This commit is contained in:
Jakobus Schürz 2021-12-13 01:04:04 +01:00
commit 6f00a477d5
45 changed files with 1047 additions and 194 deletions

View file

@ -35,16 +35,16 @@
sdiff = !"git diff && git submodule foreach 'git diff'"
spush = push --recurse-submodules=on-demand
supdate = submodule update --remote --merge
pushup = "!gitbranchname() { git symbolic-ref --short HEAD; }; gitpushupstream() { git push --set-upstream origin `gitbranchname`; }; gitpushupstream"
permission-reset = !git diff -p -R --no-ext-diff --no-color | grep -E \"^(diff|(old|new) mode)\" --color=never | git apply
[merge]
conflictstyle = diff3
tool = vimdiff
[mergetool]
prompt = false
[alias]
pushup = "!gitbranchname() { git symbolic-ref --short HEAD; }; gitpushupstream() { git push --set-upstream origin `gitbranchname`; }; gitpushupstream"
[include]
path = ~/.gitconfig_local
[status]
submodulesummary = 1
[pull]
rebase = true

1
.gitignore vendored
View file

@ -7,7 +7,6 @@ logs
*.swp
*.orig
serverconfig.local.conf
bashrc_local
.local_scripts
.git-token
.last_update_submodules

3
.gitmodules vendored
View file

@ -58,3 +58,6 @@
[submodule "vim/pack/plugins/start/vim-gnupg"]
path = vim/pack/plugins/start/vim-gnupg
url = https://github.com/jamessan/vim-gnupg
[submodule "vim/pack/plugins/start/vim-soa"]
path = vim/pack/plugins/start/vim-soa
url = https://git.schuerz.at/public/vim-soa.git

32
PS1
View file

@ -18,23 +18,12 @@ set_label() {
# Labels: remote, tmpconfig, screen...
if [ ! -z ${SSH_TTY:+x} ]; then
# oritinal
#LABEL="${LABEL} \[$On_IRed\]\[$BBlack\]remote\[$Color_Off\]"
# use with echo ${LABEL@P}
#LABEL="${LABEL} \[$On_IRed\]remote\[$Color_Off\]"
# use with echo -e ${LABEL}
LABEL="${LABEL} ${On_IRed}${BBlack}remote${Color_Off}"
fi
if $SSHS ; then
# oritinal
#LABEL="${LABEL} \[$On_IWhite\]\[$BBlack\]tmpconfig\[$Color_Off\]"
# use with echo ${LABEL@P}
#LABEL="${LABEL} \[$On_IWhite\]\[$BBlack\]tmpconfig\[$Color_Off\]"
# use with echo -e ${LABEL}
LABEL="${LABEL} ${On_IWhite}${BBlack}tmpconfig${Color_Off}"
fi
echo -e ${LABEL}
#echo ${LABEL@P}
}
if [ -x "/usr/bin/getsyssubvol" ]; then
@ -138,20 +127,7 @@ case "$TERM" in
*) SCREEN="";;
esac
# Labels: remote, tmpconfig, screen...
# if [ ! -z ${SSH_TTY:+x} ]; then
# LABEL="${LABEL} \[$On_IRed\]\[$BBlack\]remote\[$Color_Off\]"
# fi
# if $SSHS ; then
# LABEL="${LABEL} \[$On_IWhite\]\[$BBlack\]tmpconfig\[$Color_Off\]"
# fi
# Base prompt
# if [ "`id -u`" -eq 0 ]; then
# PS1="\[$BRed\]$SCREEN\u@\h \[$BRed\]\[\e[m\]\[$IPurple\](\A)\[\e[m\]$LABEL\n\[$BRed\]${SYSSUBVOL}\w:\$(parse_git_branch) \[\e[m\]\[$BRed\]# "
# else
# PS1="\[$BIBlue\]$SCREEN\u@\h \[$BIBlue\]\[\e[m\]\[$IPurple\](\A)\[\e[m\]$LABEL\n\[$BIBlue\]${SYSSUBVOL}\w:\$(parse_git_branch) \[\e[m\]\[$BIBlue\]\$ "
# fi
if [ "`id -u`" -eq 0 ]; then
PS1="\[$BRed\]$SCREEN\u@\h \[$BRed\]\[\e[m\]\[$IPurple\](\A)\[\e[m\]\$(set_label)\n\[$BRed\]${SYSSUBVOL}\w:\$(parse_git_branch) \[\e[m\]\[$BRed\]# "
else
@ -161,14 +137,6 @@ case "$TERM" in
RETVALN0="\342\234\227 "
;;
*)
# Labels: remote, tmpconfig, screen...
# if [ ! -z ${SSH_TTY:+x} ]; then
# LABEL="${LABEL} \[$On_Red\]\[$BWhite\]remote\[$Color_Off\]"
# fi
# if $SSHS ; then
# LABEL="${LABEL} \[$On_White\]\[$BBlack\]tmpconfig\[$Color_Off\]"
# fi
# Base prompt
if [ "`id -u`" -eq 0 ]; then
PS1="\[$BRed\][$SYSSUBVOL]\u@\h \[$BIBlue\]\[\e[m\]\[$BIPurple\](\A)\[\e[m\]\[$BBlue\]\$(set_label)\n\[$BRed\]${SYSSUBVOL}\w:\$(parse_git_branch) \$ \[\e[m\]\[$Blue\]"

View file

@ -13,6 +13,9 @@ alias cdlastfiledir='cd $(history -p \!\!:$:h)'
#alias ssh='function f() { trap "reset; stty sane; tput rs1; clear; echo -e \"\033c\"" EXIT ; ssh $@; }; f $@'
alias s='sshs $(history -p \!ssh:$:t)'
alias sexit='ssh -O exit $(history -p \!ssh:$:t)'
alias remountshared='sudo systemctl restart media-remote-sharefs-userdata.mount'
alias umountshared='sudo systemctl stop media-remote-sharefs-userdata.mount'
alias musictag='python3 -m music_tag'
@ -123,12 +126,16 @@ alias o='less -r'
alias totem='VDPAU_DRIVER=va_gl totem'
alias unetbootin='export QT_X11_NO_MITSHM=1 unetbootin'
alias vi='/usr/bin/vim'
#alias vi='/usr/bin/vimx'
#alias vi='which vimx > /dev/null && vimx || vim'
alias vlc='VDPAU_DRIVER=va_gl vlc'
alias tmux='tmux -f ~/.tmux.conf'
alias youtube-dl-whole-video="youtube-dl -i --no-overwrites --write-description --write-info-json --write-annotations --write-all-thumbnails -f 'mp4' -o '%(title)s-%(id)s.%(ext)s' -w -c "
alias youtube-dl-audio-only="youtube-dl -i --no-overwrites --write-description --write-info-json --write-annotations --write-all-thumbnails -x -o '%(title)s-%(id)s.%(ext)s' -w -c "
alias youtube-dl-whole-video-to-playlistdir="youtube-dl -i --no-overwrites --write-description --write-info-json --write-annotations --write-all-thumbnails -f 'mp4' -o '%(uploader)s/%(playlist)s/%(title)s-%(id)s.%(ext)s' -w -c "
alias youtube-dl-whole-user="youtube-dl -i --no-overwrites --yes-playlist --write-description --write-info-json --write-annotations --write-all-thumbnails -f 'mp4' -o '%(uploader)s/%(playlist)s/%(title)s-%(id)s.%(ext)s' -w -c "
alias youtube-dl-whole-playlist="youtube-dl -i --no-overwrites --yes-playlist --write-description --write-info-json --write-annotations --write-all-thumbnails -f 'mp4' -o '%(playlist)s/%(title)s-%(id)s.%(ext)s' -w -c "
alias youtube-dl-whole-playlist-audio-only="youtube-dl -i --no-overwrites --yes-playlist --write-description --write-info-json --write-annotations --write-all-thumbnails -x -o '%(playlist)s/%(title)s-%(id)s.%(ext)s' -w -c "
alias youtube-dl-mp4-best="youtube-dl -i --no-overwrites --yes-playlist --write-description --write-info-json --write-annotations --write-all-thumbnails -f 'mp4' -o '%(title)s-%(id)s.%(ext)s' -w -c "
# rock64
@ -184,6 +191,7 @@ alias nextcloud-upgrade='docker-compose down && docker image rm nc_app:latest nc
#--- JIRA ---
alias gojiralib='cd /opt/atlassian/jira/atlassian-jira/WEB-INF/lib/'
alias gojiraclasses='cd /opt/atlassian/jira/atlassian-jira/WEB-INF/classes/'
alias gojirainstall='cd /opt/atlassian/jira/'
alias gojirahome='cd /var/atlassian/application-data/jira/'
alias gojiralog='cd /var/atlassian/application-data/jira/log'
@ -191,6 +199,7 @@ alias tailjra='cd /var/atlassian/application-data/jira/log; tail -F atlassian-ji
#--- CONFLUENCE ---
alias gocnflib='cd /opt/atlassian/confluence/confluence/WEB-INF/lib/'
alias gocnfclasses='cd /opt/atlassian/confluence/confluence/WEB-INF/classes/'
alias gocnfinstall='cd /opt/atlassian/confluence/'
alias gocnfhome='cd /var/atlassian/application-data/confluence/'
alias gocnflog='cd /var/atlassian/application-data/confluence/logs'

View file

@ -0,0 +1,20 @@
function _scppvpconfig() {
CONFIG_DIRS=(~/.config/scppvp.d)
KEYS=""
for KEY_DIR in ${CONFIG_DIRS[*]};do
KEYS="${KEYS} $(find ${CONFIG_DIRS[*]} -type f -name "*.conf" -exec basename {} \; 2>/dev/null |sed 's/\.conf$//' )"
done
echo $KEYS
}
function _scppvpfiles() {
COMPREPLY=()
local CUR KEYS
CUR="${COMP_WORDS[COMP_CWORD]}"
KEYS=$(_scppvpconfig)
COMPREPLY=( $(compgen -W "${KEYS}" -- ${CUR}) )
return 0
}
complete -F _scppvpfiles scppvp deploypvp

View file

@ -0,0 +1,14 @@
#!/bin/bash
function _trashmail() {
COMPREPLY=()
local CUR KEYS
CUR="${COMP_WORDS[COMP_CWORD]}"
KEYS=$(ldapsearch -LLL -Z -H ldap://${LDAP_HOST_DEFAULT} -D ${LDAP_ADMIN_BIND_DN} -x -w $(pass ${PASS_ID_LDAP_ADMIN}|head -n 1) -b ou=mailaccounts,dc=schuerz,dc=at '(&(dcAccountStatus=active)(objectClass=dcExternalMailAccount))' dcSubMailAddress|grep "^dcSubMailAddress"|awk '{print $2}')
COMPREPLY=( $(compgen -W "${KEYS}" -- ${CUR}) )
return 0
}
complete -F _trashmail trashmail

View file

@ -11,7 +11,6 @@
# set some variables to defaults, if not set in .bashrc
[ -z ${SSHS+x} ] && export SSHS=false
[ -z ${STARTTMUX+x} ] && export STARTTMUX=false
# check if we are a interactive shell
# https://guide.bash.academy/expansions/
@ -68,8 +67,13 @@ if [[ $- = *i* ]] ; then
# load logging functions
. ${MSC_BASE}/logging
# PKCS11_MODULE for etoken/smartcard authentification
[ -n "$(whereis p11-kit-proxy.so|awk '{print $2}')" ] && PKCS11_MODULE=$(whereis p11-kit-proxy.so|awk '{print $2}')
# P11M for etoken/smartcard authentification
# which dnf >/dev/null 2>&1 [ -z "${P11M+x}" ] && P11M="$(dnf repoquery --installed -l p11-kit | grep \/p11-kit-proxy.so\$ | head -1)"
# which dpkg >/dev/null 2>&1 && [ -z "${P11M+x}" ] && P11M="$(dpkg -L p11-kit-modules|grep \/p11-kit-proxy.so\$ | head -1)"
[ -z "${PKCS11_MODULE:+x}" ] && [ -n "$(whereis p11-kit-proxy.so|awk '{print $2}')" ] && export PKCS11_MODULE=$(whereis p11-kit-proxy.so|awk '{print $2}' || { echo "p11-kit-proxy not installed, unset KCS11_MODULE"; unset PKCS11_MODULE; })
[ -z "${P11M:+x}" ] && [ -n "$(whereis p11-kit-proxy.so|awk '{print $2}')" ] && export P11M=$(whereis p11-kit-proxy.so|awk '{print $2}' || { echo "p11-kit-proxy not forwarded by ssh or installed, unset P11M"; unset P11M; })
# Basics
[ -z "${VISUAL+x}" ] && export VISUAL=vim
@ -100,7 +104,7 @@ EOF
fi
else
local seconds=$(( $( date --date="@$(stat --printf %Y ${MSC_GIT_UPD_REPO_STATFILE} 2>/dev/null || echo 0 )" "+%s") - $(date --date="${MSC_GIT_REPO_UPDATE_INTERVALL-${MSC_GIT_REPO_UPDATE_INTERVALL_DEFAULT}} hours ago" "+%s") ))
logwarn "sync-intervall (${MSC_GIT_REPO_UPDATE_INTERVALL-${MSC_GIT_REPO_UPDATE_INTERVALL_DEFAULT}} hours) not reached yet. $((seconds/86400)) days $(date -d "1970-01-01 + $seconds seconds" "+%H hours %M minutes %S seconds") left."
logwarn "repo sync-intervall (${MSC_GIT_REPO_UPDATE_INTERVALL-${MSC_GIT_REPO_UPDATE_INTERVALL_DEFAULT}} hours) not reached yet. $((seconds/86400)) days $(date -d "1970-01-01 + $seconds seconds" "+%H hours %M minutes %S seconds") left."
return 2
fi
else
@ -111,13 +115,11 @@ EOF
}
lastupdatesubmodules () {
#date "+%s" > ${MSC_GIT_UPD_SUBMOD_STATFILE}
touch ${MSC_GIT_UPD_REPO_STATFILE}
touch ${MSC_GIT_UPD_SUBMOD_STATFILE}
}
export -f lastupdatesubmodules
lastupdaterepo () {
#date "+%s" > ${MSC_GIT_UPD_REPO_STATFILE}
touch ${MSC_GIT_UPD_REPO_STATFILE}
}
export -f lastupdaterepo
@ -129,7 +131,7 @@ EOF
if which git >/dev/null; then
loginfo -n "Sync config with ${MSC_GIT_SERVER}: "
# MSC_GITCHECKOUTSCRIPT_OPTIONS are options for bin/git-myshellconfig-checkout
${MSC_BASE}/bin/git-myshellconfig-checkout ${MSC_GIT_CHECKOUTSCRIPT_OPTIONS:=${MSC_GIT_CHECKOUTSCRIPT_OPTIONS_DEFAULT}}|| nok="not " 1>>"${MSC_LOGFILE}" 2>&1
${MSC_BASE}/bin/git-myshellconfig-checkout ${MSC_GIT_CHECKOUTSCRIPT_OPTIONS=${MSC_GIT_CHECKOUTSCRIPT_OPTIONS_DEFAULT}}|| nok="not " 1>>"${MSC_LOGFILE}" 2>&1
loginfo "$(printf '%s\n' "${nok}synced" )"
[ -z "$nok" ] && mkdir -pv "${MSC_LOGDIR}"
@ -206,8 +208,8 @@ EOF
SCRIPTEXIT
# Start tmux if not defined as STARTTMUX in bashrc
logdebug "start tmux ${STARTTMUXDEFAULT} - ${STARTTMUXDEFAULT-$STARTTMUX}"
if ${STARTTMUXDEFAULT-$STARTTMUX} ; then
logdebug "start tmux ${STARTTMUXDEFAULT} - ${STARTTMUXREMOTEDEFAULT} - ${STARTTMUX-$STARTTMUXDEFAULT}"
if ${STARTTMUX-$STARTTMUXDEFAULT} ; then
cat << EOF
"User: $USER - $UID"

View file

@ -1,10 +1,5 @@
#!/bin/bash
[ -e $(dirname $0)/../logging ] && . $(dirname $0)/../logging
export SCRIPT_LOG=./$(basename $0).log
export LOGFILE=./$(basename $0).move.log
[ -z "${move+x}" ] && move=false
[ -z "${forcedate+x}" ] && forcedate=false
[ -z "${setdate+x}" ] && setdate=true
@ -100,7 +95,7 @@ parsedatetime() {
# 2020.04.02_15-32-20+02:00.jpg
# 2020.04.13_10-59-14+02:00.jpg
# WhatsApp Image 2019-07-29 at 12.45.02.jpeg
echo fn: $filename >&2
loginfo "fn: $filename"
if [[ $filename =~ ^.*([0-9]{4})(\.|-)([0-9]{2})(\.|-)([0-9]{2})( |_|-|" at ")([0-9]{2})(\.|-|:)([0-9]{2})(\.|-|:)([0-9]{2})(\.|-|\+|\(| ).*$ ]]; then
result="$(printf "%04d:%02d:%02d %02d:%02d:%02d" "${BASH_REMATCH[1]#0}" "${BASH_REMATCH[3]#0}" "${BASH_REMATCH[5]#0}" "${BASH_REMATCH[7]#0}" "${BASH_REMATCH[9]#0}" "${BASH_REMATCH[11]#0}")"
fi
@ -236,6 +231,7 @@ run_fix () {
case $move in
true)
export UMASK=002
echo move to ${dest}/${MIMEDEST}/%Y/%Y_%m
if $movecreatedate ; then
loginfo "$(exiftool '-Directory<CreateDate' -d ${dest}/${MIMEDEST}/%Y/%Y_%m -if '($CreateDate)' "$file" 2>&1 |tee -a ${LOGFILE})"
@ -244,6 +240,7 @@ run_fix () {
fi
;;
copy)
export UMASK=002
echo copy to ${dest}/${MIMEDEST}/%Y/%Y_%m
if $movecreatedate ; then
loginfo "$(exiftool -o . '-Directory<DateTimeOriginal' -d ${dest}/${MIMEDEST}/%Y/%Y_%m -if '($datetimeoriginal)' "$file" 2>&1 |tee -a ${LOGFILE})"
@ -262,6 +259,7 @@ run_fix () {
fi
;;
rename)
export UMASK=002
echo move to ${dest}/${MIMEDEST}/%Y/%Y_%m
if $movecreatedate ; then
loginfo "$(exiftool -v '-FileName<CreateDate' -d ${dest}/${MIMEDEST}/%Y/%Y_%m/%Y%m%d_%H%M%S%%-c.%%e -if '($CreateDate)' "$file" 2>&1 | tee -a ${LOGFILE})"
@ -270,6 +268,7 @@ run_fix () {
fi
;;
copyrename)
export UMASK=002
echo move to ${dest}/${MIMEDEST}/%Y/%Y_%m
if $movecreatedate ; then
loginfo "$(exiftool -o . '-FileName<CreateDate' -d ${dest}/${MIMEDEST}/%Y/%Y_%m/%Y%m%d_%H%M%S%%-c.%%e -if '($CreateDate)' "$file" 2>&1 | tee -a ${LOGFILE})"
@ -327,6 +326,8 @@ else
all=$(find ${maxdepth:+-maxdepth} ${maxdepth:+$maxdepth} -type f |grep -i ".jpg$\|.jpeg$\|.mp4$\|.mov$\|.png$\|.3gp$\|.gif$"|wc -l)
find ${maxdepth:+-maxdepth} ${maxdepth:+$maxdepth} -type f |grep -i ".jpg$\|.jpeg$\|.mp4$\|.mov$\|.png$\|.3gp$\|.gif$"|while read file; do
let "i=i+1"
export SCRIPT_LOG=./$(basename $0).log
export LOGFILE=./$(basename $0).move.log
loginfo "$i/$all"
run_fix "$file"
done

5
bin/getfreeip Normal file
View file

@ -0,0 +1,5 @@
#!/bin/bash
N=$1
sudo nmap -v -sn -n $1 -oG - | awk '/Status: Down/{print $2}'

9
bin/getusedip Normal file
View file

@ -0,0 +1,9 @@
#!/bin/bash
N=$1
DNS=$1
sudo nmap -v -sn -n $1 -oG - | awk '!/Status: Down/{print $2}'|while read i;do
echo "$i: $(dig "$DNS" -x $i +short +search)"
done

View file

@ -0,0 +1,7 @@
#!/bin/bash
git checkout -b tmp
git branch -f master tmp
git checkout master
git branch -d tmp
git commit -m "Merged detached head into master" .

View file

@ -18,7 +18,7 @@
#MSC_LOGFILE="${MSC_LOGDIR}/git.log"
[ -d "${MSC_LOGDIR}" ] || mkdir -p "${MSC_LOGDIR}"
[ -z "${MSC_GIT_REMOTE_NAME+x}" ] && export MSC_GIT_REMOTE_NAME=origin
[ -z "${MSC_GIT_BRANCH+x}" ] && export MSC_GIT_BRANCH=master
[ -z "${MSC_GIT_BRANCH:+x}" ] && export MSC_GIT_BRANCH=master
@ -37,6 +37,7 @@ EOF
set -- $(getopt -u -o hrs --long headless,force-repo-update,force-submodules-update -- "$@" )
loginfo "git checkout-options: $@"
while [ $# -gt 0 ]; do
case $1 in
-h|--headless)
@ -45,45 +46,52 @@ while [ $# -gt 0 ]; do
shift
;;
-r|--force-repo-update)
dosubmodupdate="true"
dorepomodupdate="true"
shift
;;
-s|--force-submodules-update)
dosubmodupdate="true"
shift
;;
--)
shift
break
;;
*)
echo "1: $1"
PRE=""
echo bla
shift
;;
esac
done
# If TAG is set, checkout is always headless.
[ -z "${MSC_GIT_TAG:+x}" ] || { export MSC_GIT_BRANCH=${MSC_GIT_TAG}; export PRE=""; }
# If MSC_GIT_TAG is set, checkout is always headless.
[ -z "${MSC_GIT_TAG:+x}" ] || { export MSC_GIT_BRANCH=${MSC_GIT_TAG}; export PRE=""; echo "DEBUG"; }
# Output
#echo -n " remote: ${MSC_GIT_REMOTE_NAME}, branch: ${MSC_GIT_BRANCH}: "
# Check for updates in submodules only if last check was INTERVALL hours in the past
#if [ $(cat ${MSC_BASE%/}${MSC_BASE:+/}.last_update_submodules 2>/dev/null || echo 0 ) \
[ -z "${MSC_GIT_UPD_SUBMOD_STATFILE+x}" ] && export MSC_GIT_UPD_SUBMOD_STATFILE="${MSC_BASE%/}${MSC_BASE:+/}.last_update_submodules"
[ -z "${MSC_GIT_UPD_REPO_STATFILE+x}" ] && export MSC_GIT_UPD_REPO_STATFILE="${MSC_BASE%/}${MSC_BASE:+/}.last_update_repo"
if [ $(stat --printf %Y ${MSC_GIT_UPD_SUBMOD_STATFILE} 2>/dev/null || echo 0 ) \
-lt $(date --date="${MSC_GIT_SUBMODULES_UPDATE_INTERVALL-${MSC_GIT_SUBMODULES_UPDATE_INTERVALL_DEFAULT}} hours ago" "+%s") \
-a ${MSC_GIT_SUBMODULES_UPDATE-${MSC_GIT_SUBMODULES_UPDATE_DEFAULT-true}} ]; then
[ -z "${dorepoupdate+x}" ] && dorepoupdate="true"
fi
[ -z "${MSC_GIT_UPD_SUBMOD_STATFILE+x}" ] && export MSC_GIT_UPD_SUBMOD_STATFILE="${MSC_BASE%/}${MSC_BASE:+/}.last_update_submodules"
if [ $(stat --printf %Y ${MSC_GIT_UPD_REPO_STATFILE} 2>/dev/null || echo 0 ) \
-lt $(date --date="${MSC_GIT_REPO_UPDATE_INTERVALL-${MSC_GIT_REPO_UPDATE_INTERVALL_DEFAULT}} hours ago" "+%s") \
-a ${MSC_GIT_REPO_UPDATE-${MSC_GIT_REPO_UPDATE_DEFAULT-true}} ]; then
[ -z "${dosubmodupdate+x}" ] && dosubmodupdate="true"
[ -z "${dorepoupdate+x}" ] && dorepoupdate="true"
fi
if [ $(stat --printf %Y ${MSC_GIT_UPD_SUBMOD_STATFILE} 2>/dev/null || echo 0 ) \
-lt $(date --date="${MSC_GIT_SUBMODULES_UPDATE_INTERVALL-${MSC_GIT_SUBMODULES_UPDATE_INTERVALL_DEFAULT}} hours ago" "+%s") \
-a ${MSC_GIT_SUBMODULES_UPDATE-${MSC_GIT_SUBMODULES_UPDATE_DEFAULT-true}} ]; then
[ -z "${dosubmodupdate+x}" ] && dosubmodupdate="true"
fi
#echo $SGIT fetch ${MSC_GIT_REMOTE_NAME} -p 1>&2
if $dorepoupdate; then
loginfo "fetch repo${dosubmodupdate:+ and submodules}"
#$SGIT fetch ${dosubmodupdate:+--recurse-submodules} ${MSC_GIT_REMOTE_NAME} -p 2>>"${MSC_LOGFILE}"|| { logwarn fetch failed; gitupdateend; exit 1; }
$SGIT fetch ${dosubmodupdate:+--recurse-submodules} ${MSC_GIT_REMOTE_NAME} -p 2>>"${MSC_LOGFILE}"|| { logwarn fetch failed; gitupdateend; exit 1; }
if ${dosubmodupdate:-false}; then
lastupdatesubmodules
@ -93,8 +101,8 @@ if $dorepoupdate; then
if $SGIT diff-index --ignore-submodules --exit-code HEAD -- >> "${MSC_LOGFILE}" ; then
cat << EOF >> "${MSC_LOGFILE}"
no changes in local repo
$SGIT checkout repo ${PRE}${PRE:+/}${MSC_GIT_BRANCH}
EOF
$SGIT checkout ${PRE}${PRE:+/}${MSC_GIT_BRANCH}
EOF
$SGIT checkout ${PRE}${PRE:+/}${MSC_GIT_BRANCH} 1>>"${MSC_LOGFILE}" 2>>"${MSC_LOGFILE}"|| { gitupdateend; exit 2; }
$SGIT merge FETCH_HEAD 1>>"${MSC_LOGFILE}" 2>>"${MSC_LOGFILE}"|| { gitupdateend; exit 3; }
touch $MSC_GIT_UPD_REPO_STATFILE

84
bin/git-proxy Executable file
View file

@ -0,0 +1,84 @@
#! /bin/bash
# connect to the Git repository through a SOCKS proxy
# default setting is to use port 1080 on the local host
proxy="localhost:1080"
from="default"
# check if there is a value in the git configuration
if git config --get socks.proxy >& /dev/null; then
proxy=`git config --get socks.proxy`
from="git's socks.proxy"
fi
# check if a generic proxy has been defined in the environment
if [ -n "$ALL_PROXY" ]; then
proxy="$ALL_PROXY"
from="\$ALL_PROXY"
fi
if [ -n "$all_proxy" ]; then
proxy="$all_proxy"
from="\$all_proxy"
fi
# check if a SOCKS proxy has been defined in the environment
if [ -n "$SOCKS_PROXY" ]; then
proxy="$SOCKS_PROXY"
from="\$SOCKS_PROXY"
fi
if [ -n "$socks_proxy" ]; then
proxy="$socks_proxy"
from="\$socks_proxy"
fi
if [ -n "$SOCKS5_PROXY" ]; then
proxy="$SOCKS5_PROXY"
from="\$SOCKS5_PROXY"
fi
if [ -n "$socks5_proxy" ]; then
proxy="$socks5_proxy"
from="\$socks5_proxy"
fi
# check if a git specific SOCKS proxy has been defined in the environment
if [ -n "$GIT_SOCKS_PROXY" ]; then
proxy="$GIT_SOCKS_PROXY"
from="\$GIT_SOCKS_PROXY"
fi
function usage() {
cat << @EOF
Usage:
`basename $0` HOST PORT
Helper script to connect to a Git repository over the git:// protocol at host HOST and port PORT through a SOCKS proxy at $proxy ($from).
To use the proxy for all git:// traffic, set the core.gitproxy option to "git-proxy":
git config core.gitproxy "git-proxy"
To use the proxy only for some reporitories, use the syntax explained in git-config(1).
To configure which proxy to use, set an appropriate environment variable (see below) or socks.proxy option to the proxy address, for example "localhost:1080":
git config socks.proxy "localhost:1080"
The address of the proxy is read from (in order of priority):
- the GIT_SOCKS_PROXY environment variable;
- the SOCKS_PROXY or SOCKS5_PROXY environment variable;
- the ALL_PROXY environment variable (see curl(1));
- the socks.proxy git option;
- the default value: localhost:1080 .
@EOF
}
if [ -z "$1" ] || [ -z "$2" ] || [ -n "$3" ]; then
usage
exit 1
fi
# connect through the specifid proxy
nc -x "$proxy" "$1" "$2"

7
bin/git-submodule-fix Executable file
View file

@ -0,0 +1,7 @@
#!/bin/bash
for arg
do
echo $arg
find . -name "`basename $arg`" | grep "$arg\$" | xargs rm -fr
done

22
bin/ldap_createaccount Executable file
View file

@ -0,0 +1,22 @@
#!/bin/bash
USEROUS=( $(ldapsearch -LLL -Z -H ldap://${LDAP_HOST_DEFAULT} -D ${LDAP_ADMIN_BIND_DN} -x -w $(pass ${PASS_ID_LDAP_ADMIN}|head -n 1) -s one -b ou=users,dc=schuerz,dc=at '(objectClass=organizationalUnit)' ou|grep "^ou"|awk '{print $2}') )
for uou in ${USEROUS[@]} ; do
echo "User OU: $uou"
UID_HIGHEST=$(ldapsearch -LLL -Z -H ldap://${LDAP_HOST_DEFAULT} -D ${LDAP_ADMIN_BIND_DN} -x -w $(pass ${PASS_ID_LDAP_ADMIN}|head -n 1) -b ou=$uou,ou=users,dc=schuerz,dc=at '(&(dcAccountStatus=active)(objectClass=posixAccount))' uidNumber|grep "^uidNumber"|awk '{print $2}'|sort|tail -n1)
GID_HIGHEST=$(ldapsearch -LLL -Z -H ldap://${LDAP_HOST_DEFAULT} -D ${LDAP_ADMIN_BIND_DN} -x -w $(pass ${PASS_ID_LDAP_ADMIN}|head -n 1) -b ou=$uou,ou=users,dc=schuerz,dc=at '(&(dcAccountStatus=active)(objectClass=posixAccount))' gidNumber|grep "^gidNumber"|awk '{print $2}'|sort|tail -n1)
echo UID_HIGHEST: $UID_HIGHEST
echo GID_HIGHEST: $GID_HIGHEST
let "UID_HIGHEST=UID_HIGHEST+1"
let "GID_HIGHEST=GID_HIGHEST+1"
echo UID_NEXT: $UID_HIGHEST
echo GID_NEXT: $GID_HIGHEST
done

95
bin/signpubkey Executable file
View file

@ -0,0 +1,95 @@
#!/bin/bash
usage() {
cat << EOF
Usage: $(dirname $0) [-n|--principals] <principal>[,<principal>[,<principal>[,...]]] [-V|--valid-time] <TIME> [-s|--serialnumber] <INT> [-S|-serialnumber-file] <filename> [-I|--identity] <identity> publickey
EOF
}
default_serialnumberfile="${HOME}/ssh-ca/serialnumbers/serialnumber"
set -- $(getopt -u -o hHn:V:s:S:I:tU --long help,host,user,principals:,valid-time:,serialnumber:,serialnumber-file:,identity:,hms -- "$@"|| exit $?)
while : ;do
case $1 in
-h|--help)
usage
break
;;
-H|host)
host_or_user=host
shift
;;
-U|user)
host_or_user=user
shift
;;
-n|--principals)
shift
principals=$1
shift
;;
-V|--valid-time)
shift
validtime="${1}"
shift
;;
-S|--serialnumber)
shift
serialnumber=$1
shift
;;
-s|--serialnumber-file)
shift
serialnumberfile="$1"
shift
;;
-I|--identity)
shift
identity=${1}
shift
;;
-t|--hms)
# t wie token
shift
hms=true
;;
--)
shift
break
;;
*)
echo wrong argument $1 >&2
usage
exit 1
;;
esac
done
[ -z "${validtime+x}" ] && validtime="+8W"
[ -z "${identity+x}" ] && identity=${USER}@$(hostname -f)
[ -z "${serialnumberfile+x}" ] && serialnumberfile=${default_serialnumberfile}
[ -z "${serialnumber+x}" ] && serialnumber=$(sed -i -r 's/^([0-9]+)$/echo "$((\1+1))"/ge' "${serialnumberfile}"; cat "${serialnumberfile}" )
[ -z "${principals+x}" ] && { echo "no principals given"; usage; exit 1; }
CABASE=~/ssh-ca
host_or_user=user
case $host_or_user in
host)
CAPATH=$CABASE/${host_or_user^^}_CA/${host_or_user}
;;
user)
CAPATH=$CABASE/${host_or_user^^}_CA/${host_or_user}_ca.pub
esac
if ${hms:-false};then
echo ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca.pub -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"
ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca.pub -D $P11M -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"
else
echo ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"
ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"
fi

View file

@ -2,7 +2,9 @@
set -eu
set -x
[ -z "${PKCS11_MODULE+x}" ] && PKCS11_MODULE="$(dnf repoquery --installed -l p11-kit | grep \/p11-kit-proxy.so\$ | head -1)"
which dnf >/dev/null 2>&1 [ -z "${P11M+x}" ] && P11M="$(dnf repoquery --installed -l p11-kit | grep \/p11-kit-proxy.so\$ | head -1)"
which dpkg >/dev/null 2>&1 && [ -z "${P11M+x}" ] && P11M="$(dpkg -L p11-kit-modules|grep \/p11-kit-proxy.so\$ | head -1)"
echo SSH_AGENT_PID before: $SSH_AGENT_PID
@ -11,13 +13,13 @@ echo SSH_AGENT_PID before: $SSH_AGENT_PID
echo SSH_AGENT_PID after: $SSH_AGENT_PID
#if ssh-add -l | grep -q "${PKCS11_MODULE}"; then
#if ssh-add -l | grep -q "${P11M}"; then
# # Remove any stale loaded keys from token, ssh-agent does not automatically
# # reconnect with the token when you reinsert it.
# ssh-add -e "${PKCS11_MODULE}"
# ssh-add -e "${P11M}"
#fi
ssh-add -e "${PKCS11_MODULE}" 2>/dev/null
ssh-add -e "${P11M}" 2>/dev/null
echo $?
# Tell ssh-agent to use the keys on the token
ssh-add -s "${PKCS11_MODULE}"
ssh-add -s "${P11M}"

View file

@ -7,7 +7,7 @@ for f in logerror logwarn loginfo logdebug logtrace ENTRY EXIT SCRIPTENTRY SCRIP
:
else
fx=${f//log/}
#echo create function $f for $fx
echo create function $f for $fx >&2
eval "$f () { \
local loglevels; \
declare -a loglevels; \
@ -73,6 +73,31 @@ EOF
}
check_token(){
# it's the same as "token" in functions.sh
# defined here also, to work also in environments, where functions.sh couldn't be sourced
[ -z "${P11M:+x}" ] && { P11M=$PKCS11_MODULE; export P11M; }
# If DISPLAY is set, ssh-add calls ssh-askpass, and if its in remote-terminal, it wont work
# So remember and unset DISPLAY, and set it at the end again, if it was set before
[ $DISPLAY ] && local DISPLAY_ORIG=$DISPLAY
[ $DISPLAY ] && logtrace "unset DISPLAY: $DISPLAY"
[ $DISPLAY ] && unset DISPLAY
# Write public keys of all in agent stored keys to a temporary file
local tmppubkey="$(mktemp -p ${XDG_RUNTIME_DIR} pubkey.XXXXXX.pub)"
logtrace "tmppubkey: $tmppubkey"
loginfo "$(ssh-add -L > $tmppubkey)"
# Check if public-keys in tmppubkey are working. They are not working, if you removed and add back hardware-token.
loginfo "$(ssh-add -T ${tmppubkey}|| { ssh-add -e $P11M; ssh-add -s $P11M; } )"
logdebug "$(rm "${tmppubkey}")"
logdebug "$(ssh-add -l )"
[ $DISPLAY_ORIG ] && logtrace "reset DISPLAY=$DISPLAY_ORIG"
[ $DISPLAY_ORIG ] && export DISPLAY=$DISPLAY_ORIG
}
createonly=false
tokenonly=false
readd=false
@ -117,16 +142,16 @@ while :; do
done
SCRIPTENTRY
[ -z "${SSH_IDENTITIES_DIR+x}" ] && { SSH_IDENTITIES_DIR="${SSH_IDENTITIES_DEFAULT_DIR-${HOME}/.ssh/identities}"; export SSH_IDENTITIES_DIR; }
[ -z "${SSH_AGENTS_DIR+x}" ] && { SSH_AGENTS_DIR=${SSH_AGENTS_DEFAULT_DIR-~/.ssh/agents}; export SSH_AGENTS_DIR; }
[ -z "${SSH_IDENTITIES_DIR+x}" ] && { SSH_IDENTITIES_DIR="${SSH_IDENTITIES_DEFAULT_DIR-${HOME}/.ssh/identities}"; export SSH_IDENTITIES_DIR; }
[ -z "${SSH_AGENTS_DIR+x}" ] && { SSH_AGENTS_DIR=${SSH_AGENTS_DEFAULT_DIR-~/.ssh/agents}; export SSH_AGENTS_DIR; }
[ -z "${SSH_AGENT_SOCKETS_DIR+x}" ] && { SSH_AGENT_SOCKETS_DIR=${SSH_AGENT_SOCKETS_DEFAULT_DIR-~/.ssh/agents}; export SSH_AGENT_SOCKETS_DIR; }
[ -z "${SSH_AGENT_OPTIONS+x}" ] && { SSH_AGENT_OPTIONS=${SSH_AGENT_DEFAULT_OPTIONS--t 7200 }; export SSH_AGENT_OPTIONS; }
logtrace "SSH_AGENTS_DIR: $SSH_AGENTS_DIR"
[ -z "${SSH_AGENT_OPTIONS+x}" ] && { SSH_AGENT_OPTIONS=${SSH_AGENT_DEFAULT_OPTIONS--t 7200 }; export SSH_AGENT_OPTIONS; }
logtrace " SSH_AGENTS_DIR: $SSH_AGENTS_DIR"
logtrace "SSH_AGENT_SOCKETS_DIR: $SSH_AGENT_SOCKETS_DIR"
logtrace "SSH_IDENTITIES_DIR: $SSH_IDENTITIES_DIR"
[ -z "${SSH_AGENTS_DIR-x}" ] || mkdir -vp "$SSH_AGENTS_DIR"
[ -z "${SSH_AGENT_SOCKETS_DIR-x}" ] || mkdir -vp "$SSH_AGENT_SOCKETS_DIR"
[ -z "${SSH_IDENTITIES_DIR-x}" ] || mkdir -vp "$SSH_IDENTITIES_DIR"
logtrace " SSH_IDENTITIES_DIR: $SSH_IDENTITIES_DIR"
[ -z "${SSH_AGENTS_DIR-x}" ] || mkdir -vp "$SSH_AGENTS_DIR"
[ -z "${SSH_AGENT_SOCKETS_DIR-x}" ] || mkdir -vp "$SSH_AGENT_SOCKETS_DIR"
[ -z "${SSH_IDENTITIES_DIR-x}" ] || mkdir -vp "$SSH_IDENTITIES_DIR"
agent-start-or-restart () {
@ -227,6 +252,8 @@ agent-load-identity-keys () {
local agentsocket
local fingerprints
declare -a fingerprints
local pubkeysonly
declare -a pubkeysonly
local fingerprint
local tokenfingerprint
@ -248,6 +275,7 @@ agent-load-identity-keys () {
logdebug "$f"
done
if ! $tokenonly ; then
# load keys
for key in $(ls ${SSH_IDENTITIES_DIR}/${ssh_identity}/id_*|grep -v "pub$\|so$\|config$\|public$"); do
fingerprint=$(ssh-keygen -l -f $key|awk '{print $2}')
if [[ ${fingerprints[*]} =~ "$fingerprint" ]]; then
@ -266,19 +294,52 @@ agent-load-identity-keys () {
done
fi
if ! $keyonly ; then
# load tokens
for pubkey in $(ls ${SSH_IDENTITIES_DIR}/${ssh_identity}/id_*|grep "pub$\|public$"|grep -v "cert.pub"); do
if $( ls ${pubkey%.pub} 1>/dev/null 2>&1);then
echo "pubkey with privkey: $pubkey"
else
echo "pubkey without privkey: $pubkey"
pubkeysonly+=($pubkey)
fi
if [ -e "${pubkey%.pub}-cert.pub" ]; then
#logwarn "${pubkey%.pub}-cert.pub: $(date +%s -d $(ssh-keygen -L -f "${pubkey%.pub}-cert.pub"|awk '$1 == "Valid:"{print $5}'))"
#logwarn "now: $(date +%s -d NOW)"
cert_exp_date=$(ssh-keygen -L -f "${pubkey%.pub}-cert.pub"|awk '$1 == "Valid:"{print $5}')
#[ $(date +%s -d $(ssh-keygen -L -f "${pubkey%.pub}-cert.pub"|awk '$1 == "Valid:"{print $5}')) -gt $(date +%s -d NOW) ] \
[ $(date +%s -d $cert_exp_date) -gt $(date +%s -d NOW) ] \
|| logwarn "CERTIFICATE IS NOT VALID ANYMORE: ${pubkey%.pub}-cert.pub"
#[ $(date +%s -d $(ssh-keygen -L -f "${pubkey%.pub}-cert.pub"|awk '$1 == "Valid:"{print $5}')) -lt $(date +%s -d "$SSH_CERT_VALIDITY_WARN_SEC") ] \
[ $(date +%s -d $cert_exp_date) -lt $(date +%s -d "$SSH_CERT_VALIDITY_WARN_SEC") ] \
&& logwarn "CERTIFICATE expires in $(echo "scale=0; ( `date -d $cert_exp_date +%s` - `date -d now +%s`) / (24*3600)" | bc -l) days: ${pubkey%.pub}-cert.pub"
fi
done
loginfo "pubkeysonly: ${pubkeysonly[@]} (count: ${#pubkeysonly[*]})"
for key in $(ls ${SSH_IDENTITIES_DIR}/${ssh_identity}/*|grep "\.so$"); do
logdebug "P11M: ${P11M:-not set} - key: $key"
#[ -e "${P11M-x}" ] || [ "$(readlink - f $key)" == "$P11M" ] || key="$P11M"
[ "$(readlink - f $key)" == "$P11M" ] || key="$P11M"
logdebug "P11M: ${P11M:-not set} - key: $key"
echo "P11M: ${P11M:-not set} - key: $key"
tokenfingerprint="$(ssh-keygen -l -D $key|tr -s ' '|awk '{print $2}')"
if [[ ${fingerprints[*]} =~ "$tokenfingerprint" ]]; then
logdebug "token: $key ($tokenfingerprint) is loaded"
check-pubkeysonly
if $readd || $remove ; then
$readd && logdebug "re-add token $key"
$remove && logdebug "remove token $key"
logdebug "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -e ${key} 2>&1)"
$remove || logdebug "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -s ${key} 2>&1)"
echo agentfile1 $agentfile \$SSH_ADD_OPTIONS $key >&2
logdebug "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -e "${key}" 2>&1)"
ssh-runinagent $agentfile echo $SSH_AUTH_SOCK >&2
$remove || logdebug "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -s "${key}" 2>&1)"
fi
else
logdebug "token: $key is not loaded -> load it"
logdebug "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -e ${key} 2>&1)"
logdebug "$(ssh-runinagent $agentfile ssh-add -v ${SSH_ADD_OPTIONS} -e ${key} 2>&1)"
$remove || logdebug "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -s ${key} 2>&1)"
fi
done
@ -292,6 +353,22 @@ agent-load-identity-keys () {
EXIT
}
function check-pubkeysonly () {
if [ ${#pubkeysonly[*]} -gt 0 ] ; then
for p in ${pubkeysonly[@]}; do
ssh-runinagent $agentfile ssh-add -T ${p} 2>&1 || { $remove || readd=true; break; }
done
else
logwarn "obviously there is no pubkey for the token in ${SSH_IDENTITIES_DIR}/${ssh_identity}/"
logwarn "you can add the pubkey with"
logwarn " ssh-add -L > ${SSH_IDENTITIES_DIR}/${ssh_identity}/id_etoken.pub"
logwarn "make sure, only the token is loaded into ssh-agent with"
logwarn " ssh-add -l"
logwarn "only one line should be the output"
fi
logdebug "readd: $readd"
}
ssh-runinagent () {
ENTRY
@ -316,7 +393,15 @@ ssh-runinagent () {
}
agent-start-or-restart $ssh_identity
! $createonly && agent-load-identity-keys $ssh_identity
if [[ $SSH_TTY || $X2GO_SESSION ]] ; then
logdebug "run with forwarded ssh-agent"
check_token
res=1
else
logdebug "run with local ssh-agent"
agent-start-or-restart $ssh_identity
! $createonly && agent-load-identity-keys $ssh_identity
res=0
fi
SCRIPTEXIT
exit $?
exit $res

240
bin/trashmail Executable file
View file

@ -0,0 +1,240 @@
#!/bin/bash
# creates trash email for registration for online-services
# email is hashed from domain of service + login-username from linux-system
# or only unhashed service-domain
# this created email-address is added to LDAP target email als dcMailAlias
# also added to pass passwordmanager of user
[ -e ${MSC_BASE}/defaults.conf ] && . ${MSC_BASE}/defaults.conf
LDAP_HOST=${LDAP_HOST_DEFAULT}
BIND_DN=${LDAP_ADMIN_BIND_DN}
PASS_ID=${PASS_ID_LDAP_ADMIN}
OWN_DOMAIN=${TRASHMAIL_OWN_DOMAIN_DEFAULT}
TARGET_MAIL=${TRASHMAIL_TARGET_MAIL_DEFAULT}
HASHED_DEFAULT=${TRASHMAIL_HASHED_DEFAULT}
HASHLENGTH_DEFAULT=8
PWOPTS_DEFAULT="-c -n -s"
PWLENGTH_DEFAULT=50
usage () {
cat << EOF
usage: ${0} <OPTIONS> <URL> [<PWLENGTH>]
URL: https://target.domain.tld:8080/path/to/site | target.domain.tld
PWLENGTH: Integer, count characters in generated password
OPTIONS:
--delete delete trashmail from LDAP
-d include domain from <URL> in username: 8ee948ae.target.domain.tld@mydomain.tld
-f|--force force overwrite existing entry in pass
-h|--hashed create hash from domain and linux-login-user (${USER})
--help show this help/usage
-l|--length <INTEGER>|full cut hashed part of username to <INTGER> characters from start (default: ${HASHLENGHT_DEFAULT})
-n|--not-hashed do not hash username from targetdomain and linux-login-user
-t|--target-mail <TARGET_MAIL> Emailadress for which trashmail is created
-w|--full-hash do not cut hash (same as »-l full«)
-y|--symbols same option as in pwgen. Include at least one special character in the password.
EOF
}
# TODO: how exit main-shell from error in subshell???
getopt -u -o dfhl:nt:wy --long delete,force,hashed,help,not-hashed,hashlength:,whole-hash,symblols,target-mail: -- "$@" || exit $?
set -- $(getopt -u -o dfhl:nt:wy --long delete,force,hashed,help,not-hashed,hashlength:,whole-hash,symblols,target-mail: -- "$@"|| exit $?)
echo @: $@
while : ; do
case $1 in
--delete)
ACTION=delete
shift
;;
-d)
INCLUDE_DOMAIN=true
shift
;;
-f|--force)
FORCE=true
shift
;;
-h|--hashed)
HASHED=true
shift
;;
--help)
usage
exit 0
;;
-l|--hashlength)
HASHLENGTH=$2
shift; shift;
;;
-n|--not-hashed)
HASHED=false
shift
;;
-t|--target-mail)
TARGET_MAIL=$2
shift; shift;
;;
-w|--full-hash)
HASHLENGTH=full
shift;
;;
-y)
PWOPTS="${PWOPTS} -y"
shift
;;
--)
shift
break
;;
*)
echo wrong argument $1 >&2
usage
exit 1
;;
esac
done
# Urlparsing inspired by: https://gist.github.com/joshisa/297b0bc1ec0dcdda0d1625029711fa24
# Referenced and tweaked from http://stackoverflow.com/questions/6174220/parse-url-in-shell-script#6174447
URL=$1
protocol=$(echo "$1" | grep "://" | sed -e's,^\(.*://\).*,\1,g')
# Remove the protocol
url_no_protocol=$(echo "${1/$protocol/}")
# Use tr: Make the protocol lower-case for easy string compare
protocol=$(echo "$protocol" | tr '[:upper:]' '[:lower:]')
# Extract the user and password (if any)
# cut 1: Remove the path part to prevent @ in the querystring from breaking the next cut
# rev: Reverse string so cut -f1 takes the (reversed) rightmost field, and -f2- is what we want
# cut 2: Remove the host:port
# rev: Undo the first rev above
userpass=$(echo "$url_no_protocol" | grep "@" | cut -d"/" -f1 | rev | cut -d"@" -f2- | rev)
pass=$(echo "$userpass" | grep ":" | cut -d":" -f2)
if [ -n "$pass" ]; then
user=$(echo "$userpass" | grep ":" | cut -d":" -f1)
else
user="$userpass"
fi
# Extract the host
hostport=$(echo "${url_no_protocol/$userpass@/}" | cut -d"/" -f1)
host=$(echo "$hostport" | cut -d":" -f1)
port=$(echo "$hostport" | grep ":" | cut -d":" -f2)
path=$(echo "$url_no_protocol" | grep "/" | cut -d"/" -f2-)
echo "Create a trashmail-address for ${host}" >&2
if ${HASHED:-$HASHED_DEFAULT}; then
case $HASHLENGTH in
full)
TRASHUSER="$(echo ${host}${USER}|md5sum -|awk '{print $1}')"
;;
[0-9]|[0-9][0-9])
TRASHUSER="$(echo ${host}${USER}|md5sum -|awk '{print $1}'|cut -c-${HASHLENGTH})"
;;
*)
TRASHUSER="$(echo ${host}${USER}|md5sum -|awk '{print $1}'|cut -c-${HASHLENGTH_DEFAULT})"
;;
esac
if ${INCLUDE_DOMAIN:-false} ;then
$INCLUDE_DOMAIN && TRASHUSER=${TRASHUSER}.${host}
fi
else
TRASHUSER=${host}
fi
TRASHMAIL=${TRASHUSER}@${OWN_DOMAIN}
echo $TRASHMAIL
PASS_ENTRY="${PASS_PREFIX%/}${PASS_PREFIX:+/}${host}/${TRASHMAIL}"
case ${ACTION:-create} in
create)
#set -x
echo "Add new trashmail to LDAP"
cat << EOF |ldapmodify -Z -H ldap://${LDAP_HOST} -D ${BIND_DN} -x -w $(pass ${PASS_ID}|head -n 1)
dn: dcSubMailAddress=${TARGET_MAIL},ou=mailaccounts,dc=schuerz,dc=at
changetype: modify
add: dcMailAlternateAddress
dcMailAlternateAddress: ${TRASHMAIL}
EOF
if [ $? -gt 0 ]; then
echo pass find ${PASS_ENTRY}
pass find ${TRASHMAIL}|grep -v "Search Terms"
case $? in
1)
# returncode 1 from grep means, no line selected. so no entry exists, create new one
echo "Entry not found --> create new pass-entry"
CREATE=true
;;
0)
if ${FORCE-false} ; then
echo "Entry found but enforced to overwrite"
CREATE=true
else
echo
echo "Current password for ${PASS_ENTRY} is $(pass ${PASS_ENTRY} |head -n1)."
read -p "Overwrite? [Y|n]: "
echo ""
case $REPLY in
y|Y)
CREATE=true
;;
*)
CREATE=false
;;
esac
fi
;;
*)
echo "Something went wrong"
exit 2
;;
esac
else
CREATE=true
fi
if ${CREATE-false}; then
cat << EOF |pass insert -m ${PASS_ENTRY}
$(pwgen ${PWOPTS_DEFAULT} ${PWOPTS} ${2:-$PWLENGTH_DEFAULT} 1)
email: ${TRASHMAIL}
login: ${TRASHUSER}
url: ${URL}
comment: trashemail autogenerated md5-hash from »${host}${USER}« cut to ${HASHLENGTH}. Delete email, when account deleted!!!
targetmail for this trashmail is ${TARGET_MAIL}
EOF
fi
#set +x
#pass git commit "${PASS_ENTRY}"
pass -c ${PASS_ENTRY}
;;
delete)
cat << EOF |ldapmodify -Z -H ldap://${LDAP_HOST} -D ${BIND_DN} -x -w $(pass ${PASS_ID}|head -n 1)
dn: dcSubMailAddress=${TARGET_MAIL},ou=mailaccounts,dc=schuerz,dc=at
changetype: modify
delete: dcMailAlternateAddress
dcMailAlternateAddress: ${TRASHMAIL}
EOF
;;
*)
echo action $ACTION not known
exit 1
;;
esac

View file

@ -13,3 +13,14 @@ export MSC_LOGLEVEL_DEFAULT="INFO"
export MSC_FILELOGLEVEL_DEFAULT="DEBUG"
export LOGLEVEL_DEFAULT="${MSC_LOGLEVEL_DEFAULT}"
export FILELOGLEVEL_DEFAULT="${MSC_FILELOGLEVEL_DEFAULT}"
export STARTTMUXDEFAULT=false
export STARTTMUXREMOTEDEFAULT=true
export LDAP_HOST_DEFAULT=ldap.schuerz.at
export LDAP_ADMIN_BIND_DN=cn=admin,dc=schuerz,dc=at
export PASS_ID_LDAP_ADMIN="LDAP/binddn-admin"
export TRASHMAIL_OWN_DOMAIN_DEFAULT=schuerz.at
export TRASHMAIL_TARGET_MAIL_DEFAULT=wertstoffe@xundeenergie.at
export TRASHMAIL_HASHED_DEFAULT=true
export SSH_CERT_VALIDITY_WARN_SEC="14 days"

26
defaults.conf.sample Normal file
View file

@ -0,0 +1,26 @@
### GIT ####
export MSC_GIT_REPO_UPDATE_DEFAULT=true
export MSC_GIT_REPO_UPDATE_INTERVALL_DEFAULT=48 #intervall in hours
export MSC_GIT_SUBMODULES_UPDATE_DEFAULT=true
export MSC_GIT_SUBMODULES_UPDATE_INTERVALL_DEFAULT=196 #intervall in hours
export MSC_GIT_SUBMODULES_SERVER_DEFAULT="git://github.com/"
export MSC_GIT_CHECKOUTSCRIPT_OPTIONS_DEFAULT="-h"
export MSC_GIT_TIMEOUT_DEFAULT=5s
export MSC_GIT_CHECKOUT_TIMEOUT_DEFAULT=20s
### LOGGING ###
# Possible loglevel-values: ERROR, WARN, INFO, DEBUG, TRACE
export MSC_LOGLEVEL_DEFAULT="INFO"
export MSC_FILELOGLEVEL_DEFAULT="DEBUG"
export LOGLEVEL_DEFAULT="${MSC_LOGLEVEL_DEFAULT}"
export FILELOGLEVEL_DEFAULT="${MSC_FILELOGLEVEL_DEFAULT}"
export STARTTMUXDEFAULT=false
export STARTTMUXREMOTEDEFAULT=true
export LDAP_HOST_DEFAULT=ldap.example.com
export LDAP_ADMIN_BIND_DN=cn=admin,dc=example,dc=com
export PASS_ID_LDAP_ADMIN="LDAP/binddn-admin"
export TRASHMAIL_OWN_DOMAIN_DEFAULT=example.com
export TRASHMAIL_TARGET_MAIL_DEFAULT=user@example.com
export TRASHMAIL_HASHED_DEFAULT=true
export SSH_CERT_VALIDITY_WARN_SEC="14 days"

View file

@ -20,7 +20,7 @@ promptcommandmunge () {
esac
EXIT
}
## this function updates in combination with PROMPT_COMMAND the shell-environment-variables in tmus-sessions,
## this function updates in combination with PROMPT_COMMAND the shell-environment-variables in tmux-sessions,
# every time prompt is called. It does it only, when called from tmux (Environment TMUX is set)
function _tmux_hook() {
# [ -z "${TMUX+x}" ] || eval "$(tmux show-environment -s)"
@ -31,10 +31,6 @@ function _tmux_hook() {
}
# Append `;` if PROMPT_COMMAND is not empty
#PROMPT_COMMAND="${PROMPT_COMMAND:+$PROMPT_COMMAND;}_tmux_hook"
# To make the code more reliable on detecting the default umask
function _umask_hook {
# Record the default umask value on the 1st run
@ -47,9 +43,6 @@ function _umask_hook {
fi
}
# Append `;` if PROMPT_COMMAND is not empty
#PROMPT_COMMAND="${PROMPT_COMMAND:+$PROMPT_COMMAND;}_umask_hook"
cpb() {
scp "$1" ${SSH_CLIENT%% *}:~/Work
}
@ -64,8 +57,10 @@ sudo() {
GIT_COMMITTER_NAME="$GIT_COMMITTER_NAME" \
TMUX="$TMUX" \
SSHS="$SSHS" \
P11M="$P11M" \
SSH_TTY="$SSH_TTY" \
SSH_AUTH_SOCK="$SSH_AUTH_SOCK" \
http_proxy="$http_proxy" \
"$@"
}
@ -99,6 +94,7 @@ create_symlinks() {
setproxy () {
# https://gist.github.com/yougg/5d2b3353fc5e197a0917aae0b3287d64
ENTRY
local CONFIG
case $# in
@ -112,24 +108,60 @@ setproxy () {
return 1
else
CONFIG=$(find ${SETPROXY_CREDS_DIRS[*]} -mindepth 1 -name "$1.conf" -print -quit 2>/dev/null )
NO_PROXY=$(find ${SETPROXY_CREDS_DIRS[*]} -mindepth 1 -name "no_proxy.conf" -print -quit 2>/dev/null )
fi
;;
esac
logwarn "CONFIG: ${CONFIG}"
if [ -e ${CONFIG} ]; then
loginfo -n "${CONFIG} existing: "
logdebug -n "${CONFIG} existing: "
source "${CONFIG}"
loginfo "sourced"
export PROXY_CREDS="${PROXY_USER}:${PROXY_PASS}@"
loginfo "read $CONFIG"
export PROXY_CREDS="$(urlencode ${PROXY_USER})${PROXY_PASS:+:}$(urlencode ${PROXY_PASS})"
else
loginfo "${CONFIG} not existing"
export PROXY_CREDS=""
# export PROXY_CREDS=""
fi
export {http,https,ftp}_proxy="http://${PROXY_CREDS}${PROXY_SERVER}:${PROXY_PORT}"
export {HTTP,HTTPS,FTP}_PROXY="http://${PROXY_CREDS}${PROXY_SERVER}:${PROXY_PORT}"
export {http,https,ftp,rsync,all}_proxy="${PROXY_PROTO:-http}://${PROXY_CREDS}${PROXY_CREDS:+@}${PROXY_SERVER}${PROXY_PORT:+:}${PROXY_PORT}"
export {HTTP,HTTPS,FTP,RSYNC,ALL}_PROXY="${PROXY_PROTO:-http}://${PROXY_CREDS}${PROXY_CREDS:+@}${PROXY_SERVER}${PROXY_PORT:+:}${PROXY_PORT}"
no_proxy="127.0.0.1,localhost"
#no_proxy=$no_proxy,$(echo 10.{0..255}.{0..255}.{0..255}|tr ' ' ',')
#no_proxy=$no_proxy,$(echo 172.{16..31}.{0..255}.{0..255}|tr ' ' ',')
#no_proxy=$no_proxy,$(echo 192.168.{0..255}.{0..255}|tr ' ' ',')
# no_proxy=${no_proxy}${PROXY_IGNORE:+,}${PROXY_IGNORE}
# . $NO_PROXY
export no_proxy
git config -f ~/.gitconfig_local http.sslverify false
git config -f ~/.gitconfig_local http.proxy $http_proxy
git config -f ~/.gitconfig_local https.proxy $http_proxy
# only for 'github.com'
git config -f ~/.gitconfig_local http.https://github.com.proxy $http_proxy
EXIT
}
unsetproxy () {
ENTRY
unset {HTTP,HTTPS,FTP,RSYNC,ALL}_PROXY
unset PROXY_{CREDS,USER,PASS,SERVER,PORT,PROTO,IGNORE}
unset {http,https,ftp,rsync,all}_proxy
unset proxy_{creds,user,pass,server,port}
unset no_proxy NO_PROXY
git config -f ~/.gitconfig_local --unset http.proxy
git config -f ~/.gitconfig_local --unset http.sslverify false
git config -f ~/.gitconfig_local --unset https.proxy
# git config -f ~/.gitconfig_local --unset core.sshCommand
git config -f ~/.gitconfig_local --unset http.https://github.com.proxy
EXIT
}
mencfs () {
ENTRY
@ -166,7 +198,7 @@ mencfs () {
logdebug "DESTDIR: $DESTDIR"
[ -d "$DESTDIR" ] || mkdir -p "$DESTDIR"
$PASS "${PKEY}" 1>/dev/null 2>&1 || { logerror "entry $PKEY does not exist in passwordsotre"; return 5; }
local ENCFS_PASSWORD=$($PASS "${PKEY}" | head -n1)
local ENCFS_PASSWORD=$($PASS show "${PKEY}")
if [ -z ${ENCDIR+x} -a -d ${ENCDIR} ];then
logerror "no encrypted directory found -> exit"
@ -242,7 +274,7 @@ kinit-custom () {
[ -z ${PKEY+x} ] && return 3
$PASS "${PKEY}" 1>/dev/null 2>&1 || return 3
local KERBEROS_PASSWORD=$($PASS "${PKEY}" | head -n1)
local KERBEROS_PASSWORD=$($PASS show "${PKEY}")
local KERBEROS_USER=$($PASS "${PKEY}" | grep login | sed -e 's/^login: //' )
#echo KERBEROS_PASSWORD: $KERBEROS_PASSWORD
loginfo "Get kerberos-ticket for: $KERBEROS_USER@$REALM"
@ -266,25 +298,17 @@ ${KERBEROS_PASSWORD}
EXIT
}
unsetproxy () {
ENTRY
unset {HTTP,HTTPS,FTP}_PROXY
unset PROXY_{CREDS,USER,PASS,SERVER,PORT}
unset {http,https,ftp}_proxy
unset proxy_{creds,user,pass,server,port}
EXIT
}
git-mergedetachedheadtomaster () {
ENTRY
git checkout -b tmp
git branch -f master tmp
git checkout master
git branch -d tmp
git commit -m "Merged detached head into master" .
#git push origin master
EXIT
}
# transfered to bin
#git-mergedetachedheadtomaster () {
# ENTRY
# git checkout -b tmp
# git branch -f master tmp
# git checkout master
# git branch -d tmp
# git commit -m "Merged detached head into master" .
# #git push origin master
# EXIT
#}
pathmunge () {
ENTRY
@ -332,10 +356,13 @@ sshmyshellconfig() {
echo
echo cleanup from old config
rm -rf ~/server-config && echo rm -rf ~/server-config
echo git clone
echo mkdir -p ~/.local
mkdir -p ~/.local
#echo git clone
echo git clone --recurse-submodules $MSC_GIT_REMOTE \${HOME}/${MSC_SUBPATH}
git clone --recurse-submodules $MSC_GIT_REMOTE \${HOME}/${MSC_SUBPATH}
date "+%s" > \${HOME}/${MSC_SUBPATH}/.last_update_submodules
date "+%s" > \${HOME}/${MSC_SUBPATH}/.last_update_repo
# date "+%s" > \${HOME}/${MSC_SUBPATH}/.last_update_repo
EOF
EXIT
@ -345,6 +372,7 @@ EOF
sshs() {
ENTRY
local LOGLEVEL="WARN"
# MKTMPCMD='mktemp $(echo ${XDG_RUNTIME_DIR}/bashrc.XXXXXXXX.conf)'
# VIMMKTMPCMD="mktemp ${XDG_RUNTIME_DIR}/vimrc.XXXXXXXX.conf"
@ -353,17 +381,19 @@ sshs() {
local TMPBASHCONFIG=$(mktemp -p ${XDG_RUNTIME_DIR} -t bashrc.XXXXXXXX --suffix=.conf)
local FILELIST=( "${MSC_BASE}/functions.sh" "${MSC_BASE}/logging" "${MSC_BASE}/myshell_load_fortmpconfig" $(getbashrcfile) ~/.aliases "${MSC_BASE}/aliases" "${MSC_BASE}/PS1" "${MSC_BASE}/bash_completion.d/*" )
echo "FILELIST: $FILELIST"
logdebug "FILELIST: ${FILELIST[@]}"
if [ -e "${HOME}/.config/myshellconfig/sshs_addfiles.conf" ] ; then
for f in $(cat "${HOME}/.config/myshellconfig/sshs_addfiles.conf");do
[ -e "$f" ] && {\
echo "add $f to FILELIST"; \
logdebug "add $f to FILELIST"; \
FILELIST+=("$f"); }
done
fi
echo "FILELIST: $FILELIST"
local SSH_OPTS="-o VisualHostKey=no -o ControlMaster=auto -o ControlPersist=15s -o ControlPath=~/.ssh/ssh-%r@%h:%p"
logdebug "FILELIST1: ${FILELIST[@]}"
local SSH_OPTS="-o VisualHostKey=no -o ControlMaster=auto -o ControlPersist=20s -o ControlPath=~/.ssh/master-%C"
#local SSH_OPTS="-o VisualHostKey=no -o ControlMaster=yes -o ControlPersist=10s -o ControlPath=~/.ssh/ssh-%C"
# Read /etc/bashrc or /etc/bash.bashrc (depending on distribution) and /etc/profile.d/*.sh first
ssh -T ${SSH_OPTS} $@ "pwd" >/dev/null 2>/dev/null || { logerror "Server $@ not reachable -> exit"; return 1; }
cat << EOF >> "${TMPBASHCONFIG}"
[ -e /etc/bashrc ] && BASHRC=/etc/bashrc
[ -e /etc/bash.bashrc ] && BASHRC=/etc/bash.bashrc
@ -390,16 +420,22 @@ EOF
for f in ${FILELIST[*]}; do
if [ -e $f ]; then
echo add $f to tmpconfig
logdebug "add $f to tmpconfig"
cat "$f" >> "${TMPBASHCONFIG}";
fi
done
if [ $# -ge 1 ]; then
if [ -e "${TMPBASHCONFIG}" ] ; then
local RCMD="/bin/bash --noprofile --norc -c "
local REMOTETMPBASHCONFIG=$(ssh -T ${SSH_OPTS} $@ "mktemp -p \${XDG_RUNTIME_DIR-~} -t bashrc.XXXXXXXX --suffix=.conf"| tr -d '[:space:]' )
local REMOTETMPVIMCONFIG=$(ssh -T ${SSH_OPTS} $@ "mktemp -p \${XDG_RUNTIME_DIR-~} -t vimrc.XXXXXXXX --suffix=.conf"| tr -d '[:space:]')
logdebug "create remote bashrc"
logdebug "SSH_OPTS: $SSH_OPTS"
local REMOTETMPBASHCONFIG=$(ssh -T ${SSH_OPTS} $@ "mktemp -p \${XDG_RUNTIME_DIR-~} -t bashrc.XXXXXXXX --suffix=.conf" | tr -d '[:space:]' )
logdebug "REMOTETMPBASHCONFIG: $REMOTETMPBASHCONFIG"
logdebug $(ssh -T ${SSH_OPTS} $@ "stat ${REMOTETMPBASHCONFIG}")
logdebug $(ssh -T ${SSH_OPTS} $@ "hostnamectl")
logdebug "create remote vimrc"
local REMOTETMPVIMCONFIG=$(ssh -T ${SSH_OPTS} $@ "mktemp -p \${XDG_RUNTIME_DIR-~} -t vimrc.XXXXXXXX --suffix=.conf" | tr -d '[:space:]' )
logdebug "REMOTETMPVIMCONFIG: $REMOTETMPVIMCONFIG"
# Add additional aliases to bashrc for remote-machine
cat << EOF >> "${TMPBASHCONFIG}"
@ -413,14 +449,19 @@ title "\$USER@\$HOSTNAME: \$PWD"
loginfo "This bash runs with temporary config from \$BASHRC"
EOF
logdebug "create fill remote bashrc"
ssh -T ${SSH_OPTS} $@ "cat > ${REMOTETMPBASHCONFIG}" < "${TMPBASHCONFIG}"
logdebug $(ssh -T ${SSH_OPTS} $@ "stat ${REMOTETMPBASHCONFIG}")
logdebug "create fill remote vimrc"
ssh -T ${SSH_OPTS} $@ "cat > ${REMOTETMPVIMCONFIG}" < "${MSC_BASE}/vimrc"
local RCMD="/bin/bash --noprofile --norc -c "
RCMD="
trap \"rm -f ${REMOTETMPBASHCONFIG} ${REMOTETMPVIMCONFIG}\" EXIT " ;
logdebug "run remote shell with temporary config"
ssh -t ${SSH_OPTS} $@ "$RCMD; SSHS=true bash -c \"function bash () { /bin/bash --rcfile ${REMOTETMPBASHCONFIG} -i ; } ; export -f bash; exec bash --rcfile ${REMOTETMPBASHCONFIG}\""
rm "${TMPBASHCONFIG}"
else
loginfo "${TMPBASHCONFIG} does not exist. Use »ssh $@«" >&2
logwarn "${TMPBASHCONFIG} does not exist. Using »ssh -t $@«"
ssh -t "$@"
fi
else
@ -477,7 +518,7 @@ vim-repair-vundle () {
getbashrcfile () {
ENTRY
if [ -z ${BASHRC+x} ] ; then
echo "bash uses default" >&2
loginfo "bash uses default"
else
cat /proc/$$/cmdline | xargs -0 echo|awk '{print $3}'
fi
@ -487,7 +528,7 @@ getbashrcfile () {
catbashrcfile () {
ENTRY
if [ -z ${BASHRC+x} ] ; then
echo "bash uses default" >&2
loginfo "bash uses default"
else
#cat $(cat /proc/$$/cmdline | xargs -0 echo|awk '{print $3}')
cat $(getbashrcfile)
@ -556,14 +597,17 @@ cat << EOF
EOF
}
function pdsh-update-hetzner()
function update-hetzner-serverlist()
{
curl -s -H "Authorization: Bearer $(pass hetzner.com/api-token | head -n1)" \
https://api.hetzner.cloud/v1/servers \
| /usr/bin/jq '.servers[].public_net.ipv4.ip'|sed -e 's/\"//g' \
|while read i; do
dig -x $i | awk '$0 !~ /^;/ && $4 == "PTR" {print $5}'
done |sed -s -e 's/\.$//' > ~/.dsh/group/hetzner-servers
for i in basic-services sc xe tu; do
curl -s -H "Authorization: Bearer $(pass show hetzner.com/projects/${i}/api-token)" \
https://api.hetzner.cloud/v1/servers \
| /usr/bin/jq '.servers[].public_net.ipv4.ip'|sed -e 's/\"//g' \
|while read i; do
dig -x $i | awk '$0 !~ /^;/ && $4 == "PTR" {print $5}'
done |sed -s -e 's/\.$//' > ~/.dsh/group/hetzner-servers-${i}
done
cat ~/.dsh/group/hetzner-servers-* > ~/.dsh/group/hetzner-servers
}
function tmuxx() {
@ -707,12 +751,14 @@ gnome-shell-extensions-make-actual-permanent-systemwide() {
sudo mkdir -p "/etc/dconf/profile/"
local line='user-db:user'
if [ -e "${file}" ] ; then
command="grep -xqF -- ${line} ${file} || echo $line >> $file"
logtrace "$command"
sudo sh -c "$command"
fi
local line='system-db:local'
if [ -e "${file}" ] ; then
command="grep -xqF -- ${line} ${file} || echo $line >> $file"
logtrace "$command"
sudo sh -c "$command"
fi
local line='enabled-extensions='
@ -776,7 +822,7 @@ reachable () {
local i
loginfo -n "Try to connect to ${SERVER} (${IP}):${PORT} " >&2
for i in $(seq 1 $SEC); do
logdebug -n "." >&2
loginfo -n "." >&2
if reachable-default ${IP} ${PORT} 2>/dev/null; then
res=0
break
@ -798,14 +844,14 @@ utoken () {
ENTRY
ssh_identity=$1
[ -z "${PKCS11_MODULE+x}" ] && { PKCS11_MODULE=/usr/lib64/p11-kit-proxy.so; export PKCS11_MODULE; }
[ -z "${P11M+x}" ] && { P11M=$PKCS11_MODULE; export P11M; }
if [ -n "${ssh_identity+x}" ]; then
agentfile="${HOME}/.ssh/agents/agent-${ssh_identity}-$(hostname)"
if [ -e "$agentfile" ]; then
local SSH_AUTH_SOCK
local SSH_AGENT_PID
/bin/sh -c ". $agentfile >/dev/null 2>/dev/null; ssh-add -l; ssh-add -e $PKCS11_MODULE; ssh-add -l"
/bin/sh -c ". $agentfile >/dev/null 2>/dev/null; ssh-add -l; ssh-add -e $P11M; ssh-add -l"
fi
fi
EXIT
@ -813,28 +859,36 @@ utoken () {
token(){
[ -z "${PKCS11_MODULE+x}" ] && { PKCS11_MODULE=/usr/lib64/p11-kit-proxy.so; export PKCS11_MODULE; }
# Usage:
# token <identity> will load token in agent. does nothing, if token is already loaded
# token -r|-f|--reload-token <identity> will remove token from agent and add it again (if plugged off and plugged in again
# startagent -t $@
loadagent $@
loginfo "$(ssh-add -s $PKCS11_MODULE)"
loginfo "$(ssh-add -l)"
[ -z "${P11M:+x}" ] && { P11M=$PKCS11_MODULE; export P11M; }
# If DISPLAY is set, ssh-add calls ssh-askpass, and if its in remote-terminal, it wont work
# So remember and unset DISPLAY, and set it at the end again, if it was set before
[ $DISPLAY ] && local DISPLAY_ORIG=$DISPLAY
[ $DISPLAY ] && logtrace "unset DISPLAY: $DISPLAY"
[ $DISPLAY ] && unset DISPLAY
# Write public keys of all in agent stored keys to a temporary file
local tmppubkey="$(mktemp -p ${XDG_RUNTIME_DIR} pubkey.XXXXXX.pub)"
logtrace "tmppubkey: $tmppubkey"
loginfo "$(ssh-add -L > $tmppubkey)"
# Check if public-keys in tmppubkey are working. They are not working, if you removed and add back hardware-token.
loginfo "$(ssh-add -T ${tmppubkey}|| { ssh-add -e $P11M; ssh-add -s $P11M; } )"
logdebug "$(rm "${tmppubkey}")"
logdebug "$(ssh-add -l )"
[ $DISPLAY_ORIG ] && logtrace "reset DISPLAY=$DISPLAY_ORIG"
[ $DISPLAY_ORIG ] && export DISPLAY=$DISPLAY_ORIG
}
token-extract-pubkey() {
if pkcs11-tool --module $PKCS11_MODULE --list-token-slots >&2 ;then
ssh-keygen -i -m pkcs8 -f <(pkcs11-tool --module $PKCS11_MODULE -r --type pubkey $1 $2 |openssl rsa -pubin -inform DER )
if pkcs11-tool --module $P11M --list-token-slots >&2 ;then
ssh-keygen -i -m pkcs8 -f <(pkcs11-tool --module $P11M -r --type pubkey ${1:+--label} ${1} |openssl rsa -pubin -inform DER )
if [ $? -gt 0 ] ; then
token-list-objects
token-list-objects >&2
fi
else
echo "Please insert token. Exit"
echo "Please insert token. Exit" >&2
return 1
fi
}
@ -842,10 +896,10 @@ token-extract-pubkey() {
token-list-objects() {
case $1 in
--login|-l)
pkcs11-tool --module $PKCS11_MODULE --login --list-objects
pkcs11-tool --module $P11M --login --list-objects
;;
*)
pkcs11-tool --module $PKCS11_MODULE --list-objects
pkcs11-tool --module $P11M --list-objects
;;
esac
@ -857,7 +911,7 @@ loadagent() {
af=$(startagent --create-only $1 )
loginfo "Load agent from $af"
unset SSH_AUTH_SOCKET SSH_AGENT_PID
eval $(<$af)
[ -n "${af+x}" ] && eval $(<$af)
logdebug "SSH_AUTH_SOCK: ${SSH_AUTH_SOCK-not set}"
logdebug "SSH_AGENT_PID: ${SSH_AGENT_PID-not set}"
loginfo "currently loaded keys in agent:
@ -973,5 +1027,143 @@ convert_to_subvolume () {
set +x
return 0
}
getfreeip () {
local N=$1
sudo nmap -v -sn -n $1 -oG - | awk '/Status: Down/{print $2}'
}
cporig () {
cp -b -i "${1}" "${1}.orig"
}
vgrename_full () {
altevolumegroup="$1"
neuevolumegroup="$2"
vgrename ${altevolumegroup} ${neuevolumegroup}
sed -i "s/${altevolumegroup}/${neuevolumegroup}/g" /etc/fstab
sed -i "s/${altevolumegroup}/${neuevolumegroup}/g" /boot/grub/grub.cfg
sed -i "s/${altevolumegroup}/${neuevolumegroup}/g" /boot/grub/menu.lst
sed -i "s/${altevolumegroup}/${neuevolumegroup}/g" /etc/initramfs-tools/conf.d/resume
update-initramfs -c -k all
}
getfreeip () {
local N=$1
sudo nmap -v -sn -n $1 -oG - | awk '/Status: Down/{print $2}'
}
getusedip () {
local N=$1
local DNS=$2
sudo nmap -v -sn -n $1 -oG - | awk '!/Status: Down/{print $2}'|while read i;do
echo "$i: $(dig "${DNS:+@}${DNS}" -x $i +short +search)"
done
}
function getdbcreds_jra () {
case $# in
0)
gojirahome
DB_FILE=dbconfig.xml
#cd -
;;
1)
DB_FILE=$1
;;
*)
echo "wrong number of arguments"
return 1
;;
esac
DB_URL="$(grep -oPm1 "(?<=<url>)[^<]+" ${DB_FILE})"
DB_USER="$(grep -oPm1 "(?<=<username>)[^<]+" ${DB_FILE})"
DB_PWD="$(grep -oPm1 "(?<=<password>)[^<]+" ${DB_FILE})"
DB_HOST="$(echo $DB_URL|sed 's@^.*//@@;s@\(^.*\):\(.*\)/\(.*\)$@\1@')"
DB_PORT="$(echo $DB_URL|sed 's@^.*//@@;s@\(^.*\):\(.*\)/\(.*\)$@\2@')"
DB_NAME="$(echo $DB_URL|sed 's@^.*//@@;s@\(^.*\):\(.*\)/\(.*\)$@\3@')"
return 0
}
function getdbcreds_cnf () {
case $# in
0)
gocnfhome
DB_FILE=confluence.cfg.xml
;;
1)
DB_FILE=$1
;;
*)
echo "wrong number of arguments"
cd -
return 1
;;
esac
DB_URL="$(grep -oPm1 "(?<=<property name=\"hibernate.connection.url\">)[^<]+" ${DB_FILE})"
DB_USER="$(grep -oPm1 "(?<=<property name=\"hibernate.connection.username\">)[^<]+" ${DB_FILE})"
DB_PWD="$(grep -oPm1 "(?<=<property name=\"hibernate.connection.password\">)[^<]+" ${DB_FILE})"
DB_HOST="$(echo $DB_URL|sed 's@^.*//@@;s@\(^.*\):\(.*\)/\(.*\)$@\1@')"
DB_PORT="$(echo $DB_URL|sed 's@^.*//@@;s@\(^.*\):\(.*\)/\(.*\)$@\2@')"
DB_NAME="$(echo $DB_URL|sed 's@^.*//@@;s@\(^.*\):\(.*\)/\(.*\)$@\3@')"
cd -
return 0
}
function connectdb () {
case $1 in
jra|jira)
getdbcreds_jra $2
;;
cnf|conf|confluence)
getdbcreds_cnf $2
;;
*)
echo "wrong argument"
return 1
;;
esac
PGPASSWORD=$DB_PWD psql -h $DB_HOST -p $DB_PORT -U $DB_USER $DB_NAME
}
urlencode() {
# urlencode <string>
local LANG=C
local length="${#1}"
for (( i = 0; i < length; i++ )); do
local c="${1:i:1}"
case $c in
[a-zA-Z0-9.~_-]) printf "$c" ;;
*) printf '%%%02X' "'$c" ;;
esac
done
}
urldecode() {
# urldecode <string>
local url_encoded="${1//+/ }"
printf '%b' "${url_encoded//%/\\x}"
}
#EOF

View file

@ -60,6 +60,7 @@ function logerror(){
;;
esac
local msg="$1"
[ -z "${msg:+x}" ] && return 0
timeAndDate=`date`
local loglevels
declare -a loglevels
@ -81,6 +82,7 @@ function logwarn(){
;;
esac
local msg="$1"
[ -z "${msg:+x}" ] && return 0
timeAndDate=`date`
local loglevels
declare -a loglevels
@ -102,6 +104,7 @@ function loginfo(){
;;
esac
local msg="$1"
[ -z "${msg:+x}" ] && return 0
timeAndDate=`date`
local loglevels
declare -a loglevels
@ -124,6 +127,7 @@ function logdebug(){
;;
esac
local msg="$1"
[ -z "${msg:+x}" ] && return 0
timeAndDate=`date`
local loglevels
declare -a loglevels
@ -145,6 +149,7 @@ function logtrace(){
;;
esac
local msg="$1"
[ -z "${msg:+x}" ] && return 0
timeAndDate=`date`
local loglevels
declare -a loglevels

View file

@ -21,6 +21,14 @@ esac
# Load default values, functions, aliases for myshellconfig
if ! $SSHS; then
######################################################################################
# ls is not in color on all systems
export LS_OPTIONS='--color=auto'
eval "`dircolors`"
#######################################################################################
# User specific aliases and function
logdebug "notmpconf"
if [ -e ${MSC_BASE}/functions.sh ]; then
. ${MSC_BASE}/functions.sh
else
@ -29,13 +37,6 @@ if ! $SSHS; then
######################################################################################
# ls is not in color on all systems
export LS_OPTIONS='--color=auto'
eval "`dircolors`"
#######################################################################################
# User specific aliases and function
if [ -d "${MSC_BASE}/bin" ] ; then
@ -80,15 +81,38 @@ if ! $SSHS; then
#cd ${HOME}
# Start tmux if not defined as STARTTMUX in bashrc
if test ! $TMUX && test $SSH_TTY && test $TERM != screen && test $(systemctl status tmux@${USER}.service 1>/dev/null 2>&1; echo $? ) -eq 0; then
STARTTMUXDEFAULT=true
logdebug "attach tmux?"
logdebug "TMUX: $TMUX"
logdebug "SSH_TTY: $SSH_TTY"
logdebug "TERM: $TERM"
logdebug "tmux@${USER}: $(systemctl status tmux@${USER}.service 1>/dev/null 2>&1; echo $? )"
if test $SSH_TTY; then
loginfo "i am remote"
if test ! $TMUX && test $TERM != screen; then
loginfo "no screen"
# if test $(systemctl status tmux@${USER}.service 1>/dev/null 2>&1; echo $? ) -eq 0; then
if tmux has-session -t User || tmux has-session -t "${USER}"; then
loginfo "tmux@${USER} is running"
STARTTMUXDEFAULT=${STARTTMUXREMOTEDEFAULT}
fi
fi
fi
# if test ! $TMUX && test $SSH_TTY && test $TERM != screen && test $(systemctl status tmux@${USER}.service 1>/dev/null 2>&1; echo $? ) -eq 0; then
# : # STARTTMUXDEFAULT=${STARTTMUXREMOTEDEFAULT}
# logwarn "TEST1"
# else
# logwarn "TEST2"
# STARTTMUXDEFAULT=${STARTTMUXREMOTEDEFAULT}
# fi
logdebug "${STARTTMUXDEFAULT}"
unset -f pathmunge
else
# run with temporary config
logdebug "tmpconf"
case $TERM in
*screen*)
loginfo BASHRC: $BASHRC -> source it
@ -117,7 +141,6 @@ export HISTTIMEFORMAT='%F %T '
export HISTSIZE=999999
loginfo "bashrc_add sourced" 2>&1 |tee -a ${MSC_LOGFILE} >&2
#echo "bashrc_add sourced" >&2
# Export several functions for being usable in subshells
export -f token
@ -138,8 +161,3 @@ export -f reachable-default
[ -z "${SSH_AGENTS_DEFAULT_DIR+x}" ] || mkdir -p "${SSH_AGENTS_DEFAULT_DIR}"
#cat << EOF > "${SSH_AGENTS_DEFAULT_DIR}/agent-default-$(hostname)"
#SSH_AUTH_SOCK=${SSH_AUTH_SOCK}; export SSH_AUTH_SOCK;
#SSH_AGENT_PID=${SSH_AGENT_PID}; export SSH_AGENT_PID;
#loginfo Agent pid ${SSH_AGENT_PID};
#EOF

View file

@ -14,7 +14,7 @@ if [ -n "$SSH_AUTH_SOCK" ] && \
chmod 600 ~/.x2go/agentsocket
chown $USER ~/.x2go/agentsocket
# write file name of agent socket into file
loginfo "old agentsock $( cat ~/.x2go/agentsocket)"
logdebug "old agentsock $( cat ~/.x2go/agentsocket)"
echo $SSH_AUTH_SOCK > ~/.x2go/agentsocket
#rm ~/.x2go/agentsocket
#ln -s $SSH_AUTH_SOCK ~/.x2go/agentsocket
@ -28,10 +28,11 @@ fi
# check our client DISPLAY and SSH client IP correspond to
# a running X2Go session and
# check ~/.x2go/agentsocket is a regular file
if which x2golistsessions >/dev/null && \
[ -n "$DISPLAY" ] && \
[ -n "$(x2golistsessions | \
awk -F '|' '":"$3 == "'$DISPLAY'" && \
awk -F '|' '$3 == "'${DISPLAY:1:2}'" && \
$5 == "R" && \
$8 == "'$(echo $SSH_CLIENT | \
awk '{print $1}')'" { print $3 }')" ] && \
@ -44,7 +45,7 @@ if which x2golistsessions >/dev/null && \
if [ -S "$MIGHTBEOURAGENT" ]; then
# export path to agent socket
export SSH_AUTH_SOCK=$MIGHTBEOURAGENT
logdebug "export it"
logdebug "export SSH_AUTH_SOCK=$MIGHTBEOURAGENT"
fi
fi

7
sshs_addfiles.conf Normal file
View file

@ -0,0 +1,7 @@
${MSC_BASE}/functions.sh
${MSC_BASE}/logging
${MSC_BASE}/myshell_load_fortmpconfig
$(getbashrcfile) ~/.aliases
${MSC_BASE}/aliases
${MSC_BASE}/PS1
${MSC_BASE}/bash_completion.d/*

@ -1 +1 @@
Subproject commit e91b178ff832b7bcbbf4d99d9f467f63fd1b76b5
Subproject commit 5d089e418efb1a00f47654014ed085deb3d0c878

@ -1 +1 @@
Subproject commit 1b1b8098419daacb92ca401ad6ee0ca6894a40ca
Subproject commit 7c59902f64dcd7ea356e891274b21144d1ea5948

View file

@ -177,7 +177,7 @@ source-file "${HOME}/.tmux/plugins/tmux-themepack/powerline/block/green.tmuxthem
# source local tmux.config
source-file -q "${HOME}/.local/share/tmux/tmux.conf"
set -g update-environment "SSH_ASKPASS WINDOWID SSH_CONNECTION XAUTHORITY SSH_TTY SSH_AUTH_SOCK DISPLAY"
set -g update-environment "SSH_ASKPASS WINDOWID SSH_CONNECTION XAUTHORITY SSH_TTY SSH_AUTH_SOCK DISPLAY P11M"
#set-environment -g 'SSH_AUTH_SOCK' ~/.ssh/ssh_auth_sock

@ -1 +1 @@
Subproject commit 33e67af2418e4775c2a7abc6e8fef401e697e1eb
Subproject commit bdd9f58b969b153a586d22435c987a846da2922b

@ -1 +1 @@
Subproject commit 3f90fb42d8871920138ace9878502f22a4d91e85
Subproject commit 4138333f5cfb6e21b0f8d63a43add4c70c25cdaf

@ -1 +1 @@
Subproject commit b1afeca8cc02030f450bf1feee015d40988f86e3
Subproject commit 0452b71830b1a219b8cdc68141ee58ec288ea711

@ -1 +1 @@
Subproject commit 0e71462f90fb4bd09121eeba829512cc24ab5c97
Subproject commit 9310f91476a94ee9c2f3a587171893743a343e26

@ -1 +1 @@
Subproject commit ff9b14f14dceecb6c08cb05053ad649c3b6ac250
Subproject commit e1fe727127a813095854a5b063c15e955a77eafb

@ -1 +1 @@
Subproject commit 7414f30365a342e1d89072d474a35913643b6eec
Subproject commit 97bf9ec720662af51ae403b6dfe720d4a24bfcbc

@ -1 +1 @@
Subproject commit 0de4c9df21abf9256091d205148601f718d3a12c
Subproject commit 26f922753a288df639b8d05d13ed62b9b04a26bc

@ -1 +1 @@
Subproject commit c4c639f3cacd1b874ed6f5f196fac772e089c932
Subproject commit 1b320083dc0892b8a874a17c75abfea86c801434

@ -1 +1 @@
Subproject commit 6c18adaf98f369fd302d131e046c92410b4709f0
Subproject commit 4d29c1d6a0def18923b4762c8f85ca3ee5ae6c83

@ -1 +1 @@
Subproject commit 549fb96d5890d5225afda070ca041468c2c770e5
Subproject commit 256702dd1432894b3607d3de6cd660863b331818

@ -1 +1 @@
Subproject commit 07d19f0299762669c6f93fbadb8249da6ba9de62
Subproject commit 8eadb5bd8fead8594d201f7cd78aed912243fd9f

@ -0,0 +1 @@
Subproject commit 429a874ac32d6e3c3cf117b2d83ed70212380ad9

@ -1 +1 @@
Subproject commit 6aaddfde21fe9e7acbe448b92b3cbb67f2fe1fc1
Subproject commit 3c6d80fc59d57ed2fbef14333c0efef02cbcf2f8

View file

@ -17,3 +17,4 @@ install plugins https://github.com/junegunn/fzf.vim.git
install plugins https://github.com/airblade/vim-gitgutter.git
remove plugins https://github.com/Lokaltog/powerline.git
install plugins https://github.com/jamessan/vim-gnupg
install plugins git@git.schuerz.at:/public/vim-soa.git

11
vimrc
View file

@ -468,9 +468,18 @@ let NERDTreeIgnore=['\.pyc$', '\~$'] "ignore files in NERDTree
" write .netrwhist to cache-dir instead of ~/.vim to prevent configcheckout
" problems
let g:netrw_home=$XDG_CACHE_HOME.'/vim'
"let g:nerdtree_tabs_open_on_console_startup=1
let g:nerdtree_tabs_open_on_console_startup=0
" Start NERDTree. If a file is specified, move the cursor to its window.
"autocmd StdinReadPre * let s:std_in=1
"autocmd VimEnter * NERDTree | if argc() > 0 || exists("s:std_in") | wincmd p | endif
" Start NERDTree when Vim is started without file arguments.
autocmd StdinReadPre * let s:std_in=1
autocmd VimEnter * if argc() == 0 && !exists('s:std_in') | NERDTree | endif
let g:NERDTreeGitStatusIndicatorMapCustom= {
\ "Modified" : "✹",
\ "Staged" : "✚",
@ -530,3 +539,5 @@ let g:fzf_layout = { 'window': { 'width': 0.9, 'height': 0.6 } }
" Configure Gitgutter
nmap <Leader>hn <Plug>(GitGutterNextHunk)
nmap <Leader>hp <Plug>(GitGutterPrevHunk)
autocmd BufWritePre /etc/bind/vpn/db.* Soa