X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=fai%2Fconfig%2Fscripts%2FGRUB_PC%2F11-iank;h=e27260e76065f0c77c02b71a8e8a8647bde33686;hb=b5aa031e877e295b016d26b01803a719feb7e051;hp=4ef74c38278b2e02c4aba688b242b1490af30cf0;hpb=f67d4b719356595b424aa3cd358abc79426583c5;p=automated-distro-installer diff --git a/fai/config/scripts/GRUB_PC/11-iank b/fai/config/scripts/GRUB_PC/11-iank index 4ef74c3..e27260e 100755 --- a/fai/config/scripts/GRUB_PC/11-iank +++ b/fai/config/scripts/GRUB_PC/11-iank @@ -27,6 +27,7 @@ fi fcopy -riB /boot # this is also done by FABASE/10-misc by default (without B) fcopy -riB /root +fcopy -riB /usr/local/bin src=$FAI/distro-install-common/shadow @@ -239,6 +240,8 @@ auto lo eth0 iface lo inet loopback iface eth0 inet static address 10.3.0.2/16 + +source-directory /etc/network/interfaces.d EOF fi @@ -249,6 +252,8 @@ auto lo eth0 iface lo inet loopback iface eth0 inet dhcp iface eth0 inet6 auto + +source-directory /etc/network/interfaces.d EOF # previously had an else condition after @@ -295,6 +300,8 @@ gateway fe80::1 iface eth0 inet6 static # from a requested /64 pool address 2600:3c00:e000:280::2/64 + +source-directory /etc/network/interfaces.d EOF fi fi @@ -323,24 +330,46 @@ chroot $FAI_ROOT bash <<'EOFOUTER' #### begin .ssh setup ### set -x set -eE -o pipefail -mkdir -p /home/iank/.ssh -f=/root/.ssh/authorized_keys -if [[ -e $f ]]; then - cp $f /home/iank/.ssh +if ! [[ -s /home/iank/.ssh/authorized_keys ]]; then + mkdir -p /home/iank/.ssh + f=/root/.ssh/authorized_keys + if [[ -e $f ]]; then + cp $f /home/iank/.ssh + fi + chown -R 1000:1000 /home/iank/.ssh + chmod -R u=Xrw,og= /home/iank/.ssh + rm -rf /root/.ssh + # remove broken symlinks or the following cp will fail + find /home/iank/.ssh -xtype l -exec rm '{}' \; + cp -rL /home/iank/.ssh /root + chown -R root:root /root/.ssh + chmod 700 /root/.ssh fi -chown -R 1000:1000 /home/iank/.ssh -chmod -R u=Xrw,og= /home/iank/.ssh -rm -rf /root/.ssh -# remove broken symlinks or the following cp will fail -find /home/iank/.ssh -xtype l -exec rm '{}' \; -cp -rL /home/iank/.ssh /root -chown -R root:root /root/.ssh -chmod 700 /root/.ssh -# https://ticktockhouse.svbtle.com/my-obligatory-ubuntu-ssh-agent-post + +# old link from +# # https://ticktockhouse.svbtle.com/my-obligatory-ubuntu-ssh-agent-post +# but that made a service that started too soon and didn't pick up our +# x env vars. instead, copy from the root ssh-agent just the +# appropriate things into a new service. +rm -f /home/iank/.config/systemd/user/default.target.wants/ssh-agent.service + +mkdir -p /home/iank/.local/share/systemd/user +cat >/home/iank/.local/share/systemd/user/sshaiank.service <<'EOF' +[Unit] +Description=OpenSSH User Agent +Documentation=man:ssh-agent(1) +[Service] +ExecStart=/usr/lib/openssh/agent-launch start +ExecStopPost=/usr/lib/openssh/agent-launch stop +[Install] +WantedBy=default.target +EOF +# enable it # systemctl --user is not available at fai time, so create the link ourselves -d=/home/iank/.config/systemd/user/default.target.wants -sudo -u iank mkdir -p $d -sudo -u iank ln -sf /usr/lib/systemd/user/ssh-agent.service $d +dir=/home/iank/.config/systemd/user/default.target.wants +mkdir -p $dir +ln -sf /home/iank/.local/share/systemd/user/sshaiank.service $dir + #### end .ssh setup ### ## duplicated in ssh-emacs-setup @@ -350,9 +379,9 @@ f=/etc/ssh/sshd_config grep -xFq "$line" $f || tee -a $f <<<"$line" -# default debian groups (jessie through buster) + adm, sudo, root -for g in cdrom floppy audio dip video plugdev netdev adm sudo; do - if getent gropu $g >/dev/null; then +# default debian groups (jessie through buster) + adm, sudo, root, admin +for g in cdrom floppy audio dip video plugdev netdev adm sudo admin; do + if getent group $g >/dev/null; then usermod -aG $g iank fi done