bin: lock down data folders and provide utilities

This commit is contained in:
xeruf 2022-01-31 14:38:37 +01:00
parent 004e3ffbf8
commit 20f18f49ed
3 changed files with 23 additions and 2 deletions

View File

@ -133,7 +133,9 @@ alias sc='sudo systemctl'
alias sce='sudo systemctl enable --now' alias sce='sudo systemctl enable --now'
alias scd='sudo systemctl disable --now' alias scd='sudo systemctl disable --now'
scs() { scs() {
systemctl --user status "*$1*" || systemctl --user status "$1" 2>/dev/null ||
systemctl --user status "*$1*"
sudo systemctl status "$1" 2>/dev/null ||
sudo systemctl status "*$1*" sudo systemctl status "*$1*"
} }
alias scu='systemctl --user' alias scu='systemctl --user'
@ -184,7 +186,15 @@ alias myip="curl ifconfig.me && println && curl icanhazip.com"
alias dedup='awk '"'"'!a[$0]++'"'" alias dedup='awk '"'"'!a[$0]++'"'"
alias lar='last | tac' alias lar='last | tac'
alias lst='( last; last -f /var/log/wtmp.1 ) | grep -v "pts/" | tac | less +G' alias lst='( last; last -f /var/log/wtmp.1 ) | grep -v "pts/" | tac | less +G'
alias hedgedoc="cd '$d4/dev/_forks/hedgedoc' && tmux new-session -d 'yarn run dev' && tmux split-window -h 'nodemon --watch app.js --watch lib --watch locales app.js' && tmux ls && firefox localhost:3000" alias hedgedoc="tmux kill-session -t hedgedoc; builtin cd '$d4/dev/_forks/hedgedoc' && tmux new-session -s hedgedoc -d 'yarn run dev' && tmux split-window -h 'nodemon --watch app.js --watch lib --watch locales --watch config.json app.js' && tmux ls"
alias rm='rm -I'
del() {
# TODO create on current partition and clean on reboot via cron
trash=/tmp/thrash/
#mkdir $trash
m "$@" $trash
}
u() { u() {
which pacman-mirrors >/dev/null && which pacman-mirrors >/dev/null &&

4
.local/bin/scripts/lockdown Executable file
View File

@ -0,0 +1,4 @@
#!/bin/sh
# Set personal data directories to append-only
sudo chattr -V +a . *
sudo chattr -V -a 4-incubator _archive applications

View File

@ -5,5 +5,12 @@
for last; do true; done for last; do true; done
checkaccess -w "$@" || elevate=sudo checkaccess -w "$@" || elevate=sudo
! $elevate test -e "$1" && echo "$1 does not exist" && exit 1 ! $elevate test -e "$1" && echo "$1 does not exist" && exit 1
dir="$(dirname "$1")"
test $(lsattr -d "$dir" | cut -c6) = a && setappend=true
test -z "$setappend" || sudo chattr -V -a "$dir"
$elevate mkdir -p $(case "$last" in (*/) echo "$last";; (*) dirname "$last";; esac) $elevate mkdir -p $(case "$last" in (*/) echo "$last";; (*) dirname "$last";; esac)
$elevate mv --verbose --interactive "$@" $elevate mv --verbose --interactive "$@"
test -z "$setappend" || sudo chattr -V +a "$dir"