iankelling.org / git / automated-distro-installer / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f39fbb5)
improvements, fix for new openwrt
authorIan Kelling <iank@fsf.org>
Wed, 15 Dec 2021 19:32:31 +0000 (14:32 -0500)
committerIan Kelling <iank@fsf.org>
Wed, 15 Dec 2021 19:32:31 +0000 (14:32 -0500)
fai/config/distro-install-common/end patch | blob | history
fai/config/scripts/GRUB_PC/11-iank patch | blob | history
wrt-setup patch | blob | history
wrt-setup-local patch | blob | history

diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end
index 57b71159f62352228b8f53f28fb0b3ae89e138f8..4e25d97cf4e3b489ff1a3c8b09136611c943017c 100755 (executable)
--- a/fai/config/distro-install-common/end
+++ b/fai/config/distro-install-common/end
@@ -100,6 +100,14 @@ Defaults:root,iank !log_allowed, !pam_session
 Defaults>root env_file=/etc/rootsudoenv
 EOF
 
+case $HOSTNAME in
+  li|bk|je)
+    cat >>$target/etc/sudoers.d/ianksudoers <<'EOF'
+iank  ALL=(ALL)  NOPASSWD: ALL
+EOF
+    ;;
+esac
+
 # remove old config line. can be removed eventually.
 f=$target/etc/sudoers
 line='iank  ALL=(ALL)  NOPASSWD: ALL'
diff --git a/fai/config/scripts/GRUB_PC/11-iank b/fai/config/scripts/GRUB_PC/11-iank
index ecc093e09153a1c6117d67358b58087c797bdbc4..e27260e76065f0c77c02b71a8e8a8647bde33686 100755 (executable)
--- a/fai/config/scripts/GRUB_PC/11-iank
+++ b/fai/config/scripts/GRUB_PC/11-iank
@@ -240,6 +240,8 @@ auto lo eth0
 iface lo inet loopback
 iface eth0 inet static
 address 10.3.0.2/16
+
+source-directory /etc/network/interfaces.d
 EOF
   fi
 
@@ -250,6 +252,8 @@ auto lo eth0
 iface lo inet loopback
 iface eth0 inet dhcp
 iface eth0 inet6 auto
+
+source-directory /etc/network/interfaces.d
 EOF
 
   # previously had an else condition after
@@ -296,6 +300,8 @@ gateway fe80::1
 iface eth0 inet6 static
 # from a requested /64 pool
 address 2600:3c00:e000:280::2/64
+
+source-directory /etc/network/interfaces.d
 EOF
   fi
 fi
@@ -324,24 +330,46 @@ chroot $FAI_ROOT bash <<'EOFOUTER'
 #### begin .ssh setup ###
 set -x
 set -eE -o pipefail
-mkdir -p /home/iank/.ssh
-f=/root/.ssh/authorized_keys
-if [[ -e $f ]]; then
-   cp $f /home/iank/.ssh
+if ! [[ -s /home/iank/.ssh/authorized_keys ]]; then
+  mkdir -p /home/iank/.ssh
+  f=/root/.ssh/authorized_keys
+  if [[ -e $f ]]; then
+     cp $f /home/iank/.ssh
+  fi
+  chown -R 1000:1000 /home/iank/.ssh
+  chmod -R u=Xrw,og= /home/iank/.ssh
+  rm -rf /root/.ssh
+  # remove broken symlinks or the following cp will fail
+  find /home/iank/.ssh -xtype l -exec rm '{}' \;
+  cp -rL /home/iank/.ssh /root
+  chown -R root:root /root/.ssh
+  chmod 700 /root/.ssh
 fi
-chown -R 1000:1000 /home/iank/.ssh
-chmod -R u=Xrw,og= /home/iank/.ssh
-rm -rf /root/.ssh
-# remove broken symlinks or the following cp will fail
-find /home/iank/.ssh -xtype l -exec rm '{}' \;
-cp -rL /home/iank/.ssh /root
-chown -R root:root /root/.ssh
-chmod 700 /root/.ssh
-# https://ticktockhouse.svbtle.com/my-obligatory-ubuntu-ssh-agent-post
+
+# old link from
+# # https://ticktockhouse.svbtle.com/my-obligatory-ubuntu-ssh-agent-post
+# but that made a service that started too soon and didn't pick up our
+# x env vars. instead, copy from the root ssh-agent just the
+# appropriate things into a new service.
+rm -f /home/iank/.config/systemd/user/default.target.wants/ssh-agent.service
+
+mkdir -p /home/iank/.local/share/systemd/user
+cat >/home/iank/.local/share/systemd/user/sshaiank.service <<'EOF'
+[Unit]
+Description=OpenSSH User Agent
+Documentation=man:ssh-agent(1)
+[Service]
+ExecStart=/usr/lib/openssh/agent-launch start
+ExecStopPost=/usr/lib/openssh/agent-launch stop
+[Install]
+WantedBy=default.target
+EOF
+# enable it
 # systemctl --user is not available at fai time, so create the link ourselves
-d=/home/iank/.config/systemd/user/default.target.wants
-sudo -u iank mkdir -p $d
-sudo -u iank ln -sf /usr/lib/systemd/user/ssh-agent.service $d
+dir=/home/iank/.config/systemd/user/default.target.wants
+mkdir -p $dir
+ln -sf /home/iank/.local/share/systemd/user/sshaiank.service $dir
+
 #### end .ssh setup ###
 
 ## duplicated in ssh-emacs-setup
diff --git a/wrt-setup b/wrt-setup
index d229af1be93a58db31e642e0f04ba3deed5f1cee..0d856ad861a18319c8ac3c45615478c91dc78287 100755 (executable)
--- a/wrt-setup
+++ b/wrt-setup
@@ -70,7 +70,7 @@ fi
 
 echo "$0: h=$h"
 # todo: ecdsa key not working with dropbear
-#cat ~/.ssh/h.pub | ssh $h dd of=/etc/dropbear/authorized_keys 2>/dev/null
+cat ~/.ssh/{h,home}.pub | ssh $h dd of=/etc/dropbear/authorized_keys 2>/dev/null
 scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-local /a/bin/cedit/cedit $h:/usr/bin
 # relay is built for openwrt 18.06.2, r7676-cddd7b4c77
 
diff --git a/wrt-setup-local b/wrt-setup-local
index 2c28dca69bfcf247c25dc52e1d8b74d8ca29b899..cb8b9409a672f293540a6cadd72b7ad9472f8396 100755 (executable)
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -358,7 +358,7 @@ fi
 v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server \
   tcpdump openvpn-openssl adblock libusb-compat \
   screen kmod-usb-serial-cp210x kmod-usb-serial-ftdi rsync\
-  unbound-daemon-heavy unbound-checkconf
+  unbound-daemon unbound-checkconf
 
 cat >/etc/libremanage.conf <<EOF
 ${libremanage_host}_type=switch
PXE install w multi-boot, btrfs & Libreboot support