#!/bin/bash -x set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR if [[ $EUID != 0 ]]; then echo "$0: error: expected to be root." exit 1 fi # ssh host keys # note, $BASH_SOURCE is not defined here under fai. src=$(dirname "$0")/p/c/machine_specific/$HOSTNAME/filesystem/etc/ssh dst=$target/etc/ssh if [[ -e $src && -e $dst ]]; then # outside of fai context or setting up a brand new host, we skip this cp -rT $src $dst fi USER2PW=/q/root/shadow/user2 # if doesn't exist, we dont set one ROOTPW=/q/root/shadow/standard if [[ ! -e $ROOTPW ]]; then ROOTPW=/q/root/shadow/$HOSTNAME fi chpw() { # generating a hashed password: # under debian, you can do # mkpasswd -m sha-512 -s >/q/root/shadow/standard # On arch, best seems to be copy your shadow file to a temp location, # then passwd, get out the new pass, then copy the shadow file back. user=$1 pwfile=$2 if [[ $pwfile && -e $pwfile ]]; then printf "$user:" | cat - "$pwfile" | $ROOTCMD chpasswd -e else echo "$0: warning: no pw set for $user" >&2 fi } au() { # add user. i don't use adduser for portability local user=${@: -1} if ! $ROOTCMD getent passwd $user; then $ROOTCMD useradd -c $user -Um -s /bin/bash $@ fi } chpw root "$ROOTPW" # only setup root pass for bootstrap vol if ifclass VOL_BUSTER_BOOTSTRAP; then exit 0 fi # return of 9 = user already exists. so we are idempotent. au iank chpw iank "$ROOTPW" au user2 if ifclass frodo; then chpw user2 "$USER2PW" fi # comparing iank's groups to user2, I see none she should join on arch $ROOTCMD usermod -a -G user2 iank $ROOTCMD getent group docker &>/dev/null || $ROOTCMD groupadd -r docker $ROOTCMD usermod -a -G docker iank # based on unison error, with 8192 from # sysctl -a | grep fs.inotify.max_user_watches #http://stackoverflow.com/questions/535768/what-is-a-reasonable-amount-of-inotify-watches-with-linux f=$target/etc/sysctl.d/99-sysctl.conf key=fs.inotify.max_user_watches if [[ -e $f ]]; then sed -ri --follow-symlinks "/^\s*$key\s*=/d" $f; fi echo "fs.inotify.max_user_watches = 50000" >> $f # applies it. it would be also be applied after a reboot $ROOTCMD sysctl --system f=$target/etc/sudoers line='iank ALL=(ALL) NOPASSWD: ALL' if [[ ! -e $f ]] || ! grep -xF "$line" $f; then echo "$line" >> $f fi au --system -s /bin/false --home-dir /var/lib/bitcoind bitcoin