logan/touchprint
1
0
Fork 0
Code Issues 2 Pull requests Releases 2 Wiki Activity
touchprint/stage2/01-sys-tweaks/01-run.sh

84 lines
2.3 KiB
Bash
Raw Normal View History

Changed shebangs to be portable I did this because hardcoding /bin/bash is generally not good practice
2020-09-03 03:20:38 -04:00
#!/usr/bin/env bash
set -e
Initial commit
2020-08-17 19:54:31 -04:00
install -m 755 files/resize2fs_once "${ROOTFS_DIR}/etc/init.d/"
install -d "${ROOTFS_DIR}/etc/systemd/system/rc-local.service.d"
install -m 644 files/ttyoutput.conf "${ROOTFS_DIR}/etc/systemd/system/rc-local.service.d/"
install -m 644 files/50raspi "${ROOTFS_DIR}/etc/apt/apt.conf.d/"
install -m 644 files/console-setup "${ROOTFS_DIR}/etc/default/"
install -m 755 files/rc.local "${ROOTFS_DIR}/etc/"
Merge pigen to master
2020-09-09 10:12:53 -04:00
if [ -n "${PUBKEY_SSH_FIRST_USER}" ]; then
install -v -m 0700 -o 1000 -g 1000 -d "${ROOTFS_DIR}"/home/"${FIRST_USER_NAME}"/.ssh
echo "${PUBKEY_SSH_FIRST_USER}" >"${ROOTFS_DIR}"/home/"${FIRST_USER_NAME}"/.ssh/authorized_keys
chown 1000:1000 "${ROOTFS_DIR}"/home/"${FIRST_USER_NAME}"/.ssh/authorized_keys
chmod 0600 "${ROOTFS_DIR}"/home/"${FIRST_USER_NAME}"/.ssh/authorized_keys
fi
if [ "${PUBKEY_ONLY_SSH}" = "1" ]; then
sed -i -Ee 's/^#?[[:blank:]]*PubkeyAuthentication[[:blank:]]*no[[:blank:]]*$/PubkeyAuthentication yes/
s/^#?[[:blank:]]*PasswordAuthentication[[:blank:]]*yes[[:blank:]]*$/PasswordAuthentication no/' "${ROOTFS_DIR}"/etc/ssh/sshd_config
fi
Initial commit
2020-08-17 19:54:31 -04:00
on_chroot << EOF
systemctl disable hwclock.sh
systemctl disable nfs-common
systemctl disable rpcbind
if [ "${ENABLE_SSH}" == "1" ]; then
systemctl enable ssh
else
systemctl disable ssh
fi
systemctl enable regenerate_ssh_host_keys
EOF
if [ "${USE_QEMU}" = "1" ]; then
echo "enter QEMU mode"
install -m 644 files/90-qemu.rules "${ROOTFS_DIR}/etc/udev/rules.d/"
on_chroot << EOF
systemctl disable resize2fs_once
EOF
echo "leaving QEMU mode"
else
on_chroot << EOF
systemctl enable resize2fs_once
EOF
fi
on_chroot <<EOF
for GRP in input spi i2c gpio; do
groupadd -f -r "\$GRP"
done
for GRP in adm cdrom audio users sudo video games plugdev input gpio spi i2c netdev; do
adduser $FIRST_USER_NAME \$GRP
done
for GRP in dialout plugdev video users; do
adduser octoprint \$GRP
done
The frontend has now been secured far better. It now uses its own user account with limited permissions. Openbox's menu also does not allow the user to open potentially dangerous programs anymore. OctoPrint account no longer randomizes its password as it is more secure to have it not have one at all. Condensed Nginx listening address interpreter. Frontend check to see if Nginx and OctoPrint has been improved. It should now be reliable. Added touchscreen calibration. Octo-config service menu is now deeper, which results in a cleaner interface. Octo-config now has a somewhat crude system health checking menu. MJPG's resolution and framerate can now be configured. Updated TODO
2020-08-25 00:01:52 -04:00
for GRP in users; do
adduser kiosk \$GRP
done
Initial commit
2020-08-17 19:54:31 -04:00
EOF
on_chroot << EOF
setupcon --force --save-only -v
EOF
on_chroot << EOF
usermod --pass='*' root
EOF
rm -f "${ROOTFS_DIR}/etc/ssh/"ssh_host_*_key*
rm -f "${ROOTFS_DIR}/etc/sudoers.d/010_pi-nopasswd" # Fuck you :)
echo "%sudo ALL=(ALL:ALL) ALL" > ${ROOTFS_DIR}/etc/sudoers.d/group
on_chroot << EOF
echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean true | debconf-set-selections
dpkg-reconfigure -f noninteractive unattended-upgrades
EOF
Reference in a new issue Copy permalink