|
@@ -3,10 +3,20 @@
|
|
|
# Interactive installation steps for Debian Bullseye from GRML using debootstrap
|
|
# Interactive installation steps for Debian Bullseye from GRML using debootstrap
|
|
|
|
|
|
|
|
# Design decisions
|
|
# Design decisions
|
|
|
-# - Add a small file-based swap partition as safety net
|
|
|
|
|
|
|
+# - Fokus on a simple setup, primarly for VMs
|
|
|
|
|
+# - One disk, one partion, swap-file in the same partion as safety net
|
|
|
# - Use systemd whereever possible (network, ntp, cron, journald logging)
|
|
# - Use systemd whereever possible (network, ntp, cron, journald logging)
|
|
|
-# - One partion on /dev/vda
|
|
|
|
|
# - Minimal number of packages & cloud kernel
|
|
# - Minimal number of packages & cloud kernel
|
|
|
|
|
+# - grub-pc, not efi
|
|
|
|
|
+# - random root and admin user password generation
|
|
|
|
|
+
|
|
|
|
|
+# Usage
|
|
|
|
|
+# Boot grml and clone repo
|
|
|
|
|
+# cp config.sh.template config.sh # copy template
|
|
|
|
|
+# vi config.sh # update installation variables
|
|
|
|
|
+# bootstrap-bullseye.sh install # start installation
|
|
|
|
|
+# !! Note down the admin passwords and reboot
|
|
|
|
|
+# sudo /installer/bootstrap-bullseye.sh postinstall # run postinstall in the new system
|
|
|
|
|
|
|
|
# Variables
|
|
# Variables
|
|
|
mnt="/mnt/root" # mountpoint for the new root filesystem
|
|
mnt="/mnt/root" # mountpoint for the new root filesystem
|
|
@@ -23,6 +33,7 @@ netNTP="pool.ntp.org"
|
|
|
|
|
|
|
|
[ -f ./config.sh ] && source config.sh
|
|
[ -f ./config.sh ] && source config.sh
|
|
|
|
|
|
|
|
|
|
+
|
|
|
# Setup network in grml
|
|
# Setup network in grml
|
|
|
grmlnetwork(){
|
|
grmlnetwork(){
|
|
|
ip link show # list interfaces
|
|
ip link show # list interfaces
|
|
@@ -56,7 +67,6 @@ dd if=/dev/zero of=$swapfile bs=1M count=1024 status=progress # create 1GB file
|
|
|
chmod 600 $swapfile #restric permissions
|
|
chmod 600 $swapfile #restric permissions
|
|
|
mkswap $swapfile #format file
|
|
mkswap $swapfile #format file
|
|
|
|
|
|
|
|
-
|
|
|
|
|
#----------
|
|
#----------
|
|
|
# Bootstrap -- pkg: debootstrap
|
|
# Bootstrap -- pkg: debootstrap
|
|
|
# Remark: Debootstrap does not install recommands!!
|
|
# Remark: Debootstrap does not install recommands!!
|
|
@@ -104,6 +114,7 @@ $0 bootloader
|
|
|
|
|
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+
|
|
|
#----------
|
|
#----------
|
|
|
# Function executed within chroot
|
|
# Function executed within chroot
|
|
|
install2(){
|
|
install2(){
|
|
@@ -123,13 +134,15 @@ apt-get upgrade --yes
|
|
|
apt-get autoremove --yes
|
|
apt-get autoremove --yes
|
|
|
apt-get clean --yes
|
|
apt-get clean --yes
|
|
|
|
|
|
|
|
-# Setup users
|
|
|
|
|
|
|
+# Setup users and passwords
|
|
|
pass=`pwgen --capitalize --numerals --ambiguous 12 1`
|
|
pass=`pwgen --capitalize --numerals --ambiguous 12 1`
|
|
|
useradd admin --create-home --shell /bin/bash
|
|
useradd admin --create-home --shell /bin/bash
|
|
|
echo "admin:$pass" | chpasswd
|
|
echo "admin:$pass" | chpasswd
|
|
|
-echo 'root:sa' | chpasswd
|
|
|
|
|
usermod -a -G sudo admin
|
|
usermod -a -G sudo admin
|
|
|
echo -e "\e[1;33;4;44mPassword for the user admin: $pass\e[0m"
|
|
echo -e "\e[1;33;4;44mPassword for the user admin: $pass\e[0m"
|
|
|
|
|
+pass=`pwgen --capitalize --numerals --ambiguous 12 1`
|
|
|
|
|
+echo 'root:$pass' | chpasswd
|
|
|
|
|
+echo -e "\e[1;33;4;44mPassword for the user root: $pass\e[0m"
|
|
|
|
|
|
|
|
# Harden SSHD
|
|
# Harden SSHD
|
|
|
echo AllowUsers admin >> /etc/ssh/sshd_config
|
|
echo AllowUsers admin >> /etc/ssh/sshd_config
|
|
@@ -192,8 +205,6 @@ journalctl --boot --priority=3 --no-pager
|
|
|
EOL
|
|
EOL
|
|
|
chmod 755 /etc/update-motd.d/15-boot-errors
|
|
chmod 755 /etc/update-motd.d/15-boot-errors
|
|
|
|
|
|
|
|
-
|
|
|
|
|
-
|
|
|
|
|
# Leave chroot
|
|
# Leave chroot
|
|
|
exit
|
|
exit
|
|
|
}
|
|
}
|
|
@@ -249,7 +260,7 @@ case $1 in
|
|
|
postinstall
|
|
postinstall
|
|
|
;;
|
|
;;
|
|
|
unmount)
|
|
unmount)
|
|
|
- echo "Unmount chroot"
|
|
|
|
|
|
|
+ echo "Unmount chroot, e.g. in case installation fails"
|
|
|
unmount
|
|
unmount
|
|
|
;;
|
|
;;
|
|
|
*)
|
|
*)
|
