diff options
Diffstat (limited to 'cokiki.hs')
-rw-r--r-- | cokiki.hs | 33 |
1 files changed, 17 insertions, 16 deletions
@@ -25,6 +25,7 @@ usage = unlines | |||
25 | [ "cokiki <command> [--chroot=ROOTDIR]" | 25 | [ "cokiki <command> [--chroot=ROOTDIR]" |
26 | , " [--homedir=HOMEDIR]" | 26 | , " [--homedir=HOMEDIR]" |
27 | , " [--passphrase-fd=FD]" | 27 | , " [--passphrase-fd=FD]" |
28 | , " [-(4|5)]" | ||
28 | , "" | 29 | , "" |
29 | , "cokiki modifies system configuration to recognize generated files" | 30 | , "cokiki modifies system configuration to recognize generated files" |
30 | , "in /var/cache/kiki. In addition to each command's documented effects" | 31 | , "in /var/cache/kiki. In addition to each command's documented effects" |
@@ -61,12 +62,12 @@ usage = unlines | |||
61 | main = do | 62 | main = do |
62 | (cmd,args) <- splitAt 1 <$> getArgs | 63 | (cmd,args) <- splitAt 1 <$> getArgs |
63 | uid <- getEffectiveUserID | 64 | uid <- getEffectiveUserID |
64 | let msel = case cmd of | 65 | let msel = fmap (\c -> c <$> Kiki.dashdashPGPVersion <*> Kiki.dashdashChroot <*> Kiki.dashdashHomedir) $ case cmd of |
65 | ["ssh-client"] -> Just $ sshClient uid <$> Kiki.dashdashChroot <*> Kiki.dashdashHomedir | 66 | ["ssh-client"] -> Just $ sshClient uid |
66 | ["ssh-server"] -> Just $ sshServer uid <$> Kiki.dashdashChroot <*> Kiki.dashdashHomedir | 67 | ["ssh-server"] -> Just $ sshServer uid |
67 | ["strongswan"] -> Just $ strongswan uid <$> Kiki.dashdashChroot <*> Kiki.dashdashHomedir | 68 | ["strongswan"] -> Just $ strongswan uid |
68 | ["tor"] -> Just $ configureTor uid <$> Kiki.dashdashChroot <*> Kiki.dashdashHomedir | 69 | ["tor"] -> Just $ configureTor uid |
69 | ["hosts"] -> Just $ configureHosts uid <$> Kiki.dashdashChroot <*> Kiki.dashdashHomedir | 70 | ["hosts"] -> Just $ configureHosts uid |
70 | _ -> Nothing | 71 | _ -> Nothing |
71 | spec = uncurry fancy Kiki.kikiOptions "" | 72 | spec = uncurry fancy Kiki.kikiOptions "" |
72 | errorQuit msg = do | 73 | errorQuit msg = do |
@@ -97,7 +98,7 @@ whenRoot uid root cmn action | |||
97 | where | 98 | where |
98 | no = hPutStrLn stderr "operation requires root." | 99 | no = hPutStrLn stderr "operation requires root." |
99 | 100 | ||
100 | sshClient uid root cmn = whenRoot uid root cmn $ do | 101 | sshClient uid pgpver root cmn = whenRoot uid root cmn $ do |
101 | -- /etc/ssh/config/ssh_config <-- 'GlobalKnownHostsFile /var/cache/kiki/ssh_known_hosts' | 102 | -- /etc/ssh/config/ssh_config <-- 'GlobalKnownHostsFile /var/cache/kiki/ssh_known_hosts' |
102 | sshconfig <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ssh/ssh_config") | 103 | sshconfig <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ssh/ssh_config") |
103 | let (ps,qs) = sshSplitAtDirective "GlobalKnownHostsFile" sshconfig | 104 | let (ps,qs) = sshSplitAtDirective "GlobalKnownHostsFile" sshconfig |
@@ -122,9 +123,9 @@ sshClient uid root cmn = whenRoot uid root cmn $ do | |||
122 | maybe (return ()) (myWriteFile (root "/etc/ssh/ssh_config") . unparseSshConfig) sshconfig' | 123 | maybe (return ()) (myWriteFile (root "/etc/ssh/ssh_config") . unparseSshConfig) sshconfig' |
123 | 124 | ||
124 | -- /var/cache/kiki/config/ssh_known_hosts <-- contains known hosts from /root/.gnupg/... | 125 | -- /var/cache/kiki/config/ssh_known_hosts <-- contains known hosts from /root/.gnupg/... |
125 | Kiki.importAndRefresh root cmn Unencrypted | 126 | Kiki.importAndRefresh pgpver root cmn Unencrypted |
126 | 127 | ||
127 | sshServer uid root cmn = whenRoot uid root cmn $ do | 128 | sshServer uid pgpver root cmn = whenRoot uid root cmn $ do |
128 | sshconfig <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ssh/sshd_config") | 129 | sshconfig <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ssh/sshd_config") |
129 | let p:gs = groupBy (\_ d -> not $ sshIsDirective "HostKey" d) $ ["#"]:sshconfig | 130 | let p:gs = groupBy (\_ d -> not $ sshIsDirective "HostKey" d) $ ["#"]:sshconfig |
130 | got = filter (\(d:ds) -> elem "/var/cache/kiki/config/ssh_host_rsa_key" d) gs | 131 | got = filter (\(d:ds) -> elem "/var/cache/kiki/config/ssh_host_rsa_key" d) gs |
@@ -135,9 +136,9 @@ sshServer uid root cmn = whenRoot uid root cmn $ do | |||
135 | hPutStrLn stderr "adding HostKey directive" | 136 | hPutStrLn stderr "adding HostKey directive" |
136 | myWriteFile (root "/etc/ssh/sshd_config") $ unparseSshConfig sshconfig' | 137 | myWriteFile (root "/etc/ssh/sshd_config") $ unparseSshConfig sshconfig' |
137 | -- /etc/ssh/sshd_config <-- 'HostKey /var/cache/kiki/config/ssh_host_ecdsa_key' etc. | 138 | -- /etc/ssh/sshd_config <-- 'HostKey /var/cache/kiki/config/ssh_host_ecdsa_key' etc. |
138 | Kiki.importAndRefresh root cmn Unencrypted | 139 | Kiki.importAndRefresh pgpver root cmn Unencrypted |
139 | 140 | ||
140 | strongswan uid root cmn = whenRoot uid root cmn $ do | 141 | strongswan uid pgpver root cmn = whenRoot uid root cmn $ do |
141 | -- (1) /etc/ipsec.conf <-- 'include /var/cache/kiki/config/ipsec.conf' | 142 | -- (1) /etc/ipsec.conf <-- 'include /var/cache/kiki/config/ipsec.conf' |
142 | -- Parsing as if ssh config, that's not right, but good enough for now. | 143 | -- Parsing as if ssh config, that's not right, but good enough for now. |
143 | ipsecconf <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ipsec.conf") | 144 | ipsecconf <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ipsec.conf") |
@@ -161,9 +162,9 @@ strongswan uid root cmn = whenRoot uid root cmn $ do | |||
161 | stmt = ["include", " ", "/var/cache/kiki/config/ipsec.secrets"] | 162 | stmt = ["include", " ", "/var/cache/kiki/config/ipsec.secrets"] |
162 | hPutStrLn stderr "adding include directive" | 163 | hPutStrLn stderr "adding include directive" |
163 | myWriteFile (root "/etc/ipsec.secrets") $ unparseSshConfig ipsecconf' | 164 | myWriteFile (root "/etc/ipsec.secrets") $ unparseSshConfig ipsecconf' |
164 | Kiki.importAndRefresh root cmn Unencrypted | 165 | Kiki.importAndRefresh pgpver root cmn Unencrypted |
165 | 166 | ||
166 | configureTor uid root cmn = whenRoot uid root cmn $ do | 167 | configureTor uid pgpver root cmn = whenRoot uid root cmn $ do |
167 | -- Parsing as if ssh config, that's not right, but good enough for now. | 168 | -- Parsing as if ssh config, that's not right, but good enough for now. |
168 | torrc <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/tor/torrc") | 169 | torrc <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/tor/torrc") |
169 | let p:gs = groupBy (\_ d -> not $ sshIsDirective "HiddenServiceDir" d) $ ["#"]:torrc | 170 | let p:gs = groupBy (\_ d -> not $ sshIsDirective "HiddenServiceDir" d) $ ["#"]:torrc |
@@ -215,11 +216,11 @@ configureTor uid root cmn = whenRoot uid root cmn $ do | |||
215 | , ["HiddenServicePort"," ","22"," ","127.0.0.1:22"] | 216 | , ["HiddenServicePort"," ","22"," ","127.0.0.1:22"] |
216 | , ["HiddenServicePort"," ","25"," ","127.0.0.1:25"] ] | 217 | , ["HiddenServicePort"," ","25"," ","127.0.0.1:25"] ] |
217 | myWriteFile (root "/etc/tor/torrc") $ unparseSshConfig torrc' | 218 | myWriteFile (root "/etc/tor/torrc") $ unparseSshConfig torrc' |
218 | Kiki.importAndRefresh root cmn Unencrypted | 219 | Kiki.importAndRefresh pgpver root cmn Unencrypted |
219 | return () | 220 | return () |
220 | 221 | ||
221 | configureHosts uid root cmn = whenRoot uid root cmn $ do | 222 | configureHosts uid pgpver root cmn = whenRoot uid root cmn $ do |
222 | Kiki.importAndRefresh root cmn Unencrypted | 223 | Kiki.importAndRefresh pgpver root cmn Unencrypted |
223 | hosts <- Hosts.decode . fromMaybe "" <$> maybeReadFile (root "/etc/hosts") | 224 | hosts <- Hosts.decode . fromMaybe "" <$> maybeReadFile (root "/etc/hosts") |
224 | kikihosts <- Hosts.decode . fromMaybe "" <$> maybeReadFile (root "/var/cache/kiki/config/hosts") | 225 | kikihosts <- Hosts.decode . fromMaybe "" <$> maybeReadFile (root "/var/cache/kiki/config/hosts") |
225 | let hosts' = hosts `Hosts.plus` kikihosts | 226 | let hosts' = hosts `Hosts.plus` kikihosts |