4 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
6 if [[ $EUID != 0 ]]; then
7 echo "$0: error: expected to be root."
12 # note, $BASH_SOURCE is not defined here under fai.
14 src
=$
(dirname "$0")/p
/c
/machine_specific
/$HOSTNAME/filesystem
/etc
/ssh
16 if [[ -e $src && -e $dst ]]; then
17 # outside of fai context or setting up a brand new host, we skip this
21 root_pw_f
=/q
/root
/shadow
/standard
22 if [[ ! -e $root_pw_f ]]; then
23 root_pw_f
=/q
/root
/shadow
/$HOSTNAME
26 au
() { # add user. i don't use adduser for portability
28 if ! $ROOTCMD getent passwd
$user; then
29 $ROOTCMD useradd
-c $user -Um -s /bin
/bash $@
34 # only setup root pass for bootstrap vol
35 # for bootstrap vol, we only use root user
36 if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP
; then
37 sed 's/^/root:/' $root_pw_f |
$ROOTCMD chpasswd
-e
42 # return of 9 = user already exists. so we are idempotent.
44 # generating a hashed password:
45 # under debian, you can do
46 # mkpasswd -m sha-512 -s >/q/root/shadow/standard
47 # On arch, best seems to be copy your shadow file to a temp location,
48 # then passwd, get out the new pass, then copy the shadow file back.
49 if [[ -e $root_pw_f ]]; then
50 sed 's/^/root:/' $root_pw_f |
$ROOTCMD chpasswd
-e
51 sed 's/^/iank:/' $root_pw_f |
$ROOTCMD chpasswd
-e
55 if ifclass frodo
; then
56 sed 's/^/user2:/' /q
/root
/shadow
/user2 |
$ROOTCMD chpasswd
-e
58 # comparing iank's groups to user2, I see none she should join on arch
59 $ROOTCMD usermod
-a -G user2 iank
62 $ROOTCMD getent group docker
&>/dev
/null ||
$ROOTCMD groupadd
-r docker
63 $ROOTCMD usermod
-a -G docker iank
65 # based on unison error, with 8192 from
66 # sysctl -a | grep fs.inotify.max_user_watches
67 #http://stackoverflow.com/questions/535768/what-is-a-reasonable-amount-of-inotify-watches-with-linux
68 f
=$target/etc
/sysctl.d
/99-sysctl.conf
69 key
=fs.inotify.max_user_watches
70 if [[ -e $f ]]; then sed -ri --follow-symlinks "/^\s*$key\s*=/d" $f; fi
71 echo "fs.inotify.max_user_watches = 50000" >> $f
72 # applies it. it would be also be applied after a reboot
73 $ROOTCMD sysctl
--system
75 if getent group sudo
>/dev
/null
; then
76 $ROOTCMD usermod
-aG sudo iank
79 mkdir
-p $target/etc
/sudoers.d
80 cat >$target/etc
/sudoers.d
/ianksudoers
<<'EOF'
81 Defaults timestamp_timeout=1440
83 Defaults env_keep += SUDOD
85 # makes ubuntu be like debian
86 # https://unix.stackexchange.com/a/91572
87 Defaults always_set_home
88 # umask: default setting is to have minimum umask of 0022
89 # This lets us have user-specific umasks which are more permissive.
90 # I did this for transmission and set it's umask gecos on install,
91 # see there for more info.
93 # i use sudo in cronjobs, it spams the logs rather uselessly
94 # https://stackoverflow.com/questions/14277116/suppress-log-entry-for-single-sudo-commands
95 Defaults:root,iank !log_allowed, !pam_session
96 # for just the root user, set some env vars
97 Defaults>root env_file=/etc/rootsudoenv
99 # a few commands we should be able to run with no password
100 iank ALL = (root) NOPASSWD: /usr/local/bin/spend,/usr/local/bin/us,/usr/local/bin/off,/usr/bin/nmtui-connect,/usr/local/bin/bitcoinoff,/usr/local/bin/bitcoinon
106 cat >>$target/etc
/sudoers.d
/ianksudoers
<<'EOF'
107 iank ALL=(ALL) NOPASSWD: ALL
112 # remove old config line. can be removed eventually.
113 f
=$target/etc
/sudoers
114 line
='iank ALL=(ALL) NOPASSWD: ALL'
115 if grep -qxF "$line" $f; then
116 sed -i "/^$line/d" $f
120 au
--system -s /bin
/false
--home-dir /var
/lib
/bitcoind bitcoin