Merge remote-tracking branch 'origin/master' into debian

home_external/.bashrc

@@ -186,26 +186,29 @@ colours() {
 
 # ex - archive extractor
 # usage: ex <file>
-ex ()
-{
-  if [ -f $1 ] ; then
-    case $1 in
-      *.tar.bz2)   tar xjf $1   ;;
-      *.tar.gz)    tar xzf $1   ;;
-      *.bz2)       bunzip2 $1   ;;
-      *.rar)       unrar x $1   ;;
-      *.gz)        gunzip $1    ;;
-      *.tar)       tar xf $1    ;;
-      *.tbz2)      tar xjf $1   ;;
-      *.tgz)       tar xzf $1   ;;
-      *.zip)       unzip $1     ;;
-      *.Z)         uncompress $1;;
-      *.7z)        7z x $1      ;;
-      *)           echo "'$1' cannot be extracted via ex()" ;;
-    esac
-  else
+ex() {
+   if [[ ! -f "$1" ]]; then
       echo "'$1' is not a valid file"
+      return 1;
    fi
+   # FIXME 7z kann (theoretisch) tar
+   outdir=${1%.*}
+   case "$1" in
+      *.tar.bz2 | *.tbz | *.tbz2)
+         tar xjf $1 -C $outdir;;
+      *.tar.gz  | *.tgz)
+         tar xzf $1 -C $outdir;;
+      *.tar)
+         tar xf $1 -C $outdir;;
+      *.7z | *.zip | *.gz | *.bz | *.bz2)
+         7z x -o$outdir $1;;
+      *.rar)
+         unrar x $1;;
+      *.Z)
+         uncompress $1;;
+      *)
+         echo "'$1' cannot be extracted via ex()";;
+   esac
 }
 
 # BEGIN_KITTY_SHELL_INTEGRATION

root_external/etc/ssh/sshd_config

@@ -63,10 +63,6 @@ PasswordAuthentication no
 
 # Change to yes to enable challenge-response passwords (beware issues with
 # some PAM modules and threads)
-# FIXME! outdated/ replaced by KbdInteractiveAuthentication?
-ChallengeResponseAuthentication no
-
-# Change to no to disable s/key passwords
 KbdInteractiveAuthentication no
 
 # Kerberos options
@@ -86,7 +82,7 @@ KbdInteractiveAuthentication no
 # be allowed through the KbdInteractiveAuthentication and
 # PasswordAuthentication.  Depending on your PAM configuration,
 # PAM authentication via KbdInteractiveAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
+# the setting of "PermitRootLogin prohibit-password".
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and KbdInteractiveAuthentication to 'no'.
@@ -122,10 +118,10 @@ PrintMotd no # pam does that
 AcceptEnv LANG LC_*
 
 # override default of no subsystems
-# DEACTIVATED because no need for sftp and differences between debian and arch
 # debian
 Subsystem   sftp   /usr/lib/openssh/sftp-server
 # arch
+# DEACTIVATED because no need for sftp and differences between debian and arch
 # Subsystem   sftp   /usr/lib/ssh/sftp-server
 
 # Example of overriding settings on a per-user basis

scripts/backup_edi.sh

@@ -1,28 +1,32 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-source /sync/home_external/.bash_aliases
+source /sync/scripts/backup_resources.sh
+# FSFIXME expand_aliases still needed?
 shopt -s expand_aliases # make aliases work
 
-
 ###############################
 ### update local backup dir ###
 ###############################
 
 BACKUP_DIR=/sync/backup
+ensureDirectory $BACKUP_DIR
 BACKUP_DIR_HOME=$BACKUP_DIR/home
-rsync_backup $HOME/.ssh/ $BACKUP_DIR_HOME/.ssh/
+ensureDirectory $BACKUP_DIR_HOME
+
+backupDirectory $HOME/.ssh/ $BACKUP_DIR_HOME/.ssh/
 
 BACKUP_DIR_ROOT=$BACKUP_DIR/root/etc
-sd rsync_backup /etc/ddclient/ $BACKUP_DIR_ROOT/ddclient/
-sd rsync_backup /etc/ddclient.conf $BACKUP_DIR_ROOT/
-sd rsync_backup /etc/letsencrypt/ $BACKUP_DIR_ROOT/letsencrypt/
-sd rsync_backup /etc/nginx/ $BACKUP_DIR_ROOT/nginx/
-sd rsync_backup /etc/ssh/ $BACKUP_DIR_ROOT/ssh/
-sd rsync_backup /etc/wireguard/ $BACKUP_DIR_ROOT/wireguard/
-sd rsync_backup /etc/hosts $BACKUP_DIR_ROOT/
-sd rsync_backup /etc/docker/daemon.json $BACKUP_DIR_ROOT/docker/
+ensureRootDirectory $BACKUP_DIR_ROOT
 
+sd rsync_backup /etc/hosts $BACKUP_DIR_ROOT/
+sd rsync_backup /etc/ddclient.conf $BACKUP_DIR_ROOT/
+backupRootDirectory /etc/ddclient/ $BACKUP_DIR_ROOT/ddclient/
+backupRootDirectory /etc/letsencrypt/ $BACKUP_DIR_ROOT/letsencrypt/
+backupRootDirectory /etc/nginx/ $BACKUP_DIR_ROOT/nginx/
+backupRootDirectory /etc/ssh/ $BACKUP_DIR_ROOT/ssh/
+backupRootDirectory /etc/wireguard/ $BACKUP_DIR_ROOT/wireguard/
+backupRootDirectory /etc/docker/daemon.json $BACKUP_DIR_ROOT/docker/
 
 #####################
 ### upload backup ###
@@ -34,3 +38,4 @@ fi
 
 sd rsync_backup -e "ssh -i /home/edi/.ssh/id_ed25519" --filter="P /home/docker" /sync/backup/ fabian@garrus:/citadel/backup/edi/
 sd rsync_backup -e "ssh -i /home/edi/.ssh/id_ed25519" /home/edi/docker/ fabian@garrus:/citadel/backup/edi/home/docker/
+echo "Note: remember to keep /citadel in sync!"

scripts/backup_garrus.sh

@@ -1,22 +1,22 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-source /sync/home_external/.bash_aliases
+source /sync/scripts/backup_resources.sh
+# FSFIXME expand_aliases still needed?
 shopt -s expand_aliases # make aliases work
 
-
 ###############################
 ### update local backup dir ###
 ###############################
 
 BACKUP_DIR=/sync/backup
+ensureDirectory $BACKUP_DIR
 BACKUP_DIR_HOME=$BACKUP_DIR/home
-if [[ !($HOME/.bash_aliases_local -ef $BACKUP_DIR_HOME/.bash_aliases_local) ]]; then
-   ln $HOME/.bash_aliases_local $BACKUP_DIR_HOME/.bash_aliases_local
-fi
+ensureDirectory $BACKUP_DIR_HOME
 
 BACKUP_DIR_ROOT=$BACKUP_DIR/root/etc
-rsync_backup --link-dest="/etc/ssh/" /etc/ssh/ $BACKUP_DIR_ROOT/ssh/
+ensureRootDirectory $BACKUP_DIR_ROOT
+backupRootDirectory /etc/ssh/ $BACKUP_DIR_ROOT/ssh/
 if [[ !(-d $BACKUP_DIR_ROOT/udev/rules.d) ]]; then
    mkdir $BACKUP_DIR_ROOT/udev/rules.d
 fi
@@ -24,6 +24,7 @@ if [[ !(/etc/udev/rules.d/69-hdparm.rules -ef $BACKUP_DIR_ROOT/udev/rules.d/69-h
    ln /etc/udev/rules.d/69-hdparm.rules $BACKUP_DIR_ROOT/udev/rules.d/69-hdparm.rules
 fi
 
+backupRootDirectory /etc/ssh/ $BACKUP_DIR_ROOT/ssh/
 
 #####################
 ### upload backup ###

scripts/backup_resources.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+source /sync/home_external/.bash_aliases
+shopt -s expand_aliases # make aliases work
+
+
+backupRootDirectory() {
+   ensureRootDirectory $2
+   sd rsync_backup $1 $2
+}
+
+
+backupDirectory() {
+   ensureDirectory $2
+   rsync_backup $1 $2
+}
+
+
+ensureRootDirectory() {
+   ensureDirectory $1
+   sudo chown root:root $1
+}
+
+
+ensureDirectory() {
+   if [[ ! -d $1 ]]; then
+      mkdir -p $1
+   fi
+}

scripts/backup_shepard.sh

@@ -1,24 +1,27 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-source /sync/home_external/.bash_aliases
+source /sync/scripts/backup_resources.sh
+# FSFIXME expand_aliases still needed?
 shopt -s expand_aliases # make aliases work
 
-
 ###############################
 ### update local backup dir ###
 ###############################
 
 BACKUP_DIR=/sync/backup
+ensureDirectory $BACKUP_DIR
 BACKUP_DIR_HOME=$BACKUP_DIR/home
-if [[ !($HOME/.bash_aliases_local -ef $BACKUP_DIR_HOME/.bash_aliases_local) ]]; then
-   ln $HOME/.bash_aliases_local $BACKUP_DIR_HOME/.bash_aliases_local
-fi
-rsync_backup --link-dest="$HOME/.ssh/" $HOME/.ssh/ $BACKUP_DIR_HOME/.ssh/
+ensureDirectory $BACKUP_DIR_HOME
 
+backupDirectory $HOME/.ssh/ $BACKUP_DIR_HOME/.ssh/
 
 #####################
 ### upload backup ###
 #####################
 
+if [[ "$1" == "--noupload" ]]; then
+   exit 0;
+fi
+
 sd rsync_backup -e "ssh -i /home/fabian/.ssh/id_ed25519" $BACKUP_DIR/ fabian@garrus:/citadel/backup/shepard/