]> Raphaƫl G. Git Repositories - distcook/blob - lib/pattern.sh
Rapsys Git / distcook / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add root.mount to ignored files
[distcook] / lib / pattern.sh
1 #! /bin/sh -e
2
3 #Fix bash completion
4 perl -pne 's%(?:(COMP_CONFIGURE_HINTS|COMP_TAR_INTERNAL_PATHS)=1?)%${1}=1%' -i "$PWD/root/etc/sysconfig/bash-completion"
5
6 #Disable gpg agent
7 #XXX: moved to a user systemd service
8 #perl -pne 's%(?:(START_GPGAGENT|START_GPGAGENT_SH)=(?:"?(no|yes)"?)?)%${1}="no"%' -i "$PWD/root/etc/sysconfig/gnupg2"
9
10 #Locale config
11 cat << EOF > "$PWD/root/etc/vconsole.conf"
12 KEYMAP=$KEYMAP
13 FONT=lat0-16
14 EOF
15 cat << EOF > "$PWD/root/etc/locale.conf"
16 LANGUAGE=$LOCALE:${LOCALE_ALT}
17 LANG=$LOCALE
18 EOF
19
20 #Setup networking
21 cat << EOF > "$PWD/root/etc/sysconfig/network"
22 NETWORKING=yes
23 AUTOMATIC_IFCFG=no
24 EOF
25
26 #Setup network
27 cat << EOF > "$PWD/root/etc/hostname"
28 ${NETHOSTNAME}
29 EOF
30
31 #Setup machine-info
32 cat << EOF > "$PWD/root/etc/machine-info"
33 CHASSIS=server
34 EOF
35
36 #Setup hosts
37 #XXX: we remove mask from address
38 cat << EOF > "$PWD/root/etc/hosts"
39 127.0.0.1 localhost
40 ::1 localhost
41 ${NETADDRESS4%/*} ${NETHOSTNAME} ${NETALIAS}
42 ${NETADDRESS6%/*} ${NETHOSTNAME} ${NETALIAS}
43 EOF
44
45 #Fix named config
46 perl -pne 's%listen-on port 53 \{ .+; \};%listen-on port 53 { 127.0.0.1; };%' -i "$PWD/root/etc/named.conf"
47 perl -pne 's%listen-on-v6 port 53 \{ .+; \};%listen-on-v6 port 53 { ::1; };%' -i "$PWD/root/etc/named.conf"
48
49 #Network
50 mkdir -p "$PWD/root/etc/systemd/network"
51 if [ ! -z "${NETCONFIG}" -a "${NETCONFIG}" = 'static' ]; then
52 cat << EOF > "$PWD/root/etc/systemd/network/${NETMAC}.network"
53 [Match]
54 MACAddress=${NETMAC}
55
56 [Network]
57 DHCP=no
58 Address=${NETADDRESS4}
59 Address=${NETADDRESS6}
60 DNS=${NETDNS}
61
62 [Route]
63 Destination=${NETGATEWAY4}
64
65 [Route]
66 Destination=0.0.0.0/0
67 Gateway=${NETGATEWAY4}
68
69 [Route]
70 Destination=${NETGATEWAY6}
71
72 [Route]
73 Destination=::/0
74 Gateway=${NETGATEWAY6}
75 EOF
76 else
77 cat << EOF > "$PWD/root/etc/systemd/network/${NETMAC}.network"
78 [Match]
79 MACAddress=${NETMAC}
80
81 [Network]
82 DHCP=yes
83 EOF
84 fi
85
86 #Mysql
87 mkdir -p "$PWD/root/var/lib/mysql"
88
89 #Mail
90 mkdir -p "$PWD/root/var/spool/mail"
91
92 #Fstab
93 cat << EOF > "$PWD/root/etc/fstab"
94 UUID=${BOOTUUID} /boot ext3 defaults,noatime 1 2
95 UUID=${DATAUUID} / btrfs subvol=/slash,defaults,relatime 1 1
96 UUID=${SWAPAUUID} none swap sw 0 0
97 UUID=${SWAPBUUID} none swap sw 0 0
98 UUID=${DATAUUID} /home btrfs subvol=/home,defaults,relatime 1 1
99 UUID=${DATAUUID} /var/lib/mysql btrfs subvol=/mysql,defaults,relatime 1 1
100 UUID=${DATAUUID} /var/spool/mail btrfs subvol=/mail,defaults,relatime 1 1
101 proc /proc proc defaults 0 0
102 EOF
103
104 #Crypttab
105 #XXX: Don't forget to add option nofail,noauto for every devices requiring manual unlocking
106 cat << EOF > "$PWD/root/etc/crypttab"
107 ${DATANAME} UUID=${LUKSDATAUUID}
108 EOF
109
110 #Set resolv.conf
111 ln -fs "/run/systemd/resolve/resolv.conf" "$PWD/root/etc/resolv.conf"
112 #Disable LLMNR, enable localhost
113 perl -pne 's/^#LLMNR=yes$/LLMNR=no/;s/^#DNS=/DNS=127.0.0.1/' -i "$PWD/root/etc/systemd/resolved.conf"
114
115 #Disable resolvconf
116 rm -f "$PWD/root/etc/resolvconf/run/enable-updates"
117
118 #Mail
119 cat << EOF >> "$PWD/root/etc/mdadm.conf"
120 MAILADDR ${MAIL}
121 EOF
122
123 #Password
124 echo -n "$ROOTPASS" | chroot $PWD/root passwd root --stdin
125 chroot $PWD/root adduser -m "$USERLOGIN"
126 echo -n "$USERPASS" | chroot $PWD/root passwd "$USERLOGIN" --stdin
127
128 # Fix grub config
129 perl -pne 's/^GRUB_TIMEOUT=[0-9]+$/GRUB_TIMEOUT=1/' -i $PWD/root/etc/default/grub
130
131 #Shorewall
132 cat << EOF >> $PWD/root/etc/shorewall/zones
133 net ipv4
134 EOF
135 cat << EOF >> $PWD/root/etc/shorewall/policy
136 fw net ACCEPT
137 net all DROP info
138 all all REJECT info
139 EOF
140 cat << EOF >> $PWD/root/etc/shorewall/rules
141 INCLUDE rules.drakx
142 EOF
143 cat << EOF > $PWD/root/etc/shorewall/rules.drakx
144 ACCEPT net fw udp 68,6700:7000 -
145 ACCEPT net fw icmp 8 -
146 ACCEPT net fw tcp 20,21,22,80,443,6700:7000 -
147 EOF
148
149 #Shorewall6
150 cat << EOF >> $PWD/root/etc/shorewall6/zones
151 net ipv6
152 EOF
153 cat << EOF >> $PWD/root/etc/shorewall6/policy
154 fw net ACCEPT
155 net all DROP info
156 all all REJECT info
157 EOF
158 cat << EOF >> $PWD/root/etc/shorewall6/rules
159 INCLUDE rules.drakx
160 EOF
161 cat << EOF > $PWD/root/etc/shorewall6/rules.drakx
162 ACCEPT net fw udp 546,6700:7000 -
163 ACCEPT net fw icmp 128 -
164 ACCEPT net fw tcp 20,21,22,80,443,546,6700:7000 -
165 EOF
166
167 # Disable old services
168 # Strip WantedBy=multi-user.target in [Install] section of lm_sensors.service ?
169 for s in lm_sensors network network-auth network-up resolvconf smartd; do
170 if [ -f "$PWD/root/etc/rc.d/init.d/$s" -a -x "$PWD/root/etc/rc.d/init.d/$s" ]; then
171 chroot $PWD/root /usr/lib/systemd/systemd-sysv-install disable $s
172 fi
173 if [ -f "$PWD/root/etc/systemd/system/multi-user.target.wants/${s}.service" ]; then
174 rm -f "$PWD/root/etc/systemd/system/multi-user.target.wants/${s}.service"
175 fi
176 done
177
178 # Extract last kernel version
179 KVER=`chroot $PWD/root rpm -qa | perl -pne '/kernel-server-latest/||undef $_;s%^kernel-(server)-latest-([^-]+)-(.+)$%\2-\1-\3%'`
180 #XXX: we do not regenerate initrd here, it will be generated at image build step
181 rm -f "$PWD/root/boot/initrd-${KVER}.img"
182
183 # Check rc.local state
184 if [ -f "$PWD/root/etc/rc.d/rc.local" ]; then
185 echo "$PWD/root/etc/rc.d/rc.local not empty"
186 exit 1
187 fi
188
189 # First boot startup script
190 #XXX: regenerate initrd after first successfull boot to strip from useless modules
191 touch "$PWD/root/etc/rc.d/rc.local"
192 chmod a+x "$PWD/root/etc/rc.d/rc.local"
193 cat << EOF > "$PWD/root/etc/rc.d/rc.local"
194 #! /bin/sh
195 . /etc/init.d/functions
196 case "\$1" in
197 start)
198 gprintf "Disabling lm_sensors.service: "
199 /usr/bin/systemctl disable lm_sensors.service
200 [ \$? -eq 0 ] && success || failure
201 echo
202 gprintf "Stopping lm_sensors.service: "
203 /usr/bin/systemctl stop lm_sensors.service
204 [ \$? -eq 0 ] && success || failure
205 echo
206 gprintf "Generating initrd: "
207 /usr/sbin/mkinitrd -f -v /boot/initrd-${KVER}.img ${KVER}
208 [ \$? -eq 0 ] && success || failure
209 echo
210 rm -f "\$0"
211 exit 0
212 ;;
213 *)
214 echo "Usage: \$0 start" >&2
215 exit 3
216 ;;
217 esac
218 EOF
219
220 # Fix msec
221 chroot "$PWD/root" msec -f webserver
222
223 # Fix postfix
224 perl -pne "my \$m='${MAIL}'; s%^(root:[\\t\\s]+)postfix\$%\\1\$m%" -i "$PWD/root/etc/postfix/aliases"
225
226 # Generate ssh keys
227 chroot "$PWD/root" /usr/sbin/sshd-keygen
228
229 # Allow root access
230 #XXX: forced because msec decides otherwise
231 perl -pne 's%^PermitRootLogin .*%PermitRootLogin yes%' -i "$PWD/root/etc/ssh/sshd_config"
232
233 # Prevent btmp warning
234 cat << EOF > "$PWD/root/etc/tmpfiles.d/var.conf"
235 # See tmpfiles.d(5) for details
236
237 # Prevent msec warning about enforcing permissions
238 f /var/log/btmp 0600 root utmp -
239 EOF
240
241 # Authorized keys
242 if [ -e "$HOME/.ssh/id_rsa.pub" -o -e "$HOME/.ssh/id_ed25519.pub" ]; then
243 mkdir -m 0700 "$PWD/root/root/.ssh"
244 touch "$PWD/root/root/.ssh/authorized_keys"
245 chmod u=rw,go=r "$PWD/root/root/.ssh/authorized_keys"
246
247 # Add rsa key if available
248 if [ -e "$HOME/.ssh/id_rsa.pub" ]; then
249 cat "$HOME/.ssh/id_rsa.pub" >> "$PWD/root/root/.ssh/authorized_keys"
250 fi
251
252 # Add ed25519 key if available
253 if [ -e "$HOME/.ssh/id_ed25519.pub" ]; then
254 cat "$HOME/.ssh/id_ed25519.pub" >> "$PWD/root/root/.ssh/authorized_keys"
255 fi
256 fi
257
258 #TODO ntp /etc/systemd/timesyncd.conf
259
260 # Force enable systemd-networkd.service
261 chroot "$PWD/root" /usr/bin/systemctl enable systemd-networkd.service
262
263 # Force enable systemd-resolved.service
264 chroot "$PWD/root" /usr/bin/systemctl enable systemd-resolved.service
265
266 # Cleanup tmp and run
267 rm -fr $PWD/root/tmp/* $PWD/root/run/*
Scripts to cook mageia ready to install image