Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F12297413
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
16 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/.arclint b/.arclint
index 22a0327..fc61d43 100644
--- a/.arclint
+++ b/.arclint
@@ -1,63 +1,60 @@
{
"linters": {
"chmod": {
"type": "chmod"
},
"shell": {
"type": "shellcheck",
- "shellcheck.exclude": [
- "SC3028"
- ],
"include": [
"(\\.sh$)"
]
},
"filename": {
"type": "filename"
},
"json": {
"type": "json",
"include": [
"(^\\.arcconfig$)",
"(^\\.arclint$)",
"(\\.json$)"
]
},
"python": {
"type": "flake8",
"severity": {
"E203": "disabled",
"E731": "disabled",
"F821": "advice"
},
"flake8.builtins": [
"KAFKA_CLUSTERS",
"SENTRY_FEATURES",
"SENTRY_OPTIONS",
"__context__",
"__executors__",
"__ext_pillar__",
"__grains__",
"__opts__",
"__pillar__",
"__proxy__",
"__ret__",
"__runner__",
"__runners__",
"__salt__",
"__sdb__",
"__serializers__",
"__states__",
"__thorium__",
"__utils__"
],
"include": [
"(\\.py$)",
"(^roles/saas-rabbitmq/server/content.sls$)",
"(^roles/viperserv/eggdrop/cron.sls$)",
"(^roles/webserver-legacy/php-builder/source.sls$)",
"(^roles/webserver-legacy/php-sites/cleanup.sls$)"
]
}
}
}
diff --git a/roles/core/certificates/files/certbot/utilities/delete-certbot-certificate.sh b/roles/core/certificates/files/certbot/utilities/delete-certbot-certificate.sh
index 04e13ad..e873dda 100755
--- a/roles/core/certificates/files/certbot/utilities/delete-certbot-certificate.sh
+++ b/roles/core/certificates/files/certbot/utilities/delete-certbot-certificate.sh
@@ -1,69 +1,70 @@
#!/bin/sh
# -------------------------------------------------------------
# Remove a Let's Encrypt
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: BSD-2-Clause
# Source file: roles/core/certificates/files/certbot/utilities/delete-certbot-certificate.sh
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
set -e
# -------------------------------------------------------------
# Ensure user is root
#
# Note: POSIX shells don't always define $UID or $EUID.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# shellcheck disable=SC3028
if [ "${EUID:-$(id -u)}" -ne 0 ]; then
echo "This command must be run as root." >&2
exit 1
fi
# -------------------------------------------------------------
# Parse arguments
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
if [ $# -eq 0 ]; then
echo "Usage: $(basename "$0") <certificate>" >&2
exit 1
fi
CERTIFICATE=$1
# -------------------------------------------------------------
# Determine etc directory path
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
. /etc/os-release
if [ "$ID" = "freebsd" ]; then
ETC=/usr/local/etc
else
ETC=/etc
fi
# -------------------------------------------------------------
# Determine if the certificate exists
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
if [ ! -f "$ETC/letsencrypt/live/$CERTIFICATE/chain.pem" ]; then
echo "The certificate cannot be found." >&2
exit 2
fi
# -------------------------------------------------------------
# Delete certificate and renewal information
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
rm -rf "$ETC/letsencrypt/live/$CERTIFICATE"
rm -rf "$ETC/letsencrypt/archive/$CERTIFICATE"
rm "$ETC/letsencrypt/renewal/$CERTIFICATE.conf"
diff --git a/roles/core/network/files/Linux/routes.sh b/roles/core/network/files/Linux/routes.sh
index d94cd30..51fa4c9 100755
--- a/roles/core/network/files/Linux/routes.sh
+++ b/roles/core/network/files/Linux/routes.sh
@@ -1,37 +1,42 @@
#!/bin/sh
# -------------------------------------------------------------
# Network — routes configuration for Linux systems
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# Source file: roles/core/network/files/Linux/routes.sh
# Dependencies: iproute
# GNU xargs for -r
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
ROUTES_CONFIG_PATH=/etc/routes.conf
-# Runs as root only
-test -z $UID && UID=$(id -u)
-if [ "$UID" -ne 0 ]; then
- echo This script must be run as root. >&2
+# -------------------------------------------------------------
+# Ensure user is root
+#
+# Note: POSIX shells don't always define $UID or $EUID.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+# shellcheck disable=SC3028
+if [ "${EUID:-$(id -u)}" -ne 0 ]; then
+ echo "This command must be run as root." >&2
exit 1
fi
# Warn about configuration missing
if [ ! -f $ROUTES_CONFIG_PATH ]; then
echo No routes configuration file found at $ROUTES_CONFIG_PATH >&2
exit 2
fi
# Apply routes
# Ignore comments and blank line, pass the remaining lines to `ip route`
grep '^[^#]' $ROUTES_CONFIG_PATH | xargs -L 1 -r ip route replace
diff --git a/roles/dbserver-mysql/treasure-chest/files/db-treasure-import.sh b/roles/dbserver-mysql/treasure-chest/files/db-treasure-import.sh
index c825c77..242fb9e 100755
--- a/roles/dbserver-mysql/treasure-chest/files/db-treasure-import.sh
+++ b/roles/dbserver-mysql/treasure-chest/files/db-treasure-import.sh
@@ -1,62 +1,63 @@
#!/bin/sh
# -------------------------------------------------------------
# Import a MySQL database from the databases treasure chest
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: BSD-2-Clause
# Source file: roles/dbserver-mysql/treasure-chest/files/db-treasure-import.sh
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
set -e
DATABASES_BACKUP_PATH=/var/backups/db-treasure-chest
DATABASES_MYSQL_PATH=/var/db/mysql
# -------------------------------------------------------------
# Ensure user is root
#
# Note: POSIX shells don't always define $UID or $EUID.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-if [ "$(id -u)" -ne 0 ]; then
+# shellcheck disable=SC3028
+if [ "${EUID:-$(id -u)}" -ne 0 ]; then
echo "This command must be run as root." >&2
exit 1
fi
# -------------------------------------------------------------
# Parse arguments
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
if [ $# -eq 0 ]; then
echo "Usage: $(basename $0) <database>" >&2
exit 1
fi
DATABASE=$1
if [ -d "$DATABASES_MYSQL_PATH/$DATABASE" ]; then
echo "Database $DATABASE seems already imported: directory exists in $DATABASES_MYSQL_PATH." >&2
exit 2
fi
if [ ! -f "$DATABASES_BACKUP_PATH/$DATABASE.sql" ]; then
echo "Database $DATABASE dump can't be found in DATABASES_BACKUP_PATH" >&2
exit 4
fi
# -------------------------------------------------------------
# Restore database
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
mysql -e "CREATE DATABASE $DATABASE"
mysql "$DATABASE" < "$DATABASES_BACKUP_PATH/$DATABASE.sql"
echo "[$(date +%FT%H:%M:%S%z)] $DATABASE restored." >> "$DATABASES_BACKUP_PATH/_restored/_restore.log"
mv "$DATABASES_BACKUP_PATH/$DATABASE.sql" "$DATABASES_BACKUP_PATH/_restored/"
diff --git a/roles/salt-primary/software/files/autochmod-git.sh b/roles/salt-primary/software/files/autochmod-git.sh
index b7c4052..a6f5ed5 100755
--- a/roles/salt-primary/software/files/autochmod-git.sh
+++ b/roles/salt-primary/software/files/autochmod-git.sh
@@ -1,45 +1,46 @@
#!/bin/sh
# -------------------------------------------------------------
# Sets permissions for a group-shared Git repository
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# If eligible, BSD-2-Clause
# Source file: roles/salt-primary/software/files/autochmod-git.sh
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
set -e
# -------------------------------------------------------------
# Ensure user is root
#
# Note: POSIX shells don't always define $UID or $EUID.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-if [ "$(id -u)" -ne 0 ]; then
+# shellcheck disable=SC3028
+if [ "${EUID:-$(id -u)}" -ne 0 ]; then
echo "This command must be run as root." >&2
exit 1
fi
# -------------------------------------------------------------
# Git information
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
dir=$(git rev-parse --show-toplevel)
# -------------------------------------------------------------
# Let's chmod
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
set -x
find "$dir" -print0 -type d | xargs -0 chmod g+xw
find "$dir" -print0 -type f | xargs -0 chmod g+w
diff --git a/roles/webserver-alkane/php/files/restart-php-fpm.sh b/roles/webserver-alkane/php/files/restart-php-fpm.sh
index 0abda70..08d7ac7 100755
--- a/roles/webserver-alkane/php/files/restart-php-fpm.sh
+++ b/roles/webserver-alkane/php/files/restart-php-fpm.sh
@@ -1,32 +1,33 @@
#!/bin/sh
# -------------------------------------------------------------
# Restart php-fpm
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# Source file: roles/webserver-alkane/php/files/restart-php-fpm.sh
# Description: Deploy and restart php-fpm service
# -------------------------------------------------------------
set -e
# -------------------------------------------------------------
# Ensure user is root
#
# Note: POSIX shells don't always define $UID or $EUID.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# shellcheck disable=SC3028
if [ "${EUID:-$(id -u)}" -ne 0 ]; then
echo "This command must be run as root." >&2
exit 1
fi
# -------------------------------------------------------------
# Update through Salt the service if needed & restart php-fpm
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
rm -f /usr/local/etc/rc.d/php_fpm
grep -q auto-generated /usr/local/etc/rc.d/php-fpm || salt-call state.apply roles/webserver-alkane/php/service
/usr/local/etc/rc.d/php-fpm restart
diff --git a/utils/bootstrap/hello-FreeBSD.sh b/utils/bootstrap/hello-FreeBSD.sh
index b2d5397..e696bb4 100755
--- a/utils/bootstrap/hello-FreeBSD.sh
+++ b/utils/bootstrap/hello-FreeBSD.sh
@@ -1,67 +1,74 @@
#!/bin/sh
# -------------------------------------------------------------
# Bootstrap script — FreeBSD
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Description: Install Salt and try to connect to Complector
# License: BSD-2-Clause
# -------------------------------------------------------------
-if [ "$(id -u)" -ne 0 ]; then
+# -------------------------------------------------------------
+# Ensure user is root
+#
+# Note: POSIX shells don't always define $UID or $EUID.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+# shellcheck disable=SC3028
+if [ "${EUID:-$(id -u)}" -ne 0 ]; then
echo "This command must be run as root." >&2
exit 1
fi
# -------------------------------------------------------------
# Hello
# ASCII art by Jason Balthis
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
printf "\n";
printf "\033[1;34m----------------------------------------------------------------------- \033[m\n";
printf "\033[31;1m , , \033[m\n";
printf "\033[31;1m /( )\` \033[m\n";
printf "\033[1;32m FFFFFFF \033[31;1m \ \___ / | \033[m\n";
printf "\033[1;32m FF \033[31;1m /- _ \`-/ \' \033[m\n";
printf "\033[1;32m FF \033[31;1m (/\/ \ \ /\ \033[m\n";
printf "\033[1;32m FFFFF RR RRR EEEEE EEEEE \033[31;1m / / | \` \ \033[m\n";
printf "\033[1;32m FF RRR EE EE EE EE \033[31;1m O O ) / | \033[m\n";
printf "\033[1;32m FF RR EEEEEEE EEEEEEE \033[31;1m \`-^--\'\`< \' \033[m\n";
printf "\033[1;32m FF RR EE EE \033[31;1m (_.) _ ) / \033[m\n";
printf "\033[1;32m FF RR EEEEEE EEEEEE \033[31;1m \`.___/\` / \033[m\n";
printf "\033[31;1m \`-----/ \033[m\n";
printf "\033[1;32m BBBBBB SSSSS DDDDDD \033[31;1m <----. __ / __ \ \033[m\n";
printf "\033[1;32m BB BB SS SS DD DD \033[31;1m <----|====O)))==) \) /==== \033[m\n";
printf "\033[1;32m BB BB SS DD DD \033[31;1m <----\' \`--\' \`.__,\' \ \033[m\n";
printf "\033[1;32m BBBBBB SSSSS DD DD \033[31;1m | | \033[m\n";
printf "\033[1;32m BB BB SS DD DD \033[31;1m \ / \033[m\n";
printf "\033[1;32m BB BB SS SS DD DD \033[31;1m ______( (_ / \______ \033[m\n";
printf "\033[1;32m BBBBBB SSSSS DDDDDD \033[31;1m ,\' ,-----\' | \ \033[m\n";
printf "\033[31;1m \`--{__________) \/ \033[m\n\n";
printf "\033[1;34m--------------------------------------------------------------------- \033[m\n";
printf "\033[1;32m Welcome to your new Nasqueron server, powered by \033[31;1mFreeBSD \033[m\n";
printf "\033[33;1m Connecting the server to \033[31;1mComplector\033[m \033[33;1mto join the forest.\033[m\n";
printf "\033[1;34m--------------------------------------------------------------------- \033[m\n";
echo ""
# -------------------------------------------------------------
# Software installation
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
pkg update && pkg upgrade
pkg install git tmux nano py311-salt py311-cryptography
# -------------------------------------------------------------
# Minimal salt configuration for this node
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
hostname -s > /usr/local/etc/salt/minion_id
echo "172.27.27.7 complector complector.nasqueron.drake" >> /etc/hosts
echo "master: complector.nasqueron.drake" > /usr/local/etc/salt/minion
echo "master_finger: 'ec:b8:cf:8d:be:7a:eb:3c:43:8d:3b:38:3f:0e:bb:47:f6:eb:a3:89:92:3d:b4:b1:8f:19:48:1f:d2:8f:c9:60'" >> /usr/local/etc/salt/minion
ifconfig | grep -q "inet 172.27.27." || echo "You need to configure an IP in 172.27.27.0/24" >&2
ifconfig | grep -q "inet 172.27.27." && /usr/local/etc/rc.d/salt_minion onestart || (salt --versions && echo "Failure log available at /var/log/salt/minion")
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Wed, Oct 22, 11:55 (20 h, 30 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3092071
Default Alt Text
(16 KB)
Attached To
Mode
rOPS Nasqueron Operations
Attached
Detach File
Event Timeline
Log In to Comment