iankelling.org / git / automated-distro-installer / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
beginning of fsf config
[automated-distro-installer] / fai / config / scripts / FSF / 11-iank
1 #!/bin/bash -x
2
3 set -eE -o pipefail
4 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
5
6 if [[ $EUID != 0 ]]; then
7 echo "$0: error: expected to be root."
8 exit 1
9 fi
10
11
12 # -r = recursive
13 # -i = ignore non-matching class warnings, always exit 0
14 # -B = no backup files
15 fcopy -riBM /boot
16
17
18
19 chpw() {
20 # generating a hashed password:
21 # under debian, you can do
22 # mkpasswd -m sha-512 -s >/q/root/shadow/standard
23 # On arch, best seems to be copy your shadow file to a temp location,
24 # then passwd, get out the new pass, then copy the shadow file back.
25
26 user=$1
27 pwfile=$2
28 if [[ $pwfile && -e $pwfile ]]; then
29 printf "$user:" | cat - "$pwfile" | $ROOTCMD chpasswd -e
30 else
31 echo "$0: warning: no pw set for $user" >&2
32 fi
33 }
34
35 chpw root $FAI/distro-install-common/shadow/community0p
36
37
38 #### misc configurations
39 chroot $FAI_ROOT bash <<'EOFOUTER'
40 if getent group systemd-journal >/dev/null; then
41 # makes the journal be saved to disk.
42 mkdir -p /var/log/journal
43 chmod 755 /var/log/journal
44 fi
45 debconf-set-selections <<EOF
46 kexec-tools kexec-tools/load_kexec boolean false
47 EOF
48 apt-get install -y pxe-kexec
49
50 # this is usefull. Only thing reason I see this being disabled by default is
51 # that a normal user can disrupt the system, eg cause a reboot.
52 sed -i '$a kernel.sysrq=1
53 /^kernel.sysrq=/d' /etc/sysctl.conf
54
55 EOFOUTER
56
57 speed=115200
58 cmdline="rd.luks.crypttab=no net.ifnames=0 console=ttyS0,${speed}n8 console=tty0"
59
60 # per rubens suggestion to make a d16 more stable
61 cmdline+=" pci=realloc=off"
62
63 cat >$FAI_ROOT/etc/grub.d/40_custom <<EOF
64 #!/bin/sh
65 exec tail -n +3 \$0
66 # This file provides an easy way to add custom menu entries. Simply type the
67 # menu entries you want to add after this comment. Be careful not to change
68 # the 'exec tail' line above.
69
70 # https://www.coreboot.org/Serial_console # tty
71 # but removed unneeded stuff
72
73 serial --speed=$speed
74 terminal_input --append serial
75 terminal_output --append serial
76 EOF
77
78
79 chroot $FAI_ROOT bash <<EOF
80 set -eE -o pipefail
81 # https://askubuntu.com/questions/33416/how-do-i-disable-the-boot-splash-screen-and-only-show-kernel-and-boot-text-inst
82
83 sed -ri 's/(^GRUB_CMDLINE_LINUX_DEFAULT=")quiet/\1/;s/^(GRUB_CMDLINE_LINUX_DEFAULT=".*) quiet([ "])/\1\2/' /etc/default/grub
84 sed -ri 's/(^GRUB_CMDLINE_LINUX_DEFAULT=")splash/\1/;s/^(GRUB_CMDLINE_LINUX_DEFAULT=".*) splash([ "])/\1\2/' /etc/default/grub
85
86 for arg in $cmdline; do
87 if ! grep "^GRUB_CMDLINE_LINUX_DEFAULT=.*[\" ]${arg//./\\.}[\" ]" /etc/default/grub; then
88 sed -ri "s/^GRUB_CMDLINE_LINUX_DEFAULT=\"(.*)/GRUB_CMDLINE_LINUX_DEFAULT=\"$arg \1/" /etc/default/grub
89 fi
90 done
91
92 if grep -qF "$cmdline" /etc/default/grub; then
93 # already set things, exit
94 exit 0
95 fi
96 sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="$cmdline"/' /etc/default/grub
97 # on xenial, no grub is displayed at all. fix that.
98 # found just by noticing this in the config file, and a
99 # warning about it in error.log
100 sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub
101
102 if type -P update-grub2 &>/dev/null; then
103 update-grub2
104 else
105 update-grub
106 fi
107
108 EOF
109
110
111 cat > $target/etc/network/interfaces <<-EOF
112 # generated by FAI
113 auto lo eth0
114 iface lo inet loopback
115 iface eth0 inet dhcp
116 iface eth0 inet6 auto
117
118 source-directory /etc/network/interfaces.d
119 EOF
120
121 # previously had an else condition after
122 #elif ifclass VM || ifclass LINODE; then
123 # iface $NIC1 inet manual
124 # iface br0 inet dhcp
125 # bridge_ports $NIC1
126 # bridge_stp off
127 # bridge_maxwait 0
128 # however, on t9, on startup, br0, became
129 # rename1 and didn't come up. i dunno why,
130 # but the bridge is for vms that I rarely use,
131 # so not bothering to figure it out.
132
133
134
135
136 if ifclass LINODE; then
137 mkdir -p $target/etc/initramfs-tools/conf.d
138 cat >$target/etc/initramfs-tools/conf.d/mine <<EOF
139 # dhcp in initramfs doesn't work on linode. i dunno why, whatever.
140 # man 5 initramfs.conf
141 # /usr/share/doc/klibc-utils/README.ipconfig.gz
142 # /usr/share/initramfs-tools/scripts/functions
143 IP=$linode_ip::$linode_gw:255.255.255.0::eth0:off
144 EOF
145
146
147 if [[ $HOSTNAME == li ]]; then
148
149 cat > $target/etc/network/interfaces <<-EOF
150 # generated by FAI
151 auto lo eth0
152 iface lo inet loopback
153 iface eth0 inet dhcp
154 # for the standard network config, uncomment this and comment the lines after it.
155 #iface eth0 inet6 auto
156
157 iface eth0 inet6 static
158 # this is really a /128. it seems like we need to assign it for ipv6 to work.
159 address 2600:3c00::f03c:91ff:fe6d:baf8/64
160 gateway fe80::1
161
162 iface eth0 inet6 static
163 # from a requested /64 pool
164 address 2600:3c00:e000:280::2/64
165
166 source-directory /etc/network/interfaces.d
167 EOF
168 fi
169 fi
170
171 # I prefer to stick with ifup/down for now. a. networkd is not in its
172 # own package, so cant use in other init systems. b. it works fine.
173 chroot $FAI_ROOT bash <<EOF
174 systemctl disable systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
175 systemctl mask systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
176 EOF
177
178 ##### end network setup #####
179
180
181 if ifclass VOL_BULLSEYE_BOOTSTRAP; then
182 fcopy /etc/systemd/system/faicheck.service
183 chroot $FAI_ROOT bash <<'EOFOUTER'
184 systemctl enable faicheck.service
185 EOFOUTER
186 exit 0 # avoid unnecessary stuff in bootstrap vol
187 fi
188
189
190 ## misc settings
191 chroot $FAI_ROOT bash <<'EOFOUTER'
192 #### begin .ssh setup ###
193 set -x
194 set -eE -o pipefail
195 if ! [[ -s /home/iank/.ssh/authorized_keys ]]; then
196 mkdir -p /home/iank/.ssh
197 f=/root/.ssh/authorized_keys
198 if [[ -e $f ]]; then
199 cp $f /home/iank/.ssh
200 fi
201 chown -R 1000:1000 /home/iank/.ssh
202 chmod -R u=Xrw,og= /home/iank/.ssh
203 rm -rf /root/.ssh
204 # remove broken symlinks or the following cp will fail
205 find /home/iank/.ssh -xtype l -exec rm '{}' \;
206 cp -rL /home/iank/.ssh /root
207 chown -R root:root /root/.ssh
208 chmod 700 /root/.ssh
209 fi
210
211 # old link from
212 # # https://ticktockhouse.svbtle.com/my-obligatory-ubuntu-ssh-agent-post
213 # but that made a service that started too soon and didn't pick up our
214 # x env vars. instead, copy from the root ssh-agent just the
215 # appropriate things into a new service.
216 rm -f /home/iank/.config/systemd/user/default.target.wants/ssh-agent.service
217
218 rm -f /home/iank/.local/share/systemd/user/sshaiank.service \
219 /home/iank/.config/systemd/user/default.target.wants/sshaiank.service
220
221 #### end .ssh setup ###
222
223 ## duplicated in ssh-emacs-setup
224 # done here so its setup earlier for convenience
225 line='AcceptEnv INSIDE_EMACS BRC COLUMNS'
226 f=/etc/ssh/sshd_config
227 grep -xFq "$line" $f || tee -a $f <<<"$line"
228
229
230 # default debian groups (jessie through buster) + adm, root, admin
231 for g in cdrom floppy audio dip video plugdev netdev adm sudo admin; do
232 if getent group $g >/dev/null; then
233 usermod -aG $g iank
234 fi
235 done
236
237 if getent group systemd-journal >/dev/null; then
238 usermod -aG systemd-journal iank
239 fi
240 EOFOUTER
241
242 rm -f $target/etc/resolv.conf
243 ln -s ../run/systemd/resolve/stub-resolv.conf $target/etc/resolv.conf
244 # needed for bitfolk image
245 if [[ -e /a/bin/fai/fai-wrapper ]]; then
246 systemctl enable systemd-resolved
247 systemctl start systemd-resolved
248 fi
249
250
251
252 # reading through the groups that iank is in but user2 isn't,
253 for g in plugdev audio video cdrom; do
254 $ROOTCMD usermod -a -G $g user2
255 done
PXE install w multi-boot, btrfs & Libreboot support