X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=fai%2Fconfig%2Fdistro-install-common%2Fend;h=2455ece011a46266e2ce65e86abfbdf099e8bed2;hb=HEAD;hp=2871106fbc593a0196242fcc2074c0e86fe2a79f;hpb=ee37d990c89bb3bab1b54e3b3fb43e9f79ed039b;p=automated-distro-installer diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end index 2871106..2455ece 100755 --- a/fai/config/distro-install-common/end +++ b/fai/config/distro-install-common/end @@ -18,49 +18,42 @@ if [[ -e $src && -e $dst ]]; then cp -rT $src $dst fi -USER2PW=/q/root/shadow/user2 -if ifclass ziva; then - ROOTPW=/q/root/shadow/ziva -else - ROOTPW=/q/root/shadow/standard +root_pw_f=/q/root/shadow/standard +if [[ ! -e $root_pw_f ]]; then + root_pw_f=/q/root/shadow/$HOSTNAME fi -chpw() { - # generating a hashed password: - # under debian, you can do - # mkpasswd -m sha-512 -s >/q/root/shadow/standard - # On arch, best seems to be copy your shadow file to a temp location, - # then passwd, get out the new pass, then copy the shadow file back. - - user=$1 - pwfile=$2 - if [[ $pwfile && -e $pwfile ]]; then - printf "$user:" | cat - "$pwfile" | $ROOTCMD chpasswd -e - else - echo "$0: warning: no pw set for $user" >&2 - fi -} au() { # add user. i don't use adduser for portability - if ! $ROOTCMD getent passwd ${@: -1}; then - $ROOTCMD useradd -Um -s /bin/bash $@ + local user=${@: -1} + if ! $ROOTCMD getent passwd $user; then + $ROOTCMD useradd -c $user -Um -s /bin/bash $@ fi } -chpw root "$ROOTPW" # only setup root pass for bootstrap vol -if ifclass VOL_STRETCH_BOOTSTRAP; then +# for bootstrap vol, we only use root user +if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP; then + sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e exit 0 fi # return of 9 = user already exists. so we are idempotent. au iank -chpw iank "$ROOTPW" +# generating a hashed password: +# under debian, you can do +# mkpasswd -m sha-512 -s >/q/root/shadow/standard +# On arch, best seems to be copy your shadow file to a temp location, +# then passwd, get out the new pass, then copy the shadow file back. +if [[ -e $root_pw_f ]]; then + sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e + sed 's/^/iank:/' $root_pw_f | $ROOTCMD chpasswd -e +fi au user2 if ifclass frodo; then - chpw user2 "$USER2PW" + sed 's/^/user2:/' /q/root/shadow/user2 | $ROOTCMD chpasswd -e fi # comparing iank's groups to user2, I see none she should join on arch $ROOTCMD usermod -a -G user2 iank @@ -79,10 +72,48 @@ echo "fs.inotify.max_user_watches = 50000" >> $f # applies it. it would be also be applied after a reboot $ROOTCMD sysctl --system +if getent group sudo >/dev/null; then + $ROOTCMD usermod -aG sudo iank +fi + +mkdir -p $target/etc/sudoers.d +cat >$target/etc/sudoers.d/ianksudoers <<'EOF' +Defaults timestamp_timeout=1440 +# used in bashrc +Defaults env_keep += SUDOD +# always_set_home +# makes ubuntu be like debian +# https://unix.stackexchange.com/a/91572 +Defaults always_set_home +# umask: default setting is to have minimum umask of 0022 +# This lets us have user-specific umasks which are more permissive. +# I did this for transmission and set it's umask gecos on install, +# see there for more info. +Defaults !umask +# i use sudo in cronjobs, it spams the logs rather uselessly +# https://stackoverflow.com/questions/14277116/suppress-log-entry-for-single-sudo-commands +Defaults:root,iank !log_allowed, !pam_session +# for just the root user, set some env vars +Defaults>root env_file=/etc/rootsudoenv + +# a few commands we should be able to run with no password +iank ALL = (root) NOPASSWD: /usr/local/bin/spend,/usr/local/bin/us,/usr/local/bin/off,/usr/bin/nmtui-connect,/usr/local/bin/bitcoinoff,/usr/local/bin/bitcoinon + +EOF + +case $HOSTNAME in + li|bk|je) + cat >>$target/etc/sudoers.d/ianksudoers <<'EOF' +iank ALL=(ALL) NOPASSWD: ALL +EOF + ;; +esac + +# remove old config line. can be removed eventually. f=$target/etc/sudoers line='iank ALL=(ALL) NOPASSWD: ALL' -if [[ ! -e $f ]] || ! grep -xF "$line" $f; then - echo "$line" >> $f +if grep -qxF "$line" $f; then + sed -i "/^$line/d" $f fi