]> Raphaƫl G. Git Repositories - distcook/blob - lib/pattern.sh
ed99a725d8a639148b0f91888ff9e3177fe506a7
[distcook] / lib / pattern.sh
1 #! /bin/sh -e
2
3 #Fix bash completion
4 perl -pne 's%(?:(COMP_CONFIGURE_HINTS|COMP_TAR_INTERNAL_PATHS)=1?)%${1}=1%' -i "$PWD/root/etc/sysconfig/bash-completion"
5
6 #Disable gpg agent
7 perl -pne 's%(?:(START_GPGAGENT|START_GPGAGENT_SH)=(?:"?(no|yes)"?)?)%${1}="no"%' -i "$PWD/root/etc/sysconfig/gnupg2"
8
9 #Locale config
10 cat << EOF > "$PWD/root/etc/vconsole.conf"
11 KEYMAP=$KEYMAP
12 FONT=lat0-16
13 EOF
14 cat << EOF > "$PWD/root/etc/locale.conf"
15 LANGUAGE=$LOCALE:${LOCALE_ALT}
16 LANG=$LOCALE
17 EOF
18
19 #Setup networking
20 cat << EOF > "$PWD/root/etc/sysconfig/network"
21 NETWORKING=yes
22 AUTOMATIC_IFCFG=no
23 EOF
24
25 #Setup network
26 cat << EOF > "$PWD/root/etc/hostname"
27 ${NETHOSTNAME}
28 EOF
29
30 #Setup machine-info
31 cat << EOF > "$PWD/root/etc/machine-info"
32 CHASSIS=server
33 EOF
34
35 #Setup hosts
36 #XXX: we remove mask from address
37 cat << EOF > "$PWD/root/etc/hosts"
38 127.0.0.1 localhost
39 ::1 localhost
40 ${NETADDRESS4%/*} ${NETHOSTNAME} ${NETALIAS}
41 ${NETADDRESS6%/*} ${NETHOSTNAME} ${NETALIAS}
42 EOF
43
44 #Fix named config
45 perl -pne 's%listen-on port 53 \{ .+; \};%listen-on port 53 { 127.0.0.1; };%' -i "$PWD/root/etc/named.conf"
46 perl -pne 's%listen-on-v6 port 53 \{ .+; \};%listen-on-v6 port 53 { ::1; };%' -i "$PWD/root/etc/named.conf"
47
48 #Network
49 mkdir -p "$PWD/root/etc/systemd/network"
50 if [ ! -z "${NETCONFIG}" -a "${NETCONFIG}" = 'static' ]; then
51 cat << EOF > "$PWD/root/etc/systemd/network/${NETMAC}.network"
52 [Match]
53 MACAddress=${NETMAC}
54
55 [Network]
56 DHCP=no
57 Address=${NETADDRESS4}
58 Address=${NETADDRESS6}
59 DNS=${NETDNS}
60
61 [Route]
62 Destination=${NETGATEWAY4}
63
64 [Route]
65 Destination=0.0.0.0/0
66 Gateway=${NETGATEWAY4}
67
68 [Route]
69 Destination=${NETGATEWAY6}
70
71 [Route]
72 Destination=::/0
73 Gateway=${NETGATEWAY6}
74 EOF
75 else
76 cat << EOF > "$PWD/root/etc/systemd/network/${NETMAC}.network"
77 [Match]
78 MACAddress=${NETMAC}
79
80 [Network]
81 DHCP=yes
82 EOF
83 fi
84
85 #Fstab
86 #XXX: grub-legacy don't support ext4 and xfs V5 file format for /boot
87 cat << EOF > "$PWD/root/etc/fstab"
88 UUID=${BOOTUUID} /boot ext3 defaults,noatime 1 2
89 UUID=${SLASHUUID} / btrfs defaults,relatime 1 1
90 UUID=${SWAPAUUID} none swap sw 0 0
91 UUID=${SWAPBUUID} none swap sw 0 0
92 UUID=${DATAUUID} ${DATAPATH} btrfs defaults,relatime,nofail 1 2
93 proc /proc proc defaults 0 0
94 EOF
95
96 # Copy grub files
97 cp -f $PWD/root/lib/grub/${ARCH}-mageia/{e2fs_stage1_5,stage{1,2}} $PWD/root/boot/grub/
98
99 #Crypttab
100 cat << EOF > "$PWD/root/etc/crypttab"
101 ${SLASHNAME} UUID=${LUKSSLASHUUID}
102 ${DATANAME} UUID=${LUKSDATAUUID} - nofail,noauto
103 EOF
104
105 #Set resolv.conf
106 ln -fs "/run/systemd/resolve/resolv.conf" "$PWD/root/etc/resolv.conf"
107 #Disable LLMNR, enable localhost
108 perl -pne 's/^#LLMNR=yes$/LLMNR=no/;s/^#DNS=/DNS=127.0.0.1/' -i "$PWD/root/etc/systemd/resolved.conf"
109
110 #Disable resolvconf
111 rm -f "$PWD/root/etc/resolvconf/run/enable-updates"
112
113 #Mail
114 cat << EOF >> "$PWD/root/etc/mdadm.conf"
115 MAILADDR ${MAIL}
116 EOF
117
118 #Password
119 echo -n "$ROOTPASS" | chroot $PWD/root passwd root --stdin
120 chroot $PWD/root adduser -m "$USERLOGIN"
121 echo -n "$USERPASS" | chroot $PWD/root passwd "$USERLOGIN" --stdin
122
123 #Grub file
124 cat << EOF > $PWD/root/boot/grub/menu.lst
125 timeout 5
126 color black/cyan yellow/cyan
127 gfxmenu (hd0,0)/gfxmenu
128 default 0
129
130 title linux
131 root (hd0,0)
132 kernel /vmlinuz-server BOOT_IMAGE=linux root=UUID=$SLASHUUID PROFILE=default splash=verbose vga=793
133 initrd /initrd-server.img
134
135 title failsafe
136 root (hd0,0)
137 kernel /vmlinuz-server BOOT_IMAGE=failsafe root=UUID=$SLASHUUID rd.luks.uuid=$LUKSSLASHUUID failsafe
138 initrd /initrd-server.img
139 EOF
140 #Update grub fx menu
141 chroot $PWD/root grub-gfxmenu --lang fr --update-theme --update-gfxmenu
142
143 #Grub device.map
144 cat << EOF > $PWD/root/boot/grub/device.map
145 (hd0) /dev/sda
146 EOF
147
148 #Shorewall
149 cat << EOF >> $PWD/root/etc/shorewall/zones
150 net ipv4
151 EOF
152 cat << EOF >> $PWD/root/etc/shorewall/policy
153 fw net ACCEPT
154 net all DROP info
155 all all REJECT info
156 EOF
157 cat << EOF >> $PWD/root/etc/shorewall/rules
158 INCLUDE rules.drakx
159 EOF
160 cat << EOF > $PWD/root/etc/shorewall/rules.drakx
161 ACCEPT net fw udp 68,6700:7000 -
162 ACCEPT net fw icmp 8 -
163 ACCEPT net fw tcp 20,21,22,80,443,6700:7000 -
164 EOF
165
166 #Shorewall6
167 cat << EOF >> $PWD/root/etc/shorewall6/zones
168 net ipv6
169 EOF
170 cat << EOF >> $PWD/root/etc/shorewall6/policy
171 fw net ACCEPT
172 net all DROP info
173 all all REJECT info
174 EOF
175 cat << EOF >> $PWD/root/etc/shorewall6/rules
176 INCLUDE rules.drakx
177 EOF
178 cat << EOF > $PWD/root/etc/shorewall6/rules.drakx
179 ACCEPT net fw udp 546,6700:7000 -
180 ACCEPT net fw icmp 128 -
181 ACCEPT net fw tcp 20,21,22,80,443,546,6700:7000 -
182 EOF
183
184 # Disable old services
185 # Strip WantedBy=multi-user.target in [Install] section of lm_sensors.service ?
186 for s in lm_sensors network network-auth network-up resolvconf smartd; do
187 if [ -f "$PWD/root/etc/rc.d/init.d/$s" -a -x "$PWD/root/etc/rc.d/init.d/$s" ]; then
188 chroot $PWD/root /usr/lib/systemd/systemd-sysv-install disable $s
189 fi
190 if [ -f "$PWD/root/etc/systemd/system/multi-user.target.wants/${s}.service" ]; then
191 rm -f "$PWD/root/etc/systemd/system/multi-user.target.wants/${s}.service"
192 fi
193 done
194
195 # Extract last kernel version
196 KVER=`chroot $PWD/root rpm -qa | perl -pne '/kernel-server-latest/||undef $_;s%^kernel-(server)-latest-([^-]+)-(.+)$%\2-\1-\3%'`
197 #XXX: we do not regenerate initrd here, it will be generated at image build step
198 rm -f "$PWD/root/boot/initrd-${KVER}.img"
199
200 # Check rc.local state
201 if [ -f "$PWD/root/etc/rc.d/rc.local" ]; then
202 echo "$PWD/root/etc/rc.d/rc.local not empty"
203 exit 1
204 fi
205
206 # First boot startup script
207 #XXX: regenerate initrd after first successfull boot to strip from useless modules
208 touch "$PWD/root/etc/rc.d/rc.local"
209 chmod a+x "$PWD/root/etc/rc.d/rc.local"
210 cat << EOF > "$PWD/root/etc/rc.d/rc.local"
211 #! /bin/sh
212 . /etc/init.d/functions
213 case "\$1" in
214 start)
215 gprintf "Disabling lm_sensors.service: "
216 /usr/bin/systemctl disable lm_sensors.service
217 [ \$? -eq 0 ] && success || failure
218 echo
219 gprintf "Stopping lm_sensors.service: "
220 /usr/bin/systemctl stop lm_sensors.service
221 [ \$? -eq 0 ] && success || failure
222 echo
223 gprintf "Generating initrd: "
224 /usr/sbin/mkinitrd -f -v /boot/initrd-${KVER}.img ${KVER}
225 [ \$? -eq 0 ] && success || failure
226 echo
227 rm -f "\$0"
228 exit 0
229 ;;
230 *)
231 echo "Usage: \$0 start" >&2
232 exit 3
233 ;;
234 esac
235 EOF
236
237 # Fix msec
238 chroot "$PWD/root" msec -f webserver
239
240 # Fix postfix
241 perl -pne "my \$m='${MAIL}'; s%^(root:[\\t\\s]+)postfix\$%\\1\$m%" -i "$PWD/root/etc/postfix/aliases"
242
243 # Generate ssh keys
244 chroot "$PWD/root" /usr/sbin/sshd-keygen
245
246 # Allow root access
247 #XXX: forced because msec decides otherwise
248 perl -pne 's%^PermitRootLogin .*%PermitRootLogin yes%' -i "$PWD/root/etc/ssh/sshd_config"
249
250 # Add rsa key if available
251 #XXX: dsa is unsupported anymore
252 if [ -e "$HOME/.ssh/id_rsa.pub" ]; then
253 [ ! -d "$PWD/root/root/.ssh" ] && mkdir -m 0700 "$PWD/root/root/.ssh"
254 cp -f "$HOME/.ssh/id_rsa.pub" "$PWD/root/root/.ssh/authorized_keys"
255 fi
256
257 #TODO ntp /etc/systemd/timesyncd.conf
258
259 # Cleanup tmp and run
260 rm -fr $PWD/root/tmp/* $PWD/root/run/*