X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=fai%2Fconfig%2Fscripts%2FFSF%2F11-iank;h=8a33d6f70edd1c614089bcdb88844d755d8d01d7;hb=137ffae7de84a51c4b438ccf2fb50f5571f522a6;hp=7e94a409d2597ffb45c2eafbfb508460ec1f1b3b;hpb=4abbc67ed68213ec94fcf5970d3e34661967a87c;p=automated-distro-installer

diff --git a/fai/config/scripts/FSF/11-iank b/fai/config/scripts/FSF/11-iank
index 7e94a40..8a33d6f 100755
--- a/fai/config/scripts/FSF/11-iank
+++ b/fai/config/scripts/FSF/11-iank
@@ -9,106 +9,11 @@ if [[ $EUID != 0 ]]; then
 fi
 
 
-# -r = recursive
-# -i = ignore non-matching class warnings, always exit 0
-# -B = no backup files
-fcopy -riBM /boot
+sed 's/^/root:/' $FAI/distro-install-common/shadow/community0p | $ROOTCMD chpasswd -e
 
-
-
-chpw() {
-  # generating a hashed password:
-  # under debian, you can do
-  # mkpasswd -m sha-512 -s >/q/root/shadow/standard
-  # On arch, best seems to be copy your shadow file to a temp location,
-  # then passwd, get out the new pass, then copy the shadow file back.
-
-  user=$1
-  pwfile=$2
-  if [[ $pwfile && -e $pwfile ]]; then
-    printf "$user:" | cat - "$pwfile" | $ROOTCMD chpasswd -e
-  else
-    echo "$0: warning: no pw set for $user" >&2
-  fi
-}
-
-chpw root $FAI/distro-install-common/shadow/community0p
-
-
-#### misc configurations
-chroot $FAI_ROOT bash <<'EOFOUTER'
-if getent group systemd-journal >/dev/null; then
-  # makes the journal be saved to disk.
-  mkdir -p /var/log/journal
-  chmod 755 /var/log/journal
-fi
-debconf-set-selections <<EOF
-kexec-tools kexec-tools/load_kexec boolean false
-EOF
-apt-get install -y pxe-kexec
-
-# this is usefull. Only thing reason I see this being disabled by default is
-# that a normal user can disrupt the system, eg cause a reboot.
-sed -i '$a kernel.sysrq=1
-/^kernel.sysrq=/d' /etc/sysctl.conf
-
-EOFOUTER
-
-speed=115200
-cmdline="rd.luks.crypttab=no net.ifnames=0 console=ttyS0,${speed}n8 console=tty0"
-
-# per rubens suggestion to make a d16 more stable
-cmdline+=" pci=realloc=off"
-
-cat >$FAI_ROOT/etc/grub.d/40_custom <<EOF
-#!/bin/sh
-exec tail -n +3 \$0
-# This file provides an easy way to add custom menu entries.  Simply type the
-# menu entries you want to add after this comment.  Be careful not to change
-# the 'exec tail' line above.
-
-# https://www.coreboot.org/Serial_console # tty
-# but removed unneeded stuff
-
-serial --speed=$speed
-terminal_input --append  serial
-terminal_output --append serial
-EOF
-
-
-chroot $FAI_ROOT bash <<EOF
-set -eE -o pipefail
-# https://askubuntu.com/questions/33416/how-do-i-disable-the-boot-splash-screen-and-only-show-kernel-and-boot-text-inst
-
-sed -ri 's/(^GRUB_CMDLINE_LINUX_DEFAULT=")quiet/\1/;s/^(GRUB_CMDLINE_LINUX_DEFAULT=".*) quiet([ "])/\1\2/' /etc/default/grub
-sed -ri 's/(^GRUB_CMDLINE_LINUX_DEFAULT=")splash/\1/;s/^(GRUB_CMDLINE_LINUX_DEFAULT=".*) splash([ "])/\1\2/' /etc/default/grub
-
-for arg in $cmdline; do
-  if ! grep "^GRUB_CMDLINE_LINUX_DEFAULT=.*[\" ]${arg//./\\.}[\" ]" /etc/default/grub; then
-    sed -ri "s/^GRUB_CMDLINE_LINUX_DEFAULT=\"(.*)/GRUB_CMDLINE_LINUX_DEFAULT=\"$arg \1/" /etc/default/grub
-  fi
-done
-
-if grep -qF "$cmdline" /etc/default/grub; then
-  # already set things, exit
-  exit 0
-fi
-sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="$cmdline"/' /etc/default/grub
-# on xenial, no grub is displayed at all. fix that.
-# found just by noticing this in the config file, and a
-# warning about it in error.log
-sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub
-
-if type -P update-grub2 &>/dev/null; then
-  update-grub2
-else
-  update-grub
-fi
-
-EOF
-
-
-  cat > $target/etc/network/interfaces <<-EOF
+# todo, need to set static ip here
+if ifclass demohost; then
+  cat > $target/etc/network/interfaces <<EOF
 # generated by FAI
 auto lo eth0
 iface lo inet loopback
@@ -117,139 +22,111 @@ iface eth0 inet6 auto
 
 source-directory /etc/network/interfaces.d
 EOF
+else
+  ip6=$(getent ahosts $HOSTNAME |grep ^2001.*RAW| sed 's/ .*//' ||:)
+  gateway6=2001:470:142::1
 
-  # previously had an else condition after
-  #elif ifclass VM || ifclass LINODE; then
-  # iface $NIC1 inet manual
-  # iface br0 inet dhcp
-  #   bridge_ports $NIC1
-  #   bridge_stp off
-  #   bridge_maxwait 0
-  # however, on t9, on startup, br0, became
-  # rename1 and didn't come up. i dunno why,
-  # but the bridge is for vms that I rarely use,
-  # so not bothering to figure it out.
-
-
-
-
-if ifclass LINODE; then
-  mkdir -p $target/etc/initramfs-tools/conf.d
-  cat >$target/etc/initramfs-tools/conf.d/mine <<EOF
-# dhcp in initramfs doesn't work on linode. i dunno why, whatever.
-# man 5 initramfs.conf
-# /usr/share/doc/klibc-utils/README.ipconfig.gz
-# /usr/share/initramfs-tools/scripts/functions
-IP=$linode_ip::$linode_gw:255.255.255.0::eth0:off
-EOF
-
-
-  if [[ $HOSTNAME == li ]]; then
+  # todo: this needs adjustment per machine
+  internal_ip=10.0.0.25/16
 
-    cat > $target/etc/network/interfaces <<-EOF
-# generated by FAI
-auto lo eth0
+  if ip l show dev bond0 &>/dev/null; then
+    cat >$target/etc/network/interfaces <<EOF
+auto lo
 iface lo inet loopback
-iface eth0 inet dhcp
-# for the standard network config, uncomment this and comment the lines after it.
-#iface eth0 inet6 auto
 
-iface eth0 inet6 static
-# this is really a /128. it seems like we need to assign it for ipv6 to work.
-address 2600:3c00::f03c:91ff:fe6d:baf8/64
-gateway fe80::1
+auto eth0
+allow-bond eth0
+iface eth0 inet manual
+  bond-master bond0
+
+auto eth1
+allow-bond eth1
+iface eth1 inet manual
+  bond-master bond0
+
+auto bond0
+iface bond0 inet static
+  bond-slaves none
+  bond-mode 0
+  bond-miimon 100
+  address $internal_ip
+  pre-up ip link add link bond0 name macvtap-bond0 type macvtap mode bridge
+# no iptables files exist yet
+#  post-up iptables-restore < /etc/default/iptables ; ip6tables-restore < /etc/default/ip6tables || :
+
+auto macvtap-bond0
+iface macvtap-bond0 inet static
+  address $CIDR
+  gateway $GATEWAYS
+  post-up ip a add $internal_ip broadcast 10.0.255.255 dev macvtap-bond0
 
-iface eth0 inet6 static
-# from a requested /64 pool
-address 2600:3c00:e000:280::2/64
-
-source-directory /etc/network/interfaces.d
 EOF
-  fi
-fi
 
-# I prefer to stick with ifup/down for now. a. networkd is not in its
-# own package, so cant use in other init systems. b. it works fine.
-chroot $FAI_ROOT bash <<EOF
-systemctl disable systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
-systemctl mask systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
+    # I'm not sure ipv6 works well with the macvtap stuff. todo: research.
+    # anyways, other kvm hosts dont have it enabled.
+    if false && [[ $ip6 ]]; then
+      cat >>$target/etc/network/interfaces <<EOF
+iface bond0 inet6 static
+  pre-up echo 0 > /proc/sys/net/ipv6/conf/bond0/accept_dad
+  address $ip6
+  netmask 48
+  gateway $gateway6
 EOF
+    fi
 
-##### end network setup  #####
-
-
-if ifclass VOL_BULLSEYE_BOOTSTRAP; then
-  fcopy /etc/systemd/system/faicheck.service
-  chroot $FAI_ROOT bash <<'EOFOUTER'
-systemctl enable faicheck.service
-EOFOUTER
-  exit 0 # avoid unnecessary stuff in bootstrap vol
-fi
+  else
+    cat > $target/etc/network/interfaces <<EOF
+auto lo
+iface lo inet loopback
 
+auto eth0
+iface eth0 inet static
+address $CIDR
+gateway $GATEWAYS
+EOF
 
-## misc settings
-chroot $FAI_ROOT bash <<'EOFOUTER'
-#### begin .ssh setup ###
-set -x
-set -eE -o pipefail
-if ! [[ -s /home/iank/.ssh/authorized_keys ]]; then
-  mkdir -p /home/iank/.ssh
-  f=/root/.ssh/authorized_keys
-  if [[ -e $f ]]; then
-     cp $f /home/iank/.ssh
+    if [[ $ip6 ]]; then
+      cat >>$target/etc/network/interfaces <<EOF
+iface eth0 inet6 static
+pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_dad
+address $ip6
+netmask 48
+gateway $gateway6
+EOF
+    fi
   fi
-  chown -R 1000:1000 /home/iank/.ssh
-  chmod -R u=Xrw,og= /home/iank/.ssh
-  rm -rf /root/.ssh
-  # remove broken symlinks or the following cp will fail
-  find /home/iank/.ssh -xtype l -exec rm '{}' \;
-  cp -rL /home/iank/.ssh /root
-  chown -R root:root /root/.ssh
-  chmod 700 /root/.ssh
 fi
 
-# old link from
-# # https://ticktockhouse.svbtle.com/my-obligatory-ubuntu-ssh-agent-post
-# but that made a service that started too soon and didn't pick up our
-# x env vars. instead, copy from the root ssh-agent just the
-# appropriate things into a new service.
-rm -f /home/iank/.config/systemd/user/default.target.wants/ssh-agent.service
-
-rm -f /home/iank/.local/share/systemd/user/sshaiank.service \
-  /home/iank/.config/systemd/user/default.target.wants/sshaiank.service
-
-#### end .ssh setup ###
+# previously had an else condition after
+#elif ifclass VM || ifclass LINODE; then
+# iface $NIC1 inet manual
+# iface br0 inet dhcp
+#   bridge_ports $NIC1
+#   bridge_stp off
+#   bridge_maxwait 0
+# however, on t9, on startup, br0, became
+# rename1 and didn't come up. i dunno why,
+# but the bridge is for vms that I rarely use,
+# so not bothering to figure it out.
 
-## duplicated in ssh-emacs-setup
-# done here so its setup earlier for convenience
-line='AcceptEnv INSIDE_EMACS BRC COLUMNS'
-f=/etc/ssh/sshd_config
-grep -xFq "$line" $f || tee -a $f <<<"$line"
 
+##### end network setup  #####
 
-# default debian groups (jessie through buster) + adm, root, admin
-for g in cdrom floppy audio dip video plugdev netdev adm sudo admin; do
-  if getent group $g >/dev/null; then
-    usermod -aG $g iank
-  fi
-done
-
-if getent group systemd-journal >/dev/null; then
-  usermod -aG systemd-journal iank
-fi
-EOFOUTER
-
+# note: systemd-resolved + ifupdown causes networking.service to fail in t11,
+# https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1907878
+systemctl disable systemd-resolved
+# rm first to remove any symlink
 rm -f $target/etc/resolv.conf
-ln -s ../run/systemd/resolve/stub-resolv.conf $target/etc/resolv.conf
-# needed for bitfolk image
-if [[ -e /a/bin/fai/fai-wrapper ]]; then
-  systemctl enable systemd-resolved
-  systemctl start systemd-resolved
-fi
-
-
 
-# reading through the groups that iank is in but user2 isn't,
-for g in plugdev audio video cdrom; do
-  $ROOTCMD usermod -a -G $g user2
-done
+if ifclass demohost || [[ $GATEWAYS != 209.51.188.* ]]; then
+  cat >$target/etc/resolv.conf <<'EOF'
+nameserver 8.8.8.8
+EOF
+else
+  cat >$target/etc/resolv.conf <<'EOF'
+domain fsf.org
+search fsf.org
+nameserver 209.51.188.16
+nameserver 209.51.188.27
+EOF
+fi