From: Zoltán Felleg Date: Mon, 10 Jun 2024 11:36:40 +0000 (+0200) Subject: Added slycpx.in. X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=11af5fa1ae40d127a6c26b416d84221457f11eac;p=user-lxc.git Added slycpx.in. --- diff --git a/sources/slycpx.in/c3d/firstboot/data/chpasswd.data b/sources/slycpx.in/c3d/firstboot/data/chpasswd.data new file mode 100644 index 0000000..1912f4c --- /dev/null +++ b/sources/slycpx.in/c3d/firstboot/data/chpasswd.data @@ -0,0 +1 @@ +dvasary:pwd diff --git a/sources/slycpx.in/c3d/firstboot/scripts/01_setupnetworking.sh b/sources/slycpx.in/c3d/firstboot/scripts/01_setupnetworking.sh new file mode 100755 index 0000000..f03fe45 --- /dev/null +++ b/sources/slycpx.in/c3d/firstboot/scripts/01_setupnetworking.sh @@ -0,0 +1,85 @@ +#!/bin/sh + + +export PAGER= + + +sleep 1 +systemctl --quiet is-active NetworkManager.service +NM_RC=$? +CYCLES_WAITED=0 +while [ $NM_RC -ne 0 ] +do + if [ $CYCLES_WAITED -ge 10 ] + then + exit 1 + fi + if [ $CYCLES_WAITED -eq 0 ] + then + echo -n "Waiting for NetworkManager" + fi + echo -n . + sleep 1 + CYCLES_WAITED=$(( $CYCLES_WAITED + 1 )) + systemctl --quiet is-active NetworkManager.service + NM_RC=$? +done +[ $CYCLES_WAITED -gt 0 ] && echo + +# wait for the two network connections to come up +CONNECTION_DEVICES_UP=$(nmcli --terse connection show \ + | grep --invert-match ':$' | wc -l) +CYCLES_WAITED=0 +while [ $CONNECTION_DEVICES_UP -lt 2 ] +do + if [ $CYCLES_WAITED -ge 10 ] + then + nmcli connection show + exit 1 + fi + if [ $CYCLES_WAITED -eq 0 ] + then + echo -n "Waiting for the network connection" + fi + echo -n . + sleep 1 + CYCLES_WAITED=$(( $CYCLES_WAITED + 1 )) + CONNECTION_DEVICES_UP=$(nmcli --terse connection show \ + | grep --invert-match ':$' | wc -l) +done +[ $CYCLES_WAITED -gt 0 ] && echo + +CONNECTIONS=$(nmcli --terse connection show | wc -l) +if [ $CONNECTIONS -ne 2 ] +then + echo "Number of connections: $CONNECTIONS instead of 2" >&2 + exit 1 +fi + +CONNECTION_LINE=$(nmcli --terse connection show | grep ':eth0$') +CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') +CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':') + +nmcli connection delete uuid "$CONNECTION_UUID" + +nmcli connection add \ + connection.autoconnect yes \ + connection.id internal \ + connection.interface-name $CONNECTION_DEVICE \ + connection.type 802-3-ethernet \ + ipv4.addresses "10.228.109.44/16" \ + ipv4.dns "10.228.109.159, 10.228.92.159" \ + ipv4.dns-search "in.useribm.hu" \ + ipv4.gateway "10.228.109.254" \ + ipv4.method "manual" \ + ipv6.addresses "2001:1aa1:000a:7dae:000c:18ff:fe03:6d2c/64" \ + ipv6.dns "2001:1aa1:000a:7dae:000c:18ff:fe03:6d9f, 2001:1aa1:000a:7dae:000c:18ff:fe03:5c9f" \ + ipv6.dns-search "in.useribm.hu" \ + ipv6.gateway "2001:1aa1:000a:7dae:000c:18ff:fe03:6dfe" \ + ipv6.method "manual" \ + save yes + +nmcli connection show + +hostnamectl hostname slycpx.in.useribm.hu +hostnamectl diff --git a/sources/slycpx.in/c3d/firstboot/scripts/02_settimezone.sh b/sources/slycpx.in/c3d/firstboot/scripts/02_settimezone.sh new file mode 100755 index 0000000..0ec1bcc --- /dev/null +++ b/sources/slycpx.in/c3d/firstboot/scripts/02_settimezone.sh @@ -0,0 +1,17 @@ +#!/bin/sh + + +sleep 1 +systemctl --quiet is-active dbus.service +DBUS_RC=$? +WAITED=0 +while [ $DBUS_RC -ne 0 ] +do + echo -n . + sleep 1 + WAITED=1 + systemctl --quiet is-active dbus.service + DBUS_RC=$? +done +[ $WAITED -ne 0 ] && echo +timedatectl set-timezone Europe/Budapest diff --git a/sources/slycpx.in/c3d/firstboot/scripts/03_adduser.sh b/sources/slycpx.in/c3d/firstboot/scripts/03_adduser.sh new file mode 100755 index 0000000..261d9b3 --- /dev/null +++ b/sources/slycpx.in/c3d/firstboot/scripts/03_adduser.sh @@ -0,0 +1,13 @@ +#!/bin/sh + + +REAL_PATH=$(realpath $(dirname $0)) +DATA_PATH=$(realpath $REAL_PATH/../data) + + +useradd --uid 11756 --user-group dvasary + +while read UP +do + echo $UP | chpasswd +done <$DATA_PATH/chpasswd.data diff --git a/sources/slycpx.in/c3d/firstboot/scripts/90_setupservices.sh b/sources/slycpx.in/c3d/firstboot/scripts/90_setupservices.sh new file mode 100755 index 0000000..cc4705c --- /dev/null +++ b/sources/slycpx.in/c3d/firstboot/scripts/90_setupservices.sh @@ -0,0 +1,10 @@ +#!/bin/sh + + +systemctl enable slycpx.service +systemctl start slycpx.service +systemctl enable NetworkManager-wait-online.service +systemctl start NetworkManager-wait-online.service + +systemctl enable logrotate.timer +systemctl start logrotate.timer diff --git a/sources/slycpx.in/c3d/mode.txt b/sources/slycpx.in/c3d/mode.txt new file mode 100644 index 0000000..ec2daa3 --- /dev/null +++ b/sources/slycpx.in/c3d/mode.txt @@ -0,0 +1,6 @@ +# mode file (relative to /c3d) +755 firstboot/scripts/*.sh +600 postinstall/install-data/etc/ssh/ssh_host_*_key +644 postinstall/install-data/etc/ssh/ssh_host_*_key.pub +600 postinstall/install-data/etc/ssh/sshd_config.d/*.conf +755 postinstall/scripts/*.sh diff --git a/sources/slycpx.in/c3d/owner.txt b/sources/slycpx.in/c3d/owner.txt new file mode 100644 index 0000000..49158bf --- /dev/null +++ b/sources/slycpx.in/c3d/owner.txt @@ -0,0 +1 @@ +# owner file (relative to /c3d) diff --git a/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key new file mode 100644 index 0000000..9f5b81a --- /dev/null +++ b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACD/3UG+9jgAid9GFLls/QLUchtkDUY+DfkG81GwxmiDAAAAAIidl3rynZd6 +8gAAAAtzc2gtZWQyNTUxOQAAACD/3UG+9jgAid9GFLls/QLUchtkDUY+DfkG81GwxmiDAA +AAAEBEsKerC0xM1UCAVkapkNTSVoflpW2Mbz8/ZdPLSoO3Of/dQb72OACJ30YUuWz9AtRy +G2QNRj4N+QbzUbDGaIMAAAAAAAECAwQF +-----END OPENSSH PRIVATE KEY----- diff --git a/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key-cert.pub b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key-cert.pub new file mode 100644 index 0000000..924a41b --- /dev/null +++ b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key-cert.pub @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAII7Z/2SjVlIaC8nxly3Z4oZavKMgWj5pUnpDmHkTmEEcAAAAIP/dQb72OACJ30YUuWz9AtRyG2QNRj4N+QbzUbDGaIMAAAAAAAAAAAAAAAACAAAAFHNseWNweC5pbi51c2VyaWJtLmh1AAAAAAAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIEXYIIzrUSx8/BQ6/ttkSr5oEyB5F5Yg4bp1DOkqDON9AAAAUwAAAAtzc2gtZWQyNTUxOQAAAEDw774NLiDeoBmKfkpSAZrPRzmjJBsr51WRVdL03Jy55SZARMkRh1CG9wvM0HJeKswnkrLbxoF/lygSHqpO2F4N ssh_host_ed25519_key.pub diff --git a/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key.pub b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key.pub new file mode 100644 index 0000000..a4cb2f6 --- /dev/null +++ b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP/dQb72OACJ30YUuWz9AtRyG2QNRj4N+QbzUbDGaIMA diff --git a/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/sshd_config.d/99-host-cert.conf b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/sshd_config.d/99-host-cert.conf new file mode 100644 index 0000000..173b545 --- /dev/null +++ b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/sshd_config.d/99-host-cert.conf @@ -0,0 +1 @@ +HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub diff --git a/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/sshd_config.d/99-user-CA.conf b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/sshd_config.d/99-user-CA.conf new file mode 100644 index 0000000..115882b --- /dev/null +++ b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/sshd_config.d/99-user-CA.conf @@ -0,0 +1 @@ +TrustedUserCAKeys /etc/ssh/trusted-user-ca.keys diff --git a/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/trusted-user-ca.keys b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/trusted-user-ca.keys new file mode 100644 index 0000000..84d19e3 --- /dev/null +++ b/sources/slycpx.in/c3d/postinstall/install-data/etc/ssh/trusted-user-ca.keys @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICcf/XXU8dNVtbveGmwbdnRJfYIItzxKmgRkzlp0k6r5 user-CA diff --git a/sources/slycpx.in/c3d/postinstall/install-data/etc/sudoers.d/dvasary b/sources/slycpx.in/c3d/postinstall/install-data/etc/sudoers.d/dvasary new file mode 100644 index 0000000..fa5779e --- /dev/null +++ b/sources/slycpx.in/c3d/postinstall/install-data/etc/sudoers.d/dvasary @@ -0,0 +1,2 @@ +## Allow dvasary to run any commands anywhere without a password +dvasary ALL=(ALL) NOPASSWD: ALL diff --git a/sources/slycpx.in/c3d/postinstall/install-data/etc/systemd/system/slycpx.service b/sources/slycpx.in/c3d/postinstall/install-data/etc/systemd/system/slycpx.service new file mode 100644 index 0000000..73ec3e0 --- /dev/null +++ b/sources/slycpx.in/c3d/postinstall/install-data/etc/systemd/system/slycpx.service @@ -0,0 +1,16 @@ +[Unit] +Description=slycpx +After=network.target +StartLimitIntervalSec=0 + +[Service] +Type=simple +Restart=always +RestartSec=1 +KillMode=process +User=root +WorkingDirectory=/opt/slycpx +ExecStart=/usr/bin/java -DSLY-CPX-APPLICATION -jar /opt/slycpx/sly-cpx-app.jar + +[Install] +WantedBy=multi-user.target diff --git a/sources/slycpx.in/c3d/postinstall/scripts/10_setupservices.sh b/sources/slycpx.in/c3d/postinstall/scripts/10_setupservices.sh new file mode 100755 index 0000000..31a9b3f --- /dev/null +++ b/sources/slycpx.in/c3d/postinstall/scripts/10_setupservices.sh @@ -0,0 +1,7 @@ +#!/bin/sh + + +systemctl disable slycpx.service +systemctl disable NetworkManager-wait-online.service + +systemctl disable logrotate.timer diff --git a/sources/start-order.txt b/sources/start-order.txt index 78365a9..d5d005f 100644 --- a/sources/start-order.txt +++ b/sources/start-order.txt @@ -25,9 +25,10 @@ group 6: db2.in 51 fds.in 52 pki.in 53 - slycrm.in 54 - sns.in 55 - wiki.in 56 + slycpx.in 54 + slycrm.in 55 + sns.in 56 + wiki.in 57 group 7: git.pm 61