diff --git a/stage1/01-sys-tweaks/00-run.sh b/stage1/01-sys-tweaks/00-run.sh index f65334f..5331560 100755 --- a/stage1/01-sys-tweaks/00-run.sh +++ b/stage1/01-sys-tweaks/00-run.sh @@ -13,7 +13,7 @@ if ! id -u ${FIRST_USER_NAME} >/dev/null 2>&1; then adduser --disabled-password --gecos "" ${FIRST_USER_NAME} fi if ! id -u octoprint >/dev/null 2>&1; then - adduser --disabled-password --gecos "" octoprint + adduser --system --shell /usr/sbin/nologin --disabled-password --gecos "" octoprint fi echo "${FIRST_USER_NAME}:${FIRST_USER_PASS}" | chpasswd echo "octoprint:$(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c20)" | chpasswd diff --git a/stage2/04-octoprint/01-run.sh b/stage2/04-octoprint/01-run.sh index b0def11..004933a 100755 --- a/stage2/04-octoprint/01-run.sh +++ b/stage2/04-octoprint/01-run.sh @@ -1,8 +1,12 @@ #!/bin/bash -e install -m 644 files/octoprint.service ${ROOTFS_DIR}/etc/systemd/system/octoprint.service +install -m 644 files/first-time.service ${ROOTFS_DIR}/etc/systemd/system/first-time.service +install -m 755 files/first-time.sh ${ROOTFS_DIR}/usr/local/bin/first-time.sh on_chroot << EOF +systemctl set-default multi-user.target +systemctl enable first-time if ! pip list | grep -F octoprint; then if [ -d /home/octoprint ]; then cd /home/octoprint || exit 1 diff --git a/stage2/04-octoprint/files/first-time.service b/stage2/04-octoprint/files/first-time.service new file mode 100644 index 0000000..060cea3 --- /dev/null +++ b/stage2/04-octoprint/files/first-time.service @@ -0,0 +1,10 @@ +[Unit] +Description=Raspberry Pi first time setup + +[Service] +Type=simple +ExecStart=/usr/local/bin/first-time.sh + +[Install] +WantedBy=multi-user.target + diff --git a/stage2/04-octoprint/files/first-time.sh b/stage2/04-octoprint/files/first-time.sh new file mode 100755 index 0000000..6f6f3a2 --- /dev/null +++ b/stage2/04-octoprint/files/first-time.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +change_password () { + local PASSWORD="$(whiptail --title "Change Password" --passwordbox "Enter new password for user \"pi\"" 10 50 3>&1 1>&2 2>&3)" + if [[ $? != 0 ]]; then return 1; fi + if [[ "$PASSWORD" == "raspberry" ]]; then + whiptail --title "Change Password" --msgbox "That password sucks. Please use a different one :)" 10 50 + change_password + return 0 + fi + if [[ "$(whiptail --passwordbox "Confirm new password for user \"pi\"" 10 50 3>&1 1>&2 2>&3)" == "$PASSWORD" ]]; then + if [[ $? != 0 ]]; then return 1; fi + echo -e "$PASSWORD\n$PASSWORD" | passwd pi + else + whiptail --title "Change Password" --msgbox "Passwords did not match!" 10 50 + change_password + return 0 + fi + local OCTOPASS="$(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c20)" + echo -e "$OCTOPASS\n$OCTOPASS" | passwd octoprint + local ROOTPASS="$(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c20)" + echo -e "$ROOTPASS\n$ROOTPASS" | passwd root + unset OCTOPASS + unset ROOTPASS + unset PASSWORD +} + +service_select () { + local SERVICE_MENU=$(whiptail --title "Select services" --checklist "Enable/disable services" 0 0 0 \ + "OctoPrint" "" ON \ + "GUI" "" ON \ + "SSH" "" OFF 3>&1 1>&2 2>&3) + SERVICE_MENU=($SERVICE_MENU) + + for i in "${SERVICE_MENU[@]}"; do + case $i in + "OctoPrint") systemctl enable octoprint ;; + "GUI") systemctl set-default graphical.target ;; + "SSH") + ssh-keygen -A + systemctl enable sshd ;; + esac + done +} + +nmtui +configure_password || exit 1 +service_select || exit 1 +systemctl disable first-time || exit 1 +rm /etc/systemd/system/first-time.service +reboot +