Migration de la VM vers SNSTER #1
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,5 +1,6 @@
|
|||||||
.apt-mirror-config
|
.apt-mirror-config
|
||||||
.customDocker.sh
|
.customDocker.sh
|
||||||
|
.customVM.sh
|
||||||
.proxy-config
|
.proxy-config
|
||||||
.vagrant
|
.vagrant
|
||||||
DEADJOE
|
DEADJOE
|
||||||
|
@ -15,52 +15,42 @@ mkdir -p "${VAGRANT_SRC_DIR}/log/"
|
|||||||
export DebugLog="${VAGRANT_SRC_DIR}/log/log-vagrant-$(date +%y-%m-%d-%T)-"
|
export DebugLog="${VAGRANT_SRC_DIR}/log/log-vagrant-$(date +%y-%m-%d-%T)-"
|
||||||
(
|
(
|
||||||
echo "########## ********** Start Vagrant $(date +%D-%T)"
|
echo "########## ********** Start Vagrant $(date +%D-%T)"
|
||||||
#pour la résolution de noms dans /etc/hosts
|
|
||||||
SERVICES_LIST="smtp mail ldap www depot tableur pad webmail sondage garradin test-garradin wiki git agora cloud office cachet quotas"
|
|
||||||
|
|
||||||
# Copie de qques fichiers
|
# Copie de qques fichiers
|
||||||
cp "${VAGRANT_SRC_DIR}/keyboard" /etc/default/keyboard
|
cp "${VAGRANT_SRC_DIR}/keyboard" /etc/default/keyboard
|
||||||
|
|
||||||
sysctl -w net.ipv4.ip_forward=1
|
# gestions sources.list
|
||||||
|
|
||||||
# MAJ et install
|
|
||||||
sed -i -e 's/main.*/main contrib non-free/' /etc/apt/sources.list
|
sed -i -e 's/main.*/main contrib non-free/' /etc/apt/sources.list
|
||||||
if [ -f "${VAGRANT_SRC_DIR}/.apt-mirror-config" ]; then
|
sed -i -e 's/https:/http:/' /etc/apt/sources.list
|
||||||
# pour ceux qui disposent d'un cache apt local et pas la fibre
|
apt-get --allow-releaseinfo-change update
|
||||||
# suffit d'indiquer "host:port" dans le fichier ".apt-mirror-config"
|
|
||||||
. "${VAGRANT_SRC_DIR}/.apt-mirror-config"
|
|
||||||
sed -i \
|
|
||||||
-e "s%s\?://deb.debian.org%://${APT_MIRROR_DEBIAN}%g" \
|
|
||||||
-e "s%s\?://security.debian.org%://${APT_MIRROR_DEBIAN_SECURITY}%g" \
|
|
||||||
-e "s%s\?://archive.ubuntu.com%://${APT_MIRROR_UBUNTU}%g" \
|
|
||||||
-e "s%s\?://security.ubuntu.com%://${APT_MIRROR_UBUNTU_SECURITY}%g" \
|
|
||||||
/etc/apt/sources.list
|
|
||||||
fi
|
|
||||||
|
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get --allow-releaseinfo-change update
|
# Cache APT
|
||||||
|
DEBIAN_FRONTEND=noninteractive apt-get install -y apt-cacher # apt-cacher-ng does not work well on bullseye
|
||||||
|
echo "allowed_hosts = *" >> /etc/apt-cacher/apt-cacher.conf
|
||||||
|
service apt-cacher restart
|
||||||
|
echo "Acquire::http::Proxy \"http://127.0.0.1:3142\";" > /etc/apt/apt.conf.d/01proxy; # utilisation de apt-cacher-ng
|
||||||
|
|
||||||
|
# MAJ et Install
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get -y upgrade
|
DEBIAN_FRONTEND=noninteractive apt-get -y upgrade
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade
|
DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get install -y apg curl git sudo unzip rsync firefox-esr tcpdump net-tools mousepad wireshark swapspace whois ldap-utils python3-lxc lxc python3-pygraphviz python3-pil python3-yaml imagemagick btrfs-progs # could be with --no-install-recommends
|
DEBIAN_FRONTEND=noninteractive apt-get install -y apg curl git sudo unzip rsync firefox-esr tcpdump net-tools mousepad wireshark swapspace whois python3-lxc lxc python3-pygraphviz python3-pil python3-yaml imagemagick btrfs-progs # could be with --no-install-recommends
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get install -y xfce4 lightdm xfce4-terminal xserver-xorg gitk # needs to install recommends
|
DEBIAN_FRONTEND=noninteractive apt-get install -y xfce4 lightdm xfce4-terminal xserver-xorg gitk # needs to install recommends
|
||||||
|
|
||||||
ssh-keygen -t rsa -b 4096 -N '' <<<$'\ny'
|
ssh-keygen -t rsa -b 4096 -N '' <<<$'\ny'
|
||||||
rsync /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
|
rsync /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
|
||||||
|
|
||||||
# Pour le confort de chacun
|
# Pour le confort de chacun
|
||||||
# Le fihcier .customDocker.sh contient
|
# Le fihcier .customVM.sh contient
|
||||||
# DEBIAN_FRONTEND=noninteractive apt-get install -y joe
|
# DEBIAN_FRONTEND=noninteractive apt-get install -y joe
|
||||||
# DEBIAN_FRONTEND=noninteractive apt-get install -y emacs
|
# DEBIAN_FRONTEND=noninteractive apt-get install -y emacs
|
||||||
# DEBIAN_FRONTEND=noninteractive apt-get install -y vim
|
# DEBIAN_FRONTEND=noninteractive apt-get install -y vim
|
||||||
if [ -f "${VAGRANT_SRC_DIR}/.customDocker.sh" ]; then
|
if [ -f "${VAGRANT_SRC_DIR}/.customVM.sh" ]; then
|
||||||
chmod a+x "${VAGRANT_SRC_DIR}/.customDocker.sh"
|
bash "${VAGRANT_SRC_DIR}/.customVM.sh"
|
||||||
"${VAGRANT_SRC_DIR}/.customDocker.sh"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Localisation du $LANG, en par défaut, timezone Paris
|
# Localisation du $LANG, en par défaut, timezone Paris
|
||||||
if [ -z "${HOSTLANG}" ] ; then
|
if [ -z "${HOSTLANG}" ] ; then
|
||||||
HOSTLANG="en_US.UTF-8"
|
HOSTLANG="en_US.UTF-8"
|
||||||
fi
|
fi
|
||||||
echo "Europe/Paris" > /etc/timezone
|
echo "Europe/Paris" > /etc/timezone
|
||||||
ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime
|
ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime
|
||||||
@ -71,38 +61,33 @@ export DebugLog="${VAGRANT_SRC_DIR}/log/log-vagrant-$(date +%y-%m-%d-%T)-"
|
|||||||
dpkg-reconfigure --frontend=noninteractive locales || true # don't fail for a locales problem
|
dpkg-reconfigure --frontend=noninteractive locales || true # don't fail for a locales problem
|
||||||
update-locale LANG=${HOSTLANG} || true # don't fail for a locales problem
|
update-locale LANG=${HOSTLANG} || true # don't fail for a locales problem
|
||||||
|
|
||||||
|
|
||||||
echo -e "\n #### create user\n"
|
|
||||||
# Creation des utilisateurs
|
# Creation des utilisateurs
|
||||||
|
echo -e "\n #### create user\n"
|
||||||
usermod -p $(mkpasswd --method=sha-512 root) root
|
usermod -p $(mkpasswd --method=sha-512 root) root
|
||||||
useradd -m -s "/bin/bash" -p $(mkpasswd --method=sha-512 debian) debian || true # don't fail if user already exists
|
useradd -m -s "/bin/bash" -p $(mkpasswd --method=sha-512 debian) debian || true # don't fail if user already exists
|
||||||
|
|
||||||
# augmentation de la taille de /run si lowmem
|
|
||||||
#echo "tmpfs /run tmpfs nosuid,noexec,size=26M 0 0" >> /etc/fstab
|
|
||||||
#mount -o remount /run
|
|
||||||
|
|
||||||
# Désactivation de la mise en veille de l'écran
|
# Désactivation de la mise en veille de l'écran
|
||||||
mkdir -p /etc/X11/xorg.conf.d/
|
mkdir -p /etc/X11/xorg.conf.d/
|
||||||
rsync -a "${VAGRANT_SRC_DIR}/10-monitor.conf" /etc/X11/xorg.conf.d/
|
rsync -a "${VAGRANT_SRC_DIR}/10-monitor.conf" /etc/X11/xorg.conf.d/
|
||||||
# mv /etc/xdg/autostart/light-locker.desktop /etc/xdg/autostart/light-locker.desktop.bak
|
# mv /etc/xdg/autostart/light-locker.desktop /etc/xdg/autostart/light-locker.desktop.bak
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y light-locker
|
DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y light-locker
|
||||||
|
|
||||||
#faut virer exim, il fout la grouille avec le docker postfix
|
#faut virer exim, inutile
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y exim4-base exim4-config exim4-daemon-light
|
DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y exim4-base exim4-config exim4-daemon-light
|
||||||
|
|
||||||
#login ssh avec mot de passe
|
#login ssh avec mot de passe
|
||||||
sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/" /etc/ssh/sshd_config
|
sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/" /etc/ssh/sshd_config
|
||||||
if ! grep -q "PasswordAuthentication yes" /etc/ssh/sshd_config 2>/dev/null; then
|
if ! grep -q "PasswordAuthentication yes" /etc/ssh/sshd_config 2>/dev/null; then
|
||||||
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
|
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# autorisation du routing et augmentation inotify
|
# autorisation du routing et augmentation inotify
|
||||||
if ! grep -q "net.ipv4.ip_forward" /etc/sysctl.conf 2>/dev/null; then
|
if ! grep -q "net.ipv4.ip_forward" /etc/sysctl.conf 2>/dev/null; then
|
||||||
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
|
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
|
||||||
fi
|
fi
|
||||||
sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/" /etc/sysctl.conf
|
sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/" /etc/sysctl.conf
|
||||||
if ! grep -q "fs.inotify.max_queued_events" /etc/sysctl.conf 2>/dev/null; then
|
if ! grep -q "fs.inotify.max_queued_events" /etc/sysctl.conf 2>/dev/null; then
|
||||||
echo -e "fs.inotify.max_queued_events=1048576\nfs.inotify.max_user_instances=1048576\nfs.inotify.max_user_watches=1048576" >> /etc/sysctl.conf
|
echo -e "fs.inotify.max_queued_events=1048576\nfs.inotify.max_user_instances=1048576\nfs.inotify.max_user_watches=1048576" >> /etc/sysctl.conf
|
||||||
fi
|
fi
|
||||||
sysctl -p
|
sysctl -p
|
||||||
|
|
||||||
@ -128,50 +113,45 @@ EOF
|
|||||||
mkdir -p $(dirname "${TERM_CFG}")
|
mkdir -p $(dirname "${TERM_CFG}")
|
||||||
touch "${TERM_CFG}"
|
touch "${TERM_CFG}"
|
||||||
if ! grep -q "ShortcutsNoMnemonics" "${TERM_CFG}" 2>/dev/null; then
|
if ! grep -q "ShortcutsNoMnemonics" "${TERM_CFG}" 2>/dev/null; then
|
||||||
echo -e "[Configuration]\nShortcutsNoMnemonics=TRUE" >> "${TERM_CFG}"
|
echo -e "[Configuration]\nShortcutsNoMnemonics=TRUE" >> "${TERM_CFG}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo -e "\n #### set swapspace\n"
|
|
||||||
# free swapspace at shutdown
|
# free swapspace at shutdown
|
||||||
|
echo -e "\n #### set swapspace\n"
|
||||||
sed -i -e 's/ExecStart=\/usr\/sbin\/swapspace/ExecStart=\/usr\/sbin\/swapspace\nExecStop=\/usr\/sbin\/swapspace -e/' /lib/systemd/system/swapspace.service
|
sed -i -e 's/ExecStart=\/usr\/sbin\/swapspace/ExecStart=\/usr\/sbin\/swapspace\nExecStop=\/usr\/sbin\/swapspace -e/' /lib/systemd/system/swapspace.service
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
|
|
||||||
# limit journald log size
|
# limit journald log size
|
||||||
mkdir -p /etc/systemd/journald.conf.d
|
mkdir -p /etc/systemd/journald.conf.d
|
||||||
if [ ! -f /etc/systemd/journald.conf.d/sizelimit.conf ]; then
|
if [ ! -f /etc/systemd/journald.conf.d/sizelimit.conf ]; then
|
||||||
cat > /etc/systemd/journald.conf.d/sizelimit.conf <<EOF
|
cat > /etc/systemd/journald.conf.d/sizelimit.conf <<EOF
|
||||||
[Journal]
|
[Journal]
|
||||||
SystemMaxUse=20M
|
SystemMaxUse=20M
|
||||||
SystemMaxFileSize=2M
|
SystemMaxFileSize=2M
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#***********DEBUT CERTIF*******************
|
# CA et certifs avec mkcert
|
||||||
#*****************ATTENTION: MARCHE PAS (il faut accepter toutes les exceptions de sécurité
|
|
||||||
|
|
||||||
echo -e "\n #### mkcert\n"
|
echo -e "\n #### mkcert\n"
|
||||||
# Récupérer mkcert et générer la CA
|
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get install -y libnss3-tools
|
DEBIAN_FRONTEND=noninteractive apt-get install -y libnss3-tools
|
||||||
|
|
||||||
mkdir -p /root/mkcert
|
mkdir -p /root/mkcert
|
||||||
cd /root/mkcert
|
cd /root/mkcert
|
||||||
if [ ! -f mkcert ]; then
|
if [ ! -f mkcert ]; then
|
||||||
wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64 -O mkcert
|
wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64 -O mkcert
|
||||||
chmod +x mkcert
|
chmod +x mkcert
|
||||||
mkdir -p /etc/letsencrypt/local/
|
mkdir -p /etc/letsencrypt/local/
|
||||||
export CAROOT=/etc/letsencrypt/local/
|
export CAROOT=/etc/letsencrypt/local/
|
||||||
/root/mkcert/mkcert -install # CA dans /etc/letsencrypt/local/
|
/root/mkcert/mkcert -install # CA dans /etc/letsencrypt/local/
|
||||||
cd "${CAROOT}"
|
cd "${CAROOT}"
|
||||||
/root/mkcert/mkcert "*.kaz.sns" # cert et clé dans /etc/letsencrypt/local/
|
/root/mkcert/mkcert "*.kaz.sns" # cert et clé dans /etc/letsencrypt/local/
|
||||||
|
|
||||||
mkdir -p /etc/letsencrypt/live/kaz.sns/
|
mkdir -p /etc/letsencrypt/live/kaz.sns/
|
||||||
ln -s ../../local/_wildcard.kaz.sns.pem /etc/letsencrypt/live/kaz.sns/fullchain.pem
|
ln -s ../../local/_wildcard.kaz.sns.pem /etc/letsencrypt/live/kaz.sns/fullchain.pem
|
||||||
ln -s ../../local/_wildcard.kaz.sns-key.pem /etc/letsencrypt/live/kaz.sns/privkey.pem
|
ln -s ../../local/_wildcard.kaz.sns-key.pem /etc/letsencrypt/live/kaz.sns/privkey.pem
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
#***********FIN CERTIF*******************
|
|
||||||
|
|
||||||
# clear apt cache
|
# clear apt cache
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
|
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get clean
|
DEBIAN_FRONTEND=noninteractive apt-get clean
|
||||||
@ -191,22 +171,16 @@ EOF
|
|||||||
mkfs.btrfs -f /root/btrfs.img
|
mkfs.btrfs -f /root/btrfs.img
|
||||||
echo "/root/btrfs.img /var/lib/lxc btrfs loop 0 0" >> /etc/fstab
|
echo "/root/btrfs.img /var/lib/lxc btrfs loop 0 0" >> /etc/fstab
|
||||||
mount /var/lib/lxc
|
mount /var/lib/lxc
|
||||||
#losetup -f /root/btrfs.img
|
|
||||||
#mount /dev/loop0 /var/lib/lxc
|
|
||||||
sed -i -e "s/template=self.template/template=self.template, bdevtype='btrfs'/" /usr/local/lib/python3.9/dist-packages/backends/LxcBackend.py
|
sed -i -e "s/template=self.template/template=self.template, bdevtype='btrfs'/" /usr/local/lib/python3.9/dist-packages/backends/LxcBackend.py
|
||||||
|
|
||||||
# SNSTER KAZ
|
# SNSTER KAZ
|
||||||
# cp -ar ${VAGRANT_SRC_DIR}/templates /root
|
|
||||||
cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
|
cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
|
||||||
|
|
||||||
# crypto keys
|
# crypto keys
|
||||||
cp -ar /etc/letsencrypt /root/snster-kaz/kaz/prod/
|
cp -ar /etc/letsencrypt /root/snster-kaz/kaz/prod/
|
||||||
cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
|
cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
|
||||||
|
|
||||||
# On monte le filesystem de kaz-prod dans le /kaz de la VM pour le dév (en nofail)
|
# On lie le filesystem de kaz-prod dans le /kaz de la VM pour le dév
|
||||||
# mkdir /kaz-prod /kaz
|
|
||||||
# echo "overlay /kaz-prod overlay lowerdir=/var/lib/lxc/sr-masters-bullseye/rootfs,upperdir=/var/lib/lxc/kaz-kaz-prod/overlay/delta,workdir=/var/lib/lxc/kaz-kaz-prod/overlay/work,nofail 0 0" >> /etc/fstab
|
|
||||||
# echo "/kaz-prod/kaz /kaz none bind,nofail 0 0" >> /etc/fstab
|
|
||||||
ln -s /var/lib/lxc/kaz-kaz-prod/rootfs/ /kaz-prod
|
ln -s /var/lib/lxc/kaz-kaz-prod/rootfs/ /kaz-prod
|
||||||
ln -s /kaz-prod/kaz /kaz
|
ln -s /kaz-prod/kaz /kaz
|
||||||
|
|
||||||
|
2
init.sh
2
init.sh
@ -138,7 +138,7 @@ EOF
|
|||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
|
||||||
CUSTOM_CONF=files/.customDocker.sh
|
CUSTOM_CONF=files/.customVM.sh
|
||||||
echo
|
echo
|
||||||
if [ -f "${CUSTOM_CONF}" ]; then
|
if [ -f "${CUSTOM_CONF}" ]; then
|
||||||
OLD_EDITOR=$(grep install "${CUSTOM_CONF}" | grep "\(joe\|emacs\|vim\)" | head -1 | sed -e "s%.*\(joe\|emacs\|vim\).*%\1%")
|
OLD_EDITOR=$(grep install "${CUSTOM_CONF}" | grep "\(joe\|emacs\|vim\)" | head -1 | sed -e "s%.*\(joe\|emacs\|vim\).*%\1%")
|
||||||
|
Loading…
Reference in New Issue
Block a user