X-Git-Url: https://git.rapsys.eu/distcook/blobdiff_plain/658759498941fe6b714790087db75ea29050ddee..HEAD:/lib/pattern.sh

diff --git a/lib/pattern.sh b/lib/pattern.sh
index a0d0f6a..4c167fb 100755
--- a/lib/pattern.sh
+++ b/lib/pattern.sh
@@ -4,7 +4,8 @@
 perl -pne 's%(?:(COMP_CONFIGURE_HINTS|COMP_TAR_INTERNAL_PATHS)=1?)%${1}=1%' -i "$PWD/root/etc/sysconfig/bash-completion"
 
 #Disable gpg agent
-perl -pne 's%(?:(START_GPGAGENT|START_GPGAGENT_SH)=(?:"?(no|yes)"?)?)%${1}="no"%' -i "$PWD/root/etc/sysconfig/gnupg2"
+#XXX: moved to a user systemd service
+#perl -pne 's%(?:(START_GPGAGENT|START_GPGAGENT_SH)=(?:"?(no|yes)"?)?)%${1}="no"%' -i "$PWD/root/etc/sysconfig/gnupg2"
 
 #Locale config
 cat << EOF > "$PWD/root/etc/vconsole.conf"
@@ -82,24 +83,28 @@ DHCP=yes
 EOF
 fi
 
+#Mysql
+mkdir -p "$PWD/root/var/lib/mysql"
+
+#Mail
+mkdir -p "$PWD/root/var/spool/mail"
+
 #Fstab
-#XXX: grub-legacy don't support ext4 and xfs V5 file format for /boot
 cat << EOF > "$PWD/root/etc/fstab"
-UUID=${BOOTUUID}	/boot	ext3	defaults,noatime 1 2
-UUID=${SLASHUUID}	/	btrfs	defaults,relatime 1 1
-UUID=${SWAPAUUID}	none	swap	sw 0 0
-UUID=${SWAPBUUID}	none	swap	sw 0 0
-UUID=${DATAUUID}	/media	btrfs	defaults,relatime,nofail 1 2
+UUID=${BOOTUUID}	/boot		ext3	defaults,noatime 1 2
+UUID=${DATAUUID}	/		btrfs	subvol=/slash,defaults,relatime 1 1
+UUID=${SWAPAUUID}	none		swap	sw 0 0
+UUID=${SWAPBUUID}	none		swap	sw 0 0
+UUID=${DATAUUID}	/home		btrfs	subvol=/home,defaults,relatime 1 1
+UUID=${DATAUUID}	/var/lib/mysql	btrfs	subvol=/mysql,defaults,relatime 1 1
+UUID=${DATAUUID}	/var/spool/mail	btrfs	subvol=/mail,defaults,relatime 1 1
 proc						/proc	proc	defaults 0 0
 EOF
 
-# Copy grub files
-cp -f $PWD/root/lib/grub/${ARCH}-mageia/{e2fs_stage1_5,stage{1,2}} $PWD/root/boot/grub/
-
 #Crypttab
+#XXX: Don't forget to add option nofail,noauto for every devices requiring manual unlocking
 cat << EOF > "$PWD/root/etc/crypttab"
-${SLASHNAME}	UUID=${LUKSSLASHUUID}
-${DATANAME}	UUID=${LUKSDATAUUID}	-	nofail,noauto
+${DATANAME}	UUID=${LUKSDATAUUID}
 EOF
 
 #Set resolv.conf
@@ -120,30 +125,8 @@ echo -n "$ROOTPASS" | chroot $PWD/root passwd root --stdin
 chroot $PWD/root adduser -m "$USERLOGIN"
 echo -n "$USERPASS" | chroot $PWD/root passwd "$USERLOGIN" --stdin
 
-#Grub file
-cat << EOF > $PWD/root/boot/grub/menu.lst
-timeout 5
-color black/cyan yellow/cyan
-gfxmenu (hd0,0)/gfxmenu
-default 0
-
-title linux
-root (hd0,0)
-kernel /vmlinuz-server BOOT_IMAGE=linux root=UUID=$SLASHUUID PROFILE=default splash=verbose vga=793
-initrd /initrd-server.img
-
-title failsafe
-root (hd0,0)
-kernel /vmlinuz-server BOOT_IMAGE=failsafe root=UUID=$SLASHUUID rd.luks.uuid=$LUKSSLASHUUID failsafe
-initrd /initrd-server.img
-EOF
-#Update grub fx menu
-chroot $PWD/root grub-gfxmenu --lang fr --update-theme --update-gfxmenu
-
-#Grub device.map
-cat << EOF > $PWD/root/boot/grub/device.map
-(hd0)	/dev/sda
-EOF
+# Fix grub config
+perl -pne 's/^GRUB_TIMEOUT=[0-9]+$/GRUB_TIMEOUT=1/' -i $PWD/root/etc/default/grub
 
 #Shorewall
 cat << EOF >> $PWD/root/etc/shorewall/zones
@@ -247,14 +230,38 @@ chroot "$PWD/root" /usr/sbin/sshd-keygen
 #XXX: forced because msec decides otherwise
 perl -pne 's%^PermitRootLogin .*%PermitRootLogin yes%' -i "$PWD/root/etc/ssh/sshd_config"
 
-# Add rsa key if available
-#XXX: dsa is unsupported anymore
-if [ -e "$HOME/.ssh/id_rsa.pub" ]; then
-	[ ! -d "$PWD/root/root/.ssh" ] && mkdir -m 0700 "$PWD/root/root/.ssh"
-	cp -f "$HOME/.ssh/id_rsa.pub" "$PWD/root/root/.ssh/authorized_keys"
+# Prevent btmp warning
+cat << EOF > "$PWD/root/etc/tmpfiles.d/var.conf"
+# See tmpfiles.d(5) for details
+
+# Prevent msec warning about enforcing permissions
+f /var/log/btmp 0600 root utmp -
+EOF
+
+# Authorized keys
+if [ -e "$HOME/.ssh/id_rsa.pub" -o -e "$HOME/.ssh/id_ed25519.pub" ]; then
+	mkdir -m 0700 "$PWD/root/root/.ssh"
+	touch "$PWD/root/root/.ssh/authorized_keys"
+	chmod u=rw,go=r "$PWD/root/root/.ssh/authorized_keys"
+
+	# Add rsa key if available
+	if [ -e "$HOME/.ssh/id_rsa.pub" ]; then
+		cat "$HOME/.ssh/id_rsa.pub" >> "$PWD/root/root/.ssh/authorized_keys"
+	fi
+
+	# Add ed25519 key if available
+	if [ -e "$HOME/.ssh/id_ed25519.pub" ]; then
+		cat "$HOME/.ssh/id_ed25519.pub" >> "$PWD/root/root/.ssh/authorized_keys"
+	fi
 fi
 
 #TODO ntp /etc/systemd/timesyncd.conf
 
+# Force enable systemd-networkd.service
+chroot "$PWD/root" /usr/bin/systemctl enable systemd-networkd.service
+
+# Force enable systemd-resolved.service
+chroot "$PWD/root" /usr/bin/systemctl enable systemd-resolved.service
+
 # Cleanup tmp and run
 rm -fr $PWD/root/tmp/* $PWD/root/run/*