iankelling.org / git / automated-distro-installer / blob
? search:


f9a084030917a6ee4d6963b4d5a309dc47e7b46e
[automated-distro-installer] / fai / config / distro-install-common / end
1 #!/bin/bash -x
2
3 set -eE -o pipefail
4 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
5
6 if [[ $EUID != 0 ]]; then
7 echo "$0: error: expected to be root."
8 exit 1
9 fi
10
11 # ssh host keys
12 # note, $BASH_SOURCE is not defined here under fai.
13
14 src=$(dirname "$0")/p/c/machine_specific/$HOSTNAME/filesystem/etc/ssh
15 dst=$target/etc/ssh
16 if [[ -e $src && -e $dst ]]; then
17 # outside of fai context or setting up a brand new host, we skip this
18 cp -rT $src $dst
19 fi
20
21 root_pw_f=/q/root/shadow/standard
22 if [[ ! -e $root_pw_f ]]; then
23 root_pw_f=/q/root/shadow/$HOSTNAME
24 fi
25
26 au() { # add user. i don't use adduser for portability
27 local user=${@: -1}
28 if ! $ROOTCMD getent passwd $user; then
29 $ROOTCMD useradd -c $user -Um -s /bin/bash $@
30 fi
31 }
32
33
34 # only setup root pass for bootstrap vol
35 if ifclass VOL_BULLSEYE_BOOTSTRAP || VOL_BOOKWORM_BOOTSTRAP; then
36 exit 0
37 fi
38
39
40 # return of 9 = user already exists. so we are idempotent.
41 au iank
42 # generating a hashed password:
43 # under debian, you can do
44 # mkpasswd -m sha-512 -s >/q/root/shadow/standard
45 # On arch, best seems to be copy your shadow file to a temp location,
46 # then passwd, get out the new pass, then copy the shadow file back.
47 if [[ -e $root_pw_f ]]; then
48 sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e
49 sed 's/^/iank:/' $root_pw_f | $ROOTCMD chpasswd -e
50 fi
51
52 au user2
53 if ifclass frodo; then
54 sed 's/^/user2:/' /q/root/shadow/user2 | $ROOTCMD chpasswd -e
55 fi
56 # comparing iank's groups to user2, I see none she should join on arch
57 $ROOTCMD usermod -a -G user2 iank
58
59
60 $ROOTCMD getent group docker &>/dev/null || $ROOTCMD groupadd -r docker
61 $ROOTCMD usermod -a -G docker iank
62
63 # based on unison error, with 8192 from
64 # sysctl -a | grep fs.inotify.max_user_watches
65 #http://stackoverflow.com/questions/535768/what-is-a-reasonable-amount-of-inotify-watches-with-linux
66 f=$target/etc/sysctl.d/99-sysctl.conf
67 key=fs.inotify.max_user_watches
68 if [[ -e $f ]]; then sed -ri --follow-symlinks "/^\s*$key\s*=/d" $f; fi
69 echo "fs.inotify.max_user_watches = 50000" >> $f
70 # applies it. it would be also be applied after a reboot
71 $ROOTCMD sysctl --system
72
73 if getent group sudo >/dev/null; then
74 $ROOTCMD usermod -aG sudo iank
75 fi
76
77 cat >$target/etc/sudoers.d/ianksudoers <<'EOF'
78 Defaults timestamp_timeout=1440
79 # used in bashrc
80 Defaults env_keep += SUDOD
81 # always_set_home
82 # makes ubuntu be like debian
83 # https://unix.stackexchange.com/a/91572
84 Defaults always_set_home
85 # umask: default setting is to have minimum umask of 0022
86 # This lets us have user-specific umasks which are more permissive.
87 # I did this for transmission and set it's umask gecos on install,
88 # see there for more info.
89 Defaults !umask
90 # i use sudo in cronjobs, it spams the logs rather uselessly
91 # https://stackoverflow.com/questions/14277116/suppress-log-entry-for-single-sudo-commands
92 Defaults:root,iank !log_allowed, !pam_session
93 # for just the root user, set some env vars
94 Defaults>root env_file=/etc/rootsudoenv
95
96 # a few commands we should be able to run with no password
97 iank ALL = (root) NOPASSWD: /usr/local/bin/spend,/usr/local/bin/us,/usr/local/bin/off,/usr/bin/nmtui-connect,/usr/local/bin/bitcoinoff,/usr/local/bin/bitcoinon
98
99 EOF
100
101 case $HOSTNAME in
102 li|bk|je)
103 cat >>$target/etc/sudoers.d/ianksudoers <<'EOF'
104 iank ALL=(ALL) NOPASSWD: ALL
105 EOF
106 ;;
107 esac
108
109 # remove old config line. can be removed eventually.
110 f=$target/etc/sudoers
111 line='iank ALL=(ALL) NOPASSWD: ALL'
112 if grep -qxF "$line" $f; then
113 sed -i "/^$line/d" $f
114 fi
115
116
117 au --system -s /bin/false --home-dir /var/lib/bitcoind bitcoin
PXE install w multi-boot, btrfs & Libreboot support