From 88c8dc7faa357427b5c170312768d1e6c3f4d923 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Sat, 19 Apr 2025 15:31:57 +0200 Subject: [PATCH] Fixes. --- bookworm/copy/all/etc/hosts | 13 ++++++ bookworm/preseed.cfg | 29 ++----------- bookworm/scripts/lib/determine_ip | 25 ----------- bookworm/scripts/setup_server.sh | 72 +++++++++++++++++++++---------- testing/scripts/setup_desktop.sh | 15 +++---- 5 files changed, 73 insertions(+), 81 deletions(-) create mode 100644 bookworm/copy/all/etc/hosts delete mode 100644 bookworm/scripts/lib/determine_ip diff --git a/bookworm/copy/all/etc/hosts b/bookworm/copy/all/etc/hosts new file mode 100644 index 0000000..8937d24 --- /dev/null +++ b/bookworm/copy/all/etc/hosts @@ -0,0 +1,13 @@ +# any loopback address imaginable under the sun +127.0.0.1 localhost localhost.local localhost.localdomain +::1 localhost localhost.local localhost.localdomain ip6-localhost ip6-localhost.local ip6-localhost.localdomain ip6-loopback ip6-loopback.local ip6-loopback.localdomain + +# Debian wants this for some cases where software wants a non-loopback address +# but we still don't want to rely on external DNS +# (NB: replacement scripts may, for desktop systems without FQDN, before +# actually replacing REPLACE_WITH_HOSTNAME, replace "REPLACE_WITH FQDN" with +# "REPLACE_WITH_HOSTNAME.local REPLACE_WITH_HOSTNAME.localdomain") +127.0.1.1 REPLACE_WITH_FQDN REPLACE_WITH_HOSTNAME + +# If we *do* have an external FQDN … +#REPLACE_WITH_EXTERNAL_IP REPLACE_WITH_FQDN REPLACE_WITH_HOSTNAME diff --git a/bookworm/preseed.cfg b/bookworm/preseed.cfg index 3690092..6b1938d 100644 --- a/bookworm/preseed.cfg +++ b/bookworm/preseed.cfg @@ -37,9 +37,8 @@ user-setup-udeb passwd/make-user boolean false # "Partition disks":"Partitioning method:"/"Guided - use entire disk and set up encrypted LVM" d-i partman-auto/init_automatically_partition select 70some_device_crypto__________crypto # "Partition disks":"Select disk to partition:"/"/dev/nvme0n1 - 512.1 GB SAMSUNG MZVLB512HBJQ-000L7" -#d-i partman-auto/select_disk select /dev/nvme0n1 -d-i partman-auto/disk string /dev/nvme0n1p3 -#d-i partman-auto/select_disk select /var/lib/partman/devices/=dev=nvme0n1 +#d-i partman-auto/disk string /dev/nvme0n1p3 +#d-i partman-auto/select_disk select /var/lib/partman/devices/=dev=nvme0n1 # "Partition disks":"Partitioning scheme:"/"All files in one partition (recommended for new users)" d-i partman-auto/expert_recipe string custom-crypto :: \ 538 538 1075 free \ @@ -78,31 +77,9 @@ d-i partman-auto-crypto/erase_disks boolean false d-i partman-auto-lvm/new_vg_name string plomvg # "Partition disks"/"Amount of volume group to use for guided partitioning:" d-i partman-auto-lvm/guided_size string max -# "Partition disks"/"Configure the logical volume manager" -# "Partition disks"/"Write the changes to disks and configure LVM?" -# "Partition disks"/"LVM configuration action:"/"Delete logical volume" -# "Partition disks"/"Please select the logical volume to delete."/"Logical volume:"/"root" -# "Partition disks"/"LVM configuration action:"/"Delete logical volume" -# "Partition disks"/"Please select the logical volume to delete."/"Logical volume:"/"swap_1" -# "Partition disks"/"LVM configuration action:"/"Create logical volume" -# "Partition disks"/"Please select the volume group where the new logical volume should be created."/"Volume group:" -# "Partition disks"/"Please enter the name you would like to use for the new logical volume."/"Logical volume name:"/"swap" -# "Partition disks"/"Please enter the size …"/"Logical volume size:"/"48G" -# "Partition disks"/"LVM configuration action:"/"Create logical volume" -# "Partition disks"/"Please select the volume group where the new logical volume should be created."/"Volume group:" -# "Partition disks"/"Please enter the name you would like to use for the new logical volume."/"Logical volume name:"/"root" -# "Partition disks"/"Please enter the size …"/"Logical volume size:"/"463042MB" -# "Partition disks"/"LVM configuration action:"/"Finish" -# "Partition disks"/"You are editing partition #1 of …"/"Partition settings:"/"Use as" -# "Partition disks"/"How to use this partition:"/"Ext4 journaling file system" -# "Partition disks"/"You are editing partition #1 of …"/"Partition settings:"/"Mount point" -# "Partition disks"/"Mount point for this partition:"/"/ - the root file system" -# "Partition disks"/"You are editing partition #1 of …"/"Partition settings:"/"Done setting up the partition" -# "Partition disks"/"You are editing partition #1 of …"/"Partition settings:"/"Use as" -# "Partition disks"/"How to use this partition:"/"swap area" -# "Partition disks"/"You are editing partition #1 of …"/"Partition settings:"/"Done setting up the partition" # "Partition disks"/"Finish partitioning and write changes to disk" # "Partition disks"/"Write the changes to disks?" +d-i partman/confirm boolean true # "Install the base system" d-i base-installer/kernel/image string linux-image-amd64 diff --git a/bookworm/scripts/lib/determine_ip b/bookworm/scripts/lib/determine_ip deleted file mode 100644 index 0fd0f09..0000000 --- a/bookworm/scripts/lib/determine_ip +++ /dev/null @@ -1,25 +0,0 @@ -determine_ip() { - FINAL_IP="127.0.1.1" - for IP in $(hostname -I); do - if [ $(echo "${IP}" | grep ':' | wc -l) -eq 1 ]; then - continue - fi - RANGE_1=$(echo "${IP}" | cut -d "." -f 1) - RANGE_2=$(echo "${IP}" | cut -d "." -f 2) - if [ "${RANGE_1}" -eq 127 ]; then - continue - elif [ "${RANGE_1}" -eq 10 ]; then - continue - elif [ "${RANGE_1}" -eq 172 ]; then - if [ "${RANGE_2}" -ge 16 ] && [ "${RANGE_2}" -le 31 ]; then - continue - fi - elif [ "${RANGE_1}" -eq 192 ]; then - if [ "${RANGE_2}" -eq 168 ]; then - continue - fi - fi - FINAL_IP="${IP}" - done - printf "${FINAL_IP}" -} diff --git a/bookworm/scripts/setup_server.sh b/bookworm/scripts/setup_server.sh index 50a9ccd..2d4d90d 100755 --- a/bookworm/scripts/setup_server.sh +++ b/bookworm/scripts/setup_server.sh @@ -4,7 +4,6 @@ cd $(dirname "$0") . lib/constants_etc # PATH_ETC . lib/constants_ssh # PATH_REL_SSH, PATH_USER_SSH . lib/copy_dirtrees_of_tags -. lib/determine_ip . lib/expect_n_args . lib/init_packages . lib/path_tmp_timestamped @@ -13,19 +12,33 @@ cd $(dirname "$0") INSTALL_TAGS='all server caddy' -expect_n_args 3 3 'HOSTNAME, FQDN, WEB_PASSWORD' $@ -HOSTNAME="$1" -FQDN="$2" -WEB_PASSWORD="$3" +expect_n_args 2 3 'CADDY_PASSWORD, HOSTNAME, [FQDN]' $@ +CADDY_PASSWORD="$1" +HOSTNAME="$2" +FQDN="$3" PATH_HOSTS="${PATH_ETC}/hosts" PATH_BORG_HOME=/home/borg PATH_CADDYFILE="${PATH_ETC}/caddy/Caddyfile" PATH_CADDY_REPO='https://dl.cloudsmith.io/public/caddy/stable' -echo '\nPreparing caddy install.' +echo -n 'Determining IP …' +EXTERNAL_IP=$(hostname -I | cut -d' ' -f1) +echo " it's: ${EXTERNAP_IP}" + +if [ ! -z "FQDN" ]; then + echo "Ensuring provided FQDN ${FQDN} maps to it …" + IP_BY_DNS=$(getent ahostsv4 | head -1 | cut -d' ' -f1) + if [ ! "${IP_BY_DNS}" = "${EXTERNAL_IP}" ]; then + echo "" + abort "DNS mapping provided FQDN '${FQDN}' to ${IP_BY_DNS} rather than this system's external IP ${EXTERNAL_IP}." + fi +fi + +echo 'Ensure we have curl (for caddy installation preparation) …' apt-get -y install curl > /dev/null PATH_CURL_ERROR="$(path_tmp_timestamped curl_error)" +echo 'Retrieve caddy repo key …' set +e curl -1Lf "${PATH_CADDY_REPO}/gpg.key" 2> "${PATH_CURL_ERROR}" | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg RESULT="$?" @@ -34,41 +47,56 @@ if [ "${RESULT}" != '0' ]; then cat "${PATH_CURL_ERROR}" exit 1 fi -curl -1LfsS "${PATH_CADDY_REPO}/debian.deb.txt" > /etc/apt/sources.list.d/caddy-stable.list +PATH_APT_CADDY_REPO='/etc/apt/sources.list.d/caddy-stable.list' +echo "Adding caddy repo to ${PATH_APT_CADDY_REPO} …" +curl -1LfsS "${PATH_CADDY_REPO}/debian.deb.txt" > "${PATH_APT_CADDY_REPO}" init_packages "${INSTALL_TAGS}" +setup_user -echo '\nSetting hostname and FQDN.' +echo '\nCopying over files, directories …' +copy_dirtrees_of_tags ${INSTALL_TAGS} + +echo 'Setting hostname …' echo "${HOSTNAME}" > "${PATH_ETC}/hostname" hostname "${HOSTNAME}" -echo '127.0.0.1 localhost.localdomain localhost' > "${PATH_HOSTS}" -echo "$(determine_ip) ${FQDN} ${HOSTNAME}" >> "${PATH_HOSTS}" - -setup_user -echo '\nCopying over files, directories.' -copy_dirtrees_of_tags ${INSTALL_TAGS} +echo "Adapting ${PATH_HOSTS} …" +sed -i 's/REPLACE_WITH_HOSTNAME/'"${HOSTNAME}"'/g' "${PATH_HOSTS}" +sed -i 's/REPLACE_WITH_FQDN/'"${FQDN}"'/g' "${PATH_HOSTS}" +if [ ! -z "${FQDN}" ]; then + sed -i "s/#REPLACE_WITH_EXTERNAL_IP/${EXTERNAL_IP}/g" "${PATH_HOSTS}" +fi -echo '\nSyncing clock.' +echo 'Syncing clock …' ntpdate-debian -echo '\nMoving SSH data from root to user.' +echo 'Moving SSH data from root to user …' mkdir -p "${PATH_USER_SSH}" mv "/root/${PATH_REL_SSH}/authorized_keys" "${PATH_USER_SSH}/" chown -R "${USERNAME}:${USERNAME}" "${PATH_USER_SSH}" -echo '\nSetting up minimal borg user.' +echo '\nSetting up minimal borg user …' adduser --system --home "${PATH_BORG_HOME}" --shell /bin/sh borg cp -a "${PATH_USER_SSH}" "${PATH_BORG_HOME}/" chown -R borg:nogroup "${PATH_BORG_HOME}/${PATH_REL_SSH}" -echo '\nEnabling the firewall.' +echo 'Enabling firewall …' systemctl enable --now nftables -echo "Adapting caddy's config and reloading it …" -HASH=$(caddy hash-password --plaintext "${WEB_PASSWORD}") -sed -i 's/REPLACE_WITH_HASH/'"${HASH}"'/g' "${PATH_CADDYFILE}" -sed -i 's/REPLACE_WITH_FQDN/'"${FQDN}"'/g' "${PATH_CADDYFILE}" +echo "Creating web-accessible directories …" mkdir -p /var/www/dump/private /var/www/dump/public + +echo "Adapting ${PATH_CADDYFILE} …" +CADDY_PW_HASH=$(caddy hash-password --plaintext "${CADDY_PASSWORD}") +if [ -z "${FQDN}" ]; then + ADDRESS_TO_CADDY="${EXTERNAL_IP}" +else + ADDRESS_TO_CADDY="${FQDN}" +fi +sed -i 's/REPLACE_WITH_HASH/'"${CADDY_PW_HASH}"'/g' "${PATH_CADDYFILE}" +sed -i 's/REPLACE_WITH_FQDN/'"${ADDRESS_TO_CADDY}"'/g' "${PATH_CADDYFILE}" + +echo "Restarting caddy …" systemctl reload caddy put_finished_marker 'setup_server' diff --git a/testing/scripts/setup_desktop.sh b/testing/scripts/setup_desktop.sh index e4f1c49..e1ad5c8 100755 --- a/testing/scripts/setup_desktop.sh +++ b/testing/scripts/setup_desktop.sh @@ -6,7 +6,6 @@ cd $(dirname "$0") . lib/constants_etc # PATH_ETC . lib/constants_user # USERNAME . lib/copy_dirtrees_of_tags -. lib/determine_ip . lib/expect_n_args . lib/init_packages . lib/put_finished_marker @@ -83,8 +82,9 @@ cp "${PATH_COPY_TAG_ALL}${PATH_ETC_APT_CONF}/99_minimize_dependencies" "${PATH_E upgrade_from_older_release init_packages "${INSTALL_TAGS}" +setup_user -# NB: This needs to come before steps potentially overwriting /etc/network/interfaces. +# NB: This *needs* to come before steps potentially overwriting /etc/network/interfaces. if [ "$(nmcli -f TYPE conn | grep 'wifi' | wc -l)" = "0" ]; then echo "\nChecking for existing wifi config in ${PATH_NETWORK_INTERFACES}." adopt_wifi_connection @@ -92,15 +92,14 @@ else echo "\nAlready know wifi connection, nothing to add." fi +echo '\nCopying over files, directories.' +copy_dirtrees_of_tags ${INSTALL_TAGS} + echo "\nSetting hostname and FQDN." echo "${SYSTEM_NAME}" > "${PATH_ETC}/hostname" hostname "${SYSTEM_NAME}" -echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts -echo "$(determine_ip) ${SYSTEM_NAME}" >> /etc/hosts - -setup_user -echo '\nCopying over files, directories.' -copy_dirtrees_of_tags ${INSTALL_TAGS} +sed -i 's/REPLACE_WITH_FQDN/REPLACE_WITH_HOSTNAME.local REPLACE_WITH_HOSTNAME.localdomain/g' "${PATH_HOSTS}" +sed -i 's/REPLACE_WITH_HOSTNAME/'"${SYSTEM_NAME}"'/g' "${PATH_HOSTS}" echo "\nEnsuring our desired locale is available." locale-gen -- 2.30.2