-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathsetup.sh
executable file
·151 lines (145 loc) · 4.3 KB
/
setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
#!/usr/bin/env bash
if [ "$EUID" -ne 0 ]; then
echo 'Run me as root.' >&2
exit 1
fi
pupUrl=git://perot.me/pupfiles
pupDir=/var/lib/pupfiles
pupPrivateUrlInitial=git://perot.me/pupfiles-private
[email protected]:pupfiles-private
scriptDir=$(dirname "$BASH_SOURCE")
scriptDir=$(cd "$scriptDir" && pwd)
if [ -d "$scriptDir/manifests" ]; then
pupDir="$scriptDir"
fi
if [ -n "$PUP_JUST_SET_VARIABLES" ]; then
return
fi
setterm -blength 0
if ! pacman -Q puppet &> /dev/null; then
if ! grep -iP '^\[archlinuxfr\]$' /etc/pacman.conf &> /dev/null; then
echo >> /etc/pacman.conf # Empty line
echo '[archlinuxfr]' >> /etc/pacman.conf
echo 'Server = http://repo.archlinux.fr/$arch' >> /etc/pacman.conf
echo 'SigLevel = Optional' >> /etc/pacman.conf
fi
if ! pacman -Q yaourt &> /dev/null; then
pacman -Sy --noconfirm yaourt || exit 1
fi
yaourt -Sya --noconfirm puppet || exit 1
fi
getpackages() {
for package; do
if ! puppet resource package "$package" ensure=installed &> /dev/null; then
echo "Puppet failed to make sure we have $package." >&2
exit 1
fi
done
}
getpackages openssh git scrypt python python2 python-scrypt
if [ ! -d "$pupDir" ]; then
mkdir -p "$pupDir"
if ! git clone --recursive "$pupUrl" "$pupDir"; then
rm -rf "$pupDir"
exit 1
fi
else
cd "$pupDir"
if ! git pull &> /dev/null; then
echo 'Could not update main repository.'
exit 1
fi
if ! git submodule update &> /dev/null; then
echo 'Could not update submodules.'
exit 1
fi
fi
cd "$pupDir"
if [ ! -f private/ssh.key ]; then
# If we don't have the appropriate ssh key to the private pupfiles repo,
# then remove any leftover private stuff
rm -rf private.key private encrypted-private
fi
if [ ! -d encrypted-private ]; then
fullPrivateCheckout='true'
while [ -n "$fullPrivateCheckout" ]; do
echo 'Open the floodgates and press Enter.'
read
if git clone --recursive "$pupPrivateUrlInitial" encrypted-private; then
fullPrivateCheckout=''
cd encrypted-private
git remote set-url origin "$pupPrivateUrlActual"
cd ..
chmod -R g-rwx,o-rwx encrypted-private
echo 'Close the floodgates and press Enter.'
read
else
rm -rf encrypted-private
fi
done
else
cd encrypted-private
export GIT_SSH="$pupDir/util/git-ssh-private.sh"
if ! git pull &> /dev/null; then
echo 'Could not update encrypted-private repository.'
exit 1
fi
unset GIT_SSH
cd ..
fi
mkdir -p private
decryptionKey=''
if [ ! -f private.key ]; then
echo -n 'Enter decryption key: '
read decryptionKey
echo "$decryptionKey" > private.key
fi
while IFS= read -d $'\0' -r encryptedFile; do
file=$(echo "$encryptedFile" | sed 's#^encrypted-private/*##')
decryptedFile="private/$file"
if [ -d "$encryptedFile" ]; then
mkdir -p "$decryptedFile"
elif [ -f "$encryptedFile" ]; then
if [ ! -f "$decryptedFile" -o "$encryptedFile" -nt "$decryptedFile" ]; then
echo "Decrypting $encryptedFile..."
if ! ./util/decrypt-scrypt.py "$decryptedFile" "$encryptedFile" < private.key; then
echo 'Invalid decryption key.'
rm private.key
exit 1
fi
fi
else
echo "Irregular file $encryptedFile, aborting."
exit 1
fi
done < <(find encrypted-private -name .git -prune -o -print0)
while IFS= read -d $'\0' -r decryptedFile; do
file=$(echo "$decryptedFile" | sed 's#^private/*##')
encryptedFile="encrypted-private/$file"
if [ ! -e "$encryptedFile" ]; then
rm -rf "$decryptedFile"
fi
done < <(find private -print0)
chmod -R g-rwx,o-rwx private
cd "$pupDir"
chosenManifest=$(hostname | tr '[:upper:]' '[:lower:]')
if [ -f this.manifest ]; then
read chosenManifest < this.manifest
fi
while [ ! -f "manifests/$chosenManifest.pp" ]; do
echo 'Which one are you?'
while IFS= read -d $'\0' -r manifest; do
echo " > $manifest" | sed 's#manifests/##' | sed 's/\.pp$//i'
done < <(find manifests -type f -name '*.pp' -print0)
echo -n 'Selection: '
read chosenManifest
echo "$chosenManifest" > this.manifest
done
modulePath="$pupDir/private/modules:$pupDir/modules:`puppet apply --configprint modulepath`"
if [ -f "private/manifests/$chosenManifest.pp" ]; then
cat "private/manifests/$chosenManifest.pp" "manifests/$chosenManifest.pp" > "manifests/.$chosenManifest.gen.pp"
else
cp "manifests/$chosenManifest.pp" "manifests/.$chosenManifest.gen.pp"
fi
export FACTERLIB="$pupDir/facter"
exec puppet apply --modulepath "$modulePath" "manifests/.$chosenManifest.gen.pp"