Whitespace cleanup to get in sync with AniNIX/Uniglot hooks
This commit is contained in:
@@ -1,19 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
cd ~/src/Ubiqtorate/roles
|
||||
|
||||
if [ -n "$(git status | grep roles &>/dev/null)" ]; then
|
||||
echo There are roles that are not committed yet.
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
unset bad
|
||||
for i in `ls -1`; do
|
||||
if ! grep "$i" ../playbooks/deploy.yml &>/dev/null; then
|
||||
echo "$i is not used in playbooks/deploy.yml"
|
||||
bad="1"
|
||||
fi
|
||||
done
|
||||
if [ -n "$bad" ]; then
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
10
precommit-hooks/find-large-files
Normal file
10
precommit-hooks/find-large-files
Normal file
@@ -0,0 +1,10 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Limit files in git to 1M.
|
||||
find . -type f -exec du -k {} \; | egrep -v '^[[:digit:]]?[[:digit:]]?[[:digit:]][[:space:]]|\s./.git/'
|
||||
|
||||
if [ $? -ne 1 ]; then
|
||||
echo
|
||||
echo "These files are probably larger than you want to commit to Git. Please try to find an alternate delivery path, such as a CDN or Git-LFS."
|
||||
exit 1;
|
||||
fi
|
||||
14
precommit-hooks/find-missing-customizations
Normal file
14
precommit-hooks/find-missing-customizations
Normal file
@@ -0,0 +1,14 @@
|
||||
#!/bin/bash
|
||||
|
||||
retcode=0
|
||||
for host in `ansible -i "examples/msn0.yml" --list-hosts managed | grep -v ' hosts '`; do
|
||||
if [ ! -f roles/ShadowArch/files/motd/"$host" ]; then
|
||||
echo "Need MOTD for $host"
|
||||
retcode=1;
|
||||
fi
|
||||
if [ ! -f roles/Sharingan/files/monit/hostdefs/"$host" ]; then
|
||||
echo "Need Sharingan-Data file for $host"
|
||||
retcode=1;
|
||||
fi
|
||||
done
|
||||
exit $retcode
|
||||
28
precommit-hooks/find-passwords-in-files
Normal file
28
precommit-hooks/find-passwords-in-files
Normal file
@@ -0,0 +1,28 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Ignore Ansibilized templates.
|
||||
saferegex='\s+}}"?\s*$'
|
||||
# Ignore comments
|
||||
saferegex="$saferegex"'|^[a-z,A-Z,0-9,_,-,/,.]+:\s*;|^[a-z,A-Z,0-9,_,-,/,.]+:\s*#|^[a-z,A-Z,0-9,_,-,/,.]+:\s*//'
|
||||
# Ignore binary file matches.
|
||||
saferegex="$saferegex"'|binary\ file\ matches'
|
||||
# AniNIX Constructs
|
||||
saferegex="$saferegex"'|password.aninix.net|aur.list'
|
||||
# Web constructs
|
||||
saferegex="$saferegex"'|.css:|.html:|.md:|htdocs|htpasswd'
|
||||
# Ignore template text to set policy
|
||||
saferegex="$saferegex"'|_LENGTH|Set new|attempt|pwdchange'
|
||||
# haveibeenpwned is referenced in comments
|
||||
saferegex="$saferegex"'|haveibeenpwned'
|
||||
# Unset variables.
|
||||
saferegex="$saferegex"'|\s+=\s*$|\s+yes$|\s+no$'
|
||||
# Ignore LDAP attributes
|
||||
saferegex="$saferegex"'|pwpolicies|pwdLastSuccess|pwdAttribute|pwdMaxAge|pwdExpireWarning|pwdInHistory|pwdCheckQuality|pwdMaxFailure|pwdLockout|pwdLockoutDuration|pwdGraceAuthNLimit|pwdFailureCountInterval|pwdMustChange|pwdMinLength|pwdAllowUserChange|pwdSafeModify|pwdChangedTime|pwdPolicy|last changed their password on|/root/.ldappass'
|
||||
|
||||
egrep -ir 'secret|password|pw|passphrase' roles/*/{files,templates} 2>&1 | egrep -v "$saferegex"
|
||||
if [ $? -ne 1 ]; then
|
||||
echo
|
||||
echo If these are false positives, you need to add the signature to the whitelist in $0.
|
||||
echo Otherwise, convert any files above to templates and encode the passphrase into your vault.
|
||||
exit 1;
|
||||
fi
|
||||
Reference in New Issue
Block a user