From 0b554648059548424034966d47d0ad723fd2dc2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gardais=20J=C3=A9r=C3=A9my?= Date: Tue, 13 Jun 2023 16:46:44 +0200 Subject: [PATCH] New Bookworm entry with preseed and latecommand --- README.md | 1 + config/debian/menu.cfg | 4 + preseed/debian/bookworm/preseed.cfg | 425 ++++++++++++++++++ scripts/latecommand.tar.gz | Bin 9021 -> 8258 bytes .../etc/apt/apt.conf.d/25no-recommends.conf | 0 .../latecommand/bookworm/etc/apt/sources.list | 12 + .../latecommand/bookworm/etc/logrotate.conf | 29 ++ .../etc/logrotate.d/alternatives} | 11 +- .../buster => bookworm}/etc/logrotate.d/apt | 0 .../etc/logrotate.d/aptitude | 0 .../buster => bookworm}/etc/logrotate.d/btmp | 0 .../latecommand/bookworm/etc/logrotate.d/dpkg | 7 + .../etc/logrotate.d/rsyslog | 0 .../buster => bookworm}/etc/logrotate.d/wtmp | 0 scripts/latecommand/bookworm/etc/rsyslog.conf | 90 ++++ .../bookworm/etc/rsyslog.d/cron-session.conf | 25 ++ .../bookworm/etc/rsyslog.d/postfix.conf | 4 + .../old/buster/etc/apt/sources.list | 6 - .../latecommand/old/buster/etc/logrotate.conf | 10 - .../latecommand/old/buster/etc/rsyslog.conf | 5 - .../old/buster/etc/rsyslog.d/00-global.conf | 12 - .../etc/rsyslog.d/05-common-defaults.conf | 20 - .../etc/rsyslog.d/10-local-modules.conf | 19 - .../etc/rsyslog.d/50-default-rulesets.conf | 43 -- scripts/latecommand/old/post.buster.sh | 163 ------- scripts/latecommand/old/post.stretch.sh | 140 ------ .../etc/apt/apt.conf.d/25no-recommends.conf | 7 - .../old/stretch/etc/logrotate.conf | 29 -- .../old/stretch/etc/logrotate.d/aptitude | 7 - .../old/stretch/etc/logrotate.d/dpkg | 18 - .../old/stretch/etc/logrotate.d/rsyslog | 116 ----- .../latecommand/old/stretch/etc/rsyslog.conf | 5 - .../old/stretch/etc/rsyslog.d/00-global.conf | 9 - .../etc/rsyslog.d/05-common-defaults.conf | 22 - .../etc/rsyslog.d/10-local-modules.conf | 19 - .../etc/rsyslog.d/50-default-rulesets.conf | 45 -- scripts/latecommand/post.bookworm.sh | 178 ++++++++ 37 files changed, 776 insertions(+), 705 deletions(-) create mode 100644 preseed/debian/bookworm/preseed.cfg rename scripts/latecommand/{old/buster => bookworm}/etc/apt/apt.conf.d/25no-recommends.conf (100%) create mode 100644 scripts/latecommand/bookworm/etc/apt/sources.list create mode 100644 scripts/latecommand/bookworm/etc/logrotate.conf rename scripts/latecommand/{old/buster/etc/logrotate.d/dpkg => bookworm/etc/logrotate.d/alternatives} (52%) rename scripts/latecommand/{old/buster => bookworm}/etc/logrotate.d/apt (100%) rename scripts/latecommand/{old/buster => bookworm}/etc/logrotate.d/aptitude (100%) rename scripts/latecommand/{old/buster => bookworm}/etc/logrotate.d/btmp (100%) create mode 100644 scripts/latecommand/bookworm/etc/logrotate.d/dpkg rename scripts/latecommand/{old/buster => bookworm}/etc/logrotate.d/rsyslog (100%) rename scripts/latecommand/{old/buster => bookworm}/etc/logrotate.d/wtmp (100%) create mode 100644 scripts/latecommand/bookworm/etc/rsyslog.conf create mode 100644 scripts/latecommand/bookworm/etc/rsyslog.d/cron-session.conf create mode 100644 scripts/latecommand/bookworm/etc/rsyslog.d/postfix.conf delete mode 100644 scripts/latecommand/old/buster/etc/apt/sources.list delete mode 100644 scripts/latecommand/old/buster/etc/logrotate.conf delete mode 100644 scripts/latecommand/old/buster/etc/rsyslog.conf delete mode 100644 scripts/latecommand/old/buster/etc/rsyslog.d/00-global.conf delete mode 100644 scripts/latecommand/old/buster/etc/rsyslog.d/05-common-defaults.conf delete mode 100644 scripts/latecommand/old/buster/etc/rsyslog.d/10-local-modules.conf delete mode 100644 scripts/latecommand/old/buster/etc/rsyslog.d/50-default-rulesets.conf delete mode 100755 scripts/latecommand/old/post.buster.sh delete mode 100755 scripts/latecommand/old/post.stretch.sh delete mode 100644 scripts/latecommand/old/stretch/etc/apt/apt.conf.d/25no-recommends.conf delete mode 100644 scripts/latecommand/old/stretch/etc/logrotate.conf delete mode 100644 scripts/latecommand/old/stretch/etc/logrotate.d/aptitude delete mode 100644 scripts/latecommand/old/stretch/etc/logrotate.d/dpkg delete mode 100644 scripts/latecommand/old/stretch/etc/logrotate.d/rsyslog delete mode 100644 scripts/latecommand/old/stretch/etc/rsyslog.conf delete mode 100644 scripts/latecommand/old/stretch/etc/rsyslog.d/00-global.conf delete mode 100644 scripts/latecommand/old/stretch/etc/rsyslog.d/05-common-defaults.conf delete mode 100644 scripts/latecommand/old/stretch/etc/rsyslog.d/10-local-modules.conf delete mode 100644 scripts/latecommand/old/stretch/etc/rsyslog.d/50-default-rulesets.conf create mode 100755 scripts/latecommand/post.bookworm.sh diff --git a/README.md b/README.md index 9eb6082..735c53a 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,7 @@ Contains the files which defines the PXE menu. The [first one][main menu.cfg] wi #### config/debian/menu.cfg 1. Provide PXE entries for : * Debian Bookworm (Stable) amd64 with additional firmwares (see [make_debian_initrd_with_firmware.sh][debian initrd with firmware script] script). + * Debian Bookworm (Stable) amd64 with additional firmwares and preseed file. * Debian Bullseye (oldStable) amd64 with additional firmwares (see [make_debian_initrd_with_firmware.sh][debian initrd with firmware script] script). * Debian Bullseye (oldStable) amd64 with additional firmwares and preseed file. * Debian Bullseye (oldStable) amd64 for compute nodes with preseed. diff --git a/config/debian/menu.cfg b/config/debian/menu.cfg index 8db3a0a..c56fd40 100644 --- a/config/debian/menu.cfg +++ b/config/debian/menu.cfg @@ -4,6 +4,10 @@ label stableFirmware menu label ^Debian Bookworm amd64 Firmwares kernel installer/debian/bookworm/amd64/linux append vga=normal initrd=installer/debian/bookworm/amd64/initrd_firm.xz -- quiet +label stableAuto + menu label Debian ^Bookworm amd64 PRESEED + kernel installer/debian/bookworm/amd64/linux + append vga=normal initrd=installer/debian/bookworm/amd64/initrd_firm.xz auto=true interface=auto netcfg/dhcp_timeout=60 netcfg/choose_interface=auto priority=critical preseed/url=tftp://129.20.203.27/preseed/debian/bookworm/preseed.cfg label separator menu label --- diff --git a/preseed/debian/bookworm/preseed.cfg b/preseed/debian/bookworm/preseed.cfg new file mode 100644 index 0000000..3ed9adc --- /dev/null +++ b/preseed/debian/bookworm/preseed.cfg @@ -0,0 +1,425 @@ +# .. vim: foldmarker=[[[,]]]:foldmethod=marker +# +### Howto use [[[ +###################################################################### + +# Inspired from https://www.debian.org/releases/bookworm/example-preseed.txt +# For more details about all parameters, see projects under Debian installer: +# https://salsa.debian.org/installer-team + +## With a PXE boot: +#label bookworm +# menu label Debian GNU/Linux Book^worm 64 bits WITH PRESEED +# kernel installer/debian/bookworm/amd64/linux +# IPAPPEND 2 +# APPEND vga=normal initrd=installer/debian/bookworm/amd64/initrd_firm.gz auto=true interface=auto netcfg/dhcp_timeout=60 netcfg/choose_interface=auto priority=critical preseed/url=tftp://129.20.203.27/installer/debian/bookworm/amd64/preseed.cfg + +################################################################## ]]] +### Localization [[[ +###################################################################### + +## Install Time +# Preseeding only locale sets language, country and locale. +#d-i debian-installer/locale string en_US + +# The values can also be preseeded individually for greater flexibility. +d-i debian-installer/language string en +d-i debian-installer/country string FR +d-i debian-installer/locale select en_US.UTF-8 +d-i debian-installer/fallbacklocale select en_US.UTF-8 +# Optionally specify additional locales to be generated. +d-i localechooser/supported-locales multiselect fr_FR.UTF-8 +# Choose the language to be used for the installation process. The selected +# language will also be the default language for the installed system. +d-i localechooser/languagelist select en + +## Choose keyboard configuration +d-i console-tools/archs string skip-config +d-i console-keymaps-at/keymap select fr-latin9 +d-i keyboard-configuration/xkb-keymap select French + +################################################################## ]]] +### Network configuration [[[ +###################################################################### + +# Auto-configure networking +d-i netcfg/use_autoconfig boolean true + +# To set a different link detection timeout (default is 3 seconds). +# Values are interpreted as seconds. +d-i netcfg/link_detection_timeout string 20 +d-i netcfg/link_wait_timeout string 3 + +# If you have a slow dhcp server and the installer times out waiting for +# it, this might be useful. +d-i netcfg/dhcp_timeout string 60 +d-i netcfg/dhcpv6_timeout string 1 + +# Any hostname and domain names assigned from dhcp take precedence over +# values set here. However, setting the values still prevents the questions +# from being shown, even if values come from dhcp. +d-i netcfg/get_hostname string unassigned-hostname +d-i netcfg/get_domain string unassigned-domain + +# Disable that annoying WEP key dialog. +d-i netcfg/wireless_wep string + +# If you want to completely disable firmware lookup (i.e. not use firmware +# files or packages that might be available on installation images): +#d-i hw-detect/firmware-lookup string never + +# If non-free firmware is needed for the network or other hardware, you can +# configure the installer to always try to load it, without prompting. Or +# change to false to disable asking. +d-i hw-detect/load_firmware boolean true + +################################################################## ]]] +### Network console [[[ +###################################################################### + +# Use the following settings if you wish to make use of the network-console +# component for remote installation over SSH. This only makes sense if you +# intend to perform the remainder of the installation manually. +#d-i anna/choose_modules string network-console +#d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key +#d-i network-console/password password r00tme +#d-i network-console/password-again password r00tme + +################################################################## ]]] +### Mirror settings [[[ +###################################################################### + +# Mirror +# Usually, deb.debian.org is a good choice +d-i mirror/country string FR +d-i mirror/http/hostname string deb.debian.org +d-i mirror/http/directory string /debian/ +d-i mirror/http/proxy string +d-i mirror/http/mirror string deb.debian.org +# Suite to install. +d-i mirror/suite string +# Suite to use for loading installer components (optional). +#d-i mirror/udeb/suite string testing + +################################################################## ]]] +### Account setup [[[ +###################################################################### + +# Enable shadow passwords +d-i passwd/shadow boolean true + +# Allow root login +# If skipping creation of a root account, normal user account will be able to use sudo. +d-i passwd/root-login boolean true + +# Root password, either in clear text +#d-i passwd/root-password password r00tme +#d-i passwd/root-password-again password r00tme +# …or encrypted with {MD5, SHA512, …) hash +d-i passwd/root-password-crypted password $6$ceGTxMxc$gXajYByJna1cfTjaST3TcF0FfrlSAaEcmCiOMq/DBOuD0tlu8VYQosZPgwcFT4bCuODMErU/fgRxZEeu9c10V0 + +# Skip creation of a normal user account +d-i passwd/make-user boolean false + +# To create a normal user account. +#d-i passwd/user-fullname string bob +#d-i passwd/username string bob +# Normal user's password, either in clear text +#d-i passwd/user-password password insecure +#d-i passwd/user-password-again password insecure +# …or encrypted with {MD5, SHA512, …) hash +#d-i passwd/user-password-crypted password $1$098f6bcd4621d373cade4e832627b4f6 +# Create the first user with the specified UID instead of the default. +#d-i passwd/user-uid string 1010 + +# The user account will be added to some standard initial groups. To +# override that, use this. +#d-i passwd/user-default-groups string audio cdrom video + +################################################################## ]]] +### Clock and time zone setup [[[ +###################################################################### + +# Controls whether or not the hardware clock is set to UTC. +d-i clock-setup/utc boolean true + +# You may set this to any valid setting for $TZ; see the contents of +# /usr/share/zoneinfo/ for valid values. +d-i time/zone string Europe/Paris + +# Controls whether to use NTP to set the clock during the install +d-i clock-setup/ntp boolean true +# NTP server to use. The default is almost always fine here. +d-i clock-setup/ntp-server string 0.debian.pool.ntp.org + +################################################################## ]]] +### Disk Partitioning/Boot loader [[[ +###################################################################### + +# If the system has only one disk the installer will default to using it. +# Otherwise, the device name must be given +d-i partman-auto/disk string /dev/nvme0n1 /dev/sda /dev/vda + +d-i partman-auto/init_automatically_partition select custom + +# Specify the method to use +# - regular: use the usual partition types for the architecture +# - lvm: use LVM to partition the disk +# - crypto: use LVM within an encrypted partition +d-i partman-auto/method string lvm + +# You can define the amount of space that will be used for the LVM volume +# group. It can either be a size with its unit (eg. 20 GB), a percentage of +# free space or the 'max' keyword. +d-i partman-auto-lvm/guided_size string max + +# If one of the disks that are going to be automatically partitioned +# contains an old LVM configuration, the user will normally receive a +# warning. This can be preseeded away… +d-i partman-lvm/device_remove_lvm boolean true +# The same applies to pre-existing software RAID array: +#d-i partman-md/device_remove_md boolean true +# And the same goes for the confirmation to write the lvm partitions. +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true + +# Continue installation without /boot partition ? +# Useful for some expert recipe +d-i partman-auto-lvm/no_boot boolean false + +# Name of the volume group for the new system +d-i partman-auto-lvm/new_vg_name string sys + +# LVM partition +# This recipe need almost 30Gb free space. +d-i partman-auto/expert_recipe string \ + boot-root :: \ + 300 200000 500 ext3 \ + $primary{ } $bootable{ } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext3 } \ + label{ boot } \ + mountpoint{ /boot } \ + . \ + 16000 100000 -1 ext4 \ + $defaultignore{ } \ + $primary{ } \ + method{ lvm } \ + vg_name{ sys } \ + . \ + 1000 8000 2000 ext4 \ + $lvmok{ } \ + in_vg{ sys } lv_name{ lv_root } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + label{ root } \ + mountpoint{ / } \ + . \ + 4000 7000 10000 ext4 \ + $lvmok{ } \ + in_vg{ sys } lv_name{ lv_usr } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + options/nodev{ nodev } \ + label{ usr } \ + mountpoint{ /usr } \ + . \ + 4000 6000 8000 ext4 \ + $lvmok{ } \ + in_vg{ sys } lv_name{ lv_var } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + options/nodev{ nodev } \ + label{ var } \ + mountpoint{ /var } \ + . \ + 1000 5000 2000 ext4 \ + $lvmok{ } \ + in_vg{ sys } lv_name{ lv_tmp } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + options/nodev{ nodev } \ + options/nosuid{ nosuid } \ + label{ tmp } \ + mountpoint{ /tmp } \ + . \ + 2000 4000 3000 ext4 \ + $lvmok{ } \ + in_vg{ sys } lv_name{ lv_home } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + options/nodev{ nodev } \ + label{ home } \ + mountpoint{ /home } \ + . \ + 512 3000 2000 ext4 \ + $lvmok{ } \ + in_vg{ sys } lv_name{ lv_srv } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + options/nodev{ nodev } \ + label{ srv } \ + mountpoint{ /srv } \ + . \ + 512 2000 4000 ext4 \ + $lvmok{ } \ + in_vg{ sys } lv_name{ lv_opt } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + label{ opt } \ + mountpoint{ /opt } \ + . \ + 512 1000 100% linux-swap \ + $lvmok{ } \ + in_vg{ sys } lv_name{ lv_swap } \ + method{ swap } format{ } \ + . \ + 100 100 -1 ext3 \ + $lvmok{ } \ + in_vg{ sys } lv_name{ lv_free } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext3 } \ + label{ free } \ + mountpoint{ /mnt/free } \ + . +# Need to put all free space in a temp logical volume/partition +# Otherwise it's the last partition which get all free space + +# Allow to not set a swap partition +#d-i partman-basicfilesystems/no_swap boolean false + +# Return to menu if no mount point is assigned to a filesystem +d-i partman-basicfilesystems/no_mount_point boolean false + +# This makes partman automatically partition without confirmation. +# that you told it what to do using one of the methods above. +d-i partman-md/confirm boolean true +d-i partman/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + +################################################################## ]]] +### Base system installation [[[ + +# The kernel image (meta) package to be installed; "none" can be used if no +# kernel is to be installed. +d-i base-installer/kernel/image select linux-image-amd64 + +# Drivers to include in the initrd +# - most: include all available drivers +# - dep: only include drivers needed for this system +d-i base-installer/initramfs-tools/driver-policy select most + +################################################################## ]]] +### Apt setup [[[ +###################################################################### + +# Choose, if you want to scan additional installation media +d-i apt-setup/cdrom/set-first boolean false +d-i apt-setup/cdrom/set-double boolean false +d-i apt-setup/cdrom/set-next boolean false +d-i apt-setup/cdrom/set-failed boolean false + +# You can choose to install non-free firmware. +#d-i apt-setup/non-free-firmware boolean true +# You can choose to install non-free and contrib software. +d-i apt-setup/non-free boolean true +d-i apt-setup/contrib boolean true + +# Use a network mirror +# Set to false for an offline installation +d-i apt-setup/use_mirror boolean true + +# Select which update services to use; define the mirrors to be used. +d-i apt-setup/services-select multiselect security + +################################################################## ]]] +### Package selection [[[ +###################################################################### +# Choose packages +tasksel tasksel/first multiselect ssh-server + +# Or choose to not get the tasksel dialog displayed at all (and don't install +# any packages): +#d-i pkgsel/run_tasksel boolean false + +# Individual additional packages to install +# - tftp-hpa: to download an archive (see preseed/late_command at the end of this file) +d-i pkgsel/include string tftp-hpa + +## Whether to upgrade packages after debootstrap. +### Allowed values: none, safe-upgrade, full-upgrade +d-i pkgsel/upgrade select full-upgrade + +## Participate to Popularity Contest (disable for an unconnected server) +d-i popularity-contest/participate boolean true +popularity-contest popularity-contest/participate boolean true + +################################################################## ]]] +### Boot loader installation [[[ +###################################################################### + +# Grub is the boot loader (for x86). + +# This is fairly safe to set, it makes grub install automatically to the UEFI +# partition/boot record if no other operating system is detected on the machine. +d-i grub-installer/only_debian boolean true + +# This one makes grub-installer install to the MBR partition/boot record, if +# it also finds some other OS, which is less safe as it might not be able to +# boot that other OS. +d-i grub-installer/with_other_os boolean true + +# Due notably to potential USB sticks, the location of the primary drive can +# not be determined safely in general, so this needs to be specified: +#d-i grub-installer/bootdev string /dev/sda +# To install to the primary device (assuming it is not a USB stick): +d-i grub-installer/bootdev string default + +# Force GRUB installation to the EFI removable media path? +d-i grub-installer/force-efi-extra-removable boolean false + +################################################################## ]]] +### Finishing up the installation [[[ +###################################################################### + +# Avoid that last message about the install being complete. +d-i finish-install/reboot_in_progress note + +# This will prevent the installer from ejecting the CD during the reboot, +# which is useful in some situations. +d-i cdrom-detect/eject boolean false + +# This is how to make the installer shutdown when finished, but not +# reboot into the installed system. +#d-i debian-installer/exit/halt boolean true +# This will power off the machine instead of just halting it. +#d-i debian-installer/exit/poweroff boolean true +################################################################## ]]] +### Advanced options [[[ +###################################################################### +# This command is run just before the install finishes, but when there is +# still a usable /target directory. You can chroot to /target and use it +# directly, or use the apt-install and in-target commands to easily install +# packages and run commands in the target system. + +#in-target wget -O /tmp/latecommand.tar.gz "https://wiki.101010.fr/lib/exe/fetch.php?media=documentation:administration_systeme:latecommand.tar.gz" --no-check-certificate ; \ +# 1. Umount and remove temp lvm lv_free +# 2. Allow root connections with SSH +# 3. Download and run a post.bookworm.sh script +# TODO: PROD +#d-i preseed/late_command string in-target umount /dev/sys/lv_free ; \ +#lvremove -f /dev/sys/lv_free ; \ +#in-target /bin/rmdir /mnt/free ; in-target /bin/sed -i '/lv_free/d' /etc/fstab ; \ +#in-target /bin/sed -i 's/\(^\|^\#\)\(PermitRootLogin\).*/\2 yes/g' /etc/ssh/sshd_config ; \ +#in-target /usr/bin/tftp 129.20.203.27 -c get scripts/latecommand.tar.gz /tmp/latecommand.tar.gz ; \ +#in-target tar xzf /tmp/latecommand.tar.gz -C /tmp/ ; \ +#in-target /bin/sh /tmp/latecommand/post.bookworm.sh + +# TODO: DEV +d-i preseed/late_command string in-target umount /dev/sys/lv_free ; \ +lvremove -f /dev/sys/lv_free ; \ +in-target /bin/rmdir /mnt/free ; in-target /bin/sed -i '/lv_free/d' /etc/fstab ; \ +in-target /bin/sed -i 's/\(^\|^\#\)\(PermitRootLogin\).*/\2 yes/g' /etc/ssh/sshd_config ; +################################################################## ]]] diff --git a/scripts/latecommand.tar.gz b/scripts/latecommand.tar.gz index 6efebe00a8aa9239f4c98850a8ace98479286684..f5291a9e2d727d88907e5efe4d2bf319efc4fa45 100644 GIT binary patch literal 8258 zcmZu#Wl)@fk__&_-QC^Y36cQ8Ex5Y|4IA9u-Gf^Q5Oi@18rVJ}qJGB_AkdRPS@Nx7&B|XO*Ym^Ir-ytT8*%VyH<43*RYZK5JOub`#94qp zE}4r0=aj#(N(GdDb1TUI+?aVMYIhanqp z^;=cc3zewSq=d-Ow%kq1iIM7Kh70^(+UV4TvOd(DSshC;JrZJ`yTV|%2aR<({6a@1d+~ps2J5w(uVP1#Cz+Svmsk~8+Jt$ z21GvGaQPog8dSx>k$ysSq_%GrkE#!|dofGqHKjy8mg6gvsHbzv8YI@u?ktn}jQ0Id zDeR{B0%5@UC~G2xWHEb=U`xhjG59rtjwNy4JvY1%6-%i^w=8)zcWT4FX0^~^rEh$l zq2;@vC3>sq=9_VNVrbY!+XrJVbjSl(W`lAfXIBOi<3*vdprkPTDpqI*8Q#4Cx zqo$4tAfhLaF(l?#G+*iPA+nbQO=2Trowt>J$<*cVWiQ0)2Q#1GgYNjm_jK_|n?wtG3sO)<4I7+nuHgIA)J;07#J2In zLvF&JQ2FB{fuAL^J~Lx`w>?(4?cWy;#7G{rPTi+ic4oC`vGO~Nm<|G^;%7-kbp<(? z#!cUq6j}e$&86tb$8z~QoID$hn*l9a2OH2TO7 z35Nj*y}G*h_c!3Ftcb!Cfu(gCvJtP0s+-e1ejMt2njV=+++Z2eJ82}kR8r81zeQSN zHd}3#p$I3__2aP0K8NcW@6H^JMnftZ`PVT9J${PXZ9>xR-s?ohn5eK zfv|XUhd!vgKr)5`_!Pgivr#=l`kF^>6-s3pw&RRSi>Q>mVlhaLiLL z{=DLVrDEnvZ7N6Z-OZI8qb(?K7frv5igQFRg`1<*`xKxjfx}{qngTL7ioB z3TV4W3icnQE6S)BSZVV3OK`hrqGRGMO0saRl}zgA$~wkpzLblBh^HpI{I!R``bCy? zh&TJw+tU2~4I^~*Nqa?J=0v-crQ&5eo8QMV9BJASwp3A~*RG%N`bcgjn)2=B)9%rA z1d<IY6})cyFqM&P9vABf5cv*CQQ7=02-xk!mn&x0l+I zlB{m=)s=NSV7Df+RVMhAI4htKVN~@Dh`8TY?-H(B287{kU}c4!t`uf7fNSl10|bm# zwI|*1tr36J@dXr6ixt{Yn?g$!`)-Ic6(-n(Zp z8%{&9H)6irvk9%X#{KZc@v&aXuW5`!}Jg*x~BI=+MZf-2b!0-zx_hVSNp|>)V#R=GPuf|EfpLi~5C7y|qpd96cEdRO%Z(U*|w?f_E3A8!b z+1k@h*ZGk;;U^?es#_BbACOf}1a!K zTd1B;Um7>hmL9g5%t--R;vl}nihZD1|46!fVIN?k0naZFm5E|C57y)0CG7{07gEj+ zGx13F;qT{nSX~-*px|>A`NL<15>NIr0qqSzShZu|l{dlYiHFZ-DzJ4Ny+*(p@#yn& z#NThf*NM4vo{o@6wk6gFB==));n7i_+8a!;)GTtK*z%(ww#36T>BARkgdXjge+IjB zBPVm!?imsth!no*sNnWsG)P3?V8ADvbsizEzF<=dhZ@kjsQv!)XuKDV8AGEV?02g3 zmTr}|A^_9h)qn}`GdZgk$s7lvq`!(nmYpEmh&t5p@4cT&iGXA}oH(&2LscbR#?F_Q=yK_oQt1^M_9ex;w4JvDX2Zq z065Kh1ds#3#%G|suaNtq^^7HuE7hl1D*-b+wlMtPC! zG0ynPlE-Zld?}{Qwq9^o?+dT!FZmPot&uG-HWVW5p*qmlL~;}rDtA=8kD`h5&UA;w z0^zrbzj+DiNwnR-2)=}YD_`RB-24#q>zFY)?RBZ9i3zoT+xcdwtBUi{Z)A0;cT9Bt z2=m(AuKtRY)Z)A`lDa`16D9T@K-XIX&2@(^VUtA)q#VBbfD zS81&L_c{JsBCG6X!d0u!E;CJUb&nLZITSa4m210Jl}E=7kEVE7ptX6HEaNmz(6W0= z>f4f$GPM|ri0eoSCt;`Z&R8-vxb#SOKJml!=$8fJXG&uno<=kYYMir_`|5@Jv`F7y zxtT-`1y_B3t|!vEuZI-&4c=@!RlwL0(m~HGNaiuncJa*)2>9Oy$%EqsqWZp61qsbj z_uXM^7GT;j;43Ln z7$WbByRjz>oQYlW{e-0U9j$JM>SPbIgW`ItmadIZUpD0;EViIe*R$L>a=ecTS(zeo z&T`;pFXg8!7ZNsUKzbxE#a{p0wGm(M2j?r&x3}$Z2#0K21^8=OxbC|)@pfYRox)vO zK0{2doxWXKM9t%Qf6uw>Lm`qo9Yi88S8zQjH$RbRsJ6*8JKR-rvKw-kGFSCz7=K0H zMWb}nIsA?~%eP6Zw)wy{S6}2vRw6nlbFPOG@EE+W`M0ANR>yESg`vyE$3;1y;KfLn zm4(Xj_LpLCPo$X&h7_&1o+876cxHnZfu)o(TD5gB9}tTy;$zQ~Nfj`RTdqKe8vvbc zv6Z7PCbDR-$BjKDZi-IUFT}s@+uhfH0VL+nr6~`N0SoK({OOZU%CGf5VCybET`seD z0blNbh5lRc{qyCmJR`9D7xCf@vORBn|GJ&fCkJbsL)&nKF0c2!eDH=)r5pcse1btB7$=n9c z2#WS&Vbwy+lCXQ2%j{x5^F7a7fVa}olSD-_Xpr;E&VM!g_P)_o^(`) zB}82POkBI)^TM-5rPd3$Y*SYjO`r&@L+$yUbou-GM+0crN_*_Cet*S}HC@F;KPDDM zuM!5IJa{6JmuXU{_05#QiBeS&7Gfw2aa~-!#8Fh?Z|j9D6zj(;ImiBVKQ$?BRxqp{ z6jvY>@BhU)`YrgH=6PekBFoh`H`Zb-hwgDz_8ndiX3gLC_k=E|9)X8 z^)3Dsg}yZ80)?EB{b>NpY?_|h)q?3ch0w28xsa}3*Hi+Hu?UG$Q~80lDgp*AHt5K2 z@F>c49(vD_Jvb{yU;GPAkpnV-DnMPhXTL!I_Ys~w9?+0NhN8YuH-;}i0LbQyu;VX6 z67ZvZuha{#sjrRLo%c{MuE7yN4=SiVNVfU_lkWAwfUY#Z3c(b83IlKF-_j91%SDKL+Cs_bZ6#5HwqR4;X}0j5uPA(iIwn_#2S+qra8OIm^DHL~Y`P!K zGbGb=L^*0))-ZfN^Q=NPSBda`yS#X<`g4|Yhk^@pa(AtE&nlMS*u_c# zV8IwjAWw>M(h*W;t@_5GebP3dWbKQB%;3R1|Hdn%s&_Xi#zbgy_`B)w$)jmSxSy2I zwGq+m*R;&esOV4459X+f&iZv^$`$io$vC>N5|ldv~h$s%HUkTjzJ{{Os|ETK_9z||FUNdgt=HZ0rq@*7w{M-QKH^Q3|q z?IEu~$BT4<>=(d}zUf1`OxP~Uk+q|gS{B&8Yj^`R9wUnD^b_X@>7)XIyRww}?HCA) z9^6ElDwtwS(YVJIZY%fo!3ReRV={){UsR|kAolv2jBlDorNKB`1~sZ=4C|b9cX=}F zY}`QND2qX;kD|R!gD1P!%DmxcR_axL2ATdF??-Y9f-~HjH~x^(Oh<+=nJ|r|h<%G! zGq=YfSkl(HcUOVB@iXve@faiwzb-8pHR*B_6I$r;|G)TXsv6+*?$w8g2z2kp!_@2VuCxowxU~9;@=x@&3pB) zQA!7Vf<2G2_x1IklRw_AxhoO)MvkI^Z-4Ej*Df)GjZHGZcsW%ILU5TW1HYv^y1E8Y z|J*1yXsXAPv+3WZ+RR%bFQg|yHF<}pD>}XO7qc!GUnf|~&rR!P?B8U{kSIZ@GR~tW zEhg`e0$VAvOFF>d(TWeAh0a|g_X$C}d341*IQ-e9!=Xue{ykbv71nguRSw90wUKgOt0A{k9SIVEgEVYD=)_8$2zBV5S|02aif*zDE zI7j8B)Sxoy8*Zm$q;OxweHzM6dWwX`R0)fdqXOU7Ps(UBuPQ@0C#U)iW0bAmc(g42 zF*5_qY2@E7gDjr}9*?YN_?H({-g+{s%QBWqsIalhAJebg+C#~ZHZTraY(!@5uUo91 zU$tVq$tH|qEX8klo#V`ytVj$BHDfvU1ERGUiVA+p=Ck~6!TVCl9*kgaM1z4oOKw;A4kha*;4zQuBSiB5jL}^#dXz01DLaTyMh- z2jyurXP_$xy*JFNXp6-75tD|j95Ueg%WjSasYceHb-~bw_ZY^PQOyf)QX5mK^*A?o3$qW{jRT9?ra6h?G zf2&H56qJeq#lw<-xvVd)B20)h>t}Hla|71rp7nySpOR$v3Y-PUNRd27|Hx-_pHjXH zl%UNiQHi2T#8la{uK2haS-9A;bF%GQz*anHTPRVurlQIPfu^7k+wpYPNp#sSbPDC=ITnwxYzFr9G)cWuRAe8?cWJ)!3glsqjkW>|ZO;u1>3jLn738 z5~mYhG8DT@4;Re5G!dU@&u}UJ_=&OYmErV>2cNRv6h5f;ZQH~b^Lr{wem*f`P1=(i;~vk z#{moLP^$>*wWg2U=9Sc|9QT;gZl`Uj9(y1Sr8Mj`+$!f?Dg79>>CT>>Z&Kn%m+$9g zixKg5yM2$j#nkeJ>y5Jl=HQc$`JHiZD8B6FfR5dr(2oy$QRaPuyxvF(SSLzZhK!%S z1pY>;MJaR!{b^3NyZn^ZS80)d_&W&0dYZ3P=V044wFAGdk6HrZoFQYu-D7%-&YR~nS))fk-b za$D0sClaFS68I>4vN-bC?bnns{OH`fpOoxh?Y80tlAzBvwmci88v}!u$e!q2*mkuO#h8D_KC`P8L5EDI0s{>}wHEg`AM)6))!c{;cW z&!+z7n(gXtdc6^GRHj37kCdcy*I}@Se@i9WJ6Bs2l#!}IOaC^rTZCRi8H08%h=bo$ z-H-6d=oLCN=gq~=+2+c-x%Y$LD|6;J>^R6nz){@MOCe$xh3Bt3OO}R8(4LYvGwcgJ z^Mc_kDR}aHF5V~PFV|FJ_M>HqHgOhrX1ThL(@{Y9$@1S;smr38HT5u(cu&3X+WCRn6jwqwFV31eS1Vh*e85%_^5LP4B zba22Q)6w^cO@7PH`NZkC2boP##Y3s6$ZDsyISjk~1wjR@XL|2O3Pb|GzMJxp-W9JE z4)|fY$4j$m_YI|w8br9VhO4*s|aZ%15mDu?qI-v+6XZBB;9e-hzwM2 z*)#S6_iwv^&81^d`s~^jXlO-6{xLgIoOII&-;qG^4O{XQA1V!uWFHuV9^r%#@fX%^ z8Qls^c$fqS(TgZxEmhu#yrU5&<>Y(#q$!I(vB|kRr(F9^12b_xv=yT`puN4lIv4VQ z+vJK~qr2oOM;S}*aW_V_K&JbrIq%0I`^POpo@ew&tdGY?N*y9$HW)W##=#_I`Znzj z5Whd^wLnzOwRAQt%HJ$%7bI{GHA5rZ1CXzze*n^g<=4`m^J2%r0Z{A&pgK|jHtMSV z5uzUtd~7_umuCDgj6VJ!Hrew_WB7k@T8MrUP;w0-NErcET-X=@@;>0i{>2Q<;XfiJ z*U|#8s1acHi5jx;`-xg31AP_rk0H|F^rC^}08QHbW&+W_0CF~gYGEMm=gU! zRR|oK)+st_lOHo0eq6^Zk7tXQ+UdQ!ZL~B_m?)i7^VOSAJdp@{;*+(s>MvL+vKVEt zgh+SJIwfTuBI_E~&Z4vkDi|H9S5cCCftqNA(f%t)f$@-)RvIC+Z*N(UIWX?gxFbm$ z7W$O$xU3bQ>AR7Mhmc75P|X1NKQ@@d3fI|F6D{G}!VS_1X{s%&Vcm*~a~pZ91`L!& zE!NZAe!_7_YA8bH>gWfY&b=XTbl!p#wm*B)RtjH_as=oolYL8BMBs~&%vL#?;)YqY zZQy2*##f(w^eKT6*SKqK@Wsy0 zFDoeL9U43G-`0FVvIVuU00+&+P2_va(j3k#@9g;>{v8`E38ie=5<1tK_b=>*))NwOB%nVqnD;Mz#bE04!zFwl7AncB+4Nlr$rzh0n;=t| nY*5w8zyY(CbGT{E5t02vu7Jbua+P`cQ|Y>FZ1FcTaBuzxuc>t2 literal 9021 zcmX|`WmFu&wzhG1cL<&Y3+{uv1`qD;1PB2Jhv3289fDgjfx(>s!66Cm?lw$c&bjyd z`bV!?-M#C5*Y4d_T~E=+VIchXKt7gO_F7d+2^8oqiSm+D#S3NbabCcij2dp1NW3LY z5m#)rr)AJ$c1A&>ph;PBb3a}@jy}nBvD;uk2t$&SDf(Lz?}lB+SKHkD=4eDs=c?L` zn=HrH$M_CKBILqj>9G0`10KEBZw3|G-5_jD3+3I%M|txpC8vQ7EZj6eYgO^c{2kA(Iucsv^7ZmSu*V^(!3SvNZCZDUR44CotrgrI#jO|wTbprpURl=T?Gyu& z^qSy8$n*ORc$~(*pJbdU>G12#(24x{DO}1x7{Nx5wa@>QT)+N%7Wj;cp9lZTB~rK= z>X^Jo&yCSiB&3$gTvmbBWV(skLK)d)NuW5(EpQLl#7qGNJ+i8C7qZBPw^rsH%-puP zgk3d8=(eH=Sf`sALTsN<6w-%r4l@ii19R2bG3$Ct6%1#udOD`|`?^as3+typwRpHJ zE^-vM1_>!mtFR?%8*Bb>U*SjWIEUJ!*K2eoj*5dTMaS;J7;!u8ab8NyCv2xb`(`;N|Z?3Je`I5(`8gA z^SzD3nl14J*XR0fRYFG+@fviltIVUw5l>xRLm>|whiq~(s`PY{g5lbBuRHZQu^u$I z&`GxQ6M^4wc{jn>z4>SZFy>!`hXM#8rkuWKXz@`$DF2>j!Ok%CxreHv-Q+op`FbeR zBHd2shX<^Dfa5O?j*3_RU~(TmZ*nlRpns#*7$87{?cM~0D@z{(IU!ir=tdqLqAGjf zrQ^MQknZElt3&!>kP|nzO9ava&xF!%*UBmJC%t_W$Su{E-G7N-K5>;L(868r-WaKB zU(heu>znB}3OyUbt{MR*qRWGiM8|fZG(c_FhEyKFkK{~X|P8S)t4J6p)f;6m#BVQ183MaYqMJY zfu=tZ%`fB$Ht)mV^RZJpL7Z8HzrE!s?brFB{3Nc0s;=mH5kvIuwgeAM1vo#7kAE3!$u%5rdZOHSN% z)xd?dq~Vb6yQ{*PmFG1>?FiT+N?jpfVjv29?_PbFV(^2vSdbO+rTJ|NJ2W(g0;QPk ziHjh;Q}DvQx%MEuflxRZZzOmBHGVftKCFc@o0qr(+3xFv1J94&q1VDHa7MLk)pO<* zyiuH7M_{cV<$OBjJehGRU3GFKojxk}Znn|RTf$ctaO z`PxkDI+#tB_(mq2JK%D*D{7)omeh#J7TE8KbOGl)b6~!^6L3beGE+|UmoNzl#TJ^dMRf&V>ceFD<-$D=tyyhfxDKfB~LH7l(%n1bLCmPA=>aH_w-%bCD2ID4Qq~r zX`XQ*q@6=o=(iWaF{H3HjPsi{^h4P#1MKH_98jJ=qc+M`zDQ)ftL0nUj7ONGy^kl0 zslQU~{WAmeCNb+&-i7CZ`FhUs7su44%pgdaCD`lgpSHsw_FvW@`qeDmC>iH?KHgEf ziTkH|n~Sk}HA<(_59$`_G^6R3;!PKrM3t6*-dTQ{QTy|1FE8qx9>cx>_o5MBv}bLC zN%ty4c+wn#6H&YGo2Y7@6Sw+Z#3O*wo5imsJ*S`BGZnI`Vsy{q9@qgX#$GrJSqxa8 ze7YMbSu~qNCP;#cP76cJ)YKN$iK3U^6g7`U-Jj#@ew{lwaW%8W)`{j6=^#&Q{W!U} z#~btaB>vBHnRnlrNnudN=H){68&b-2Jjtc55m%A$@dqJ<6`SOVL$ks4mbkBNa7ex5(}4xQpSxaSeqARxD zhks@s^yvydxT;yn4b3a;5_SYh@@F|a@(4(r(tfn`Az4OuYOsgj!#26uPBsU`ZyusG z?YYegGUrp;Wq$v%nV3&jXO|xit$d~5p_|fu=(5*bUbB>3Cu9E2<{&H(Rp6X1OwOL3 ztHAsx#~|p5pe27QyT-zM4C|W`6yx>S2Sa@KF+{{mIr6yB+6&pt26LztO50Bc@#}17 z1D=g7EQ&%oTfX&6_@4`we5kqu2>yZp1GKG>MB$a&+6pSElU7`uqB65YzyUcF)A=@gof0n>b01V-qDmIO zvl9N3VtGGO%8FC9ea|q;Jx-?{rm3IbUR_SO5Hn4gpeS%09wMMbp@?I=7eBzKj({x3 zn`r%`kW+jEM?;03{%ZVdb>Y5&(n|H)Cms?^?C}))P<*RzI~K_AY!8j2eCieInOxqs zcmMt5b${4#KsYt`={KHo_TD9G%aRNqVH0Ukc?m0`O!GVCbF652e%fBLEf_ayX(Ty%Rbr+x}IOZQ)fncKD@QQc15?_Cl!_FoM1J2&U@6z zP&hF)vvdP~INlZV0DjRd2S;)OI4Vuf;SpVe^JhPoU>?2}X zQwTQ(Ui0y8{t7rjOLh3RsUG}rs9r`M=Eupwi(&UbBscIDKG6QmmEY{UB)8mS`z{g4 zFy&|T4w=5TV3aM;WwPc)Nb#(z`fY!4mmvi}sg+l;V~4w+S&; zpM_VA9bJb3QNA?6rYzC~`iWo!}e$gV`x#Id9x3_NoyPM?#5b z^R!KgLbBo8SedawmhQGRYf3g_#!61+9NyZZZZ5W%V{Tf442)I``5{5HfAMIvG=w}A z?o}F6VULflvInq2c8LdA{0M-TRp@$NaoGRxXhtx?Q8Rk{i41GMiH98DF3yZin-U&J zVHGRTaQ60nowO384Ozu1!9PSquXYh{#!|AK!G&*o#+l{VLL9}(pQFwMO+b!f8r}X` zq;%Z}k~xI9I(2S#rKbZ>_bpQyZE!uK(5*wSWM!vn9I;!h;nCbp{u1YRzP}$jp|Ou` z{>Y@hF8&61M>usHk2D5f=V{_0M3P%9(c#-X1+qz)TwEL58M{YenRDAOpIo?#o8X(K zy|1{t0j$|YTJ{{oB+mA>$lrTbjhbe|rt z9jU8L-nnUxozuZed%70s&K|BL&=j!tbf2$NK*gd`dOA+NCwDRDoa7(b5ZRO5+NZe3 z(C1exAjSIiig?c33xj4=u8dJhZCY;J_;e^?wjXcB`x?q(#uK% z3PniIe%|nzl_4N{x_4A1j~|FA`W&D2j)Ri2)9-TYxnR zXaKf`f&tLuQ@=R}++ISBAAtSWo3Kj47ezY3v#=fEo%_~q_@n@!mt`hejx(y?u5em=Oh z{SqjSN0Wg&BmK8ed6;?aOP_*pkiv7*5+LvrKHML*dJpAt?RiNgW#YwigFoO6c!)ha zd;B*y=yG@e-@D2^*zZOB8w|{j{OZ5KFWODn!2dlO%}aC#o(%b~9hY5zD(^-90zi}w z1E>)<0Bdi$4M6rDsLE0QZ=QqYM(TiW>~R40xe+MGc%HH=ih+Mz4OtC?Tk9>mGExQ%|a}BnEN?Rzluv0W%JHg@B@jB~VRRwFW14*EO!&GJvOhR-+rKjRPJI|B>j z5%8E6;iWmTRwNv<67m`hKxG_ZVGkmmCaUkx_95=KPXk>fBkKj2P>n>}q^^0GUwKAD492o<4 z?wm185?T4(h)eLw?%Zfg5*7Fz*h=txULXSDNB(O_E3Gy*>YaNAb>t0YV%o>NlOFx`>{uL5AXyv0OeTEXLjo$ zCKK7id!Kc&W4MJbUPoz8?s#^xPY7V6cHCplq0GDqZ0?FXyzkECD$@G`_$?rEZvmE? zlThFg^XY7|ClSW2I}AQ|tjh!Z77@9@KsE?4@Khmytsxwb0PeLli6At1kh3$|7rkD0 z9TZI#1yc8ei>c&OCWEVBcVp1ibpvCUu9b26$DcYoo6;h%DDYb31^p-eu*YSPsOB2# z*aO&)_M8ZAfF9mpw1*Aq4xu>5~|;i@?ZQ>2L^pNM-?WgZ>}L6gmyKpxxF033>sRCyn7f z9c*-b=K)1^0VF4EX((jf>h)E)rx0m9+jI7VZpT@aKVv`vZKr5WIM38tapL>u!WkY2 zyjFsA4U7SYf`u6xOg>A$?++Q-PSeP;d)_Y2_Dw>H?u{y(2wMBJGS~$kUcaDS-BCn5 zUuL;j>dl9s{`p@J8i_^?4Q6EECjUrGsvUj@Hmzo z+Rr$9jhtxFlw&PaNP>+KMhR)D2e4L=m>G%5lW7M~!`eAw(5j{Dvow}*7b5r8ECtZG z-@fw?)l*R5d2e6y#S|w7?(n%g+&<0I;+`jj9244*MO)Wg@+XXtERFURR`pGJqMjXx zo78BfrI6y}u!|v1?$Gf09~{LoM)aJ<#2u#oHrf<%_hFUuDl!Snh&38~_JJ64**{KG zOyb0u648e)V?G=d4Y3(0HX>XxkquGEo=T-6AHaKTJ;ukt3`^${AcT;< zU%0URuOyN8!F=!zoc#=DeD{==}+m071|ecyz7y_xrOym9|LK;3cEAyM=n-{apJw9rMa=I%B!f%_$csIx>OG&akjMmGNLui* znV!Eo1PQuGwD!xrw%HgLCP)84Fr&_L`0F`xd46`@H`{hP7f+!my;A&~;PSNppt6H| zN|`7{y`S)Tf5l)z>WV)!oQm$}>*6mt=cY^sxY3w6-$*@(6{9P@QL>#Zy;px?H_)m^N&r%|?j45Qz32cTWf zXO1+=n_#iRl0}BE3^W)UO+qoL!f1AiIr)@`-lC36@`)$Rl2*e<=vk3@r?Y?1A(~!# ze_bJBZdYo&{dvZa@Y$)uLxcIL`JETO@e50ZXZ0OR@p)F%jpUf~htFnivvy|!u5=m^ zmC^a?UsK0err1S%``K9ue+vsq`CRrI(lXtOWx$_fs62WQ z&zkX8Bx|P3W;ruHkM(oH*Vzi1fsrqo=cs&4_B^gL)N0vU%Qvbbrk7WYm-@E{?@utx zIUzDLY4ysjfA&V`zGdQF=+G4E>ehOEEE$#5D8mCSb|^zU+`{@fAKz6A1N3Qt-8#Y} zxW4gZKKlsRb?A%(*qEKYdBVqk@gD-u-)pokU!H>w#1KDU5h-1 zF6*ECCd85WD4;*ry=xSc5E8{(+Rd;BM3jO+I z_l><_Pgt9eiW+U78yTbo;-gxew}Kz&2S9cJ^zYvTH@A<1(}00rO9ntjlo9;l>^nSw z-=)YtFRovcK8gDuSR8h~b22k{FuKv*{U;*wFt30k- z-(=9^!T9LL%mEV>k;KgY`{ind?RZ?gkuKYaziWvYp+`C_k@|05_PiVit83V693q;r zc=H2A#e~HI)VLK=Ofw`+4IN5F_qHAxyI<+2>kG<@waQsk#h~1!uC5xZdBE5$tG1_q zdQrq?N|$>frX}Ksbz07Jq(5GMbAoGJ>)8_h7Mvl)&6!qFN`K|aN_r-x!inYWU!ti< zHmSx+9KkobcdYmJ%$-OJOj3-T+kjp93iT7LZ&nXkWRQ18aVzRtT8%Hof*?omqmyTu zh0#>JiE2HHid}>KB}B3*vuu0p1_zv%0`ep#sKu_1=Fl&uOB(*6U7s`Gk>`>h za)}$4(8!?Os?kGMaBCuKN%HtB` zyhrPh)6fKKPsC!d`fW!TXjBzY%Ks1+t5K*OQRnLa=i4nB_!g6Coy5$B>xP$!9+4%K zMh}07V{j^%#%3@=BNZ9sblcw=~;}#{Lp6C@8`Ea8$rM$vodT&;aTv2Gd%A0<0udf?22%QGt&sq z4)X-5voG{}eS?jE_-dyxROe^;d#jTEl;s#a&_#mmP5(ieNCaL^7v zr~L0Y#5p9E&tvoXdM`gNpYvGoQj-DKu=8PY6L};jW&B9^{clSzVLUgC1=gZI*4|zs z8db*}zc05Y3akR70>7Ig)q)lcT01n*2c*hUuQ9JNcC=`jX7j%Z{=&$bt+pmi9(7|Q zZJP!A2YYoZ#)F82GQ>>g#aA2lWI}wZb|HJ1il9#aEOk2{{|px8qa^Ma$#xTcqlj{8 zC9d{2S9${-(#*8FXPDcHZ%GLq>^4~)bHTt6z)~Ivbtx^85B%gT> zMSOC+N0|U#Z8uWS?ir6+gL^1G3-cER_R4v-%&Cs>KOaJj{U3pwWOJv!Hc=e znO(kVoa{YG*D}Lk<0^ueu3IjbJbC8lx?-XBnLaz~6&z@wy6xj>^caenXXpr3i78iD zgS*;lt})+W-AEwrn9gQl5y8{$2T_ps{@XS`sfa@33u;wsePI)=#SZz; zT?vT2@D41TXIG+s&azeGpuBvB$#rdF~)DO#^ymT}>$A`*z&IaU?7 z1dduZJco^-YQ##&_g?Tclws(-#p_GobEi3xnAG%h67juhT{OMyMF>qZ@A33se!&QH z)BE&A3~i&_`-%B2m>)ksvf}*?>6B3S{3{s(C$%THLpf?9hbVgb{_MT;LS>2s*~H3h zIv(|bg>5SDv;_TC+oTKD=c8tlML(IU$a&A@e!aPko;-x<9Raj|WY5%nMUizS1ihph z1nyjk_x+@C8c(3JC1jmtXEn&Bs4y)K9|q%NPm^%qcE=eG%C@1^1q#ZQxlsathNZNT zBnhQ57Ix3Oy06&QD4zBBIsfID;b|DbVcs33 z7B02U=4@8_nrY^=lm6-Ow_3$*REBoL*W*ddLD4b3^TNTh{;L*#g3iehwC~PLi}WbW s4GAXZwO^fGe?Ll;oPMm5r9IS&7M&}``+rRiK^T7QG{HxNWJHAj0brC5l>h($ diff --git a/scripts/latecommand/old/buster/etc/apt/apt.conf.d/25no-recommends.conf b/scripts/latecommand/bookworm/etc/apt/apt.conf.d/25no-recommends.conf similarity index 100% rename from scripts/latecommand/old/buster/etc/apt/apt.conf.d/25no-recommends.conf rename to scripts/latecommand/bookworm/etc/apt/apt.conf.d/25no-recommends.conf diff --git a/scripts/latecommand/bookworm/etc/apt/sources.list b/scripts/latecommand/bookworm/etc/apt/sources.list new file mode 100644 index 0000000..c2e31a7 --- /dev/null +++ b/scripts/latecommand/bookworm/etc/apt/sources.list @@ -0,0 +1,12 @@ +# From latecommand - Debian's preseed +deb http://deb.debian.org/debian/ bookworm main non-free-firmware + +deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware + +deb http://security.debian.org/debian-security bookworm-security main non-free-firmware +deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware + +# bookworm-updates, to get updates before a point release is made; +# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports +#deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware +#deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware diff --git a/scripts/latecommand/bookworm/etc/logrotate.conf b/scripts/latecommand/bookworm/etc/logrotate.conf new file mode 100644 index 0000000..12b4c1e --- /dev/null +++ b/scripts/latecommand/bookworm/etc/logrotate.conf @@ -0,0 +1,29 @@ +# see "man logrotate" for details + +# global options do not affect preceding include directives + +# rotate log files weekly +weekly + +# keep 4 weeks worth of backlogs +rotate 4 + +# create new (empty) log files after rotating old ones +create + +# use date as a suffix of the rotated file +dateext + +# compress log files +compress + +# Postpone compression of the previous log file to the next rotation cycle +delaycompress + +# Do not rotate the log if it is empty +notifempty + +# packages drop log rotation information into this directory +include /etc/logrotate.d + +# system-specific logs may also be configured here. diff --git a/scripts/latecommand/old/buster/etc/logrotate.d/dpkg b/scripts/latecommand/bookworm/etc/logrotate.d/alternatives similarity index 52% rename from scripts/latecommand/old/buster/etc/logrotate.d/dpkg rename to scripts/latecommand/bookworm/etc/logrotate.d/alternatives index 4bce6bb..9c617c7 100644 --- a/scripts/latecommand/old/buster/etc/logrotate.d/dpkg +++ b/scripts/latecommand/bookworm/etc/logrotate.d/alternatives @@ -1,16 +1,7 @@ /var/log/alternatives.log { - rotate 12 monthly + rotate 12 missingok create 644 root root olddir /var/log/alternatives.d } - -/var/log/dpkg.log { - rotate 12 - monthly - missingok - create 644 root root - olddir /var/log/dpkg.d -} - diff --git a/scripts/latecommand/old/buster/etc/logrotate.d/apt b/scripts/latecommand/bookworm/etc/logrotate.d/apt similarity index 100% rename from scripts/latecommand/old/buster/etc/logrotate.d/apt rename to scripts/latecommand/bookworm/etc/logrotate.d/apt diff --git a/scripts/latecommand/old/buster/etc/logrotate.d/aptitude b/scripts/latecommand/bookworm/etc/logrotate.d/aptitude similarity index 100% rename from scripts/latecommand/old/buster/etc/logrotate.d/aptitude rename to scripts/latecommand/bookworm/etc/logrotate.d/aptitude diff --git a/scripts/latecommand/old/buster/etc/logrotate.d/btmp b/scripts/latecommand/bookworm/etc/logrotate.d/btmp similarity index 100% rename from scripts/latecommand/old/buster/etc/logrotate.d/btmp rename to scripts/latecommand/bookworm/etc/logrotate.d/btmp diff --git a/scripts/latecommand/bookworm/etc/logrotate.d/dpkg b/scripts/latecommand/bookworm/etc/logrotate.d/dpkg new file mode 100644 index 0000000..d9c78a2 --- /dev/null +++ b/scripts/latecommand/bookworm/etc/logrotate.d/dpkg @@ -0,0 +1,7 @@ +/var/log/dpkg.log { + monthly + rotate 12 + missingok + create 644 root root + olddir /var/log/dpkg.d +} diff --git a/scripts/latecommand/old/buster/etc/logrotate.d/rsyslog b/scripts/latecommand/bookworm/etc/logrotate.d/rsyslog similarity index 100% rename from scripts/latecommand/old/buster/etc/logrotate.d/rsyslog rename to scripts/latecommand/bookworm/etc/logrotate.d/rsyslog diff --git a/scripts/latecommand/old/buster/etc/logrotate.d/wtmp b/scripts/latecommand/bookworm/etc/logrotate.d/wtmp similarity index 100% rename from scripts/latecommand/old/buster/etc/logrotate.d/wtmp rename to scripts/latecommand/bookworm/etc/logrotate.d/wtmp diff --git a/scripts/latecommand/bookworm/etc/rsyslog.conf b/scripts/latecommand/bookworm/etc/rsyslog.conf new file mode 100644 index 0000000..778ab69 --- /dev/null +++ b/scripts/latecommand/bookworm/etc/rsyslog.conf @@ -0,0 +1,90 @@ +# /etc/rsyslog.conf configuration file for rsyslog +# +# For more information install rsyslog-doc and see +# /usr/share/doc/rsyslog-doc/html/configuration/index.html + + +################# +#### MODULES #### +################# + +module(load="imuxsock") # provides support for local system logging +module(load="imklog") # provides kernel logging support +#module(load="immark") # provides --MARK-- message capability + +# Provides UDP syslog reception +#module(load="imudp") +#input(type="imudp" port="514") + +# Provides TCP syslog reception +#module(load="imtcp") +#input(type="imtcp" port="514") + + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# +# Set the default permissions for all log files. +# +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +# +# Where to place spool and state files +# +$WorkDirectory /var/spool/rsyslog + +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf + + +############### +#### RULES #### +############### + +# +# Log anything besides private authentication messages to a single log file +# +*.*;auth,authpriv.none -/var/log/syslog + +# +# Log commonly used facilities to their own log file +# +auth,authpriv.* /var/log/auth.log +cron.* -/var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. +# +mail.info -/var/log/mail.info +mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err + +# +# Some "catch-all" log files. +# +*.=debug;\ + auth,authpriv.none;\ + news.none;mail.none -/var/log/debug +*.=info;*.=notice;*.=warn;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail,news.none -/var/log/messages + +# +# Emergencies are sent to everybody logged in. +# +*.emerg :omusrmsg:* diff --git a/scripts/latecommand/bookworm/etc/rsyslog.d/cron-session.conf b/scripts/latecommand/bookworm/etc/rsyslog.d/cron-session.conf new file mode 100644 index 0000000..d5b0185 --- /dev/null +++ b/scripts/latecommand/bookworm/etc/rsyslog.d/cron-session.conf @@ -0,0 +1,25 @@ +# +# Redirect PAM session information for 'cron' entries to the cron log file, +# to avoid filling up auth.log +# +if ($msg contains "pam_unix(cron:session): session opened for user") then { + action( + type="omfile" + file="/var/log/cron.log" + fileOwner="root" + fileGroup="adm" + fileCreateMode="0640" + dirCreateMode="0755" + ) + stop +} else if ($msg contains "pam_unix(cron:session): session closed for user") then { + action( + type="omfile" + file="/var/log/cron.log" + fileOwner="root" + fileGroup="adm" + fileCreateMode="0640" + dirCreateMode="0755" + ) + stop +} diff --git a/scripts/latecommand/bookworm/etc/rsyslog.d/postfix.conf b/scripts/latecommand/bookworm/etc/rsyslog.d/postfix.conf new file mode 100644 index 0000000..7b5d9b0 --- /dev/null +++ b/scripts/latecommand/bookworm/etc/rsyslog.d/postfix.conf @@ -0,0 +1,4 @@ +# Create an additional socket in postfix's chroot in order not to break +# mail logging when rsyslog is restarted. If the directory is missing, +# rsyslog will silently skip creating the socket. +$AddUnixListenSocket /var/spool/postfix/dev/log diff --git a/scripts/latecommand/old/buster/etc/apt/sources.list b/scripts/latecommand/old/buster/etc/apt/sources.list deleted file mode 100644 index 34f23db..0000000 --- a/scripts/latecommand/old/buster/etc/apt/sources.list +++ /dev/null @@ -1,6 +0,0 @@ -# From latecommand - Debian's preseed -deb http://deb.debian.org/debian/ buster main non-free contrib -deb-src http://deb.debian.org/debian/ buster main non-free contrib - -deb http://security.debian.org/debian-security buster/updates main contrib non-free -deb-src http://security.debian.org/debian-security buster/updates main contrib non-free diff --git a/scripts/latecommand/old/buster/etc/logrotate.conf b/scripts/latecommand/old/buster/etc/logrotate.conf deleted file mode 100644 index 10c01b7..0000000 --- a/scripts/latecommand/old/buster/etc/logrotate.conf +++ /dev/null @@ -1,10 +0,0 @@ - -create -weekly -compress -delaycompress -dateext -notifempty -include /etc/logrotate.d -rotate 4 - diff --git a/scripts/latecommand/old/buster/etc/rsyslog.conf b/scripts/latecommand/old/buster/etc/rsyslog.conf deleted file mode 100644 index 31b426b..0000000 --- a/scripts/latecommand/old/buster/etc/rsyslog.conf +++ /dev/null @@ -1,5 +0,0 @@ -# -# Include all config files in /etc/rsyslog.d/ -# -$IncludeConfig /etc/rsyslog.d/*.conf - diff --git a/scripts/latecommand/old/buster/etc/rsyslog.d/00-global.conf b/scripts/latecommand/old/buster/etc/rsyslog.d/00-global.conf deleted file mode 100644 index f850eeb..0000000 --- a/scripts/latecommand/old/buster/etc/rsyslog.d/00-global.conf +++ /dev/null @@ -1,12 +0,0 @@ -# -# Global options -# -global( - defaultNetstreamDriver="ptcp" -) - -# -# Use traditional timestamp format. -# To enable high precision timestamps, comment out the following line. -# -$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat diff --git a/scripts/latecommand/old/buster/etc/rsyslog.d/05-common-defaults.conf b/scripts/latecommand/old/buster/etc/rsyslog.d/05-common-defaults.conf deleted file mode 100644 index 7fed09b..0000000 --- a/scripts/latecommand/old/buster/etc/rsyslog.d/05-common-defaults.conf +++ /dev/null @@ -1,20 +0,0 @@ -# -# Set default permissions for all log files -# -$FileOwner root -$FileGroup adm -$FileCreateMode 0640 -$DirCreateMode 0755 -$Umask 0022 - - -# -# Where to place spool and state files -# -$WorkDirectory /var/spool/rsyslog - -# -# Log every message -# -$RepeatedMsgReduction off - diff --git a/scripts/latecommand/old/buster/etc/rsyslog.d/10-local-modules.conf b/scripts/latecommand/old/buster/etc/rsyslog.d/10-local-modules.conf deleted file mode 100644 index ad031cb..0000000 --- a/scripts/latecommand/old/buster/etc/rsyslog.d/10-local-modules.conf +++ /dev/null @@ -1,19 +0,0 @@ -# -# Log messages sent to local UNIX socket -# -# provides support for local system logging -module(load="imuxsock") - -# -# Log kernel messages -# -# provides kernel logging support -module(load="imklog" permitnonkernelfacility="on") - -# -# Log periodic -- MARK -- messages -# -# provides --MARK-- message capability -#module(load="immark") -#module(load="immark" markmessageperiod="3600") - diff --git a/scripts/latecommand/old/buster/etc/rsyslog.d/50-default-rulesets.conf b/scripts/latecommand/old/buster/etc/rsyslog.d/50-default-rulesets.conf deleted file mode 100644 index 19a6218..0000000 --- a/scripts/latecommand/old/buster/etc/rsyslog.d/50-default-rulesets.conf +++ /dev/null @@ -1,43 +0,0 @@ -# -# Standard log files, split by facility -# -auth,authpriv.* /var/log/auth.log -*.*;cron,auth,authpriv.none -/var/log/syslog -cron.* -/var/log/cron.log -daemon.* -/var/log/daemon.log -kern.* -/var/log/kern.log -lpr.* -/var/log/lpr.log -mail.* -/var/log/mail.log -user.* -/var/log/user.log - -# -# Logging for the mail system. Split it up so that -# it is easy to write scripts to parse these files -# -mail.info -/var/log/mail.info -mail.warn -/var/log/mail.warn -mail.err /var/log/mail.err - -# -# Logging for INN news system -# -news.crit /var/log/news/news.crit -news.err /var/log/news/news.err -news.notice -/var/log/news/news.notice - -# -# Some "catch-all" log files -# -*.=debug;\ - auth,authpriv.none;\ - news.none;mail.none -/var/log/debug -*.=info;*.=notice;*.=warn;\ - auth,authpriv.none;\ - cron,daemon.none;\ - mail,news.none -/var/log/messages - -# -# Emergencies are sent to everybody logged in -# -*.emerg :omusrmsg:* - diff --git a/scripts/latecommand/old/post.buster.sh b/scripts/latecommand/old/post.buster.sh deleted file mode 100755 index ad5a60d..0000000 --- a/scripts/latecommand/old/post.buster.sh +++ /dev/null @@ -1,163 +0,0 @@ -#!/bin/sh - -APT_CONF_INCLUDE_SRC="$(dirname $0)/buster/etc/apt/apt.conf.d/" -APT_CONF_INCLUDE_PATH="/etc/apt/apt.conf.d/" - -APT_SOURCES_SRC="$(dirname $0)/buster/etc/apt/sources.list" -APT_SOURCES_PATH="/etc/apt/sources.list" - -RSYSLOGD_CONF_SRC="$(dirname $0)/buster/etc/rsyslog.conf" -RSYSLOGD_CONF_PATH="/etc/rsyslog.conf" -RSYSLOGD_INCLUDE_SRC="$(dirname $0)/buster/etc/rsyslog.d/" -RSYSLOGD_INCLUDE_PATH="/etc/rsyslog.d/" - -LOGROTATE_CONF_SRC="$(dirname $0)/buster/etc/logrotate.conf" -LOGROTATE_CONF_PATH="/etc/logrotate.conf" -LOGROTATE_INCLUDE_SRC="$(dirname $0)/buster/etc/logrotate.d/" -LOGROTATE_INCLUDE_PATH="/etc/logrotate.d/" - -# apt configuration {{{ - -# ensure to have some default configuration for Apt -cp -- "${APT_CONF_INCLUDE_SRC}"* "${APT_CONF_INCLUDE_PATH}" - -# ensure to have a correct sources.list file for Apt -cp -- "${APT_SOURCES_SRC}" "${APT_SOURCES_PATH}" - -# }}} - -## Packages {{{ - -# update repositories and packages -apt update -apt -y full-upgrade - -# Ensure to have some basic packages -apt -y install aptitude tmux vim-nox zsh - -# Ensure to remove some "too"-basic packages -aptitude -y remove vim-tiny - -# If no X display is expected -if [ ! "$(dpkg -l xorg)" ]; then - ## Remove unwanted x11 lib - aptitude -y remove libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 xauth - if [ "$(dpkg -l task-english)" ]; then - ## Remove task-english - aptitude -y remove task-english iamerican ibritish ienglish-common ispell util-linux-locales wamerican - fi -else - if [ "$(dpkg -l task-english)" ]; then - ## Remove task-english - aptitude -y remove task-english - fi -fi - -### Documentation {{{ -# Remove task-french -if [ "$(dpkg -l task-french)" ]; then - # Move default wordlist to american before remove all packages - select-default-wordlist --set-default=american - aptitude -y remove task-french - - # Reinstall useful french doc and move back to french dict - aptitude -y install aspell-fr doc-debian-fr doc-linux-fr-text ifrench-gut manpages-fr manpages-fr-extra wfrench - select-default-wordlist --set-default=".*(F|f)rench.*" -fi - -# Ensure to have minimal documentation -aptitude -y install man-db manpages - -### }}} - -### SSH {{{ -# Remove task-ssh-server -if [ "$(dpkg -l task-ssh-server)" ]; then - aptitude -y remove task-ssh-server krb5-locales ncurses-term -fi - -# Ensure to install openssh-server -aptitude -y install openssh-server openssh-sftp-server - -### }}} - -# Ansible dependencies -aptitude -y install python-apt - -### Tasksel {{{ -# If tasksel and tasksel-data are the only task* relative packages -if [ "$(dpkg -l | grep -c task)" -eq "2" ]; then - aptitude -y remove tasksel tasksel-data -fi - -# purge configuration files -aptitude -y purge '~c' - -### }}} - -## }}} - -# Grub {{{ - -## If EFI directory is present -EFI_PATH="/boot/efi" -if [ -d "${EFI_PATH}" ]; then - ## Install grub-efi - aptitude install -y grub-efi-amd64 - ## Get grub device (keep only some patterns, eg. /dev/sda, /dev/vda, /dev/nvme0n1,…) - GRUB_DEVICE=$(sed -n "s;^\(/dev/[a-z]\{3\}\|/dev/nvme[a-z0-9]\{3\}\)\(p[0-9]\|[0-9]\) ${EFI_PATH} .*;\1;p" /etc/mtab) - grub-install --target=x86_64-efi "${GRUB_DEVICE}" 2>/dev/null - if [ -d "${EFI_PATH}"/EFI ]; then - ## Copy efi entries to a boot directory - mkdir -p -- "${EFI_PATH}"/EFI/boot - find "${EFI_PATH}"/EFI/grub -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit 2>/dev/null - find "${EFI_PATH}"/EFI/debian -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit - fi -fi - -### }}} - -### Rsyslog {{{ - -# Install new Rsyslog configuration -if [ -f "${RSYSLOGD_CONF_PATH}" ]; then - cp -- "${RSYSLOGD_CONF_PATH}" "${RSYSLOGD_CONF_PATH}".orig - cp -- "${RSYSLOGD_CONF_SRC}" "${RSYSLOGD_CONF_PATH}" -fi -cp -- "${RSYSLOGD_INCLUDE_SRC}"* "${RSYSLOGD_INCLUDE_PATH}" - -# Restart Rsyslog service -systemctl restart rsyslog - -### }}} -### Logrotate {{{ - -# Install new Logrotate configuration -if [ -f "${LOGROTATE_CONF_PATH}" ]; then - cp -- "${LOGROTATE_CONF_PATH}" "${LOGROTATE_CONF_PATH}".orig - cp -- "${LOGROTATE_CONF_SRC}" "${LOGROTATE_CONF_PATH}" -fi -cp -- "${LOGROTATE_INCLUDE_SRC}"* "${LOGROTATE_INCLUDE_PATH}" - -# Create an archive directory for some log files (aptitude, dpkg,…) -mkdir -p -- /var/log/old_logs.d \ - /var/log/alternatives.d \ - /var/log/aptitude.d \ - /var/log/auth.d \ - /var/log/cron.d \ - /var/log/daemon.d \ - /var/log/dpkg.d \ - /var/log/kern.d \ - /var/log/lpr.d \ - /var/log/mail.d \ - /var/log/messages.d \ - /var/log/syslog.d - -chmod 0750 /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d -chown root:adm /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d - -# Create the log directory for journald (Systemd), need the configuration Storage=(auto|persistent) -mkdir -p -- /var/log/journal -### }}} - -exit 0 diff --git a/scripts/latecommand/old/post.stretch.sh b/scripts/latecommand/old/post.stretch.sh deleted file mode 100755 index fa92a30..0000000 --- a/scripts/latecommand/old/post.stretch.sh +++ /dev/null @@ -1,140 +0,0 @@ -#!/bin/sh - -APT_CONF_INCLUDE_SRC="$(dirname $0)/stretch/etc/apt/apt.conf.d/" -APT_CONF_INCLUDE_PATH="/etc/apt/apt.conf.d/" - -RSYSLOGD_CONF_SRC="$(dirname $0)/stretch/etc/rsyslog.conf" -RSYSLOGD_CONF_PATH="/etc/rsyslog.conf" -RSYSLOGD_INCLUDE_SRC="$(dirname $0)/stretch/etc/rsyslog.d/" -RSYSLOGD_INCLUDE_PATH="/etc/rsyslog.d/" - -LOGROTATE_CONF_SRC="$(dirname $0)/stretch/etc/logrotate.conf" -LOGROTATE_CONF_PATH="/etc/logrotate.conf" -LOGROTATE_INCLUDE_SRC="$(dirname $0)/stretch/etc/logrotate.d/" -LOGROTATE_INCLUDE_PATH="/etc/logrotate.d/" - -# apt configuration {{{ - -# ensure to have some default configuration for Apt -cp -- "${APT_CONF_INCLUDE_SRC}"* "${APT_CONF_INCLUDE_PATH}" - -# }}} - -## Packages {{{ - -# update repositories and packages -apt update -apt -y full-upgrade - -# Ensure to have some basic packages -apt -y install aptitude tmux vim-nox zsh - -# Ensure to remove some "too"-basic packages -aptitude -y remove vim-tiny - - -# Ensure to have some systemd basic packages -aptitude -y install dbus libpam-systemd - -# Remove NFS and rpcbind -aptitude -y remove nfs-common rpcbind - -### Documentation {{{ -# If no X display is expected -if [ ! "$(dpkg -l xorg)" ]; then - ## Remove unwanted x11 lib - aptitude -y remove libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 xauth - if [ "$(dpkg -l task-english)" ]; then - ## Remove task-english - aptitude -y remove task-english iamerican ibritish ienglish-common ispell util-linux-locales wamerican - fi -else - if [ "$(dpkg -l task-english)" ]; then - ## Remove task-english - aptitude -y remove task-english - fi -fi - -# Ensure to have minimal documentation -aptitude -y install man-db manpages - -### }}} - -### SSH {{{ -# Remove task-ssh-server -if [ "$(dpkg -l task-ssh-server)" ]; then - aptitude -y remove task-ssh-server -fi - -# Ensure to install openssh-server -aptitude -y install openssh-server openssh-sftp-server - -### }}} - -# Ansible dependencies -aptitude -y install python-apt - -### Tasksel {{{ -# If tasksel and tasksel-data are the only task* relative packages -if [ "$(dpkg -l | grep -c task)" -eq "2" ]; then - aptitude -y remove tasksel tasksel-data -fi - -# purge configuration files -aptitude -y purge '~c' - -### }}} - -## }}} - -# Grub {{{ - -## If EFI directory is present -EFI_PATH="/boot/efi" -if [ -d "${EFI_PATH}" ]; then - ## Install grub-efi - aptitude install -y grub-efi-amd64 - ## Get grub device (keep only some patterns, eg. /dev/sda, /dev/vda, /dev/nvme0n1,…) - GRUB_DEVICE=$(sed -n "s;^\(/dev/[a-z]\{3\}\|/dev/nvme[a-z0-9]\{3\}\)\(p[0-9]\|[0-9]\) ${EFI_PATH} .*;\1;p" /etc/mtab) - grub-install --target=x86_64-efi "${GRUB_DEVICE}" 2>/dev/null - if [ -d "${EFI_PATH}"/EFI ]; then - ## Copy efi entries to a boot directory - mkdir -p -- "${EFI_PATH}"/EFI/boot - find "${EFI_PATH}"/EFI/grub -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit 2>/dev/null - find "${EFI_PATH}"/EFI/debian -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit - fi -fi - -### }}} - -### Rsyslog {{{ - -# Install new Rsyslog configuration -if [ -f "${RSYSLOGD_CONF_PATH}" ]; then - cp "${RSYSLOGD_CONF_SRC}" "${RSYSLOGD_CONF_PATH}" -fi -cp -- "${RSYSLOGD_INCLUDE_SRC}"* "${RSYSLOGD_INCLUDE_PATH}" - -# Restart Rsyslog service -systemctl restart rsyslog - -### }}} -### Logrotate {{{ - -# Install new Logrotate configuration -if [ -f "${LOGROTATE_CONF_PATH}" ]; then - cp "${LOGROTATE_CONF_SRC}" "${LOGROTATE_CONF_PATH}" -fi -cp -- "${LOGROTATE_INCLUDE_SRC}"* "${LOGROTATE_INCLUDE_PATH}" - -# Create an archive directory for some log files (aptitude, dpkg,…) -mkdir -p -- /var/log/old_logs.d /var/log/aptitude.d /var/log/dpkg.d /var/log/alternatives.d /var/log/syslog.d /var/log/cron.d /var/log/daemon.d /var/log/kern.d /var/log/lpr.d /var/log/mail.d /var/log/auth.d /var/log/messages.d - -chmod 0750 /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d -chown root:adm /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d - -# Create the log directory for journald (Systemd), need the configuration Storage=(auto|persistent) -mkdir -p -- /var/log/journal -### }}} - -exit 0 diff --git a/scripts/latecommand/old/stretch/etc/apt/apt.conf.d/25no-recommends.conf b/scripts/latecommand/old/stretch/etc/apt/apt.conf.d/25no-recommends.conf deleted file mode 100644 index 2c580cd..0000000 --- a/scripts/latecommand/old/stretch/etc/apt/apt.conf.d/25no-recommends.conf +++ /dev/null @@ -1,7 +0,0 @@ -// Should APT install recommended or suggested packages? -APT::Install-Recommends "false"; -APT::Install-Suggests "false"; - -// Should APT autoremove recommended or suggested packages? -APT::AutoRemove::RecommendsImportant "false"; -APT::AutoRemove::SuggestsImportant "false"; diff --git a/scripts/latecommand/old/stretch/etc/logrotate.conf b/scripts/latecommand/old/stretch/etc/logrotate.conf deleted file mode 100644 index 504a88c..0000000 --- a/scripts/latecommand/old/stretch/etc/logrotate.conf +++ /dev/null @@ -1,29 +0,0 @@ - -create -weekly -compress -delaycompress -dateext -notifempty -include /etc/logrotate.d - -# No packages own wtmp or btmp, they will be managed directly -/var/log/wtmp { - missingok - monthly - create 0664 root utmp - rotate 3 - olddir /var/log/old_logs.d - -} - -# No packages own wtmp or btmp, they will be managed directly -/var/log/btmp { - missingok - monthly - create 0660 root utmp - rotate 3 - olddir /var/log/old_logs.d - -} - diff --git a/scripts/latecommand/old/stretch/etc/logrotate.d/aptitude b/scripts/latecommand/old/stretch/etc/logrotate.d/aptitude deleted file mode 100644 index a1ad0f5..0000000 --- a/scripts/latecommand/old/stretch/etc/logrotate.d/aptitude +++ /dev/null @@ -1,7 +0,0 @@ -/var/log/aptitude { - rotate 6 - monthly - missingok - olddir /var/log/aptitude.d - -} diff --git a/scripts/latecommand/old/stretch/etc/logrotate.d/dpkg b/scripts/latecommand/old/stretch/etc/logrotate.d/dpkg deleted file mode 100644 index 35441a2..0000000 --- a/scripts/latecommand/old/stretch/etc/logrotate.d/dpkg +++ /dev/null @@ -1,18 +0,0 @@ -/var/log/alternatives.log { - rotate 12 - monthly - missingok - create 644 root root - olddir /var/log/alternatives.d - -} - -/var/log/dpkg.log { - rotate 12 - monthly - missingok - create 644 root root - olddir /var/log/dpkg.d - -} - diff --git a/scripts/latecommand/old/stretch/etc/logrotate.d/rsyslog b/scripts/latecommand/old/stretch/etc/logrotate.d/rsyslog deleted file mode 100644 index 89dfbcf..0000000 --- a/scripts/latecommand/old/stretch/etc/logrotate.d/rsyslog +++ /dev/null @@ -1,116 +0,0 @@ -# Default directives are activilly used, please see /etc/logrotate.conf - -/var/log/syslog -/var/log/syslog.log -/var/log/local0.log -/var/log/local1.log -/var/log/local2.log -/var/log/local3.log -/var/log/local4.log -/var/log/local5.log -/var/log/local6.log -/var/log/local7.log -/var/log/uucp.log -{ - rotate 8 - daily - missingok - olddir /var/log/syslog.d - - postrotate - invoke-rc.d rsyslog rotate > /dev/null - - endscript -} - -/var/log/cron.log /var/log/mark.log { - maxsize 250k - missingok - sharedscripts - olddir /var/log/cron.d - - postrotate - invoke-rc.d rsyslog rotate > /dev/null - - endscript -} - -/var/log/daemon.log { - maxsize 250k - missingok - sharedscripts - olddir /var/log/daemon.d - - postrotate - invoke-rc.d rsyslog rotate > /dev/null - - endscript -} - -/var/log/kern.log /var/log/kernel.log { - maxsize 250k - missingok - sharedscripts - olddir /var/log/kern.d - - postrotate - invoke-rc.d rsyslog rotate > /dev/null - - endscript -} - -/var/log/lpr.log { - maxsize 250k - missingok - sharedscripts - olddir /var/log/lpr.d - - postrotate - invoke-rc.d rsyslog rotate > /dev/null - - endscript -} - -/var/log/mail.log -/var/log/mail.info -/var/log/mail.warn -/var/log/mail.err -{ - maxsize 250k - missingok - sharedscripts - olddir /var/log/mail.d - - postrotate - invoke-rc.d rsyslog rotate > /dev/null - - endscript -} - -/var/log/auth.log -/var/log/authpriv.log -/var/log/user.log -{ - maxsize 250k - missingok - sharedscripts - olddir /var/log/auth.d - - postrotate - invoke-rc.d rsyslog rotate > /dev/null - - endscript -} - -/var/log/messages /var/log/debug { - maxsize 250k - missingok - sharedscripts - olddir /var/log/messages.d - - postrotate - invoke-rc.d rsyslog rotate > /dev/null - - endscript -} - diff --git a/scripts/latecommand/old/stretch/etc/rsyslog.conf b/scripts/latecommand/old/stretch/etc/rsyslog.conf deleted file mode 100644 index 31b426b..0000000 --- a/scripts/latecommand/old/stretch/etc/rsyslog.conf +++ /dev/null @@ -1,5 +0,0 @@ -# -# Include all config files in /etc/rsyslog.d/ -# -$IncludeConfig /etc/rsyslog.d/*.conf - diff --git a/scripts/latecommand/old/stretch/etc/rsyslog.d/00-global.conf b/scripts/latecommand/old/stretch/etc/rsyslog.d/00-global.conf deleted file mode 100644 index 37ccc49..0000000 --- a/scripts/latecommand/old/stretch/etc/rsyslog.d/00-global.conf +++ /dev/null @@ -1,9 +0,0 @@ -# This file is managed remotely, all changes will be lost - -# -# Global options -# -global( - defaultNetstreamDriver="ptcp" -) - diff --git a/scripts/latecommand/old/stretch/etc/rsyslog.d/05-common-defaults.conf b/scripts/latecommand/old/stretch/etc/rsyslog.d/05-common-defaults.conf deleted file mode 100644 index 7e81e59..0000000 --- a/scripts/latecommand/old/stretch/etc/rsyslog.d/05-common-defaults.conf +++ /dev/null @@ -1,22 +0,0 @@ -# This file is managed remotely, all changes will be lost - -# -# Set default permissions for all log files -# -$FileOwner root -$FileGroup adm -$FileCreateMode 0640 -$DirCreateMode 0755 -$Umask 0022 - - -# -# Where to place spool and state files -# -$WorkDirectory /var/spool/rsyslog - -# -# Log every message -# -$RepeatedMsgReduction off - diff --git a/scripts/latecommand/old/stretch/etc/rsyslog.d/10-local-modules.conf b/scripts/latecommand/old/stretch/etc/rsyslog.d/10-local-modules.conf deleted file mode 100644 index 960625d..0000000 --- a/scripts/latecommand/old/stretch/etc/rsyslog.d/10-local-modules.conf +++ /dev/null @@ -1,19 +0,0 @@ -# This file is managed remotely, all changes will be lost - -# -# Log messages sent to local UNIX socket -# -$ModLoad imuxsock - -# -# Log kernel messages -# -$ModLoad imklog -$KLogPermitNonKernelFacility on - -# -# Log periodic -- MARK -- messages -# -$ModLoad immark -$MarkMessagePeriod 3600 - diff --git a/scripts/latecommand/old/stretch/etc/rsyslog.d/50-default-rulesets.conf b/scripts/latecommand/old/stretch/etc/rsyslog.d/50-default-rulesets.conf deleted file mode 100644 index 33926dd..0000000 --- a/scripts/latecommand/old/stretch/etc/rsyslog.d/50-default-rulesets.conf +++ /dev/null @@ -1,45 +0,0 @@ -# This file is managed remotely, all changes will be lost - -# -# Standard log files, split by facility -# -auth,authpriv.* /var/log/auth.log -*.*;cron,auth,authpriv.none -/var/log/syslog -cron.* -/var/log/cron.log -daemon.* -/var/log/daemon.log -kern.* -/var/log/kern.log -lpr.* -/var/log/lpr.log -mail.* -/var/log/mail.log -user.* -/var/log/user.log - -# -# Logging for the mail system. Split it up so that -# it is easy to write scripts to parse these files -# -mail.info -/var/log/mail.info -mail.warn -/var/log/mail.warn -mail.err /var/log/mail.err - -# -# Logging for INN news system -# -news.crit /var/log/news/news.crit -news.err /var/log/news/news.err -news.notice -/var/log/news/news.notice - -# -# Some "catch-all" log files -# -*.=debug;\ - auth,authpriv.none;\ - mail,news.none -/var/log/debug -*.=info;*.=notice;*.=warn;\ - auth,authpriv.none;\ - cron,daemon.none;\ - mail,news.none -/var/log/messages - -# -# Emergencies are sent to everybody logged in -# -*.emerg :omusrmsg:* - diff --git a/scripts/latecommand/post.bookworm.sh b/scripts/latecommand/post.bookworm.sh new file mode 100755 index 0000000..9eba339 --- /dev/null +++ b/scripts/latecommand/post.bookworm.sh @@ -0,0 +1,178 @@ +#!/bin/sh + +APT_CONF_INCLUDE_SRC="$(dirname $0)/bookworm/etc/apt/apt.conf.d/" +APT_CONF_INCLUDE_PATH="/etc/apt/apt.conf.d/" + +APT_SOURCES_SRC="$(dirname $0)/bookworm/etc/apt/sources.list" +APT_SOURCES_PATH="/etc/apt/sources.list" + +RSYSLOGD_CONF_SRC="$(dirname $0)/bookworm/etc/rsyslog.conf" +RSYSLOGD_CONF_PATH="/etc/rsyslog.conf" +RSYSLOGD_INCLUDE_SRC="$(dirname $0)/bookworm/etc/rsyslog.d/" +RSYSLOGD_INCLUDE_PATH="/etc/rsyslog.d/" + +LOGROTATE_CONF_SRC="$(dirname $0)/bookworm/etc/logrotate.conf" +LOGROTATE_CONF_PATH="/etc/logrotate.conf" +LOGROTATE_INCLUDE_SRC="$(dirname $0)/bookworm/etc/logrotate.d/" +LOGROTATE_INCLUDE_PATH="/etc/logrotate.d/" + +# apt configuration {{{ + +# Ensure to have some default configuration for Apt +cp -- "${APT_CONF_INCLUDE_SRC}"* "${APT_CONF_INCLUDE_PATH}" + +# Ensure to have a correct sources.list file for Apt +cp -- "${APT_SOURCES_SRC}" "${APT_SOURCES_PATH}" + +# Update repositories and packages +apt update +apt --assume-yes full-upgrade + +# Ensure to have aptitude ! +apt --assume-yes install -- aptitude + +# }}} + +# Rsyslog {{{ + +# Ensure to install Rsyslog daemon +aptitude --assume-yes install -- rsyslog + +# Install new Rsyslog configuration +if [ -f "${RSYSLOGD_CONF_PATH}" ]; then + cp -- "${RSYSLOGD_CONF_PATH}" "${RSYSLOGD_CONF_PATH}".orig + cp -- "${RSYSLOGD_CONF_SRC}" "${RSYSLOGD_CONF_PATH}" +fi +cp -- "${RSYSLOGD_INCLUDE_SRC}"* "${RSYSLOGD_INCLUDE_PATH}" + +# Restart Rsyslog service +systemctl restart rsyslog + +# }}} + +# Packages {{{ + +# Ensure to have some basic packages +aptitude --assume-yes install -- tmux vim-nox zsh + +# Ensure to remove some "too"-basic packages +aptitude --assume-yes remove -- vim-tiny + +# If no X display is expected +if [ ! "$(dpkg --list -- xorg)" ]; then + ## Remove unwanted x11 libs and packages + aptitude --assume-yes remove -- libgl1 libglx-mesa0 libglx0 libice6 libsm6 \ + libx11-6 libx11-data libx11-xcb1 libxau6 libxaw7 libxcb-dri2-0 libxcb-dri3-0 \ + libxcb-glx0 libxcb-present0 libxcb-shape0 libxcb-shm0 libxcb-sync1 \ + libxcb-xfixes0 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxdmcp6 \ + libxext6 libxfixes3 libxft2 libxi6 libxinerama1 libxkbfile1 libxmu6 libxmuu1 \ + libxpm4 libxrandr2 libxrender1 libxt6 libxtst6 libxv1 libxxf86dga1 \ + libxxf86vm1 x11-apps x11-common x11-session-utils x11-utils x11-xkb-utils \ + x11-xserver-utils xauth xbase-clients xinit + + if [ "$(dpkg --list -- task-english)" ]; then + ## Remove task-english + aptitude --assume-yes remove task-english iamerican ibritish ienglish-common ispell util-linux-locales wamerican + fi +# If X display is expected +elif [ "$(dpkg --list -- xorg)" ]; then + if [ "$(dpkg --list -- task-english)" ]; then + ## Remove task-english + aptitude --assume-yes remove task-english + fi +fi + +## Documentation {{{ +## Remove task-french +if [ "$(dpkg --list -- task-french)" ]; then + ### Move default wordlist to american before remove all packages + select-default-wordlist --set-default=american + aptitude --assume-yes remove -- task-french + + ### Reinstall useful french doc and move back to french dict + aptitude --assume-yes install -- aspell-fr ifrench-gut manpages-fr wfrench + select-default-wordlist --set-default=".*(F|f)rench.*" +fi + +## Ensure to have minimal documentation +aptitude --assume-yes install -- man-db manpages manpages-fr + +## }}} + +## SSH {{{ +## Remove task-ssh-server +if [ "$(dpkg --list -- task-ssh-server)" ]; then + aptitude --assume-yes remove -- task-ssh-server ncurses-term +fi + +## Ensure to install openssh-server +aptitude --assume-yes install -- openssh-server openssh-sftp-server + +## }}} + +# Ansible dependencies +aptitude --assume-yes install -- python3-apt + +## Tasksel {{{ +## If tasksel and tasksel-data are the only task* relative packages +if [ "$(dpkg --list -- | grep --count -- '^ii task')" -eq "2" ]; then + aptitude --assume-yes remove -- tasksel tasksel-data +fi + +## purge configuration files +aptitude --assume-yes purge -- '~c' + +## }}} + +# }}} + +# Grub {{{ + +# If EFI directory is present +EFI_PATH="/boot/efi" +if [ -d "${EFI_PATH}" ]; then + ## Install grub-efi + aptitude --assume-yes install -- grub-efi-amd64 + ## Get grub device (keep only some patterns, eg. /dev/sda, /dev/vda, /dev/nvme0n1,…) + GRUB_DEVICE=$(sed --silent "s;^\(/dev/[a-z]\{3\}\|/dev/nvme[a-z0-9]\{3\}\)\(p[0-9]\|[0-9]\) ${EFI_PATH} .*;\1;p" /etc/mtab) + grub-install --target=x86_64-efi "${GRUB_DEVICE}" 2>/dev/null + if [ -d "${EFI_PATH}"/EFI ]; then + ### Copy efi entries to a boot directory + mkdir -p -- "${EFI_PATH}"/EFI/boot + find "${EFI_PATH}"/EFI/grub -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit 2>/dev/null + find "${EFI_PATH}"/EFI/debian -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit + fi +fi + +# }}} + +# Logrotate {{{ + +# Install new Logrotate configuration +if [ -f "${LOGROTATE_CONF_PATH}" ]; then + cp -- "${LOGROTATE_CONF_PATH}" "${LOGROTATE_CONF_PATH}".orig + cp -- "${LOGROTATE_CONF_SRC}" "${LOGROTATE_CONF_PATH}" +fi +cp -- "${LOGROTATE_INCLUDE_SRC}"* "${LOGROTATE_INCLUDE_PATH}" + +# Create an archive directory for some log files (aptitude, dpkg,…) +mkdir -p -- /var/log/old_logs.d \ + /var/log/alternatives.d \ + /var/log/aptitude.d \ + /var/log/auth.d \ + /var/log/cron.d \ + /var/log/daemon.d \ + /var/log/dpkg.d \ + /var/log/kern.d \ + /var/log/mail.d \ + /var/log/messages.d \ + /var/log/syslog.d + +chmod 0750 /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d +chown root:adm /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d + +# Create the log directory for journald (Systemd), need the configuration Storage=(auto|persistent) +mkdir -p -- /var/log/journal +# }}} + +exit 0