Patrick_Pluto/linux-deployment-scripts
1
0
Fork 0
Code Pull requests Activity

additions for ca deployment

Browse source
This commit is contained in:
Patrick 2024-11-14 15:22:39 +01:00
parent 19c974e083
commit 17b3c47d2a
15 changed files with 67 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
configs/debian/bookworm_gnome.json
View file

@ -7,6 +7,8 @@
"replace_repositories": "False",
"keyrings": [],
"packages": "grub-pc linux-image-amd64 task-gnome-desktop live-task-standard",
"create_ca": "False",
"preinstall_scripts": [],
"scripts": [
"configs/scripts/install.sh",
"configs/scripts/user.sh"

2
configs/debian/bookworm_kde.json
View file

@ -7,6 +7,8 @@
"replace_repositories": "False",
"keyrings": [],
"packages": "grub-pc linux-image-amd64 task-kde-desktop live-task-standard",
"create_ca": "False",
"preinstall_scripts": [],
"scripts": [
"configs/scripts/install.sh",
"configs/scripts/user.sh"

2
configs/debian/bookworm_lxqt.json
View file

@ -7,6 +7,8 @@
"replace_repositories": "False",
"keyrings": [],
"packages": "grub-pc linux-image-amd64 task-lxqt-desktop live-task-standard",
"create_ca": "False",
"preinstall_scripts": [],
"scripts": [
"configs/scripts/install.sh",
"configs/scripts/user.sh"

2
configs/debian/bookworm_mate.json
View file

@ -7,6 +7,8 @@
"replace_repositories": "False",
"keyrings": [],
"packages": "grub-pc linux-image-amd64 task-mate-desktop live-task-standard",
"create_ca": "False",
"preinstall_scripts": [],
"scripts": [
"configs/scripts/install.sh",
"configs/scripts/user.sh"

4
configs/debian/bookworm_server.json
View file

@ -7,6 +7,10 @@
"replace_repositories": "False",
"keyrings": [],
"packages": "nginx grub-pc linux-image-amd64 docker.io make curl openssl nano",
"create_ca": "True",
"preinstall_scripts": [
"configs/scripts/ca.sh"
],
"scripts": [
"configs/scripts/install.sh",
"configs/scripts/server.sh"

2
configs/debian/bookworm_xfce.json
View file

@ -7,6 +7,8 @@
"replace_repositories": "False",
"keyrings": [],
"packages": "grub-pc linux-image-amd64 task-xfce-desktop live-task-standard",
"create_ca": "False",
"preinstall_scripts": [],
"scripts": [
"configs/scripts/install.sh",
"configs/scripts/user.sh"

20
configs/scripts/ca.sh Executable file
View file

@ -0,0 +1,20 @@
#!/bin/bash
# This file is part of VM-Experiments.
# Licensed under the GPL-3.0-or-later. See LICENSE for details.
trap '' SIGINT SIGTERM
rm /etc/nginx/sites-enabled/default
tar -xzf /root/deployment.tar.gz -C /root
openssl genrsa -out /root/ca.key 2048
chmod 400 /root/ca.key
mkdir -p /etc/ssl/certs/
mkdir -p /etc/ssl/private/
openssl req -x509 -new -nodes -key /root/ca.key -sha256 -days 1024 -out /etc/ssl/certs/ca.crt -subj '/C=CH/ST=Zurich/L=Zurich/O=InterstellarNet/OU=NONE/CN=INTERSTELLAR'
cp /etc/ssl/certs/ca.crt /root
cp /etc/ssl/certs/ca.crt /usr/local/share/ca-certificates/
chown -R www-data:www-data /etc/ssl/private/
chown -R www-data:www-data /etc/ssl/certs/
chmod 600 -R /etc/ssl/private/
chmod 644 -R /etc/ssl/certs/ca.crt
update-ca-certificates

17
configs/scripts/server.sh
View file

@ -21,20 +21,3 @@ while true; do
break
fi
done
rm /mnt/etc/nginx/sites-enabled/default
tar -xzf deployment.tar.gz -C '/mnt/root'
chroot /mnt /bin/bash -c "cd root && openssl genrsa -out ca.key 2048"
chmod 400 /mnt/root/ca.key
mkdir -p /mnt/etc/ssl/certs/
mkdir -p /mnt/etc/ssl/private/
chroot /mnt /bin/bash -c "openssl req -x509 -new -nodes -key /root/ca.key -sha256 -days 1024 -out /etc/ssl/certs/ca.crt -subj '/C=CH/ST=Zurich/L=Zurich/O=InterstellarNet/OU=NONE/CN=INTERSTELLAR'"
cp /mnt/etc/ssl/certs/ca.crt /mnt/root
cp /mnt/etc/ssl/certs/ca.crt /mnt/usr/local/share/ca-certificates/
chroot /mnt /bin/bash -c "chown -R www-data:www-data /etc/ssl/private/"
chroot /mnt /bin/bash -c "chown -R www-data:www-data /etc/ssl/certs/"
chmod 600 -R /mnt/etc/ssl/private/
chmod 644 -R /mnt/etc/ssl/certs/ca.crt
chroot /mnt /bin/bash -c "update-ca-certificates"
read a

2
configs/ubuntu/noble_gnome.json
View file

@ -7,6 +7,8 @@
"replace_repositories": "False",
"keyrings": [],
"packages": "grub-pc linux-image-generic ubuntu-desktop",
"create_ca": "False",
"preinstall_scripts": [],
"scripts": [
"configs/scripts/install.sh",
"configs/scripts/user.sh"

2
configs/ubuntu/noble_kde.json
View file

@ -7,6 +7,8 @@
"replace_repositories": "False",
"keyrings": [],
"packages": "grub-pc linux-image-generic kubuntu-desktop",
"create_ca": "False",
"preinstall_scripts": [],
"scripts": [
"configs/scripts/install.sh",
"configs/scripts/user.sh"

2
configs/ubuntu/noble_lxqt.json
View file

@ -7,6 +7,8 @@
"replace_repositories": "False",
"keyrings": [],
"packages": "grub-pc linux-image-generic lubuntu-desktop",
"create_ca": "False",
"preinstall_scripts": [],
"scripts": [
"configs/scripts/install.sh",
"configs/scripts/user.sh"

2
configs/ubuntu/noble_mate.json
View file

@ -7,6 +7,8 @@
"replace_repositories": "False",
"keyrings": [],
"packages": "grub-pc linux-image-generic ubuntu-mate-desktop",
"create_ca": "False",
"preinstall_scripts": [],
"scripts": [
"configs/scripts/install.sh",
"configs/scripts/user.sh"

4
configs/ubuntu/noble_server.json
View file

@ -7,6 +7,10 @@
"replace_repositories": "False",
"keyrings": [],
"packages": "nginx grub-pc linux-image-generic docker.io make curl openssl nano",
"create_ca": "True",
"preinstall_scripts": [
"configs/scripts/ca.sh"
],
"scripts": [
"configs/scripts/install.sh",
"configs/scripts/server.sh"

2
configs/ubuntu/noble_xfce.json
View file

@ -7,6 +7,8 @@
"replace_repositories": "False",
"keyrings": [],
"packages": "grub-pc linux-image-generic xubuntu-desktop",
"create_ca": "False",
"preinstall_scripts": [],
"scripts": [
"configs/scripts/install.sh",
"configs/scripts/user.sh"

26
main.py
View file

@ -100,9 +100,6 @@ def rootfs_package(identifier, scripts, extra_files):
command(f"echo 'reboot' | sudo tee -a '{chroot}/root/.profile'")
command(f"echo 'reboot' | sudo tee -a '{chroot}/root/.bashrc'")
for extra_file in extra_files:
command(f"sudo cp '{extra_file}' '{chroot}/root'")
if shutil.which("grub-mkrescue"):
command(f"sudo grub-mkrescue -o '{outfile}' '{chroot}'")
elif shutil.which("grub2-mkrescue"):
@ -120,6 +117,8 @@ def download_rootfs_prepare(
replace_repositories,
keyrings,
identifier,
create_ca,
preinstall_scripts,
scripts,
package_manager,
extra_files,
@ -138,6 +137,8 @@ def debootstrap_rootfs_prepare(
replace_repositories,
keyrings,
identifier,
create_ca,
preinstall_scripts,
scripts,
package_manager,
extra_files,
@ -160,6 +161,8 @@ def apt_rootfs_prepare(
keyrings,
packages,
identifier,
create_ca,
preinstall_scripts,
scripts,
extra_files,
):
@ -177,10 +180,15 @@ def apt_rootfs_prepare(
do_chroot_command(f"echo '{repository}' >/etc/apt/sources.list")
overwritten + True
for keyring in keyrings:
do_chroot_command(f"wget {keyring["download"]}")
do_chroot_command(f"dpkg -i {keyring["name"]}")
do_chroot_command(f"rm {keyring["name"]}")
for preinstall_script in preinstall_scripts:
command(f"sudo mv {preinstall_script} {chroot}/root")
do_chroot_command(f"cd root && ./{preinstall_script}")
if create_ca:
command(f"sudo cp {chroot}/etc/ssl/certs/ca.crt {output}")
for extra_file in extra_files:
command(f"sudo cp '{extra_file}' '{chroot}/root'")
do_chroot_command("apt update -y")
do_chroot_command("apt full-upgrade -y")
@ -244,6 +252,8 @@ def main():
scripts = data["scripts"]
package_manager = data["package_manager"]
extra_files = data["extra_files"]
create_ca = bool(data["create_ca"])
preinstall_scripts = data["preinstall_scripts"]
match rootfs_type:
case "download":
@ -255,6 +265,8 @@ def main():
replace_repositories,
keyrings,
identifier,
create_ca,
preinstall_scripts,
scripts,
package_manager,
extra_files,