From db0f6395479d1219992a75afb27575c682aa85c0 Mon Sep 17 00:00:00 2001
From: toby <toby@wit.com>
Date: Thu, 14 Feb 2019 12:35:33 -0800
Subject: [PATCH] switching the debian install around: all 'templates' are
 modified in the local folder and are than installed when already modified
 using isc-dhcp-server as an example in hope to imporove upgrade-consistency.

---
 debian/wit-network-config.displace    |  1 +
 debian/wit-network-config.install     |  9 +++++---
 debian/wit-network-config.postinst    | 30 +++++++--------------------
 templates/70-persistent-net.rules     |  1 +
 {files => templates}/frr.conf.wit     |  0
 templates/interfaces                  |  1 +
 {files => templates}/ipsec.conf.wit   |  0
 templates/ipsec.secrets.wit           |  1 +
 {files => templates}/wit-swanctl.conf |  0
 9 files changed, 18 insertions(+), 25 deletions(-)
 create mode 100644 templates/70-persistent-net.rules
 rename {files => templates}/frr.conf.wit (100%)
 create mode 100644 templates/interfaces
 rename {files => templates}/ipsec.conf.wit (100%)
 create mode 100644 templates/ipsec.secrets.wit
 rename {files => templates}/wit-swanctl.conf (100%)

diff --git a/debian/wit-network-config.displace b/debian/wit-network-config.displace
index afcdc27..4ebed6d 100644
--- a/debian/wit-network-config.displace
+++ b/debian/wit-network-config.displace
@@ -1,5 +1,6 @@
 /etc/frr/frr.conf.wit
 /etc/ipsec.conf.wit
+/etc/ipsec.secrets.wit
 /etc/qemu-ifdown.wit
 /etc/qemu-ifup.wit
 /etc/default/lldpd.wit
diff --git a/debian/wit-network-config.install b/debian/wit-network-config.install
index 996480b..a95d0c6 100644
--- a/debian/wit-network-config.install
+++ b/debian/wit-network-config.install
@@ -10,9 +10,12 @@ files/qemu-ifdown etc/libvirt/hooks
 files/qemu-ifup-public etc/libvirt/hooks
 files/qemu-ifup etc/libvirt/hooks
 files/firewall etc/init.d
-files/frr.conf.wit etc/frr
-files/ipsec.conf.wit etc
 files/ips.issue etc/issue.d
 files/wit-logging.conf etc/strongswan.d
-files/wit-swanctl.conf etc/swanctl/conf.d
 files/lldpd.wit /etc/default
+templates/wit-swanctl.conf etc/swanctl/conf.d
+templates/frr.conf.wit etc/frr
+templates/70-persistent-net.rules etc/udev/rules.d
+templates/interfaces /etc/network
+templates/ipsec.conf.wit etc
+templates/ipsec.secrets.wit etc
diff --git a/debian/wit-network-config.postinst b/debian/wit-network-config.postinst
index 88e549d..3f52b5b 100755
--- a/debian/wit-network-config.postinst
+++ b/debian/wit-network-config.postinst
@@ -22,15 +22,15 @@ case "$1" in
 
 
      ## START gather all the info from the box and generate the variabels
-        IFCONFIG="/etc/network/interfaces"
-        UDEVCONFIG="/etc/udev/rules.d/70-persistent-net.rules"
-        FRRCONFIG="/etc/frr/frr.conf.wit"
-        IPSECCONFIG="/etc/ipsec.conf.wit"
-        SWANCTLCONFIG="/etc/swanctl/conf.d/wit-swanctl.conf"
+        IFCONFIG="templates/interfaces"
+        UDEVCONFIG="templates/70-persistent-net.rules"
+        FRRCONFIG="templates/frr.conf.wit"
+        IPSECCONFIG="templates/ipsec.conf.wit"
+        IPSECSECRETS="templates/ipsec.secrets.wit"
+        SWANCTLCONFIG="templates/wit-swanctl.conf"
         DOMAINNAME=$(hostname -d)
 
 
-
         dig_txt() {
             TMPDIG=$(dig txt +short $1)
             [ -z ${TMPDIG} ] && exit 2
@@ -63,14 +63,6 @@ case "$1" in
      ## START nic config compile
 
 
-      # wiping existing config in prep for re-deploying it
-        mv -f ${IFCONFIG} ${IFCONFIG}.dpkg-old || true
-        mv -f ${UDEVCONFIG} ${UDEVCONFIG}.dpkg-old || true
-
-
-
-
-
        # write loopback config
         cat <<-EOF >>$IFCONFIG
 		auto lo
@@ -363,7 +355,7 @@ case "$1" in
 
 
       # set ipsec config
-        for IPSECCONFIGFILE in $IPSECCONFIG $SWANCTLCONFIG
+        for IPSECCONFIGFILE in $IPSECCONFIG $SWANCTLCONFIG $IPSECSECRETS
 	  do
             sed -i \
                 -e "s/FQHOSTNAME/${HOSTNAME}/" \
@@ -374,12 +366,6 @@ case "$1" in
                 $IPSECCONFIGFILE
         done
 
-        echo ": RSA ${HOSTNAME}.key" >/etc/ipsec.secrets
-
-
-        chown frr.frr $FRRCONFIG /etc/frr/daemons.wit
-
-
     ## END config file section
 
 
@@ -390,7 +376,7 @@ case "$1" in
         systemctl restart ssh
         systemctl reload strongswan || true       ## in case we kick-start or done have it enabled for some reason
         
-        sysctl -p /etc/sysctl.d/10-frr.conf
+        sysctl -p files/10-frr.conf
 
     ## END services section
 
diff --git a/templates/70-persistent-net.rules b/templates/70-persistent-net.rules
new file mode 100644
index 0000000..2495153
--- /dev/null
+++ b/templates/70-persistent-net.rules
@@ -0,0 +1 @@
+# this file is entirely compiled dynamically
diff --git a/files/frr.conf.wit b/templates/frr.conf.wit
similarity index 100%
rename from files/frr.conf.wit
rename to templates/frr.conf.wit
diff --git a/templates/interfaces b/templates/interfaces
new file mode 100644
index 0000000..2495153
--- /dev/null
+++ b/templates/interfaces
@@ -0,0 +1 @@
+# this file is entirely compiled dynamically
diff --git a/files/ipsec.conf.wit b/templates/ipsec.conf.wit
similarity index 100%
rename from files/ipsec.conf.wit
rename to templates/ipsec.conf.wit
diff --git a/templates/ipsec.secrets.wit b/templates/ipsec.secrets.wit
new file mode 100644
index 0000000..e6608d7
--- /dev/null
+++ b/templates/ipsec.secrets.wit
@@ -0,0 +1 @@
+: RSA FQDNHOSTNAME.key
diff --git a/files/wit-swanctl.conf b/templates/wit-swanctl.conf
similarity index 100%
rename from files/wit-swanctl.conf
rename to templates/wit-swanctl.conf