X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=fai%2Fconfig%2Fscripts%2FGRUB_PC%2F11-iank;h=1849d60299660a467be6e79cfd3257d6be068638;hb=955824332a28a4b7dc6683808274bd6302c7ead1;hp=b0392278c97b34e6976d5323805926e8207583ea;hpb=45a2a286083772abc0688e663a6ecc68af0a8d0e;p=automated-distro-installer

diff --git a/fai/config/scripts/GRUB_PC/11-iank b/fai/config/scripts/GRUB_PC/11-iank
index b039227..1849d60 100755
--- a/fai/config/scripts/GRUB_PC/11-iank
+++ b/fai/config/scripts/GRUB_PC/11-iank
@@ -19,18 +19,7 @@ if [[ -e /a/bin/fai/fai-wrapper ]]; then
   }
 fi
 
-chroot $FAI_ROOT bash <<'EOFOUTER'
-set -eE -o pipefail
-if getent group systemd-journal >/dev/null; then
-  # makes the journal be saved to disk.
-  mkdir -p /var/log/journal
-  chmod 755 /var/log/journal
-fi
-debconf-set-selections <<EOF
-kexec-tools kexec-tools/load_kexec boolean false
-EOF
-apt-get install -y pxe-kexec
-EOFOUTER
+
 
 # -r = recursive
 # -i = ignore non-matching class warnings, always exit 0
@@ -49,6 +38,9 @@ if [[ ! -e $dst && -e $src ]]; then
 fi
 
 $FAI/distro-install-common/end
+
+
+
 if ifclass VOL_STRETCH_BOOTSTRAP; then
   fcopy -riM /etc/systemd/system
   chroot $FAI_ROOT bash <<'EOFOUTER'
@@ -60,7 +52,15 @@ fi
 
 # these get copied in an earlier stage by fai, but leaving it here since
 # I run this as a single post-fai script to update things that have changed.
+tmpfile1=$(mktemp)
+chroot $FAI_ROOT /usr/bin/apt-cache policy >$tmpfile1
 fcopy -riBM /etc/apt
+tmpfile2=$(mktemp)
+chroot $FAI_ROOT /usr/bin/apt-cache policy >$tmpfile2
+if ! diff -q $tmpfile1 $tmpfile2; then
+  chroot $FAI_ROOT /usr/bin/apt update
+fi
+
 # outside of fai, this seems to regularly lead to
 # E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
 # so add a sleep. 1 sec is probably way more than needed.
@@ -80,7 +80,20 @@ if [[ ! -r $f ]] || (( $(( $(date +%s) - $(stat -c %Y $f ) )) > 60*60*2 )); then
 fi
 
 
-chroot $FAI_ROOT bash <<'EOF'
+
+#### misc configurations
+chroot $FAI_ROOT bash <<'EOFOUTER'
+if getent group systemd-journal >/dev/null; then
+  # makes the journal be saved to disk.
+  mkdir -p /var/log/journal
+  chmod 755 /var/log/journal
+fi
+debconf-set-selections <<EOF
+kexec-tools kexec-tools/load_kexec boolean false
+EOF
+apt-get install -y pxe-kexec
+
+
 #### begin .ssh setup ###
 set -x
 set -eE -o pipefail
@@ -104,17 +117,16 @@ sudo -u iank mkdir -p $d
 sudo -u iank ln -sf /usr/lib/systemd/user/ssh-agent.service $d
 #### end .ssh setup ###
 
-### duplicated in ssh-emacs-setup
+
+## duplicated in ssh-emacs-setup
 # done here so its setup earlier for convenience
 line='AcceptEnv INSIDE_EMACS BRC COLUMNS'
 f=/etc/ssh/sshd_config
 grep -xFq "$line" $f || tee -a $f <<<"$line"
 
 
-
-
-# default jessie groups + kvm, systemd-journal, adm
-for g in adm cdrom floppy sudo audio dip video plugdev netdev; do
+# default debian groups (jessie through buster) + adm, sudo, root
+for g in cdrom floppy audio dip video plugdev netdev adm sudo; do
   if getent gropu $g >/dev/null; then
     usermod -aG $g iank
   fi
@@ -129,12 +141,25 @@ fi
 # that a normal user can disrupt the system, eg cause a reboot.
 sed -i '$a kernel.sysrq=1
 /^kernel.sysrq=/d' /etc/sysctl.conf
-EOF
+EOFOUTER
+
 
+rm -f $target/etc/resolv.conf
+ln -s ../run/systemd/resolve/stub-resolv.conf $target/etc/resolv.conf
+# needed for bitfolk image
+if [[ -e /a/bin/fai/fai-wrapper ]]; then
+  systemctl enable systemd-resolved
+  systemctl start systemd-resolved
+fi
 
-if [[ $FAI_ACTION != dirinstall ]]; then
 
+# bitfolk installer handles the rest
+case $HOSTNAME in
+  bk|je) exit 0 ;;
+esac
 
+
+if [[ $FAI_ACTION != dirinstall ]] && ! ifclass NOCRYPT; then
   # luks options, see man systemd-cryptsetup-generator
   # all i know is that with luks.crypttab=no, swap still timed out on boot.
   # and with rd.luks.crypttab=no, it works.
@@ -143,7 +168,11 @@ if [[ $FAI_ACTION != dirinstall ]]; then
     cmdline="rd.luks.crypttab=no net.ifnames=0 console=ttyS0,${speed}n8"
   else
     speed=115200
-   cmdline="rd.luks.crypttab=no net.ifnames=0 console=ttyS0,${speed}n8 console=tty0"
+    cmdline="rd.luks.crypttab=no net.ifnames=0 console=ttyS0,${speed}n8 console=tty0"
+    case $HOSTNAME in
+      # per rubens suggestion to make a d16 more stable
+      kd|kw) cmdline+=" pci=realloc=off" ;;
+    esac
   fi
 
   cat >$FAI_ROOT/etc/grub.d/40_custom <<EOF
@@ -179,7 +208,7 @@ sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub
 
 update-grub2
 EOF
-fi # end != dirinstall
+fi ##### end != dirinstall && != NOCRYPT
 
 
 # reading through the groups that iank is in but user2 isn't,
@@ -188,7 +217,8 @@ for g in plugdev audio video cdrom; do
 done
 
 
-## begin network setup
+
+###### begin network setup ####
 
 # use old names. the idea of them changing between boots has never
 # happened to me and I usually only have 1 wired or other type.
@@ -198,7 +228,8 @@ done
 ln -sf /dev/null $target/etc/systemd/network/99-default.link
 
 # use networkmanager if this host has wireless.
-if [[ $(iw dev) ]]; then
+
+if type -p iw &>/dev/null && [[ $(iw dev) ]]; then
   chroot $FAI_ROOT bash <<EOF
 apt-get -y install network-manager
 EOF
@@ -226,16 +257,17 @@ iface eth0 inet dhcp
 iface eth0 inet6 auto
 EOF
 
-# previously had an else condition after
-#elif ifclass VM || ifclass LINODE; then
-# iface br0 inet dhcp
-#   bridge_ports $NIC1
-#   bridge_stp off
-#   bridge_maxwait 0
-# however, on t9, on startup, br0, became
-# rename1 and didn't come up. i dunno why,
-# but the bridge is for vms that I rarely use,
-# so not bothering to figure it out.
+  # previously had an else condition after
+  #elif ifclass VM || ifclass LINODE; then
+  # iface $NIC1 inet manual
+  # iface br0 inet dhcp
+  #   bridge_ports $NIC1
+  #   bridge_stp off
+  #   bridge_maxwait 0
+  # however, on t9, on startup, br0, became
+  # rename1 and didn't come up. i dunno why,
+  # but the bridge is for vms that I rarely use,
+  # so not bothering to figure it out.
 
 
 fi
@@ -249,6 +281,29 @@ if ifclass LINODE; then
 # /usr/share/initramfs-tools/scripts/functions
 IP=$linode_ip::$linode_gw:255.255.255.0::eth0:off
 EOF
+
+
+  if [[ $HOSTNAME == li ]]; then
+
+    cat > $target/etc/network/interfaces <<-EOF
+# generated by FAI
+auto lo eth0
+iface lo inet loopback
+iface eth0 inet dhcp
+# for the standard network config, uncomment this and comment the lines after it.
+#iface eth0 inet6 auto
+
+iface eth0 inet6 static
+# this is really a /128. it seems like we need to assign it for ipv6 to work.
+address 2600:3c00::f03c:91ff:fe6d:baf8/64
+gateway fe80::1
+
+iface eth0 inet6 static
+# from a requested /64 pool
+address 2600:3c00:e000:280::2/64
+EOF
+  fi
+
 fi
 
 # I prefer to stick with ifup/down for now. a. networkd is not in its
@@ -258,5 +313,4 @@ systemctl disable systemd-networkd.socket systemd-networkd networkd-dispatcher s
 systemctl mask systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
 EOF
 
-
-## end network setup
+##### end network setup  #####