0642cf3be216ca9427cdc4c6a178bc76e0ce0d71
[automated-distro-installer] / fai / config / distro-install-common / end
1 #!/bin/bash -x
2
3 set -eE -o pipefail
4 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
5
6 if [[ $EUID != 0 ]]; then
7 echo "$0: error: expected to be root."
8 exit 1
9 fi
10
11 # ssh host keys
12 # note, $BASH_SOURCE is not defined here under fai.
13 src=$(dirname "$0")/p/c/machine_specific/$HOSTNAME/filesystem/etc/ssh
14 dst=$target/etc/ssh
15 if [[ -e $src && -e $dst ]]; then
16 # outside of fai context, we skip this
17 cp -rT $src $dst
18 fi
19
20 if ifclass VOL_STRETCH_BOOTSTRAP; then
21 exit 0
22 fi
23
24 TPW=/q/root/shadow/traci-simple
25 if ifclass tp; then
26 ROOTPW="$TPW"
27 else
28 ROOTPW=/q/root/shadow/standard
29 fi
30
31 chpw() {
32 # generating a hashed password:
33 # under debian, you can do
34 # mkpasswd -m sha-512 -s >/q/root/shadow/standard
35 # On arch, best seems to be copy your shadow file to a temp location,
36 # then passwd, get out the new pass, then copy the shadow file back.
37
38 user=$1
39 pwfile=$2
40 if [[ $pwfile && -e $pwfile ]]; then
41 printf "$user:" | cat - "$pwfile" | $ROOTCMD chpasswd -e
42 else
43 echo "$0: warning: no pw set for $user" >&2
44 fi
45 }
46 au() { # add user
47 if ! $ROOTCMD getent passwd ${@: -1}; then
48 $ROOTCMD useradd -m -s /bin/bash $@
49 fi
50 }
51
52 chpw root "$ROOTPW"
53 # 9 = user already exists. so we are idempotent.
54 au iank
55 chpw iank "$ROOTPW"
56
57 au traci
58 if ifclass frodo; then
59 chpw traci "$TPW"
60 fi
61 # comparing iank's groups to traci, I see none she should join on arch
62 $ROOTCMD usermod -a -G traci iank
63
64 $ROOTCMD getent group docker &>/dev/null || $ROOTCMD groupadd -r docker
65 $ROOTCMD usermod -a -G docker iank
66
67 # based on unison error, with 8192 from
68 # sysctl -a | grep fs.inotify.max_user_watches
69 #http://stackoverflow.com/questions/535768/what-is-a-reasonable-amount-of-inotify-watches-with-linux
70
71 f=$target/etc/sysctl.d/99-sysctl.conf
72 key=fs.inotify.max_user_watches
73 if [[ -e $f ]]; then sed -ri --follow-symlinks "/^\s*$key\s*=/d" $f; fi
74 echo "fs.inotify.max_user_watches = 1000000" >> $f
75 # applies it. it would be also be applied after a reboot
76 $ROOTCMD sysctl --system
77
78 f=$target/etc/sudoers
79 line='iank ALL=(ALL) NOPASSWD: ALL'
80 if [[ ! -e $f ]] || ! grep -xF "$line" $f; then
81 echo "$line" >> $f
82 fi
83
84 dir=/p/c/machine_specific/$HOSTNAME/.unison
85 $ROOTCMD mkdir -p $dir
86 if ! $ROOTCMD test -L /root/.unison; then
87 $ROOTCMD rm -rf /root/.unison
88 $ROOTCMD ln -s -T $dir /root/.unison
89 fi
90
91 $ROOTCMD chown -R 1000:1000 $dir
92 while true; do
93 $ROOTCMD chown 1000:1000 $dir
94 $ROOTCMD chmod 700 $dir
95 dir=$(dirname $dir)
96 if [[ $dir == /p ]]; then break; fi
97 done
98
99 au --system -s /bin/false --home-dir /var/lib/bitcoind bitcoin