#!/bin/bash TARGET=$1 DEBIAN_CODENAME=$2 LANG=C VERSION="$(date +%g.%m)" APT_PARAM='' STDOUT='/dev/stdout' if [ !$MKRESCUE_VERBOSE ]; then APT_PARAM='-qq -o=Dpkg::Use-Pty=0'; STDOUT='/dev/null' fi SOFTWARE="acl acpi-support-base attr bash-completion bind9-host binutils \ bridge-utils bsdmainutils ca-certificates debootstrap dialog \ dmidecode dosfstools ethtool fdisk file gddrescue gdisk \ hddtemp hdparm ifenslave iproute2 iputils-ping less lsof lvm2 lzip mdadm \ mtr-tiny netcat-traditional net-tools ntfs-3g parted pciutils pixz procps \ psmisc rsync screen scrub smartmontools ssh strace sysstat tar tcpdump \ telnet traceroute tree usbutils vim vlan wget xz-utils systemd systemd-sysv \ nfs-common ipxe grub-pc grub-efi-amd64-bin efibootmgr pv mtools xfsprogs \ zfsutils-linux " cat << EOF > ${TARGET}/usr/sbin/policy-rc.d #!/bin/sh #echo "All runlevel operations denied by policy" >&2 exit 101 EOF chmod a+x $TARGET/usr/sbin/policy-rc.d chroot ${TARGET} apt-get $APT_PARAM --yes install ${SOFTWARE} > $STDOUT chroot ${TARGET} systemctl enable systemd-networkd.service chroot ${TARGET} systemctl enable systemd-resolved.service chroot ${TARGET} systemctl enable acpid.service rm ${TARGET}/usr/sbin/policy-rc.d echo "Etc/UTC" > ${TARGET}/etc/timezone chroot ${TARGET} dpkg-reconfigure -f noninteractive tzdata cat << EOF > ${TARGET}/etc/motd WARNING: Authorized access only! EOF cat << EOF > ${TARGET}/etc/issue WMI Rescue Linux (based on Debian GNU/Linux ${DEBIAN_CODENAME^}) Version ${VERSION} AMD64 EOF #disable console blanking #(consoleblank=0 as kernel param or setterm -blank 0) #current value can be checked in /sys/module/kernel/parameters/consoleblank echo -ne "\033[9;0]" >> ${TARGET}/etc/issue sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' ${TARGET}/etc/ssh/sshd_config cat << EOF > ${TARGET}/etc/systemd/network/all.network [Match] Name=* [Network] DHCP=yes EOF cat << EOF > ${TARGET}/etc/systemd/resolved.conf [Resolve] DNS=8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844 EOF rm ${TARGET}/etc/resolv.conf ln -s /run/systemd/resolve/resolv.conf ${TARGET}/etc/resolv.conf rm ${TARGET}/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service #use old network device names ln -s /dev/null ${TARGET}/etc/systemd/network/99-default.link cat << EOF > ${TARGET}/etc/systemd/system/ssh-session-cleanup.service [Unit] Description=OpenBSD Secure Shell session cleanup Wants=network.target After=network.target [Service] ExecStart=/bin/true ExecStop=/usr/lib/openssh/ssh-session-cleanup RemainAfterExit=yes Type=oneshot [Install] WantedBy=multi-user.target EOF chroot ${TARGET} systemctl enable ssh-session-cleanup.service cat << EOF > ${TARGET}/etc/screenrc startup_message off defscrollback 5000 EOF cat << EOF > ${TARGET}/etc/sysctl.d/60-panic.conf kernel.panic = 5 kernel.panic_on_oops = 1 EOF sed -i 's/" let g:skip_defaults_vim = 1/let g:skip_defaults_vim = 1/g' ${TARGET}/etc/vim/vimrc rsync -avS ${TARGET}/etc/skel/ ${TARGET}/root/ echo zfs >> ${TARGET}/etc/modules mkdir ${TARGET}/etc/bash_completion.d cp ${TARGET}/usr/share/bash-completion/completions/zfs ${TARGET}/etc/bash_completion.d/