iankelling.org Git - automated-distro-installer/blob - fai/config/distro-install-common/end

   1 #!/bin/bash -x
   2
   3 set -eE -o pipefail
   4 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
   5
   6 if [[ $EUID != 0 ]]; then
   7   echo "$0: error: expected to be root."
   8   exit 1
   9 fi
  10
  11 # ssh host keys
  12 # note, $BASH_SOURCE is not defined here under fai.
  13
  14 src=$(dirname "$0")/p/c/machine_specific/$HOSTNAME/filesystem/etc/ssh
  15 dst=$target/etc/ssh
  16 if [[ -e $src && -e $dst ]]; then
  17   # outside of fai context or setting up a brand new host, we skip this
  18   cp -rT $src $dst
  19 fi
  20
  21 root_pw_f=/q/root/shadow/standard
  22 if [[ ! -e $root_pw_f ]]; then
  23   root_pw_f=/q/root/shadow/$HOSTNAME
  24 fi
  25
  26 au() { # add user. i don't use adduser for portability
  27   local user=${@: -1}
  28   if ! $ROOTCMD getent passwd $user; then
  29     $ROOTCMD useradd -c $user -Um -s /bin/bash $@
  30   fi
  31 }
  32
  33 # generating a hashed password:
  34 # under debian, you can do
  35 # mkpasswd -m sha-512 -s >/q/root/shadow/standard
  36 # On arch, best seems to be copy your shadow file to a temp location,
  37 # then passwd, get out the new pass, then copy the shadow file back.
  38 sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e
  39
  40 # only setup root pass for bootstrap vol
  41 if ifclass VOL_BULLSEYE_BOOTSTRAP; then
  42   exit 0
  43 fi
  44
  45
  46 # return of 9 = user already exists. so we are idempotent.
  47 au iank
  48 sed 's/^/iank:/' $root_pw_f | $ROOTCMD chpasswd -e
  49
  50 au user2
  51 if ifclass frodo; then
  52   sed 's/^/user2:/' /q/root/shadow/user2 | $ROOTCMD chpasswd -e
  53 fi
  54 # comparing iank's groups to user2, I see none she should join on arch
  55 $ROOTCMD usermod -a -G user2 iank
  56
  57
  58 $ROOTCMD getent group docker &>/dev/null || $ROOTCMD groupadd -r docker
  59 $ROOTCMD usermod -a -G docker iank
  60
  61 # based on unison error, with 8192 from
  62 # sysctl -a | grep fs.inotify.max_user_watches
  63 #http://stackoverflow.com/questions/535768/what-is-a-reasonable-amount-of-inotify-watches-with-linux
  64 f=$target/etc/sysctl.d/99-sysctl.conf
  65 key=fs.inotify.max_user_watches
  66 if [[ -e $f ]]; then sed -ri --follow-symlinks "/^\s*$key\s*=/d" $f; fi
  67 echo "fs.inotify.max_user_watches = 50000" >> $f
  68 # applies it. it would be also be applied after a reboot
  69 $ROOTCMD sysctl --system
  70
  71 if getent group sudo >/dev/null; then
  72   $ROOTCMD usermod -aG sudo iank
  73 fi
  74
  75 cat >$target/etc/sudoers.d/ianksudoers <<'EOF'
  76 Defaults timestamp_timeout=1440
  77 # used in bashrc
  78 Defaults  env_keep += SUDOD
  79 # always_set_home
  80 # makes ubuntu be like debian
  81 # https://unix.stackexchange.com/a/91572
  82 Defaults always_set_home
  83 # umask: default setting is to have  minimum umask of 0022
  84 # This lets us have user-specific umasks which are more permissive.
  85 # I did this for transmission and set it's umask gecos on install,
  86 # see there for more info.
  87 Defaults !umask
  88 # i use sudo in cronjobs, it spams the logs rather uselessly
  89 # https://stackoverflow.com/questions/14277116/suppress-log-entry-for-single-sudo-commands
  90 Defaults:root,iank !log_allowed, !pam_session
  91 # for just the root user, set some env vars
  92 Defaults>root env_file=/etc/rootsudoenv
  93
  94 # a few commands we should be able to run with no password
  95 iank ALL = (root) NOPASSWD: /usr/local/bin/spend,/usr/bin/nmtui-connect
  96
  97 EOF
  98
  99 case $HOSTNAME in
 100   li|bk|je)
 101     cat >>$target/etc/sudoers.d/ianksudoers <<'EOF'
 102 iank  ALL=(ALL)  NOPASSWD: ALL
 103 EOF
 104     ;;
 105 esac
 106
 107 # remove old config line. can be removed eventually.
 108 f=$target/etc/sudoers
 109 line='iank  ALL=(ALL)  NOPASSWD: ALL'
 110 if grep -qxF "$line" $f; then
 111   sed -i "/^$line/d" $f
 112 fi
 113
 114
 115 au --system -s /bin/false --home-dir /var/lib/bitcoind bitcoin