diff --git a/.gitignore b/.gitignore index d07c135..9ab03d0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ .apt-mirror-config .customDocker.sh +.customVM.sh .proxy-config .vagrant DEADJOE diff --git a/files/vm-provision.sh b/files/vm-provision.sh index 2b6d5bc..6e27df5 100755 --- a/files/vm-provision.sh +++ b/files/vm-provision.sh @@ -15,52 +15,42 @@ mkdir -p "${VAGRANT_SRC_DIR}/log/" export DebugLog="${VAGRANT_SRC_DIR}/log/log-vagrant-$(date +%y-%m-%d-%T)-" ( echo "########## ********** Start Vagrant $(date +%D-%T)" - #pour la résolution de noms dans /etc/hosts - SERVICES_LIST="smtp mail ldap www depot tableur pad webmail sondage garradin test-garradin wiki git agora cloud office cachet quotas" # Copie de qques fichiers cp "${VAGRANT_SRC_DIR}/keyboard" /etc/default/keyboard - sysctl -w net.ipv4.ip_forward=1 - - # MAJ et install + # gestions sources.list sed -i -e 's/main.*/main contrib non-free/' /etc/apt/sources.list - if [ -f "${VAGRANT_SRC_DIR}/.apt-mirror-config" ]; then - # pour ceux qui disposent d'un cache apt local et pas la fibre - # suffit d'indiquer "host:port" dans le fichier ".apt-mirror-config" - . "${VAGRANT_SRC_DIR}/.apt-mirror-config" - sed -i \ - -e "s%s\?://deb.debian.org%://${APT_MIRROR_DEBIAN}%g" \ - -e "s%s\?://security.debian.org%://${APT_MIRROR_DEBIAN_SECURITY}%g" \ - -e "s%s\?://archive.ubuntu.com%://${APT_MIRROR_UBUNTU}%g" \ - -e "s%s\?://security.ubuntu.com%://${APT_MIRROR_UBUNTU_SECURITY}%g" \ - /etc/apt/sources.list - fi + sed -i -e 's/https:/http:/' /etc/apt/sources.list + apt-get --allow-releaseinfo-change update - DEBIAN_FRONTEND=noninteractive apt-get --allow-releaseinfo-change update + # Cache APT + DEBIAN_FRONTEND=noninteractive apt-get install -y apt-cacher # apt-cacher-ng does not work well on bullseye + echo "allowed_hosts = *" >> /etc/apt-cacher/apt-cacher.conf + service apt-cacher restart + echo "Acquire::http::Proxy \"http://127.0.0.1:3142\";" > /etc/apt/apt.conf.d/01proxy; # utilisation de apt-cacher-ng + + # MAJ et Install DEBIAN_FRONTEND=noninteractive apt-get -y upgrade DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade - DEBIAN_FRONTEND=noninteractive apt-get install -y apg curl git sudo unzip rsync firefox-esr tcpdump net-tools mousepad wireshark swapspace whois ldap-utils python3-lxc lxc python3-pygraphviz python3-pil python3-yaml imagemagick btrfs-progs # could be with --no-install-recommends + DEBIAN_FRONTEND=noninteractive apt-get install -y apg curl git sudo unzip rsync firefox-esr tcpdump net-tools mousepad wireshark swapspace whois python3-lxc lxc python3-pygraphviz python3-pil python3-yaml imagemagick btrfs-progs # could be with --no-install-recommends DEBIAN_FRONTEND=noninteractive apt-get install -y xfce4 lightdm xfce4-terminal xserver-xorg gitk # needs to install recommends ssh-keygen -t rsa -b 4096 -N '' <<<$'\ny' rsync /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys # Pour le confort de chacun - # Le fihcier .customDocker.sh contient + # Le fihcier .customVM.sh contient # DEBIAN_FRONTEND=noninteractive apt-get install -y joe # DEBIAN_FRONTEND=noninteractive apt-get install -y emacs # DEBIAN_FRONTEND=noninteractive apt-get install -y vim - if [ -f "${VAGRANT_SRC_DIR}/.customDocker.sh" ]; then - chmod a+x "${VAGRANT_SRC_DIR}/.customDocker.sh" - "${VAGRANT_SRC_DIR}/.customDocker.sh" + if [ -f "${VAGRANT_SRC_DIR}/.customVM.sh" ]; then + bash "${VAGRANT_SRC_DIR}/.customVM.sh" fi - - # Localisation du $LANG, en par défaut, timezone Paris if [ -z "${HOSTLANG}" ] ; then - HOSTLANG="en_US.UTF-8" + HOSTLANG="en_US.UTF-8" fi echo "Europe/Paris" > /etc/timezone ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime @@ -71,38 +61,33 @@ export DebugLog="${VAGRANT_SRC_DIR}/log/log-vagrant-$(date +%y-%m-%d-%T)-" dpkg-reconfigure --frontend=noninteractive locales || true # don't fail for a locales problem update-locale LANG=${HOSTLANG} || true # don't fail for a locales problem - - echo -e "\n #### create user\n" # Creation des utilisateurs + echo -e "\n #### create user\n" usermod -p $(mkpasswd --method=sha-512 root) root useradd -m -s "/bin/bash" -p $(mkpasswd --method=sha-512 debian) debian || true # don't fail if user already exists - # augmentation de la taille de /run si lowmem - #echo "tmpfs /run tmpfs nosuid,noexec,size=26M 0 0" >> /etc/fstab - #mount -o remount /run - # Désactivation de la mise en veille de l'écran mkdir -p /etc/X11/xorg.conf.d/ rsync -a "${VAGRANT_SRC_DIR}/10-monitor.conf" /etc/X11/xorg.conf.d/ # mv /etc/xdg/autostart/light-locker.desktop /etc/xdg/autostart/light-locker.desktop.bak DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y light-locker - #faut virer exim, il fout la grouille avec le docker postfix + #faut virer exim, inutile DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y exim4-base exim4-config exim4-daemon-light #login ssh avec mot de passe sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/" /etc/ssh/sshd_config if ! grep -q "PasswordAuthentication yes" /etc/ssh/sshd_config 2>/dev/null; then - echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config + echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config fi # autorisation du routing et augmentation inotify if ! grep -q "net.ipv4.ip_forward" /etc/sysctl.conf 2>/dev/null; then - echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf + echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf fi sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/" /etc/sysctl.conf if ! grep -q "fs.inotify.max_queued_events" /etc/sysctl.conf 2>/dev/null; then - echo -e "fs.inotify.max_queued_events=1048576\nfs.inotify.max_user_instances=1048576\nfs.inotify.max_user_watches=1048576" >> /etc/sysctl.conf + echo -e "fs.inotify.max_queued_events=1048576\nfs.inotify.max_user_instances=1048576\nfs.inotify.max_user_watches=1048576" >> /etc/sysctl.conf fi sysctl -p @@ -128,50 +113,45 @@ EOF mkdir -p $(dirname "${TERM_CFG}") touch "${TERM_CFG}" if ! grep -q "ShortcutsNoMnemonics" "${TERM_CFG}" 2>/dev/null; then - echo -e "[Configuration]\nShortcutsNoMnemonics=TRUE" >> "${TERM_CFG}" + echo -e "[Configuration]\nShortcutsNoMnemonics=TRUE" >> "${TERM_CFG}" fi - echo -e "\n #### set swapspace\n" # free swapspace at shutdown + echo -e "\n #### set swapspace\n" sed -i -e 's/ExecStart=\/usr\/sbin\/swapspace/ExecStart=\/usr\/sbin\/swapspace\nExecStop=\/usr\/sbin\/swapspace -e/' /lib/systemd/system/swapspace.service systemctl daemon-reload # limit journald log size mkdir -p /etc/systemd/journald.conf.d if [ ! -f /etc/systemd/journald.conf.d/sizelimit.conf ]; then - cat > /etc/systemd/journald.conf.d/sizelimit.conf < /etc/systemd/journald.conf.d/sizelimit.conf <> /etc/fstab mount /var/lib/lxc - #losetup -f /root/btrfs.img - #mount /dev/loop0 /var/lib/lxc sed -i -e "s/template=self.template/template=self.template, bdevtype='btrfs'/" /usr/local/lib/python3.9/dist-packages/backends/LxcBackend.py # SNSTER KAZ - # cp -ar ${VAGRANT_SRC_DIR}/templates /root cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root # crypto keys cp -ar /etc/letsencrypt /root/snster-kaz/kaz/prod/ cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/ - # On monte le filesystem de kaz-prod dans le /kaz de la VM pour le dév (en nofail) -# mkdir /kaz-prod /kaz -# echo "overlay /kaz-prod overlay lowerdir=/var/lib/lxc/sr-masters-bullseye/rootfs,upperdir=/var/lib/lxc/kaz-kaz-prod/overlay/delta,workdir=/var/lib/lxc/kaz-kaz-prod/overlay/work,nofail 0 0" >> /etc/fstab -# echo "/kaz-prod/kaz /kaz none bind,nofail 0 0" >> /etc/fstab + # On lie le filesystem de kaz-prod dans le /kaz de la VM pour le dév ln -s /var/lib/lxc/kaz-kaz-prod/rootfs/ /kaz-prod ln -s /kaz-prod/kaz /kaz diff --git a/init.sh b/init.sh index 285a2b0..a2868f5 100755 --- a/init.sh +++ b/init.sh @@ -95,7 +95,7 @@ EOF break;; ""|[Nn]* ) break;; * ) echo "Please answer ip:port, yes or no.";; - + esac done @@ -134,11 +134,11 @@ EOF break;; ""|[Nn]* ) break;; * ) echo "Please answer ip:port, yes or no.";; - + esac done -CUSTOM_CONF=files/.customDocker.sh +CUSTOM_CONF=files/.customVM.sh echo if [ -f "${CUSTOM_CONF}" ]; then OLD_EDITOR=$(grep install "${CUSTOM_CONF}" | grep "\(joe\|emacs\|vim\)" | head -1 | sed -e "s%.*\(joe\|emacs\|vim\).*%\1%")