2 # This file is part of Ian Kelling's automated-distro-installer
3 # Copyright (C) 2024 Ian Kelling
5 # This program is free software; you can redistribute it and/or
6 # modify it under the terms of the GNU General Public License
7 # as published by the Free Software Foundation; either version 2
8 # of the License, or (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program; if not, write to the Free Software
17 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
22 if [[ $EUID != 0 ]]; then
23 echo "$0: error: expected to be root."
27 if ! type -t fcopy
&>/dev
/null
; then
28 sudo apt-get
-y install fai-client
31 if [[ -e /a
/bin
/fai
/fai-wrapper
]]; then
38 if [[ $FAI_ROOT == / ]]; then
39 source /a
/bin
/bash_unpublished
/source-state
40 bprogs_dir
=/a
/opt
/btrfs-progs-release
42 bprogs_dir
=/srv
/btrfs-progs-release
43 chroot
="chroot $FAI_ROOT"
47 # -i = ignore non-matching class warnings, always exit 0
48 # -B = no backup files
50 # this is also done by FAIBASE/10-misc by default (without B)
51 fcopy
-riB /usr
/local
/bin
53 fcopy
-riB /etc
/apt
/logind.conf.d
55 # this gets done by fai, but just happens too often that
56 # I add sources due to new distros, whatever.
57 fcopy
-riB /etc
/apt
/preferences.d
58 fcopy
-riB /etc
/apt
/sources.list.d
61 src
=$FAI/distro-install-common
/shadow
63 if [[ ! -e $dst && -e $src ]]; then
64 # outside of fai context, we skip this
66 mount
-o bind $src $dst
69 $FAI/distro-install-common
/end
73 ### begin sources install + updates
74 # these get copied in an earlier stage by fai, but leaving it here since
75 # I run this as a single post-fai script to update things that have changed.
77 # this can fail if we need an apt update
78 $chroot /usr
/bin
/apt-cache policy
>$tmpfile1 ||
:
82 $chroot /usr
/bin
/apt-cache policy
>$tmpfile2
83 if ! diff -q $tmpfile1 $tmpfile2; then
84 $chroot /usr
/bin
/apt update
86 # outside of fai, this seems to regularly lead to
87 # E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
88 # so add a sleep. 1 sec is probably way more than needed.
90 f
=$FAI_ROOT/var
/cache
/apt
/pkgcache.bin
91 if [[ ! -r $f ]] ||
(( $
(( $
(date +%s
) - $
(stat
-c %Y
$f ) )) > 60*60*2 )); then
93 while fuser
$FAI_ROOT/var
/lib
/dpkg
/lock
&>/dev
/null
; do
96 if (( i
> 300 )); then
97 echo "error: timed out waiting for /var/lib/dpkg/lock" >&2
100 $ROOTCMD apt-get update
103 ### end sources install + updates
106 #### misc configurations
109 if [[ $FAI_ACTION != dirinstall
]] && ! ifclass NOCRYPT
; then
110 if ifclass LINODE
; then
112 cmdline
="rd.luks.crypttab=no net.ifnames=0 console=ttyS0,${speed}n8"
115 cmdline
="rd.luks.crypttab=no net.ifnames=0 console=ttyS0,${speed}n8 console=tty0"
118 fcopy
-v /usr
/bin
/myncq
120 cat >$target/etc
/systemd
/system
/myncq.service
<<'EOF'
122 Description=fix ncq errors
126 ExecStart=/usr/bin/myncq
130 # https://www.enricozini.org/blog/2017/debian/systemd-07-devices/
131 WantedBy=dev-disk-by\x2did-ata\x2dSamsung_SSD_870_QVO_8TB_S5VUNG0N900656V.device
134 $chroot bash
<<'EOFOUTER'
135 systemctl enable myncq.service
136 /usr/bin/myncq no-upgrub
140 # per rubens suggestion to make a d16 more stable
141 kd|kw
) cmdline
+=" pci=realloc=off" ;;
145 fi ##### end != dirinstall && != NOCRYPT
148 ###### begin network setup ####
150 # use old names. the idea of them changing between boots has never
151 # happened to me and I usually only have 1 wired or other type.
152 # If I ever do need to care about it, I will.
153 # Strangely this didn't work on kw, so I added kernel cmdline parameter.
154 # https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
155 ln -sf /dev
/null
$target/etc
/systemd
/network
/99-default.link
158 # bitfolk installer handles the rest
164 # bug fix, somewhere between t9's xorg 1.19.6
165 # and 1.20.1-3ubuntu2
166 # xserver-xorg-video-nouveau 1:1.0.15-3
167 # xorg stopped load nouveau
168 # https://www.linuxquestions.org/questions/slackware-14/kernel-modules-conflicting-with-nouveau-driver-4175623867/
169 # https://nouveau.freedesktop.org/InstallNouveau.html
170 # And now in t11, things got worse with a newer card also not loading
171 # nouveau when it did in t10.
172 if lspci|
grep -q 'VGA compatible controller: NVIDIA'; then
173 mkdir
-p $target/etc
/X11
/xorg.conf.d
/
174 cat >$target/etc
/X11
/xorg.conf.d
/10-nouveau.conf
<<'EOF'
182 # use networkmanager if this host has wireless.
183 if [[ $HOSTNAME == bo
]] ||
type -p iw
&>/dev
/null
&& [[ $
(iw dev
) ]]; then
185 apt-get -y install network-manager
188 # allow networkmanager to manage interfaces
189 #https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1638842
190 touch $target/etc
/NetworkManager
/conf.d
/10-globally-managed-devices.conf
191 # in a default desktop install, it looks like netplan creates this file under
192 # run/NetworkManager/conf.d in early boot.
194 # By default, dns=default is set in etiona, and dns is just broken.
195 # Maybe with resolvconf it would work, but theres no need for that.
196 # https://wiki.gnome.org/Projects/NetworkManager/DNS
197 cat >$target/etc
/NetworkManager
/conf.d
/99-iank.conf
<<'EOF'
202 cat > $target/etc
/network
/interfaces
<<-EOF
205 iface lo inet loopback
207 iface eth0 inet6 auto
209 source-directory /etc/network/interfaces.d
212 # previously had an else condition after
213 #elif ifclass VM || ifclass LINODE; then
214 # iface $NIC1 inet manual
215 # iface br0 inet dhcp
219 # however, on t9, on startup, br0, became
220 # rename1 and didn't come up. i dunno why,
221 # but the bridge is for vms that I rarely use,
222 # so not bothering to figure it out.
229 $FAI/distro-install-common
/install-stable-kernel-debs
232 $chroot apt-get
-y install linux-libre
236 pre
=https
://mirrors.edge.kernel.org
/pub
/linux
/kernel
/people
/kdave
/btrfs-progs
237 tarball
=$
(curl
-s $pre/sha256sums.asc \
238 |
awk '$2 ~ /^btrfs-progs-v/ { print $2 }' |
grep -v -- -rc |
grep "^btrfs-progs-v.*gz\$" |
sort -V |
tail -n1)
240 dir
=${tarball%.tar.gz}
241 ver
=${dir#btrfs-progs-}
242 cur_ver
=$
(btrfs
--version 2>/dev
/null |
awk '{print $2}') ||
:
243 if [[ $ver != "$cur_ver" ]]; then
244 if [[ $HOST2 == "$HOSTNAME" && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then
248 sudo
-u iank
tar xzf
$tarball
249 mv ${tarball%.tar.gz} $bprogs_dir
251 apt-get
-y build-dep btrfs-progs
252 sudo
-u iank .
/configure
--disable-documentation
256 $chroot bash
-xe <<EOF
263 if ifclass LINODE
; then
264 mkdir
-p $target/etc
/initramfs-tools
/conf.d
265 cat >$target/etc
/initramfs-tools
/conf.d
/mine
<<EOF
266 # dhcp in initramfs doesn't work on linode. i dunno why, whatever.
267 # man 5 initramfs.conf
268 # /usr/share/doc/klibc-utils/README.ipconfig.gz
269 # /usr/share/initramfs-tools/scripts/functions
270 IP=$linode_ip::$linode_gw:255.255.255.0::eth0:off
274 if [[ $HOSTNAME == li
]]; then
275 cat > $target/etc
/network
/interfaces
<<-EOF
278 iface lo inet loopback
280 # for the standard network config, uncomment this and comment the lines after it.
281 #iface eth0 inet6 auto
283 iface eth0 inet6 static
284 # this is really a /128. it seems like we need to assign it for ipv6 to work.
285 address 2600:3c00::f03c:91ff:fe6d:baf8/64
288 iface eth0 inet6 static
289 # from a requested /64 pool
290 address 2600:3c00:e000:280::2/64
292 source-directory /etc/network/interfaces.d
298 ##### end network setup #####
301 if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP
; then
302 fcopy
/etc
/systemd
/system
/faicheck.service
303 $chroot bash
<<'EOFOUTER'
304 systemctl enable faicheck.service
306 exit 0 # avoid unnecessary stuff in bootstrap vol
311 $chroot bash
<<'EOFOUTER'
312 #### begin .ssh setup ###
315 if ! [[ -s /home/iank/.ssh/authorized_keys ]]; then
316 mkdir -p /home/iank/.ssh
317 f=/root/.ssh/authorized_keys
319 cp $f /home/iank/.ssh
321 chown -R 1000:1000 /home/iank/.ssh
322 chmod -R u=Xrw,og= /home/iank/.ssh
324 # remove broken symlinks or the following cp will fail
325 find /home/iank/.ssh -xtype l -exec rm '{}' \;
326 cp -rL /home/iank/.ssh /root
327 chown -R root:root /root/.ssh
332 # # https://ticktockhouse.svbtle.com/my-obligatory-ubuntu-ssh-agent-post
333 # but that made a service that started too soon and didn't pick up our
334 # x env vars. instead, copy from the root ssh-agent just the
335 # appropriate things into a new service.
337 rm -f /home/iank/.local/share/systemd/user/sshaiank.service \
338 /home/iank/.config/systemd/user/default.target.wants/sshaiank.service
340 #### end .ssh setup ###
342 ## duplicated in ssh-emacs-setup
343 # done here so its setup earlier for convenience
344 line='AcceptEnv INSIDE_EMACS BRC COLUMNS'
345 f=/etc/ssh/sshd_config
346 grep -xFq "$line" $f || tee -a $f <<<"$line"
349 # default debian groups (jessie through buster) + adm, root, admin
350 for g in cdrom floppy audio dip video plugdev netdev adm sudo admin; do
351 if getent group $g >/dev/null; then
356 if getent group systemd-journal >/dev/null; then
357 usermod -aG systemd-journal iank
361 rm -f $target/etc
/resolv.conf
362 ln -s ..
/run
/systemd
/resolve
/stub-resolv.conf
$target/etc
/resolv.conf
363 # needed for bitfolk image
364 if [[ -e /a
/bin
/fai
/fai-wrapper
]]; then
365 systemctl
enable systemd-resolved
366 systemctl start systemd-resolved
371 # reading through the groups that iank is in but user2 isn't,
372 for g
in plugdev audio video cdrom
; do
373 $ROOTCMD usermod
-a -G $g user2