From 65efb9481b955831b5b55319f51c3778aafe475b Mon Sep 17 00:00:00 2001
From: m8in <m8in@gmx.de>
Date: Sun, 19 Apr 2026 23:09:15 +0200
Subject: [PATCH] setup composition-sync

---
 .gitignore                                    |  3 ++
 .../etc/sudoers.d/allow-composition-sync-send | 10 ++++++
 .../setupCompositionReceivingHost.sh          | 35 +++++++++++++++++++
 .../setupCompositionRunningHost.sh            | 27 ++++++++++++++
 4 files changed, 75 insertions(+)
 create mode 100644 definitions/default/script/all/etc/sudoers.d/allow-composition-sync-send
 create mode 100755 script/host/zfs/composition-sync/setupCompositionReceivingHost.sh
 create mode 100755 script/host/zfs/composition-sync/setupCompositionRunningHost.sh

diff --git a/.gitignore b/.gitignore
index e14fcf2..06ae7c7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,6 +15,9 @@
 !/definitions/default/monitor/
 /definitions/default/monitor/*
 !/definitions/default/monitor/checks/
+!/definitions/default/script/
+/definitions/default/script/*
+!/definitions/default/script/all/
 
 # 2.) Ignore all content of 'states', except file README.md
 /states/*
diff --git a/definitions/default/script/all/etc/sudoers.d/allow-composition-sync-send b/definitions/default/script/all/etc/sudoers.d/allow-composition-sync-send
new file mode 100644
index 0000000..941daa5
--- /dev/null
+++ b/definitions/default/script/all/etc/sudoers.d/allow-composition-sync-send
@@ -0,0 +1,10 @@
+# Definition: 2 mandantory parameter, 3. and 4. are optional
+# [[:space:]]+        -> Expects at least on space character
+# ( ... )?            -> defines the group as optional
+Cmnd_Alias C_COMPOSITION_SYNC = \
+    /cis/script/host/zfs/composition-sync/sync-send.sh \
+        ^[a-zA-Z0-9][a-zA-Z0-9._-]* \
+         [a-zA-Z0-9][a-zA-Z0-9_-]* \
+        ([a-zA-Z0-9][a-zA-Z0-9._:-]*)? \
+        ([a-zA-Z0-9][a-zA-Z0-9._:-]*)?$
+composition-sync ALL = (root) NOPASSWD: C_COMPOSITION_SYNC
\ No newline at end of file
diff --git a/script/host/zfs/composition-sync/setupCompositionReceivingHost.sh b/script/host/zfs/composition-sync/setupCompositionReceivingHost.sh
new file mode 100755
index 0000000..f2d0f4d
--- /dev/null
+++ b/script/host/zfs/composition-sync/setupCompositionReceivingHost.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+[ "$(id -u)" != "0" ] \
+    && sudo "${0}" \
+    && exit 0
+
+
+
+_SETUP="$(readlink -f "${0}" 2> /dev/null)"
+
+# Folders always ends with an tailing '/'
+_CIS_ROOT="${_SETUP%%/script/host/zfs/composition-sync/*}/"             #Removes longest  matching pattern '/script/host/zfs/composition-sync/*' from the end
+_DOMAIN="$("${_CIS_ROOT:?"Missing CIS_ROOT"}core/printOwnDomain.sh")"
+_DEFINITIONS="${_CIS_ROOT:?"Missing CIS_ROOT"}definitions/${_DOMAIN:?"Missing DOMAIN"}/"
+
+
+
+function checkPreconditions() {
+    [ -d "${_DEFINITIONS:?"Missing DEFINITIONS"}compositions" ] \
+        && return 0
+
+    echo "No folder for your defined composition settings found: ${_DEFINITIONS:?"Missing DEFINITIONS"}compositions"
+    echo "Please create it and add your custom composition settings in there, following this convention:"
+    echo "  1.) './NAME_OF_THE_COMPOSITION/current-host'            containing one line with the FQDN of the host running the composition."
+    echo "  2.) './NAME_OF_THE_COMPOSITION/composition-sync-hosts'  containing a list of hosts receiving the composition, one host with its FQDN per line."
+    return 1
+}
+
+
+
+echo "Setup the host that receives the composition of others ... " \
+    && checkPreconditions \
+    && exit 0
+
+exit 1
diff --git a/script/host/zfs/composition-sync/setupCompositionRunningHost.sh b/script/host/zfs/composition-sync/setupCompositionRunningHost.sh
new file mode 100755
index 0000000..09ea551
--- /dev/null
+++ b/script/host/zfs/composition-sync/setupCompositionRunningHost.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+[ "$(id -u)" != "0" ] \
+    && sudo "${0}" \
+    && exit 0
+
+
+
+_SETUP="$(readlink -f "${0}" 2> /dev/null)"
+
+# Folders always ends with an tailing '/'
+_CIS_ROOT="${_SETUP%%/script/host/zfs/composition-sync/*}/"             #Removes longest  matching pattern '/script/host/zfs/composition-sync/*' from the end
+_CORE_SCRIPTS="${_CIS_ROOT:?"Missing CIS_ROOT"}core/"
+_DOMAIN="$("${_CIS_ROOT:?"Missing CIS_ROOT"}core/printOwnDomain.sh")"
+_DEFINITIONS="${_CIS_ROOT:?"Missing CIS_ROOT"}definitions/${_DOMAIN:?"Missing DOMAIN"}/"
+
+
+
+echo "Setup the user and permission to enable syncing compositions of this host ... " \
+    && "${_CORE_SCRIPTS:?"Missing CORE_SCRIPTS"}addNormalUser.sh" composition-sync \
+    && echo \
+    && "${_CORE_SCRIPTS:?"Missing CORE_SCRIPTS"}defineAuthorizedKeysOfUser.sh" "${_DEFINITIONS}" composition-sync \
+    && echo \
+    && "${_CORE_SCRIPTS:?"Missing CORE_SCRIPTS"}ensureUsageOfDefinitions.sh" "${_DEFINITIONS}" /etc/sudoers.d/allow-composition-sync-send \
+    && exit 0
+
+exit 1