summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--assets/chroot-helpers/policy-rc.d5
-rw-r--r--assets/default/useradd3
-rw-r--r--assets/zsh/zshrc49
-rw-r--r--vps-builder.scm68
4 files changed, 110 insertions, 15 deletions
diff --git a/assets/chroot-helpers/policy-rc.d b/assets/chroot-helpers/policy-rc.d
new file mode 100644
index 0000000..2e1cbf2
--- /dev/null
+++ b/assets/chroot-helpers/policy-rc.d
@@ -0,0 +1,5 @@
+#!/bin/sh
+#
+# From https://wiki.debian.org/chroot#Configuration
+# This prevents daemons from being started upon installation.
+exit 101
diff --git a/assets/default/useradd b/assets/default/useradd
new file mode 100644
index 0000000..93f6c59
--- /dev/null
+++ b/assets/default/useradd
@@ -0,0 +1,3 @@
+# Default values for useradd(8)
+#
+SHELL=/bin/zsh
diff --git a/assets/zsh/zshrc b/assets/zsh/zshrc
new file mode 100644
index 0000000..e012aac
--- /dev/null
+++ b/assets/zsh/zshrc
@@ -0,0 +1,49 @@
+# Set up the prompt
+
+# Don't use the themable prompt system (yet)
+#autoload -Uz promptinit
+#promptinit
+#prompt adam1
+#prompt walters
+
+# Left-hand prompt; user@machine$. Shows nonzero program exit codes in bold
+PROMPT='%n@%m%B%(?..(%?%))%b%# '
+
+# Prompt in right margin; The working directory, with a maximum of 3 elements
+RPROMPT=' %3~'
+
+setopt histignorealldups sharehistory autopushd hist_no_store
+
+# Use emacs keybindings even if our EDITOR is set to vi
+bindkey -e
+
+# Keep 1000 lines of history within the shell and DO NOT save it
+HISTSIZE=1000
+# Really, don't save!
+#HISTFILE=~/.zsh_history
+SAVEHIST=0
+
+# Use modern completion system
+autoload -Uz compinit
+compinit
+
+zstyle ':completion:*' auto-description 'specify: %d'
+zstyle ':completion:*' completer _expand _complete _correct _approximate
+#zstyle ':completion:*' format 'Completing %d'
+zstyle ':completion:*' group-name ''
+zstyle ':completion:*' menu select=2
+zstyle ':completion:*:default' list-colors ${(s.:.)LS_COLORS}
+zstyle ':completion:*' list-colors ''
+zstyle ':completion:*' list-prompt %SAt %p: Hit TAB for more, or the character to insert%s
+zstyle ':completion:*' matcher-list '' 'm:{a-z}={A-Z}' 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=* l:|=*'
+zstyle ':completion:*' menu select=long
+zstyle ':completion:*' select-prompt %SScrolling active: current selection at %p%s
+zstyle ':completion:*' use-compctl false
+zstyle ':completion:*' verbose true
+
+zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#)*=0=01;31'
+zstyle ':completion:*:kill:*' command 'ps -u $USER -o pid,%cpu,tty,cputime,cmd'
+
+# Enable dir colors
+eval "$(dircolors -b)"
+alias ls='ls --color=auto'
diff --git a/vps-builder.scm b/vps-builder.scm
index 7c4b60f..5a6dcdb 100644
--- a/vps-builder.scm
+++ b/vps-builder.scm
@@ -136,9 +136,17 @@
;; a chroot (mount essential filesystems).
(define (with-running-system root-dir thunk)
(dynamic-wind
- (lambda () (run* (chroot ,root-dir mount /proc)))
+ (lambda ()
+ (run* (chroot ,root-dir mount /proc))
+ ;; Don't run daemons in the chroot upon apt-get install
+ (install-file root-dir "assets/chroot-helpers/policy-rc.d"
+ "/usr/sbin/policy-rc.d" "root" "root" #o755)
+ (setenv "DEBIAN_FRONTEND" "noninteractive"))
(lambda () (thunk))
- (lambda () (run* (chroot ,root-dir umount /proc)))))
+ (lambda ()
+ (unsetenv "DEBIAN_FRONTEND")
+ (delete-file* (make-pathname root-dir "/usr/sbin/policy-rc.d"))
+ (run* (chroot ,root-dir umount /proc)))))
(define (install-basic-system target-dir package-list)
(let ((include (sprintf "--include=~A"
@@ -166,7 +174,11 @@
(change-file-mode full-path mode)))
(define (install-packages root-dir . packages)
- (run* (chroot ,root-dir apt-get install -y ,@packages)))
+ (run* (chroot ,root-dir
+ apt-get install -y
+ -o Dpkg::Options=--force-confdef
+ -o Dpkg::Options=--force-confold
+ ,@packages)))
(define (configure-basic-system root-dir)
;;;; Configure apt, FS and disable console bleeping (just in case)
@@ -188,7 +200,12 @@
(define (update-packages root-dir)
(run* (chroot ,root-dir apt-get update))
- (run* (chroot ,root-dir apt-get upgrade -y)))
+ (run* (chroot ,root-dir apt-get upgrade -y
+ -o Dpkg::Options=--force-confdef
+ -o Dpkg::Options=--force-confold))
+ (run* (chroot ,root-dir apt-get autoremove -y))
+ (run* (chroot ,root-dir apt-get clean))
+ (run* (chroot ,root-dir apt-get autoclean)))
(define (make-bootable root-dir)
@@ -214,19 +231,37 @@
(install-file root-dir "assets/firewall/ferm.conf"
"/etc/ferm/ferm.conf" "root" "adm" #o644))
+ ;; No proper monitoring solution yet, but at least vnstat is useful
+ ;; for keeping an eye on traffic even if we don't automate it yet.
+ (define (setup-monitoring root-dir)
+ (install-packages root-dir "vnstat"))
+
+ ;; Create a more convenient default environment. This is highly
+ ;; dependent on taste so you might want to change this.
+ (define (customize-environment root-dir)
+ (install-file root-dir "assets/zsh/zshrc" "/etc/skel/.zshrc"
+ "root" "root" #o644)
+ (install-file root-dir "assets/default/useradd"
+ "/etc/default/useradd" "root" "root" #o644)
+ (install-packages root-dir "zsh"))
+
+
;; Create user and copy matching users/*:* file to .ssh/authorized_keys
(define (create-users root-dir)
- (for-each (lambda (pubkey)
- (let* ((fn (pathname-strip-directory pubkey ":"))
- (user+cs-groups (string-split fn))
- (user (car user+cs-groups))
- (cs-groups (cadr user+cs-groups))
- (.ssh (make-pathname `("/" "home" ,user) ".ssh"))
- (keys (make-pathname .ssh "authorized_keys")))
- (run* (chroot ,root-dir useradd -m -G ,cs-groups ,user))
- (install-directory root-dir .ssh user user #o700)
- (install-file root-dir pubkey keys user user #o600)))
- (glob "users/*:*")))
+ (for-each
+ (lambda (pubkey)
+ (let* ((fn (pathname-strip-directory pubkey))
+ (user+cs-groups (string-split fn ":"))
+ (user (car user+cs-groups))
+ (cs-groups (cadr user+cs-groups))
+ (~ (make-pathname `("/" "home") user))
+ (~/.ssh (make-pathname ~ ".ssh")))
+ (run* (chroot ,root-dir useradd -m -G ,cs-groups ,user))
+ (install-directory root-dir ~/.ssh user user #o700)
+ (install-file root-dir pubkey
+ (make-pathname ~/.ssh "authorized_keys")
+ user user #o600)))
+ (glob "users/*:*")))
(define (build-image image-base-name size-in-gb)
(let ((raw-image (make-pathname '() image-base-name ".raw"))
@@ -254,6 +289,9 @@
(setup-firewall mountpoint)
+ (setup-monitoring mountpoint)
+
+ (customize-environment mountpoint)
(create-users mountpoint)))))
(finalize-filesystem dev)))