wmirescue/bookworm-amd64/bin/rootfs_config

108 lines
3.2 KiB
Plaintext
Raw Normal View History

2023-06-11 11:30:27 +02:00
#!/bin/bash
TARGET=$1
DEBIAN_CODENAME=$2
LANG=C
VERSION="$(date +%g.%m)"
APT_PARAM=''
STDOUT='/dev/stdout'
if [ !$MKRESCUE_VERBOSE ]; then
APT_PARAM='-qq -o=Dpkg::Use-Pty=0';
STDOUT='/dev/null'
fi
SOFTWARE="acl acpi-support-base attr bash-completion bind9-host binutils \
bridge-utils bsdmainutils ca-certificates debootstrap dialog \
dmidecode dosfstools ethtool fdisk file gddrescue gdisk \
hddtemp hdparm ifenslave iproute2 iputils-ping less lsof lvm2 lzip mdadm \
mtr-tiny netcat-traditional net-tools ntfs-3g nvme-cli parted pciutils pixz procps \
psmisc rsync screen scrub smartmontools ssh strace sysstat tar tcpdump \
telnet traceroute tree usbutils vim vlan wget xz-utils systemd systemd-sysv \
nfs-common ipxe grub-pc grub-efi-amd64-bin efibootmgr pv mtools xfsprogs \
zfsutils-linux "
cat << EOF > ${TARGET}/usr/sbin/policy-rc.d
#!/bin/sh
#echo "All runlevel operations denied by policy" >&2
exit 101
EOF
chmod a+x $TARGET/usr/sbin/policy-rc.d
chroot ${TARGET} apt-get $APT_PARAM --yes install ${SOFTWARE} > $STDOUT
chroot ${TARGET} systemctl enable systemd-networkd.service
chroot ${TARGET} systemctl enable systemd-resolved.service
chroot ${TARGET} systemctl enable acpid.service
rm ${TARGET}/usr/sbin/policy-rc.d
echo "Etc/UTC" > ${TARGET}/etc/timezone
chroot ${TARGET} dpkg-reconfigure -f noninteractive tzdata
cat << EOF > ${TARGET}/etc/motd
WARNING: Authorized access only!
EOF
cat << EOF > ${TARGET}/etc/issue
WMI Rescue Linux (based on Debian GNU/Linux ${DEBIAN_CODENAME^})
Version ${VERSION} AMD64
EOF
#disable console blanking
#(consoleblank=0 as kernel param or setterm -blank 0)
#current value can be checked in /sys/module/kernel/parameters/consoleblank
echo -ne "\033[9;0]" >> ${TARGET}/etc/issue
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' ${TARGET}/etc/ssh/sshd_config
cat << EOF > ${TARGET}/etc/systemd/network/all.network
[Match]
Name=*
[Network]
DHCP=yes
EOF
cat << EOF > ${TARGET}/etc/systemd/resolved.conf
[Resolve]
DNS=8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
EOF
rm ${TARGET}/etc/resolv.conf
ln -s /run/systemd/resolve/resolv.conf ${TARGET}/etc/resolv.conf
rm ${TARGET}/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service
#use old network device names
ln -s /dev/null ${TARGET}/etc/systemd/network/99-default.link
cat << EOF > ${TARGET}/etc/systemd/system/ssh-session-cleanup.service
[Unit]
Description=OpenBSD Secure Shell session cleanup
Wants=network.target
After=network.target
[Service]
ExecStart=/bin/true
ExecStop=/usr/lib/openssh/ssh-session-cleanup
RemainAfterExit=yes
Type=oneshot
[Install]
WantedBy=multi-user.target
EOF
chroot ${TARGET} systemctl enable ssh-session-cleanup.service
cat << EOF > ${TARGET}/etc/screenrc
startup_message off
defscrollback 5000
EOF
cat << EOF > ${TARGET}/etc/sysctl.d/60-panic.conf
kernel.panic = 5
kernel.panic_on_oops = 1
EOF
sed -i 's/" let g:skip_defaults_vim = 1/let g:skip_defaults_vim = 1/g' ${TARGET}/etc/vim/vimrc
rsync -avS ${TARGET}/etc/skel/ ${TARGET}/root/
echo zfs >> ${TARGET}/etc/modules
mkdir ${TARGET}/etc/bash_completion.d
cp ${TARGET}/usr/share/bash-completion/completions/zfs ${TARGET}/etc/bash_completion.d/