2022-12-22 17:25:05 +01:00
|
|
|
|
#!/bin/bash
|
|
|
|
|
# Target DMZ
|
|
|
|
|
set -e
|
2022-12-23 14:32:08 +01:00
|
|
|
|
if [ -z $SNSTERGUARD ] ; then exit 1; fi
|
2022-12-22 17:25:05 +01:00
|
|
|
|
DIR=`dirname $0`
|
|
|
|
|
cd `dirname $0`
|
|
|
|
|
|
|
|
|
|
# disable systemd-resolved which conflicts with nsd
|
|
|
|
|
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
|
|
|
|
|
systemctl stop systemd-resolved
|
|
|
|
|
|
2022-12-22 18:52:38 +01:00
|
|
|
|
DEBIAN_FRONTEND=noninteractive apt-get update
|
|
|
|
|
DEBIAN_FRONTEND=noninteractive apt-get remove -y apache2
|
|
|
|
|
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
|
2022-12-22 17:25:05 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Go KAZ !
|
|
|
|
|
# KAZ specific things
|
|
|
|
|
#installation de docker, docker-compose et on y fourre le user debian dans le groupe idoine
|
|
|
|
|
|
2023-02-09 16:42:45 +01:00
|
|
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y docker.io docker-compose docker-clean git apg curl sudo unzip rsync btrfs-progs ldap-utils # fuse-overlayfs
|
2022-12-22 17:25:05 +01:00
|
|
|
|
usermod -G docker debian
|
|
|
|
|
# activation dans alias dans /root/.bashrc
|
|
|
|
|
sed -i \
|
|
|
|
|
-e 's/^\# alias/alias/g' \
|
|
|
|
|
-e 's/^\# export/export/g' \
|
|
|
|
|
-e 's/^\# eval/eval/g' \
|
|
|
|
|
/root/.bashrc
|
|
|
|
|
|
|
|
|
|
if ! grep -q "for file in /dockers" /root/.bashrc 2>/dev/null; then
|
|
|
|
|
cat >> /root/.bashrc <<EOF
|
|
|
|
|
# enable bash completion in interactive shells
|
|
|
|
|
if ! shopt -oq posix; then
|
|
|
|
|
if [ -f /usr/share/bash-completion/bash_completion ]; then
|
|
|
|
|
. /usr/share/bash-completion/bash_completion
|
|
|
|
|
elif [ -f /etc/bash_completion ]; then
|
|
|
|
|
. /etc/bash_completion
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
for file in /kaz/bin/.*-completion.bash ; do
|
|
|
|
|
source "\${file}"
|
|
|
|
|
done
|
|
|
|
|
EOF
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
2022-12-23 13:50:27 +01:00
|
|
|
|
# On met le GUARD pour la mise au point
|
|
|
|
|
echo "export SNSTERGUARD='true'" >> /root/.bashrc
|
2022-12-22 17:25:05 +01:00
|
|
|
|
|
|
|
|
|
# On active fuse-overlayfs pour docker
|
|
|
|
|
cat >> /etc/docker/daemon.json <<EOF
|
2023-02-07 22:11:03 +01:00
|
|
|
|
{ "storage-driver": "btrfs" }
|
2022-12-22 17:25:05 +01:00
|
|
|
|
EOF
|
|
|
|
|
service docker restart
|
2023-01-14 08:52:25 +01:00
|
|
|
|
|
2023-02-07 22:11:03 +01:00
|
|
|
|
#mknod -m 666 /dev/fuse c 10 229
|
|
|
|
|
#echo -e '#!/bin/sh\nmknod -m 666 /dev/fuse c 10 229' >> /etc/rc.local
|
|
|
|
|
#chmod +x /etc/rc.local
|
|
|
|
|
|
|
|
|
|
# lxc.cgroup2.devices.allow = b 7:* rwm
|
|
|
|
|
# lxc.cgroup2.devices.allow = c 10:237 rwm
|
|
|
|
|
#
|
|
|
|
|
# mknod -m 666 /dev/loop0 b 7 0
|
|
|
|
|
# mknod -m 666 /dev/loop-control c 10 237
|
|
|
|
|
# truncate -s 30G /root/varlibdocker.img
|
|
|
|
|
# mkfs.btrfs /root/varlibdocker.img
|
|
|
|
|
# losetup -f /root/varlibdocker.img
|
|
|
|
|
# mount /dev/loop0 /var/lib/docker
|
2022-12-22 17:25:05 +01:00
|
|
|
|
|
2022-12-23 13:50:27 +01:00
|
|
|
|
# On place les certifs
|
|
|
|
|
if [ -d letsencrypt ]; then
|
|
|
|
|
cp -ar letsencrypt /etc/
|
|
|
|
|
cp /etc/letsencrypt/local/rootCA.pem /usr/local/share/ca-certificates/rootCA.crt
|
|
|
|
|
/usr/sbin/update-ca-certificates --fresh
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# ./kaz.sh
|
2022-12-22 17:25:05 +01:00
|
|
|
|
|
2022-12-23 18:23:33 +01:00
|
|
|
|
# On démarre au boot
|
|
|
|
|
echo -e '#!/bin/sh\n/kaz/bin/container.sh start' >> /etc/rc.local
|
|
|
|
|
chmod +x /etc/rc.local
|
|
|
|
|
|
2022-12-22 17:25:05 +01:00
|
|
|
|
# clear apt cache
|
|
|
|
|
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
|
|
|
|
|
DEBIAN_FRONTEND=noninteractive apt-get clean
|