summaryrefslogtreecommitdiffstats
path: root/retiolum/scripts
diff options
context:
space:
mode:
Diffstat (limited to 'retiolum/scripts')
-rw-r--r--retiolum/scripts/github_hosts_sync/README26
-rwxr-xr-xretiolum/scripts/github_hosts_sync/hosts-sync64
-rw-r--r--retiolum/scripts/github_hosts_sync/systemd/hosts-sync.conf1
-rw-r--r--retiolum/scripts/github_hosts_sync/systemd/hosts-sync.service14
4 files changed, 105 insertions, 0 deletions
diff --git a/retiolum/scripts/github_hosts_sync/README b/retiolum/scripts/github_hosts_sync/README
new file mode 100644
index 00000000..12aa8dfe
--- /dev/null
+++ b/retiolum/scripts/github_hosts_sync/README
@@ -0,0 +1,26 @@
+#? /bin/sh
+
+useradd -m hosts-sync
+cp systemd/hosts-sync.service /etc/systemd/system/
+cp systemd/hosts-sync.conf /etc/conf.d/
+
+sudo -u hosts-sync -i ssh-keygen
+add /home/hosts-sync/.ssh/id_rsa.pub as github/krebscode/hosts deploy key
+sudo -u hosts-sync -i git clone git@github.com:krebscode/hosts.git ~hosts-sync/hosts # to accept the remote key (and have an initial copy)
+
+sudo -u hosts-sync -i git config --global user.email hosts-sync@ire.retiolum
+sudo -u hosts-sync -i git config --global user.name hosts-sync
+sudo -u hosts-sync -i git config --global push.default simple
+
+systemctl start hosts-sync
+systemctl enable hosts-sync
+
+TODO firewall setup
+
+#? /bin/sh (update service)
+git pull
+cp retiolum/scripts/github_hosts_sync/systemd/hosts-sync.service /etc/systemd/system/
+systemctl daemon-reload
+systemctl restart hosts-sync
+
+
diff --git a/retiolum/scripts/github_hosts_sync/hosts-sync b/retiolum/scripts/github_hosts_sync/hosts-sync
new file mode 100755
index 00000000..53c96efd
--- /dev/null
+++ b/retiolum/scripts/github_hosts_sync/hosts-sync
@@ -0,0 +1,64 @@
+#! /bin/sh
+# TODO do_work should retry until success
+set -euf
+
+port=${port-1028}
+local_painload=$HOME/painload
+remote_painload="https://github.com/krebscode/painload"
+local_hosts=$HOME/hosts
+remote_hosts="git@github.com:krebscode/hosts.git"
+
+main() {
+ ensure_local_painload
+ ensure_local_hosts
+ is_worker && do_work || become_server
+}
+
+ensure_local_painload() {
+ test -d "$local_painload" || git clone "$remote_painload" "$local_painload"
+}
+
+ensure_local_hosts() {
+ test -d "$local_hosts" || git clone "$remote_hosts" "$local_hosts"
+}
+
+become_server() {
+ exec socat "TCP-LISTEN:$port,reuseaddr,fork" "EXEC:$0"
+}
+
+is_worker() {
+ test "${SOCAT_SOCKPORT-}" = "$port"
+}
+
+do_work() {
+ # read request
+ req_line="$(read line && echo "$line")"
+ req_hdrs="$(sed -n '/^\r$/q;p')"
+
+ set -x
+
+ cd "$local_hosts"
+ git pull >&2
+
+ cd "$local_hosts"
+ find . -name .git -prune -o -type f -exec git rm \{\} \; >/dev/null
+
+ cd "$local_painload"
+ git pull >&2
+
+ find "$local_painload/retiolum/hosts" -type f -exec cp \{\} "$local_hosts" \;
+
+ cd "$local_hosts"
+ find . -name .git -prune -o -type f -exec git add \{\} \; >&2
+ if git status --porcelain | grep -q .; then
+ git commit -m bump >&2
+ git push >&2
+ fi
+
+ echo "HTTP/1.1 200 OK"
+ echo
+ echo "https://github.com/krebscode/hosts/archive/master.tar.gz"
+ echo "https://github.com/krebscode/hosts/archive/master.zip"
+}
+
+main "$@"
diff --git a/retiolum/scripts/github_hosts_sync/systemd/hosts-sync.conf b/retiolum/scripts/github_hosts_sync/systemd/hosts-sync.conf
new file mode 100644
index 00000000..606f17b4
--- /dev/null
+++ b/retiolum/scripts/github_hosts_sync/systemd/hosts-sync.conf
@@ -0,0 +1 @@
+port=1028
diff --git a/retiolum/scripts/github_hosts_sync/systemd/hosts-sync.service b/retiolum/scripts/github_hosts_sync/systemd/hosts-sync.service
new file mode 100644
index 00000000..5fb9ed41
--- /dev/null
+++ b/retiolum/scripts/github_hosts_sync/systemd/hosts-sync.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=retiolum github hosts sync
+After=network.target
+
+[Service]
+EnvironmentFile=/etc/conf.d/hosts-sync.conf
+ExecStart=/krebs/retiolum/scripts/github_hosts_sync/hosts-sync
+KillMode=process
+User=hosts-sync
+Group=hosts-sync
+
+[Install]
+WantedBy=multi-user.target
+