From 4abbc67ed68213ec94fcf5970d3e34661967a87c Mon Sep 17 00:00:00 2001
From: Ian Kelling <iank@fsf.org>
Date: Tue, 26 Apr 2022 22:28:15 -0400
Subject: [PATCH] beginning of fsf config

---
 fai/config/class/50-host-classes             |   9 +-
 fai/config/scripts/FSF/11-iank               | 255 +++++++++++++++++++
 fai/config/scripts/GRUB_EFI/11-iank          |   1 -
 fai/config/scripts/{GRUB_PC => IANK}/11-iank |   2 +-
 4 files changed, 263 insertions(+), 4 deletions(-)
 create mode 100755 fai/config/scripts/FSF/11-iank
 delete mode 120000 fai/config/scripts/GRUB_EFI/11-iank
 rename fai/config/scripts/{GRUB_PC => IANK}/11-iank (99%)

diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes
index 84efa36..7de2287 100755
--- a/fai/config/class/50-host-classes
+++ b/fai/config/class/50-host-classes
@@ -79,9 +79,12 @@ echo FAIBASE STANDARD DEBIAN
 # ROTATIONAL: in a system with ssd and hdd, install to the hdd
 # instead of the default ssd.
 #
-# RAID0: Use raid 0 even if there are >= 4 disks with boot partititions.
+# RAID0: Use raid 0 even if there are >= 4 disks with boot partitions.
 #
 # LINODE: For running a vm on linode, especially one created with fai-cd.
+#
+# IANK / FSF: general setup of my machine vs FSF machines
+# NABIA_EXTRA: extra repos for NABIA from other distros
 
 
 if [[ -e /a/bin/fai/fai-wrapper ]]; then
@@ -128,6 +131,8 @@ exit 0
 # It's a noop until we replace _ with host names.
 
 #!/bin/bash
+
+echo IANK
 if [[ ! -e /a/bin/fai/fai-wrapper || $FAI_ACTION == dirinstall ]]; then
   case $HOSTNAME in
     # bullseye based minimal recovery / bootstraping os:
@@ -137,7 +142,7 @@ if [[ ! -e /a/bin/fai/fai-wrapper || $FAI_ACTION == dirinstall ]]; then
     # etiona
     _) echo UBUNTU ETIONA64 VOL_ETIONA ETIONA ;;
     # nabia
-    _) echo UBUNTU NABIA64 VOL_NABIA NABIA  ;;
+    _) echo UBUNTU NABIA64 VOL_NABIA NABIA NABIA_EXTRA  ;;
     # stretch
     _) echo STRETCH64 VOL_STRETCH STRETCH_NONFREE ;;
     # buster
diff --git a/fai/config/scripts/FSF/11-iank b/fai/config/scripts/FSF/11-iank
new file mode 100755
index 0000000..7e94a40
--- /dev/null
+++ b/fai/config/scripts/FSF/11-iank
@@ -0,0 +1,255 @@
+#!/bin/bash -x
+
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+if [[ $EUID != 0 ]]; then
+  echo "$0: error: expected to be root."
+  exit 1
+fi
+
+
+# -r = recursive
+# -i = ignore non-matching class warnings, always exit 0
+# -B = no backup files
+fcopy -riBM /boot
+
+
+
+chpw() {
+  # generating a hashed password:
+  # under debian, you can do
+  # mkpasswd -m sha-512 -s >/q/root/shadow/standard
+  # On arch, best seems to be copy your shadow file to a temp location,
+  # then passwd, get out the new pass, then copy the shadow file back.
+
+  user=$1
+  pwfile=$2
+  if [[ $pwfile && -e $pwfile ]]; then
+    printf "$user:" | cat - "$pwfile" | $ROOTCMD chpasswd -e
+  else
+    echo "$0: warning: no pw set for $user" >&2
+  fi
+}
+
+chpw root $FAI/distro-install-common/shadow/community0p
+
+
+#### misc configurations
+chroot $FAI_ROOT bash <<'EOFOUTER'
+if getent group systemd-journal >/dev/null; then
+  # makes the journal be saved to disk.
+  mkdir -p /var/log/journal
+  chmod 755 /var/log/journal
+fi
+debconf-set-selections <<EOF
+kexec-tools kexec-tools/load_kexec boolean false
+EOF
+apt-get install -y pxe-kexec
+
+# this is usefull. Only thing reason I see this being disabled by default is
+# that a normal user can disrupt the system, eg cause a reboot.
+sed -i '$a kernel.sysrq=1
+/^kernel.sysrq=/d' /etc/sysctl.conf
+
+EOFOUTER
+
+speed=115200
+cmdline="rd.luks.crypttab=no net.ifnames=0 console=ttyS0,${speed}n8 console=tty0"
+
+# per rubens suggestion to make a d16 more stable
+cmdline+=" pci=realloc=off"
+
+cat >$FAI_ROOT/etc/grub.d/40_custom <<EOF
+#!/bin/sh
+exec tail -n +3 \$0
+# This file provides an easy way to add custom menu entries.  Simply type the
+# menu entries you want to add after this comment.  Be careful not to change
+# the 'exec tail' line above.
+
+# https://www.coreboot.org/Serial_console # tty
+# but removed unneeded stuff
+
+serial --speed=$speed
+terminal_input --append  serial
+terminal_output --append serial
+EOF
+
+
+chroot $FAI_ROOT bash <<EOF
+set -eE -o pipefail
+# https://askubuntu.com/questions/33416/how-do-i-disable-the-boot-splash-screen-and-only-show-kernel-and-boot-text-inst
+
+sed -ri 's/(^GRUB_CMDLINE_LINUX_DEFAULT=")quiet/\1/;s/^(GRUB_CMDLINE_LINUX_DEFAULT=".*) quiet([ "])/\1\2/' /etc/default/grub
+sed -ri 's/(^GRUB_CMDLINE_LINUX_DEFAULT=")splash/\1/;s/^(GRUB_CMDLINE_LINUX_DEFAULT=".*) splash([ "])/\1\2/' /etc/default/grub
+
+for arg in $cmdline; do
+  if ! grep "^GRUB_CMDLINE_LINUX_DEFAULT=.*[\" ]${arg//./\\.}[\" ]" /etc/default/grub; then
+    sed -ri "s/^GRUB_CMDLINE_LINUX_DEFAULT=\"(.*)/GRUB_CMDLINE_LINUX_DEFAULT=\"$arg \1/" /etc/default/grub
+  fi
+done
+
+if grep -qF "$cmdline" /etc/default/grub; then
+  # already set things, exit
+  exit 0
+fi
+sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="$cmdline"/' /etc/default/grub
+# on xenial, no grub is displayed at all. fix that.
+# found just by noticing this in the config file, and a
+# warning about it in error.log
+sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub
+
+if type -P update-grub2 &>/dev/null; then
+  update-grub2
+else
+  update-grub
+fi
+
+EOF
+
+
+  cat > $target/etc/network/interfaces <<-EOF
+# generated by FAI
+auto lo eth0
+iface lo inet loopback
+iface eth0 inet dhcp
+iface eth0 inet6 auto
+
+source-directory /etc/network/interfaces.d
+EOF
+
+  # previously had an else condition after
+  #elif ifclass VM || ifclass LINODE; then
+  # iface $NIC1 inet manual
+  # iface br0 inet dhcp
+  #   bridge_ports $NIC1
+  #   bridge_stp off
+  #   bridge_maxwait 0
+  # however, on t9, on startup, br0, became
+  # rename1 and didn't come up. i dunno why,
+  # but the bridge is for vms that I rarely use,
+  # so not bothering to figure it out.
+
+
+
+
+if ifclass LINODE; then
+  mkdir -p $target/etc/initramfs-tools/conf.d
+  cat >$target/etc/initramfs-tools/conf.d/mine <<EOF
+# dhcp in initramfs doesn't work on linode. i dunno why, whatever.
+# man 5 initramfs.conf
+# /usr/share/doc/klibc-utils/README.ipconfig.gz
+# /usr/share/initramfs-tools/scripts/functions
+IP=$linode_ip::$linode_gw:255.255.255.0::eth0:off
+EOF
+
+
+  if [[ $HOSTNAME == li ]]; then
+
+    cat > $target/etc/network/interfaces <<-EOF
+# generated by FAI
+auto lo eth0
+iface lo inet loopback
+iface eth0 inet dhcp
+# for the standard network config, uncomment this and comment the lines after it.
+#iface eth0 inet6 auto
+
+iface eth0 inet6 static
+# this is really a /128. it seems like we need to assign it for ipv6 to work.
+address 2600:3c00::f03c:91ff:fe6d:baf8/64
+gateway fe80::1
+
+iface eth0 inet6 static
+# from a requested /64 pool
+address 2600:3c00:e000:280::2/64
+
+source-directory /etc/network/interfaces.d
+EOF
+  fi
+fi
+
+# I prefer to stick with ifup/down for now. a. networkd is not in its
+# own package, so cant use in other init systems. b. it works fine.
+chroot $FAI_ROOT bash <<EOF
+systemctl disable systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
+systemctl mask systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
+EOF
+
+##### end network setup  #####
+
+
+if ifclass VOL_BULLSEYE_BOOTSTRAP; then
+  fcopy /etc/systemd/system/faicheck.service
+  chroot $FAI_ROOT bash <<'EOFOUTER'
+systemctl enable faicheck.service
+EOFOUTER
+  exit 0 # avoid unnecessary stuff in bootstrap vol
+fi
+
+
+## misc settings
+chroot $FAI_ROOT bash <<'EOFOUTER'
+#### begin .ssh setup ###
+set -x
+set -eE -o pipefail
+if ! [[ -s /home/iank/.ssh/authorized_keys ]]; then
+  mkdir -p /home/iank/.ssh
+  f=/root/.ssh/authorized_keys
+  if [[ -e $f ]]; then
+     cp $f /home/iank/.ssh
+  fi
+  chown -R 1000:1000 /home/iank/.ssh
+  chmod -R u=Xrw,og= /home/iank/.ssh
+  rm -rf /root/.ssh
+  # remove broken symlinks or the following cp will fail
+  find /home/iank/.ssh -xtype l -exec rm '{}' \;
+  cp -rL /home/iank/.ssh /root
+  chown -R root:root /root/.ssh
+  chmod 700 /root/.ssh
+fi
+
+# old link from
+# # https://ticktockhouse.svbtle.com/my-obligatory-ubuntu-ssh-agent-post
+# but that made a service that started too soon and didn't pick up our
+# x env vars. instead, copy from the root ssh-agent just the
+# appropriate things into a new service.
+rm -f /home/iank/.config/systemd/user/default.target.wants/ssh-agent.service
+
+rm -f /home/iank/.local/share/systemd/user/sshaiank.service \
+  /home/iank/.config/systemd/user/default.target.wants/sshaiank.service
+
+#### end .ssh setup ###
+
+## duplicated in ssh-emacs-setup
+# done here so its setup earlier for convenience
+line='AcceptEnv INSIDE_EMACS BRC COLUMNS'
+f=/etc/ssh/sshd_config
+grep -xFq "$line" $f || tee -a $f <<<"$line"
+
+
+# default debian groups (jessie through buster) + adm, root, admin
+for g in cdrom floppy audio dip video plugdev netdev adm sudo admin; do
+  if getent group $g >/dev/null; then
+    usermod -aG $g iank
+  fi
+done
+
+if getent group systemd-journal >/dev/null; then
+  usermod -aG systemd-journal iank
+fi
+EOFOUTER
+
+rm -f $target/etc/resolv.conf
+ln -s ../run/systemd/resolve/stub-resolv.conf $target/etc/resolv.conf
+# needed for bitfolk image
+if [[ -e /a/bin/fai/fai-wrapper ]]; then
+  systemctl enable systemd-resolved
+  systemctl start systemd-resolved
+fi
+
+
+
+# reading through the groups that iank is in but user2 isn't,
+for g in plugdev audio video cdrom; do
+  $ROOTCMD usermod -a -G $g user2
+done
diff --git a/fai/config/scripts/GRUB_EFI/11-iank b/fai/config/scripts/GRUB_EFI/11-iank
deleted file mode 120000
index e135aad..0000000
--- a/fai/config/scripts/GRUB_EFI/11-iank
+++ /dev/null
@@ -1 +0,0 @@
-../GRUB_PC/11-iank
\ No newline at end of file
diff --git a/fai/config/scripts/GRUB_PC/11-iank b/fai/config/scripts/IANK/11-iank
similarity index 99%
rename from fai/config/scripts/GRUB_PC/11-iank
rename to fai/config/scripts/IANK/11-iank
index 954afd4..47b97ad 100755
--- a/fai/config/scripts/GRUB_PC/11-iank
+++ b/fai/config/scripts/IANK/11-iank
@@ -25,7 +25,7 @@ fi
 # -i = ignore non-matching class warnings, always exit 0
 # -B = no backup files
 fcopy -riBM /boot
-# this is also done by FABASE/10-misc by default (without B)
+# this is also done by FAIBASE/10-misc by default (without B)
 fcopy -riBM /root
 fcopy -riBM /usr/local/bin
 
-- 
2.30.2