Browse Source

removed bookworm

toastie89 5 months ago
parent
commit
20ca7b79e8
2 changed files with 9 additions and 284 deletions
  1. 9 0
      bookworm.sources.list
  2. 0 284
      bootstrap-bookworm.sh

+ 9 - 0
bookworm.sources.list

@@ -0,0 +1,9 @@
+# Configure sources.list
+cat >$mnt/etc/apt/sources.list <<EOL
+deb [arch=amd64] http://ftp.de.debian.org/debian/ testing main contrib non-free
+deb-src [arch=amd64] http://ftp.de.debian.org/debian/ testing main contrib non-free
+deb [arch=amd64] http://ftp.de.debian.org/debian/ testing-updates main contrib non-free
+deb-src [arch=amd64] http://ftp.de.debian.org/debian/ testing-updates main contrib non-free
+deb [arch=amd64] http://security.debian.org/ testing/updates main contrib non-free
+deb-src [arch=amd64] http://security.debian.org/ testing/updates main contrib non-free
+EOL

+ 0 - 284
bootstrap-bookworm.sh

@@ -1,284 +0,0 @@
-#!/bin/bash -e
-#----------
-# Interactive installation steps for Debian Bullseye from GRML using debootstrap
-
-# Design decisions
-# - Fokus on a simple setup, primarly for VMs
-# - One disk, one partion, swap-file in the same partion as safety net
-# - Use systemd whereever possible (network, ntp, cron, journald logging)
-# - Minimal number of packages & cloud kernel
-# - grub-pc, not efi
-# - random root and admin user password generation
-# - ssh on port 50101 limited to the admin user
-
-# Usage
-# Boot grml and clone repo
-# cp config.sh.template config.sh                    # copy template
-# vi config.sh                                       # update installation variables
-# bootstrap-bookworm.sh install                      # start installation
-# !! Note down the admin passwords and reboot
-# sudo /installer/bootstrap-bookworm.sh postinstall  # run postinstall in the new system
-
-# Variables
-mnt="/mnt/root"  # mountpoint for the new root filesystem
-hostname="somehost.example.com"
-disk="/dev/vda"  # lsblk --list
-disk1=$disk"1"
-netDev="eth0"    # ip link
-netAddress="203.0.113.66/24"
-netGateway="203.0.113.1"
-netBroadcast="203.0.113.255"
-netDNS1="192.0.2.10"
-netDNS2="198.51.100.10"
-netNTP="pool.ntp.org"
-
-[ -f ./config.sh ] && source config.sh
-
-
-# Setup network in grml
-grmlnetwork(){
-ip link show # list interfaces
-ip addr add $netAddress dev $netDev
-ip link set $netDev up
-ip route add default via $netGateway
-echo nameserver $netDNS1 >> /etc/resolv.conf
-echo nameserver $netDNS2 >> /etc/resolv.conf
-}
-
-install(){
-#----------
-# Prepare disks
-# Parition disks -- pkg: parted
-parted $disk -s \
-mklabel msdos \
-mkpart primary ext4 512M 100% toggle 1 boot
-fdisk -l $disk
-
-# Format disks -- pkg: e2fsprogs dosfstools and to file system check
-mkfs.ext4 $disk1 && e2fsck $disk1
-
-# Prepare mount points and mount
-mkdir -p $mnt
-mount $disk1 $mnt
-
-# Create swapfile
-swapfile=$mnt/swapfile
-dd if=/dev/zero of=$swapfile bs=1M count=1024 status=progress # create 1GB  file
-chmod 600 $swapfile #restric permissions
-mkswap $swapfile #format file
-
-#----------
-# Bootstrap -- pkg: debootstrap
-# Remark: Debootstrap does not install recommands!! 
-#debootstrap --variant=minbase --arch=amd64 bookworm $mnt http://ftp2.de.debian.org/debian/
-tar xfzv root.tar.gz --strip-components=1 --directory /mnt/root
-
-#----------
-# Configuration
-# Configure disk mounts
-# Or get UUID from blkid...
-cat >$mnt/etc/fstab <<EOL
-$disk1        /                     ext4 rw       0 0
-/swapfile        none                  swap defaults 0 0
-EOL
-
-# Configure sources.list
-cat >$mnt/etc/apt/sources.list <<EOL
-deb [arch=amd64] http://ftp.de.debian.org/debian/ testing main contrib non-free
-deb-src [arch=amd64] http://ftp.de.debian.org/debian/ testing main contrib non-free
-deb [arch=amd64] http://ftp.de.debian.org/debian/ testing-updates main contrib non-free
-deb-src [arch=amd64] http://ftp.de.debian.org/debian/ testing-updates main contrib non-free
-deb [arch=amd64] http://security.debian.org/ testing/updates main contrib non-free
-deb-src [arch=amd64] http://security.debian.org/ testing/updates main contrib non-free
-EOL
-
-# Configure hostname
-echo "127.0.0.1       $hostname" >> $mnt/etc/hosts
-echo "$hostname"                  > $mnt/etc/hostname
-
-#----------
-# Prepare chroot
-mount -o bind /dev $mnt/dev
-mount -o bind /dev/pts $mnt/dev/pts
-mount -t sysfs /sys $mnt/sys
-mount -t proc /proc $mnt/proc
-cp /proc/mounts $mnt/etc/mtab
-cp /etc/resolv.conf $mnt/etc/resolv.conf
-mkdir -p $mnt/installer
-cp $(dirname `realpath $0`)/*.sh $mnt/installer
-
-# Run script in chroot
-chroot $mnt /bin/bash /installer/bootstrap-bookworm.sh install2
-
-# Install bootloader
-$0 bootloader
-
-}
-
-
-#----------
-# Function executed within chroot
-install2(){
-source /installer/config.sh 
-# Install basic system
-apt-get update
-apt-get install --yes \
-  apt-utils dialog msmtp-mta \
-  systemd-sysv locales tzdata haveged \
-  linux-image-cloud-amd64 grub-pc \
-  iproute2 netbase \
-  ssh sudo \
-  less vim-tiny bash-completion pwgen lsof \
-  dnsutils iputils-ping curl
-
-# Upgrade and clean up
-apt-get upgrade --yes
-apt-get autoremove --yes
-apt-get clean --yes
-
-# Setup users and passwords
-[ -z $pwdAdmin ] && pwdAdmin=`pwgen --capitalize --numerals --ambiguous 12 1`
-useradd admin --create-home --shell /bin/bash
-echo "admin:$pwdAdmin" | chpasswd
-usermod -a -G sudo admin
-echo -e "\e[1;33;4;44mPassword for the user admin: $pwdAdmin\e[0m"
-pass=`pwgen --capitalize --numerals --ambiguous 12 1`
-[ -z $pwdRoot ] && pwdRoot=`pwgen --capitalize --numerals --ambiguous 12 1`
-echo "root:$pwdRoot"   | chpasswd
-echo -e "\e[1;33;4;44mPassword for the user root: $pwdRoot\e[0m"
-
-# Harden SSHD
-echo AllowUsers admin >> /etc/ssh/sshd_config
-sed -i -e 's/#Port 22/Port 50101/g' /etc/ssh/sshd_config
-sed -i -e 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
-
-## Configure network using systemd
-if [ -z $netAddress ]
-then
-## Network OPTION 1 - DHCP
-cat >/etc/systemd/network/20-wired.network <<EOL
-[Match]
-Name=e*
-
-[Network]
-DHCP=ipv4
-IPv6PrivacyExtensions=false
-IPv6AcceptRA=false
-NTP=$netNTP
-EOL
-
-else
-## Network OPTION 2 - static
-cat >/etc/systemd/network/20-wired.network <<EOL
-[Match]
-Name=$netDev
-
-[Network]
-Address=$netAddress
-Gateway=$netGateway
-Broadcast=$netBroadcast
-DNS=$netDNS1
-DNS=$netDNS2
-NTP=$netNTP
-EOL
-fi
-
-# Setup systemd resolver
-rm /etc/resolv.conf
-ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
-systemctl enable systemd-networkd
-# to be checked why port 5353 is opened externally
-sed -i 's/#LLMNR=yes/LLMNR=no/' /etc/systemd/resolved.conf
-systemctl enable systemd-resolved
-
-# Limit journald logging to 1 month, 1 GB in total and split files per week
-cat >>/etc/systemd/journald.conf <<EOL
-# Custom settings
-MaxFileSec=1G
-MaxFileSec=1week
-MaxFileSec=1m
-EOL
-
-# Show errors in motd
-rm /etc/motd   
-cat >/etc/update-motd.d/15-boot-errors<<EOL
-#!/bin/sh
-echo
-journalctl --boot --priority=3 --no-pager
-EOL
-chmod 755 /etc/update-motd.d/15-boot-errors
-
-# Setup keyboard layout
-cat >/etc/default/keyboard <<EOL
-XKBMODEL="pc105"
-XKBLAYOUT="de"
-XKBVARIANT="nodeadkeys"
-XKBOPTIONS=""
-BACKSPACE="guess"
-EOL
-
-# Leave chroot
-exit
-}
-
-
-bootloader(){
-# Install GRUB in /dev/vba
-chroot $mnt /bin/bash -c "grub-install $disk && update-grub"
-}
-
-unmount(){
-# Unmount if mounted
-! mountpoint -q $mnt/proc    || umount $mnt/proc
-! mountpoint -q $mnt/sys     || umount $mnt/sys
-! mountpoint -q $mnt/dev/pts || umount $mnt/dev/pts
-! mountpoint -q $mnt/dev     || umount $mnt/dev
-! mountpoint -q $mnt/root    || umount $mnt/root
-! mountpoint -q $mnt         || umount $mnt
-# Delete mount-point if empty and not mounted
-[ -z "$(ls -A /mnt/)" ] &&  ! mountpoint -q $mnt  && rm -R $mnt
-}
-
-
-postinstall(){
-####----REBOOT into the new system, so we'll have dbus running
-localectl set-locale LANG=de_DE.UTF-8         # Default for LC_* variables not  set. 
-localectl set-locale LC_MESSAGES=en_US.UTF-8  # System messages. 
-#localectl set-locale LC_RESPONSE=en_US.UTF-8  # How responses (such as Yes and No) appear
-update-locale
-timedatectl set-timezone Europe/Berlin
-}
-
-
-# Switch to functions...
-case $1 in
-  grmlnetwork)
-    echo Setup network in grml
-    grmlnetwork
-    ;;
-  install)
-    echo "Stage 1: Start installation"
-    install
-    ;;
-  install2)
-    echo "Stage 2: Start installation in chroot"
-    install2
-    ;;
-  bootloader)
-    echo "Stage 3: Install bootloader and unmount chroot"
-    bootloader
-    unmount
-    echo "We're done and can reboot now"
-    ;;
-  postinstall)
-    echo "Stage 4: Start post-installation in live system"
-    postinstall
-    ;;
-  unmount)
-    echo "Unmount chroot, e.g. in case installation fails"
-    unmount
-    ;;
-  *)
-    echo "Valid functions are: grmlnetwork, install, postinstall and unmount" >&2
-    ;;
-esac