diff options
Diffstat (limited to 'vps-builder.scm')
| -rw-r--r-- | vps-builder.scm | 68 |
1 files changed, 53 insertions, 15 deletions
diff --git a/vps-builder.scm b/vps-builder.scm index 7c4b60f..5a6dcdb 100644 --- a/vps-builder.scm +++ b/vps-builder.scm @@ -136,9 +136,17 @@ ;; a chroot (mount essential filesystems). (define (with-running-system root-dir thunk) (dynamic-wind - (lambda () (run* (chroot ,root-dir mount /proc))) + (lambda () + (run* (chroot ,root-dir mount /proc)) + ;; Don't run daemons in the chroot upon apt-get install + (install-file root-dir "assets/chroot-helpers/policy-rc.d" + "/usr/sbin/policy-rc.d" "root" "root" #o755) + (setenv "DEBIAN_FRONTEND" "noninteractive")) (lambda () (thunk)) - (lambda () (run* (chroot ,root-dir umount /proc))))) + (lambda () + (unsetenv "DEBIAN_FRONTEND") + (delete-file* (make-pathname root-dir "/usr/sbin/policy-rc.d")) + (run* (chroot ,root-dir umount /proc))))) (define (install-basic-system target-dir package-list) (let ((include (sprintf "--include=~A" @@ -166,7 +174,11 @@ (change-file-mode full-path mode))) (define (install-packages root-dir . packages) - (run* (chroot ,root-dir apt-get install -y ,@packages))) + (run* (chroot ,root-dir + apt-get install -y + -o Dpkg::Options=--force-confdef + -o Dpkg::Options=--force-confold + ,@packages))) (define (configure-basic-system root-dir) ;;;; Configure apt, FS and disable console bleeping (just in case) @@ -188,7 +200,12 @@ (define (update-packages root-dir) (run* (chroot ,root-dir apt-get update)) - (run* (chroot ,root-dir apt-get upgrade -y))) + (run* (chroot ,root-dir apt-get upgrade -y + -o Dpkg::Options=--force-confdef + -o Dpkg::Options=--force-confold)) + (run* (chroot ,root-dir apt-get autoremove -y)) + (run* (chroot ,root-dir apt-get clean)) + (run* (chroot ,root-dir apt-get autoclean))) (define (make-bootable root-dir) @@ -214,19 +231,37 @@ (install-file root-dir "assets/firewall/ferm.conf" "/etc/ferm/ferm.conf" "root" "adm" #o644)) + ;; No proper monitoring solution yet, but at least vnstat is useful + ;; for keeping an eye on traffic even if we don't automate it yet. + (define (setup-monitoring root-dir) + (install-packages root-dir "vnstat")) + + ;; Create a more convenient default environment. This is highly + ;; dependent on taste so you might want to change this. + (define (customize-environment root-dir) + (install-file root-dir "assets/zsh/zshrc" "/etc/skel/.zshrc" + "root" "root" #o644) + (install-file root-dir "assets/default/useradd" + "/etc/default/useradd" "root" "root" #o644) + (install-packages root-dir "zsh")) + + ;; Create user and copy matching users/*:* file to .ssh/authorized_keys (define (create-users root-dir) - (for-each (lambda (pubkey) - (let* ((fn (pathname-strip-directory pubkey ":")) - (user+cs-groups (string-split fn)) - (user (car user+cs-groups)) - (cs-groups (cadr user+cs-groups)) - (.ssh (make-pathname `("/" "home" ,user) ".ssh")) - (keys (make-pathname .ssh "authorized_keys"))) - (run* (chroot ,root-dir useradd -m -G ,cs-groups ,user)) - (install-directory root-dir .ssh user user #o700) - (install-file root-dir pubkey keys user user #o600))) - (glob "users/*:*"))) + (for-each + (lambda (pubkey) + (let* ((fn (pathname-strip-directory pubkey)) + (user+cs-groups (string-split fn ":")) + (user (car user+cs-groups)) + (cs-groups (cadr user+cs-groups)) + (~ (make-pathname `("/" "home") user)) + (~/.ssh (make-pathname ~ ".ssh"))) + (run* (chroot ,root-dir useradd -m -G ,cs-groups ,user)) + (install-directory root-dir ~/.ssh user user #o700) + (install-file root-dir pubkey + (make-pathname ~/.ssh "authorized_keys") + user user #o600))) + (glob "users/*:*"))) (define (build-image image-base-name size-in-gb) (let ((raw-image (make-pathname '() image-base-name ".raw")) @@ -254,6 +289,9 @@ (setup-firewall mountpoint) + (setup-monitoring mountpoint) + + (customize-environment mountpoint) (create-users mountpoint))))) (finalize-filesystem dev))) |