108 lines
3.2 KiB
Plaintext
108 lines
3.2 KiB
Plaintext
|
#!/bin/bash
|
||
|
|
||
|
TARGET=$1
|
||
|
DEBIAN_CODENAME=$2
|
||
|
LANG=C
|
||
|
VERSION="$(date +%g.%m)"
|
||
|
|
||
|
APT_PARAM=''
|
||
|
STDOUT='/dev/stdout'
|
||
|
if [ !$MKRESCUE_VERBOSE ]; then
|
||
|
APT_PARAM='-qq -o=Dpkg::Use-Pty=0';
|
||
|
STDOUT='/dev/null'
|
||
|
fi
|
||
|
|
||
|
SOFTWARE="acl acpi-support-base attr bash-completion bind9-host binutils \
|
||
|
bridge-utils bsdmainutils ca-certificates debootstrap dialog \
|
||
|
dmidecode dosfstools ethtool fdisk file gddrescue gdisk \
|
||
|
hddtemp hdparm ifenslave iproute2 iputils-ping less lsof lvm2 lzip mdadm \
|
||
|
mtr-tiny netcat-traditional net-tools ntfs-3g nvme-cli parted pciutils pixz procps \
|
||
|
psmisc rsync screen scrub smartmontools ssh strace sysstat tar tcpdump \
|
||
|
telnet traceroute tree usbutils vim vlan wget xz-utils systemd systemd-sysv \
|
||
|
nfs-common ipxe grub-pc grub-efi-amd64-bin efibootmgr pv mtools xfsprogs \
|
||
|
zfsutils-linux "
|
||
|
|
||
|
cat << EOF > ${TARGET}/usr/sbin/policy-rc.d
|
||
|
#!/bin/sh
|
||
|
#echo "All runlevel operations denied by policy" >&2
|
||
|
exit 101
|
||
|
EOF
|
||
|
chmod a+x $TARGET/usr/sbin/policy-rc.d
|
||
|
|
||
|
chroot ${TARGET} apt-get $APT_PARAM --yes install ${SOFTWARE} > $STDOUT
|
||
|
chroot ${TARGET} systemctl enable systemd-networkd.service
|
||
|
chroot ${TARGET} systemctl enable systemd-resolved.service
|
||
|
chroot ${TARGET} systemctl enable acpid.service
|
||
|
|
||
|
rm ${TARGET}/usr/sbin/policy-rc.d
|
||
|
|
||
|
echo "Etc/UTC" > ${TARGET}/etc/timezone
|
||
|
chroot ${TARGET} dpkg-reconfigure -f noninteractive tzdata
|
||
|
|
||
|
cat << EOF > ${TARGET}/etc/motd
|
||
|
|
||
|
WARNING: Authorized access only!
|
||
|
|
||
|
EOF
|
||
|
cat << EOF > ${TARGET}/etc/issue
|
||
|
WMI Rescue Linux (based on Debian GNU/Linux ${DEBIAN_CODENAME^})
|
||
|
Version ${VERSION} AMD64
|
||
|
|
||
|
EOF
|
||
|
|
||
|
#disable console blanking
|
||
|
#(consoleblank=0 as kernel param or setterm -blank 0)
|
||
|
#current value can be checked in /sys/module/kernel/parameters/consoleblank
|
||
|
echo -ne "\033[9;0]" >> ${TARGET}/etc/issue
|
||
|
|
||
|
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' ${TARGET}/etc/ssh/sshd_config
|
||
|
cat << EOF > ${TARGET}/etc/systemd/network/all.network
|
||
|
[Match]
|
||
|
Name=*
|
||
|
|
||
|
[Network]
|
||
|
DHCP=yes
|
||
|
EOF
|
||
|
cat << EOF > ${TARGET}/etc/systemd/resolved.conf
|
||
|
[Resolve]
|
||
|
DNS=8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
|
||
|
EOF
|
||
|
rm ${TARGET}/etc/resolv.conf
|
||
|
ln -s /run/systemd/resolve/resolv.conf ${TARGET}/etc/resolv.conf
|
||
|
rm ${TARGET}/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service
|
||
|
#use old network device names
|
||
|
ln -s /dev/null ${TARGET}/etc/systemd/network/99-default.link
|
||
|
cat << EOF > ${TARGET}/etc/systemd/system/ssh-session-cleanup.service
|
||
|
[Unit]
|
||
|
Description=OpenBSD Secure Shell session cleanup
|
||
|
Wants=network.target
|
||
|
After=network.target
|
||
|
|
||
|
[Service]
|
||
|
ExecStart=/bin/true
|
||
|
ExecStop=/usr/lib/openssh/ssh-session-cleanup
|
||
|
RemainAfterExit=yes
|
||
|
Type=oneshot
|
||
|
|
||
|
[Install]
|
||
|
WantedBy=multi-user.target
|
||
|
EOF
|
||
|
chroot ${TARGET} systemctl enable ssh-session-cleanup.service
|
||
|
cat << EOF > ${TARGET}/etc/screenrc
|
||
|
startup_message off
|
||
|
defscrollback 5000
|
||
|
EOF
|
||
|
cat << EOF > ${TARGET}/etc/sysctl.d/60-panic.conf
|
||
|
kernel.panic = 5
|
||
|
kernel.panic_on_oops = 1
|
||
|
EOF
|
||
|
sed -i 's/" let g:skip_defaults_vim = 1/let g:skip_defaults_vim = 1/g' ${TARGET}/etc/vim/vimrc
|
||
|
rsync -avS ${TARGET}/etc/skel/ ${TARGET}/root/
|
||
|
|
||
|
|
||
|
echo zfs >> ${TARGET}/etc/modules
|
||
|
|
||
|
mkdir ${TARGET}/etc/bash_completion.d
|
||
|
cp ${TARGET}/usr/share/bash-completion/completions/zfs ${TARGET}/etc/bash_completion.d/
|
||
|
|