X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=fai%2Fconfig%2Fscripts%2FGRUB_PC%2F11-iank;h=eb315ce83b872345b01a1160452302414835f712;hb=174c1cfe0febff17f3bd75dc7d3c6ce2731e9bd2;hp=8143d4e5718b1acc9a479215c34d1a7a07e9b76b;hpb=6315fdaa029f0f107d98fde18ab584f958e06108;p=automated-distro-installer diff --git a/fai/config/scripts/GRUB_PC/11-iank b/fai/config/scripts/GRUB_PC/11-iank index 8143d4e..eb315ce 100755 --- a/fai/config/scripts/GRUB_PC/11-iank +++ b/fai/config/scripts/GRUB_PC/11-iank @@ -27,6 +27,7 @@ fi fcopy -riB /boot # this is also done by FABASE/10-misc by default (without B) fcopy -riB /root +fcopy -riB /usr/local/bin src=$FAI/distro-install-common/shadow @@ -239,6 +240,8 @@ auto lo eth0 iface lo inet loopback iface eth0 inet static address 10.3.0.2/16 + +source-directory /etc/network/interfaces.d EOF fi @@ -249,6 +252,8 @@ auto lo eth0 iface lo inet loopback iface eth0 inet dhcp iface eth0 inet6 auto + +source-directory /etc/network/interfaces.d EOF # previously had an else condition after @@ -295,6 +300,8 @@ gateway fe80::1 iface eth0 inet6 static # from a requested /64 pool address 2600:3c00:e000:280::2/64 + +source-directory /etc/network/interfaces.d EOF fi fi @@ -309,7 +316,7 @@ EOF ##### end network setup ##### -if ifclass VOL_BUSTER_BOOTSTRAP; then +if ifclass VOL_BULLSEYE_BOOTSTRAP; then fcopy /etc/systemd/system/faicheck.service chroot $FAI_ROOT bash <<'EOFOUTER' systemctl enable faicheck.service @@ -323,24 +330,32 @@ chroot $FAI_ROOT bash <<'EOFOUTER' #### begin .ssh setup ### set -x set -eE -o pipefail -mkdir -p /home/iank/.ssh -f=/root/.ssh/authorized_keys -if [[ -e $f ]]; then - cp $f /home/iank/.ssh +if ! [[ -s /home/iank/.ssh/authorized_keys ]]; then + mkdir -p /home/iank/.ssh + f=/root/.ssh/authorized_keys + if [[ -e $f ]]; then + cp $f /home/iank/.ssh + fi + chown -R 1000:1000 /home/iank/.ssh + chmod -R u=Xrw,og= /home/iank/.ssh + rm -rf /root/.ssh + # remove broken symlinks or the following cp will fail + find /home/iank/.ssh -xtype l -exec rm '{}' \; + cp -rL /home/iank/.ssh /root + chown -R root:root /root/.ssh + chmod 700 /root/.ssh fi -chown -R 1000:1000 /home/iank/.ssh -chmod -R u=Xrw,og= /home/iank/.ssh -rm -rf /root/.ssh -# remove broken symlinks or the following cp will fail -find /home/iank/.ssh -xtype l -exec rm '{}' \; -cp -rL /home/iank/.ssh /root -chown -R root:root /root/.ssh -chmod 700 /root/.ssh -# https://ticktockhouse.svbtle.com/my-obligatory-ubuntu-ssh-agent-post -# systemctl --user is not available at fai time, so create the link ourselves -d=/home/iank/.config/systemd/user/default.target.wants -sudo -u iank mkdir -p $d -sudo -u iank ln -sf /usr/lib/systemd/user/ssh-agent.service $d + +# old link from +# # https://ticktockhouse.svbtle.com/my-obligatory-ubuntu-ssh-agent-post +# but that made a service that started too soon and didn't pick up our +# x env vars. instead, copy from the root ssh-agent just the +# appropriate things into a new service. +rm -f /home/iank/.config/systemd/user/default.target.wants/ssh-agent.service + +rm -f /home/iank/.local/share/systemd/user/sshaiank.service \ + /home/iank/.config/systemd/user/default.target.wants/sshaiank.service + #### end .ssh setup ### ## duplicated in ssh-emacs-setup @@ -350,9 +365,9 @@ f=/etc/ssh/sshd_config grep -xFq "$line" $f || tee -a $f <<<"$line" -# default debian groups (jessie through buster) + adm, sudo, root -for g in cdrom floppy audio dip video plugdev netdev adm sudo; do - if getent gropu $g >/dev/null; then +# default debian groups (jessie through buster) + adm, root, admin +for g in cdrom floppy audio dip video plugdev netdev adm sudo admin; do + if getent group $g >/dev/null; then usermod -aG $g iank fi done