diff options
Diffstat (limited to 'cokiki.hs')
-rw-r--r-- | cokiki.hs | 36 |
1 files changed, 31 insertions, 5 deletions
@@ -20,6 +20,7 @@ import System.IO | |||
20 | import System.Posix.User | 20 | import System.Posix.User |
21 | import CommandLine | 21 | import CommandLine |
22 | import Data.OpenPGP (SymmetricAlgorithm(Unencrypted)) | 22 | import Data.OpenPGP (SymmetricAlgorithm(Unencrypted)) |
23 | import qualified Hosts | ||
23 | 24 | ||
24 | usage = unlines | 25 | usage = unlines |
25 | [ "cokiki <command> [--chroot=ROOTDIR]" | 26 | [ "cokiki <command> [--chroot=ROOTDIR]" |
@@ -42,17 +43,20 @@ usage = unlines | |||
42 | , "COMMANDS" | 43 | , "COMMANDS" |
43 | , "" | 44 | , "" |
44 | , " ssh-client Modify system ssh configuration to respect" | 45 | , " ssh-client Modify system ssh configuration to respect" |
45 | , " /var/cache/kiki/ssh_known_hosts." | 46 | , " /var/cache/kiki/config/ssh_known_hosts." |
46 | , "" | 47 | , "" |
47 | , " ssh-server Modify system ssh configuration to use the" | 48 | , " ssh-server Modify system ssh configuration to use the" |
48 | , " kiki-managed host key at" | 49 | , " kiki-managed host key at" |
49 | , " /var/cache/kiki/ssh_host_rsa_key." | 50 | , " /var/cache/kiki/config/ssh_host_rsa_key." |
50 | , "" | 51 | , "" |
51 | , " strongswan Modify /etc/ipsec.conf to include settings from" | 52 | , " strongswan Modify /etc/ipsec.conf to include settings from" |
52 | , " /var/cache/kiki/ipsec.conf." | 53 | , " /var/cache/kiki/config/ipsec.conf." |
53 | , "" | 54 | , "" |
54 | , " tor Modify /etc/tor/torrc to configure a tor hidden" | 55 | , " tor Modify /etc/tor/torrc to configure a tor hidden" |
55 | , " service for email (smtp), ssh, and http ports." | 56 | , " service for email (smtp), ssh, and http ports." |
57 | , "" | ||
58 | , " hosts Merge hostnames from /var/cache/kiki/config/hosts" | ||
59 | , " into system file /etc/hosts." | ||
56 | ] | 60 | ] |
57 | 61 | ||
58 | main = do | 62 | main = do |
@@ -63,6 +67,7 @@ main = do | |||
63 | ["ssh-server"] -> Just $ sshServer uid <$> Kiki.ㄧchroot <*> Kiki.ㄧhomedir | 67 | ["ssh-server"] -> Just $ sshServer uid <$> Kiki.ㄧchroot <*> Kiki.ㄧhomedir |
64 | ["strongswan"] -> Just $ strongswan uid <$> Kiki.ㄧchroot <*> Kiki.ㄧhomedir | 68 | ["strongswan"] -> Just $ strongswan uid <$> Kiki.ㄧchroot <*> Kiki.ㄧhomedir |
65 | ["tor"] -> Just $ configureTor uid <$> Kiki.ㄧchroot <*> Kiki.ㄧhomedir | 69 | ["tor"] -> Just $ configureTor uid <$> Kiki.ㄧchroot <*> Kiki.ㄧhomedir |
70 | ["hosts"] -> Just $ configureHosts uid <$> Kiki.ㄧchroot <*> Kiki.ㄧhomedir | ||
66 | _ -> Nothing | 71 | _ -> Nothing |
67 | spec = uncurry fancy Kiki.kikiOptions "" | 72 | spec = uncurry fancy Kiki.kikiOptions "" |
68 | errorQuit msg = do | 73 | errorQuit msg = do |
@@ -78,6 +83,7 @@ main = do | |||
78 | maybeReadFile :: FilePath -> IO (Maybe L.ByteString) | 83 | maybeReadFile :: FilePath -> IO (Maybe L.ByteString) |
79 | maybeReadFile path = do | 84 | maybeReadFile path = do |
80 | doesFileExist path >>= bool (return Nothing) (Just <$> L.readFile path) | 85 | doesFileExist path >>= bool (return Nothing) (Just <$> L.readFile path) |
86 | |||
81 | myWriteFile f bs = do | 87 | myWriteFile f bs = do |
82 | createDirectoryIfMissing True (takeDirectory f) | 88 | createDirectoryIfMissing True (takeDirectory f) |
83 | hPutStrLn stderr $ "Writing "++f | 89 | hPutStrLn stderr $ "Writing "++f |
@@ -133,17 +139,29 @@ sshServer uid root cmn = whenRoot uid root cmn $ do | |||
133 | Kiki.importAndRefresh root cmn Unencrypted | 139 | Kiki.importAndRefresh root cmn Unencrypted |
134 | 140 | ||
135 | strongswan uid root cmn = whenRoot uid root cmn $ do | 141 | strongswan uid root cmn = whenRoot uid root cmn $ do |
142 | -- (1) /etc/ipsec.conf <-- 'include /var/cache/kiki/config/ipsec.conf' | ||
136 | -- Parsing as if ssh config, that's not right, but good enough for now. | 143 | -- Parsing as if ssh config, that's not right, but good enough for now. |
137 | ipsecconf <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ipsec.conf") | 144 | ipsecconf <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ipsec.conf") |
138 | let p:gs = groupBy (\_ d -> not $ sshIsDirective "include" d) $ ["#"]:ipsecconf | 145 | let p:gs = groupBy (\_ d -> not $ sshIsDirective "include" d) $ ["#"]:ipsecconf |
139 | got = filter (\(d:ds) -> elem "/var/cache/kiki/config/ipsec.conf" d) gs | 146 | got = filter (\(d:ds) -> elem "/var/cache/kiki/config/ipsec.conf" d) gs |
140 | case got of | 147 | case got of |
141 | _:_ -> do hPutStrLn stderr "ipsec already configured." | 148 | _:_ -> do hPutStrLn stderr "ipsec.conf already configured." |
142 | [] -> do let ipsecconf' = drop 1 $ ipsecconf ++ [stmt] | 149 | [] -> do let ipsecconf' = drop 1 $ ipsecconf ++ [stmt] |
143 | stmt = ["include", " ", "/var/cache/kiki/config/ipsec.conf"] | 150 | stmt = ["include", " ", "/var/cache/kiki/config/ipsec.conf"] |
144 | hPutStrLn stderr "adding include directive" | 151 | hPutStrLn stderr "adding include directive" |
145 | myWriteFile (root "/etc/ipsec.conf") $ unparseSshConfig ipsecconf' | 152 | myWriteFile (root "/etc/ipsec.conf") $ unparseSshConfig ipsecconf' |
146 | -- etc/ipsec.conf <-- 'include /var/cache/kiki/ipsec.conf' | 153 | |
154 | -- (2) /etc/ipsec.secrets/ <- include /var/cache/kiki/config/ipsec.secrets | ||
155 | -- Parsing as if ssh config, that's not right, but good enough for now. | ||
156 | ipsecconf <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ipsec.secrets") | ||
157 | let p:gs = groupBy (\_ d -> not $ sshIsDirective "include" d) $ ["#"]:ipsecconf | ||
158 | got = filter (\(d:ds) -> elem "/var/cache/kiki/config/ipsec.secrets" d) gs | ||
159 | case got of | ||
160 | _:_ -> do hPutStrLn stderr "ipsec.secrets already configured." | ||
161 | [] -> do let ipsecconf' = drop 1 $ ipsecconf ++ [stmt] | ||
162 | stmt = ["include", " ", "/var/cache/kiki/config/ipsec.secrets"] | ||
163 | hPutStrLn stderr "adding include directive" | ||
164 | myWriteFile (root "/etc/ipsec.secrets") $ unparseSshConfig ipsecconf' | ||
147 | Kiki.importAndRefresh root cmn Unencrypted | 165 | Kiki.importAndRefresh root cmn Unencrypted |
148 | 166 | ||
149 | configureTor uid root cmn = whenRoot uid root cmn $ do | 167 | configureTor uid root cmn = whenRoot uid root cmn $ do |
@@ -201,6 +219,14 @@ configureTor uid root cmn = whenRoot uid root cmn $ do | |||
201 | Kiki.importAndRefresh root cmn Unencrypted | 219 | Kiki.importAndRefresh root cmn Unencrypted |
202 | return () | 220 | return () |
203 | 221 | ||
222 | configureHosts uid root cmn = whenRoot uid root cmn $ do | ||
223 | Kiki.importAndRefresh root cmn Unencrypted | ||
224 | hosts <- Hosts.decode . fromMaybe "" <$> maybeReadFile (root "/etc/hosts") | ||
225 | kikihosts <- Hosts.decode . fromMaybe "" <$> maybeReadFile (root "/var/cache/kiki/config/hosts") | ||
226 | let hosts' = hosts `Hosts.plus` kikihosts | ||
227 | case Hosts.diff hosts hosts' of | ||
228 | [] -> hPutStrLn stderr "kiki hosts are already merged." | ||
229 | _ -> myWriteFile (root "/etc/hosts") $ Hosts.encode hosts' | ||
204 | 230 | ||
205 | parseSshConfig :: L.ByteString -> [[L.ByteString]] | 231 | parseSshConfig :: L.ByteString -> [[L.ByteString]] |
206 | parseSshConfig bs = map tokenize $ L8.lines bs | 232 | parseSshConfig bs = map tokenize $ L8.lines bs |