MODE_LIST=$CONTAINER_BUILDROOT/c3d/mode.txt
if [ -f $MODE_LIST ]
then
+ shopt -s nullglob
grep --invert-match \
--regexp='^#' \
--regexp='^$' $MODE_LIST | while read LINE
do
TGT_MODE=$(echo "$LINE" | cut -f 1 -d ' ')
- TGT_PATH=$(echo "$LINE" | cut -f 2 -d ' ')
- chmod $TGT_MODE $CONTAINER_BUILDROOT/c3d/$TGT_PATH
+ GLOB_TGT_PATH=$(echo "$LINE" | cut -f 2 -d ' ')
+ for TGT_PATH in $CONTAINER_BUILDROOT/c3d/$GLOB_TGT_PATH
+ do
+ chmod $TGT_MODE $TGT_PATH
+ done
done
+ shopt -u nullglob
fi
echo "Created and populated the container creation and configuration directory."
OWNER_LIST=$CONTAINER_BUILDROOT/c3d/owner.txt
if [ -f $OWNER_LIST ]
then
+ shopt -s nullglob
grep --invert-match \
--regexp='^#' \
--regexp='^$' $OWNER_LIST | while read LINE
chroot $CONTAINER_BUILDROOT chown $TGT_OWNER $TGT_PATH
done
done
+ shopt -u nullglob
fi
echo "Set ownership of the container creation and configuration directory files."
--- /dev/null
+#!/bin/sh
+
+
+sleep 1
+systemctl --quiet is-active NetworkManager.service
+NM_RC=$?
+WAITED=0
+while [ $NM_RC -ne 0 ]
+do
+ echo -n .
+ sleep 1
+ WAITED=1
+ systemctl --quiet is-active NetworkManager.service
+ NM_RC=$?
+done
+[ $WAITED -eq 1 ] && echo
+
+CONNECTIONS=$(nmcli --terse connection show | wc -l)
+while [ $CONNECTIONS -ne 1 ]
+do
+ echo "Number of connections: $CONNECTIONS" >&2
+ sleep 1
+ CONNECTIONS=$(nmcli --terse connection show | wc -l)
+done
+
+nmcli --terse connection show | grep ':$' >/dev/null
+ALL_CONNECTION_DEVICES_KNOWN=$?
+while [ $ALL_CONNECTION_DEVICES_KNOWN -eq 0 ]
+do
+ echo "Not all connection devices are known yet" >&2
+ sleep 1
+ nmcli --terse connection show | grep ':$' >/dev/null
+ ALL_CONNECTION_DEVICES_KNOWN=$?
+done
+
+CONNECTION_LINE=$(nmcli --terse connection show)
+CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':')
+CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':')
+
+nmcli connection delete uuid "$CONNECTION_UUID"
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id internal \
+ connection.interface-name $CONNECTION_DEVICE \
+ connection.type 802-3-ethernet \
+ ipv4.addresses "10.228.109.171/16" \
+ ipv4.dns "10.228.109.159, 10.228.92.159" \
+ ipv4.dns-search "in.useribm.hu" \
+ ipv4.gateway "10.228.109.254" \
+ ipv4.method "manual" \
+ ipv6.addresses "2a02:d400:0000:f268:000c:18ff:fe03:6dab/64" \
+ ipv6.dns "2a02:d400:0000:f268:000c:18ff:fe03:5c9f, 2a02:d400:0000:f268:000c:18ff:fe03:6d9f" \
+ ipv6.dns-search "in.useribm.hu" \
+ ipv6.gateway "2a02:d400:0000:f268:000c:18ff:fe03:6dfe" \
+ ipv6.method "manual" \
+ save yes
+
+nmcli connection show
--- /dev/null
+#!/bin/sh
+
+
+sleep 1
+systemctl --quiet is-active dbus.service
+DBUS_RC=$?
+WAITED=0
+while [ $DBUS_RC -ne 0 ]
+do
+ if [ $WAITED -eq 0 ]
+ then
+ echo -n "Waiting for dbus.service"
+ fi
+ echo -n .
+ sleep 1
+ WAITED=1
+ systemctl --quiet is-active dbus.service
+ DBUS_RC=$?
+done
+[ $WAITED -ne 0 ] && echo
+timedatectl set-timezone Europe/Budapest
--- /dev/null
+#!/bin/sh
+
+
+/usr/local/bin/restoreletsencrypt.sh
--- /dev/null
+# mode file (relative to /c3d)
+755 firstboot/scripts/*.sh
+440 postinstall/install-data/etc/ssh/ssh_host_*_key
+444 postinstall/install-data/etc/ssh/ssh_host_*_key.pub
+600 postinstall/install-data/etc/ssh/sshd_config.d/*.conf
+755 postinstall/install-data/root/certbot.sh
+600 postinstall/install-data/root/rfc2136.ini
+755 postinstall/install-data/usr/local/bin/*.sh
+755 postinstall/scripts/*.sh
--- /dev/null
+# owner file (relative to /c3d)
+root.ssh_keys postinstall/install-data/etc/ssh/ssh_host_*_key
--- /dev/null
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACBTtfM0pi5Ju5iCb5s1OiVVzRDfjNAUmJgSdhV1lye7HwAAAIj/h81+/4fN
+fgAAAAtzc2gtZWQyNTUxOQAAACBTtfM0pi5Ju5iCb5s1OiVVzRDfjNAUmJgSdhV1lye7Hw
+AAAEAzOkl9MPG6s0UBMYJAjp/5NHWoDydFO1DRGK+UCZpQyFO18zSmLkm7mIJvmzU6JVXN
+EN+M0BSYmBJ2FXWXJ7sfAAAAAAECAwQF
+-----END OPENSSH PRIVATE KEY-----
--- /dev/null
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIAMeQaRoJvvx9n4zx+YB8mIJSYr84KitKGNJRQRHLLkFAAAAIFO18zSmLkm7mIJvmzU6JVXNEN+M0BSYmBJ2FXWXJ7sfAAAAAAAAAAAAAAACAAAAEXBraS5pbi51c2VyaWJtLmh1AAAAFQAAABFwa2kuaW4udXNlcmlibS5odQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIEXYIIzrUSx8/BQ6/ttkSr5oEyB5F5Yg4bp1DOkqDON9AAAAUwAAAAtzc2gtZWQyNTUxOQAAAEC7EmyytSsRsBxqatA+Rm0LF/P+bM72BQ3QnHs+JCeXdDYA0F+TQ61m/bnVvWKJeJxRu+TKyGnCr0lerUDZ7REN ssh_host_ed25519_key.pub
--- /dev/null
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFO18zSmLkm7mIJvmzU6JVXNEN+M0BSYmBJ2FXWXJ7sf
--- /dev/null
+HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
--- /dev/null
+TrustedUserCAKeys /etc/ssh/trusted-user-ca.keys
--- /dev/null
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICcf/XXU8dNVtbveGmwbdnRJfYIItzxKmgRkzlp0k6r5 user-CA
--- /dev/null
+#!/bin/sh
+
+
+if [ -d /etc/letsencrypt ]
+then
+ rm --force --recursive /etc/letsencrypt.old
+ mv /etc/letsencrypt /etc/letsencrypt.old
+fi
+echo "Trying to generate certificates"
+# testing/temporary/staging
+# --staging \
+certbot certonly \
+ --agree-tos \
+ --cert-name useribm \
+ --dns-rfc2136 \
+ --dns-rfc2136-credentials /root/rfc2136.ini \
+ --dns-rfc2136-propagation-seconds 120 \
+ --domains *.useribm.hu \
+ --domains useribm.hu \
+ --preferred-challenges dns \
+ -m siteadmin@useribm.hu
+RC=$?
+echo "RC: $RC"
+certbot certonly \
+ --agree-tos \
+ --cert-name userrendszerhaz \
+ --dns-rfc2136 \
+ --dns-rfc2136-credentials /root/rfc2136.ini \
+ --dns-rfc2136-propagation-seconds 120 \
+ --domains *.userrendszerhaz.hu \
+ --domains userrendszerhaz.hu \
+ --preferred-challenges dns \
+ -m siteadmin@userrendszerhaz.hu
+RC=$?
+echo "RC: $RC"
--- /dev/null
+# Target DNS server
+dns_rfc2136_server = 10.228.109.204
+# Target DNS port
+dns_rfc2136_port = 53
+# TSIG key name
+dns_rfc2136_name = certbot
+# TSIG key secret
+dns_rfc2136_secret = bscfztEn7MihBX6haJj1kNeKLpKo0aVs82LYfqpIpkk=
+# TSIG key algorithm
+dns_rfc2136_algorithm = HMAC-SHA256
--- /dev/null
+#!/bin/sh
+set -x
+
+
+BACKUP_BASE=$(mktemp --directory)
+TMP_PATH=$(dirname $BACKUP_BASE)
+
+
+tar --create \
+ --directory=/etc \
+ --file $TMP_PATH/letsencrypt.tar \
+ letsencrypt
+
+rm --force --recursive $BACKUP_BASE
--- /dev/null
+#!/bin/sh
+set -x
+
+
+POSTINSTALL_SCP_PATH=/c3d/postinstall/scp
+RESTORE_BASE=$(mktemp --directory)
+TMP_PATH=$(dirname $RESTORE_BASE)
+
+
+if [ ! -f $POSTINSTALL_SCP_PATH/letsencrypt.tar ]
+then
+ echo "No restore file found, exiting" >&2
+ exit 1
+fi
+
+if [ -d /etc/letsencrypt ]
+then
+ rm --force --recursive /etc/letsencrypt.old
+ mv /etc/letsencrypt /etc/letsencrypt.old
+fi
+
+tar --extract \
+ --directory=/etc \
+ --file $POSTINSTALL_SCP_PATH/letsencrypt.tar
+
+rm --force --recursive $RESTORE_BASE
--- /dev/null
+# source_host source_path
+pki.in.useribm.hu /tmp/letsencrypt.tar
--- /dev/null
+# target_host target_user target_executable
+pki.in.useribm.hu root /usr/local/bin/backupletsencrypt.sh
--- /dev/null
+lxc.include = /usr/share/lxc/config/common.conf
+
+lxc.arch = x86_64
+lxc.uts.name = pki.in.useribm.hu
+lxc.rootfs.path = __CONTAINER_PATH__/rootfs
+lxc.mount.auto = proc:rw sys:ro
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.link = brci-dev
+lxc.net.0.hwaddr = 02:0c:18:03:6d:ab
+
+lxc.autodev = 1
+
+lxc.cgroup2.devices.allow = a
+
+lxc.signal.halt = SIGRTMIN+4
+
+lxc.start.auto = 1
+lxc.start.order = __CONTAINER_START_ORDER__
+lxc.start.delay = 5
--- /dev/null
+DISTRIBUTION=Fedora
+DISTRIBUTION_VERSION=35
+SPEC_PACKAGES="certbot python3-certbot-dns-rfc2136 openssh-clients openssh-server vim-enhanced"
https://git.useribm.hu / user-lxc.git / commitdiff