4 files changed, 110 insertions, 15 deletions

diff --git a/assets/chroot-helpers/policy-rc.d b/assets/chroot-helpers/policy-rc.d
new file mode 100644
index 0000000..2e1cbf2
--- /dev/null
+++ b/assets/chroot-helpers/policy-rc.d
@@ -0,0 +1,5 @@
+#!/bin/sh
+#
+# From https://wiki.debian.org/chroot#Configuration
+# This prevents daemons from being started upon installation.
+exit 101
diff --git a/assets/default/useradd b/assets/default/useradd
new file mode 100644
index 0000000..93f6c59
--- /dev/null
+++ b/assets/default/useradd
@@ -0,0 +1,3 @@
+# Default values for useradd(8)
+#
+SHELL=/bin/zsh
diff --git a/assets/zsh/zshrc b/assets/zsh/zshrc
new file mode 100644
index 0000000..e012aac
--- /dev/null
+++ b/assets/zsh/zshrc
@@ -0,0 +1,49 @@
+# Set up the prompt
+
+# Don't use the themable prompt system (yet)
+#autoload -Uz promptinit
+#promptinit
+#prompt adam1
+#prompt walters
+
+# Left-hand prompt; user@machine$. Shows nonzero program exit codes in bold
+PROMPT='%n@%m%B%(?..(%?%))%b%# '
+
+# Prompt in right margin; The working directory, with a maximum of 3 elements
+RPROMPT=' %3~'
+
+setopt histignorealldups sharehistory autopushd hist_no_store
+
+# Use emacs keybindings even if our EDITOR is set to vi
+bindkey -e
+
+# Keep 1000 lines of history within the shell and DO NOT save it
+HISTSIZE=1000
+# Really, don't save!
+#HISTFILE=~/.zsh_history
+SAVEHIST=0
+
+# Use modern completion system
+autoload -Uz compinit
+compinit
+
+zstyle ':completion:*' auto-description 'specify: %d'
+zstyle ':completion:*' completer _expand _complete _correct _approximate
+#zstyle ':completion:*' format 'Completing %d'
+zstyle ':completion:*' group-name ''
+zstyle ':completion:*' menu select=2
+zstyle ':completion:*:default' list-colors ${(s.:.)LS_COLORS}
+zstyle ':completion:*' list-colors ''
+zstyle ':completion:*' list-prompt %SAt %p: Hit TAB for more, or the character to insert%s
+zstyle ':completion:*' matcher-list '' 'm:{a-z}={A-Z}' 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=* l:|=*'
+zstyle ':completion:*' menu select=long
+zstyle ':completion:*' select-prompt %SScrolling active: current selection at %p%s
+zstyle ':completion:*' use-compctl false
+zstyle ':completion:*' verbose true
+
+zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#)*=0=01;31'
+zstyle ':completion:*:kill:*' command 'ps -u $USER -o pid,%cpu,tty,cputime,cmd'
+
+# Enable dir colors
+eval "$(dircolors -b)"
+alias ls='ls --color=auto'
diff --git a/vps-builder.scm b/vps-builder.scm
index 7c4b60f..5a6dcdb 100644
--- a/vps-builder.scm
+++ b/vps-builder.scm
@@ -136,9 +136,17 @@
   ;; a chroot (mount essential filesystems).
   (define (with-running-system root-dir thunk)
     (dynamic-wind
-        (lambda () (run* (chroot ,root-dir mount /proc)))
+        (lambda ()
+          (run* (chroot ,root-dir mount /proc))
+          ;; Don't run daemons in the chroot upon apt-get install
+          (install-file root-dir "assets/chroot-helpers/policy-rc.d"
+                        "/usr/sbin/policy-rc.d" "root" "root" #o755)
+          (setenv "DEBIAN_FRONTEND" "noninteractive"))
         (lambda () (thunk))
-        (lambda () (run* (chroot ,root-dir umount /proc)))))
+        (lambda ()
+          (unsetenv "DEBIAN_FRONTEND")
+          (delete-file* (make-pathname root-dir "/usr/sbin/policy-rc.d"))
+          (run* (chroot ,root-dir umount /proc)))))
 
   (define (install-basic-system target-dir package-list)
     (let ((include (sprintf "--include=~A"
@@ -166,7 +174,11 @@
       (change-file-mode full-path mode)))
 
   (define (install-packages root-dir . packages)
-    (run* (chroot ,root-dir apt-get install -y ,@packages)))
+    (run* (chroot ,root-dir
+                  apt-get install -y
+                  -o Dpkg::Options=--force-confdef
+                  -o Dpkg::Options=--force-confold
+                  ,@packages)))
 
   (define (configure-basic-system root-dir)
     ;;;; Configure apt, FS and disable console bleeping (just in case)
@@ -188,7 +200,12 @@
 
   (define (update-packages root-dir)
     (run* (chroot ,root-dir apt-get update))
-    (run* (chroot ,root-dir apt-get upgrade -y)))
+    (run* (chroot ,root-dir apt-get upgrade -y
+                  -o Dpkg::Options=--force-confdef
+                  -o Dpkg::Options=--force-confold))
+    (run* (chroot ,root-dir apt-get autoremove -y))
+    (run* (chroot ,root-dir apt-get clean))
+    (run* (chroot ,root-dir apt-get autoclean)))
 
   (define (make-bootable root-dir)
 
@@ -214,19 +231,37 @@
     (install-file root-dir "assets/firewall/ferm.conf"
                   "/etc/ferm/ferm.conf" "root" "adm" #o644))
 
+  ;; No proper monitoring solution yet, but at least vnstat is useful
+  ;; for keeping an eye on traffic even if we don't automate it yet.
+  (define (setup-monitoring root-dir)
+    (install-packages root-dir "vnstat"))
+
+  ;; Create a more convenient default environment.  This is highly
+  ;; dependent on taste so you might want to change this.
+  (define (customize-environment root-dir)
+    (install-file root-dir "assets/zsh/zshrc" "/etc/skel/.zshrc"
+                  "root" "root" #o644)
+    (install-file root-dir "assets/default/useradd"
+                  "/etc/default/useradd" "root" "root" #o644)
+    (install-packages root-dir "zsh"))
+
+
   ;; Create user and copy matching users/*:* file to .ssh/authorized_keys
   (define (create-users root-dir)
-    (for-each (lambda (pubkey)
-                (let* ((fn (pathname-strip-directory pubkey ":"))
-                       (user+cs-groups (string-split fn))
-                       (user (car user+cs-groups))
-                       (cs-groups (cadr user+cs-groups))
-                       (.ssh (make-pathname `("/" "home" ,user) ".ssh"))
-                       (keys (make-pathname .ssh "authorized_keys")))
-                  (run* (chroot ,root-dir useradd -m -G ,cs-groups ,user))
-                  (install-directory root-dir .ssh user user #o700)
-                  (install-file root-dir pubkey keys user user #o600)))
-              (glob "users/*:*")))
+    (for-each
+     (lambda (pubkey)
+       (let* ((fn (pathname-strip-directory pubkey))
+              (user+cs-groups (string-split fn  ":"))
+              (user (car user+cs-groups))
+              (cs-groups (cadr user+cs-groups))
+              (~ (make-pathname `("/" "home") user))
+              (~/.ssh (make-pathname ~ ".ssh")))
+         (run* (chroot ,root-dir useradd -m -G ,cs-groups ,user))
+         (install-directory root-dir ~/.ssh user user #o700)
+         (install-file root-dir pubkey
+                       (make-pathname ~/.ssh "authorized_keys")
+                       user user #o600)))
+     (glob "users/*:*")))
 
   (define (build-image image-base-name size-in-gb)
     (let ((raw-image (make-pathname '() image-base-name ".raw"))
@@ -254,6 +289,9 @@
 
                (setup-firewall mountpoint)
 
+               (setup-monitoring mountpoint)
+
+               (customize-environment mountpoint)
                (create-users mountpoint)))))
 
          (finalize-filesystem dev)))