iankelling.org Git - automated-distro-installer/blob - fai/config/distro-install-common/end

   1 #!/bin/bash -x
   2
   3 set -eE -o pipefail
   4 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
   5
   6 if [[ $EUID != 0 ]]; then
   7     echo "$0: error: expected to be root."
   8     exit 1
   9 fi
  10
  11 # ssh host keys
  12 # note, $BASH_SOURCE is not defined here under fai.
  13 src=$(dirname "$0")/p/c/machine_specific/$HOSTNAME/filesystem/etc/ssh
  14 dst=$target/etc/ssh
  15 if [[ -e $src && -e $dst ]]; then
  16     # outside of fai context, we skip this
  17     cp -rT $src $dst
  18 fi
  19
  20 if ifclass VOL_STRETCH_BOOTSTRAP; then
  21     exit 0
  22 fi
  23
  24 TPW=/q/root/shadow/traci-simple
  25 if ifclass tp; then
  26     ROOTPW="$TPW"
  27 else
  28     ROOTPW=/q/root/shadow/standard
  29 fi
  30
  31 chpw() {
  32     # generating a hashed password:
  33     # under debian, you can do
  34     # mkpasswd -m sha-512 -s >/q/root/shadow/standard
  35     # On arch, best seems to be copy your shadow file to a temp location,
  36     # then passwd, get out the new pass, then copy the shadow file back.
  37
  38     user=$1
  39     pwfile=$2
  40     if [[ $pwfile && -e $pwfile ]]; then
  41         printf "$user:" | cat - "$pwfile" | $ROOTCMD chpasswd -e
  42     else
  43         echo "$0: warning: no pw set for $user" >&2
  44     fi
  45 }
  46 au() { # add user
  47     if ! $ROOTCMD getent passwd ${@: -1}; then
  48         $ROOTCMD useradd -m -s /bin/bash $@
  49     fi
  50 }
  51
  52 chpw root "$ROOTPW"
  53 # 9 = user already exists. so we are idempotent.
  54 au iank
  55 chpw iank "$ROOTPW"
  56
  57 au traci
  58 if ifclass frodo; then
  59     chpw traci "$TPW"
  60 fi
  61 # comparing iank's groups to traci, I see none she should join on arch
  62 $ROOTCMD usermod -a -G traci iank
  63
  64 $ROOTCMD getent group docker &>/dev/null || $ROOTCMD groupadd -r docker
  65 $ROOTCMD usermod -a -G docker iank
  66
  67 # based on unison error, with 8192 from
  68 # sysctl -a | grep fs.inotify.max_user_watches
  69 #http://stackoverflow.com/questions/535768/what-is-a-reasonable-amount-of-inotify-watches-with-linux
  70
  71 f=$target/etc/sysctl.d/99-sysctl.conf
  72 key=fs.inotify.max_user_watches
  73 if [[ -e $f ]]; then sed -ri --follow-symlinks "/^\s*$key\s*=/d" $f; fi
  74 echo "fs.inotify.max_user_watches = 1000000" >> $f
  75 # applies it. it would be also be applied after a reboot
  76 $ROOTCMD sysctl --system
  77
  78 f=$target/etc/sudoers
  79 line='iank  ALL=(ALL)  NOPASSWD: ALL'
  80 if [[ ! -e $f ]] || ! grep -xF "$line" $f; then
  81     echo "$line" >> $f
  82 fi
  83
  84 dir=/p/c/machine_specific/$HOSTNAME/.unison
  85 $ROOTCMD mkdir -p $dir
  86 if ! $ROOTCMD test -L /root/.unison; then
  87     $ROOTCMD rm -rf /root/.unison
  88     $ROOTCMD ln -s -T $dir /root/.unison
  89 fi
  90
  91 $ROOTCMD chown -R 1000:1000 $dir
  92 while true; do
  93     $ROOTCMD chown 1000:1000 $dir
  94     $ROOTCMD chmod 700 $dir
  95     dir=$(dirname $dir)
  96     if [[ $dir == /p ]]; then break; fi
  97 done
  98
  99 au --system -s /bin/false --home-dir /var/lib/bitcoind bitcoin