -q
# initializing debian-bash
lxc exec "$CONTAINER" -- /opt/debian-bash/init.sh
# initializing miaou-bash
lxc exec "$CONTAINER" -- /opt/miaou-bash/init.sh
# default configuration files (btm,)
lxc exec "$CONTAINER" -- mkdir -p /root/.config/bottom
@ -141,12 +141,12 @@ EOF
if ! lxc exec "$CONTAINER" -- passwd -S "$miaou_user" | cut -d ' ' -f2 | grep -q ^P; then
shadow_passwd=$(load_yaml_from_expanded credential.shadow)
shadow_remainder=$(lxc exec "$CONTAINER" -- bash -c "grep $miaou_user /etc/shadow | cut -d':' -f3-")
lxc exec "$CONTAINER" -- /opt/debian-bash/tools/append_or_replace "^$miaou_user:.*:" "$miaou_user:$shadow_passwd:$shadow_remainder" /etc/shadow >/dev/null
lxc exec "$CONTAINER" -- /opt/miaou-bash/tools/append_or_replace "^$miaou_user:.*:" "$miaou_user:$shadow_passwd:$shadow_remainder" /etc/shadow >/dev/null
fi
fi
if [[ "$OPTION_SSH" == true ]]; then
lxc exec "$CONTAINER" -- /opt/debian-bash/tools/idem_apt_install openssh-server
lxc exec "$CONTAINER" -- /opt/miaou-bash/tools/idem_apt_install openssh-server
fi
if [[ "$OPTION_SSH" == true && "$OPTION_SAMEUSER" == true ]]; then

4
scripts/lxc-miaou-enable-ssh

@ -34,9 +34,9 @@ EOF
miaou_user=$(whoami)
shadow_passwd=$(load_yaml_from_expanded credential.shadow)
shadow_remainder=$(lxc exec "$CONTAINER" -- bash -c "grep $SSH_USER /etc/shadow | cut -d':' -f3-")
lxc exec "$CONTAINER" -- /opt/debian-bash/tools/append_or_replace "^$SSH_USER:.*:" "$SSH_USER:$shadow_passwd:$shadow_remainder" /etc/shadow >/dev/null
lxc exec "$CONTAINER" -- /opt/miaou-bash/tools/append_or_replace "^$SSH_USER:.*:" "$SSH_USER:$shadow_passwd:$shadow_remainder" /etc/shadow >/dev/null
lxc exec "$CONTAINER" -- /opt/debian-bash/tools/idem_apt_install openssh-server
lxc exec "$CONTAINER" -- /opt/miaou-bash/tools/idem_apt_install openssh-server
previous_users=($(
lxc exec "$CONTAINER" -- bash <<EOF
set -Eeuo pipefail

Loading…
Cancel
Save