iankelling.org / git / automated-distro-installer / blob
? search:


63c85f96e992452999a349210252fd05af96595a
[automated-distro-installer] / fai / config / scripts / IANK / 11-iank
1 #!/bin/bash -x
2 # This file is part of Ian Kelling's automated-distro-installer
3 # Copyright (C) 2024 Ian Kelling
4
5 # This program is free software; you can redistribute it and/or
6 # modify it under the terms of the GNU General Public License
7 # as published by the Free Software Foundation; either version 2
8 # of the License, or (at your option) any later version.
9
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14
15 # You should have received a copy of the GNU General Public License
16 # along with this program; if not, write to the Free Software
17 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18
19 set -eE -o pipefail
20 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
21
22 if [[ $EUID != 0 ]]; then
23 echo "$0: error: expected to be root."
24 exit 1
25 fi
26
27 if ! type -t fcopy &>/dev/null; then
28 sudo apt-get -y install fai-client
29 fi
30
31 if [[ -e /a/bin/fai/fai-wrapper ]]; then
32 chroot() {
33 shift
34 "$@"
35 }
36 fi
37
38 if [[ $FAI_ROOT == / ]]; then
39 source /a/bin/bash_unpublished/source-state
40 bprogs_dir=/a/opt/btrfs-progs-release
41 else
42 bprogs_dir=/srv/btrfs-progs-release
43 chroot="chroot $FAI_ROOT"
44 fi
45
46 # -r = recursive
47 # -i = ignore non-matching class warnings, always exit 0
48 # -B = no backup files
49 fcopy -riB /boot
50 # this is also done by FAIBASE/10-misc by default (without B)
51 fcopy -riB /usr/local/bin
52
53 fcopy -riB /etc/apt/logind.conf.d
54
55 # this gets done by fai, but just happens too often that
56 # I add sources due to new distros, whatever.
57 fcopy -riB /etc/apt/preferences.d
58 fcopy -riB /etc/apt/sources.list.d
59
60
61 src=$FAI/distro-install-common/shadow
62 dst=/q/root/shadow
63 if [[ ! -e $dst && -e $src ]]; then
64 # outside of fai context, we skip this
65 mkdir -p $dst
66 mount -o bind $src $dst
67 fi
68
69 $FAI/distro-install-common/end
70
71
72
73 ### begin sources install + updates
74 # these get copied in an earlier stage by fai, but leaving it here since
75 # I run this as a single post-fai script to update things that have changed.
76 tmpfile1=$(mktemp)
77 # this can fail if we need an apt update
78 $chroot /usr/bin/apt-cache policy >$tmpfile1 ||:
79 fcopy -riB /etc/apt
80
81 tmpfile2=$(mktemp)
82 $chroot /usr/bin/apt-cache policy >$tmpfile2
83 if ! diff -q $tmpfile1 $tmpfile2; then
84 $chroot /usr/bin/apt update
85 fi
86 # outside of fai, this seems to regularly lead to
87 # E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
88 # so add a sleep. 1 sec is probably way more than needed.
89 sleep 1
90 f=$FAI_ROOT/var/cache/apt/pkgcache.bin
91 if [[ ! -r $f ]] || (( $(( $(date +%s) - $(stat -c %Y $f ) )) > 60*60*2 )); then
92 i=0
93 while fuser $FAI_ROOT/var/lib/dpkg/lock &>/dev/null; do
94 sleep 1
95 i=$(( i+1 ))
96 if (( i > 300 )); then
97 echo "error: timed out waiting for /var/lib/dpkg/lock" >&2
98 exit 1
99 fi
100 $ROOTCMD apt-get update
101 done
102 fi
103 ### end sources install + updates
104
105
106 #### misc configurations
107
108
109 if [[ $FAI_ACTION != dirinstall ]] && ! ifclass NOCRYPT; then
110 if ifclass LINODE; then
111 speed=19200
112 cmdline="rd.luks.crypttab=no net.ifnames=0 console=ttyS0,${speed}n8"
113 else
114 speed=115200
115 cmdline="rd.luks.crypttab=no net.ifnames=0 console=ttyS0,${speed}n8 console=tty0"
116 case $HOSTNAME in
117 kd)
118 fcopy -v /usr/bin/myncq
119
120 cat >$target/etc/systemd/system/myncq.service <<'EOF'
121 [Unit]
122 Description=fix ncq errors
123
124 [Service]
125 Type=oneshot
126 ExecStart=/usr/bin/myncq
127 TimeoutStartSec=20
128
129 [Install]
130 # https://www.enricozini.org/blog/2017/debian/systemd-07-devices/
131 WantedBy=dev-disk-by\x2did-ata\x2dSamsung_SSD_870_QVO_8TB_S5VUNG0N900656V.device
132 EOF
133
134 $chroot bash <<'EOFOUTER'
135 systemctl enable myncq.service
136 /usr/bin/myncq no-upgrub
137 EOFOUTER
138
139 ;;&
140 # per rubens suggestion to make a d16 more stable
141 kd|kw) cmdline+=" pci=realloc=off" ;;
142 esac
143 fi
144
145 fi ##### end != dirinstall && != NOCRYPT
146
147
148 ###### begin network setup ####
149
150 # use old names. the idea of them changing between boots has never
151 # happened to me and I usually only have 1 wired or other type.
152 # If I ever do need to care about it, I will.
153 # Strangely this didn't work on kw, so I added kernel cmdline parameter.
154 # https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
155 ln -sf /dev/null $target/etc/systemd/network/99-default.link
156
157
158 # bitfolk installer handles the rest
159 case $HOSTNAME in
160 bk|je) exit 0 ;;
161 esac
162
163
164 # bug fix, somewhere between t9's xorg 1.19.6
165 # and 1.20.1-3ubuntu2
166 # xserver-xorg-video-nouveau 1:1.0.15-3
167 # xorg stopped load nouveau
168 # https://www.linuxquestions.org/questions/slackware-14/kernel-modules-conflicting-with-nouveau-driver-4175623867/
169 # https://nouveau.freedesktop.org/InstallNouveau.html
170 # And now in t11, things got worse with a newer card also not loading
171 # nouveau when it did in t10.
172 if lspci|grep -q 'VGA compatible controller: NVIDIA'; then
173 mkdir -p $target/etc/X11/xorg.conf.d/
174 cat >$target/etc/X11/xorg.conf.d/10-nouveau.conf <<'EOF'
175 Section "Device"
176 Identifier "Device0"
177 Driver "nouveau"
178 EndSection
179 EOF
180 fi
181
182 # use networkmanager if this host has wireless.
183 if [[ $HOSTNAME == bo ]] || type -p iw &>/dev/null && [[ $(iw dev) ]]; then
184 $chroot bash <<EOF
185 apt-get -y install network-manager
186 EOF
187
188 # allow networkmanager to manage interfaces
189 #https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1638842
190 touch $target/etc/NetworkManager/conf.d/10-globally-managed-devices.conf
191 # in a default desktop install, it looks like netplan creates this file under
192 # run/NetworkManager/conf.d in early boot.
193
194 # By default, dns=default is set in etiona, and dns is just broken.
195 # Maybe with resolvconf it would work, but theres no need for that.
196 # https://wiki.gnome.org/Projects/NetworkManager/DNS
197 cat >$target/etc/NetworkManager/conf.d/99-iank.conf <<'EOF'
198 [main]
199 dns=systemd-resolved
200 EOF
201 else
202 cat > $target/etc/network/interfaces <<-EOF
203 # generated by FAI
204 auto lo eth0
205 iface lo inet loopback
206 iface eth0 inet dhcp
207 iface eth0 inet6 auto
208
209 source-directory /etc/network/interfaces.d
210 EOF
211
212 # previously had an else condition after
213 #elif ifclass VM || ifclass LINODE; then
214 # iface $NIC1 inet manual
215 # iface br0 inet dhcp
216 # bridge_ports $NIC1
217 # bridge_stp off
218 # bridge_maxwait 0
219 # however, on t9, on startup, br0, became
220 # rename1 and didn't come up. i dunno why,
221 # but the bridge is for vms that I rarely use,
222 # so not bothering to figure it out.
223
224
225 fi
226
227 case $HOSTNAME in
228 sy)
229 $FAI/distro-install-common/install-stable-kernel-debs
230 ;;
231 *)
232 $chroot apt-get -y install linux-libre
233 ;;
234 esac
235
236 pre=https://mirrors.edge.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs
237 tarball=$(curl -s $pre/sha256sums.asc \
238 | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v.*gz\$" | sort -V | tail -n1)
239 url="$pre/$tarball"
240 dir=${tarball%.tar.gz}
241 ver=${dir#btrfs-progs-}
242 cur_ver=$(btrfs --version 2>/dev/null | awk '{print $2}') ||:
243 if [[ $ver != "$cur_ver" ]]; then
244 if [[ $HOST2 == "$HOSTNAME" && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then
245 rm -rf $bprogs_dir
246 cd /tmp
247 wget $url
248 sudo -u iank tar xzf $tarball
249 mv ${tarball%.tar.gz} $bprogs_dir
250 cd $bprogs_dir
251 apt-get -y build-dep btrfs-progs
252 sudo -u iank ./configure --disable-documentation
253 sudo -u iank make
254 make install
255 else
256 $chroot bash -xe <<EOF
257 cd $bprogs_dir
258 make install
259 EOF
260 fi
261 fi
262
263 if ifclass LINODE; then
264 mkdir -p $target/etc/initramfs-tools/conf.d
265 cat >$target/etc/initramfs-tools/conf.d/mine <<EOF
266 # dhcp in initramfs doesn't work on linode. i dunno why, whatever.
267 # man 5 initramfs.conf
268 # /usr/share/doc/klibc-utils/README.ipconfig.gz
269 # /usr/share/initramfs-tools/scripts/functions
270 IP=$linode_ip::$linode_gw:255.255.255.0::eth0:off
271 EOF
272
273
274 if [[ $HOSTNAME == li ]]; then
275 cat > $target/etc/network/interfaces <<-EOF
276 # generated by FAI
277 auto lo eth0
278 iface lo inet loopback
279 iface eth0 inet dhcp
280 # for the standard network config, uncomment this and comment the lines after it.
281 #iface eth0 inet6 auto
282
283 iface eth0 inet6 static
284 # this is really a /128. it seems like we need to assign it for ipv6 to work.
285 address 2600:3c00::f03c:91ff:fe6d:baf8/64
286 gateway fe80::1
287
288 iface eth0 inet6 static
289 # from a requested /64 pool
290 address 2600:3c00:e000:280::2/64
291
292 source-directory /etc/network/interfaces.d
293 EOF
294 fi
295 fi
296
297
298 ##### end network setup #####
299
300
301 if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP; then
302 fcopy /etc/systemd/system/faicheck.service
303 $chroot bash <<'EOFOUTER'
304 systemctl enable faicheck.service
305 EOFOUTER
306 exit 0 # avoid unnecessary stuff in bootstrap vol
307 fi
308
309
310 ## misc settings
311 $chroot bash <<'EOFOUTER'
312 #### begin .ssh setup ###
313 set -x
314 set -eE -o pipefail
315 if ! [[ -s /home/iank/.ssh/authorized_keys ]]; then
316 mkdir -p /home/iank/.ssh
317 f=/root/.ssh/authorized_keys
318 if [[ -e $f ]]; then
319 cp $f /home/iank/.ssh
320 fi
321 chown -R 1000:1000 /home/iank/.ssh
322 chmod -R u=Xrw,og= /home/iank/.ssh
323 rm -rf /root/.ssh
324 # remove broken symlinks or the following cp will fail
325 find /home/iank/.ssh -xtype l -exec rm '{}' \;
326 cp -rL /home/iank/.ssh /root
327 chown -R root:root /root/.ssh
328 chmod 700 /root/.ssh
329 fi
330
331 # old link from
332 # # https://ticktockhouse.svbtle.com/my-obligatory-ubuntu-ssh-agent-post
333 # but that made a service that started too soon and didn't pick up our
334 # x env vars. instead, copy from the root ssh-agent just the
335 # appropriate things into a new service.
336
337 rm -f /home/iank/.local/share/systemd/user/sshaiank.service \
338 /home/iank/.config/systemd/user/default.target.wants/sshaiank.service
339
340 #### end .ssh setup ###
341
342 ## duplicated in ssh-emacs-setup
343 # done here so its setup earlier for convenience
344 line='AcceptEnv INSIDE_EMACS BRC COLUMNS'
345 f=/etc/ssh/sshd_config
346 grep -xFq "$line" $f || tee -a $f <<<"$line"
347
348
349 # default debian groups (jessie through buster) + adm, root, admin
350 for g in cdrom floppy audio dip video plugdev netdev adm sudo admin; do
351 if getent group $g >/dev/null; then
352 usermod -aG $g iank
353 fi
354 done
355
356 if getent group systemd-journal >/dev/null; then
357 usermod -aG systemd-journal iank
358 fi
359 EOFOUTER
360
361 rm -f $target/etc/resolv.conf
362 ln -s ../run/systemd/resolve/stub-resolv.conf $target/etc/resolv.conf
363 # needed for bitfolk image
364 if [[ -e /a/bin/fai/fai-wrapper ]]; then
365 systemctl enable systemd-resolved
366 systemctl start systemd-resolved
367 fi
368
369
370
371 # reading through the groups that iank is in but user2 isn't,
372 for g in plugdev audio video cdrom; do
373 $ROOTCMD usermod -a -G $g user2
374 done
PXE install w multi-boot, btrfs & Libreboot support