diff --git a/README.md b/README.md index 9eb6082..735c53a 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,7 @@ Contains the files which defines the PXE menu. The [first one][main menu.cfg] wi #### config/debian/menu.cfg 1. Provide PXE entries for : * Debian Bookworm (Stable) amd64 with additional firmwares (see [make_debian_initrd_with_firmware.sh][debian initrd with firmware script] script). + * Debian Bookworm (Stable) amd64 with additional firmwares and preseed file. * Debian Bullseye (oldStable) amd64 with additional firmwares (see [make_debian_initrd_with_firmware.sh][debian initrd with firmware script] script). * Debian Bullseye (oldStable) amd64 with additional firmwares and preseed file. * Debian Bullseye (oldStable) amd64 for compute nodes with preseed. diff --git a/config/debian/menu.cfg b/config/debian/menu.cfg index 8db3a0a..c56fd40 100644 --- a/config/debian/menu.cfg +++ b/config/debian/menu.cfg @@ -4,6 +4,10 @@ label stableFirmware menu label ^Debian Bookworm amd64 Firmwares kernel installer/debian/bookworm/amd64/linux append vga=normal initrd=installer/debian/bookworm/amd64/initrd_firm.xz -- quiet +label stableAuto + menu label Debian ^Bookworm amd64 PRESEED + kernel installer/debian/bookworm/amd64/linux + append vga=normal initrd=installer/debian/bookworm/amd64/initrd_firm.xz auto=true interface=auto netcfg/dhcp_timeout=60 netcfg/choose_interface=auto priority=critical preseed/url=tftp://129.20.203.27/preseed/debian/bookworm/preseed.cfg label separator menu label --- diff --git a/preseed/debian/bookworm/preseed.cfg b/preseed/debian/bookworm/preseed.cfg new file mode 100644 index 0000000..3ed9adc --- /dev/null +++ b/preseed/debian/bookworm/preseed.cfg @@ -0,0 +1,425 @@ +# .. vim: foldmarker=[[[,]]]:foldmethod=marker +# +### Howto use [[[ +###################################################################### + +# Inspired from https://www.debian.org/releases/bookworm/example-preseed.txt +# For more details about all parameters, see projects under Debian installer: +# https://salsa.debian.org/installer-team + +## With a PXE boot: +#label bookworm +# menu label Debian GNU/Linux Book^worm 64 bits WITH PRESEED +# kernel installer/debian/bookworm/amd64/linux +# IPAPPEND 2 +# APPEND vga=normal initrd=installer/debian/bookworm/amd64/initrd_firm.gz auto=true interface=auto netcfg/dhcp_timeout=60 netcfg/choose_interface=auto priority=critical preseed/url=tftp://129.20.203.27/installer/debian/bookworm/amd64/preseed.cfg + +################################################################## ]]] +### Localization [[[ +###################################################################### + +## Install Time +# Preseeding only locale sets language, country and locale. +#d-i debian-installer/locale string en_US + +# The values can also be preseeded individually for greater flexibility. +d-i debian-installer/language string en +d-i debian-installer/country string FR +d-i debian-installer/locale select en_US.UTF-8 +d-i debian-installer/fallbacklocale select en_US.UTF-8 +# Optionally specify additional locales to be generated. +d-i localechooser/supported-locales multiselect fr_FR.UTF-8 +# Choose the language to be used for the installation process. The selected +# language will also be the default language for the installed system. +d-i localechooser/languagelist select en + +## Choose keyboard configuration +d-i console-tools/archs string skip-config +d-i console-keymaps-at/keymap select fr-latin9 +d-i keyboard-configuration/xkb-keymap select French + +################################################################## ]]] +### Network configuration [[[ +###################################################################### + +# Auto-configure networking +d-i netcfg/use_autoconfig boolean true + +# To set a different link detection timeout (default is 3 seconds). +# Values are interpreted as seconds. +d-i netcfg/link_detection_timeout string 20 +d-i netcfg/link_wait_timeout string 3 + +# If you have a slow dhcp server and the installer times out waiting for +# it, this might be useful. +d-i netcfg/dhcp_timeout string 60 +d-i netcfg/dhcpv6_timeout string 1 + +# Any hostname and domain names assigned from dhcp take precedence over +# values set here. However, setting the values still prevents the questions +# from being shown, even if values come from dhcp. +d-i netcfg/get_hostname string unassigned-hostname +d-i netcfg/get_domain string unassigned-domain + +# Disable that annoying WEP key dialog. +d-i netcfg/wireless_wep string + +# If you want to completely disable firmware lookup (i.e. not use firmware +# files or packages that might be available on installation images): +#d-i hw-detect/firmware-lookup string never + +# If non-free firmware is needed for the network or other hardware, you can +# configure the installer to always try to load it, without prompting. Or +# change to false to disable asking. +d-i hw-detect/load_firmware boolean true + +################################################################## ]]] +### Network console [[[ +###################################################################### + +# Use the following settings if you wish to make use of the network-console +# component for remote installation over SSH. This only makes sense if you +# intend to perform the remainder of the installation manually. +#d-i anna/choose_modules string network-console +#d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key +#d-i network-console/password password r00tme +#d-i network-console/password-again password r00tme + +################################################################## ]]] +### Mirror settings [[[ +###################################################################### + +# Mirror +# Usually, deb.debian.org is a good choice +d-i mirror/country string FR +d-i mirror/http/hostname string deb.debian.org +d-i mirror/http/directory string /debian/ +d-i mirror/http/proxy string +d-i mirror/http/mirror string deb.debian.org +# Suite to install. +d-i mirror/suite string +# Suite to use for loading installer components (optional). +#d-i mirror/udeb/suite string testing + +################################################################## ]]] +### Account setup [[[ +###################################################################### + +# Enable shadow passwords +d-i passwd/shadow boolean true + +# Allow root login +# If skipping creation of a root account, normal user account will be able to use sudo. +d-i passwd/root-login boolean true + +# Root password, either in clear text +#d-i passwd/root-password password r00tme +#d-i passwd/root-password-again password r00tme +# …or encrypted with {MD5, SHA512, …) hash +d-i passwd/root-password-crypted password $6$ceGTxMxc$gXajYByJna1cfTjaST3TcF0FfrlSAaEcmCiOMq/DBOuD0tlu8VYQosZPgwcFT4bCuODMErU/fgRxZEeu9c10V0 + +# Skip creation of a normal user account +d-i passwd/make-user boolean false + +# To create a normal user account. +#d-i passwd/user-fullname string bob +#d-i passwd/username string bob +# Normal user's password, either in clear text +#d-i passwd/user-password password insecure +#d-i passwd/user-password-again password insecure +# …or encrypted with {MD5, SHA512, …) hash +#d-i passwd/user-password-crypted password $1$098f6bcd4621d373cade4e832627b4f6 +# Create the first user with the specified UID instead of the default. +#d-i passwd/user-uid string 1010 + +# The user account will be added to some standard initial groups. To +# override that, use this. +#d-i passwd/user-default-groups string audio cdrom video + +################################################################## ]]] +### Clock and time zone setup [[[ +###################################################################### + +# Controls whether or not the hardware clock is set to UTC. +d-i clock-setup/utc boolean true + +# You may set this to any valid setting for $TZ; see the contents of +# /usr/share/zoneinfo/ for valid values. +d-i time/zone string Europe/Paris + +# Controls whether to use NTP to set the clock during the install +d-i clock-setup/ntp boolean true +# NTP server to use. The default is almost always fine here. +d-i clock-setup/ntp-server string 0.debian.pool.ntp.org + +################################################################## ]]] +### Disk Partitioning/Boot loader [[[ +###################################################################### + +# If the system has only one disk the installer will default to using it. +# Otherwise, the device name must be given +d-i partman-auto/disk string /dev/nvme0n1 /dev/sda /dev/vda + +d-i partman-auto/init_automatically_partition select custom + +# Specify the method to use +# - regular: use the usual partition types for the architecture +# - lvm: use LVM to partition the disk +# - crypto: use LVM within an encrypted partition +d-i partman-auto/method string lvm + +# You can define the amount of space that will be used for the LVM volume +# group. It can either be a size with its unit (eg. 20 GB), a percentage of +# free space or the 'max' keyword. +d-i partman-auto-lvm/guided_size string max + +# If one of the disks that are going to be automatically partitioned +# contains an old LVM configuration, the user will normally receive a +# warning. This can be preseeded away… +d-i partman-lvm/device_remove_lvm boolean true +# The same applies to pre-existing software RAID array: +#d-i partman-md/device_remove_md boolean true +# And the same goes for the confirmation to write the lvm partitions. +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true + +# Continue installation without /boot partition ? +# Useful for some expert recipe +d-i partman-auto-lvm/no_boot boolean false + +# Name of the volume group for the new system +d-i partman-auto-lvm/new_vg_name string sys + +# LVM partition +# This recipe need almost 30Gb free space. +d-i partman-auto/expert_recipe string \ + boot-root :: \ + 300 200000 500 ext3 \ + $primary{ } $bootable{ } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext3 } \ + label{ boot } \ + mountpoint{ /boot } \ + . \ + 16000 100000 -1 ext4 \ + $defaultignore{ } \ + $primary{ } \ + method{ lvm } \ + vg_name{ sys } \ + . \ + 1000 8000 2000 ext4 \ + $lvmok{ } \ + in_vg{ sys } lv_name{ lv_root } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + label{ root } \ + mountpoint{ / } \ + . \ + 4000 7000 10000 ext4 \ + $lvmok{ } \ + in_vg{ sys } lv_name{ lv_usr } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + options/nodev{ nodev } \ + label{ usr } \ + mountpoint{ /usr } \ + . \ + 4000 6000 8000 ext4 \ + $lvmok{ } \ + in_vg{ sys } lv_name{ lv_var } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + options/nodev{ nodev } \ + label{ var } \ + mountpoint{ /var } \ + . \ + 1000 5000 2000 ext4 \ + $lvmok{ } \ + in_vg{ sys } lv_name{ lv_tmp } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + options/nodev{ nodev } \ + options/nosuid{ nosuid } \ + label{ tmp } \ + mountpoint{ /tmp } \ + . \ + 2000 4000 3000 ext4 \ + $lvmok{ } \ + in_vg{ sys } lv_name{ lv_home } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + options/nodev{ nodev } \ + label{ home } \ + mountpoint{ /home } \ + . \ + 512 3000 2000 ext4 \ + $lvmok{ } \ + in_vg{ sys } lv_name{ lv_srv } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + options/nodev{ nodev } \ + label{ srv } \ + mountpoint{ /srv } \ + . \ + 512 2000 4000 ext4 \ + $lvmok{ } \ + in_vg{ sys } lv_name{ lv_opt } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + label{ opt } \ + mountpoint{ /opt } \ + . \ + 512 1000 100% linux-swap \ + $lvmok{ } \ + in_vg{ sys } lv_name{ lv_swap } \ + method{ swap } format{ } \ + . \ + 100 100 -1 ext3 \ + $lvmok{ } \ + in_vg{ sys } lv_name{ lv_free } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext3 } \ + label{ free } \ + mountpoint{ /mnt/free } \ + . +# Need to put all free space in a temp logical volume/partition +# Otherwise it's the last partition which get all free space + +# Allow to not set a swap partition +#d-i partman-basicfilesystems/no_swap boolean false + +# Return to menu if no mount point is assigned to a filesystem +d-i partman-basicfilesystems/no_mount_point boolean false + +# This makes partman automatically partition without confirmation. +# that you told it what to do using one of the methods above. +d-i partman-md/confirm boolean true +d-i partman/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + +################################################################## ]]] +### Base system installation [[[ + +# The kernel image (meta) package to be installed; "none" can be used if no +# kernel is to be installed. +d-i base-installer/kernel/image select linux-image-amd64 + +# Drivers to include in the initrd +# - most: include all available drivers +# - dep: only include drivers needed for this system +d-i base-installer/initramfs-tools/driver-policy select most + +################################################################## ]]] +### Apt setup [[[ +###################################################################### + +# Choose, if you want to scan additional installation media +d-i apt-setup/cdrom/set-first boolean false +d-i apt-setup/cdrom/set-double boolean false +d-i apt-setup/cdrom/set-next boolean false +d-i apt-setup/cdrom/set-failed boolean false + +# You can choose to install non-free firmware. +#d-i apt-setup/non-free-firmware boolean true +# You can choose to install non-free and contrib software. +d-i apt-setup/non-free boolean true +d-i apt-setup/contrib boolean true + +# Use a network mirror +# Set to false for an offline installation +d-i apt-setup/use_mirror boolean true + +# Select which update services to use; define the mirrors to be used. +d-i apt-setup/services-select multiselect security + +################################################################## ]]] +### Package selection [[[ +###################################################################### +# Choose packages +tasksel tasksel/first multiselect ssh-server + +# Or choose to not get the tasksel dialog displayed at all (and don't install +# any packages): +#d-i pkgsel/run_tasksel boolean false + +# Individual additional packages to install +# - tftp-hpa: to download an archive (see preseed/late_command at the end of this file) +d-i pkgsel/include string tftp-hpa + +## Whether to upgrade packages after debootstrap. +### Allowed values: none, safe-upgrade, full-upgrade +d-i pkgsel/upgrade select full-upgrade + +## Participate to Popularity Contest (disable for an unconnected server) +d-i popularity-contest/participate boolean true +popularity-contest popularity-contest/participate boolean true + +################################################################## ]]] +### Boot loader installation [[[ +###################################################################### + +# Grub is the boot loader (for x86). + +# This is fairly safe to set, it makes grub install automatically to the UEFI +# partition/boot record if no other operating system is detected on the machine. +d-i grub-installer/only_debian boolean true + +# This one makes grub-installer install to the MBR partition/boot record, if +# it also finds some other OS, which is less safe as it might not be able to +# boot that other OS. +d-i grub-installer/with_other_os boolean true + +# Due notably to potential USB sticks, the location of the primary drive can +# not be determined safely in general, so this needs to be specified: +#d-i grub-installer/bootdev string /dev/sda +# To install to the primary device (assuming it is not a USB stick): +d-i grub-installer/bootdev string default + +# Force GRUB installation to the EFI removable media path? +d-i grub-installer/force-efi-extra-removable boolean false + +################################################################## ]]] +### Finishing up the installation [[[ +###################################################################### + +# Avoid that last message about the install being complete. +d-i finish-install/reboot_in_progress note + +# This will prevent the installer from ejecting the CD during the reboot, +# which is useful in some situations. +d-i cdrom-detect/eject boolean false + +# This is how to make the installer shutdown when finished, but not +# reboot into the installed system. +#d-i debian-installer/exit/halt boolean true +# This will power off the machine instead of just halting it. +#d-i debian-installer/exit/poweroff boolean true +################################################################## ]]] +### Advanced options [[[ +###################################################################### +# This command is run just before the install finishes, but when there is +# still a usable /target directory. You can chroot to /target and use it +# directly, or use the apt-install and in-target commands to easily install +# packages and run commands in the target system. + +#in-target wget -O /tmp/latecommand.tar.gz "https://wiki.101010.fr/lib/exe/fetch.php?media=documentation:administration_systeme:latecommand.tar.gz" --no-check-certificate ; \ +# 1. Umount and remove temp lvm lv_free +# 2. Allow root connections with SSH +# 3. Download and run a post.bookworm.sh script +# TODO: PROD +#d-i preseed/late_command string in-target umount /dev/sys/lv_free ; \ +#lvremove -f /dev/sys/lv_free ; \ +#in-target /bin/rmdir /mnt/free ; in-target /bin/sed -i '/lv_free/d' /etc/fstab ; \ +#in-target /bin/sed -i 's/\(^\|^\#\)\(PermitRootLogin\).*/\2 yes/g' /etc/ssh/sshd_config ; \ +#in-target /usr/bin/tftp 129.20.203.27 -c get scripts/latecommand.tar.gz /tmp/latecommand.tar.gz ; \ +#in-target tar xzf /tmp/latecommand.tar.gz -C /tmp/ ; \ +#in-target /bin/sh /tmp/latecommand/post.bookworm.sh + +# TODO: DEV +d-i preseed/late_command string in-target umount /dev/sys/lv_free ; \ +lvremove -f /dev/sys/lv_free ; \ +in-target /bin/rmdir /mnt/free ; in-target /bin/sed -i '/lv_free/d' /etc/fstab ; \ +in-target /bin/sed -i 's/\(^\|^\#\)\(PermitRootLogin\).*/\2 yes/g' /etc/ssh/sshd_config ; +################################################################## ]]] diff --git a/scripts/latecommand.tar.gz b/scripts/latecommand.tar.gz index 6efebe0..f5291a9 100644 Binary files a/scripts/latecommand.tar.gz and b/scripts/latecommand.tar.gz differ diff --git a/scripts/latecommand/old/buster/etc/apt/apt.conf.d/25no-recommends.conf b/scripts/latecommand/bookworm/etc/apt/apt.conf.d/25no-recommends.conf similarity index 100% rename from scripts/latecommand/old/buster/etc/apt/apt.conf.d/25no-recommends.conf rename to scripts/latecommand/bookworm/etc/apt/apt.conf.d/25no-recommends.conf diff --git a/scripts/latecommand/bookworm/etc/apt/sources.list b/scripts/latecommand/bookworm/etc/apt/sources.list new file mode 100644 index 0000000..c2e31a7 --- /dev/null +++ b/scripts/latecommand/bookworm/etc/apt/sources.list @@ -0,0 +1,12 @@ +# From latecommand - Debian's preseed +deb http://deb.debian.org/debian/ bookworm main non-free-firmware + +deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware + +deb http://security.debian.org/debian-security bookworm-security main non-free-firmware +deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware + +# bookworm-updates, to get updates before a point release is made; +# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports +#deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware +#deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware diff --git a/scripts/latecommand/bookworm/etc/logrotate.conf b/scripts/latecommand/bookworm/etc/logrotate.conf new file mode 100644 index 0000000..12b4c1e --- /dev/null +++ b/scripts/latecommand/bookworm/etc/logrotate.conf @@ -0,0 +1,29 @@ +# see "man logrotate" for details + +# global options do not affect preceding include directives + +# rotate log files weekly +weekly + +# keep 4 weeks worth of backlogs +rotate 4 + +# create new (empty) log files after rotating old ones +create + +# use date as a suffix of the rotated file +dateext + +# compress log files +compress + +# Postpone compression of the previous log file to the next rotation cycle +delaycompress + +# Do not rotate the log if it is empty +notifempty + +# packages drop log rotation information into this directory +include /etc/logrotate.d + +# system-specific logs may also be configured here. diff --git a/scripts/latecommand/old/buster/etc/logrotate.d/dpkg b/scripts/latecommand/bookworm/etc/logrotate.d/alternatives similarity index 52% rename from scripts/latecommand/old/buster/etc/logrotate.d/dpkg rename to scripts/latecommand/bookworm/etc/logrotate.d/alternatives index 4bce6bb..9c617c7 100644 --- a/scripts/latecommand/old/buster/etc/logrotate.d/dpkg +++ b/scripts/latecommand/bookworm/etc/logrotate.d/alternatives @@ -1,16 +1,7 @@ /var/log/alternatives.log { - rotate 12 monthly + rotate 12 missingok create 644 root root olddir /var/log/alternatives.d } - -/var/log/dpkg.log { - rotate 12 - monthly - missingok - create 644 root root - olddir /var/log/dpkg.d -} - diff --git a/scripts/latecommand/old/buster/etc/logrotate.d/apt b/scripts/latecommand/bookworm/etc/logrotate.d/apt similarity index 100% rename from scripts/latecommand/old/buster/etc/logrotate.d/apt rename to scripts/latecommand/bookworm/etc/logrotate.d/apt diff --git a/scripts/latecommand/old/buster/etc/logrotate.d/aptitude b/scripts/latecommand/bookworm/etc/logrotate.d/aptitude similarity index 100% rename from scripts/latecommand/old/buster/etc/logrotate.d/aptitude rename to scripts/latecommand/bookworm/etc/logrotate.d/aptitude diff --git a/scripts/latecommand/old/buster/etc/logrotate.d/btmp b/scripts/latecommand/bookworm/etc/logrotate.d/btmp similarity index 100% rename from scripts/latecommand/old/buster/etc/logrotate.d/btmp rename to scripts/latecommand/bookworm/etc/logrotate.d/btmp diff --git a/scripts/latecommand/bookworm/etc/logrotate.d/dpkg b/scripts/latecommand/bookworm/etc/logrotate.d/dpkg new file mode 100644 index 0000000..d9c78a2 --- /dev/null +++ b/scripts/latecommand/bookworm/etc/logrotate.d/dpkg @@ -0,0 +1,7 @@ +/var/log/dpkg.log { + monthly + rotate 12 + missingok + create 644 root root + olddir /var/log/dpkg.d +} diff --git a/scripts/latecommand/old/buster/etc/logrotate.d/rsyslog b/scripts/latecommand/bookworm/etc/logrotate.d/rsyslog similarity index 100% rename from scripts/latecommand/old/buster/etc/logrotate.d/rsyslog rename to scripts/latecommand/bookworm/etc/logrotate.d/rsyslog diff --git a/scripts/latecommand/old/buster/etc/logrotate.d/wtmp b/scripts/latecommand/bookworm/etc/logrotate.d/wtmp similarity index 100% rename from scripts/latecommand/old/buster/etc/logrotate.d/wtmp rename to scripts/latecommand/bookworm/etc/logrotate.d/wtmp diff --git a/scripts/latecommand/bookworm/etc/rsyslog.conf b/scripts/latecommand/bookworm/etc/rsyslog.conf new file mode 100644 index 0000000..778ab69 --- /dev/null +++ b/scripts/latecommand/bookworm/etc/rsyslog.conf @@ -0,0 +1,90 @@ +# /etc/rsyslog.conf configuration file for rsyslog +# +# For more information install rsyslog-doc and see +# /usr/share/doc/rsyslog-doc/html/configuration/index.html + + +################# +#### MODULES #### +################# + +module(load="imuxsock") # provides support for local system logging +module(load="imklog") # provides kernel logging support +#module(load="immark") # provides --MARK-- message capability + +# Provides UDP syslog reception +#module(load="imudp") +#input(type="imudp" port="514") + +# Provides TCP syslog reception +#module(load="imtcp") +#input(type="imtcp" port="514") + + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# +# Set the default permissions for all log files. +# +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +# +# Where to place spool and state files +# +$WorkDirectory /var/spool/rsyslog + +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf + + +############### +#### RULES #### +############### + +# +# Log anything besides private authentication messages to a single log file +# +*.*;auth,authpriv.none -/var/log/syslog + +# +# Log commonly used facilities to their own log file +# +auth,authpriv.* /var/log/auth.log +cron.* -/var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. +# +mail.info -/var/log/mail.info +mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err + +# +# Some "catch-all" log files. +# +*.=debug;\ + auth,authpriv.none;\ + news.none;mail.none -/var/log/debug +*.=info;*.=notice;*.=warn;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail,news.none -/var/log/messages + +# +# Emergencies are sent to everybody logged in. +# +*.emerg :omusrmsg:* diff --git a/scripts/latecommand/bookworm/etc/rsyslog.d/cron-session.conf b/scripts/latecommand/bookworm/etc/rsyslog.d/cron-session.conf new file mode 100644 index 0000000..d5b0185 --- /dev/null +++ b/scripts/latecommand/bookworm/etc/rsyslog.d/cron-session.conf @@ -0,0 +1,25 @@ +# +# Redirect PAM session information for 'cron' entries to the cron log file, +# to avoid filling up auth.log +# +if ($msg contains "pam_unix(cron:session): session opened for user") then { + action( + type="omfile" + file="/var/log/cron.log" + fileOwner="root" + fileGroup="adm" + fileCreateMode="0640" + dirCreateMode="0755" + ) + stop +} else if ($msg contains "pam_unix(cron:session): session closed for user") then { + action( + type="omfile" + file="/var/log/cron.log" + fileOwner="root" + fileGroup="adm" + fileCreateMode="0640" + dirCreateMode="0755" + ) + stop +} diff --git a/scripts/latecommand/bookworm/etc/rsyslog.d/postfix.conf b/scripts/latecommand/bookworm/etc/rsyslog.d/postfix.conf new file mode 100644 index 0000000..7b5d9b0 --- /dev/null +++ b/scripts/latecommand/bookworm/etc/rsyslog.d/postfix.conf @@ -0,0 +1,4 @@ +# Create an additional socket in postfix's chroot in order not to break +# mail logging when rsyslog is restarted. If the directory is missing, +# rsyslog will silently skip creating the socket. +$AddUnixListenSocket /var/spool/postfix/dev/log diff --git a/scripts/latecommand/old/buster/etc/apt/sources.list b/scripts/latecommand/old/buster/etc/apt/sources.list deleted file mode 100644 index 34f23db..0000000 --- a/scripts/latecommand/old/buster/etc/apt/sources.list +++ /dev/null @@ -1,6 +0,0 @@ -# From latecommand - Debian's preseed -deb http://deb.debian.org/debian/ buster main non-free contrib -deb-src http://deb.debian.org/debian/ buster main non-free contrib - -deb http://security.debian.org/debian-security buster/updates main contrib non-free -deb-src http://security.debian.org/debian-security buster/updates main contrib non-free diff --git a/scripts/latecommand/old/buster/etc/logrotate.conf b/scripts/latecommand/old/buster/etc/logrotate.conf deleted file mode 100644 index 10c01b7..0000000 --- a/scripts/latecommand/old/buster/etc/logrotate.conf +++ /dev/null @@ -1,10 +0,0 @@ - -create -weekly -compress -delaycompress -dateext -notifempty -include /etc/logrotate.d -rotate 4 - diff --git a/scripts/latecommand/old/buster/etc/rsyslog.conf b/scripts/latecommand/old/buster/etc/rsyslog.conf deleted file mode 100644 index 31b426b..0000000 --- a/scripts/latecommand/old/buster/etc/rsyslog.conf +++ /dev/null @@ -1,5 +0,0 @@ -# -# Include all config files in /etc/rsyslog.d/ -# -$IncludeConfig /etc/rsyslog.d/*.conf - diff --git a/scripts/latecommand/old/buster/etc/rsyslog.d/00-global.conf b/scripts/latecommand/old/buster/etc/rsyslog.d/00-global.conf deleted file mode 100644 index f850eeb..0000000 --- a/scripts/latecommand/old/buster/etc/rsyslog.d/00-global.conf +++ /dev/null @@ -1,12 +0,0 @@ -# -# Global options -# -global( - defaultNetstreamDriver="ptcp" -) - -# -# Use traditional timestamp format. -# To enable high precision timestamps, comment out the following line. -# -$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat diff --git a/scripts/latecommand/old/buster/etc/rsyslog.d/05-common-defaults.conf b/scripts/latecommand/old/buster/etc/rsyslog.d/05-common-defaults.conf deleted file mode 100644 index 7fed09b..0000000 --- a/scripts/latecommand/old/buster/etc/rsyslog.d/05-common-defaults.conf +++ /dev/null @@ -1,20 +0,0 @@ -# -# Set default permissions for all log files -# -$FileOwner root -$FileGroup adm -$FileCreateMode 0640 -$DirCreateMode 0755 -$Umask 0022 - - -# -# Where to place spool and state files -# -$WorkDirectory /var/spool/rsyslog - -# -# Log every message -# -$RepeatedMsgReduction off - diff --git a/scripts/latecommand/old/buster/etc/rsyslog.d/10-local-modules.conf b/scripts/latecommand/old/buster/etc/rsyslog.d/10-local-modules.conf deleted file mode 100644 index ad031cb..0000000 --- a/scripts/latecommand/old/buster/etc/rsyslog.d/10-local-modules.conf +++ /dev/null @@ -1,19 +0,0 @@ -# -# Log messages sent to local UNIX socket -# -# provides support for local system logging -module(load="imuxsock") - -# -# Log kernel messages -# -# provides kernel logging support -module(load="imklog" permitnonkernelfacility="on") - -# -# Log periodic -- MARK -- messages -# -# provides --MARK-- message capability -#module(load="immark") -#module(load="immark" markmessageperiod="3600") - diff --git a/scripts/latecommand/old/buster/etc/rsyslog.d/50-default-rulesets.conf b/scripts/latecommand/old/buster/etc/rsyslog.d/50-default-rulesets.conf deleted file mode 100644 index 19a6218..0000000 --- a/scripts/latecommand/old/buster/etc/rsyslog.d/50-default-rulesets.conf +++ /dev/null @@ -1,43 +0,0 @@ -# -# Standard log files, split by facility -# -auth,authpriv.* /var/log/auth.log -*.*;cron,auth,authpriv.none -/var/log/syslog -cron.* -/var/log/cron.log -daemon.* -/var/log/daemon.log -kern.* -/var/log/kern.log -lpr.* -/var/log/lpr.log -mail.* -/var/log/mail.log -user.* -/var/log/user.log - -# -# Logging for the mail system. Split it up so that -# it is easy to write scripts to parse these files -# -mail.info -/var/log/mail.info -mail.warn -/var/log/mail.warn -mail.err /var/log/mail.err - -# -# Logging for INN news system -# -news.crit /var/log/news/news.crit -news.err /var/log/news/news.err -news.notice -/var/log/news/news.notice - -# -# Some "catch-all" log files -# -*.=debug;\ - auth,authpriv.none;\ - news.none;mail.none -/var/log/debug -*.=info;*.=notice;*.=warn;\ - auth,authpriv.none;\ - cron,daemon.none;\ - mail,news.none -/var/log/messages - -# -# Emergencies are sent to everybody logged in -# -*.emerg :omusrmsg:* - diff --git a/scripts/latecommand/old/post.buster.sh b/scripts/latecommand/old/post.buster.sh deleted file mode 100755 index ad5a60d..0000000 --- a/scripts/latecommand/old/post.buster.sh +++ /dev/null @@ -1,163 +0,0 @@ -#!/bin/sh - -APT_CONF_INCLUDE_SRC="$(dirname $0)/buster/etc/apt/apt.conf.d/" -APT_CONF_INCLUDE_PATH="/etc/apt/apt.conf.d/" - -APT_SOURCES_SRC="$(dirname $0)/buster/etc/apt/sources.list" -APT_SOURCES_PATH="/etc/apt/sources.list" - -RSYSLOGD_CONF_SRC="$(dirname $0)/buster/etc/rsyslog.conf" -RSYSLOGD_CONF_PATH="/etc/rsyslog.conf" -RSYSLOGD_INCLUDE_SRC="$(dirname $0)/buster/etc/rsyslog.d/" -RSYSLOGD_INCLUDE_PATH="/etc/rsyslog.d/" - -LOGROTATE_CONF_SRC="$(dirname $0)/buster/etc/logrotate.conf" -LOGROTATE_CONF_PATH="/etc/logrotate.conf" -LOGROTATE_INCLUDE_SRC="$(dirname $0)/buster/etc/logrotate.d/" -LOGROTATE_INCLUDE_PATH="/etc/logrotate.d/" - -# apt configuration {{{ - -# ensure to have some default configuration for Apt -cp -- "${APT_CONF_INCLUDE_SRC}"* "${APT_CONF_INCLUDE_PATH}" - -# ensure to have a correct sources.list file for Apt -cp -- "${APT_SOURCES_SRC}" "${APT_SOURCES_PATH}" - -# }}} - -## Packages {{{ - -# update repositories and packages -apt update -apt -y full-upgrade - -# Ensure to have some basic packages -apt -y install aptitude tmux vim-nox zsh - -# Ensure to remove some "too"-basic packages -aptitude -y remove vim-tiny - -# If no X display is expected -if [ ! "$(dpkg -l xorg)" ]; then - ## Remove unwanted x11 lib - aptitude -y remove libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 xauth - if [ "$(dpkg -l task-english)" ]; then - ## Remove task-english - aptitude -y remove task-english iamerican ibritish ienglish-common ispell util-linux-locales wamerican - fi -else - if [ "$(dpkg -l task-english)" ]; then - ## Remove task-english - aptitude -y remove task-english - fi -fi - -### Documentation {{{ -# Remove task-french -if [ "$(dpkg -l task-french)" ]; then - # Move default wordlist to american before remove all packages - select-default-wordlist --set-default=american - aptitude -y remove task-french - - # Reinstall useful french doc and move back to french dict - aptitude -y install aspell-fr doc-debian-fr doc-linux-fr-text ifrench-gut manpages-fr manpages-fr-extra wfrench - select-default-wordlist --set-default=".*(F|f)rench.*" -fi - -# Ensure to have minimal documentation -aptitude -y install man-db manpages - -### }}} - -### SSH {{{ -# Remove task-ssh-server -if [ "$(dpkg -l task-ssh-server)" ]; then - aptitude -y remove task-ssh-server krb5-locales ncurses-term -fi - -# Ensure to install openssh-server -aptitude -y install openssh-server openssh-sftp-server - -### }}} - -# Ansible dependencies -aptitude -y install python-apt - -### Tasksel {{{ -# If tasksel and tasksel-data are the only task* relative packages -if [ "$(dpkg -l | grep -c task)" -eq "2" ]; then - aptitude -y remove tasksel tasksel-data -fi - -# purge configuration files -aptitude -y purge '~c' - -### }}} - -## }}} - -# Grub {{{ - -## If EFI directory is present -EFI_PATH="/boot/efi" -if [ -d "${EFI_PATH}" ]; then - ## Install grub-efi - aptitude install -y grub-efi-amd64 - ## Get grub device (keep only some patterns, eg. /dev/sda, /dev/vda, /dev/nvme0n1,…) - GRUB_DEVICE=$(sed -n "s;^\(/dev/[a-z]\{3\}\|/dev/nvme[a-z0-9]\{3\}\)\(p[0-9]\|[0-9]\) ${EFI_PATH} .*;\1;p" /etc/mtab) - grub-install --target=x86_64-efi "${GRUB_DEVICE}" 2>/dev/null - if [ -d "${EFI_PATH}"/EFI ]; then - ## Copy efi entries to a boot directory - mkdir -p -- "${EFI_PATH}"/EFI/boot - find "${EFI_PATH}"/EFI/grub -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit 2>/dev/null - find "${EFI_PATH}"/EFI/debian -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit - fi -fi - -### }}} - -### Rsyslog {{{ - -# Install new Rsyslog configuration -if [ -f "${RSYSLOGD_CONF_PATH}" ]; then - cp -- "${RSYSLOGD_CONF_PATH}" "${RSYSLOGD_CONF_PATH}".orig - cp -- "${RSYSLOGD_CONF_SRC}" "${RSYSLOGD_CONF_PATH}" -fi -cp -- "${RSYSLOGD_INCLUDE_SRC}"* "${RSYSLOGD_INCLUDE_PATH}" - -# Restart Rsyslog service -systemctl restart rsyslog - -### }}} -### Logrotate {{{ - -# Install new Logrotate configuration -if [ -f "${LOGROTATE_CONF_PATH}" ]; then - cp -- "${LOGROTATE_CONF_PATH}" "${LOGROTATE_CONF_PATH}".orig - cp -- "${LOGROTATE_CONF_SRC}" "${LOGROTATE_CONF_PATH}" -fi -cp -- "${LOGROTATE_INCLUDE_SRC}"* "${LOGROTATE_INCLUDE_PATH}" - -# Create an archive directory for some log files (aptitude, dpkg,…) -mkdir -p -- /var/log/old_logs.d \ - /var/log/alternatives.d \ - /var/log/aptitude.d \ - /var/log/auth.d \ - /var/log/cron.d \ - /var/log/daemon.d \ - /var/log/dpkg.d \ - /var/log/kern.d \ - /var/log/lpr.d \ - /var/log/mail.d \ - /var/log/messages.d \ - /var/log/syslog.d - -chmod 0750 /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d -chown root:adm /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d - -# Create the log directory for journald (Systemd), need the configuration Storage=(auto|persistent) -mkdir -p -- /var/log/journal -### }}} - -exit 0 diff --git a/scripts/latecommand/old/post.stretch.sh b/scripts/latecommand/old/post.stretch.sh deleted file mode 100755 index fa92a30..0000000 --- a/scripts/latecommand/old/post.stretch.sh +++ /dev/null @@ -1,140 +0,0 @@ -#!/bin/sh - -APT_CONF_INCLUDE_SRC="$(dirname $0)/stretch/etc/apt/apt.conf.d/" -APT_CONF_INCLUDE_PATH="/etc/apt/apt.conf.d/" - -RSYSLOGD_CONF_SRC="$(dirname $0)/stretch/etc/rsyslog.conf" -RSYSLOGD_CONF_PATH="/etc/rsyslog.conf" -RSYSLOGD_INCLUDE_SRC="$(dirname $0)/stretch/etc/rsyslog.d/" -RSYSLOGD_INCLUDE_PATH="/etc/rsyslog.d/" - -LOGROTATE_CONF_SRC="$(dirname $0)/stretch/etc/logrotate.conf" -LOGROTATE_CONF_PATH="/etc/logrotate.conf" -LOGROTATE_INCLUDE_SRC="$(dirname $0)/stretch/etc/logrotate.d/" -LOGROTATE_INCLUDE_PATH="/etc/logrotate.d/" - -# apt configuration {{{ - -# ensure to have some default configuration for Apt -cp -- "${APT_CONF_INCLUDE_SRC}"* "${APT_CONF_INCLUDE_PATH}" - -# }}} - -## Packages {{{ - -# update repositories and packages -apt update -apt -y full-upgrade - -# Ensure to have some basic packages -apt -y install aptitude tmux vim-nox zsh - -# Ensure to remove some "too"-basic packages -aptitude -y remove vim-tiny - - -# Ensure to have some systemd basic packages -aptitude -y install dbus libpam-systemd - -# Remove NFS and rpcbind -aptitude -y remove nfs-common rpcbind - -### Documentation {{{ -# If no X display is expected -if [ ! "$(dpkg -l xorg)" ]; then - ## Remove unwanted x11 lib - aptitude -y remove libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 xauth - if [ "$(dpkg -l task-english)" ]; then - ## Remove task-english - aptitude -y remove task-english iamerican ibritish ienglish-common ispell util-linux-locales wamerican - fi -else - if [ "$(dpkg -l task-english)" ]; then - ## Remove task-english - aptitude -y remove task-english - fi -fi - -# Ensure to have minimal documentation -aptitude -y install man-db manpages - -### }}} - -### SSH {{{ -# Remove task-ssh-server -if [ "$(dpkg -l task-ssh-server)" ]; then - aptitude -y remove task-ssh-server -fi - -# Ensure to install openssh-server -aptitude -y install openssh-server openssh-sftp-server - -### }}} - -# Ansible dependencies -aptitude -y install python-apt - -### Tasksel {{{ -# If tasksel and tasksel-data are the only task* relative packages -if [ "$(dpkg -l | grep -c task)" -eq "2" ]; then - aptitude -y remove tasksel tasksel-data -fi - -# purge configuration files -aptitude -y purge '~c' - -### }}} - -## }}} - -# Grub {{{ - -## If EFI directory is present -EFI_PATH="/boot/efi" -if [ -d "${EFI_PATH}" ]; then - ## Install grub-efi - aptitude install -y grub-efi-amd64 - ## Get grub device (keep only some patterns, eg. /dev/sda, /dev/vda, /dev/nvme0n1,…) - GRUB_DEVICE=$(sed -n "s;^\(/dev/[a-z]\{3\}\|/dev/nvme[a-z0-9]\{3\}\)\(p[0-9]\|[0-9]\) ${EFI_PATH} .*;\1;p" /etc/mtab) - grub-install --target=x86_64-efi "${GRUB_DEVICE}" 2>/dev/null - if [ -d "${EFI_PATH}"/EFI ]; then - ## Copy efi entries to a boot directory - mkdir -p -- "${EFI_PATH}"/EFI/boot - find "${EFI_PATH}"/EFI/grub -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit 2>/dev/null - find "${EFI_PATH}"/EFI/debian -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit - fi -fi - -### }}} - -### Rsyslog {{{ - -# Install new Rsyslog configuration -if [ -f "${RSYSLOGD_CONF_PATH}" ]; then - cp "${RSYSLOGD_CONF_SRC}" "${RSYSLOGD_CONF_PATH}" -fi -cp -- "${RSYSLOGD_INCLUDE_SRC}"* "${RSYSLOGD_INCLUDE_PATH}" - -# Restart Rsyslog service -systemctl restart rsyslog - -### }}} -### Logrotate {{{ - -# Install new Logrotate configuration -if [ -f "${LOGROTATE_CONF_PATH}" ]; then - cp "${LOGROTATE_CONF_SRC}" "${LOGROTATE_CONF_PATH}" -fi -cp -- "${LOGROTATE_INCLUDE_SRC}"* "${LOGROTATE_INCLUDE_PATH}" - -# Create an archive directory for some log files (aptitude, dpkg,…) -mkdir -p -- /var/log/old_logs.d /var/log/aptitude.d /var/log/dpkg.d /var/log/alternatives.d /var/log/syslog.d /var/log/cron.d /var/log/daemon.d /var/log/kern.d /var/log/lpr.d /var/log/mail.d /var/log/auth.d /var/log/messages.d - -chmod 0750 /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d -chown root:adm /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d - -# Create the log directory for journald (Systemd), need the configuration Storage=(auto|persistent) -mkdir -p -- /var/log/journal -### }}} - -exit 0 diff --git a/scripts/latecommand/old/stretch/etc/apt/apt.conf.d/25no-recommends.conf b/scripts/latecommand/old/stretch/etc/apt/apt.conf.d/25no-recommends.conf deleted file mode 100644 index 2c580cd..0000000 --- a/scripts/latecommand/old/stretch/etc/apt/apt.conf.d/25no-recommends.conf +++ /dev/null @@ -1,7 +0,0 @@ -// Should APT install recommended or suggested packages? -APT::Install-Recommends "false"; -APT::Install-Suggests "false"; - -// Should APT autoremove recommended or suggested packages? -APT::AutoRemove::RecommendsImportant "false"; -APT::AutoRemove::SuggestsImportant "false"; diff --git a/scripts/latecommand/old/stretch/etc/logrotate.conf b/scripts/latecommand/old/stretch/etc/logrotate.conf deleted file mode 100644 index 504a88c..0000000 --- a/scripts/latecommand/old/stretch/etc/logrotate.conf +++ /dev/null @@ -1,29 +0,0 @@ - -create -weekly -compress -delaycompress -dateext -notifempty -include /etc/logrotate.d - -# No packages own wtmp or btmp, they will be managed directly -/var/log/wtmp { - missingok - monthly - create 0664 root utmp - rotate 3 - olddir /var/log/old_logs.d - -} - -# No packages own wtmp or btmp, they will be managed directly -/var/log/btmp { - missingok - monthly - create 0660 root utmp - rotate 3 - olddir /var/log/old_logs.d - -} - diff --git a/scripts/latecommand/old/stretch/etc/logrotate.d/aptitude b/scripts/latecommand/old/stretch/etc/logrotate.d/aptitude deleted file mode 100644 index a1ad0f5..0000000 --- a/scripts/latecommand/old/stretch/etc/logrotate.d/aptitude +++ /dev/null @@ -1,7 +0,0 @@ -/var/log/aptitude { - rotate 6 - monthly - missingok - olddir /var/log/aptitude.d - -} diff --git a/scripts/latecommand/old/stretch/etc/logrotate.d/dpkg b/scripts/latecommand/old/stretch/etc/logrotate.d/dpkg deleted file mode 100644 index 35441a2..0000000 --- a/scripts/latecommand/old/stretch/etc/logrotate.d/dpkg +++ /dev/null @@ -1,18 +0,0 @@ -/var/log/alternatives.log { - rotate 12 - monthly - missingok - create 644 root root - olddir /var/log/alternatives.d - -} - -/var/log/dpkg.log { - rotate 12 - monthly - missingok - create 644 root root - olddir /var/log/dpkg.d - -} - diff --git a/scripts/latecommand/old/stretch/etc/logrotate.d/rsyslog b/scripts/latecommand/old/stretch/etc/logrotate.d/rsyslog deleted file mode 100644 index 89dfbcf..0000000 --- a/scripts/latecommand/old/stretch/etc/logrotate.d/rsyslog +++ /dev/null @@ -1,116 +0,0 @@ -# Default directives are activilly used, please see /etc/logrotate.conf - -/var/log/syslog -/var/log/syslog.log -/var/log/local0.log -/var/log/local1.log -/var/log/local2.log -/var/log/local3.log -/var/log/local4.log -/var/log/local5.log -/var/log/local6.log -/var/log/local7.log -/var/log/uucp.log -{ - rotate 8 - daily - missingok - olddir /var/log/syslog.d - - postrotate - invoke-rc.d rsyslog rotate > /dev/null - - endscript -} - -/var/log/cron.log /var/log/mark.log { - maxsize 250k - missingok - sharedscripts - olddir /var/log/cron.d - - postrotate - invoke-rc.d rsyslog rotate > /dev/null - - endscript -} - -/var/log/daemon.log { - maxsize 250k - missingok - sharedscripts - olddir /var/log/daemon.d - - postrotate - invoke-rc.d rsyslog rotate > /dev/null - - endscript -} - -/var/log/kern.log /var/log/kernel.log { - maxsize 250k - missingok - sharedscripts - olddir /var/log/kern.d - - postrotate - invoke-rc.d rsyslog rotate > /dev/null - - endscript -} - -/var/log/lpr.log { - maxsize 250k - missingok - sharedscripts - olddir /var/log/lpr.d - - postrotate - invoke-rc.d rsyslog rotate > /dev/null - - endscript -} - -/var/log/mail.log -/var/log/mail.info -/var/log/mail.warn -/var/log/mail.err -{ - maxsize 250k - missingok - sharedscripts - olddir /var/log/mail.d - - postrotate - invoke-rc.d rsyslog rotate > /dev/null - - endscript -} - -/var/log/auth.log -/var/log/authpriv.log -/var/log/user.log -{ - maxsize 250k - missingok - sharedscripts - olddir /var/log/auth.d - - postrotate - invoke-rc.d rsyslog rotate > /dev/null - - endscript -} - -/var/log/messages /var/log/debug { - maxsize 250k - missingok - sharedscripts - olddir /var/log/messages.d - - postrotate - invoke-rc.d rsyslog rotate > /dev/null - - endscript -} - diff --git a/scripts/latecommand/old/stretch/etc/rsyslog.conf b/scripts/latecommand/old/stretch/etc/rsyslog.conf deleted file mode 100644 index 31b426b..0000000 --- a/scripts/latecommand/old/stretch/etc/rsyslog.conf +++ /dev/null @@ -1,5 +0,0 @@ -# -# Include all config files in /etc/rsyslog.d/ -# -$IncludeConfig /etc/rsyslog.d/*.conf - diff --git a/scripts/latecommand/old/stretch/etc/rsyslog.d/00-global.conf b/scripts/latecommand/old/stretch/etc/rsyslog.d/00-global.conf deleted file mode 100644 index 37ccc49..0000000 --- a/scripts/latecommand/old/stretch/etc/rsyslog.d/00-global.conf +++ /dev/null @@ -1,9 +0,0 @@ -# This file is managed remotely, all changes will be lost - -# -# Global options -# -global( - defaultNetstreamDriver="ptcp" -) - diff --git a/scripts/latecommand/old/stretch/etc/rsyslog.d/05-common-defaults.conf b/scripts/latecommand/old/stretch/etc/rsyslog.d/05-common-defaults.conf deleted file mode 100644 index 7e81e59..0000000 --- a/scripts/latecommand/old/stretch/etc/rsyslog.d/05-common-defaults.conf +++ /dev/null @@ -1,22 +0,0 @@ -# This file is managed remotely, all changes will be lost - -# -# Set default permissions for all log files -# -$FileOwner root -$FileGroup adm -$FileCreateMode 0640 -$DirCreateMode 0755 -$Umask 0022 - - -# -# Where to place spool and state files -# -$WorkDirectory /var/spool/rsyslog - -# -# Log every message -# -$RepeatedMsgReduction off - diff --git a/scripts/latecommand/old/stretch/etc/rsyslog.d/10-local-modules.conf b/scripts/latecommand/old/stretch/etc/rsyslog.d/10-local-modules.conf deleted file mode 100644 index 960625d..0000000 --- a/scripts/latecommand/old/stretch/etc/rsyslog.d/10-local-modules.conf +++ /dev/null @@ -1,19 +0,0 @@ -# This file is managed remotely, all changes will be lost - -# -# Log messages sent to local UNIX socket -# -$ModLoad imuxsock - -# -# Log kernel messages -# -$ModLoad imklog -$KLogPermitNonKernelFacility on - -# -# Log periodic -- MARK -- messages -# -$ModLoad immark -$MarkMessagePeriod 3600 - diff --git a/scripts/latecommand/old/stretch/etc/rsyslog.d/50-default-rulesets.conf b/scripts/latecommand/old/stretch/etc/rsyslog.d/50-default-rulesets.conf deleted file mode 100644 index 33926dd..0000000 --- a/scripts/latecommand/old/stretch/etc/rsyslog.d/50-default-rulesets.conf +++ /dev/null @@ -1,45 +0,0 @@ -# This file is managed remotely, all changes will be lost - -# -# Standard log files, split by facility -# -auth,authpriv.* /var/log/auth.log -*.*;cron,auth,authpriv.none -/var/log/syslog -cron.* -/var/log/cron.log -daemon.* -/var/log/daemon.log -kern.* -/var/log/kern.log -lpr.* -/var/log/lpr.log -mail.* -/var/log/mail.log -user.* -/var/log/user.log - -# -# Logging for the mail system. Split it up so that -# it is easy to write scripts to parse these files -# -mail.info -/var/log/mail.info -mail.warn -/var/log/mail.warn -mail.err /var/log/mail.err - -# -# Logging for INN news system -# -news.crit /var/log/news/news.crit -news.err /var/log/news/news.err -news.notice -/var/log/news/news.notice - -# -# Some "catch-all" log files -# -*.=debug;\ - auth,authpriv.none;\ - mail,news.none -/var/log/debug -*.=info;*.=notice;*.=warn;\ - auth,authpriv.none;\ - cron,daemon.none;\ - mail,news.none -/var/log/messages - -# -# Emergencies are sent to everybody logged in -# -*.emerg :omusrmsg:* - diff --git a/scripts/latecommand/post.bookworm.sh b/scripts/latecommand/post.bookworm.sh new file mode 100755 index 0000000..9eba339 --- /dev/null +++ b/scripts/latecommand/post.bookworm.sh @@ -0,0 +1,178 @@ +#!/bin/sh + +APT_CONF_INCLUDE_SRC="$(dirname $0)/bookworm/etc/apt/apt.conf.d/" +APT_CONF_INCLUDE_PATH="/etc/apt/apt.conf.d/" + +APT_SOURCES_SRC="$(dirname $0)/bookworm/etc/apt/sources.list" +APT_SOURCES_PATH="/etc/apt/sources.list" + +RSYSLOGD_CONF_SRC="$(dirname $0)/bookworm/etc/rsyslog.conf" +RSYSLOGD_CONF_PATH="/etc/rsyslog.conf" +RSYSLOGD_INCLUDE_SRC="$(dirname $0)/bookworm/etc/rsyslog.d/" +RSYSLOGD_INCLUDE_PATH="/etc/rsyslog.d/" + +LOGROTATE_CONF_SRC="$(dirname $0)/bookworm/etc/logrotate.conf" +LOGROTATE_CONF_PATH="/etc/logrotate.conf" +LOGROTATE_INCLUDE_SRC="$(dirname $0)/bookworm/etc/logrotate.d/" +LOGROTATE_INCLUDE_PATH="/etc/logrotate.d/" + +# apt configuration {{{ + +# Ensure to have some default configuration for Apt +cp -- "${APT_CONF_INCLUDE_SRC}"* "${APT_CONF_INCLUDE_PATH}" + +# Ensure to have a correct sources.list file for Apt +cp -- "${APT_SOURCES_SRC}" "${APT_SOURCES_PATH}" + +# Update repositories and packages +apt update +apt --assume-yes full-upgrade + +# Ensure to have aptitude ! +apt --assume-yes install -- aptitude + +# }}} + +# Rsyslog {{{ + +# Ensure to install Rsyslog daemon +aptitude --assume-yes install -- rsyslog + +# Install new Rsyslog configuration +if [ -f "${RSYSLOGD_CONF_PATH}" ]; then + cp -- "${RSYSLOGD_CONF_PATH}" "${RSYSLOGD_CONF_PATH}".orig + cp -- "${RSYSLOGD_CONF_SRC}" "${RSYSLOGD_CONF_PATH}" +fi +cp -- "${RSYSLOGD_INCLUDE_SRC}"* "${RSYSLOGD_INCLUDE_PATH}" + +# Restart Rsyslog service +systemctl restart rsyslog + +# }}} + +# Packages {{{ + +# Ensure to have some basic packages +aptitude --assume-yes install -- tmux vim-nox zsh + +# Ensure to remove some "too"-basic packages +aptitude --assume-yes remove -- vim-tiny + +# If no X display is expected +if [ ! "$(dpkg --list -- xorg)" ]; then + ## Remove unwanted x11 libs and packages + aptitude --assume-yes remove -- libgl1 libglx-mesa0 libglx0 libice6 libsm6 \ + libx11-6 libx11-data libx11-xcb1 libxau6 libxaw7 libxcb-dri2-0 libxcb-dri3-0 \ + libxcb-glx0 libxcb-present0 libxcb-shape0 libxcb-shm0 libxcb-sync1 \ + libxcb-xfixes0 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxdmcp6 \ + libxext6 libxfixes3 libxft2 libxi6 libxinerama1 libxkbfile1 libxmu6 libxmuu1 \ + libxpm4 libxrandr2 libxrender1 libxt6 libxtst6 libxv1 libxxf86dga1 \ + libxxf86vm1 x11-apps x11-common x11-session-utils x11-utils x11-xkb-utils \ + x11-xserver-utils xauth xbase-clients xinit + + if [ "$(dpkg --list -- task-english)" ]; then + ## Remove task-english + aptitude --assume-yes remove task-english iamerican ibritish ienglish-common ispell util-linux-locales wamerican + fi +# If X display is expected +elif [ "$(dpkg --list -- xorg)" ]; then + if [ "$(dpkg --list -- task-english)" ]; then + ## Remove task-english + aptitude --assume-yes remove task-english + fi +fi + +## Documentation {{{ +## Remove task-french +if [ "$(dpkg --list -- task-french)" ]; then + ### Move default wordlist to american before remove all packages + select-default-wordlist --set-default=american + aptitude --assume-yes remove -- task-french + + ### Reinstall useful french doc and move back to french dict + aptitude --assume-yes install -- aspell-fr ifrench-gut manpages-fr wfrench + select-default-wordlist --set-default=".*(F|f)rench.*" +fi + +## Ensure to have minimal documentation +aptitude --assume-yes install -- man-db manpages manpages-fr + +## }}} + +## SSH {{{ +## Remove task-ssh-server +if [ "$(dpkg --list -- task-ssh-server)" ]; then + aptitude --assume-yes remove -- task-ssh-server ncurses-term +fi + +## Ensure to install openssh-server +aptitude --assume-yes install -- openssh-server openssh-sftp-server + +## }}} + +# Ansible dependencies +aptitude --assume-yes install -- python3-apt + +## Tasksel {{{ +## If tasksel and tasksel-data are the only task* relative packages +if [ "$(dpkg --list -- | grep --count -- '^ii task')" -eq "2" ]; then + aptitude --assume-yes remove -- tasksel tasksel-data +fi + +## purge configuration files +aptitude --assume-yes purge -- '~c' + +## }}} + +# }}} + +# Grub {{{ + +# If EFI directory is present +EFI_PATH="/boot/efi" +if [ -d "${EFI_PATH}" ]; then + ## Install grub-efi + aptitude --assume-yes install -- grub-efi-amd64 + ## Get grub device (keep only some patterns, eg. /dev/sda, /dev/vda, /dev/nvme0n1,…) + GRUB_DEVICE=$(sed --silent "s;^\(/dev/[a-z]\{3\}\|/dev/nvme[a-z0-9]\{3\}\)\(p[0-9]\|[0-9]\) ${EFI_PATH} .*;\1;p" /etc/mtab) + grub-install --target=x86_64-efi "${GRUB_DEVICE}" 2>/dev/null + if [ -d "${EFI_PATH}"/EFI ]; then + ### Copy efi entries to a boot directory + mkdir -p -- "${EFI_PATH}"/EFI/boot + find "${EFI_PATH}"/EFI/grub -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit 2>/dev/null + find "${EFI_PATH}"/EFI/debian -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit + fi +fi + +# }}} + +# Logrotate {{{ + +# Install new Logrotate configuration +if [ -f "${LOGROTATE_CONF_PATH}" ]; then + cp -- "${LOGROTATE_CONF_PATH}" "${LOGROTATE_CONF_PATH}".orig + cp -- "${LOGROTATE_CONF_SRC}" "${LOGROTATE_CONF_PATH}" +fi +cp -- "${LOGROTATE_INCLUDE_SRC}"* "${LOGROTATE_INCLUDE_PATH}" + +# Create an archive directory for some log files (aptitude, dpkg,…) +mkdir -p -- /var/log/old_logs.d \ + /var/log/alternatives.d \ + /var/log/aptitude.d \ + /var/log/auth.d \ + /var/log/cron.d \ + /var/log/daemon.d \ + /var/log/dpkg.d \ + /var/log/kern.d \ + /var/log/mail.d \ + /var/log/messages.d \ + /var/log/syslog.d + +chmod 0750 /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d +chown root:adm /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d + +# Create the log directory for journald (Systemd), need the configuration Storage=(auto|persistent) +mkdir -p -- /var/log/journal +# }}} + +exit 0