improvements

[automated-distro-installer] / fai / config / scripts / DEBIAN / 11-iank

#!/bin/bash -x
# This file is part of Ian Kelling's automated-distro-installer
# Copyright (C) 2024 Ian Kelling

# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR

if [[ $EUID != 0 ]]; then
  echo "$0: error: expected to be root."
  exit 1
fi

m() { printf "%s\n" "$*";  "$@"; }

source $FAI/distro-install-common/bash-misc-functions

fcopy -riB /root

# in bullseye, installing systemd-resolved says: Converting
# /etc/resolv.conf to a symlink to
# /run/systemd/resolve/stub-resolv.conf...  which breaks
# resolution. This happens to be the first script we install a package
# after that. This should do nothing in a fai-wrapper situation.
if [[ ! -s $target/etc/resolv.conf ]]; then
  m ls -la $target/etc/resolv.conf ||:
  # Keep the symlink in place, systemd-resolved should change the file
  # when it runs.
  mkdir -p $target/run/systemd/resolve
  if [[ ! -s /etc/resolv.conf ]] && ! host google.com; then
    echo "ERROR: empty resolv.conf & failed dns resolution. exiting 1" >&2
    exit 1
  fi
  cat /etc/resolv.conf >$target/etc/resolv.conf
fi



#### misc configurations
chroot $FAI_ROOT bash <<'EOFOUTER'
set -xe
if getent group systemd-journal >/dev/null; then
  # makes the journal be saved to disk.
  mkdir -p /var/log/journal
  chmod 755 /var/log/journal
fi
debconf-set-selections <<EOF
kexec-tools kexec-tools/load_kexec boolean false
EOF

# This used to be pxe-kexec. For some reason pxe-kexec is not in
# bookworm. kexec-tools is
# something pxe-kexec depended on and might be useful.
# todo: figure out why and get it installed.
apt-get install -y kexec-tools

# this is usefull. Only thing reason I see this being disabled by default is
# that a non-root user can disrupt the system, eg cause a reboot.
sed -i '$a kernel.sysrq=1
/^kernel.sysrq=/d' /etc/sysctl.conf
EOFOUTER

cmdline_extra="$d16_cmdline $fsf_cmdline_extra"

# luks options, see man systemd-cryptsetup-generator
# all i know is that with luks.crypttab=no, swap still timed out on boot.
# and with rd.luks.crypttab=no, it works.
cmdline="rd.luks.crypttab=no net.ifnames=0 $cmdline_extra"


u /etc/default/grub.d/iank.cfg <<'EOF'
# note: in git history, you can see code that modified the existing
# GRUB_CMDLINE_LINUX_DEFAULT. That was being cautious in case something
# else modified it, but experience has shown nothing else modifying it.

GRUB_CMDLINE_LINUX_DEFAULT="$cmdline"
GRUB_TERMINAL=console
# on xenial, no grub is displayed at all. fix that.
# found just by noticing a warning about it in error.log
GRUB_HIDDEN_TIMEOUT=
GRUB_TIMEOUT_STYLE=menu
GRUB_TIMEOUT=4
# grub tries to detect error in booting and then wait longer with this entry.
# but that detection doesn't work for us because we have btrfs /boot, and so it flags
# failure always.
GRUB_RECORDFAIL_TIMEOUT=4
EOF

if $ur; then
  $ROOTCMD update-grub
fi

# I prefer to stick with ifup/down or networkmanager: networkd is not in its
# own package, so cant use in other init systems. b. it works fine.
chroot $FAI_ROOT bash <<EOF
systemctl disable systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
systemctl mask systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
EOF