summaryrefslogtreecommitdiff
path: root/cokiki.hs
diff options
context:
space:
mode:
Diffstat (limited to 'cokiki.hs')
-rw-r--r--cokiki.hs33
1 files changed, 17 insertions, 16 deletions
diff --git a/cokiki.hs b/cokiki.hs
index 70ea256..c6d1aa5 100644
--- a/cokiki.hs
+++ b/cokiki.hs
@@ -25,6 +25,7 @@ usage = unlines
25 [ "cokiki <command> [--chroot=ROOTDIR]" 25 [ "cokiki <command> [--chroot=ROOTDIR]"
26 , " [--homedir=HOMEDIR]" 26 , " [--homedir=HOMEDIR]"
27 , " [--passphrase-fd=FD]" 27 , " [--passphrase-fd=FD]"
28 , " [-(4|5)]"
28 , "" 29 , ""
29 , "cokiki modifies system configuration to recognize generated files" 30 , "cokiki modifies system configuration to recognize generated files"
30 , "in /var/cache/kiki. In addition to each command's documented effects" 31 , "in /var/cache/kiki. In addition to each command's documented effects"
@@ -61,12 +62,12 @@ usage = unlines
61main = do 62main = do
62 (cmd,args) <- splitAt 1 <$> getArgs 63 (cmd,args) <- splitAt 1 <$> getArgs
63 uid <- getEffectiveUserID 64 uid <- getEffectiveUserID
64 let msel = case cmd of 65 let msel = fmap (\c -> c <$> Kiki.dashdashPGPVersion <*> Kiki.dashdashChroot <*> Kiki.dashdashHomedir) $ case cmd of
65 ["ssh-client"] -> Just $ sshClient uid <$> Kiki.dashdashChroot <*> Kiki.dashdashHomedir 66 ["ssh-client"] -> Just $ sshClient uid
66 ["ssh-server"] -> Just $ sshServer uid <$> Kiki.dashdashChroot <*> Kiki.dashdashHomedir 67 ["ssh-server"] -> Just $ sshServer uid
67 ["strongswan"] -> Just $ strongswan uid <$> Kiki.dashdashChroot <*> Kiki.dashdashHomedir 68 ["strongswan"] -> Just $ strongswan uid
68 ["tor"] -> Just $ configureTor uid <$> Kiki.dashdashChroot <*> Kiki.dashdashHomedir 69 ["tor"] -> Just $ configureTor uid
69 ["hosts"] -> Just $ configureHosts uid <$> Kiki.dashdashChroot <*> Kiki.dashdashHomedir 70 ["hosts"] -> Just $ configureHosts uid
70 _ -> Nothing 71 _ -> Nothing
71 spec = uncurry fancy Kiki.kikiOptions "" 72 spec = uncurry fancy Kiki.kikiOptions ""
72 errorQuit msg = do 73 errorQuit msg = do
@@ -97,7 +98,7 @@ whenRoot uid root cmn action
97 where 98 where
98 no = hPutStrLn stderr "operation requires root." 99 no = hPutStrLn stderr "operation requires root."
99 100
100sshClient uid root cmn = whenRoot uid root cmn $ do 101sshClient uid pgpver root cmn = whenRoot uid root cmn $ do
101 -- /etc/ssh/config/ssh_config <-- 'GlobalKnownHostsFile /var/cache/kiki/ssh_known_hosts' 102 -- /etc/ssh/config/ssh_config <-- 'GlobalKnownHostsFile /var/cache/kiki/ssh_known_hosts'
102 sshconfig <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ssh/ssh_config") 103 sshconfig <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ssh/ssh_config")
103 let (ps,qs) = sshSplitAtDirective "GlobalKnownHostsFile" sshconfig 104 let (ps,qs) = sshSplitAtDirective "GlobalKnownHostsFile" sshconfig
@@ -122,9 +123,9 @@ sshClient uid root cmn = whenRoot uid root cmn $ do
122 maybe (return ()) (myWriteFile (root "/etc/ssh/ssh_config") . unparseSshConfig) sshconfig' 123 maybe (return ()) (myWriteFile (root "/etc/ssh/ssh_config") . unparseSshConfig) sshconfig'
123 124
124 -- /var/cache/kiki/config/ssh_known_hosts <-- contains known hosts from /root/.gnupg/... 125 -- /var/cache/kiki/config/ssh_known_hosts <-- contains known hosts from /root/.gnupg/...
125 Kiki.importAndRefresh root cmn Unencrypted 126 Kiki.importAndRefresh pgpver root cmn Unencrypted
126 127
127sshServer uid root cmn = whenRoot uid root cmn $ do 128sshServer uid pgpver root cmn = whenRoot uid root cmn $ do
128 sshconfig <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ssh/sshd_config") 129 sshconfig <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ssh/sshd_config")
129 let p:gs = groupBy (\_ d -> not $ sshIsDirective "HostKey" d) $ ["#"]:sshconfig 130 let p:gs = groupBy (\_ d -> not $ sshIsDirective "HostKey" d) $ ["#"]:sshconfig
130 got = filter (\(d:ds) -> elem "/var/cache/kiki/config/ssh_host_rsa_key" d) gs 131 got = filter (\(d:ds) -> elem "/var/cache/kiki/config/ssh_host_rsa_key" d) gs
@@ -135,9 +136,9 @@ sshServer uid root cmn = whenRoot uid root cmn $ do
135 hPutStrLn stderr "adding HostKey directive" 136 hPutStrLn stderr "adding HostKey directive"
136 myWriteFile (root "/etc/ssh/sshd_config") $ unparseSshConfig sshconfig' 137 myWriteFile (root "/etc/ssh/sshd_config") $ unparseSshConfig sshconfig'
137 -- /etc/ssh/sshd_config <-- 'HostKey /var/cache/kiki/config/ssh_host_ecdsa_key' etc. 138 -- /etc/ssh/sshd_config <-- 'HostKey /var/cache/kiki/config/ssh_host_ecdsa_key' etc.
138 Kiki.importAndRefresh root cmn Unencrypted 139 Kiki.importAndRefresh pgpver root cmn Unencrypted
139 140
140strongswan uid root cmn = whenRoot uid root cmn $ do 141strongswan uid pgpver root cmn = whenRoot uid root cmn $ do
141 -- (1) /etc/ipsec.conf <-- 'include /var/cache/kiki/config/ipsec.conf' 142 -- (1) /etc/ipsec.conf <-- 'include /var/cache/kiki/config/ipsec.conf'
142 -- Parsing as if ssh config, that's not right, but good enough for now. 143 -- Parsing as if ssh config, that's not right, but good enough for now.
143 ipsecconf <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ipsec.conf") 144 ipsecconf <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ipsec.conf")
@@ -161,9 +162,9 @@ strongswan uid root cmn = whenRoot uid root cmn $ do
161 stmt = ["include", " ", "/var/cache/kiki/config/ipsec.secrets"] 162 stmt = ["include", " ", "/var/cache/kiki/config/ipsec.secrets"]
162 hPutStrLn stderr "adding include directive" 163 hPutStrLn stderr "adding include directive"
163 myWriteFile (root "/etc/ipsec.secrets") $ unparseSshConfig ipsecconf' 164 myWriteFile (root "/etc/ipsec.secrets") $ unparseSshConfig ipsecconf'
164 Kiki.importAndRefresh root cmn Unencrypted 165 Kiki.importAndRefresh pgpver root cmn Unencrypted
165 166
166configureTor uid root cmn = whenRoot uid root cmn $ do 167configureTor uid pgpver root cmn = whenRoot uid root cmn $ do
167 -- Parsing as if ssh config, that's not right, but good enough for now. 168 -- Parsing as if ssh config, that's not right, but good enough for now.
168 torrc <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/tor/torrc") 169 torrc <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/tor/torrc")
169 let p:gs = groupBy (\_ d -> not $ sshIsDirective "HiddenServiceDir" d) $ ["#"]:torrc 170 let p:gs = groupBy (\_ d -> not $ sshIsDirective "HiddenServiceDir" d) $ ["#"]:torrc
@@ -215,11 +216,11 @@ configureTor uid root cmn = whenRoot uid root cmn $ do
215 , ["HiddenServicePort"," ","22"," ","127.0.0.1:22"] 216 , ["HiddenServicePort"," ","22"," ","127.0.0.1:22"]
216 , ["HiddenServicePort"," ","25"," ","127.0.0.1:25"] ] 217 , ["HiddenServicePort"," ","25"," ","127.0.0.1:25"] ]
217 myWriteFile (root "/etc/tor/torrc") $ unparseSshConfig torrc' 218 myWriteFile (root "/etc/tor/torrc") $ unparseSshConfig torrc'
218 Kiki.importAndRefresh root cmn Unencrypted 219 Kiki.importAndRefresh pgpver root cmn Unencrypted
219 return () 220 return ()
220 221
221configureHosts uid root cmn = whenRoot uid root cmn $ do 222configureHosts uid pgpver root cmn = whenRoot uid root cmn $ do
222 Kiki.importAndRefresh root cmn Unencrypted 223 Kiki.importAndRefresh pgpver root cmn Unencrypted
223 hosts <- Hosts.decode . fromMaybe "" <$> maybeReadFile (root "/etc/hosts") 224 hosts <- Hosts.decode . fromMaybe "" <$> maybeReadFile (root "/etc/hosts")
224 kikihosts <- Hosts.decode . fromMaybe "" <$> maybeReadFile (root "/var/cache/kiki/config/hosts") 225 kikihosts <- Hosts.decode . fromMaybe "" <$> maybeReadFile (root "/var/cache/kiki/config/hosts")
225 let hosts' = hosts `Hosts.plus` kikihosts 226 let hosts' = hosts `Hosts.plus` kikihosts
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-04 00:08:32 +0000