diff --git a/.gitignore b/.gitignore index a3a987c..51a5598 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,5 @@ nodeslist pkg/ src/ venv/ +wiki/ **/__pycache__ diff --git a/Makefile b/Makefile index 84b3360..64c3496 100644 --- a/Makefile +++ b/Makefile @@ -1,25 +1,21 @@ SHELL := /bin/bash BACKUPDIR := /usr/local/backup +LIST := aether.bash aether-gen.bash remote-backup +SYSDLIST := aether-gen.service aether-gen.timer aether.service aether.timer compile: @echo Nothing to do -install: compile +install: compile ${LIST} ${SYSDLIST} + # Scripts mkdir -p ${pkgdir}/usr/local/sbin - mkdir -p ${pkgdir}/usr/local/etc - install -m 0700 -o aether aether.bash ${pkgdir}/usr/local/sbin - install -m 0700 -o root -g root aether-gen.bash ${pkgdir}/usr/local/sbin - install -m 0700 -o root -g root remote-backup ${pkgdir}/usr/local/sbin - install -m 0700 -o aether -d ${pkgdir}/usr/local/etc/Aether - install -m 0700 -o aether -d ${pkgdir}/usr/local/etc/Aether/backup-entries + for i in ${LIST}; do install -m 700 -o root -g root ${pkgdir}/usr/local/sbin; done + # systemd mkdir -p ${pkgdir}/usr/lib/systemd/system - for i in *.service *.timer; do install -m 0640 -o root -g root "$$i" ${pkgdir}/usr/lib/systemd/system; done - -checkperm: - for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chmod 0700 "$$i"; done - for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chown root: "$$i"; done - chown aether: ${pkgdir}/usr/local/sbin/aether.bash - for i in *.service *.timer; do chown root: ${pkgdir}/usr/lib/systemd/system; chmod 0640 ${pkgdir}/usr/lib/systemd/system; done + for i in ${SYSDLIST}; do install -m 0664 -o root -g root ${pkgdir}/usr/lib/systemd/system; done + # Config + mkdir -p ${pkgdir}/usr/local/etc + install -m 0700 -o aether -d ${pkgdir}/usr/local/etc/Aether clean: @bash -c 'printf "This will irreversibly destroy all backups. Confirm? [YES/no] " ; read answer; [ "$$answer" == "YES" ] && exit 0; exit 1' @@ -29,5 +25,22 @@ clean: find /usr/local/backup -type f -exec shred {} \; rm -Rf /usr/local/backup; fi +uninstall: + rm -Rf ${pkgdir}/usr/local/sbin/aether*.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether ${pkgdir}/usr/lib/systemd/system/aether*.service ${pkgdir}/usr/lib/systemd/system/aether*.timer + test: python3 -m pytest + +checkperm: + for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chmod 0700 "$$i"; done + for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chown root: "$$i"; done + chown aether: ${pkgdir}/usr/local/sbin/aether.bash + for i in *.service *.timer; do chown root: ${pkgdir}/usr/lib/systemd/system; chmod 0640 ${pkgdir}/usr/lib/systemd/system; done + +diff: + for i in ${LIST}; do diff ./$$i ${pkgdir}/usr/local/sbin/$$i; done + for i in ${SYSDLIST}; do diff ./$$i ${pkgdir}/usr/lib/systemd/system/$$i; done + +reverse: + for i in ${LIST}; do cp ${pkgdir}/usr/local/sbin/$$i . ; done + for i in ${SYSDLIST}; do cp ${pkgdir}/usr/lib/systemd/system/$$i . ; done diff --git a/README.md b/README.md index 60769a6..c4e17f4 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Dictionary.com translates Aether as the Greek personification of the clear sky, # Installing You have two options to install this project: -* Arch Linux and related distros: Run `makepkg -sri` +* Arch Linux and related distributions: Install with `makepkg` or from AniNIX/Maat * Other operating systems: Run `make install` ## Initial setup @@ -20,11 +20,17 @@ Individual projects wanting to be backed up by the Aether system should add a fi A SIEM filter should be set up to search for successful logins of the `aether` user. # Relevant Files and Software -Aether installs a script for rsync-based remote backups. We implement this policy through the two 8TB hard-drives, at least one of which is always off-site, that can be plugged into a hotswap bay of a hypervisor along with a virtual machine that mounts the ArchLinux iso and the drive. Admins use the included ssh daemon in the iso to present the drive as a backup target, +Aether installs a script for rsync-based remote backups. We implement this policy through the two 8TB hard-drives, at least one of which is always off-site, that can be plugged into a hot-swap bay of a hypervisor along with a virtual machine that mounts the ArchLinux iso and the drive. Admins use the included ssh daemon in the iso to present the drive as a backup target, or the backup drive can be mounted directly onto Core via a SATA cage An additional backup is the generated `/home/aether/aether.enc` file. This is a more targeted backup of databases and file indexes. -Keep in mind that all of [AniNIX/Foundation](https://foundation.aninix.net) is naturally a backup solution -- so long as anyone has a clone of the repo, the data survives. +Keep in mind that all of [AniNIX/Foundation](https://foundation.aninix.net) is naturally a backup solution -- so long as anyone has a clone of the repo, the data survives. Aether should only be used to back up databases, such as the following: + +* Anope DB +* PostgreSQL +* Elasticsearch + +One should have significant care before using the aether.enc solution for tools like AniNIX/Yggdrasil or AniNIX/Foundation. # Available Clients The only client is direct server access on one of the client nodes. @@ -33,4 +39,4 @@ The only client is direct server access on one of the client nodes. Equivalent services are DropBox, Google Drive, iCloud, or OneDrive. # Notes -Those deploying Aether should maintain a nodeslist file that only root can read. +Those deploying Aether should track the `/home/aether/.ssh/authorized_keys` file strongly on the generating server, so that all keys are specifically tracked for their origin & who handles them. diff --git a/tests/test_units.py b/tests/test_units.py index 0631e0f..ca7ae2f 100644 --- a/tests/test_units.py +++ b/tests/test_units.py @@ -5,7 +5,14 @@ import subprocess # TODO Still need to devise a testing strategy (https://foundation.aninix.net/AniNIX/Aether/issues/1) def test_aether(): print(os.getcwd()) - fh = os.popen("echo bye | timeout 3 sudo sftp -o IdentityFile=/home/aether/.ssh/aether aether@aninix.net", mode='r', buffering=-1) + fh = os.popen("./aether.bash -h", mode='r', buffering=-1) output = fh.read() retcode = fh.close() - assert retcode == None + assert retcode == None and 'Usage' in output + +def test_aether_gen(): + print(os.getcwd()) + fh = os.popen("./aether-gen.bash -h", mode='r', buffering=-1) + output = fh.read() + retcode = fh.close() + assert retcode == None and 'Usage' in output