From a9297bdaad681a5013a0810187727d34842e052f Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 24 Feb 2024 13:57:00 -0300
Subject: Fix: hydractl: sync-media: tell why it's not allowed to run as the
 root user

---
 share/hydractl/provision    |  6 +++---
 share/hydractl/sync-backups | 40 +++++++++++++++++++++++-----------------
 share/hydractl/sync-media   |  2 +-
 3 files changed, 27 insertions(+), 21 deletions(-)

diff --git a/share/hydractl/provision b/share/hydractl/provision
index 783f2ae..d318aaf 100755
--- a/share/hydractl/provision
+++ b/share/hydractl/provision
@@ -54,13 +54,13 @@ function hydra_cryptsetup {
     # Run cryptsetup with custom parameters
     #hydra_sudo_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random -y -q luksFormat $1
 
-    # GRUB2 from bullseye (or even older) does not support LUKS2, which seems
+    # GRUB2 from bookworm (or even older) still does not support LUKS2, which seems
     # the default type for luksFormat since bullseye at least
     # See https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html
-    #hydra_sudo_run cryptsetup --use-random -y -q luksFormat --type luks1 $1
+    hydra_sudo_run cryptsetup --use-random -y -q luksFormat --type luks1 $1
 
     # Run cryptsetup mostly with defaults
-    hydra_sudo_run cryptsetup --use-random -y -q luksFormat $1
+    #hydra_sudo_run cryptsetup --use-random -y -q luksFormat $1
   fi
 }
 
diff --git a/share/hydractl/sync-backups b/share/hydractl/sync-backups
index cb905a3..844d630 100755
--- a/share/hydractl/sync-backups
+++ b/share/hydractl/sync-backups
@@ -11,62 +11,68 @@ BWLIMIT=${BWLIMIT:=32000}
 IMAGES="/var/data/crypt/"
 RSYNC="ionice -c 3 nice -n 19 rsync -avH --delete --bwlimit=$BWLIMIT"
 CP="ionice -c 3 nice -n 19 cp"
+WHOAMI="`whoami`"
 
 # Sync backups for a node.
 function sync_backups_node {
   if [ ! -z "$NODE" ]; then
     # Get full node hostname.
-    NODE_HOSTNAME="`cat /var/vservers/$NODE/etc/hostname`"
+    NODE_HOSTNAME="`$SUDO cat /var/vservers/$NODE/etc/hostname`"
     if [ -z "$NODE_HOSTNAME" ]; then
       NODE_HOSTNAME="$NODE"
     fi
 
     # Sync local encrypted backup.
     echo "Syncing /var/vservers/$NODE/var/backups/duplicity/..."
-    mkdir -p /$MEDIA/$NODE_HOSTNAME/duplicity
-    $RSYNC /var/vservers/$NODE/var/backups/duplicity/ /$MEDIA/$NODE_HOSTNAME/duplicity/
+    $SUDO mkdir -p /$MEDIA/$NODE_HOSTNAME/duplicity
+    $SUDO $RSYNC /var/vservers/$NODE/var/backups/duplicity/ /$MEDIA/$NODE_HOSTNAME/duplicity/
 
     # Sync remote backups.
-    for node in `ls /var/vservers/$NODE/var/backups/remote/`; do
+    for node in `$SUDO ls /var/vservers/$NODE/var/backups/remote/`; do
       echo "Syncing /var/vservers/$NODE/var/backups/remote/$node/..."
-      mkdir -p /$MEDIA/$NODE_HOSTNAME/remote/$node
-      $RSYNC /var/vservers/$NODE/var/backups/remote/$node/ /$MEDIA/$NODE_HOSTNAME/remote/$node/
+      $SUDO mkdir -p /$MEDIA/$NODE_HOSTNAME/remote/$node
+      $SUDO $RSYNC /var/vservers/$NODE/var/backups/remote/$node/ /$MEDIA/$NODE_HOSTNAME/remote/$node/
     done
   else
     # Sync local encrypted backup.
     echo "Syncing /var/backups/duplicity/..."
-    mkdir -p /$MEDIA/$HOSTNAME/duplicity
-    $RSYNC /var/backups/duplicity/ /$MEDIA/$HOSTNAME/duplicity/
+    $SUDO mkdir -p /$MEDIA/$HOSTNAME/duplicity
+    $SUDO $RSYNC /var/backups/duplicity/ /$MEDIA/$HOSTNAME/duplicity/
 
     # Sync remote backups.
-    for node in `ls /var/backups/remote/`; do
+    for node in `$SUDO ls /var/backups/remote/`; do
       echo "Syncing /var/backups/remote/$node/..."
-      mkdir -p /$MEDIA/$HOSTNAME/remote/$node/
-      $RSYNC /var/backups/remote/$node/ /$MEDIA/$HOSTNAME/remote/$node/
+      $SUDO mkdir -p /$MEDIA/$HOSTNAME/remote/$node/
+      $SUDO $RSYNC /var/backups/remote/$node/ /$MEDIA/$HOSTNAME/remote/$node/
     done
 
     # Copy encrypted images.
     if [ -d "$IMAGES" ]; then
       for image in `find $IMAGES -name '*.img' -type f`; do
         echo "Copying image to /$MEDIA/$HOSTNAME/images/`dirname $image`"
-        mkdir -p /$MEDIA/$HOSTNAME/images/`dirname $image`
-        $CP $image /$MEDIA/$HOSTNAME/images/`dirname $image`
+        $SUDO mkdir -p /$MEDIA/$HOSTNAME/images/`dirname $image`
+        $SUDO $CP $image /$MEDIA/$HOSTNAME/images/`dirname $image`
       done
     fi
   fi
 }
 
-# Parsing.
+# Parsing
 if [ -z "$VOLUME" ]; then
   echo "usage: $BASENAME <media> [nodes]"
   exit 1
-elif [ "$WHOAMI" == 'root' ]; then
-  echo "Please run this command as the root user"
-  exit 1
+#elif [ "$WHOAMI" != 'root' ]; then
+#  echo "Please run this command as the root user"
+#  exit 1
 else
   shift
 fi
 
+# Set sudo config
+if [ "$WHOAMI" != 'root' ]; then
+  SUDO="sudo"
+fi
+
 # Check volume name
 if [ "$VOLUME" == "`hostname -f`" ]; then
   echo "volume is the hostname, cannot sync to myself"
diff --git a/share/hydractl/sync-media b/share/hydractl/sync-media
index c4e27d4..88c8901 100755
--- a/share/hydractl/sync-media
+++ b/share/hydractl/sync-media
@@ -156,7 +156,7 @@ function sync_media_ensure_remote {
 if [ "$WHOAMI" != 'root' ]; then
   sudo="sudo"
 else
-  echo "Sorry, cannot run as root"
+  echo "Sorry, cannot run as root, since archives are usually user-managed"
   exit 1
 fi
 
-- 
cgit v1.2.3