307 lines
8.7 KiB
Bash
Executable File
307 lines
8.7 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
[ ! -e ./tmp -o ! -d ./tmp ] && mkdir ./tmp;
|
|
[ ! -e ./server -o ! -d ./server ] && mkdir ./server;
|
|
[ ! -e ./server/maintenance -o ! -d ./server/maintenance ] && mkdir ./server/maintenance;
|
|
|
|
|
|
|
|
# [!] Check parameter : device file
|
|
#========================================================#
|
|
|
|
echo ">>> [!] Checking parameter : device";
|
|
# (1) Check parameter existence #
|
|
test $# -lt 1 && echo "Missing parameter : device" && exit;
|
|
|
|
# (2) Check USB and not a hard drive !!!!!!!!!! #
|
|
device_type=$(udevadm info --query=all -n $1 | grep -E "ID_BUS" | awk '{print $2}' | sed 's/ID_BUS=//');
|
|
|
|
test $device_type != "usb" && echo ">>> ERROR: device type is $device_type, \"usb\" expected." && exit;
|
|
|
|
echo "<<< done";
|
|
|
|
|
|
DEV="$1";
|
|
|
|
|
|
|
|
# [1] Init device layout (gpt table)
|
|
#========================================================#
|
|
step1(){
|
|
echo "\n>>> [1] Checking for mounted partitions ($DEV)";
|
|
|
|
# (1) List partitions of this device #
|
|
mounted_partitions=$( cat /proc/mounts | awk '{print $1}' | grep "$DEV" );
|
|
|
|
# if nothing found -> next step
|
|
test -z "$mounted_partitions" && echo "<<< done" && step2;
|
|
|
|
for mounted in $mounted_partitions; do
|
|
|
|
read -p " (!) umount $mounted (y/n) [n]" unmount;
|
|
|
|
test -n "$unmount" && test $unmount = "y" && sudo umount $mounted 2> /dev/null > /dev/null && echo " > unmounted";
|
|
done;
|
|
echo "<<< done";
|
|
|
|
step2;
|
|
}
|
|
|
|
|
|
|
|
|
|
# [2] Initialize GTP Table
|
|
#========================================================#
|
|
step2(){
|
|
echo "\n>>> [2] Formatting disk ($DEV)";
|
|
|
|
# (1) Confirmation #
|
|
read -p" (!) Erase the whole disk ? it is irreversible! (y/n) [n]" confirm_format;
|
|
test -z "$confirm_format" && echo "<<< aborting" && exit;
|
|
test $confirm_format != "y" && echo "<<< aborting" && exit;
|
|
|
|
# (2) Init gpt entry #
|
|
# echo " ))) replace by real code (((";
|
|
|
|
echo -e "g\nw" | sudo fdisk $DEV 2> /dev/null > /dev/null;
|
|
|
|
echo "<<< done";
|
|
|
|
step3;
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
# [3] Burn image to device
|
|
#========================================================#
|
|
step3(){
|
|
echo "\n>>> [3] Burning image into disk ($DEV)";
|
|
|
|
# (1) Confirmation #
|
|
read -p" (!) Burn the whole disk ? it is irreversible! (y/n) [n]" confirm_burn;
|
|
test -z "$confirm_burn" && echo "<<< aborting" && exit;
|
|
test $confirm_burn != "y" && echo "<<< aborting" && exit;
|
|
|
|
# (2) Burning image into disk #
|
|
sudo dd if=./original.img of=$DEV bs=4M status=progress || $( echo "<<< error: dd command failed" && exit );
|
|
|
|
echo "<<< done";
|
|
|
|
step4;
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# [4] Mount partition
|
|
#========================================================#
|
|
step4(){
|
|
echo "\n>>> [4] Mounting partition ${DEV}2";
|
|
|
|
# [1] Mount device partition
|
|
sudo mount ${DEV}2 /mnt || $( echo "<<< error: can't mount" && exit );
|
|
|
|
echo "<<< done";
|
|
|
|
step5;
|
|
}
|
|
|
|
|
|
|
|
# [5] Updating users
|
|
#========================================================#
|
|
step5(){
|
|
echo "\n>>> [5] Updating users";
|
|
|
|
echo " (.) Adding user sats-user";
|
|
# shadow
|
|
echo " /etc/shadow";
|
|
## TODO: Manage default password ##
|
|
echo "sats-user:$6$k0vFWRoG$bEBdFcFBWw2fLEA.5LsVKOtLWdWSkZMnEikqOG4jHCneRrWEBnEt6.ROe60ggdA7DbdU.l2ZO35WFvi3q6Ays/:17185:0:999999:7::" | sudo tee -a /mnt/etc/shadow > /dev/null;
|
|
echo "sats-user:$6$k0vFWRoG$bEBdFcFBWw2fLEA.5LsVKOtLWdWSkZMnEikqOG4jHCneRrWEBnEt6.ROe60ggdA7DbdU.l2ZO35WFvi3q6Ays/:17185:0:999999:7::" | sudo tee -a /mnt/etc/shadow- > /dev/null;
|
|
|
|
# passwd
|
|
echo " /etc/passwd";
|
|
echo "sats-user:x:666:666:sats-user,,,:/home/sats-user:/bin/sh" | sudo tee -a /mnt/etc/passwd > /dev/null;
|
|
echo "sats-user:x:666:666:sats-user,,,:/home/sats-user:/bin/sh" | sudo tee -a /mnt/etc/passwd- > /dev/null;
|
|
|
|
echo " (.) Removing pi's login password";
|
|
# create temp file without pi's password
|
|
#sudo cat /mnt/etc/shadow | sed 's/pi:[^:]\+:/pi:*:/' | sudo tee /mnt/etc/shadow.tmp > /dev/null;
|
|
# write original files
|
|
#sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow > /dev/null;
|
|
#sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow- > /dev/null;
|
|
# remove temporary file
|
|
#sudo rm /mnt/etc/shadow.tmp;
|
|
|
|
echo "<<< done";
|
|
|
|
step6;
|
|
}
|
|
|
|
|
|
# [6] Updating groups
|
|
#========================================================#
|
|
step6(){
|
|
echo "\n>>> [6] Updating groups";
|
|
|
|
echo " (.) Adding group ssh-key";
|
|
# group
|
|
echo " /etc/group";
|
|
echo "ssh-key:x:555:pi,sats-user" | sudo tee -a /mnt/etc/group > /dev/null;
|
|
echo "ssh-key:x:555:pi,sats-user" | sudo tee -a /mnt/etc/group- > /dev/null;
|
|
|
|
echo " (.) Adding group sats-user";
|
|
# group
|
|
echo " /etc/group";
|
|
echo "sats-user:x:666:sats-user" | sudo tee -a /mnt/etc/group > /dev/null;
|
|
echo "sats-user:x:666:sats-user" | sudo tee -a /mnt/etc/group- > /dev/null;
|
|
|
|
echo "<<< done":
|
|
|
|
step7;
|
|
}
|
|
|
|
|
|
|
|
|
|
# [7] Manage SSH keys #
|
|
#========================================================#
|
|
step7(){
|
|
echo "\n>>> [7] Manage ssh keys";
|
|
|
|
# (1) Create ssh key pair #
|
|
echo " (.) Create ssh key [ecdsa:521]";
|
|
ssh-keygen -t ecdsa -b 521 -C "[ECDSA:521] SATS" -f ./tmp/id_ecdsa -P "" 2> /dev/null > /dev/null;
|
|
|
|
# (2) Add public key to server's `authorized_keys` file #
|
|
echo " (.) Add public key to server's list";
|
|
test ! -e ./server/authorized_keys && touch ./server/authorized_keys;
|
|
cat ./tmp/id_ecdsa.pub >> ./server/authorized_keys;
|
|
|
|
# (3) Create ssh file system #
|
|
echo " (.) Init ssh folder (/home/sats-user/.ssh)";
|
|
sudo mkdir -p /mnt/home/sats-user/.ssh;
|
|
|
|
|
|
# (4) Add both keys to sats-user files #
|
|
echo " (.) Add keys to ssh folder";
|
|
sudo mv ./tmp/id_ecdsa /mnt/home/sats-user/.ssh/id_ecdsa;
|
|
sudo mv ./tmp/id_ecdsa.pub /mnt/home/sats-user/.ssh/id_ecdsa.pub;
|
|
|
|
|
|
# (5) Add maintenance keys #
|
|
echo " (.) Add maintenance keys'";
|
|
sudo touch /mnt/home/sats-user/.ssh/authorized_keys;
|
|
cat ./server/maintenance/*.pub | sudo tee /mnt/home/sats-user/.ssh/authorized_keys > /dev/null;
|
|
|
|
# (6) Set up permissions #
|
|
echo " (.) Set up permissions";
|
|
sudo chown -R 666:666 /mnt/home/sats-user/.ssh/;
|
|
sudo chmod 400 /mnt/home/sats-user/.ssh/*;
|
|
|
|
# (7) Restrict access to pubkey only (no password) #
|
|
echo " (.) Restrict access to pubkey";
|
|
echo "\nAllowGroups\tssh-key\nPasswordAuthentication\tno" | sudo tee -a /mnt/etc/ssh/ssh_config > /dev/null;
|
|
|
|
|
|
# (8) Set up automatic ssh server at start up #
|
|
echo " (.) Trigger ssh server on start up"
|
|
sudo touch /mnt/home/sats-user/.bashrc;
|
|
echo "sudo service ssh restart" | sudo tee -a /mnt/home/pi/.bashrc > /dev/null;
|
|
echo "sudo service ssh restart" | sudo tee -a /mnt/home/sats-user/.bashrc > /dev/null;
|
|
sudo chown 666:666 /mnt/home/sats-user/.bashrc;
|
|
sudo chmod 755 /mnt/home/sats-user/.bashrc;
|
|
|
|
|
|
echo "<<< done";
|
|
|
|
step8;
|
|
}
|
|
|
|
|
|
# [8] Set up sats-user automatic login
|
|
#========================================================#
|
|
step8(){
|
|
echo "\n>>> [8] Set up automatic login";
|
|
|
|
|
|
# (1) Copy default login systemd script #
|
|
echo " (.) Copy default getty systemd script";
|
|
sudo cp /mnt/lib/systemd/system/getty@.service /mnt/etc/systemd/system/autologin@.service;
|
|
sudo chmod 755 /mnt/etc/systemd/system/autologin@.service;
|
|
|
|
# (2) Create link in order to be handled #
|
|
echo " (.) Create script link to be handled";
|
|
test -e /mnt/etc/systemd/system/getty.target.wants/getty@tty1.service && sudo rm /mnt/etc/systemd/system/getty.target.wants/getty@tty1.service;
|
|
sudo ln -s /mnt/etc/systemd/system/autologin@.service /mnt/etc/systemd/system/getty.target.wants/getty@tty1.service;
|
|
|
|
# (3) Update autologin script #
|
|
echo " (.) Update script to autologin as 'sats-user'";
|
|
sudo cat /mnt/etc/systemd/system/autologin@.service | \
|
|
sed 's/^ExecStart=-\/sbin\/agetty --noclear/ExecStart=-\/sbin\/agetty --autologin sats-user/' | \
|
|
sed 's/^Restart=.\+$/Restart=no/' | \
|
|
sed 's/^Restart=.\+$/Restart=no/' | \
|
|
sed 's/^[Service]$/bla/' | \
|
|
sed 's/^\[Service\]$/\[Service\]\nAlias=getty.target.wants\/getty@tty1.service/' | \
|
|
tee tmp/autologin > /dev/null;
|
|
|
|
# (4) Updating file from tmp update #
|
|
echo " (.) Copying temporary update to real file";
|
|
cat tmp/autologin | sudo tee /mnt/etc/systemd/system/autologin@.service > /dev/null;
|
|
rm tmp/autologin;
|
|
|
|
echo "<<< done";
|
|
|
|
step9;
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
# [9] Manage Network config
|
|
#========================================================#
|
|
step9(){
|
|
echo "\n>>> [9] Set up WiFi configuration";
|
|
|
|
echo "network={\n\tssid=\"freeboxma\"\n\tpsk=\" manon adrien \"\n}" | sudo tee -a /mnt/etc/wpa_supplicant/wpa_supplicant.conf > /dev/null;
|
|
|
|
echo "<<< done";
|
|
|
|
step10;
|
|
}
|
|
|
|
|
|
|
|
# [0] Step choice
|
|
#========================================================#
|
|
echo "\nSTEPS";
|
|
echo "(1) Unmount mounted partitions";
|
|
echo "(2) Format disk (gpt table)";
|
|
echo "(3) Burn image into disk";
|
|
echo "(4) Mount / partition";
|
|
echo "(5) Update users";
|
|
echo "(6) Update groups";
|
|
echo "(7) Manage ssh keys";
|
|
echo "(8) Set up automatic sats-user login";
|
|
echo "(9) Set up WiFi config";
|
|
read -p "step: " step;
|
|
|
|
case $step in
|
|
"1") step1;;
|
|
"2") step2;;
|
|
"3") step3;;
|
|
"4") step4;;
|
|
"5") step5;;
|
|
"6") step6;;
|
|
"7") step7;;
|
|
"8") step8;;
|
|
"9") step9;;
|
|
*) echo "wrong step"; exit;;
|
|
esac;
|