Headers & Usage

.gitignore

@@ -6,4 +6,5 @@ nodeslist
 pkg/
 src/
 venv/
+wiki/
 **/__pycache__

Makefile

@@ -1,25 +1,21 @@
 SHELL := /bin/bash
 BACKUPDIR := /usr/local/backup
+LIST := aether.bash aether-gen.bash remote-backup
+SYSDLIST := aether-gen.service aether-gen.timer aether.service aether.timer
 
 compile:
 	@echo Nothing to do	
 
-install: compile
+install: compile ${LIST} ${SYSDLIST}
+	# Scripts
 	mkdir -p ${pkgdir}/usr/local/sbin
-	mkdir -p ${pkgdir}/usr/local/etc
+	for i in ${LIST}; do install -m 700 -o root -g root ${pkgdir}/usr/local/sbin; done
-	install -m 0700 -o aether aether.bash ${pkgdir}/usr/local/sbin
+	# systemd
-	install -m 0700 -o root -g root aether-gen.bash ${pkgdir}/usr/local/sbin
-	install -m 0700 -o root -g root remote-backup ${pkgdir}/usr/local/sbin
-	install -m 0700 -o aether -d ${pkgdir}/usr/local/etc/Aether
-	install -m 0700 -o aether -d ${pkgdir}/usr/local/etc/Aether/backup-entries
 	mkdir -p ${pkgdir}/usr/lib/systemd/system
-	for i in *.service *.timer; do install -m 0640 -o root -g root "$$i" ${pkgdir}/usr/lib/systemd/system; done
+	for i in ${SYSDLIST}; do install -m 0664 -o root -g root ${pkgdir}/usr/lib/systemd/system; done
-
+	# Config
-checkperm:
+	mkdir -p ${pkgdir}/usr/local/etc
-	for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chmod 0700 "$$i"; done
+	install -m 0700 -o aether -d ${pkgdir}/usr/local/etc/Aether
-	for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chown root: "$$i"; done
-	chown aether: ${pkgdir}/usr/local/sbin/aether.bash
-	for i in *.service *.timer; do chown root: ${pkgdir}/usr/lib/systemd/system; chmod 0640 ${pkgdir}/usr/lib/systemd/system; done
 
 clean:
 	@bash -c 'printf "This will irreversibly destroy all backups. Confirm? [YES/no]  " ; read answer; [ "$$answer" == "YES" ] && exit 0; exit 1'	
@@ -29,5 +25,22 @@ clean:
 	find /usr/local/backup -type f -exec shred {} \;
 	rm -Rf /usr/local/backup; fi
 
+uninstall:
+	rm -Rf ${pkgdir}/usr/local/sbin/aether*.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether ${pkgdir}/usr/lib/systemd/system/aether*.service ${pkgdir}/usr/lib/systemd/system/aether*.timer
+
 test: 
 	python3 -m pytest
+
+checkperm:
+	for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chmod 0700 "$$i"; done
+	for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chown root: "$$i"; done
+	chown aether: ${pkgdir}/usr/local/sbin/aether.bash
+	for i in *.service *.timer; do chown root: ${pkgdir}/usr/lib/systemd/system; chmod 0640 ${pkgdir}/usr/lib/systemd/system; done
+
+diff:
+	for i in ${LIST}; do diff ./$$i ${pkgdir}/usr/local/sbin/$$i; done
+	for i in ${SYSDLIST}; do diff ./$$i ${pkgdir}/usr/lib/systemd/system/$$i; done
+
+reverse:
+	for i in ${LIST}; do cp ${pkgdir}/usr/local/sbin/$$i . ; done
+	for i in ${SYSDLIST}; do cp ${pkgdir}/usr/lib/systemd/system/$$i . ; done

README.md

@@ -7,7 +7,7 @@ Dictionary.com translates Aether as the Greek personification of the clear sky,
 
 # Installing
 You have two options to install this project: 
-* Arch Linux and related distros: Run `makepkg -sri`
+* Arch Linux and related distributions: Install with `makepkg` or from AniNIX/Maat
 * Other operating systems: Run `make install`
 
 ## Initial setup
@@ -20,11 +20,17 @@ Individual projects wanting to be backed up by the Aether system should add a fi
 A SIEM filter should be set up to search for successful logins of the `aether` user.
 
 # Relevant Files and Software
-Aether installs a script for rsync-based remote backups. We implement this policy through the two 8TB hard-drives, at least one of which is always off-site, that can be plugged into a hotswap bay of a hypervisor along with a virtual machine that mounts the ArchLinux iso and the drive. Admins use the included ssh daemon in the iso to present the drive as a backup target, 
+Aether installs a script for rsync-based remote backups. We implement this policy through the two 8TB hard-drives, at least one of which is always off-site, that can be plugged into a hot-swap bay of a hypervisor along with a virtual machine that mounts the ArchLinux iso and the drive. Admins use the included ssh daemon in the iso to present the drive as a backup target, or the backup drive can be mounted directly onto Core via a SATA cage
 
 An additional backup is the generated `/home/aether/aether.enc` file. This is a more targeted backup of databases and file indexes.
 
-Keep in mind that all of [AniNIX/Foundation](https://foundation.aninix.net) is naturally a backup solution -- so long as anyone has a clone of the repo, the data survives.
+Keep in mind that all of [AniNIX/Foundation](https://foundation.aninix.net) is naturally a backup solution -- so long as anyone has a clone of the repo, the data survives. Aether should only be used to back up databases, such as the following:
+
+* Anope DB
+* PostgreSQL
+* Elasticsearch
+
+One should have significant care before using the aether.enc solution for tools like AniNIX/Yggdrasil or AniNIX/Foundation.
 
 # Available Clients
 The only client is direct server access on one of the client nodes.
@@ -33,4 +39,4 @@ The only client is direct server access on one of the client nodes.
 Equivalent services are DropBox, Google Drive, iCloud, or OneDrive.
 
 # Notes
-Those deploying Aether should maintain a nodeslist file that only root can read.
+Those deploying Aether should track the `/home/aether/.ssh/authorized_keys` file strongly on the generating server, so that all keys are specifically tracked for their origin & who handles them.

aether-gen.bash

@@ -8,6 +8,15 @@
 # Copyright: WTFPL
 # 
 # Author: DarkFeather <ircs://aninix.net:6697/DarkFeather>
+#
+# Helptext
+if [ "$1" == "-h" ]; then
+    cat <<EOM
+Usage: $0 # Generate teh backup from /usr/local/etc/Aether/backup-entries
+EOM
+    exit 0
+fi
+
 
 export BACKUPDIR="/usr/local/backup"
 export BACKUPCMD="rsync -avzl --delete-after";

aether.bash

@@ -1,17 +1,47 @@
 #!/bin/bash
+#
+# File: aether.bash
+#
+# Description: Copy the aether.enc to local
+#
+# Package: AniNIX/Aether
+# Copyright: WTFPL
+#
+# Author: DarkFeather <ircs://aninix.net:6697/DarkFeather>
 
-### DO NOT EDIT THIS FILE ###
+# Usage
+if [ "$1" == "-h" ]; then
+    cat <<EOM
+Usage: $0 # Will get the aether.enc from the remote to the aether user's home.
+EOM
+    exit 0
 
+fi
+
+# Seed remote
+aetherremote="$1"
+if [ -z "$aetherremote" ]; then
+    aetherremote=aether@aninix.net
+fi
+aethercount="$2"
+if [ -z "$aethercount" ]; then
+    aethercount=7
+fi
+
+# Sanity check
 if [ ! -f /home/aether/.ssh/aether ]; then
    echo "Need to have the aether key to run."
    exit
 fi
+
 cd /home/aether
-if [ $(ls ./aether-*.enc | wc -l) -gt 7 ]; then
+
+# Logrotate off oldest aether include
+if [ $(ls ./aether-*.enc | wc -l) -gt "$aethercount" ]; then
     rm $(ls -tr ./aether-*.enc | head -n 1);
 fi        
 export TARGET="aether-"$(date +%F)".enc"
-printf "get /aether/aether.enc %s\nbye\n" $TARGET | sftp -o IdentityFile=./.ssh/aether aether@aninix.net
+printf "get /aether/aether.enc %s\nbye\n" $TARGET | sftp -o IdentityFile=./.ssh/aether "$aetherremote"
 
-echo "Aether copy populated. Today\'s was saved to "$TARGET
+echo "Aether copy populated from $aetherremote. Today\'s was saved to $TARGET"
 exit

tests/test_units.py

@@ -5,7 +5,14 @@ import subprocess
 # TODO Still need to devise a testing strategy (https://foundation.aninix.net/AniNIX/Aether/issues/1)
 def test_aether():
     print(os.getcwd())
-    fh = os.popen("echo bye | timeout 3 sudo sftp -o IdentityFile=/home/aether/.ssh/aether aether@aninix.net", mode='r', buffering=-1)
+    fh = os.popen("./aether.bash -h", mode='r', buffering=-1)
     output = fh.read()
     retcode = fh.close()
-    assert retcode == None
+    assert retcode == None and 'Usage' in output
+
+def test_aether_gen():
+    print(os.getcwd())
+    fh = os.popen("./aether-gen.bash -h", mode='r', buffering=-1)
+    output = fh.read()
+    retcode = fh.close()
+    assert retcode == None and 'Usage' in output