deprec 2.1.8 → 2.1.10

data/CHANGELOG

@@ -1,5 +1,19 @@
 # deprec changelog
 
+= 2.1.10 (Sep  4, 2010)
+
+* Get all user input at start (deprec:users:add)
+
+= 2.1.9 (Sep  4, 2010)
+
+* Added syslog-ng
+* Added stunnel
+* Added external config options for deprec:users:add
+* Added config variables to sshd_config template
+* Added recipe to push out file with bash options I want everywhere
+* deprec:users:add looks harder for your public ssh keys
+* current_user now contains the output from `whois`
+
 = 2.1.8 (Aug 26, 2010)
  		
 * nagios-3.2.1

data/lib/deprec/recipes/bash.rb

@@ -0,0 +1,28 @@
+# Copyright 2006-2008 by Mike Bailey. All rights reserved.
+Capistrano::Configuration.instance(:must_exist).load do 
+  namespace :deprec do
+    namespace :bash do
+
+      SYSTEM_CONFIG_FILES[:bash] = [
+        
+        {:template => "bash_global",
+         :path => '.bash_global',
+         :mode => 0644,
+         :owner => 'root:root'}
+      ]
+      
+      task :config_gen do        
+        SYSTEM_CONFIG_FILES[:bash].each do |file|
+          deprec2.render_template(:bash, file)
+        end
+      end
+      
+      desc "Push bash config files to server"
+      task :config do
+        deprec2.push_configs(:bash, SYSTEM_CONFIG_FILES[:bash].collect{|file| file.merge(:owner => user)})
+        deprec2.append_to_file_if_missing('.bashrc', '. ~/.bash_global')
+      end
+
+    end
+  end
+end

data/lib/deprec/recipes/deprec.rb

@@ -105,6 +105,10 @@ Capistrano::Configuration.instance(:must_exist).load do
   # XXX for some reason this is causing "before deprec:rails:install" to be executed twice
   on :load, 'deprec:connect_canonical_tasks' 
 
+  # It can be useful to know the user running this command
+  # even when USER is set to someone else. Sorry windows!
+  set :current_user, `whoami`.chomp
+
   namespace :deprec do
     
     task :connect_canonical_tasks do      

data/lib/deprec/recipes/network.rb

@@ -94,9 +94,10 @@ Capistrano::Configuration.instance(:must_exist).load do
         desc "Generate and push #{details[:path]}"
         task file.to_sym do
           deprec2.render_template(:network, details)
+          run "#{sudo} hostname #{network_hostname}" if file == :hostname
         end
       end
-      
+
       # XXX need to set the order for these as it breaks sudo currently
       desc "Update system networking configuration"
       task :config do

data/lib/deprec/recipes/ssh.rb

@@ -2,6 +2,10 @@
 Capistrano::Configuration.instance(:must_exist).load do 
   namespace :deprec do
     namespace :ssh do
+
+      set :ssh_permit_root_login, 'no'
+      set :ssh_use_pam, 'no'
+      set :ssh_use_dns, 'no'
       
       SYSTEM_CONFIG_FILES[:ssh] = [
         
@@ -55,32 +59,23 @@ Capistrano::Configuration.instance(:must_exist).load do
       
       desc "Sets up authorized_keys file on remote server"
       task :setup_keys do
-        
         default(:target_user) { 
           Capistrano::CLI.ui.ask "Setup keys for which user?" do |q|
-            q.default = user
+            q.default = current_user
           end
         }
         
         # If we have an authorized keys file for this user
         # then copy that out
         if File.exists?("config/ssh/authorized_keys/#{target_user}") 
-          deprec2.mkdir "/home/#{target_user}/.ssh", :mode => 0700, :owner => "#{target_user}.users", :via => :sudo
-          std.su_put File.read("config/ssh/authorized_keys/#{target_user}"), "/home/#{target_user}/.ssh/authorized_keys", '/tmp/', :mode => 0600
-          sudo "chown #{target_user}.users /home/#{target_user}/.ssh/authorized_keys"
-        
-        elsif target_user == user
-          
+          keys = File.read("config/ssh/authorized_keys/#{target_user}")
+        elsif target_user == current_user
           # If the user has specified a key Capistrano should use
           if ssh_options[:keys]
-            deprec2.mkdir '.ssh', :mode => 0700
-            put(ssh_options[:keys].collect{|key| File.read("#{key}.pub")}.join("\n"), '.ssh/authorized_keys', :mode => 0600 )
-          
+            keys = ssh_options[:keys].collect{|key| File.read("#{key}.pub")}.join("\n")
           # Try to find the current users public key
-          elsif keys = %w[id_rsa id_dsa identity].collect { |f| "#{ENV['HOME']}/.ssh/#{f}.pub" if File.exists?("#{ENV['HOME']}/.ssh/#{f}.pub") }.compact
-            deprec2.mkdir '.ssh', :mode => 0700
-            put(keys.collect{|key| File.read(key)}.join("\n"), '.ssh/authorized_keys', :mode => 0600 )
-            
+          elsif key_files = %w[id_rsa id_dsa identity].collect { |f| "#{ENV['HOME']}/.ssh/#{f}.pub" if File.exists?("#{ENV['HOME']}/.ssh/#{f}.pub") }.compact
+            keys = key_files.collect{|key| File.read(key)}.join("\n")
           else
             puts <<-ERROR
 
@@ -95,17 +90,22 @@ Capistrano::Configuration.instance(:must_exist).load do
         else
           puts <<-ERROR
           
-          Could not find ssh public key(s) for user #{user}
-          
+          Could not find ssh public key(s) for user #{target_user}
+         
           Please create file containing ssh public keys in:
           
-            config/ssh/authorized_keys/#{target_user}
+          config/ssh/authorized_keys/#{target_user}
             
           ERROR
+          exit
         end
         
+        # copy keys to remote server
+        deprec2.mkdir "/home/#{target_user}/.ssh", :mode => 0700, :owner => "#{target_user}.users", :via => :sudo
+        std.su_put keys, "/home/#{target_user}/.ssh/authorized_keys", '/tmp/', :mode => 0600
+        sudo "chown #{target_user}.users /home/#{target_user}/.ssh/authorized_keys"
       end
-      
+
     end
   end
-end
+end

data/lib/deprec/recipes/stunnel.rb

@@ -0,0 +1,50 @@
+# Copyright 2006-2010 by Mike Bailey. All rights reserved.
+Capistrano::Configuration.instance(:must_exist).load do 
+  namespace :deprec do
+    namespace :stunnel do
+            
+      desc "Install stunnel"
+      task :install do
+        install_deps
+        config
+      end
+      
+      task :install_deps do
+        apt.install( {:base => %w(stunnel ssl-cert)}, :stable )
+      end
+
+      SYSTEM_CONFIG_FILES[:stunnel] = [
+        
+        {:template => 'stunnel.conf-client',
+        :path => '/etc/stunnel/stunnel.conf',
+        :mode => 0644,
+        :owner => 'root:root'},
+
+        {:template => 'stunnel4',
+        :path => '/etc/defaults/stunnel4',
+        :mode => 0644,
+        :owner => 'root:root'}
+        
+      ]
+
+      task :config_gen do
+        SYSTEM_CONFIG_FILES[:stunnel].each do |file|
+          deprec2.render_template(:stunnel, file)
+        end
+      end
+
+      desc "Push stunnel config files to server"
+      task :config do
+        deprec2.push_configs(:stunnel, SYSTEM_CONFIG_FILES[:stunnel])
+        restart
+      end
+
+      desc "Restart stunnel"
+      task :restart do
+        run "#{sudo} /etc/init.d/stunnel4 reload"
+      end
+
+    end
+    
+  end
+end

data/lib/deprec/recipes/syslog_ng.rb

@@ -0,0 +1,53 @@
+# Copyright 2006-2010 by Mike Bailey. All rights reserved.
+Capistrano::Configuration.instance(:must_exist).load do 
+  namespace :deprec do
+    namespace :syslog_ng do
+
+      set(:syslog_ng_loghost_name) { 
+        Capistrano::CLI.ui.ask "Loghost address" do |q|
+          q.default = ''
+        end
+      }
+      set :syslog_ng_loghost_port, 514
+            
+      desc "Install syslog-ng"
+      task :install do
+        syslog_ng_loghost_name
+        install_deps
+        config
+      end
+      
+      task :install_deps do
+        apt.install( {:base => %w(syslog-ng)}, :stable )
+      end
+
+      SYSTEM_CONFIG_FILES[:syslog_ng] = [
+        
+        {:template => 'syslog-ng.conf-client',
+        :path => '/etc/syslog-ng/syslog-ng.conf',
+        :mode => 0644,
+        :owner => 'root:root'}
+        
+      ]
+
+      task :config_gen do
+        SYSTEM_CONFIG_FILES[:syslog_ng].each do |file|
+          deprec2.render_template(:syslog_ng, file)
+        end
+      end
+
+      desc "Push ssh config files to server"
+      task :config do
+        deprec2.push_configs(:syslog_ng, SYSTEM_CONFIG_FILES[:syslog_ng])
+        restart
+      end
+
+      desc "Restart syslog-ng"
+      task :restart do
+        run "#{sudo} /etc/init.d/syslog-ng restart"
+      end
+
+    end
+    
+  end
+end

data/lib/deprec/recipes/users.rb

@@ -2,89 +2,60 @@
 Capistrano::Configuration.instance(:must_exist).load do 
   namespace :deprec do
     namespace :users do
-      
-      # desc "Create user account"
-      # task :add do
-      #   target_user = Capistrano::CLI.ui.ask "Enter userid for new user" do |q|
-      #     q.default = user
-      #   end
-      #   deprec2.useradd(target_user, :shell => '/bin/bash')
-      #   puts "Setting password for new account"
-      #   deprec2.invoke_with_input("passwd #{target_user}", /UNIX password/)
-      # end
+
+      set(:users_target_user) { Capistrano::CLI.ui.ask "Enter userid for new user" do |q| q.default = current_user; end }
+      set(:users_target_group) { Capistrano::CLI.ui.ask "Enter group name for new user" do |q| q.default = 'deploy'; end }
+      set(:users_make_admin) { Capistrano::CLI.ui.ask "Should this be an admin account?" do |q| q.default = 'no'; end }
       
       desc "Create account"
       task :add do
-        target_user = Capistrano::CLI.ui.ask "Enter userid for new user" do |q|
-          q.default = user
-        end 
-        make_admin = Capistrano::CLI.ui.ask "Should this be an admin account?" do |q|
-          q.default = 'no'
-        end
-        copy_keys = false
-        if File.readable?("config/ssh/authorized_keys/#{target_user}")
-          copy_keys = Capistrano::CLI.ui.ask "I've found an authorized_keys file for #{target_user}. Should I copy it out?" do |q|
-            q.default = 'yes'
-          end
-        end
+        [users_target_user, users_target_group, users_make_admin] # get input
         
-        new_password = Capistrano::CLI.ui.ask("Enter new password for #{target_user}") { |q| q.echo = false }
+        while true do
+          new_password = Capistrano::CLI.ui.ask("Enter new password for #{users_target_user}") { |q| q.echo = false }
+          password_conf = Capistrano::CLI.ui.ask("Re-enter new password for #{users_target_user}") { |q| q.echo = false }
+          if new_password != password_conf
+            puts "Fail. Passwords do not match.\n\n"
+          elsif new_password.chomp == ""
+            puts "Fail. Passwords cannot be empty.\n\n"
+          else
+            break
+          end
+        end 
         
-        deprec2.useradd(target_user, :shell => '/bin/bash')
+        deprec2.useradd(users_target_user, :shell => '/bin/bash')
 
-        deprec2.invoke_with_input("passwd #{target_user}", /UNIX password/, new_password)
+        deprec2.invoke_with_input("passwd #{users_target_user}", /UNIX password/, new_password)
         
-        if make_admin.match(/y/i)
+        if users_make_admin.match(/y/i)
           deprec2.groupadd('admin')
-          deprec2.add_user_to_group(target_user, 'admin')
+          deprec2.add_user_to_group(users_target_user, 'admin')
           deprec2.append_to_file_if_missing('/etc/sudoers', '%admin ALL=(ALL) ALL')
         end
         
-        if copy_keys && copy_keys.grep(/y/i)
-          set :target_user, target_user
-          top.deprec.ssh.setup_keys
-        end
+        set :target_user, users_target_user
+        top.deprec.ssh.setup_keys
         
       end
-      
-      desc "Create account"
-      task :add_admin do
-        puts 'deprecated! use deprec:users:add'
-        add
-      end
   
       desc "Change user password"
       task :passwd do
-        target_user = Capistrano::CLI.ui.ask "Enter user to change password for" do |q|
-          q.default = user if user.is_a?(String)
-        end
-        new_password = Capistrano::CLI.ui.ask("Enter new password for #{target_user}") { |q| q.echo = false }
+        new_password = Capistrano::CLI.ui.ask("Enter new password for #{users_target_user}") { |q| q.echo = false }
   
-        deprec2.invoke_with_input("passwd #{target_user}", /UNIX password/, new_password) 
+        deprec2.invoke_with_input("passwd #{users_target_user}", /UNIX password/, new_password) 
       end
       
       desc "Add user to group"
       task :add_user_to_group do
-        target_user = Capistrano::CLI.ui.ask "Which user?" do |q|
-          q.default = user if user.is_a?(String)
-        end
-        target_group = Capistrano::CLI.ui.ask "Add to which group?" do |q|
-          q.default = 'deploy'
-        end
-        deprec2.add_user_to_group(target_user, target_group)
+        deprec2.add_user_to_group(users_target_user, users_target_group)
       end
 
-      # desc "Create group"
-      # task :add_group do
-      #   target_group = Capistrano::CLI.ui.ask "Enter name for new group" 
-      #   deprec2.groupadd(target_group)
-      # end
-      # 
-      # desc "Add user to group"
-      # task :add_user_to_group do
-      #   # XXX not yet implemented
-      # end
+      desc "Create account"
+      task :add_admin do
+        puts 'deprecated! use deprec:users:add'
+        add
+      end
 
     end
   end
-end
+end

data/lib/deprec/recipes_minus_rails.rb

@@ -19,6 +19,7 @@ require "#{File.dirname(__FILE__)}/recipes/ruby/ree"
 require "#{File.dirname(__FILE__)}/recipes/web/apache"
 require "#{File.dirname(__FILE__)}/recipes/web/nginx"
 
+require "#{File.dirname(__FILE__)}/recipes/bash"
 require "#{File.dirname(__FILE__)}/recipes/git"
 # require "#{File.dirname(__FILE__)}/recipes/gitosis"
 require "#{File.dirname(__FILE__)}/recipes/svn"
@@ -46,6 +47,8 @@ require "#{File.dirname(__FILE__)}/recipes/network"
 require "#{File.dirname(__FILE__)}/recipes/nagios"
 require "#{File.dirname(__FILE__)}/recipes/collectd"
 require "#{File.dirname(__FILE__)}/recipes/syslog"
+require "#{File.dirname(__FILE__)}/recipes/syslog_ng"
+require "#{File.dirname(__FILE__)}/recipes/stunnel"
 require "#{File.dirname(__FILE__)}/recipes/heartbeat"
 require "#{File.dirname(__FILE__)}/recipes/haproxy"
 

data/lib/deprec/templates/bash/bash_global

@@ -0,0 +1,36 @@
+###########
+# Functions
+###########
+# Delete an entry from ~/.ssh/known_hosts
+# Usage: sshdel <line_number>
+function sshdel { perl -i -n -e "print unless (\$. == $1)" ~/.ssh/known_hosts; }
+
+#########
+# Aliases
+#########
+
+# Show disk usage in current directory
+alias dus='du -sm * | sort -n'
+
+# ls
+alias ll='ls -alF'
+alias la='ls -A'
+alias l='ls -CF'
+
+# Git aliases for bash
+alias gst='git status'
+alias gl='git pull'
+alias gp='git push'
+alias gd='git diff | mate'
+alias gc='git commit -v'
+alias gca='git commit -v -a'
+alias gb='git branch'
+alias gba='git branch -a'
+alias rr='xargs ps -p < '
+alias gcp='git cherry-pick'
+
+# Time http request
+alias tc='time curl -s -o /dev/null'
+
+# Load rubygems
+alias irb='irb -rubygems'

data/lib/deprec/templates/ssh/sshd_config.erb

@@ -23,7 +23,7 @@ LogLevel INFO
 
 # Authentication:
 LoginGraceTime 120
-PermitRootLogin no
+PermitRootLogin <%= ssh_permit_root_login %>
 StrictModes yes
 
 RSAAuthentication yes
@@ -74,5 +74,5 @@ AcceptEnv LANG LC_*
 
 Subsystem sftp /usr/lib/openssh/sftp-server
 
-UsePAM no
-UseDNS no
+UsePAM <%= ssh_use_pam %>
+UseDNS <%= ssh_use_dns %>