foo

4 files changed, 45 insertions, 11 deletions

diff --git a/config-certbot.PKGBUILD b/config-certbot.PKGBUILD
index 77b6e56..5a9e128 100644
--- a/config-certbot.PKGBUILD
+++ b/config-certbot.PKGBUILD
@@ -24,6 +24,7 @@ cd "$pkgdir"
 # So, I've encapsulated this into the script
 # `/etc/ssl/misc/certbot-get`.  Edit `/etc/ssl/misc/certbot-get.d/` to
 # manipulate the list of domains, then run the script.
+install -d etc/ssl/misc/certbot-get.d
 add-file -m755 etc/ssl/misc/certbot-get <<<'#!/bin/bash
 {
 	set -eu
@@ -127,7 +128,6 @@ server {
 	listen [::]:80 default_server;
 	server_name _;
 
-
 	# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
 	location / { return 301 https://\$host\$request_uri; }
 
@@ -135,13 +135,12 @@ server {
 	location /.well-known/acme-challenge {
 		root /var/lib/letsencrypt;
 		default_type "text/plain";
-		#try_files \$uri =404;
 	}
 }
 
 # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
-ssl_certificate     /etc/letsencrypt/live/winston.parabola.nu/fullchain.pem;
-ssl_certificate_key /etc/letsencrypt/live/winston.parabola.nu/privkey.pem;
+ssl_certificate     /etc/ssl/private/myhostname/fullchain.pem;
+ssl_certificate_key /etc/ssl/private/myhostname/privkey.pem;
 ssl_session_timeout 1d;
 ssl_session_cache shared:SSL:50m;
 ssl_session_tickets off;
diff --git a/config-etckeeper.PKGBUILD b/config-etckeeper.PKGBUILD
index 75f0af1..88aa419 100644
--- a/config-etckeeper.PKGBUILD
+++ b/config-etckeeper.PKGBUILD
@@ -1,5 +1,5 @@
 . ${BUILDFILE%/*}/common.sh
-pkgver=20160713.8
+pkgver=20160713.11
 
 depends=(etckeeper pristine-etc-keeper)
 
@@ -32,6 +32,37 @@ add-file -m755 etc/etckeeper/commit.d/40git-ignore <<EOF
 git ls-files --ignored --exclude-standard -z|xargs -0r git rm --cached --
 EOF
 
+# etckeepr has been configured to run the pre-commit hook at exta
+# times, to work around a bug[0].
+#
+# [0]: https://etckeeper.branchable.com/todo/metadata_changes_don__39__t_cause_a_new_commit/
+add-file -m755 etc/etckeeper/unclean.d/20pre-commit <<EOF
+#!/bin/sh
+# pre-commit hook for etckeeper, to store metadata and do sanity checks
+set -e
+etckeeper pre-commit -d /etc
+EOF
+add-file -m755 etc/etckeeper/commit.d/20pre-commit <<EOF
+#!/bin/sh
+# pre-commit hook for etckeeper, to store metadata and do sanity checks
+set -e
+etckeeper pre-commit -d /etc
+EOF
+
+# It as also been configured to maintain a list of installed packages
+# as `/etc/.installed-packages.txt`.
+add-file -m755 etc/etckeeper/pre-commit.d/25list-installed <<EOF
+#!/bin/sh
+
+etckeeper list-installed > .installed-packages.txt
+
+# stage the file as part of the current commit
+if [ "\$VCS" = git ]; then
+	# this will do nothing if the file is unchanged.
+	git add .installed-packages.txt
+fi
+EOF
+
 # The etckeeper update-ignore hook is customized to ignore a couple
 # more files in `/etc` (and avoid ignoring `/etc/mtab`).  We ignore
 # `resolv.conf` because it is managed by [resolvconf][openresolv].
diff --git a/config-proton-base.PKGBUILD b/config-proton-base.PKGBUILD
index 373055d..bd19e2f 100644
--- a/config-proton-base.PKGBUILD
+++ b/config-proton-base.PKGBUILD
@@ -26,8 +26,10 @@ add-unit etc/systemd/system/getty.target.wants/getty@tty1.service
 add-unit etc/systemd/system/multi-user.target.wants/haveged.service
 
 ln -s ../usr/lib/os-release etc/os-release
-install -d ssl/certs
-ln -s ../../ca-certificates/extracted/tls-ca-bundle.pem ssl/certs/ca-certificates.crt
+install -d etc/ssl/certs
+ln -s ../../ca-certificates/extracted/tls-ca-bundle.pem etc/ssl/certs/ca-certificates.crt
+install -d etc/ssl/private
+ln -s ../../letsencrypt/live/$(cat etc/hostname) etc/ssl/private/myhostname
 
 # ## timedate
 
@@ -38,7 +40,7 @@ add-unit etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service
 
 # ## networking
 
-install -Dm644 /dev/stdin etc/netctl/ethernet-static <<EOF
+add-file etc/netctl/ethernet-static <<EOF
 Description='Basic static ethernet connection'
 Interface=ens18
 Connection=ethernet
diff --git a/config-winston-base.PKGBUILD b/config-winston-base.PKGBUILD
index 00b41ae..f44f216 100644
--- a/config-winston-base.PKGBUILD
+++ b/config-winston-base.PKGBUILD
@@ -33,8 +33,10 @@ add-unit etc/systemd/system/multi-user.target.wants/haveged.service
 add-unit etc/systemd/system/multi-user.target.wants/irqbalance.service
 
 ln -s ../usr/lib/os-release etc/os-release
-install -d ssl/certs
-ln -s ../../ca-certificates/extracted/tls-ca-bundle.pem ssl/certs/ca-certificates.crt
+install -d etc/ssl/certs
+ln -s ../../ca-certificates/extracted/tls-ca-bundle.pem etc/ssl/certs/ca-certificates.crt
+install -d etc/ssl/private
+ln -s ../../letsencrypt/live/$(cat etc/hostname) etc/ssl/private/myhostname
 
 # ## timedate
 
@@ -56,7 +58,7 @@ ln -s /dev/null etc/udev/rules.d/80-net-setup-link.rules
 
 # The netctl profile eth0-static just has the network information from
 # the 1984 VPS control panel.
-install -Dm644 /dev/stdin etc/netctl/eth0-static <<EOF
+add-file etc/netctl/eth0-static <<EOF
 Description='A basic static ethernet connection'
 Interface=eth0
 Connection=ethernet