iankelling.org Git - automated-distro-installer/blob - fai/config/distro-install-common/end

   1 #!/bin/bash -x
   2
   3 set -eE -o pipefail
   4 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
   5
   6 if [[ $EUID != 0 ]]; then
   7   echo "$0: error: expected to be root."
   8   exit 1
   9 fi
  10
  11 # ssh host keys
  12 # note, $BASH_SOURCE is not defined here under fai.
  13
  14 src=$(dirname "$0")/p/c/machine_specific/$HOSTNAME/filesystem/etc/ssh
  15 dst=$target/etc/ssh
  16 if [[ -e $src && -e $dst ]]; then
  17   # outside of fai context or setting up a brand new host, we skip this
  18   cp -rT $src $dst
  19 fi
  20
  21 USER2PW=/q/root/shadow/user2
  22 if ifclass ziva; then
  23   ROOTPW=/q/root/shadow/ziva
  24 else
  25   # if doesn't exist, we dont set one
  26   ROOTPW=/q/root/shadow/standard
  27   if [[ ! -e $ROOTPW ]]; then
  28     ROOTPW=/q/root/shadow/$HOSTNAME
  29   fi
  30 fi
  31
  32 chpw() {
  33   # generating a hashed password:
  34   # under debian, you can do
  35   # mkpasswd -m sha-512 -s >/q/root/shadow/standard
  36   # On arch, best seems to be copy your shadow file to a temp location,
  37   # then passwd, get out the new pass, then copy the shadow file back.
  38
  39   user=$1
  40   pwfile=$2
  41   if [[ $pwfile && -e $pwfile ]]; then
  42     printf "$user:" | cat - "$pwfile" | $ROOTCMD chpasswd -e
  43   else
  44     echo "$0: warning: no pw set for $user" >&2
  45   fi
  46 }
  47 au() { # add user. i don't use adduser for portability
  48   if ! $ROOTCMD getent passwd ${@: -1}; then
  49     $ROOTCMD useradd -Um -s /bin/bash $@
  50   fi
  51 }
  52
  53 chpw root "$ROOTPW"
  54
  55 # only setup root pass for bootstrap vol
  56 if ifclass VOL_STRETCH_BOOTSTRAP; then
  57   exit 0
  58 fi
  59
  60
  61 # return of 9 = user already exists. so we are idempotent.
  62 au iank
  63 chpw iank "$ROOTPW"
  64
  65 au user2
  66 if ifclass frodo; then
  67   chpw user2 "$USER2PW"
  68 fi
  69 # comparing iank's groups to user2, I see none she should join on arch
  70 $ROOTCMD usermod -a -G user2 iank
  71
  72
  73 $ROOTCMD getent group docker &>/dev/null || $ROOTCMD groupadd -r docker
  74 $ROOTCMD usermod -a -G docker iank
  75
  76 # based on unison error, with 8192 from
  77 # sysctl -a | grep fs.inotify.max_user_watches
  78 #http://stackoverflow.com/questions/535768/what-is-a-reasonable-amount-of-inotify-watches-with-linux
  79 f=$target/etc/sysctl.d/99-sysctl.conf
  80 key=fs.inotify.max_user_watches
  81 if [[ -e $f ]]; then sed -ri --follow-symlinks "/^\s*$key\s*=/d" $f; fi
  82 echo "fs.inotify.max_user_watches = 50000" >> $f
  83 # applies it. it would be also be applied after a reboot
  84 $ROOTCMD sysctl --system
  85
  86 f=$target/etc/sudoers
  87 line='iank  ALL=(ALL)  NOPASSWD: ALL'
  88 if [[ ! -e $f ]] || ! grep -xF "$line" $f; then
  89   echo "$line" >> $f
  90 fi
  91
  92
  93 au --system -s /bin/false --home-dir /var/lib/bitcoind bitcoin