4 perl
-pne 's%(?:(COMP_CONFIGURE_HINTS|COMP_TAR_INTERNAL_PATHS)=1?)%${1}=1%' -i "$PWD/root/etc/sysconfig/bash-completion"
7 perl
-pne 's%(?:(START_GPGAGENT|START_GPGAGENT_SH)=(?:"?(no|yes)"?)?)%${1}="no"%' -i "$PWD/root/etc/sysconfig/gnupg2"
10 cat << EOF > "$PWD/root/etc/vconsole.conf"
14 cat << EOF > "$PWD/root/etc/locale.conf"
15 LANGUAGE=$LOCALE:${LOCALE_ALT}
20 cat << EOF > "$PWD/root/etc/sysconfig/network"
26 cat << EOF > "$PWD/root/etc/hostname"
31 cat << EOF > "$PWD/root/etc/machine-info"
36 #XXX: we remove mask from address
37 cat << EOF > "$PWD/root/etc/hosts"
40 ${NETADDRESS4%/*} ${NETHOSTNAME} ${NETALIAS}
41 ${NETADDRESS6%/*} ${NETHOSTNAME} ${NETALIAS}
45 perl
-pne 's%listen-on port 53 \{ .+; \};%listen-on port 53 { 127.0.0.1; };%' -i "$PWD/root/etc/named.conf"
46 perl
-pne 's%listen-on-v6 port 53 \{ .+; \};%listen-on-v6 port 53 { ::1; };%' -i "$PWD/root/etc/named.conf"
49 mkdir -p "$PWD/root/etc/systemd/network"
50 if [ ! -z "${NETCONFIG}" -a "${NETCONFIG}" = 'static' ]; then
51 cat << EOF > "$PWD/root/etc/systemd/network/${NETMAC}.network"
57 Address=${NETADDRESS4}
58 Address=${NETADDRESS6}
62 Destination=${NETGATEWAY4}
66 Gateway=${NETGATEWAY4}
69 Destination=${NETGATEWAY6}
73 Gateway=${NETGATEWAY6}
76 cat << EOF > "$PWD/root/etc/systemd/network/${NETMAC}.network"
86 mkdir -p "$PWD/root/var/lib/mysql"
89 mkdir -p "$PWD/root/var/spool/mail"
92 cat << EOF > "$PWD/root/etc/fstab"
93 UUID=${BOOTUUID} /boot ext3 defaults,noatime 1 2
94 UUID=${DATAUUID} / btrfs subvol=/slash,defaults,relatime 1 1
95 UUID=${SWAPAUUID} none swap sw 0 0
96 UUID=${SWAPBUUID} none swap sw 0 0
97 UUID=${DATAUUID} /home btrfs subvol=/home,defaults,relatime 1 1
98 UUID=${DATAUUID} /var/lib/mysql btrfs subvol=/mysql,defaults,relatime 1 1
99 UUID=${DATAUUID} /var/spool/mail btrfs subvol=/mail,defaults,relatime 1 1
100 proc /proc proc defaults 0 0
104 #XXX: Don't forget to add option nofail,noauto for every devices requiring manual unlocking
105 cat << EOF > "$PWD/root/etc/crypttab"
106 ${DATANAME} UUID=${LUKSDATAUUID}
110 ln -fs "/run/systemd/resolve/resolv.conf" "$PWD/root/etc/resolv.conf"
111 #Disable LLMNR, enable localhost
112 perl
-pne 's/^#LLMNR=yes$/LLMNR=no/;s/^#DNS=/DNS=127.0.0.1/' -i "$PWD/root/etc/systemd/resolved.conf"
115 rm -f "$PWD/root/etc/resolvconf/run/enable-updates"
118 cat << EOF >> "$PWD/root/etc/mdadm.conf"
123 echo -n "$ROOTPASS" | chroot
$PWD/root passwd root
--stdin
124 chroot
$PWD/root adduser
-m "$USERLOGIN"
125 echo -n "$USERPASS" | chroot
$PWD/root passwd
"$USERLOGIN" --stdin
128 perl
-pne 's/^GRUB_TIMEOUT=[0-9]+$/GRUB_TIMEOUT=1/' -i $PWD/root
/etc
/default
/grub
131 cat << EOF >> $PWD/root/etc/shorewall/zones
134 cat << EOF >> $PWD/root/etc/shorewall/policy
139 cat << EOF >> $PWD/root/etc/shorewall/rules
142 cat << EOF > $PWD/root/etc/shorewall/rules.drakx
143 ACCEPT net fw udp 68,6700:7000 -
144 ACCEPT net fw icmp 8 -
145 ACCEPT net fw tcp 20,21,22,80,443,6700:7000 -
149 cat << EOF >> $PWD/root/etc/shorewall6/zones
152 cat << EOF >> $PWD/root/etc/shorewall6/policy
157 cat << EOF >> $PWD/root/etc/shorewall6/rules
160 cat << EOF > $PWD/root/etc/shorewall6/rules.drakx
161 ACCEPT net fw udp 546,6700:7000 -
162 ACCEPT net fw icmp 128 -
163 ACCEPT net fw tcp 20,21,22,80,443,546,6700:7000 -
166 # Disable old services
167 # Strip WantedBy=multi-user.target in [Install] section of lm_sensors.service ?
168 for s
in lm_sensors network network
-auth network
-up resolvconf smartd
; do
169 if [ -f "$PWD/root/etc/rc.d/init.d/$s" -a -x "$PWD/root/etc/rc.d/init.d/$s" ]; then
170 chroot
$PWD/root
/usr
/lib
/systemd
/systemd
-sysv-install disable
$s
172 if [ -f "$PWD/root/etc/systemd/system/multi-user.target.wants/${s}.service" ]; then
173 rm -f "$PWD/root/etc/systemd/system/multi-user.target.wants/${s}.service"
177 # Extract last kernel version
178 KVER
=`chroot $PWD/root rpm -qa | perl -pne '/kernel-server-latest/||undef $_;s%^kernel-(server)-latest-([^-]+)-(.+)$%\2-\1-\3%'`
179 #XXX: we do not regenerate initrd here, it will be generated at image build step
180 rm -f "$PWD/root/boot/initrd-${KVER}.img"
182 # Check rc.local state
183 if [ -f "$PWD/root/etc/rc.d/rc.local" ]; then
184 echo "$PWD/root/etc/rc.d/rc.local not empty"
188 # First boot startup script
189 #XXX: regenerate initrd after first successfull boot to strip from useless modules
190 touch "$PWD/root/etc/rc.d/rc.local"
191 chmod a
+x
"$PWD/root/etc/rc.d/rc.local"
192 cat << EOF > "$PWD/root/etc/rc.d/rc.local"
194 . /etc/init.d/functions
197 gprintf "Disabling lm_sensors.service: "
198 /usr/bin/systemctl disable lm_sensors.service
199 [ \$? -eq 0 ] && success || failure
201 gprintf "Stopping lm_sensors.service: "
202 /usr/bin/systemctl stop lm_sensors.service
203 [ \$? -eq 0 ] && success || failure
205 gprintf "Generating initrd: "
206 /usr/sbin/mkinitrd -f -v /boot/initrd-${KVER}.img ${KVER}
207 [ \$? -eq 0 ] && success || failure
213 echo "Usage: \$0 start" >&2
220 chroot
"$PWD/root" msec
-f webserver
223 perl
-pne "my \$m='${MAIL}'; s%^(root:[\\t\\s]+)postfix\$%\\1\$m%" -i "$PWD/root/etc/postfix/aliases"
226 chroot
"$PWD/root" /usr
/sbin
/sshd
-keygen
229 #XXX: forced because msec decides otherwise
230 perl
-pne 's%^PermitRootLogin .*%PermitRootLogin yes%' -i "$PWD/root/etc/ssh/sshd_config"
232 # Prevent btmp warning
233 cat << EOF > "$PWD/root/etc/tmpfiles.d/var.conf"
234 # See tmpfiles.d(5) for details
236 # Prevent msec warning about enforcing permissions
237 f /var/log/btmp 0600 root utmp -
241 if [ -e "$HOME/.ssh/id_rsa.pub" -o -e "$HOME/.ssh/id_ed25519.pub" ]; then
242 mkdir -m 0700 "$PWD/root/root/.ssh"
243 touch "$PWD/root/root/.ssh/authorized_keys"
244 chmod u
=rw
,go
=r
"$PWD/root/root/.ssh/authorized_keys"
246 # Add rsa key if available
247 if [ -e "$HOME/.ssh/id_rsa.pub" ]; then
248 cat "$HOME/.ssh/id_rsa.pub" >> "$PWD/root/root/.ssh/authorized_keys"
251 # Add ed25519 key if available
252 if [ -e "$HOME/.ssh/id_ed25519.pub" ]; then
253 cat "$HOME/.ssh/id_ed25519.pub" >> "$PWD/root/root/.ssh/authorized_keys"
257 #TODO ntp /etc/systemd/timesyncd.conf
259 # Force enable systemd-networkd.service
260 chroot
"$PWD/root" /usr
/bin
/systemctl
enable systemd
-networkd.service
262 # Force enable systemd-resolved.service
263 chroot
"$PWD/root" /usr
/bin
/systemctl
enable systemd
-resolved.service
265 # Cleanup tmp and run
266 rm -fr $PWD/root
/tmp
/* $PWD/root
/run
/*