X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=fai%2Fconfig%2Fscripts%2FGRUB_PC%2F11-iank;h=29be58e2769532b0a803da8a1be9670d2d2fedd1;hb=21353fd35096ba6786c1bae3046b763bfeac5890;hp=ff65eb2e31ba29b2c359bac401b63a0362136e72;hpb=ac4e0089e245c96a388b8fcdd92fc05da3399694;p=automated-distro-installer

diff --git a/fai/config/scripts/GRUB_PC/11-iank b/fai/config/scripts/GRUB_PC/11-iank
index ff65eb2..29be58e 100755
--- a/fai/config/scripts/GRUB_PC/11-iank
+++ b/fai/config/scripts/GRUB_PC/11-iank
@@ -12,23 +12,20 @@ if ! type -t fcopy &>/dev/null; then
   sudo apt-get -y install fai-client
 fi
 
-chroot $FAI_ROOT bash <<'EOFOUTER'
-if getent group systemd-journal >/dev/null; then
-  # makes the journal be saved to disk.
-  mkdir -p /var/log/journal
-  chmod 755 /var/log/journal
+if [[ -e /a/bin/fai/fai-wrapper ]]; then
+  chroot() {
+    shift
+    "$@"
+  }
 fi
-debconf-set-selections <<EOF
-kexec-tools kexec-tools/load_kexec boolean false
-EOF
-apt-get install -y pxe-kexec
-EOFOUTER
+
+
 
 # -r = recursive
 # -i = ignore non-matching class warnings, always exit 0
 # -B = no backup files
 fcopy -riB /boot
-# this is also done by FABASE/10-misc by default.
+# this is also done by FABASE/10-misc by default (without B)
 fcopy -riB /root
 
 
@@ -41,27 +38,243 @@ if [[ ! -e $dst && -e $src ]]; then
 fi
 
 $FAI/distro-install-common/end
-if ifclass VOL_STRETCH_BOOTSTRAP; then
-  fcopy -ri /etc/systemd/system
-  chroot $FAI_ROOT bash <<'EOFOUTER'
-systemctl enable fai_check.service
-EOFOUTER
-  exit 0 # avoid unnecessary stuff in bootstrap vol
-fi
 
 
+
+### begin sources install + updates
 # these get copied in an earlier stage by fai, but leaving it here since
 # I run this as a single post-fai script to update things that have changed.
-fcopy -riB /etc/apt
+tmpfile1=$(mktemp)
+# this can fail if we need an apt update
+chroot $FAI_ROOT /usr/bin/apt-cache policy >$tmpfile1 ||:
+fcopy -riBM /etc/apt
+tmpfile2=$(mktemp)
+chroot $FAI_ROOT /usr/bin/apt-cache policy >$tmpfile2
+if ! diff -q $tmpfile1 $tmpfile2; then
+  chroot $FAI_ROOT /usr/bin/apt update
+fi
 # outside of fai, this seems to regularly lead to
 # E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
 # so add a sleep. 1 sec is probably way more than needed.
 sleep 1
-$ROOTCMD apt-get update
+f=$FAI_ROOT/var/cache/apt/pkgcache.bin
+if [[ ! -r $f ]] || (( $(( $(date +%s) - $(stat -c %Y $f ) )) > 60*60*2 )); then
+  i=0
+  while fuser $FAI_ROOT/var/lib/dpkg/lock &>/dev/null; do
+    sleep 1
+    i=$(( i+1 ))
+    if (( i > 300 )); then
+      echo "error: timed out waiting for /var/lib/dpkg/lock" >&2
+      exit 1
+    fi
+    $ROOTCMD apt-get update
+  done
+fi
+### end sources install + updates
+
+
+#### misc configurations
+chroot $FAI_ROOT bash <<'EOFOUTER'
+if getent group systemd-journal >/dev/null; then
+  # makes the journal be saved to disk.
+  mkdir -p /var/log/journal
+  chmod 755 /var/log/journal
+fi
+debconf-set-selections <<EOF
+kexec-tools kexec-tools/load_kexec boolean false
+EOF
+apt-get install -y pxe-kexec
+
+# this is usefull. Only thing reason I see this being disabled by default is
+# that a normal user can disrupt the system, eg cause a reboot.
+sed -i '$a kernel.sysrq=1
+/^kernel.sysrq=/d' /etc/sysctl.conf
+
+EOFOUTER
+
+
+if [[ $FAI_ACTION != dirinstall ]] && ! ifclass NOCRYPT; then
+  # luks options, see man systemd-cryptsetup-generator
+  # all i know is that with luks.crypttab=no, swap still timed out on boot.
+  # and with rd.luks.crypttab=no, it works.
+  if ifclass LINODE; then
+    speed=19200
+    cmdline="rd.luks.crypttab=no net.ifnames=0 console=ttyS0,${speed}n8"
+  else
+    speed=115200
+    cmdline="rd.luks.crypttab=no net.ifnames=0 console=ttyS0,${speed}n8 console=tty0"
+    case $HOSTNAME in
+      # https://wiki.archlinux.org/index.php/Solid_state_drive#Resolving_NCQ_errors
+      # evo-870 doesnt get along well with d16 with etiona
+      kd) cmdline+=" libata.force=5.00:noncq" ;;
+      # per rubens suggestion to make a d16 more stable
+      kd|kw) cmdline+=" pci=realloc=off" ;;
+    esac
+  fi
+
+  cat >$FAI_ROOT/etc/grub.d/40_custom <<EOF
+#!/bin/sh
+exec tail -n +3 \$0
+# This file provides an easy way to add custom menu entries.  Simply type the
+# menu entries you want to add after this comment.  Be careful not to change
+# the 'exec tail' line above.
+
+# https://www.coreboot.org/Serial_console # tty
+# but removed unneeded stuff
+
+serial --speed=$speed
+terminal_input --append  serial
+terminal_output --append serial
+EOF
+
+
+  chroot $FAI_ROOT bash <<EOF
+set -eE -o pipefail
+# https://askubuntu.com/questions/33416/how-do-i-disable-the-boot-splash-screen-and-only-show-kernel-and-boot-text-inst
+# we remove quiet and splash, and all thats left is what we want
+
+if grep -qF "$cmdline" /etc/default/grub; then
+  # already set things, exit
+  exit 0
+fi
+sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="$cmdline"/' /etc/default/grub
+# on xenial, no grub is displayed at all. fix that.
+# found just by noticing this in the config file, and a
+# warning about it in error.log
+sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub
+
+update-grub2
+EOF
+fi ##### end != dirinstall && != NOCRYPT
+
+
+###### begin network setup ####
+
+# use old names. the idea of them changing between boots has never
+# happened to me and I usually only have 1 wired or other type.
+# If I ever do need to care about it, I will.
+# Strangely this didn't work on kw, so I added kernel cmdline parameter.
+# https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
+ln -sf /dev/null $target/etc/systemd/network/99-default.link
 
 
-chroot $FAI_ROOT bash <<'EOF'
+# bitfolk installer handles the rest
+case $HOSTNAME in
+  bk|je) exit 0 ;;
+esac
+
+
+# use networkmanager if this host has wireless.
+if type -p iw &>/dev/null && [[ $(iw dev) ]]; then
+  chroot $FAI_ROOT bash <<EOF
+apt-get -y install network-manager
+EOF
+
+  # allow networkmanager to manage interfaces
+  #https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1638842
+  touch $target/etc/NetworkManager/conf.d/10-globally-managed-devices.conf
+  # in a default desktop install, it looks like netplan creates this file under
+  # run/NetworkManager/conf.d in early boot.
+
+  # By default, dns=default is set in etiona, and dns is just broken.
+  # Maybe with resolvconf it would work, but theres no need for that.
+  # https://wiki.gnome.org/Projects/NetworkManager/DNS
+  cat >$target/etc/NetworkManager/conf.d/99-iank.conf <<'EOF'
+[main]
+dns=systemd-resolved
+EOF
+  if [[ $HOSTNAME == frodo ]]; then
+    cat > $target/etc/network/interfaces <<-EOF
+# generated by FAI
+auto lo eth0
+iface lo inet loopback
+iface eth0 inet static
+address 10.3.0.2/16
+EOF
+  fi
+
+else
+  cat > $target/etc/network/interfaces <<-EOF
+# generated by FAI
+auto lo eth0
+iface lo inet loopback
+iface eth0 inet dhcp
+iface eth0 inet6 auto
+EOF
+
+  # previously had an else condition after
+  #elif ifclass VM || ifclass LINODE; then
+  # iface $NIC1 inet manual
+  # iface br0 inet dhcp
+  #   bridge_ports $NIC1
+  #   bridge_stp off
+  #   bridge_maxwait 0
+  # however, on t9, on startup, br0, became
+  # rename1 and didn't come up. i dunno why,
+  # but the bridge is for vms that I rarely use,
+  # so not bothering to figure it out.
+
+
+fi
+
+if ifclass LINODE; then
+  mkdir -p $target/etc/initramfs-tools/conf.d
+  cat >$target/etc/initramfs-tools/conf.d/mine <<EOF
+# dhcp in initramfs doesn't work on linode. i dunno why, whatever.
+# man 5 initramfs.conf
+# /usr/share/doc/klibc-utils/README.ipconfig.gz
+# /usr/share/initramfs-tools/scripts/functions
+IP=$linode_ip::$linode_gw:255.255.255.0::eth0:off
+EOF
+
+
+  if [[ $HOSTNAME == li ]]; then
+
+    cat > $target/etc/network/interfaces <<-EOF
+# generated by FAI
+auto lo eth0
+iface lo inet loopback
+iface eth0 inet dhcp
+# for the standard network config, uncomment this and comment the lines after it.
+#iface eth0 inet6 auto
+
+iface eth0 inet6 static
+# this is really a /128. it seems like we need to assign it for ipv6 to work.
+address 2600:3c00::f03c:91ff:fe6d:baf8/64
+gateway fe80::1
+
+iface eth0 inet6 static
+# from a requested /64 pool
+address 2600:3c00:e000:280::2/64
+EOF
+  fi
+
+fi
+
+# I prefer to stick with ifup/down for now. a. networkd is not in its
+# own package, so cant use in other init systems. b. it works fine.
+chroot $FAI_ROOT bash <<EOF
+systemctl disable systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
+systemctl mask systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
+EOF
+
+##### end network setup  #####
+
+
+if ifclass VOL_BUSTER_BOOTSTRAP; then
+  fcopy -riM /etc/systemd/system
+  chroot $FAI_ROOT bash <<'EOFOUTER'
+systemctl enable fai_check.service
+EOFOUTER
+  exit 0 # avoid unnecessary stuff in bootstrap vol
+fi
+
+
+
+## misc settings
+chroot $FAI_ROOT bash <<'EOFOUTER'
 #### begin .ssh setup ###
+set -x
 set -eE -o pipefail
 mkdir -p /home/iank/.ssh
 f=/root/.ssh/authorized_keys
@@ -76,55 +289,43 @@ find /home/iank/.ssh -xtype l -exec rm '{}' \;
 cp -rL /home/iank/.ssh /root
 chown -R root:root /root/.ssh
 chmod 700 /root/.ssh
+# https://ticktockhouse.svbtle.com/my-obligatory-ubuntu-ssh-agent-post
+# systemctl --user is not available at fai time, so create the link ourselves
+d=/home/iank/.config/systemd/user/default.target.wants
+sudo -u iank mkdir -p $d
+sudo -u iank ln -sf /usr/lib/systemd/user/ssh-agent.service $d
 #### end .ssh setup ###
 
-# this is needed to enable resolvconf, making /etc/resolv.conf be a symlink.
-# why? i dun know, it\'s really  dumb.
-dpkg-reconfigure -fnoninteractive resolvconf
+## duplicated in ssh-emacs-setup
+# done here so its setup earlier for convenience
+line='AcceptEnv INSIDE_EMACS BRC COLUMNS'
+f=/etc/ssh/sshd_config
+grep -xFq "$line" $f || tee -a $f <<<"$line"
+
 
-# default jessie groups + kvm, systemd-journal, adm
-usermod -aG adm,cdrom,floppy,sudo,audio,dip,video,plugdev,netdev iank
+# default debian groups (jessie through buster) + adm, sudo, root
+for g in cdrom floppy audio dip video plugdev netdev adm sudo; do
+  if getent gropu $g >/dev/null; then
+    usermod -aG $g iank
+  fi
+done
 
 if getent group systemd-journal >/dev/null; then
   usermod -aG systemd-journal iank
 fi
+EOFOUTER
 
-
-# this is usefull. Only thing reason I see this being disabled by default is
-# that a normal user can disrupt the system, eg cause a reboot.
-sed -i '$a kernel.sysrq=1
-/^kernel.sysrq=/d' /etc/sysctl.conf
-EOF
-
-
-if [[ $FAI_ACTION != dirinstall ]]; then
-
-  cat >$FAI_ROOT/etc/grub.d/40_custom <<'EOF'
-# https://www.coreboot.org/Serial_console
-# but removed unneeded stuff
-
-serial --speed=115200
-terminal_input --append  serial
-terminal_output --append serial
-EOF
-
-   chroot $FAI_ROOT bash <<'EOF'
-   # https://askubuntu.com/questions/33416/how-do-i-disable-the-boot-splash-screen-and-only-show-kernel-and-boot-text-inst
-   # it suggests not having plymouth-theme-ubuntu-text, but
-   # making it not installed then kills plymouth, then makes
-   # the system not boot.
-   sed -ri 's/(^ *GRUB_CMDLINE_LINUX.*)quiet splash/\1/' /etc/default/grub
-   # on xenial, no grub is displayed at all. fix that.
-   # found just by noticing this in the config file, and a
-   # warning about it in error.log
-   sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub
-
-   update-grub2
-EOF
+rm -f $target/etc/resolv.conf
+ln -s ../run/systemd/resolve/stub-resolv.conf $target/etc/resolv.conf
+# needed for bitfolk image
+if [[ -e /a/bin/fai/fai-wrapper ]]; then
+  systemctl enable systemd-resolved
+  systemctl start systemd-resolved
 fi
 
 
-# reading through the groups that iank is in but traci isn't,
+
+# reading through the groups that iank is in but user2 isn't,
 for g in plugdev audio video cdrom; do
-    $ROOTCMD usermod -a -G $g traci
+  $ROOTCMD usermod -a -G $g user2
 done