-
Notifications
You must be signed in to change notification settings - Fork 4
/
postinstall
executable file
·51 lines (38 loc) · 2.25 KB
/
postinstall
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#!/bin/sh
set -e
# empty message of the day.
echo -n > /etc/motd
# remove some unused packages
DEBIAN_FRONTEND=noninteractive apt-get purge -y laptop-detect tasksel emacsen-common ienglish-common ispell
# install some additional packages
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends linux-headers-amd64 openssh-server sudo time openssl gnutls-bin zip unzip bzip2 lynx vim vim-scripts curl whois net-tools patch telnet sqlite3 strace lsof less screen rsync git git-lfs dos2unix myrepos traceroute bash-completion socat busybox psmisc man-db dnsutils unattended-upgrades gpg-agent gnupg software-properties-common tcpdump make gzrt jq bash zsh htop dbus-user-session fuse3 acl python3-venv python3-pip python3-setuptools python3-wheel python3-psutil python3-pylibacl python3-sh python3-prometheus-client rdiff-backup xfsprogs smartmontools
# members of `sudo` group are not asked for password.
sed -i 's/^%sudo\tALL=(ALL:ALL) ALL/%sudo\tALL=(ALL:ALL) NOPASSWD:ALL/' /etc/sudoers
# new users should be put into the "users" group
sed -i 's/^USERGROUPS=yes/USERGROUPS=no/' /etc/adduser.conf
# fix the time server configuration
sed -i 's/^#NTP=/NTP=us.pool.ntp.org/' /etc/systemd/timesyncd.conf
# unpack the postinstall tar file
tar -z -x -C /tmp -f /tmp/postinstall.tar.gz
# install global things and root things
mkdir -m700 -p /root/.ssh
cp /tmp/postinstall.d/resolv.conf /etc/resolv.conf
cp /tmp/postinstall.d/apt.conf.d/50unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades
cp /tmp/postinstall.d/apt.conf.d/20auto-upgrades /etc/apt/apt.conf.d/20auto-upgrades
cp /tmp/postinstall.d/vimrc /root/.vimrc
cp /tmp/postinstall.d/bash_login /root/.bash_login
# add our sudoers file for paul
cp /tmp/postinstall.d/sudoers /etc/sudoers.d/paul
chmod 400 /etc/sudoers.d/paul
# install ssh keys and other things for paul user
mkdir -m700 -p /home/paul/.ssh
cp /tmp/postinstall.d/authorized_keys /home/paul/.ssh/authorized_keys
cp /tmp/postinstall.d/vimrc /home/paul/.vimrc
cp /tmp/postinstall.d/bash_login /home/paul/.bash_login
# fix permissions on root home directory
chmod 700 /root
chmod 600 /root/.bash_login
# fix permissions on paul home directory
chown -R paul:paul /home/paul
chmod 700 /home/paul
chmod 600 /home/paul/.bash_login /home/paul/.ssh/authorized_keys