-
Notifications
You must be signed in to change notification settings - Fork 2
/
bootstrap.sh
executable file
·70 lines (57 loc) · 2.15 KB
/
bootstrap.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#!/bin/bash
set -euxo pipefail
SCRIPT_PATH="$(realpath -s "${BASH_SOURCE[0]}")"
SCRIPT_DIR="$(dirname "$SCRIPT_PATH")"
# allow passwordless sudo for robot
echo "robot ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/robot
# stop sudo from doing a DNS lookup -- ensures executables can be run when network is down
echo -e "Defaults\t!fqdn" >> /etc/sudoers
# install sling.service, set permissions
mv /usr/local/bin/sling.service /usr/local/bin/panel.service /etc/systemd/system/
chmod 644 /etc/systemd/system/sling.service /etc/systemd/system/panel.service
systemctl enable sling.service panel.service
# set permissions to our executables
chmod 755 /usr/local/bin/uuidtob62
chmod 755 /usr/local/bin/sling /usr/local/bin/sinter_host /usr/local/bin/start-sling.sh
# disable systemd-resolved
systemctl disable systemd-resolved.service
# add sling data directory
mkdir -p /var/lib/sling
chmod 755 /var/lib/sling
chown robot:robot /var/lib/sling
# install uuidgen
cd /dev/shm
curl -LO http://archive.debian.org/debian/pool/main/u/util-linux/uuid-runtime_2.29.2-1+deb9u1_armel.deb
curl -LO http://archive.debian.org/debian/pool/main/b/busybox/busybox-static_1.22.0-19+b3_armel.deb
dpkg -i uuid-runtime_2.29.2-1+deb9u1_armel.deb
dpkg -i busybox-static_1.22.0-19+b3_armel.deb
systemctl disable uuidd.socket
rm uuid-runtime_2.29.2-1+deb9u1_armel.deb busybox-static_1.22.0-19+b3_armel.deb
# Set up first-boot items:
# - Install RTL8811CU drivers
# - Disable SSH
# - Disable Webserver
# - Reset to a random login password
# - Reboot
sed -e '/^\s*;;$/{i \
depmod\
systemctl disable ssh\
echo 0 > /srv/www/cgi-bin/.enable\
NEWPASS=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 6)\
echo "$NEWPASS\n$NEWPASS" | passwd robot\
reboot' \
-e ':a;n;ba}' -i /etc/init.d/firstboot
# make journald log to memory only
cat <<EOF > /etc/systemd/journald.conf
[Journal]
Storage=volatile
RuntimeMaxUse=4M
EOF
# make cgi-bin
mkdir -p /srv/www/cgi-bin
mv /usr/local/bin/show-secret.sh /srv/www/cgi-bin/index.cgi
mv /usr/local/bin/show-qr.sh /srv/www/cgi-bin/qr.cgi
chmod 755 /srv/www/cgi-bin/index.cgi
chmod 755 /srv/www/cgi-bin/qr.cgi
# delete ourselves
rm -f "$SCRIPT_PATH"