Added utility/ folder not to repeat large ..

This commit is contained in:
xdrm-brackets 2017-01-23 14:53:48 +01:00
parent d736f68281
commit b1d0c7df11
8 changed files with 80 additions and 63 deletions

3
.gitignore vendored
View File

@ -1,4 +1,5 @@
*.img
*.zip
clone/server/**
/clone/server/**
/clone/clone.conf

View File

@ -123,33 +123,29 @@ step4(){
step5(){
echo "\n>>> [5] Updating users";
echo " (.) Adding user sats-user";
# shadow
echo " /etc/shadow";
## TODO: Manage default password ##
echo "sats-user:$6$NvC.M5Yz$IRr1rOWhgSQNstmaZK9VLHJzqHebJaEBDaro8M6WyeWQjdLyas4cg5qDwziTVLBC9CI22sPGY.us8saZW0xMl0:17185:0:999999:7::" | sudo tee -a /mnt/etc/shadow > /dev/null;
echo "sats-user:$6$NvC.M5Yz$IRr1rOWhgSQNstmaZK9VLHJzqHebJaEBDaro8M6WyeWQjdLyas4cg5qDwziTVLBC9CI22sPGY.us8saZW0xMl0:17185:0:999999:7::" | sudo tee -a /mnt/etc/shadow- > /dev/null;
# (1) Removing pi entry #
echo " (.) Remove pi entry"
echo " > /etc/shadow";
sudo cat /mnt/etc/shadow | grep -vE "^pi:" | tee ./tmp/shadow > /dev/null;
# passwd
echo " /etc/passwd";
echo "sats-user:x:666:666:sats-user,,,:/home/sats-user:/bin/sh" | sudo tee -a /mnt/etc/passwd > /dev/null;
echo "sats-user:x:666:666:sats-user,,,:/home/sats-user:/bin/sh" | sudo tee -a /mnt/etc/passwd- > /dev/null;
# (2) Adding 'sats' user and new pi entry #
echo " (.) Adding 'sats' user and updated pi entry";
echo " > /etc/shadow";
cat ./utility/shadow_append | tee -a ./tmp/shadow > /dev/null;
cat ./tmp/shadow | sudo tee /mnt/etc/shadow | sudo tee /mnt/etc/shadow- > /dev/null;
rm ./tmp/shadow;
echo " (.) Removing pi's login password";
# create temp file with new pi's password
sudo cat /mnt/etc/shadow | sed 's/pi:[^:]\+:/pi:$6$k0vFWRoG$bEBdFcFBWw2fLEA.5LsVKOtLWdWSkZMnEikqOG4jHCneRrWEBnEt6.ROe60ggdA7DbdU.l2ZO35WFvi3q6Ays\/:/' | sudo tee /mnt/etc/shadow.tmp > /dev/null;
# write original files
sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow > /dev/null;
sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow- > /dev/null;
# remove temporary file
sudo rm /mnt/etc/shadow.tmp;
echo " > /etc/passwd";
cat ./utility/passwd_append | sudo tee -a /mnt/etc/passwd > /dev/null;
sudo cat /mnt/etc/passwd | sudo tee /mnt/etc/passwd- > /dev/null;
echo " (.) Copying pi's .bashrc to sats-user";
sudo mkdir /mnt/home/sats-user;
sudo cp /mnt/home/pi/.bashrc /mnt/home/sats-user/.bashrc;
sudo chown 666:666 /mnt/home/sats-user/.bashrc;
sudo chmod 544 /mnt/home/sats-user/.bashrc;
echo " (.) Copying pi's .bashrc to sats";
sudo mkdir -p /mnt/home/sats;
sudo cp /mnt/home/pi/.bashrc /mnt/home/sats/.bashrc;
sudo chown 666:666 /mnt/home/sats/.bashrc;
sudo chmod 544 /mnt/home/sats/.bashrc;
echo "<<< done";
@ -160,19 +156,10 @@ step5(){
# [6] Updating groups
#========================================================#
step6(){
echo "\n>>> [6] Updating groups";
echo "\n>>> [6] Updating groups (ssh-key, sats)";
echo " (.) Adding group ssh-key";
# group
echo " /etc/group";
echo "ssh-key:x:555:pi,sats-user" | sudo tee -a /mnt/etc/group > /dev/null;
echo "ssh-key:x:555:pi,sats-user" | sudo tee -a /mnt/etc/group- > /dev/null;
echo " (.) Adding group sats-user";
# group
echo " /etc/group";
echo "sats-user:x:666:sats-user" | sudo tee -a /mnt/etc/group > /dev/null;
echo "sats-user:x:666:sats-user" | sudo tee -a /mnt/etc/group- > /dev/null;
cat ./utility/group_append | sudo tee -a /mnt/etc/group > /dev/null;
cat ./utility/group_append | sudo tee -a /mnt/etc/group- > /dev/null;
echo "<<< done":
@ -197,37 +184,34 @@ step7(){
cat ./tmp/id_ecdsa.pub >> ./server/authorized_keys;
# (3) Create ssh file system #
echo " (.) Init ssh folder (/home/sats-user/.ssh)";
sudo mkdir -p /mnt/home/sats-user/.ssh;
echo " (.) Init ssh folder (/home/sats/.ssh)";
sudo mkdir -p /mnt/home/sats/.ssh;
# (4) Add both keys to sats-user files #
# (4) Add both keys to sats files #
echo " (.) Add keys to ssh folder";
sudo mv ./tmp/id_ecdsa /mnt/home/sats-user/.ssh/id_ecdsa;
sudo mv ./tmp/id_ecdsa.pub /mnt/home/sats-user/.ssh/id_ecdsa.pub;
sudo mv ./tmp/id_ecdsa /mnt/home/sats/.ssh/id_ecdsa;
sudo mv ./tmp/id_ecdsa.pub /mnt/home/sats/.ssh/id_ecdsa.pub;
# (5) Add maintenance keys #
echo " (.) Add maintenance keys'";
sudo touch /mnt/home/sats-user/.ssh/authorized_keys;
cat ./server/maintenance/*.pub | sudo tee /mnt/home/sats-user/.ssh/authorized_keys > /dev/null;
sudo touch /mnt/home/sats/.ssh/authorized_keys;
cat ./server/maintenance/*.pub | sudo tee /mnt/home/sats/.ssh/authorized_keys > /dev/null;
# (6) Set up permissions #
echo " (.) Set up permissions";
sudo chown -R 666:666 /mnt/home/sats-user/;
sudo chmod 400 /mnt/home/sats-user/.ssh/*;
sudo chown -R 666:666 /mnt/home/sats/;
sudo chmod 400 /mnt/home/sats/.ssh/*;
# (7) Restrict access to pubkey only (no password) #
echo " (.) Restrict access to pubkey";
echo "\nAllowGroups\tssh-key\nPasswordAuthentication\tno" | sudo tee -a /mnt/etc/ssh/sshd_config > /dev/null;
cat ./utility/sshd_config_append | sudo tee -a /mnt/etc/ssh/sshd_config > /dev/null;
# (8) Set up automatic ssh server at start up #
echo " (.) Trigger ssh server on start up"
echo "sudo service ssh restart" | sudo tee -a /mnt/home/pi/.bashrc > /dev/null;
# echo "sudo service ssh restart" | sudo tee -a /mnt/home/sats-user/.bashrc > /dev/null;
sudo chown 666:666 /mnt/home/sats-user/.bashrc;
sudo chmod 755 /mnt/home/sats-user/.bashrc;
echo " (.) Emulate \`systemctl enable ssh.service\`";
sudo ln -fs /lib/systemd/system/ssh.service /mnt/etc/systemd/system/ssh.service;
echo "<<< done";
@ -236,7 +220,7 @@ step7(){
}
# [8] Set up sats-user automatic login
# [8] Set up sats automatic login
#========================================================#
step8(){
echo "\n>>> [8] Set up automatic login";
@ -248,16 +232,10 @@ step8(){
# (2) Link autologin to tty service #
echo " (.) Link autologin script to tty's default";
#sudo cat /mnt/etc/systemd/system/autologin@.service \
# | sed 's/ pi / sats-user /' \
# | tee ./tmp/autologin@.service > /dev/null;
#sudo cp ./tmp/autologin@.service /mnt/etc/systemd/system/autologin@.service;
#rm ./tmp/autologin@.service;
#sudo ln -fs /etc/systemd/system/autologin@.service /mnt/etc/systemd/system/getty.target.wants/getty@tty1.service;
sudo mkdir -pv /mnt/etc/systemd/system/getty@tty1.service.d;
sudo touch /mnt/etc/systemd/system/getty@tty1.service.d/autologin.conf;
echo -e "[Service]\nExecStart=\nExecStart=-/sbin/agetty --autologin sats-user --noclear I 38400 linux" | sudo tee /mnt/etc/systemd/system/getty@tty1.service.d/autologin.conf > /dev/null;
cat ./utility/autologin_overload.conf | sudo tee /mnt/etc/systemd/system/getty@tty1.service.d/autologin.conf > /dev/null;
echo "<<< done";
@ -281,6 +259,32 @@ step9(){
}
# [10] Set up SATS daemon
#========================================================#
step10(){
echo "\n>>> [10] Set up SATS daemon";
# (1) Create daemon folder #
echo " (.) Create daemon folder";
sudo mkdir -p /home/sats/satsd;
# (2) Init git repository with ssh url #
echo " (.) Clone git repo with server's ssh url";
sudo git clone --depth=1 ssh://gw@xdrm.io/home/gw/satsd /home/sats/satsd;
# (3) Set up git pull with good key #
echo " (.) Set up \`git pull\` with registered ssh key";
git pull origin master;
echo "<<< done";
step11;
}
# [0] Step choice
#========================================================#
@ -292,8 +296,9 @@ echo "(4) Mount / partition";
echo "(5) Update users";
echo "(6) Update groups";
echo "(7) Manage ssh keys";
echo "(8) Set up automatic sats-user login";
echo "(8) Set up automatic sats login";
echo "(9) Set up WiFi config";
echo "(10) Set up SATS daemon";
read -p "step: " step;
case $step in
@ -306,5 +311,6 @@ case $step in
"7") step7;;
"8") step8;;
"9") step9;;
"10") step10;;
*) echo "wrong step"; exit;;
esac;

View File

@ -1,4 +1,4 @@
# WIFI SETTINGS
export WIFI_SSID="some-wifi-ssid";
export WIFI_PASS="some-wifi-password";
export WIFI_SSID="freeboxma";
export WIFI_PASS=" manon adrien ";

View File

@ -0,0 +1,3 @@
[Service]
ExecStart=
ExecStart=-/sbin/agetty --autologin sats --noclear I 38440 linux

View File

@ -0,0 +1,2 @@
ssh-key:x:555:pi,sats
sats:x:666:sats

View File

@ -0,0 +1 @@
sats:x:666:666:sats,,,:/home/sats:/bin/sh

View File

@ -0,0 +1,2 @@
pi:$6$k0vFWRoG$bEBdFcFBWw2fLEA.5LsVKOtLWdWSkZMnEikqOG4jHCneRrWEBnEt6.ROe60ggdA7DbdU.l2ZO35WFvi3q6Ays/:17130:0:99999:7:::
sats:$6$NvC.M5Yz$IRr1rOWhgSQNstmaZK9VLHJzqHebJaEBDaro8M6WyeWQjdLyas4cg5qDwziTVLBC9CI22sPGY.us8saZW0xMl0:17185:0:999999:7::

View File

@ -0,0 +1,2 @@
AllowGroups ssh-key
PasswordAuthentication no