Sutty/haini.sh
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: Sutty:74fd633e66fd8070510c067f1a319630a80cd16b
Branches Tags
Sutty:antifascista
Sutty:container-ci
...
compare: Sutty:7fe80d7fb40e6271877e1d9131a4437e5aacdd0f
Branches Tags
Sutty:antifascista
Sutty:container-ci

47 commits
74fd633e66 ... 7fe80d7fb4

Author SHA1 Message Date
fauno 7fe80d7fb4 Merge branch 'issue-47' into 'antifascista' 
fix: no usar sysctl sin root #47

See merge request sutty/haini.sh!52
 2023-01-18 16:50:05 +00:00
f 02efc493aa fix: no usar sysctl sin root #47 2023-01-16 14:54:50 -03:00
f c23ce4b2cc fix: $HOME 2022-12-01 14:15:01 -03:00
f 01a1eca869 fix: expandir la ruta 2022-12-01 14:12:11 -03:00
f 4149df450a fix: detectar presencia de Xauthority 2022-12-01 14:10:05 -03:00
fauno ac4bd0a57a Merge branch 'issue-34' into 'antifascista' 
fix: leer stdin solo si es una terminal real #34

See merge request sutty/haini.sh!46
 2022-12-01 16:41:32 +00:00
fauno 1127d5ab61 Merge branch 'soportar-x' into 'antifascista' 
soportar X

See merge request sutty/haini.sh!42
 2022-12-01 16:40:50 +00:00
f def36cf183 fix: montar xauthority ro 2022-11-28 12:05:37 -03:00
f 79f72a80f0 fix: instalar npm 2022-11-16 16:47:22 -03:00
f 5729880a37 fix: no actualizar en cronjobs 2022-11-10 13:32:30 -03:00
f 306ec0efc0 fix: leer stdin solo si es una terminal real #34 2022-11-09 20:04:51 -03:00
Nulo 834d485b18 Merge branch 'issue-36' into 'antifascista' 
fix: comprobar actualizacion de hainish

See merge request sutty/haini.sh!45
 2022-10-30 14:30:01 +00:00
f 8698a22f0a fix: no mostrar la salida del ping 
relacionado con #28
 2022-10-29 18:25:22 -03:00
f 9bd12bc8fd fix: typo en la comprobación #36 2022-10-29 18:25:04 -03:00
f 6de964e649 soportar X 
por si estamos testeando en navegadores por ejemplo
 2022-08-27 22:40:00 -03:00
Nulo 6a465a1fa4 Merge branch 'unprivileged_userns_clone' into 'antifascista' 
no fallar si no existe  /proc/sys/kernel/unprivileged_userns_clone

See merge request sutty/haini.sh!37
 2022-03-30 17:47:20 +00:00
fauno ba1a7c75fe Merge branch 'optimizar-imagenes' into 'antifascista' 
instalar optimizadores de imagenes

See merge request sutty/haini.sh!40
 2022-03-30 17:46:34 +00:00
fauno 77e8f140f3 Merge branch 'auto-update' into 'antifascista' 
hacer autoactualización

See merge request sutty/haini.sh!39
 2022-03-17 16:14:53 +00:00
Cat /dev/Nulo 09e732bdc4 Notificar cuando se actualiza o falla 2022-03-17 15:25:49 +00:00
f 6010347b8c instalar optimizadores de imagenes 2022-03-15 13:55:35 -03:00
f 9095a54a97 hacer autoactualización 2022-03-15 13:52:10 -03:00
fauno 0229fa5fbc Merge branch 'localized-pack' into 'antifascista' 
que el js funcione en otros idiomas

See merge request sutty/haini.sh!38
 2022-02-16 18:37:10 +00:00
f 6b00075d63 que el js funcione en otros idiomas 2022-02-10 19:23:39 -03:00
f 2f7d16626b no fallar si no existe /proc/sys/kernel/unprivileged_userns_clone 2022-01-07 12:02:27 -03:00
fauno 69e0d7f9c4 Merge branch 'custom-nginx' into 'antifascista' 
nginx.conf: permitir configuración propia del sitio

Closes #27

See merge request sutty/haini.sh!35
 2021-11-25 22:57:16 +00:00
fauno 034924f69e Merge branch 'env-file' into 'antifascista' 
Aceptar un parametro ENV_FILE

Closes #11

See merge request sutty/haini.sh!33
 2021-11-25 22:56:40 +00:00
Cat /dev/Nulo c6287ab8ff nginx.conf: usar _nginx.conf de los sitios 2021-11-25 22:49:17 +00:00
fauno c4efdd0334 Merge branch 'certificados-tienda' into 'antifascista' 
domains.ext: generar certificados para la tienda

Closes #13

See merge request sutty/haini.sh!36
 2021-11-25 21:38:13 +00:00
Cat /dev/Nulo ec471e1d4e domains.ext: generar certificados para la tienda 2021-11-25 21:28:58 +00:00
Cat /dev/Nulo 8e1a834e47 nginx.conf: permitir configuración propia del sitio 2021-11-25 21:27:03 +00:00
Nulo 018a2a443e Merge branch 'pem' into 'antifascista' 
el .pem estaba de más

See merge request sutty/haini.sh!34
 2021-11-18 15:26:27 +00:00
f 6762ee5394 el .pem estaba de más 2021-11-18 12:19:44 -03:00
Cat /dev/Nulo b3c9e18fac Aceptar un parametro ENV_FILE 2021-10-28 15:29:56 -03:00
Nulo 4ea037359b Merge branch 'exit-0' into 'antifascista' 
devolver el status de salida de hainish

See merge request sutty/haini.sh!31
 2021-10-07 22:35:28 +00:00
f 5e52834eae devolver el status de salida de hainish 
como el último comando era ssh-agent, salíamos con el status incorrecto
 2021-10-05 21:05:23 -03:00
Nulo 25d1977b37 Merge branch 'ssh' into 'antifascista' 
Soportar las llaves SSH de le usuarie

See merge request sutty/haini.sh!24
 2021-09-28 18:29:46 +00:00
f b372a54e1f No hacía falta bindear el socket 2021-09-28 15:21:54 -03:00
f 5b3516d0f8 Eliminar la configuración 2021-09-28 15:16:28 -03:00
f 347b7eab2c No hace falta recomendar la instalación si no dejamos agents abiertos 2021-09-28 15:11:36 -03:00
f 62cb0883cc No fallar si no hay ssh-agent 2021-09-28 15:11:19 -03:00
f 74a4985ea2 Instalar archivos dentro de /home/suttier 2021-09-28 14:27:06 -03:00
f 19aac59bdc Avisar cuando no hay ssh-agent 2021-09-28 14:27:06 -03:00
f 1af786a9e1 No dejar ssh-agents flotando 2021-09-28 14:27:06 -03:00
f c1525d9e0f Utilizar SSH Agent 
Es necesario usar ssh-agent para poder hacer conexiones SSH dentro de
Hainish compartiendo las mismas llaves.  Si montáramos ~/.ssh, el
cliente SSH insiste en expandir ~ al home externo en lugar del interno y
no encontramos documentación al respecto.
 2021-09-28 14:27:06 -03:00
f d088b5115e Soportar las llaves SSH de le usuarie 2021-09-28 14:27:06 -03:00
fauno 84444bba04 Merge branch 'usuarix-real' into 'antifascista' 
Crear usuarix dentro de haini.sh

See merge request sutty/haini.sh!30
 2021-09-28 17:26:29 +00:00
Cat /dev/Nulo 50b3d04792 Crear usuarix dentro de haini.sh 
..en vez de mentir en $HOME.

/Sutty$ id
uid=1000(suttier) gid=1000(suttier) groups=65534(nobody),65534(nobody),65534(nobody),65534(nobody),65534(nobody),65534(nobody),65534(nobody),65534(nobody),65534(nobody),1000(suttier)

/Sutty$ ssh -vvv 0xacab.org
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/suttier/.ssh/known_hosts'
 2021-09-28 13:32:02 -03:00
5 changed files with 94 additions and 7 deletions
Show stats Expand all files Collapse all files

1
domains.ext
View file

@ -5,3 +5,4 @@ subjectAltName = @alt_names
[alt_names]
DNS.1 = sutty.local
DNS.2 = *.sutty.local
DNS.3 = *.tienda.sutty.local

87
haini.sh
View file

@ -8,6 +8,7 @@ uname -m | grep -q x86_64 || exit 1
DIR="$(dirname "$(realpath "$0")")"
ROOT="$(dirname "$DIR")"
SELF="$(basename "$0")"
SSH_ADHOC=false
# Sólo se puede correr desde el directorio de Sutty
if test "$ROOT" != "$(dirname "$PWD")" && test "$ROOT" != "$PWD"; then
@ -20,7 +21,7 @@ if ! test "$HAIN_ENV" && ! type bwrap >/dev/null 2>&1 ; then
exit 1
fi
if test "$(sysctl -n kernel.unprivileged_userns_clone)" -ne 1 ; then
if test -f /proc/sys/kernel/unprivileged_userns_clone && test "$(cat /proc/sys/kernel/unprivileged_userns_clone)" -ne 1 ; then
echo "Necesitamos configurar tu sistema, ingresa tu contraseña para correr el comando" >&2
echo "sudo sysctl -a kernel.unprivileged_userns_clone=1" >&2
sudo sysctl -a kernel.unprivileged_userns_clone=1
@ -40,26 +41,38 @@ ENTORNO=${ENTORNO:-${ROOT}/hain}
correr() {
echo "> $1" >&2
if test "$AS_ROOT"; then
SET_UID=0
SET_GID=0
else
SET_UID="$(id -u)"
SET_GID="$(id -g)"
fi
env -i \
DISPLAY="$DISPLAY" \
TERM="$TERM" \
USER="$USER" \
USER="suttier" \
HOME="/home/suttier" \
HAIN_ENV=true \
RAILS_ENV="${RAILS_ENV:-development}" \
JEKYLL_ENV="${JEKYLL_ENV:-development}" \
$(test -f "$ENV_FILE" && (grep -v '^#' "$ENV_FILE" | xargs -0) || true) \
EDITOR="nano" \
PAGER="less -niSFX" \
SSH_AUTH_SOCK="${SSH_AUTH_SOCK}" \
bwrap \
--die-with-parent \
--unshare-user-try \
--unshare-user \
--uid "$SET_UID" \
--gid "$SET_GID" \
--unshare-ipc \
--unshare-uts \
--unshare-cgroup-try \
--bind "$ENTORNO" / \
--bind "$ROOT" /Sutty \
$(test -f ~/.Xauthority && echo "--ro-bind $HOME/.Xauthority /home/suttier/.Xauthority") \
--ro-bind /etc/hosts /etc/hosts \
--ro-bind /etc/passwd /etc/passwd \
--ro-bind /etc/group /etc/group \
--ro-bind /etc/resolv.conf /etc/resolv.conf \
--ro-bind /etc/localtime /etc/localtime \
--dev-bind /dev /dev \
@ -106,7 +119,7 @@ generar_certificado() {
-keyout $domain_key -out $domain_csr \
-subj '/C=AR/ST=Ninguno/L=Interdimension/O=Sutty-Local/CN=sutty.local'"
correr "openssl x509 -req -sha256 -days 3650 \
-in $domain_csr -CA $ca_crt.pem -CAkey $ca_key \
-in $domain_csr -CA $ca_crt -CAkey $ca_key \
-CAcreateserial -extfile /Sutty/haini.sh/domains.ext -out $domain_crt"
rm "$ENTORNO$ca_crt.pem"
@ -169,6 +182,22 @@ crear_entorno() {
&& mv "$ENTORNO$HOME" "$ENTORNO/home/suttier"
mkdir -p "$ENTORNO/home/suttier"
if ! grep ^suttier: "$ENTORNO/etc/group" >/dev/null 2>&1 ; then
AS_ROOT=true correr "addgroup \
-g $(id -g) \
suttier"
fi
if ! correr "id suttier" >/dev/null 2>&1 ; then
AS_ROOT=true correr "adduser \
--disabled-password \
--gecos '' \
--home /home/suttier \
--no-create-home \
--uid $(id -u) \
--ingroup suttier \
suttier"
fi
# Configurar rubygems para que descargue las gemas desde Sutty
install -m 640 "$DIR/.gemrc" "$ENTORNO/home/suttier/.gemrc"
@ -180,10 +209,37 @@ crear_entorno() {
install -m 755 "$script" "$ENTORNO/usr/local/bin/${script##*/}"
done
# Configurar SSH
install -m 700 -d "$ENTORNO/home/suttier/.ssh"
install -m 644 "$DIR/ssh/known_hosts" "$ENTORNO/home/suttier/.ssh/known_hosts"
test -f "$ENTORNO/etc/ssl/certs/sutty.local.crt" || generar_certificado
test -f "$ENTORNO/usr/local/share/ca-certificates/ca-sutty.crt" || mv "$ENTORNO/etc/ssl/certs/ca-sutty.crt" "$ENTORNO/usr/local/share/ca-certificates/ca-sutty.crt"
}
# Auto-actualizar una vez por hora
actualizar() {
test ! "$TERM" = "dumb" || return
last_update="$(find "$DIR/.git/FETCH_HEAD" -mmin +60 | wc -l)"
if test ! $last_update -ne 0; then
return
fi
echo -n "Actualizando haini.sh... " >&2
if ping -q -c 1 0xacab.org >/dev/null 2>&1; then
git -C "$DIR" pull --ff-only
if test "$DIR/.git/FETCH_HEAD" -ot "$DIR/.git/ORIG_HEAD"; then
echo "haini.sh se actualizó, por favor volvé a ejecutar el comando" >&2
exit 0
fi
else
echo "no se pudo conectar 0xacab.org, intentando la próxima vez." >&2
fi
}
DEFAULT="sh"
case $1 in
@ -203,6 +259,23 @@ esac
if test "$HAIN_ENV"; then
${*:-$DEFAULT}
else
if test -z "${SSH_AUTH_SOCK}"; then
if ! type ssh-agent >/dev/null 2>&1 ; then
echo "Instala ssh-agent para poder trabajar con git remoto dentro de haini.sh" >&2
else
SSH_ADHOC=true
echo "Iniciando un ssh-agent temporal." >&2
eval "$(ssh-agent)"
ssh-add
fi
fi
actualizar
crear_entorno
stdin=/dev/stdin correr "${*:-$DEFAULT}"
stdin="$(test "$TERM" = "dumb" || echo "/dev/stdin")" correr "${*:-$DEFAULT}" ; salida=$?
${SSH_ADHOC} && ssh-agent -k
exit $salida
fi

6
nginx.conf
View file

@ -9,6 +9,10 @@ server {
add_header Cache-Control "no-store; max-age=0";
location ~ /../assets/js/pack.js {
rewrite ^ /assets/js/pack.js last;
}
location /assets/js/pack.js {
proxy_pass http://127.0.0.1:65001;
}
@ -23,3 +27,5 @@ server {
proxy_pass http://127.0.0.1:65001;
}
}
include /Sutty/*-jekyll-theme/_nginx.conf;

4
packages
View file

@ -4,6 +4,7 @@ ffmpeg
file
git
git-lfs
jpegoptim
less
libssh2
libxml2
@ -14,7 +15,10 @@ nano-syntax
ncurses-terminfo
nginx
nodejs
npm
openssh-client
openssl
oxipng
postgresql
postgresql-contrib
postgresql-libs

3
ssh/known_hosts Normal file
View file

@ -0,0 +1,3 @@
0xacab.org,198.252.153.239 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdh69MJNIA4hZNdplalK1BOD4QZEKn8msMwsEzA7nrr
athshe.sutty.nl,172.96.172.58 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIDqJl9IW6WXAxrtZXMzvMnIpTjIZB+Tp+dDUpSaOrqdjqdMVjHVQSFnVh0MLHbvdjKKtxaKDAuT3JXGrSp8wyA=
anarres.sutty.nl,54.39.161.205 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGw9aXovdiR44WzGfaitjlGiAO7I5OP/XgxFEc+t6HWeS0oqIVaEo17y7j29hLZbTRpN8vWoGSMa+UtquQZ6JG8=