X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=fai%2Fconfig%2Fdistro-install-common%2Fend;h=bc4e816bad77d2e36f3e88548421a1f71a474eed;hb=1728af7e3060c8608c622f210d6e16f7d085d8f9;hp=e6e182b82a82afbdc58aff3af9834574f8ac584d;hpb=d3d495af167adba91b190e8dcb95649c34fa04c7;p=automated-distro-installer diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end index e6e182b..bc4e816 100755 --- a/fai/config/distro-install-common/end +++ b/fai/config/distro-install-common/end @@ -1,9 +1,52 @@ #!/bin/bash -x set -eE -o pipefail -trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR +if [[ $EUID != 0 ]]; then + echo "$0: error: expected to be root." + exit 1 +fi + +TPW=/q/root/shadow/traci-simple +if ifclass tp; then + ROOTPW="$TPW" +else + ROOTPW=/q/root/shadow/standard +fi +chpw() { + # generating a hashed password: + # under debian, you can do + # mkpasswd -m sha-512 -s >/q/root/shadow/standard + # On arch, best seems to be copy your shadow file to a temp location, + # then passwd, get out the new pass, then copy the shadow file back. + + user=$1 + pwfile=$2 + if [[ $pwfile && -e $pwfile ]]; then + printf "$user:" | cat - "$pwfile" | $ROOTCMD chpasswd -e + else + echo "$0: warning: no pw set for $user" >&2 + fi +} +au() { # add user + if ! $ROOTCMD getent passwd ${@: -1}; then + $ROOTCMD useradd -m -s /bin/bash $@ + fi +} + +chpw root "$ROOTPW" +# 9 = user already exists. so we are idempotent. +au ian +chpw ian "$ROOTPW" + +au traci +if ifclass frodo; then + chpw traci "$TPW" +fi +# comparing ian's groups to traci, I see none she should join on arch +$ROOTCMD usermod -a -G traci ian # based on unison error, with 8192 from @@ -12,10 +55,10 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR f=$target/etc/sysctl.d/99-sysctl.conf key=fs.inotify.max_user_watches -if [[ -e $f ]]; then sed -ri "/^\s*$key\s*=/d" $f; fi +if [[ -e $f ]]; then sed -ri --follow-symlinks "/^\s*$key\s*=/d" $f; fi echo "fs.inotify.max_user_watches = 1000000" >> $f -# if we weren't rebooting, you could apply it now with: -# sysctl --system +# applies it. it would be also be applied after a reboot +$ROOTCMD sysctl --system f=$target/etc/sudoers line='ian ALL=(ALL) NOPASSWD: ALL' @@ -24,20 +67,19 @@ if [[ ! -e $f ]] || ! grep -xF "$line" $f; then fi -dir=/q/p/c/machine_specific/$HOSTNAME/.unison +dir=/p/c/machine_specific/$HOSTNAME/.unison $ROOTCMD mkdir -p $dir +if ! $ROOTCMD test -L /root/.unison; then + $ROOTCMD rm -rf /root/.unison + $ROOTCMD ln -s -T $dir /root/.unison +fi -$ROOTCMD rm -rf /root/.unison -$ROOTCMD ln -sf $dir /root -$ROOTCMD ln -sf /q/p / - +$ROOTCMD chown -R 1000:1000 $dir while true; do $ROOTCMD chown 1000:1000 $dir $ROOTCMD chmod 700 $dir dir=$(dirname $dir) - [[ $dir != /q ]] || break + if [[ $dir == /p ]]; then break; fi done -# kvm is normally created by some package, -# but unison doesn't like unknown groups, so make it now so initial sync works. -$ROOTCMD groupadd -r kvm || [[ $? == 9 ]] +au -s /bin/false --home-dir /var/lib/bitcoind bitcoin