#!/bin/bash if [ -z "${KAZGUARD}" ] ; then exit 1 fi resize2fs /dev/sda1 DIR=$(cd "$(dirname $0)"; pwd) cd "${DIR}" set -e export VAGRANT_SRC_DIR=/vagrant/files mkdir -p "${VAGRANT_SRC_DIR}/log/" export DebugLog="${VAGRANT_SRC_DIR}/log/log-vagrant-$(date +%y-%m-%d-%T)-" ( echo "########## ********** Start Vagrant $(date +%D-%T)" #pour la résolution de noms dans /etc/hosts SERVICES_LIST="smtp mail ldap www depot tableur pad webmail sondage garradin test-garradin wiki git agora cloud office cachet quotas" # Copie de qques fichiers cp "${VAGRANT_SRC_DIR}/keyboard" /etc/default/keyboard sysctl -w net.ipv4.ip_forward=1 # MAJ et install sed -i -e 's/main.*/main contrib non-free/' /etc/apt/sources.list DEBIAN_FRONTEND=noninteractive apt-get --allow-releaseinfo-change update DEBIAN_FRONTEND=noninteractive apt-get -y upgrade DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade DEBIAN_FRONTEND=noninteractive apt-get install -y apg curl git sudo unzip rsync firefox-esr tcpdump net-tools mousepad wireshark swapspace whois ldap-utils python3-lxc lxc python3-pygraphviz python3-pil python3-yaml imagemagick btrfs-progs # could be with --no-install-recommends DEBIAN_FRONTEND=noninteractive apt-get install -y xfce4 lightdm xfce4-terminal xserver-xorg gitk # needs to install recommends ssh-keygen -t rsa -b 4096 -N '' <<<$'\ny' rsync /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys echo -e "\n #### create user\n" # Creation des utilisateurs usermod -p $(mkpasswd --method=sha-512 root) root useradd -m -s "/bin/bash" -p $(mkpasswd --method=sha-512 debian) debian || true # don't fail if user already exists # augmentation de la taille de /run si lowmem #echo "tmpfs /run tmpfs nosuid,noexec,size=26M 0 0" >> /etc/fstab #mount -o remount /run # Désactivation de la mise en veille de l'écran mkdir -p /etc/X11/xorg.conf.d/ rsync -a "${VAGRANT_SRC_DIR}/10-monitor.conf" /etc/X11/xorg.conf.d/ # mv /etc/xdg/autostart/light-locker.desktop /etc/xdg/autostart/light-locker.desktop.bak DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y light-locker #faut virer exim, il fout la grouille avec le docker postfix DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y exim4-base exim4-config exim4-daemon-light #login ssh avec mot de passe sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/" /etc/ssh/sshd_config if ! grep -q "PasswordAuthentication yes" /etc/ssh/sshd_config 2>/dev/null; then echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config fi # autorisation du routing et augmentation inotify if ! grep -q "net.ipv4.ip_forward" /etc/sysctl.conf 2>/dev/null; then echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf fi sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/" /etc/sysctl.conf if ! grep -q "fs.inotify.max_queued_events" /etc/sysctl.conf 2>/dev/null; then echo -e "fs.inotify.max_queued_events=1048576\nfs.inotify.max_user_instances=1048576\nfs.inotify.max_user_watches=1048576" >> /etc/sysctl.conf fi sysctl -p # enable bash autocompletion cat >> /etc/bash.bashrc </dev/null; then echo -e "[Configuration]\nShortcutsNoMnemonics=TRUE" >> "${TERM_CFG}" fi echo -e "\n #### set swapspace\n" # free swapspace at shutdown sed -i -e 's/ExecStart=\/usr\/sbin\/swapspace/ExecStart=\/usr\/sbin\/swapspace\nExecStop=\/usr\/sbin\/swapspace -e/' /lib/systemd/system/swapspace.service systemctl daemon-reload # limit journald log size mkdir -p /etc/systemd/journald.conf.d if [ ! -f /etc/systemd/journald.conf.d/sizelimit.conf ]; then cat > /etc/systemd/journald.conf.d/sizelimit.conf <> /etc/fstab mount /var/lib/lxc #losetup -f /root/btrfs.img #mount /dev/loop0 /var/lib/lxc sed -i -e "s/template=self.template/template=self.template, bdevtype='btrfs'/" /usr/local/lib/python3.9/dist-packages/backends/LxcBackend.py # SNSTER KAZ # cp -ar ${VAGRANT_SRC_DIR}/templates /root cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root # crypto keys cp -ar /etc/letsencrypt /root/snster-kaz/kaz/prod/ cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/ # On monte le filesystem de kaz-prod dans le /kaz de la VM pour le dév (en nofail) # mkdir /kaz-prod /kaz # echo "overlay /kaz-prod overlay lowerdir=/var/lib/lxc/sr-masters-bullseye/rootfs,upperdir=/var/lib/lxc/kaz-kaz-prod/overlay/delta,workdir=/var/lib/lxc/kaz-kaz-prod/overlay/work,nofail 0 0" >> /etc/fstab # echo "/kaz-prod/kaz /kaz none bind,nofail 0 0" >> /etc/fstab ln -s /var/lib/lxc/kaz-kaz-prod/rootfs/ /kaz-prod ln -s /kaz-prod/kaz /kaz # On met le KAZGUARD pour la mise au point echo "export KAZGUARD='true'" >> /root/.bashrc # Build SNSTER KAZ ! snster -c /root/snster-kaz create cp "${VAGRANT_SRC_DIR}/vm-install-kaz.sh" /root/ chmod +x /root/vm-install-kaz.sh cp "${VAGRANT_SRC_DIR}/vm-upgrade.sh" /root/ chmod +x /root/vm-upgrade.sh if [ "${NOKAZ}" == "true" ]; then echo "on ne fait pas l'install de kaz sur kaz-prod" else echo "on installe kaz sur kaz-prod" bash "/root/vm-install-kaz.sh" fi echo "########## ********** End Vagrant $(date +%D-%T)" ) > >(tee ${DebugLog}stdout.log) 2> >(tee ${DebugLog}stderr.log >&2) reboot # Pour sympa-SOAP # KAZPROD="snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x" # ${KAZPROD} "docker cp /etc/letsencrypt/local/rootCA.pem sympaServ:/usr/local/share/ca-certificates/rootCA.crt" # ${KAZPROD} "docker exec -it sympaServ update-ca-certificates"