summaryrefslogtreecommitdiffstats
path: root/elchos/root-image/root
diff options
context:
space:
mode:
Diffstat (limited to 'elchos/root-image/root')
-rwxr-xr-xelchos/root-image/root/.automated_script.sh34
-rw-r--r--elchos/root-image/root/.zlogin1
-rwxr-xr-xelchos/root-image/root/customize_root_image.sh81
3 files changed, 116 insertions, 0 deletions
diff --git a/elchos/root-image/root/.automated_script.sh b/elchos/root-image/root/.automated_script.sh
new file mode 100755
index 00000000..fb106dae
--- /dev/null
+++ b/elchos/root-image/root/.automated_script.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+script_cmdline ()
+{
+ local param
+ for param in $(< /proc/cmdline); do
+ case "${param}" in
+ script=*) echo "${param##*=}" ; return 0 ;;
+ esac
+ done
+}
+
+automated_script ()
+{
+ local script rt
+ script="$(script_cmdline)"
+ if [[ -n "${script}" && ! -x /tmp/startup_script ]]; then
+ if [[ "${script}" =~ ^http:// || "${script}" =~ ^ftp:// ]]; then
+ wget "${script}" --retry-connrefused -q -O /tmp/startup_script >/dev/null
+ rt=$?
+ else
+ cp "${script}" /tmp/startup_script
+ rt=$?
+ fi
+ if [[ ${rt} -eq 0 ]]; then
+ chmod +x /tmp/startup_script
+ /tmp/startup_script
+ fi
+ fi
+}
+
+if [[ $(tty) == "/dev/tty1" ]]; then
+ automated_script
+fi
diff --git a/elchos/root-image/root/.zlogin b/elchos/root-image/root/.zlogin
new file mode 100644
index 00000000..f598e43e
--- /dev/null
+++ b/elchos/root-image/root/.zlogin
@@ -0,0 +1 @@
+~/.automated_script.sh
diff --git a/elchos/root-image/root/customize_root_image.sh b/elchos/root-image/root/customize_root_image.sh
new file mode 100755
index 00000000..1c6abea0
--- /dev/null
+++ b/elchos/root-image/root/customize_root_image.sh
@@ -0,0 +1,81 @@
+#!/bin/bash
+
+set -e -u -f
+reaktor_user=reaktor
+ncdc_user=hooker
+rootpw=$(dd if=/dev/urandom bs=1 count=100 2>/dev/null |md5sum | awk '{print $1}' | dd bs=1 count=9 2>/dev/null)
+sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen
+locale-gen
+
+ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
+#timedatectl set-timezone Europe/Berlin
+
+usermod -s /usr/bin/zsh root
+cp -aT /etc/skel/ /root/
+
+useradd -m -p "" -g users -G "adm,audio,floppy,log,network,rfkill,scanner,storage,optical,power,wheel" -s /usr/bin/zsh pimp || :
+
+mkdir -p /home/pimp/.ssh/ /root/.ssh/
+cp /krebs/etc/authorized_keys /home/pimp/.ssh/
+cp /krebs/etc/vsftpd.conf /etc/
+chown pimp -R /home/pimp/.ssh/
+chmod 700 -R /home/pimp/.ssh/
+
+cp /krebs/etc/authorized_keys /root/.ssh/
+
+useradd -m $ncdc_user ||:
+
+chown -R root:root /etc /root /krebs
+chmod 750 /etc/sudoers.d
+chmod 440 /etc/sudoers.d/g_wheel
+
+sed -i "s/#Server/Server/g" /etc/pacman.d/mirrorlist
+sed -i 's/#\(Storage=\)auto/\1volatile/' /etc/systemd/journald.conf
+
+/krebs/bin/vim_sane_defaults.ship
+sudo -u pimp /krebs/bin/vim_sane_defaults.ship
+
+## load latest ncdc if not available
+test -e /usr/bin/ncdc || \
+ curl http://dev.yorhel.nl/download/ncdc-linux-x86_64-1.19.tar.gz | \
+ tar xz -C "/usr/bin"
+
+## load latest painload if not available
+test ! -e /krebs/painload/Reaktor && \
+ curl https://codeload.github.com/krebscode/painload/tar.gz/master | \
+ tar xz -C "/krebs" && \
+ mv /krebs/painload-master /krebs/painload
+
+useradd -m $reaktor_user -s /krebs/bin/reaktor-shell.sh || :
+## needed to see the hidden service hostname
+echo "$reaktor_user ALL=(tor) NOPASSWD: /krebs/bin/tor-get-hidden-service.sh" >> /etc/sudoers.d/reaktor
+echo "$reaktor_user ALL=(root) NOPASSWD: /krebs/bin/refresh-shares.ship" >> /etc/sudoers.d/reaktor
+echo "$reaktor_user ALL=($ncdc_user) NOPASSWD: ALL" >> /etc/sudoers.d/reaktor
+echo "$reaktor_user ALL=(root) NOPASSWD: /usr/bin/reboot" >> /etc/sudoers.d/reaktor
+echo
+cp /krebs/painload/Reaktor/etc/systemd/system/Reaktor@.service \
+ /etc/systemd/system
+# add bonus features for elch
+cp -a /krebs/etc/Reaktor /krebs/painload
+
+# emergency root passwd
+printf "!!!!!!\nthe Root PW is '%s'\n!!!!!!\n" "$rootpw"
+(printf "%s\n%s\n" "$rootpw" "$rootpw" ) | passwd
+cd /krebs/painload/Reaktor/
+touch auth.lst admin.lst
+chown reaktor:reaktor auth.lst admin.lst
+for i in multi-user.target \
+ pacman-init.service \
+ choose-mirror.service \
+ tor-configure-hidden.service \
+ Reaktor.service \
+ elch-hostname.service \
+ start-ncdc@${ncdc_user}.service \
+ sshd.service \
+ collectd.service \
+ hddtemp.service \
+ vsftpd.service \
+ ntpdate.service \
+ tor.service ;do
+ systemctl enable "$i"
+done