diff options
Diffstat (limited to 'cokiki.hs')
-rw-r--r-- | cokiki.hs | 20 |
1 files changed, 10 insertions, 10 deletions
@@ -78,22 +78,22 @@ whenRoot uid root cmn action | |||
78 | no = hPutStrLn stderr "operation requires root." | 78 | no = hPutStrLn stderr "operation requires root." |
79 | 79 | ||
80 | sshClient uid root cmn = whenRoot uid root cmn $ do | 80 | sshClient uid root cmn = whenRoot uid root cmn $ do |
81 | -- /etc/ssh/ssh_config <-- 'GlobalKnownHostsFile /var/cache/kiki/ssh_known_hosts' | 81 | -- /etc/ssh/config/ssh_config <-- 'GlobalKnownHostsFile /var/cache/kiki/ssh_known_hosts' |
82 | sshconfig <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ssh/ssh_config") | 82 | sshconfig <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ssh/ssh_config") |
83 | let (ps,qs) = sshSplitAtDirective "GlobalKnownHostsFile" sshconfig | 83 | let (ps,qs) = sshSplitAtDirective "GlobalKnownHostsFile" sshconfig |
84 | sshconfig' <- | 84 | sshconfig' <- |
85 | case qs of | 85 | case qs of |
86 | d:ds | elem "/var/cache/kiki/ssh_known_hosts" d | 86 | d:ds | elem "/var/cache/kiki/config/ssh_known_hosts" d |
87 | -> do hPutStrLn stderr "ssh-client already configured." | 87 | -> do hPutStrLn stderr "ssh-client already configured." |
88 | return Nothing | 88 | return Nothing |
89 | d:ds -> do hPutStrLn stderr "modifying GlobalKnownHostsFile directive" | 89 | d:ds -> do hPutStrLn stderr "modifying GlobalKnownHostsFile directive" |
90 | let hs = " " : "/var/cache/kiki/ssh_known_hosts" : drop 1 d | 90 | let hs = " " : "/var/cache/kiki/config/ssh_known_hosts" : drop 1 d |
91 | stmt = take 1 d ++ hs | 91 | stmt = take 1 d ++ hs |
92 | return $ Just (ps ++ stmt : ds) | 92 | return $ Just (ps ++ stmt : ds) |
93 | [] -> do -- Unconfigured add fresh directive. | 93 | [] -> do -- Unconfigured add fresh directive. |
94 | hPutStrLn stderr "adding GlobalKnownHostsFile directive" | 94 | hPutStrLn stderr "adding GlobalKnownHostsFile directive" |
95 | let stmt = L8.unwords ["GlobalKnownHostsFile" | 95 | let stmt = L8.unwords ["GlobalKnownHostsFile" |
96 | , "/var/cache/kiki/ssh_known_hosts" | 96 | , "/var/cache/kiki/config/ssh_known_hosts" |
97 | , "/etc/ssh/ssh_known_hosts" | 97 | , "/etc/ssh/ssh_known_hosts" |
98 | , "/etc/ssh/ssh_known_hosts2" | 98 | , "/etc/ssh/ssh_known_hosts2" |
99 | ] | 99 | ] |
@@ -101,31 +101,31 @@ sshClient uid root cmn = whenRoot uid root cmn $ do | |||
101 | sshconfig' `deepseq` return () -- force lazy input | 101 | sshconfig' `deepseq` return () -- force lazy input |
102 | maybe (return ()) (myWriteFile (root "/etc/ssh/ssh_config") . unparseSshConfig) sshconfig' | 102 | maybe (return ()) (myWriteFile (root "/etc/ssh/ssh_config") . unparseSshConfig) sshconfig' |
103 | 103 | ||
104 | -- /var/cache/kiki/ssh_known_hosts <-- contains known hosts from /root/.gnupg/... | 104 | -- /var/cache/kiki/config/ssh_known_hosts <-- contains known hosts from /root/.gnupg/... |
105 | Kiki.importAndRefresh root cmn | 105 | Kiki.importAndRefresh root cmn |
106 | 106 | ||
107 | sshServer uid root cmn = whenRoot uid root cmn $ do | 107 | sshServer uid root cmn = whenRoot uid root cmn $ do |
108 | sshconfig <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ssh/sshd_config") | 108 | sshconfig <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ssh/sshd_config") |
109 | let p:gs = groupBy (\_ d -> not $ sshIsDirective "HostKey" d) $ ["#"]:sshconfig | 109 | let p:gs = groupBy (\_ d -> not $ sshIsDirective "HostKey" d) $ ["#"]:sshconfig |
110 | got = filter (\(d:ds) -> elem "/var/cache/kiki/ssh_host_rsa_key" d) gs | 110 | got = filter (\(d:ds) -> elem "/var/cache/kiki/config/ssh_host_rsa_key" d) gs |
111 | case got of | 111 | case got of |
112 | _:_ -> do hPutStrLn stderr "ssh-server already configured." | 112 | _:_ -> do hPutStrLn stderr "ssh-server already configured." |
113 | [] -> do let sshconfig' = drop 1 $ sshconfig ++ [stmt] | 113 | [] -> do let sshconfig' = drop 1 $ sshconfig ++ [stmt] |
114 | stmt = ["HostKey", " ", "/var/cache/kiki/ssh_host_rsa_key"] | 114 | stmt = ["HostKey", " ", "/var/cache/kiki/config/ssh_host_rsa_key"] |
115 | hPutStrLn stderr "adding HostKey directive" | 115 | hPutStrLn stderr "adding HostKey directive" |
116 | myWriteFile (root "/etc/ssh/sshd_config") $ unparseSshConfig sshconfig' | 116 | myWriteFile (root "/etc/ssh/sshd_config") $ unparseSshConfig sshconfig' |
117 | -- /etc/ssh/sshd_config <-- 'HostKey /var/cache/kiki/ssh_host_ecdsa_key' etc. | 117 | -- /etc/ssh/sshd_config <-- 'HostKey /var/cache/kiki/config/ssh_host_ecdsa_key' etc. |
118 | Kiki.importAndRefresh root cmn | 118 | Kiki.importAndRefresh root cmn |
119 | 119 | ||
120 | strongswan uid root cmn = whenRoot uid root cmn $ do | 120 | strongswan uid root cmn = whenRoot uid root cmn $ do |
121 | -- Parsing as if ssh config, that's not right, but good enough for now. | 121 | -- Parsing as if ssh config, that's not right, but good enough for now. |
122 | ipsecconf <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ipsec.conf") | 122 | ipsecconf <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ipsec.conf") |
123 | let p:gs = groupBy (\_ d -> not $ sshIsDirective "include" d) $ ["#"]:ipsecconf | 123 | let p:gs = groupBy (\_ d -> not $ sshIsDirective "include" d) $ ["#"]:ipsecconf |
124 | got = filter (\(d:ds) -> elem "/var/cache/kiki/ipsec.conf" d) gs | 124 | got = filter (\(d:ds) -> elem "/var/cache/kiki/config/ipsec.conf" d) gs |
125 | case got of | 125 | case got of |
126 | _:_ -> do hPutStrLn stderr "ipsec already configured." | 126 | _:_ -> do hPutStrLn stderr "ipsec already configured." |
127 | [] -> do let ipsecconf' = drop 1 $ ipsecconf ++ [stmt] | 127 | [] -> do let ipsecconf' = drop 1 $ ipsecconf ++ [stmt] |
128 | stmt = ["include", " ", "/var/cache/kiki/ipsec.conf"] | 128 | stmt = ["include", " ", "/var/cache/kiki/config/ipsec.conf"] |
129 | hPutStrLn stderr "adding include directive" | 129 | hPutStrLn stderr "adding include directive" |
130 | myWriteFile (root "/etc/ipsec.conf") $ unparseSshConfig ipsecconf' | 130 | myWriteFile (root "/etc/ipsec.conf") $ unparseSshConfig ipsecconf' |
131 | -- etc/ipsec.conf <-- 'include /var/cache/kiki/ipsec.conf' | 131 | -- etc/ipsec.conf <-- 'include /var/cache/kiki/ipsec.conf' |