[distorted-backup] / bkpacct

#! /bin/sh

set -e

quis=${0##*/}

usage="usage: $quis [-nqv] HOST ..."

verbose=nil
noact=nil
while getopts "hnvq" opt; do
  case "$opt" in
    h) echo "$usage"; exit ;;
    n) noact=t verbose=t ;;
    v) verbose=t ;;
    q) verbose=nil ;;
    *) echo >&2 "$usage"; exit 1 ;;
  esac
done
shift $(( $OPTIND - 1 ))

case $# in 0) echo "$usage"; exit 1 ;; esac

defrun='
run () {
  case $verbose in t) echo >&2 "- $*" ;; esac
  case $noact in nil) "$@" ;; esac
}'
eval "$defrun"

if getent group backup >/dev/null; then
  echo >&2 "$quis: group \`backup' already exists"
else
  run addgroup --gid 200 backup
fi

for host in "$@"; do

  if getent passwd bkp-$host >/dev/null; then
    echo >&2 "$quis: backup user \`bkp-$host' already exists"
  else
    uid=201
    while { getent passwd $uid || getent group $uid; } >/dev/null; do
      uid=$(( $uid + 1 ))
    done
    run addgroup --system --gid $uid bkp-$host
    run adduser --system --uid $uid --gid $uid \
      --home /var/lib/bkp/$host \
      --shell /bin/bash \
      --gecos "Backup user for host $host" \
      --disabled-password \
      bkp-$host
  fi

  getent group backup | {
    IFS=: read name passwd gid members
    case ",$members," in
      ",bkp-$host,")
	echo >&2 "$quis: user \`bkp-$host' already in group \`backup'"
	;;
      *)
	run adduser bkp-$host backup
	;;
    esac
  }

  settings="verbose=$verbose noact=$noact"
  run mkdir -p -m755 /var/lib/bkp/$host/.ssh
  ssh root@$host "$settings; $defrun" '
	cd $HOME
	mkdir -p -m755 .ssh
	cd .ssh
	if [ ! -f id_rsa.pub ]; then
	  genp=t
	else
	  genp=$(
	    ssh-keygen -l -fid_rsa.pub | {
	      read bits fpr fname type
	      case "$bits,$type" in
		*[!0-9]*,*)
		  echo t
		  ;;
		*,"(RSA)")
		  if [ $bits -ge 3072 ]; then echo nil; else echo t; fi
		  ;;
		*)
		  echo t
		  ;;
	      esac
	    }
	  )
	fi

	case $genp in
	  t)
	    run ssh-keygen -trsa -fid_rsa -b3072 -N ""
	    ;;
	esac
  '
  run scp root@$host:.ssh/id_rsa.pub /var/lib/bkp/$host/.ssh/authorized_keys

done
Commit	Line	Data
99248ed2 MW	1	#! /bin/sh
	2
	3	set -e
	4
	5	quis=${0##*/}
	6
	7	usage="usage: $quis [-nqv] HOST ..."
	8
	9	verbose=nil
	10	noact=nil
	11	while getopts "hnvq" opt; do
	12	case "$opt" in
	13	h) echo "$usage"; exit ;;
	14	n) noact=t verbose=t ;;
	15	v) verbose=t ;;
	16	q) verbose=nil ;;
	17	*) echo >&2 "$usage"; exit 1 ;;
	18	esac
	19	done
	20	shift $(( $OPTIND - 1 ))
	21
	22	case $# in 0) echo "$usage"; exit 1 ;; esac
	23
	24	defrun='
	25	run () {
	26	case $verbose in t) echo >&2 "- $*" ;; esac
	27	case $noact in nil) "$@" ;; esac
	28	}'
	29	eval "$defrun"
	30
	31	if getent group backup >/dev/null; then
	32	echo >&2 "$quis: group \`backup' already exists"
	33	else
	34	run addgroup --gid 200 backup
	35	fi
	36
	37	for host in "$@"; do
	38
	39	if getent passwd bkp-$host >/dev/null; then
	40	echo >&2 "$quis: backup user \`bkp-$host' already exists"
	41	else
	42	uid=201
	43	while { getent passwd $uid \|\| getent group $uid; } >/dev/null; do
	44	uid=$(( $uid + 1 ))
	45	done
	46	run addgroup --system --gid $uid bkp-$host
	47	run adduser --system --uid $uid --gid $uid \
	48	--home /var/lib/bkp/$host \
	49	--shell /bin/bash \
	50	--gecos "Backup user for host $host" \
	51	--disabled-password \
	52	bkp-$host
	53	fi
	54
	55	getent group backup \| {
	56	IFS=: read name passwd gid members
	57	case ",$members," in
	58	",bkp-$host,")
	59	echo >&2 "$quis: user \`bkp-$host' already in group \`backup'"
	60	;;
	61	*)
	62	run adduser bkp-$host backup
	63	;;
	64	esac
65	}
66
67	settings="verbose=$verbose noact=$noact"
68	run mkdir -p -m755 /var/lib/bkp/$host/.ssh
69	ssh root@$host "$settings; $defrun" '
70	cd $HOME
71	mkdir -p -m755 .ssh
72	cd .ssh
73	if [ ! -f id_rsa.pub ]; then
74	genp=t
75	else
76	genp=$(
77	ssh-keygen -l -fid_rsa.pub \| {
78	read bits fpr fname type
79	case "$bits,$type" in
80	[!0-9],*)
81	echo t
82	;;
83	*,"(RSA)")
84	if [ $bits -ge 3072 ]; then echo nil; else echo t; fi
85	;;
86	*)
87	echo t
88	;;
89	esac
90	}
91	)
92	fi
93
94	case $genp in
95	t)
96	run ssh-keygen -trsa -fid_rsa -b3072 -N ""
97	;;
98	esac
99	'
100	run scp root@$host:.ssh/id_rsa.pub /var/lib/bkp/$host/.ssh/authorized_keys
101
102	done