blob: 8fed32b3474efb1ff6d8689e7f09d884cd57722e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
#!/bin/sh
set -eu
addr="$1"
rsync_hrun_to_addr()
{
local owner="$1"
local from="$2"
local to="$3"
shift 3
echo
echo "$from --> $to"
ssh -A -i $HOME/.ssh/liw-openpgp.pub \
debian@"$addr" \
sudo env 'SSH_AUTH_SOCK=$SSH_AUTH_SOCK' \
rsync -e '"ssh -o StrictHostKeyChecking=no "' -xahHSsP --delete-before --numeric-ids \
root@pieni.net:"$from" "$to" "$@"
ssh -i $HOME/.ssh/liw-openpgp.pub debian@"$addr" sudo chown -R "$owner" "$to"
}
ssh -i $HOME/.ssh/liw-openpgp.pub debian@"$addr" sudo install -d -o root -g root -m 0755 /srv/hrun
rsync_hrun_to_addr git:git /home/git/repos/. /home/git/repos/. --exclude gitano-admin.git
rsync_hrun_to_addr liw:liw /home/liw/wedding.docstory.fi/. /srv/http/wedding.docstory.fi/.
rsync_hrun_to_addr liw:liw /home/liw/www.docstory.fi/. /srv/http/www.docstory.fi/.
ssh -i $HOME/.ssh/liw-openpgp.pub debian@"$addr" sudo install -d -o liw -g liw -m 0755 /home/liw/bin
rsync_hrun_to_addr liw:liw /home/liw/bin/. /home/liw/bin/.
rsync_hrun_to_addr liw:liw /home/liw/files.liw.fi/. /srv/http/files.liw.fi/.
rsync_hrun_to_addr liw:liw /home/liw/code.liw.fi/. /srv/http/code.liw.fi/.
rsync_hrun_to_addr distix:distix /home/distix/bugs-liw-fi-html/. /srv/http/bugs.liw.fi/.
rsync_hrun_to_addr distix:distix /home/distix/distix-html/. /srv/http/distix.obnam.org/.
rsync_hrun_to_addr liw:liw /home/liw/liw.iki.fi/. /srv/http/liw.iki.fi/.
rsync_hrun_to_addr liw:liw /home/liw/noir.liw.fi/. /srv/http/noir.liw.fi/.
rsync_hrun_to_addr liw:liw /home/liw/.procmailrc /home/liw/.procmailrc
rsync_hrun_to_addr liw:liw /home/liw/procmailrc /home/liw/procmailrc
rsync_hrun_to_addr liw:liw /home/liw/.crontab /home/liw/.crontab
rsync_hrun_to_addr liw:liw /home/liw/.bogofilter /home/liw/.bogofilter
rsync_hrun_to_addr liw:liw /home/liw/.irssi /home/liw/.irssi
rsync_hrun_to_addr liw:liw /home/liw/whitelist /home/liw/whitelist
rsync_hrun_to_addr liw:liw /home/liw/killfile /home/liw/killfile
rsync_hrun_to_addr yakking:yakking /home/yakking/bin /home/yakking/bin
rsync_hrun_to_addr yakking:yakking /home/yakking/fracking /home/yakking/fracking
rsync_hrun_to_addr yakking:yakking /home/yakking/publish-yakking /home/yakking/publish-yakkina
rsync_hrun_to_addr yakking:yakking /home/yakking/yakking /home/yakking/yakking
rsync_hrun_to_addr yakking:yakking /home/yakking/.ssh/id_rsa /home/yakking/.ssh/id_rsa
rsync_hrun_to_addr yakking:yakking /home/yakking/.ssh/id_rsa.pub /home/yakking/.ssh/id_rsa.pub
rsync_hrun_to_addr yakking:yakking /home/yakking/.ssh/known_hosts /home/yakking/.ssh/known_hosts
ssh -i $HOME/.ssh/liw-openpgp.pub debian@"$addr" sudo install -d -o root -g root -m 0755 /srv/hrun/etc
rsync_hrun_to_addr root:root /etc /srv/hrun/etc
rm -rf /home/liw/tmp/gitano-admin
GIT_SSH_COMMAND='ssh -o IdentitiesOnly=yes -i /home/liw/.ssh/gitano-admin-key' \
git clone "ssh://git@$addr/gitano-admin" /home/liw/tmp/gitano-admin
(cd /home/liw/tmp/gitano-admin
cat <<'EOF' >> rules/project.lace
define repo_is_public config/public exact yes
allow "Everyone can read a public repo" op_read repo_is_public
define user_is_repo_reader group exact ${config/readers}
allow "Readers may read" op_read user_is_repo_reader
define user_is_repo_writer group exact ${config/writers}
allow "Writers may read and write" op_is_basic user_is_repo_writer
allow "Writers may update any branch" op_is_normal user_is_repo_writer
define user_is_repo_guest group exact ${config/guests}
define branch_is_for_user ref prefix refs/heads/${user}/
define tag_is_for_user ref prefix refs/tags/${user}/
allow "Guests may read and write" op_is_basic user_is_repo_guest
allow "Guests may update their own branches" op_is_normal user_is_repo_guest branch_is_for_user
allow "Guests may update their own tags" op_is_normal user_is_repo_guest tag_is_for_user
EOF
git commit -am foo
GIT_SSH_COMMAND='ssh -o IdentitiesOnly=yes -i /home/liw/.ssh/gitano-admin-key' \
git push -u origin HEAD
)
gitano()
{
ssh -o IdentitiesOnly=yes -i /home/liw/.ssh/gitano-admin-key \
"git@$addr" "$@"
}
for repo in obnam bumper
do
gitano create "$repo" || true
gitano config "$repo" set public yes || true
done
gitano user add liw liw@liw.fi Lars Wirzenius || true
gitano as liw sshkey add openpgp < /home/liw/.ssh/liw-openpgp.pub || true
|
