From a3ffa9dc31c5a6c1efe2f76fb2501c2c7f372234 Mon Sep 17 00:00:00 2001 From: dev Date: Thu, 4 Aug 2016 11:15:34 -0500 Subject: [PATCH] Converting to Git Old log from Bazaar was: ------------------------------------------------------------ revno: 6 committer: dev branch nick: Aether timestamp: Tue 2016-05-17 15:59:19 -0500 message: Fixing Crontab issue on client install Updating server backup scripts to be smarter for user conf. ------------------------------------------------------------ revno: 5 committer: dev branch nick: Aether timestamp: Fri 2016-05-06 14:26:00 -0500 message: Should be a | not a > ------------------------------------------------------------ revno: 4 committer: dev branch nick: Aether timestamp: Fri 2016-05-06 14:24:21 -0500 message: Updating Makefile and ignore list ------------------------------------------------------------ revno: 3 committer: dev branch nick: Aether timestamp: Thu 2016-04-21 15:38:52 -0500 message: Filling out README and adding key creation to Makefile ------------------------------------------------------------ revno: 2 committer: dev branch nick: Aether timestamp: Thu 2016-04-21 15:30:52 -0500 message: Adding ignore list ------------------------------------------------------------ revno: 1 committer: dev branch nick: Aether timestamp: Wed 2016-04-20 16:14:34 -0500 message: Initial branch -- NOT committing SSH keys or archive. --- .gitignore | 4 ++++ Makefile | 43 ++++++++++++++++++++++++++++++++++++++++++ README.bzr | 3 +++ aether-gen.bash | 33 ++++++++++++++++++++++++++++++++ aether.bash | 20 ++++++++++++++++++++ make-user.bash | 16 ++++++++++++++++ server-backup | 50 +++++++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 169 insertions(+) create mode 100644 .gitignore create mode 100644 Makefile create mode 100644 README.bzr create mode 100755 aether-gen.bash create mode 100755 aether.bash create mode 100644 make-user.bash create mode 100755 server-backup diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6b2a8b4 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +aether +aether.pub +aether.tar.gz +nodeslist diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..8fd4e57 --- /dev/null +++ b/Makefile @@ -0,0 +1,43 @@ +SHELL := /bin/bash + +null: + @echo You must specify client or server in a call to make. + +client: user aether.bash + cp aether.bash /home/aether/aether.bash + chown aether /home/aether/aether.bash + chmod 0700 /home/aether/aether.bash + /home/aether/aether.bash + echo '0 1 * * * /home/aether/aether.bash &>> /var/log/aether.log' | su cford -c "crontab" + touch /var/log/aether.log + chown aether:aether /var/log/aether.log + +server: user aether-gen.bash aether.pub server-backup + bash ./aether-gen.bash + cp ./aether.pub /home/aether/.ssh/authorized_keys + chmod 0600 /home/aether/.ssh/authorized_keys + chown aether /home/aether/.ssh/authorized_keys + mkdir /usr/local/etc/Aether + chown aether /usr/local/etc/Aether + chmod 0700 /usr/local/etc/Aether + touch /usr/local/etc/Aether/nodeslist + @echo You have the files. Add aether-gen.bash and server-backup to root's crontab. + @echo Track client nodes in /usr/local/etc/Aether/nodeslist + +user: aether make-user.bash + /bin/bash ./make-user.bash + +tar: aether.bash aether make-user.bash + tar cvf aether.tar aether.bash aether Makefile make-user.bash + gzip aether.tar + +node-command: + @echo -ne 'bzr checkout bzr://aninix.net/Aether' + @echo + @echo -ne 'cd Aether; cat > aether # Paste the private key' + @echo + @echo -ne 'make client' + @echo + +keys: + ssh-keygen -t rsa -P "" -f aether diff --git a/README.bzr b/README.bzr new file mode 100644 index 0000000..4391209 --- /dev/null +++ b/README.bzr @@ -0,0 +1,3 @@ +The Aether project is a way to back up server configuration, source code, and file lists to remote locations. These remote locations should be securely controlled by the same administrative staff as the server owner. + +To create the aether and aether.pub files, run "make keys". This should not be repeated. diff --git a/aether-gen.bash b/aether-gen.bash new file mode 100755 index 0000000..36cb321 --- /dev/null +++ b/aether-gen.bash @@ -0,0 +1,33 @@ +#!/bin/bash + +export LOGFILE="/var/log/aether-gen.log" + +cd /home/aether + +date >> $LOGFILE + +mkdir -p target + +# Get a list of what's in Yggdrasil, in case we need to go hunting. +echo "Getting file list..." +find /srv/yggdrasil/ > target/Yggdrasil_file_list.txt + +# Copy the nonrecoverable data to the target location. +rsync -azl --delete-after /usr/local/src/ target/src/ +rsync -azl --delete-after /usr/local/etc/ target/etc/ +rsync -azl --delete-after /usr/local/backup target/ + +date > target/last-updated + +echo Creating and compressing archive... +tar cvf aether.tar target +gzip -f aether.tar + +echo Encrypting archive +openssl enc -aes256 -pass file:/usr/local/etc/Aether/pass.txt -in aether.tar.gz -out aether.enc +rm aether.tar.gz + +echo Created aether archive. + +date >> $LOGFILE +echo >> $LOGFILE diff --git a/aether.bash b/aether.bash new file mode 100755 index 0000000..9779fcb --- /dev/null +++ b/aether.bash @@ -0,0 +1,20 @@ +#!/bin/bash + +### DO NOT EDIT THIS FILE ### + +if [ ! -f /home/aether/.ssh/aether ]; then + echo "Need to have the aether key to run." + exit +fi +cd /home/aether +if [ $(ls ./aether-*.tar.gz | wc -l) -gt 7 ]; then + rm $(ls -tr ./aether-*.tar.gz | head -n 1); +fi +export TARGET="aether-"$(date +%F)".tar.gz" +printf "get /aether/aether.enc %s\nbye\n" $TARGET | sftp -o IdentityFile=./.ssh/aether aether@aninix.net + +rm -Rf target +gunzip -c $TARGET | tar xvf - + +echo "Failsafe populated. Today\'s was saved to "$TARGET +exit diff --git a/make-user.bash b/make-user.bash new file mode 100644 index 0000000..993639f --- /dev/null +++ b/make-user.bash @@ -0,0 +1,16 @@ +#!/bin/bash + +if id -u "aether" >/dev/null 2>&1; then + echo User exists +else + echo User does not exist. + useradd -m -s $(grep bash /etc/shells) aether + mkdir -p /home/aether/.ssh + cp ./aether /home/aether/.ssh/ + cp ./aether.bash /home/aether + chmod u+x /home/aether/aether.bash + chown -R aether /home/aether + chmod -R go-rwx /home/aether + echo '0 0 * * * /bin/bash /home/aether/aether.bash' | crontab + passwd aether +fi diff --git a/server-backup b/server-backup new file mode 100755 index 0000000..c9d0318 --- /dev/null +++ b/server-backup @@ -0,0 +1,50 @@ +#!/bin/bash + +export BACKUPDIR="/usr/local/backup" + +## Backup small development ## + +rsync -avzl --delete-after /root/bin/ "$BACKUPDIR"/root/bin/ + +## Backup configuration ## +cp -r /etc/skel "$BACKUPDIR" +cp /etc/bash.bashrc "$BACKUPDIR"/bash.bashrc +cp /etc/vimrc "$BACKUPDIR"/vimrc + +## Backup the good servers ## + +### SSHD ### +rsync -avzl --delete-after /etc/ssh "$BACKUPDIR"/ssh + +### Lighttpd ### +rsync -avzl --delete-after /etc/lighttpd/ "$BACKUPDIR"/lighttpd +rsync -avzl --delete-after /srv/http/ "$BACKUPDIR"/http/ + +### Cron ### +crontab -l > "$BACKUPDIR"/$(whoami)-crontab + +### IRC Server ### +rsync -avzl --delete-after /etc/unrealircd/ "$BACKUPDIR"/unrealircd +rsync -avzl --delete-after /etc/anope/ "$BACKUPDIR"/anope +# TODO add backup + +### TheRaven ### +# Added under Bazaar source + +### Bazaar ### +rsync -avzl --delete-after /srv/bazaar/ "$BACKUPDIR"/bazaar +rsync -avzl --delete-after /usr/local/src/ "$BACKUPDIR"/src +rsync -avzl --delete-after /usr/local/etc/ "$BACKUPDIR"/usr-local-etc + +### Wiki ### +rsync -avzl --delete-after /usr/share/webapps/mediawiki/LocalSettings.php "$BACKUPDIR"/mediawiki-localsettings.php + +### Singularity ### +# Backed up by postgres backup + +### PostgreSQL ### +# TODO + +# TODO evaluate for other services not covered. + +date > /var/log/server-backup.log