From: Christian Heller <c.heller@plomlompom.de>
Date: Wed, 25 Sep 2024 04:22:02 +0000 (+0200)
Subject: Various fixes.
X-Git-Url: https://plomlompom.com/repos/%7B%7Bprefix%7D%7D/static/%7B%7Bdb.prefix%7D%7D/index.html?a=commitdiff_plain;h=96232db450bb7bad167361abc461516b048edf66;p=config

Various fixes.
---

diff --git a/bookworm/setup_scripts/copy_dirtree.sh b/bookworm/setup_scripts/copy_dirtree.sh
index 387ba39..fbc3d9d 100755
--- a/bookworm/setup_scripts/copy_dirtree.sh
+++ b/bookworm/setup_scripts/copy_dirtree.sh
@@ -9,7 +9,7 @@
 # CAUTION: This removes original files at the affected paths.
 set -e
 . ./misc.sh
-. ./../misc.sh
+. ../../misc.sh
 
 expect_n_args 3 "(source root, target root, modules)" "$@"
 
diff --git a/bookworm/setup_scripts/migrate_borg.sh b/bookworm/setup_scripts/migrate_borg.sh
index 65ae67d..b08cf2d 100755
--- a/bookworm/setup_scripts/migrate_borg.sh
+++ b/bookworm/setup_scripts/migrate_borg.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 set -e
 . ./misc.sh
-. ./../misc.sh
+. ../../misc.sh
 
 expect_n_args 1 "(old server IP)" "$@"
 old_server="$1"
diff --git a/bookworm/setup_scripts/mirror_dir.sh b/bookworm/setup_scripts/mirror_dir.sh
index aef69f1..d650165 100755
--- a/bookworm/setup_scripts/mirror_dir.sh
+++ b/bookworm/setup_scripts/mirror_dir.sh
@@ -2,7 +2,7 @@
 # Mirror directory tree from remote to local server, keeping the path.
 set -e
 . ./misc.sh
-. ./../misc.sh
+. ../../misc.sh
 
 expect_n_args 2 "(server, directory)" "$@"
 server=$1
diff --git a/bookworm/setup_scripts/prepare_to_meet_server.sh b/bookworm/setup_scripts/prepare_to_meet_server.sh
index 5f55362..8e54ca5 100755
--- a/bookworm/setup_scripts/prepare_to_meet_server.sh
+++ b/bookworm/setup_scripts/prepare_to_meet_server.sh
@@ -2,7 +2,7 @@
 # Do some of the steps necessary to SSH (key-based) with another server.
 set -e
 . ./misc.sh
-. ./../misc.sh
+. ../../misc.sh
 
 expect_n_args 1 "(server IP)" "$@"
 target="$1"
diff --git a/bookworm/setup_scripts/set_hostname_and_fqdn.sh b/bookworm/setup_scripts/set_hostname_and_fqdn.sh
index bcf3d9d..929d8bc 100755
--- a/bookworm/setup_scripts/set_hostname_and_fqdn.sh
+++ b/bookworm/setup_scripts/set_hostname_and_fqdn.sh
@@ -14,7 +14,7 @@
 # Ignores IPv6s.
 set -e
 . ./misc.sh
-. ./../misc.sh
+. ../../misc.sh
 
 expect_n_args 1 "(hostname, fqdn)" "$@"
 
diff --git a/bookworm/setup_scripts/setup_desktop.sh b/bookworm/setup_scripts/setup_desktop.sh
index 2eb19b3..fe11b83 100755
--- a/bookworm/setup_scripts/setup_desktop.sh
+++ b/bookworm/setup_scripts/setup_desktop.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 set -e
 . ./misc.sh
-. ./../misc.sh
+. ../../misc.sh
 
 expect_n_args 1 "(system name)" "$@"
 get_system_name_arg "$1"
diff --git a/bookworm/setup_scripts/setup_home.sh b/bookworm/setup_scripts/setup_home.sh
index a065bd4..54f0db1 100755
--- a/bookworm/setup_scripts/setup_home.sh
+++ b/bookworm/setup_scripts/setup_home.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 set -e
 . ./misc.sh
-. ./../misc.sh
+. ../../misc.sh
 
 expect_n_args 1 "(system name)" "$@"
 get_system_name_arg "$1"
diff --git a/bookworm/setup_scripts/setup_server.sh b/bookworm/setup_scripts/setup_server.sh
index 93bfa1c..c854b95 100755
--- a/bookworm/setup_scripts/setup_server.sh
+++ b/bookworm/setup_scripts/setup_server.sh
@@ -3,7 +3,7 @@
 # the outside via ./init_user_login.sh or ./init_user_and_keybased_login.sh
 set -e
 . ./misc.sh
-. ./../misc.sh
+. ../../misc.sh
 
 expect_n_args 2 "(hostname, FQDN)" "$@"
 hostname="$1"
diff --git a/bookworm/setup_scripts/setup_web.sh b/bookworm/setup_scripts/setup_web.sh
index d7c651f..4807e8a 100755
--- a/bookworm/setup_scripts/setup_web.sh
+++ b/bookworm/setup_scripts/setup_web.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 set -e
 . ./misc.sh
-. ./../misc.sh
+. ../../misc.sh
 
 expect_setup_finished_file setup_server_has_been_run setup_server.sh
 
diff --git a/bookworm/setup_scripts/upgrade_from_bullseye.sh b/bookworm/setup_scripts/upgrade_from_bullseye.sh
index 6db4f2e..ed246e1 100755
--- a/bookworm/setup_scripts/upgrade_from_bullseye.sh
+++ b/bookworm/setup_scripts/upgrade_from_bullseye.sh
@@ -1,11 +1,15 @@
 #!/bin/sh
 
-# as per https://wiki.debian.org/DebianUpgrade
+# Upgrade a fresh (!) system to Bookworm, as per [1]. Fresh, because: Don't
+# expect any customized config files to survive this. If you run this on a
+# remote machine, take care not to loose anything you need to re-connect, e.g.
+# any relevant adaptations you did to /etc/ssh/sshd_config …
+
 set -e
 . ./misc.sh
 apt update
-apt -y -o Dpkg::Options::="--force-confnew" upgrade
-apt -y full-upgrade
+apt -y upgrade
+apt -y -o Dpkg::Options::="--force-confnew" full-upgrade
 path_sources_list="/etc/apt/sources.list"
 cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}"
 apt clean
diff --git a/bullseye/etc_files/server/etc/ssh/sshd_config b/bullseye/etc_files/server/etc/ssh/sshd_config
index 8effa74..811e93a 100644
--- a/bullseye/etc_files/server/etc/ssh/sshd_config
+++ b/bullseye/etc_files/server/etc/ssh/sshd_config
@@ -79,7 +79,7 @@ ChallengeResponseAuthentication no
 # be allowed through the ChallengeResponseAuthentication and
 # PasswordAuthentication.  Depending on your PAM configuration,
 # PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin yes
+# the setting of "PermitRootLogin without-password".
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
@@ -121,4 +121,4 @@ Subsystem	sftp	/usr/lib/openssh/sftp-server
 #	AllowTcpForwarding no
 #	PermitTTY no
 #	ForceCommand cvs server
-ClientAliveInterval 120
+ClientAliveInterval 15
diff --git a/bullseye/setup_scripts/init_user_and_keybased_login.sh b/bullseye/setup_scripts/init_user_and_keybased_login.sh
index 4fcc062..475b12f 100755
--- a/bullseye/setup_scripts/init_user_and_keybased_login.sh
+++ b/bullseye/setup_scripts/init_user_and_keybased_login.sh
@@ -21,7 +21,8 @@ ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
 
 # This will be used to log-in as root from plom account.
 echo 'First, enter the old root password; then enter new password three times.'
-ssh root@"${server}" "passwd"
+#ssh root@"${server}" "passwd"
+ssh root@"${server}" "ls"
 
 # Save root password for sshpass
 stty -echo
@@ -40,7 +41,6 @@ export SSHPASS="${PW_ROOT}"
 # would require setting a password for user plom otherwise not needed.
 sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys
 sshpass -e ssh root@"${server}" \
-        'useradd -m plom && '\
         'mkdir /home/plom/.ssh && '\
         'chown plom:plom /home/plom/.ssh && '\
         'chown plom:plom /tmp/authorized_keys && '\