Added slycpx.in.

diff --git a/sources/slycpx.in/c3d/firstboot/data/chpasswd.data b/sources/slycpx.in/c3d/firstboot/data/chpasswd.data
new file mode 100644 (file)
index 0000000..1912f4c
--- /dev/null
+++ b/sources/slycpx.in/c3d/firstboot/data/chpasswd.data
@@ -0,0 +1 @@
+dvasary:pwd

diff --git a/sources/slycpx.in/c3d/firstboot/scripts/01_setupnetworking.sh b/sources/slycpx.in/c3d/firstboot/scripts/01_setupnetworking.sh
new file mode 100755 (executable)
index 0000000..f03fe45
--- /dev/null
+++ b/sources/slycpx.in/c3d/firstboot/scripts/01_setupnetworking.sh
@@ -0,0 +1,85 @@
+#!/bin/sh
+
+
+export PAGER=
+
+
+sleep 1
+systemctl --quiet is-active NetworkManager.service
+NM_RC=$?
+CYCLES_WAITED=0
+while [ $NM_RC -ne 0 ]
+do
+    if [ $CYCLES_WAITED -ge 10 ]
+    then
+        exit 1
+    fi
+    if [ $CYCLES_WAITED -eq 0 ]
+    then
+        echo -n "Waiting for NetworkManager"
+    fi
+    echo -n .
+    sleep 1
+    CYCLES_WAITED=$(( $CYCLES_WAITED + 1 ))
+    systemctl --quiet is-active NetworkManager.service
+    NM_RC=$?
+done
+[ $CYCLES_WAITED -gt 0 ] && echo
+
+# wait for the two network connections to come up
+CONNECTION_DEVICES_UP=$(nmcli --terse connection show \
+                            | grep --invert-match ':$' | wc -l)
+CYCLES_WAITED=0
+while [ $CONNECTION_DEVICES_UP -lt 2 ]
+do
+    if [ $CYCLES_WAITED -ge 10 ]
+    then
+        nmcli connection show
+        exit 1
+    fi
+    if [ $CYCLES_WAITED -eq 0 ]
+    then
+        echo -n "Waiting for the network connection"
+    fi
+    echo -n .
+    sleep 1
+    CYCLES_WAITED=$(( $CYCLES_WAITED + 1 ))
+    CONNECTION_DEVICES_UP=$(nmcli --terse connection show \
+                                | grep --invert-match ':$' | wc -l)
+done
+[ $CYCLES_WAITED -gt 0 ] && echo
+
+CONNECTIONS=$(nmcli --terse connection show | wc -l)
+if [ $CONNECTIONS -ne 2 ]
+then
+    echo "Number of connections: $CONNECTIONS instead of 2" >&2
+    exit 1
+fi
+
+CONNECTION_LINE=$(nmcli --terse connection show | grep ':eth0$')
+CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':')
+CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':')
+
+nmcli connection delete uuid "$CONNECTION_UUID"
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id internal \
+    connection.interface-name $CONNECTION_DEVICE \
+    connection.type 802-3-ethernet \
+    ipv4.addresses "10.228.109.44/16" \
+    ipv4.dns "10.228.109.159, 10.228.92.159" \
+    ipv4.dns-search "in.useribm.hu" \
+    ipv4.gateway "10.228.109.254" \
+    ipv4.method "manual" \
+    ipv6.addresses "2001:1aa1:000a:7dae:000c:18ff:fe03:6d2c/64" \
+    ipv6.dns "2001:1aa1:000a:7dae:000c:18ff:fe03:6d9f, 2001:1aa1:000a:7dae:000c:18ff:fe03:5c9f" \
+    ipv6.dns-search "in.useribm.hu" \
+    ipv6.gateway "2001:1aa1:000a:7dae:000c:18ff:fe03:6dfe" \
+    ipv6.method "manual" \
+    save yes
+
+nmcli connection show
+
+hostnamectl hostname slycpx.in.useribm.hu
+hostnamectl

diff --git a/sources/slycpx.in/c3d/firstboot/scripts/02_settimezone.sh b/sources/slycpx.in/c3d/firstboot/scripts/02_settimezone.sh
new file mode 100755 (executable)
index 0000000..0ec1bcc
--- /dev/null
+++ b/sources/slycpx.in/c3d/firstboot/scripts/02_settimezone.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+
+sleep 1
+systemctl --quiet is-active dbus.service
+DBUS_RC=$?
+WAITED=0
+while [ $DBUS_RC -ne 0 ]
+do
+    echo -n .
+    sleep 1
+    WAITED=1
+    systemctl --quiet is-active dbus.service
+    DBUS_RC=$?
+done
+[ $WAITED -ne 0 ] && echo
+timedatectl set-timezone Europe/Budapest

diff --git a/sources/slycpx.in/c3d/firstboot/scripts/03_adduser.sh b/sources/slycpx.in/c3d/firstboot/scripts/03_adduser.sh
new file mode 100755 (executable)
index 0000000..261d9b3
--- /dev/null
+++ b/sources/slycpx.in/c3d/firstboot/scripts/03_adduser.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+
+REAL_PATH=$(realpath $(dirname $0))
+DATA_PATH=$(realpath $REAL_PATH/../data)
+
+
+useradd --uid 11756 --user-group dvasary
+
+while read UP
+do
+    echo $UP | chpasswd
+done <$DATA_PATH/chpasswd.data

diff --git a/sources/slycpx.in/c3d/firstboot/scripts/90_setupservices.sh b/sources/slycpx.in/c3d/firstboot/scripts/90_setupservices.sh
new file mode 100755 (executable)
index 0000000..cc4705c
--- /dev/null
+++ b/sources/slycpx.in/c3d/firstboot/scripts/90_setupservices.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+
+systemctl enable slycpx.service
+systemctl start slycpx.service
+systemctl enable NetworkManager-wait-online.service
+systemctl start NetworkManager-wait-online.service
+
+systemctl enable logrotate.timer
+systemctl start logrotate.timer

diff --git a/sources/slycpx.in/c3d/mode.txt b/sources/slycpx.in/c3d/mode.txt
new file mode 100644 (file)
index 0000000..ec2daa3
--- /dev/null
+++ b/sources/slycpx.in/c3d/mode.txt
@@ -0,0 +1,6 @@
+# mode file (relative to /c3d)
+755 firstboot/scripts/*.sh
+600 postinstall/install-data/etc/ssh/ssh_host_*_key
+644 postinstall/install-data/etc/ssh/ssh_host_*_key.pub
+600 postinstall/install-data/etc/ssh/sshd_config.d/*.conf
+755 postinstall/scripts/*.sh

diff --git a/sources/slycpx.in/c3d/owner.txt b/sources/slycpx.in/c3d/owner.txt
new file mode 100644 (file)
index 0000000..49158bf
--- /dev/null
+++ b/sources/slycpx.in/c3d/owner.txt
@@ -0,0 +1 @@
+# owner file (relative to /c3d)

diff --git a/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key
new file mode 100644 (file)
index 0000000..9f5b81a
--- /dev/null
+++ b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACD/3UG+9jgAid9GFLls/QLUchtkDUY+DfkG81GwxmiDAAAAAIidl3rynZd6
+8gAAAAtzc2gtZWQyNTUxOQAAACD/3UG+9jgAid9GFLls/QLUchtkDUY+DfkG81GwxmiDAA
+AAAEBEsKerC0xM1UCAVkapkNTSVoflpW2Mbz8/ZdPLSoO3Of/dQb72OACJ30YUuWz9AtRy
+G2QNRj4N+QbzUbDGaIMAAAAAAAECAwQF
+-----END OPENSSH PRIVATE KEY-----

diff --git a/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key-cert.pub b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key-cert.pub
new file mode 100644 (file)
index 0000000..924a41b
--- /dev/null
+++ b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key-cert.pub
@@ -0,0 +1 @@
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAII7Z/2SjVlIaC8nxly3Z4oZavKMgWj5pUnpDmHkTmEEcAAAAIP/dQb72OACJ30YUuWz9AtRyG2QNRj4N+QbzUbDGaIMAAAAAAAAAAAAAAAACAAAAFHNseWNweC5pbi51c2VyaWJtLmh1AAAAAAAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIEXYIIzrUSx8/BQ6/ttkSr5oEyB5F5Yg4bp1DOkqDON9AAAAUwAAAAtzc2gtZWQyNTUxOQAAAEDw774NLiDeoBmKfkpSAZrPRzmjJBsr51WRVdL03Jy55SZARMkRh1CG9wvM0HJeKswnkrLbxoF/lygSHqpO2F4N ssh_host_ed25519_key.pub

diff --git a/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key.pub b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key.pub
new file mode 100644 (file)
index 0000000..a4cb2f6
--- /dev/null
+++ b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP/dQb72OACJ30YUuWz9AtRyG2QNRj4N+QbzUbDGaIMA 

diff --git a/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/sshd_config.d/99-host-cert.conf b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/sshd_config.d/99-host-cert.conf
new file mode 100644 (file)
index 0000000..173b545
--- /dev/null
+++ b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/sshd_config.d/99-host-cert.conf
@@ -0,0 +1 @@
+HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub

diff --git a/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/sshd_config.d/99-user-CA.conf b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/sshd_config.d/99-user-CA.conf
new file mode 100644 (file)
index 0000000..115882b
--- /dev/null
+++ b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/sshd_config.d/99-user-CA.conf
@@ -0,0 +1 @@
+TrustedUserCAKeys /etc/ssh/trusted-user-ca.keys

diff --git a/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/trusted-user-ca.keys b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/trusted-user-ca.keys
new file mode 100644 (file)
index 0000000..84d19e3
--- /dev/null
+++ b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/trusted-user-ca.keys
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICcf/XXU8dNVtbveGmwbdnRJfYIItzxKmgRkzlp0k6r5 user-CA

diff --git a/sources/slycpx.in/c3d/postinstall/install-data/etc/sudoers.d/dvasary b/sources/slycpx.in/c3d/postinstall/install-data/etc/sudoers.d/dvasary
new file mode 100644 (file)
index 0000000..fa5779e
--- /dev/null
+++ b/sources/slycpx.in/c3d/postinstall/install-data/etc/sudoers.d/dvasary
@@ -0,0 +1,2 @@
+## Allow dvasary to run any commands anywhere without a password
+dvasary        ALL=(ALL)       NOPASSWD: ALL

diff --git a/sources/slycpx.in/c3d/postinstall/install-data/etc/systemd/system/slycpx.service b/sources/slycpx.in/c3d/postinstall/install-data/etc/systemd/system/slycpx.service
new file mode 100644 (file)
index 0000000..73ec3e0
--- /dev/null
+++ b/sources/slycpx.in/c3d/postinstall/install-data/etc/systemd/system/slycpx.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=slycpx
+After=network.target
+StartLimitIntervalSec=0
+
+[Service]
+Type=simple
+Restart=always
+RestartSec=1
+KillMode=process
+User=root
+WorkingDirectory=/opt/slycpx
+ExecStart=/usr/bin/java -DSLY-CPX-APPLICATION -jar /opt/slycpx/sly-cpx-app.jar
+
+[Install]
+WantedBy=multi-user.target

diff --git a/sources/slycpx.in/c3d/postinstall/scripts/10_setupservices.sh b/sources/slycpx.in/c3d/postinstall/scripts/10_setupservices.sh
new file mode 100755 (executable)
index 0000000..31a9b3f
--- /dev/null
+++ b/sources/slycpx.in/c3d/postinstall/scripts/10_setupservices.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+
+systemctl disable slycpx.service
+systemctl disable NetworkManager-wait-online.service
+
+systemctl disable logrotate.timer

diff --git a/sources/start-order.txt b/sources/start-order.txt
index 78365a9c77862c959fed1611d9cb4dc618aeef76..d5d005f9e012d736dc018cc0c0917dff8189596a 100644 (file)
--- a/sources/start-order.txt
+++ b/sources/start-order.txt
@@ -25,9 +25,10 @@ group 6:
   db2.in       51
   fds.in       52
   pki.in       53
-  slycrm.in    54
-  sns.in       55
-  wiki.in      56
+  slycpx.in    54
+  slycrm.in    55
+  sns.in       56
+  wiki.in      57
 
 group 7:
   git.pm       61