From e0f806a2f44bc08ff8931f8e5dab09579850154d Mon Sep 17 00:00:00 2001 From: Peter Bex Date: Sun, 14 Feb 2016 19:16:04 +0100 Subject: First version of vps image builder. --- assets/boot/extlinux.conf | 5 +++++ assets/firewall/ferm.conf | 38 +++++++++++++++++++++++++++++++++ assets/fstab | 3 +++ assets/modprobe/blacklist.conf | 2 ++ assets/network/cloudstack-guest-setup | 30 ++++++++++++++++++++++++++ assets/network/interfaces | 18 ++++++++++++++++ assets/package-manager/apt/apt-settings | 4 ++++ 7 files changed, 100 insertions(+) create mode 100644 assets/boot/extlinux.conf create mode 100644 assets/firewall/ferm.conf create mode 100644 assets/fstab create mode 100644 assets/modprobe/blacklist.conf create mode 100644 assets/network/cloudstack-guest-setup create mode 100644 assets/network/interfaces create mode 100644 assets/package-manager/apt/apt-settings (limited to 'assets') diff --git a/assets/boot/extlinux.conf b/assets/boot/extlinux.conf new file mode 100644 index 0000000..c340924 --- /dev/null +++ b/assets/boot/extlinux.conf @@ -0,0 +1,5 @@ +default linux +timeout 1 +label linux +kernel {KERNEL} +append initrd={RAMDISK} root=/dev/vda1 console=tty0 console=ttyS0,115200 ro quiet \ No newline at end of file diff --git a/assets/firewall/ferm.conf b/assets/firewall/ferm.conf new file mode 100644 index 0000000..e9a1e88 --- /dev/null +++ b/assets/firewall/ferm.conf @@ -0,0 +1,38 @@ +# -*- shell-script -*- +# +# Configuration file for ferm(1). +# + +@def $PUBLIC_SERVICES=(ssh); +@def $BADGUYS=(); + +domain (ip ip6) table filter { + chain (INPUT OUTPUT FORWARD) { + # connection tracking + mod state state INVALID DROP; + mod state state (ESTABLISHED RELATED) ACCEPT; + } + + chain INPUT { + policy DROP; + + # drop blacklisted connections + saddr @ipfilter($BADGUYS) DROP; + + # allow local packet + interface lo ACCEPT; + + # respond to ping + proto icmp ACCEPT; + + proto tcp dport $PUBLIC_SERVICES ACCEPT; + } + + chain OUTPUT { + policy ACCEPT; + } + + chain FORWARD { + policy DROP; + } +} diff --git a/assets/fstab b/assets/fstab new file mode 100644 index 0000000..703881b --- /dev/null +++ b/assets/fstab @@ -0,0 +1,3 @@ +# /etc/fstab: static file system information. +proc /proc proc nodev,noexec,nosuid 0 0 +/dev/vda1 / ext3 errors=remount-ro 0 1 diff --git a/assets/modprobe/blacklist.conf b/assets/modprobe/blacklist.conf new file mode 100644 index 0000000..4a36d77 --- /dev/null +++ b/assets/modprobe/blacklist.conf @@ -0,0 +1,2 @@ +# disable pc speaker +blacklist pcspkr \ No newline at end of file diff --git a/assets/network/cloudstack-guest-setup b/assets/network/cloudstack-guest-setup new file mode 100644 index 0000000..3583afe --- /dev/null +++ b/assets/network/cloudstack-guest-setup @@ -0,0 +1,30 @@ +#!/bin/sh +# +# From https://github.com/shankerbalan/cloudstack-scripts +# Stripped out the non-Debian and Plesk stuff, the cron +# randomisation and the 127.0.1.1 removal in /etc/hosts. +# +# TODO: Rewrite in CHICKEN? +# +# /etc/dhcp/dhclient-exit-hooks.d/cloudstack-guest-setup (debian/ubuntu) +# runs on firstboot after acquiring DHCP lease + +if [ "$reason" != BOUND ] && [ "$reason" != RENEW ] && [ "$reason" != REBIND ] && [ "$reason" != REBOOT ]; then + return +fi + +# set hostname +logger -t "cloudstack" "Setting hostname to \"${new_host_name}\"" +hostname "$new_host_name" > /dev/null 2>&1 +echo "$new_host_name" > /etc/hostname + +# add hostname to /etc/hosts and remove previous localhost-style +sed -i "/127.0.0.1/a $new_ip_address $new_host_name.$new_domain_name $new_host_name" /etc/hosts > /dev/null 2>&1 + +# generate ssh host keys +logger -t "cloudstack" "Generating ssh host keys" +ssh-keygen -A && rm /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.pub +# remove self +rm /etc/dhcp/dhclient-exit-hooks.d/cloudstack-guest-setup > /dev/null 2>&1 + +exit 0 diff --git a/assets/network/interfaces b/assets/network/interfaces new file mode 100644 index 0000000..b40848c --- /dev/null +++ b/assets/network/interfaces @@ -0,0 +1,18 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +# The loopback network interface +auto lo +iface lo inet loopback + +# The normal eth0 +auto eth0 +iface eth0 inet dhcp + +# Maybe the VM has 2 NICs? +allow-hotplug eth1 +iface eth1 inet dhcp + +# Maybe the VM has 3 NICs? +allow-hotplug eth2 +iface eth2 inet dhcp diff --git a/assets/package-manager/apt/apt-settings b/assets/package-manager/apt/apt-settings new file mode 100644 index 0000000..32ee0c8 --- /dev/null +++ b/assets/package-manager/apt/apt-settings @@ -0,0 +1,4 @@ +// Avoid installing unnecessary packages, to keep a lean system. +// This is installed into /etc/apt/apt.conf.d/90custom-config +APT::Install-Recommends "0"; +APT::Install-Suggests "0"; -- cgit v1.2.3