diff options
author | Peter Bex <peter@more-magic.net> | 2016-02-21 15:57:50 +0100 |
---|---|---|
committer | Peter Bex <peter@more-magic.net> | 2016-02-21 15:57:50 +0100 |
commit | c7c1112de63c1512fb90c97b2f228d9dfb5ff91f (patch) | |
tree | e6a1c80ae31f41b144daf6929e6ede7ec5349bef | |
parent | e0f806a2f44bc08ff8931f8e5dab09579850154d (diff) | |
download | vps-builder-c7c1112de63c1512fb90c97b2f228d9dfb5ff91f.tar.gz |
Make installation completely non-interactive, add environment config.
- Fix apt-get calls to avoid getting a prompt for "ferm" or other tools.
- Install zsh with zshrc into skel dir
- Temporarily put rc.d policy file in place to avoid starting daemons on install.
- Install vnstat to allow (manual) monitoring of network activity.
-rw-r--r-- | assets/chroot-helpers/policy-rc.d | 5 | ||||
-rw-r--r-- | assets/default/useradd | 3 | ||||
-rw-r--r-- | assets/zsh/zshrc | 49 | ||||
-rw-r--r-- | vps-builder.scm | 68 |
4 files changed, 110 insertions, 15 deletions
diff --git a/assets/chroot-helpers/policy-rc.d b/assets/chroot-helpers/policy-rc.d new file mode 100644 index 0000000..2e1cbf2 --- /dev/null +++ b/assets/chroot-helpers/policy-rc.d @@ -0,0 +1,5 @@ +#!/bin/sh +# +# From https://wiki.debian.org/chroot#Configuration +# This prevents daemons from being started upon installation. +exit 101 diff --git a/assets/default/useradd b/assets/default/useradd new file mode 100644 index 0000000..93f6c59 --- /dev/null +++ b/assets/default/useradd @@ -0,0 +1,3 @@ +# Default values for useradd(8) +# +SHELL=/bin/zsh diff --git a/assets/zsh/zshrc b/assets/zsh/zshrc new file mode 100644 index 0000000..e012aac --- /dev/null +++ b/assets/zsh/zshrc @@ -0,0 +1,49 @@ +# Set up the prompt + +# Don't use the themable prompt system (yet) +#autoload -Uz promptinit +#promptinit +#prompt adam1 +#prompt walters + +# Left-hand prompt; user@machine$. Shows nonzero program exit codes in bold +PROMPT='%n@%m%B%(?..(%?%))%b%# ' + +# Prompt in right margin; The working directory, with a maximum of 3 elements +RPROMPT=' %3~' + +setopt histignorealldups sharehistory autopushd hist_no_store + +# Use emacs keybindings even if our EDITOR is set to vi +bindkey -e + +# Keep 1000 lines of history within the shell and DO NOT save it +HISTSIZE=1000 +# Really, don't save! +#HISTFILE=~/.zsh_history +SAVEHIST=0 + +# Use modern completion system +autoload -Uz compinit +compinit + +zstyle ':completion:*' auto-description 'specify: %d' +zstyle ':completion:*' completer _expand _complete _correct _approximate +#zstyle ':completion:*' format 'Completing %d' +zstyle ':completion:*' group-name '' +zstyle ':completion:*' menu select=2 +zstyle ':completion:*:default' list-colors ${(s.:.)LS_COLORS} +zstyle ':completion:*' list-colors '' +zstyle ':completion:*' list-prompt %SAt %p: Hit TAB for more, or the character to insert%s +zstyle ':completion:*' matcher-list '' 'm:{a-z}={A-Z}' 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=* l:|=*' +zstyle ':completion:*' menu select=long +zstyle ':completion:*' select-prompt %SScrolling active: current selection at %p%s +zstyle ':completion:*' use-compctl false +zstyle ':completion:*' verbose true + +zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#)*=0=01;31' +zstyle ':completion:*:kill:*' command 'ps -u $USER -o pid,%cpu,tty,cputime,cmd' + +# Enable dir colors +eval "$(dircolors -b)" +alias ls='ls --color=auto' diff --git a/vps-builder.scm b/vps-builder.scm index 7c4b60f..5a6dcdb 100644 --- a/vps-builder.scm +++ b/vps-builder.scm @@ -136,9 +136,17 @@ ;; a chroot (mount essential filesystems). (define (with-running-system root-dir thunk) (dynamic-wind - (lambda () (run* (chroot ,root-dir mount /proc))) + (lambda () + (run* (chroot ,root-dir mount /proc)) + ;; Don't run daemons in the chroot upon apt-get install + (install-file root-dir "assets/chroot-helpers/policy-rc.d" + "/usr/sbin/policy-rc.d" "root" "root" #o755) + (setenv "DEBIAN_FRONTEND" "noninteractive")) (lambda () (thunk)) - (lambda () (run* (chroot ,root-dir umount /proc))))) + (lambda () + (unsetenv "DEBIAN_FRONTEND") + (delete-file* (make-pathname root-dir "/usr/sbin/policy-rc.d")) + (run* (chroot ,root-dir umount /proc))))) (define (install-basic-system target-dir package-list) (let ((include (sprintf "--include=~A" @@ -166,7 +174,11 @@ (change-file-mode full-path mode))) (define (install-packages root-dir . packages) - (run* (chroot ,root-dir apt-get install -y ,@packages))) + (run* (chroot ,root-dir + apt-get install -y + -o Dpkg::Options=--force-confdef + -o Dpkg::Options=--force-confold + ,@packages))) (define (configure-basic-system root-dir) ;;;; Configure apt, FS and disable console bleeping (just in case) @@ -188,7 +200,12 @@ (define (update-packages root-dir) (run* (chroot ,root-dir apt-get update)) - (run* (chroot ,root-dir apt-get upgrade -y))) + (run* (chroot ,root-dir apt-get upgrade -y + -o Dpkg::Options=--force-confdef + -o Dpkg::Options=--force-confold)) + (run* (chroot ,root-dir apt-get autoremove -y)) + (run* (chroot ,root-dir apt-get clean)) + (run* (chroot ,root-dir apt-get autoclean))) (define (make-bootable root-dir) @@ -214,19 +231,37 @@ (install-file root-dir "assets/firewall/ferm.conf" "/etc/ferm/ferm.conf" "root" "adm" #o644)) + ;; No proper monitoring solution yet, but at least vnstat is useful + ;; for keeping an eye on traffic even if we don't automate it yet. + (define (setup-monitoring root-dir) + (install-packages root-dir "vnstat")) + + ;; Create a more convenient default environment. This is highly + ;; dependent on taste so you might want to change this. + (define (customize-environment root-dir) + (install-file root-dir "assets/zsh/zshrc" "/etc/skel/.zshrc" + "root" "root" #o644) + (install-file root-dir "assets/default/useradd" + "/etc/default/useradd" "root" "root" #o644) + (install-packages root-dir "zsh")) + + ;; Create user and copy matching users/*:* file to .ssh/authorized_keys (define (create-users root-dir) - (for-each (lambda (pubkey) - (let* ((fn (pathname-strip-directory pubkey ":")) - (user+cs-groups (string-split fn)) - (user (car user+cs-groups)) - (cs-groups (cadr user+cs-groups)) - (.ssh (make-pathname `("/" "home" ,user) ".ssh")) - (keys (make-pathname .ssh "authorized_keys"))) - (run* (chroot ,root-dir useradd -m -G ,cs-groups ,user)) - (install-directory root-dir .ssh user user #o700) - (install-file root-dir pubkey keys user user #o600))) - (glob "users/*:*"))) + (for-each + (lambda (pubkey) + (let* ((fn (pathname-strip-directory pubkey)) + (user+cs-groups (string-split fn ":")) + (user (car user+cs-groups)) + (cs-groups (cadr user+cs-groups)) + (~ (make-pathname `("/" "home") user)) + (~/.ssh (make-pathname ~ ".ssh"))) + (run* (chroot ,root-dir useradd -m -G ,cs-groups ,user)) + (install-directory root-dir ~/.ssh user user #o700) + (install-file root-dir pubkey + (make-pathname ~/.ssh "authorized_keys") + user user #o600))) + (glob "users/*:*"))) (define (build-image image-base-name size-in-gb) (let ((raw-image (make-pathname '() image-base-name ".raw")) @@ -254,6 +289,9 @@ (setup-firewall mountpoint) + (setup-monitoring mountpoint) + + (customize-environment mountpoint) (create-users mountpoint))))) (finalize-filesystem dev))) |