diff --git a/.gitignore b/.gitignore index b28efb9..345afb6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ *.img *.zip -clone/server/** +/clone/server/** +/clone/clone.conf diff --git a/clone/clone b/clone/clone index a60e302..e21210e 100755 --- a/clone/clone +++ b/clone/clone @@ -123,33 +123,29 @@ step4(){ step5(){ echo "\n>>> [5] Updating users"; - echo " (.) Adding user sats-user"; - # shadow - echo " /etc/shadow"; - ## TODO: Manage default password ## - echo "sats-user:$6$NvC.M5Yz$IRr1rOWhgSQNstmaZK9VLHJzqHebJaEBDaro8M6WyeWQjdLyas4cg5qDwziTVLBC9CI22sPGY.us8saZW0xMl0:17185:0:999999:7::" | sudo tee -a /mnt/etc/shadow > /dev/null; - echo "sats-user:$6$NvC.M5Yz$IRr1rOWhgSQNstmaZK9VLHJzqHebJaEBDaro8M6WyeWQjdLyas4cg5qDwziTVLBC9CI22sPGY.us8saZW0xMl0:17185:0:999999:7::" | sudo tee -a /mnt/etc/shadow- > /dev/null; + # (1) Removing pi entry # + echo " (.) Remove pi entry" + echo " > /etc/shadow"; + sudo cat /mnt/etc/shadow | grep -vE "^pi:" | tee ./tmp/shadow > /dev/null; - # passwd - echo " /etc/passwd"; - echo "sats-user:x:666:666:sats-user,,,:/home/sats-user:/bin/sh" | sudo tee -a /mnt/etc/passwd > /dev/null; - echo "sats-user:x:666:666:sats-user,,,:/home/sats-user:/bin/sh" | sudo tee -a /mnt/etc/passwd- > /dev/null; + # (2) Adding 'sats' user and new pi entry # + echo " (.) Adding 'sats' user and updated pi entry"; + echo " > /etc/shadow"; + cat ./utility/shadow_append | tee -a ./tmp/shadow > /dev/null; + cat ./tmp/shadow | sudo tee /mnt/etc/shadow | sudo tee /mnt/etc/shadow- > /dev/null; + rm ./tmp/shadow; - echo " (.) Removing pi's login password"; - # create temp file with new pi's password - sudo cat /mnt/etc/shadow | sed 's/pi:[^:]\+:/pi:$6$k0vFWRoG$bEBdFcFBWw2fLEA.5LsVKOtLWdWSkZMnEikqOG4jHCneRrWEBnEt6.ROe60ggdA7DbdU.l2ZO35WFvi3q6Ays\/:/' | sudo tee /mnt/etc/shadow.tmp > /dev/null; - # write original files - sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow > /dev/null; - sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow- > /dev/null; - # remove temporary file - sudo rm /mnt/etc/shadow.tmp; + echo " > /etc/passwd"; + cat ./utility/passwd_append | sudo tee -a /mnt/etc/passwd > /dev/null; + sudo cat /mnt/etc/passwd | sudo tee /mnt/etc/passwd- > /dev/null; - echo " (.) Copying pi's .bashrc to sats-user"; - sudo mkdir /mnt/home/sats-user; - sudo cp /mnt/home/pi/.bashrc /mnt/home/sats-user/.bashrc; - sudo chown 666:666 /mnt/home/sats-user/.bashrc; - sudo chmod 544 /mnt/home/sats-user/.bashrc; + + echo " (.) Copying pi's .bashrc to sats"; + sudo mkdir -p /mnt/home/sats; + sudo cp /mnt/home/pi/.bashrc /mnt/home/sats/.bashrc; + sudo chown 666:666 /mnt/home/sats/.bashrc; + sudo chmod 544 /mnt/home/sats/.bashrc; echo "<<< done"; @@ -160,19 +156,10 @@ step5(){ # [6] Updating groups #========================================================# step6(){ - echo "\n>>> [6] Updating groups"; + echo "\n>>> [6] Updating groups (ssh-key, sats)"; - echo " (.) Adding group ssh-key"; - # group - echo " /etc/group"; - echo "ssh-key:x:555:pi,sats-user" | sudo tee -a /mnt/etc/group > /dev/null; - echo "ssh-key:x:555:pi,sats-user" | sudo tee -a /mnt/etc/group- > /dev/null; - - echo " (.) Adding group sats-user"; - # group - echo " /etc/group"; - echo "sats-user:x:666:sats-user" | sudo tee -a /mnt/etc/group > /dev/null; - echo "sats-user:x:666:sats-user" | sudo tee -a /mnt/etc/group- > /dev/null; + cat ./utility/group_append | sudo tee -a /mnt/etc/group > /dev/null; + cat ./utility/group_append | sudo tee -a /mnt/etc/group- > /dev/null; echo "<<< done": @@ -197,37 +184,34 @@ step7(){ cat ./tmp/id_ecdsa.pub >> ./server/authorized_keys; # (3) Create ssh file system # - echo " (.) Init ssh folder (/home/sats-user/.ssh)"; - sudo mkdir -p /mnt/home/sats-user/.ssh; + echo " (.) Init ssh folder (/home/sats/.ssh)"; + sudo mkdir -p /mnt/home/sats/.ssh; - # (4) Add both keys to sats-user files # + # (4) Add both keys to sats files # echo " (.) Add keys to ssh folder"; - sudo mv ./tmp/id_ecdsa /mnt/home/sats-user/.ssh/id_ecdsa; - sudo mv ./tmp/id_ecdsa.pub /mnt/home/sats-user/.ssh/id_ecdsa.pub; + sudo mv ./tmp/id_ecdsa /mnt/home/sats/.ssh/id_ecdsa; + sudo mv ./tmp/id_ecdsa.pub /mnt/home/sats/.ssh/id_ecdsa.pub; # (5) Add maintenance keys # echo " (.) Add maintenance keys'"; - sudo touch /mnt/home/sats-user/.ssh/authorized_keys; - cat ./server/maintenance/*.pub | sudo tee /mnt/home/sats-user/.ssh/authorized_keys > /dev/null; + sudo touch /mnt/home/sats/.ssh/authorized_keys; + cat ./server/maintenance/*.pub | sudo tee /mnt/home/sats/.ssh/authorized_keys > /dev/null; # (6) Set up permissions # echo " (.) Set up permissions"; - sudo chown -R 666:666 /mnt/home/sats-user/; - sudo chmod 400 /mnt/home/sats-user/.ssh/*; + sudo chown -R 666:666 /mnt/home/sats/; + sudo chmod 400 /mnt/home/sats/.ssh/*; # (7) Restrict access to pubkey only (no password) # echo " (.) Restrict access to pubkey"; - echo "\nAllowGroups\tssh-key\nPasswordAuthentication\tno" | sudo tee -a /mnt/etc/ssh/sshd_config > /dev/null; + cat ./utility/sshd_config_append | sudo tee -a /mnt/etc/ssh/sshd_config > /dev/null; # (8) Set up automatic ssh server at start up # - echo " (.) Trigger ssh server on start up" - echo "sudo service ssh restart" | sudo tee -a /mnt/home/pi/.bashrc > /dev/null; - # echo "sudo service ssh restart" | sudo tee -a /mnt/home/sats-user/.bashrc > /dev/null; - sudo chown 666:666 /mnt/home/sats-user/.bashrc; - sudo chmod 755 /mnt/home/sats-user/.bashrc; + echo " (.) Emulate \`systemctl enable ssh.service\`"; + sudo ln -fs /lib/systemd/system/ssh.service /mnt/etc/systemd/system/ssh.service; echo "<<< done"; @@ -236,7 +220,7 @@ step7(){ } -# [8] Set up sats-user automatic login +# [8] Set up sats automatic login #========================================================# step8(){ echo "\n>>> [8] Set up automatic login"; @@ -248,16 +232,10 @@ step8(){ # (2) Link autologin to tty service # echo " (.) Link autologin script to tty's default"; - #sudo cat /mnt/etc/systemd/system/autologin@.service \ - # | sed 's/ pi / sats-user /' \ - # | tee ./tmp/autologin@.service > /dev/null; - #sudo cp ./tmp/autologin@.service /mnt/etc/systemd/system/autologin@.service; - #rm ./tmp/autologin@.service; - #sudo ln -fs /etc/systemd/system/autologin@.service /mnt/etc/systemd/system/getty.target.wants/getty@tty1.service; - sudo mkdir -pv /mnt/etc/systemd/system/getty@tty1.service.d; sudo touch /mnt/etc/systemd/system/getty@tty1.service.d/autologin.conf; - echo -e "[Service]\nExecStart=\nExecStart=-/sbin/agetty --autologin sats-user --noclear I 38400 linux" | sudo tee /mnt/etc/systemd/system/getty@tty1.service.d/autologin.conf > /dev/null; + cat ./utility/autologin_overload.conf | sudo tee /mnt/etc/systemd/system/getty@tty1.service.d/autologin.conf > /dev/null; + echo "<<< done"; @@ -281,6 +259,32 @@ step9(){ } +# [10] Set up SATS daemon +#========================================================# +step10(){ + + echo "\n>>> [10] Set up SATS daemon"; + + # (1) Create daemon folder # + echo " (.) Create daemon folder"; + sudo mkdir -p /home/sats/satsd; + + # (2) Init git repository with ssh url # + echo " (.) Clone git repo with server's ssh url"; + sudo git clone --depth=1 ssh://gw@xdrm.io/home/gw/satsd /home/sats/satsd; + + # (3) Set up git pull with good key # + echo " (.) Set up \`git pull\` with registered ssh key"; + git pull origin master; + + + + echo "<<< done"; + + step11; + +} + # [0] Step choice #========================================================# @@ -292,8 +296,9 @@ echo "(4) Mount / partition"; echo "(5) Update users"; echo "(6) Update groups"; echo "(7) Manage ssh keys"; -echo "(8) Set up automatic sats-user login"; +echo "(8) Set up automatic sats login"; echo "(9) Set up WiFi config"; +echo "(10) Set up SATS daemon"; read -p "step: " step; case $step in @@ -306,5 +311,6 @@ case $step in "7") step7;; "8") step8;; "9") step9;; + "10") step10;; *) echo "wrong step"; exit;; esac; diff --git a/clone/clone.conf b/clone/clone.conf index baa6846..85e4ec4 100644 --- a/clone/clone.conf +++ b/clone/clone.conf @@ -1,4 +1,4 @@ # WIFI SETTINGS -export WIFI_SSID="some-wifi-ssid"; -export WIFI_PASS="some-wifi-password"; +export WIFI_SSID="freeboxma"; +export WIFI_PASS=" manon adrien "; diff --git a/clone/utility/autologin_overload.conf b/clone/utility/autologin_overload.conf new file mode 100644 index 0000000..ae12504 --- /dev/null +++ b/clone/utility/autologin_overload.conf @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=-/sbin/agetty --autologin sats --noclear I 38440 linux diff --git a/clone/utility/group_append b/clone/utility/group_append new file mode 100644 index 0000000..9eac47f --- /dev/null +++ b/clone/utility/group_append @@ -0,0 +1,2 @@ +ssh-key:x:555:pi,sats +sats:x:666:sats diff --git a/clone/utility/passwd_append b/clone/utility/passwd_append new file mode 100644 index 0000000..fb6eaaa --- /dev/null +++ b/clone/utility/passwd_append @@ -0,0 +1 @@ +sats:x:666:666:sats,,,:/home/sats:/bin/sh diff --git a/clone/utility/shadow_append b/clone/utility/shadow_append new file mode 100644 index 0000000..3578688 --- /dev/null +++ b/clone/utility/shadow_append @@ -0,0 +1,2 @@ +pi:$6$k0vFWRoG$bEBdFcFBWw2fLEA.5LsVKOtLWdWSkZMnEikqOG4jHCneRrWEBnEt6.ROe60ggdA7DbdU.l2ZO35WFvi3q6Ays/:17130:0:99999:7::: +sats:$6$NvC.M5Yz$IRr1rOWhgSQNstmaZK9VLHJzqHebJaEBDaro8M6WyeWQjdLyas4cg5qDwziTVLBC9CI22sPGY.us8saZW0xMl0:17185:0:999999:7:: diff --git a/clone/utility/sshd_config_append b/clone/utility/sshd_config_append new file mode 100644 index 0000000..69bfe7e --- /dev/null +++ b/clone/utility/sshd_config_append @@ -0,0 +1,2 @@ +AllowGroups ssh-key +PasswordAuthentication no