From 2230b58f86d24175583f2ce60d271f66d4f122ea Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Sat, 6 Feb 2021 01:00:51 -0500 Subject: [PATCH] minor fixes, dns, new os versions --- fai/config/basefiles/mk-basefile | 5 +- fai/config/class/50-host-classes | 16 ++++--- fai/config/distro-install-common/end | 2 +- .../distro-install-common/libreboot_grub.cfg | 2 +- .../etc/apt/preferences.d/nabia-focal/NABIA | 3 ++ .../apt/sources.list.d/aaa-nabia.list/NABIA | 12 +++++ ...STRETCH_BOOTSTRAP => VOL_BUSTER_BOOTSTRAP} | 0 ...STRETCH_BOOTSTRAP => VOL_BUSTER_BOOTSTRAP} | 2 +- fai/config/hooks/instsoft.DEFAULT | 2 +- fai/config/hooks/partition.DEFAULT | 48 ++++++++++--------- fai/config/scripts/GRUB_PC/11-iank | 2 +- faiserver-setup | 2 +- mymk-basefile | 1 + wrt-setup-local | 34 +++++++------ 14 files changed, 76 insertions(+), 55 deletions(-) create mode 100644 fai/config/files/etc/apt/preferences.d/nabia-focal/NABIA create mode 100644 fai/config/files/etc/apt/sources.list.d/aaa-nabia.list/NABIA rename fai/config/files/etc/systemd/system/fai_check.service/{VOL_STRETCH_BOOTSTRAP => VOL_BUSTER_BOOTSTRAP} (100%) rename fai/config/files/root/fai-check/{VOL_STRETCH_BOOTSTRAP => VOL_BUSTER_BOOTSTRAP} (97%) diff --git a/fai/config/basefiles/mk-basefile b/fai/config/basefiles/mk-basefile index 8878aad..e4fd05d 100755 --- a/fai/config/basefiles/mk-basefile +++ b/fai/config/basefiles/mk-basefile @@ -39,10 +39,12 @@ EXCLUDE_FLIDAS=udhcpc,dibbler-client,info EXCLUDE_BIONIC=udhcpc,dibbler-client,info EXCLUDE_ETIONA=udhcpc,dibbler-client,info EXCLUDE_FOCAL=udhcpc,dibbler-client,info +EXCLUDE_NABIA=udhcpc,dibbler-client,info # here you can add packages, that are needed very early INCLUDE_DEBIAN= INCLUDE_ETIONA=ifupdown +INCLUDE_NABIA=ifupdown setarch() { @@ -226,6 +228,7 @@ prtdists() { BIONIC64 ETIONA64 FOCAL64 + NABIA64 SQUEEZE32 SQUEEZE64 WHEEZY32 WHEEZY64 JESSIE32 JESSIE64 @@ -309,7 +312,7 @@ case "$target" in SLC6_32) slc i386 6 ;; SLC6_64) slc amd64 6 ;; SLC7_64) slc amd64 7 ;; - BELENOS*|FLIDAS*|ETIONA*) + BELENOS*|FLIDAS*|ETIONA*|NABIA*) debgeneric $target $MIRROR_TRISQUEL ;; TRUSTY*|XENIAL*|BIONIC*|FOCAL*) debgeneric $target $MIRROR_UBUNTU ;; diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes index 076323b..f6b7caa 100755 --- a/fai/config/class/50-host-classes +++ b/fai/config/class/50-host-classes @@ -28,15 +28,15 @@ echo FAIBASE STANDARD DEBIAN # things installed, to speed up installation. # # STRETCH64, BUSTER64, BULLSEYE64, -# FLIDAS64, FLIDAS64BIG, ETIONA64, +# FLIDAS64, FLIDAS64BIG, ETIONA64, NABIA64 # XENIAL64, BIONIC64, FOCAL64, # # The distro subvol name, we can add as many of these as we want: # VOL_TESTING, VOL_STRETCH, VOL_BUSTER, VOL_BULLSEYE, -# VOL_FLIDAS, VOL_ETIONA +# VOL_FLIDAS, VOL_ETIONA, VOL_NABIA # VOL_XENIAL, VOL_BIONIC VOL_FOCAL -# VOL_STRETCH_BOOTSTRAP. -# Using VOL_STRETCH_BOOTSTRAP sets up the install to act like a pxe rom if +# VOL_BUSTER_BOOTSTRAP. +# Using VOL_BUSTER_BOOTSTRAP sets up the install to act like a pxe rom if # grub sets a specific var. # # The apt sources files we want, @@ -44,7 +44,7 @@ echo FAIBASE STANDARD DEBIAN # BUSTER_FREE, BUSTER_NONFREE, # BULLSEYE_FREE, BULLSEYE_NONFREE # TESTING_FREE, TESTING_NONFREE, -# XENIAL_FREE, BIONIC, FOCAL, FLIDAS, ETIONA, STRETCH_LINODE. +# XENIAL_FREE, BIONIC, FOCAL, FLIDAS, ETIONA, NABIA, STRETCH_LINODE. # # It's all a little redundant in some cases, but it keeps things # simpler. @@ -86,12 +86,14 @@ echo FAIBASE STANDARD DEBIAN #!/bin/bash if [[ ! -e /a/bin/fai/fai-wrapper || $FAI_ACTION == dirinstall ]]; then case $HOSTNAME in - # stretch based minimal recovery / bootstraping os: - _) echo STRETCH64 VOL_STRETCH_BOOTSTRAP STRETCH_FREE ;; + # buster based minimal recovery / bootstraping os: + _) echo BUSTER64 VOL_BUSTER_BOOTSTRAP BUSTER_FREE ;; # flidas _) echo UBUNTU FLIDAS64 VOL_FLIDAS FLIDAS ;; # etiona _) echo UBUNTU ETIONA64 VOL_ETIONA ETIONA ;; + # nabia + _) echo UBUNTU NABIA64 VOL_NABIA NABIA ;; # stretch _) echo STRETCH64 VOL_STRETCH STRETCH_FREE ;; # buster diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end index ec0d1cf..b0e0700 100755 --- a/fai/config/distro-install-common/end +++ b/fai/config/distro-install-common/end @@ -50,7 +50,7 @@ au() { # add user. i don't use adduser for portability chpw root "$ROOTPW" # only setup root pass for bootstrap vol -if ifclass VOL_STRETCH_BOOTSTRAP; then +if ifclass VOL_BUSTER_BOOTSTRAP; then exit 0 fi diff --git a/fai/config/distro-install-common/libreboot_grub.cfg b/fai/config/distro-install-common/libreboot_grub.cfg index 8a1fc4e..84fa4e2 100644 --- a/fai/config/distro-install-common/libreboot_grub.cfg +++ b/fai/config/distro-install-common/libreboot_grub.cfg @@ -14,7 +14,7 @@ function save_chosen { } # fai_check is so we can act like a pxe boot, but just for fai, and by -# using /stretch_bootstrap to do it. We toggle on and off the grub var +# using /buster_bootstrap to do it. We toggle on and off the grub var # did_fai_check so we can do the check every other boot. Then # /debian_bootstrap checks for that var on boot and if we want to do a # fai check, it does it, then reboots. But fai-check also sets diff --git a/fai/config/files/etc/apt/preferences.d/nabia-focal/NABIA b/fai/config/files/etc/apt/preferences.d/nabia-focal/NABIA new file mode 100644 index 0000000..1e6fc34 --- /dev/null +++ b/fai/config/files/etc/apt/preferences.d/nabia-focal/NABIA @@ -0,0 +1,3 @@ +Package: * +Pin: release n=focal,o=Ubuntu +Pin-Priority: -100 diff --git a/fai/config/files/etc/apt/sources.list.d/aaa-nabia.list/NABIA b/fai/config/files/etc/apt/sources.list.d/aaa-nabia.list/NABIA new file mode 100644 index 0000000..85bf23c --- /dev/null +++ b/fai/config/files/etc/apt/sources.list.d/aaa-nabia.list/NABIA @@ -0,0 +1,12 @@ +deb http://mirror.fsf.org/trisquel/ nabia main +deb-src http://mirror.fsf.org/trisquel/ nabia main + +deb http://mirror.fsf.org/trisquel/ nabia-updates main +deb-src http://mirror.fsf.org/trisquel/ nabia-updates main + +deb http://archive.trisquel.info/trisquel/ nabia-security main +deb-src http://archive.trisquel.info/trisquel/ nabia-security main + +# Uncomment this lines to enable the backports optional repository +deb http://mirror.fsf.org/trisquel/ nabia-backports main +deb-src http://mirror.fsf.org/trisquel/ nabia-backports main diff --git a/fai/config/files/etc/systemd/system/fai_check.service/VOL_STRETCH_BOOTSTRAP b/fai/config/files/etc/systemd/system/fai_check.service/VOL_BUSTER_BOOTSTRAP similarity index 100% rename from fai/config/files/etc/systemd/system/fai_check.service/VOL_STRETCH_BOOTSTRAP rename to fai/config/files/etc/systemd/system/fai_check.service/VOL_BUSTER_BOOTSTRAP diff --git a/fai/config/files/root/fai-check/VOL_STRETCH_BOOTSTRAP b/fai/config/files/root/fai-check/VOL_BUSTER_BOOTSTRAP similarity index 97% rename from fai/config/files/root/fai-check/VOL_STRETCH_BOOTSTRAP rename to fai/config/files/root/fai-check/VOL_BUSTER_BOOTSTRAP index 7c405e6..e96879a 100755 --- a/fai/config/files/root/fai-check/VOL_STRETCH_BOOTSTRAP +++ b/fai/config/files/root/fai-check/VOL_BUSTER_BOOTSTRAP @@ -59,7 +59,7 @@ for dev in $(btrfs fi show / | sed -rn 's#^\s*devid\s.*\s([^0-9 ]+)\S+$#\1#p' \ set +x fi first=false - # we could just as well check if last_boot != /debianstable_boostrap + # we could just as well check if last_boot != /debianbuster_boostrap # the intent with this one is just a little clearer. if [[ $did_fai_check == true ]]; then grub-editenv /mnt/grubenv set did_fai_check=os_true diff --git a/fai/config/hooks/instsoft.DEFAULT b/fai/config/hooks/instsoft.DEFAULT index 8e9c7e5..07adc1d 100755 --- a/fai/config/hooks/instsoft.DEFAULT +++ b/fai/config/hooks/instsoft.DEFAULT @@ -3,7 +3,7 @@ # These are things we can do before package_config packages get installed. # exit for any vm except demohost, or if we are doing a dirinstall -if ifclass VM && ! ifclass demohost || ifclass VOL_STRETCH_BOOTSTRAP || [[ ! $FAI_ACTION || $FAI_ACTION = dirinstall ]]; then +if ifclass VM && ! ifclass demohost || ifclass VOL_BUSTER_BOOTSTRAP || [[ ! $FAI_ACTION || $FAI_ACTION = dirinstall ]]; then exit 0 fi diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT index 3d024af..ea8d237 100755 --- a/fai/config/hooks/partition.DEFAULT +++ b/fai/config/hooks/partition.DEFAULT @@ -25,12 +25,12 @@ if [[ $EUID != 0 ]]; then fi # for calling outside of FAI: -# # need to redep and set that location so that we get luks keys -# export FAI=/srv/fai/config # fai-redep +# s # source /b/fai/fai-wrapper # - set any appropriate classes with: fai-setclass OPT1... which sets CLASS_OPT1=true... # or run eval-fai-classfile FILE +# export luks_dir=/q/root/luks # # OPTIONS: # @@ -325,6 +325,8 @@ if [[ ! $DISTRO ]]; then DISTRO=trisquelflidas elif ifclass VOL_ETIONA; then DISTRO=trisqueletiona + elif ifclass VOL_NABIA; then + DISTRO=trisquelnabia else echo "PARTITIONER ERROR: no distro class/var set" >&2 exit 1 @@ -342,33 +344,33 @@ bpart() { # btrfs a partition } -if [[ ! -e /a/bin/fai/fai-wrapper ]]; then +if [[ ! $luks_dir ]]; then # see README for docs about how to create these luks_dir=$FAI/distro-install-common/luks +fi - luks_file=$luks_dir/host-$HOSTNAME - if [[ ! -e $luks_file ]]; then - hostkeys=($luks_dir/host-*) - # if there is only one key, we might be deploying somewhere - # where dhcp doesnt give us a proper hostname, so use that. - if [[ ${#hostkeys[@]} == 1 && -e ${hostkeys[0]} ]]; then - luks_file=${hostkeys[0]} - else - echo "$0: error: no key for hostname at $luks_file" >&2 - exit 1 - fi - fi - - # # note, corresponding changes in /b/ds/keyscript-{on,off} - if ifclass demohost; then - lukspw=x - elif [[ -e $luks_dir/$HOSTNAME ]]; then - lukspw=$(cat $luks_dir/$HOSTNAME) +luks_file=$luks_dir/host-$HOSTNAME +if [[ ! -e $luks_file ]]; then + hostkeys=($luks_dir/host-*) + # if there is only one key, we might be deploying somewhere + # where dhcp doesnt give us a proper hostname, so use that. + if [[ ${#hostkeys[@]} == 1 && -e ${hostkeys[0]} ]]; then + luks_file=${hostkeys[0]} else - lukspw=$(cat $luks_dir/iank) + echo "$0: error: no key for hostname at $luks_file" >&2 + exit 1 fi fi +# # note, corresponding changes in /b/ds/keyscript-{on,off} +if ifclass demohost; then + lukspw=x +elif [[ -e $luks_dir/$HOSTNAME ]]; then + lukspw=$(cat $luks_dir/$HOSTNAME) +else + lukspw=$(cat $luks_dir/iank) +fi + first_root_crypt=$(root-cryptdev ${devs[0]}) @@ -471,7 +473,7 @@ if $partition; then # This is just a bit more robust, and it could work for booting # into ipxe which can't persist data, if we ever got that working. mkfs.ext2 $(grub_extdev) - # when we move to newer than trisquel 8, we can remove + # when we move to newer than trisquel 9, we can remove # --type luks1. We can also check on cryptsetup --help | less /compil # to see about the other settings. Default in debian 9 is luks2. # You can convert from luks2 to luks 1 by adding a temporary key: diff --git a/fai/config/scripts/GRUB_PC/11-iank b/fai/config/scripts/GRUB_PC/11-iank index 9b71647..089f0cb 100755 --- a/fai/config/scripts/GRUB_PC/11-iank +++ b/fai/config/scripts/GRUB_PC/11-iank @@ -41,7 +41,7 @@ $FAI/distro-install-common/end -if ifclass VOL_STRETCH_BOOTSTRAP; then +if ifclass VOL_BUSTER_BOOTSTRAP; then fcopy -riM /etc/systemd/system chroot $FAI_ROOT bash <<'EOFOUTER' systemctl enable fai_check.service diff --git a/faiserver-setup b/faiserver-setup index 086a351..bce13d2 100755 --- a/faiserver-setup +++ b/faiserver-setup @@ -82,7 +82,7 @@ if grep -xFq 'VERSION="8 (jessie)"' /etc/os-release; then cat >/etc/apt/sources.list.d/fai.list <<'EOF' deb https://fai-project.org/download jessie koeln EOF -elif grep -iE 'VERSION=.*(stretch|flidas|xenail|buster|bullseye|etiona)' /etc/os-release; then +elif grep -iE 'VERSION=.*(stretch|flidas|xenail|buster|bullseye|etiona|nabia)' /etc/os-release; then # fai on ubuntu only has official support using the universe repo, but newer # tends to have less bugs. wget -O - https://fai-project.org/download/2BF8D9FE074BCDE4.asc | apt-key add - diff --git a/mymk-basefile b/mymk-basefile index 61cfe99..a784e00 100755 --- a/mymk-basefile +++ b/mymk-basefile @@ -19,6 +19,7 @@ Args I've used before: -z BUSTER64 -z STRETCH64 -z XENIAL64 +-z NABIA64 -z ETIONA64 -z FLIDAS64 -z BELENOS64 diff --git a/wrt-setup-local b/wrt-setup-local index 6201f86..b94d13d 100755 --- a/wrt-setup-local +++ b/wrt-setup-local @@ -573,6 +573,18 @@ config rule option target ACCEPT option dest_port 2208 +config redirect + option name sshbb8 + option src wan + option src_dport 2209 + option dest_port 22 + option dest_ip $l.9 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 2209 + config redirect option name icecast option src wan @@ -600,21 +612,7 @@ config rule config redirect - option name vpntp - option src wan - option src_dport 1196 - option dest lan - option dest_ip $l.8 - option proto udp -config rule - option src wan - option target ACCEPT - option dest_port 1196 - option proto udp - - -config redirect - option name httptp + option name httpkd option src wan option src_dport 80 option dest lan @@ -627,7 +625,7 @@ config rule option proto tcp config redirect - option name httpstp + option name httpskd option src wan option src_dport 443 option dest lan @@ -725,10 +723,10 @@ case $hostname in cmc) v cedit host /etc/hosts <