From 1b6270164489c290c8cd700945c7fac10e87011b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gardais=20J=C3=A9r=C3=A9my?= Date: Tue, 13 Jun 2023 17:05:42 +0200 Subject: [PATCH] Keep old post-install scripts to old/latecommand --- .../etc/apt/apt.conf.d/25no-recommends.conf | 7 + .../latecommand/buster/etc/apt/sources.list | 6 + .../old/latecommand/buster/etc/logrotate.conf | 10 ++ .../latecommand/buster/etc/logrotate.d/apt | 12 ++ .../buster/etc/logrotate.d/aptitude | 7 + .../latecommand/buster/etc/logrotate.d/btmp | 8 + .../latecommand/buster/etc/logrotate.d/dpkg | 16 ++ .../buster/etc/logrotate.d/rsyslog | 108 ++++++++++++ .../latecommand/buster/etc/logrotate.d/wtmp | 9 + .../old/latecommand/buster/etc/rsyslog.conf | 5 + .../buster/etc/rsyslog.d/00-global.conf | 12 ++ .../etc/rsyslog.d/05-common-defaults.conf | 20 +++ .../etc/rsyslog.d/10-local-modules.conf | 19 ++ .../etc/rsyslog.d/50-default-rulesets.conf | 43 +++++ scripts/old/latecommand/post.buster.sh | 163 ++++++++++++++++++ scripts/old/latecommand/post.stretch.sh | 140 +++++++++++++++ .../etc/apt/apt.conf.d/25no-recommends.conf | 7 + .../latecommand/stretch/etc/logrotate.conf | 29 ++++ .../stretch/etc/logrotate.d/aptitude | 7 + .../latecommand/stretch/etc/logrotate.d/dpkg | 18 ++ .../stretch/etc/logrotate.d/rsyslog | 116 +++++++++++++ .../old/latecommand/stretch/etc/rsyslog.conf | 5 + .../stretch/etc/rsyslog.d/00-global.conf | 9 + .../etc/rsyslog.d/05-common-defaults.conf | 22 +++ .../etc/rsyslog.d/10-local-modules.conf | 19 ++ .../etc/rsyslog.d/50-default-rulesets.conf | 45 +++++ 26 files changed, 862 insertions(+) create mode 100644 scripts/old/latecommand/buster/etc/apt/apt.conf.d/25no-recommends.conf create mode 100644 scripts/old/latecommand/buster/etc/apt/sources.list create mode 100644 scripts/old/latecommand/buster/etc/logrotate.conf create mode 100644 scripts/old/latecommand/buster/etc/logrotate.d/apt create mode 100644 scripts/old/latecommand/buster/etc/logrotate.d/aptitude create mode 100644 scripts/old/latecommand/buster/etc/logrotate.d/btmp create mode 100644 scripts/old/latecommand/buster/etc/logrotate.d/dpkg create mode 100644 scripts/old/latecommand/buster/etc/logrotate.d/rsyslog create mode 100644 scripts/old/latecommand/buster/etc/logrotate.d/wtmp create mode 100644 scripts/old/latecommand/buster/etc/rsyslog.conf create mode 100644 scripts/old/latecommand/buster/etc/rsyslog.d/00-global.conf create mode 100644 scripts/old/latecommand/buster/etc/rsyslog.d/05-common-defaults.conf create mode 100644 scripts/old/latecommand/buster/etc/rsyslog.d/10-local-modules.conf create mode 100644 scripts/old/latecommand/buster/etc/rsyslog.d/50-default-rulesets.conf create mode 100755 scripts/old/latecommand/post.buster.sh create mode 100755 scripts/old/latecommand/post.stretch.sh create mode 100644 scripts/old/latecommand/stretch/etc/apt/apt.conf.d/25no-recommends.conf create mode 100644 scripts/old/latecommand/stretch/etc/logrotate.conf create mode 100644 scripts/old/latecommand/stretch/etc/logrotate.d/aptitude create mode 100644 scripts/old/latecommand/stretch/etc/logrotate.d/dpkg create mode 100644 scripts/old/latecommand/stretch/etc/logrotate.d/rsyslog create mode 100644 scripts/old/latecommand/stretch/etc/rsyslog.conf create mode 100644 scripts/old/latecommand/stretch/etc/rsyslog.d/00-global.conf create mode 100644 scripts/old/latecommand/stretch/etc/rsyslog.d/05-common-defaults.conf create mode 100644 scripts/old/latecommand/stretch/etc/rsyslog.d/10-local-modules.conf create mode 100644 scripts/old/latecommand/stretch/etc/rsyslog.d/50-default-rulesets.conf diff --git a/scripts/old/latecommand/buster/etc/apt/apt.conf.d/25no-recommends.conf b/scripts/old/latecommand/buster/etc/apt/apt.conf.d/25no-recommends.conf new file mode 100644 index 0000000..455f9e0 --- /dev/null +++ b/scripts/old/latecommand/buster/etc/apt/apt.conf.d/25no-recommends.conf @@ -0,0 +1,7 @@ +// Should APT install recommended or suggested packages? +APT::Install-Recommends "false"; +APT::Install-Suggests "false"; + +// APT should not consider recommended or suggested packages to be unused +APT::AutoRemove::RecommendsImportant "true"; +APT::AutoRemove::SuggestsImportant "true"; diff --git a/scripts/old/latecommand/buster/etc/apt/sources.list b/scripts/old/latecommand/buster/etc/apt/sources.list new file mode 100644 index 0000000..34f23db --- /dev/null +++ b/scripts/old/latecommand/buster/etc/apt/sources.list @@ -0,0 +1,6 @@ +# From latecommand - Debian's preseed +deb http://deb.debian.org/debian/ buster main non-free contrib +deb-src http://deb.debian.org/debian/ buster main non-free contrib + +deb http://security.debian.org/debian-security buster/updates main contrib non-free +deb-src http://security.debian.org/debian-security buster/updates main contrib non-free diff --git a/scripts/old/latecommand/buster/etc/logrotate.conf b/scripts/old/latecommand/buster/etc/logrotate.conf new file mode 100644 index 0000000..10c01b7 --- /dev/null +++ b/scripts/old/latecommand/buster/etc/logrotate.conf @@ -0,0 +1,10 @@ + +create +weekly +compress +delaycompress +dateext +notifempty +include /etc/logrotate.d +rotate 4 + diff --git a/scripts/old/latecommand/buster/etc/logrotate.d/apt b/scripts/old/latecommand/buster/etc/logrotate.d/apt new file mode 100644 index 0000000..e516fbd --- /dev/null +++ b/scripts/old/latecommand/buster/etc/logrotate.d/apt @@ -0,0 +1,12 @@ +/var/log/apt/term.log { + rotate 12 + monthly + missingok +} + +/var/log/apt/history.log { + rotate 12 + monthly + missingok +} + diff --git a/scripts/old/latecommand/buster/etc/logrotate.d/aptitude b/scripts/old/latecommand/buster/etc/logrotate.d/aptitude new file mode 100644 index 0000000..a1ad0f5 --- /dev/null +++ b/scripts/old/latecommand/buster/etc/logrotate.d/aptitude @@ -0,0 +1,7 @@ +/var/log/aptitude { + rotate 6 + monthly + missingok + olddir /var/log/aptitude.d + +} diff --git a/scripts/old/latecommand/buster/etc/logrotate.d/btmp b/scripts/old/latecommand/buster/etc/logrotate.d/btmp new file mode 100644 index 0000000..e2ce942 --- /dev/null +++ b/scripts/old/latecommand/buster/etc/logrotate.d/btmp @@ -0,0 +1,8 @@ +# no packages own btmp -- we'll rotate it here +/var/log/btmp { + missingok + monthly + create 0660 root utmp + rotate 3 + olddir /var/log/old_logs.d +} diff --git a/scripts/old/latecommand/buster/etc/logrotate.d/dpkg b/scripts/old/latecommand/buster/etc/logrotate.d/dpkg new file mode 100644 index 0000000..4bce6bb --- /dev/null +++ b/scripts/old/latecommand/buster/etc/logrotate.d/dpkg @@ -0,0 +1,16 @@ +/var/log/alternatives.log { + rotate 12 + monthly + missingok + create 644 root root + olddir /var/log/alternatives.d +} + +/var/log/dpkg.log { + rotate 12 + monthly + missingok + create 644 root root + olddir /var/log/dpkg.d +} + diff --git a/scripts/old/latecommand/buster/etc/logrotate.d/rsyslog b/scripts/old/latecommand/buster/etc/logrotate.d/rsyslog new file mode 100644 index 0000000..76a4fc2 --- /dev/null +++ b/scripts/old/latecommand/buster/etc/logrotate.d/rsyslog @@ -0,0 +1,108 @@ +# Default directives are activilly used, please see /etc/logrotate.conf + +/var/log/syslog +/var/log/syslog.log +/var/log/local0.log +/var/log/local1.log +/var/log/local2.log +/var/log/local3.log +/var/log/local4.log +/var/log/local5.log +/var/log/local6.log +/var/log/local7.log +/var/log/uucp.log +{ + rotate 8 + daily + missingok + olddir /var/log/syslog.d + + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} + +/var/log/cron.log /var/log/mark.log { + maxsize 250k + missingok + sharedscripts + olddir /var/log/cron.d + + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} + +/var/log/daemon.log { + maxsize 250k + missingok + sharedscripts + olddir /var/log/daemon.d + + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} + +/var/log/kern.log /var/log/kernel.log { + maxsize 250k + missingok + sharedscripts + olddir /var/log/kern.d + + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} + +/var/log/lpr.log { + maxsize 250k + missingok + sharedscripts + olddir /var/log/lpr.d + + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} + +/var/log/mail.log +/var/log/mail.info +/var/log/mail.warn +/var/log/mail.err +{ + maxsize 250k + missingok + sharedscripts + olddir /var/log/mail.d + + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} + +/var/log/auth.log +/var/log/authpriv.log +/var/log/user.log +{ + maxsize 250k + missingok + sharedscripts + olddir /var/log/auth.d + + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} + +/var/log/messages /var/log/debug { + maxsize 250k + missingok + sharedscripts + olddir /var/log/messages.d + + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} + diff --git a/scripts/old/latecommand/buster/etc/logrotate.d/wtmp b/scripts/old/latecommand/buster/etc/logrotate.d/wtmp new file mode 100644 index 0000000..b0e0a76 --- /dev/null +++ b/scripts/old/latecommand/buster/etc/logrotate.d/wtmp @@ -0,0 +1,9 @@ +# no packages own wtmp -- we'll rotate it here +/var/log/wtmp { + missingok + monthly + create 0664 root utmp + minsize 1M + rotate 3 + olddir /var/log/old_logs.d +} diff --git a/scripts/old/latecommand/buster/etc/rsyslog.conf b/scripts/old/latecommand/buster/etc/rsyslog.conf new file mode 100644 index 0000000..31b426b --- /dev/null +++ b/scripts/old/latecommand/buster/etc/rsyslog.conf @@ -0,0 +1,5 @@ +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf + diff --git a/scripts/old/latecommand/buster/etc/rsyslog.d/00-global.conf b/scripts/old/latecommand/buster/etc/rsyslog.d/00-global.conf new file mode 100644 index 0000000..f850eeb --- /dev/null +++ b/scripts/old/latecommand/buster/etc/rsyslog.d/00-global.conf @@ -0,0 +1,12 @@ +# +# Global options +# +global( + defaultNetstreamDriver="ptcp" +) + +# +# Use traditional timestamp format. +# To enable high precision timestamps, comment out the following line. +# +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat diff --git a/scripts/old/latecommand/buster/etc/rsyslog.d/05-common-defaults.conf b/scripts/old/latecommand/buster/etc/rsyslog.d/05-common-defaults.conf new file mode 100644 index 0000000..7fed09b --- /dev/null +++ b/scripts/old/latecommand/buster/etc/rsyslog.d/05-common-defaults.conf @@ -0,0 +1,20 @@ +# +# Set default permissions for all log files +# +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + + +# +# Where to place spool and state files +# +$WorkDirectory /var/spool/rsyslog + +# +# Log every message +# +$RepeatedMsgReduction off + diff --git a/scripts/old/latecommand/buster/etc/rsyslog.d/10-local-modules.conf b/scripts/old/latecommand/buster/etc/rsyslog.d/10-local-modules.conf new file mode 100644 index 0000000..ad031cb --- /dev/null +++ b/scripts/old/latecommand/buster/etc/rsyslog.d/10-local-modules.conf @@ -0,0 +1,19 @@ +# +# Log messages sent to local UNIX socket +# +# provides support for local system logging +module(load="imuxsock") + +# +# Log kernel messages +# +# provides kernel logging support +module(load="imklog" permitnonkernelfacility="on") + +# +# Log periodic -- MARK -- messages +# +# provides --MARK-- message capability +#module(load="immark") +#module(load="immark" markmessageperiod="3600") + diff --git a/scripts/old/latecommand/buster/etc/rsyslog.d/50-default-rulesets.conf b/scripts/old/latecommand/buster/etc/rsyslog.d/50-default-rulesets.conf new file mode 100644 index 0000000..19a6218 --- /dev/null +++ b/scripts/old/latecommand/buster/etc/rsyslog.d/50-default-rulesets.conf @@ -0,0 +1,43 @@ +# +# Standard log files, split by facility +# +auth,authpriv.* /var/log/auth.log +*.*;cron,auth,authpriv.none -/var/log/syslog +cron.* -/var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files +# +mail.info -/var/log/mail.info +mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err + +# +# Logging for INN news system +# +news.crit /var/log/news/news.crit +news.err /var/log/news/news.err +news.notice -/var/log/news/news.notice + +# +# Some "catch-all" log files +# +*.=debug;\ + auth,authpriv.none;\ + news.none;mail.none -/var/log/debug +*.=info;*.=notice;*.=warn;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail,news.none -/var/log/messages + +# +# Emergencies are sent to everybody logged in +# +*.emerg :omusrmsg:* + diff --git a/scripts/old/latecommand/post.buster.sh b/scripts/old/latecommand/post.buster.sh new file mode 100755 index 0000000..ad5a60d --- /dev/null +++ b/scripts/old/latecommand/post.buster.sh @@ -0,0 +1,163 @@ +#!/bin/sh + +APT_CONF_INCLUDE_SRC="$(dirname $0)/buster/etc/apt/apt.conf.d/" +APT_CONF_INCLUDE_PATH="/etc/apt/apt.conf.d/" + +APT_SOURCES_SRC="$(dirname $0)/buster/etc/apt/sources.list" +APT_SOURCES_PATH="/etc/apt/sources.list" + +RSYSLOGD_CONF_SRC="$(dirname $0)/buster/etc/rsyslog.conf" +RSYSLOGD_CONF_PATH="/etc/rsyslog.conf" +RSYSLOGD_INCLUDE_SRC="$(dirname $0)/buster/etc/rsyslog.d/" +RSYSLOGD_INCLUDE_PATH="/etc/rsyslog.d/" + +LOGROTATE_CONF_SRC="$(dirname $0)/buster/etc/logrotate.conf" +LOGROTATE_CONF_PATH="/etc/logrotate.conf" +LOGROTATE_INCLUDE_SRC="$(dirname $0)/buster/etc/logrotate.d/" +LOGROTATE_INCLUDE_PATH="/etc/logrotate.d/" + +# apt configuration {{{ + +# ensure to have some default configuration for Apt +cp -- "${APT_CONF_INCLUDE_SRC}"* "${APT_CONF_INCLUDE_PATH}" + +# ensure to have a correct sources.list file for Apt +cp -- "${APT_SOURCES_SRC}" "${APT_SOURCES_PATH}" + +# }}} + +## Packages {{{ + +# update repositories and packages +apt update +apt -y full-upgrade + +# Ensure to have some basic packages +apt -y install aptitude tmux vim-nox zsh + +# Ensure to remove some "too"-basic packages +aptitude -y remove vim-tiny + +# If no X display is expected +if [ ! "$(dpkg -l xorg)" ]; then + ## Remove unwanted x11 lib + aptitude -y remove libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 xauth + if [ "$(dpkg -l task-english)" ]; then + ## Remove task-english + aptitude -y remove task-english iamerican ibritish ienglish-common ispell util-linux-locales wamerican + fi +else + if [ "$(dpkg -l task-english)" ]; then + ## Remove task-english + aptitude -y remove task-english + fi +fi + +### Documentation {{{ +# Remove task-french +if [ "$(dpkg -l task-french)" ]; then + # Move default wordlist to american before remove all packages + select-default-wordlist --set-default=american + aptitude -y remove task-french + + # Reinstall useful french doc and move back to french dict + aptitude -y install aspell-fr doc-debian-fr doc-linux-fr-text ifrench-gut manpages-fr manpages-fr-extra wfrench + select-default-wordlist --set-default=".*(F|f)rench.*" +fi + +# Ensure to have minimal documentation +aptitude -y install man-db manpages + +### }}} + +### SSH {{{ +# Remove task-ssh-server +if [ "$(dpkg -l task-ssh-server)" ]; then + aptitude -y remove task-ssh-server krb5-locales ncurses-term +fi + +# Ensure to install openssh-server +aptitude -y install openssh-server openssh-sftp-server + +### }}} + +# Ansible dependencies +aptitude -y install python-apt + +### Tasksel {{{ +# If tasksel and tasksel-data are the only task* relative packages +if [ "$(dpkg -l | grep -c task)" -eq "2" ]; then + aptitude -y remove tasksel tasksel-data +fi + +# purge configuration files +aptitude -y purge '~c' + +### }}} + +## }}} + +# Grub {{{ + +## If EFI directory is present +EFI_PATH="/boot/efi" +if [ -d "${EFI_PATH}" ]; then + ## Install grub-efi + aptitude install -y grub-efi-amd64 + ## Get grub device (keep only some patterns, eg. /dev/sda, /dev/vda, /dev/nvme0n1,…) + GRUB_DEVICE=$(sed -n "s;^\(/dev/[a-z]\{3\}\|/dev/nvme[a-z0-9]\{3\}\)\(p[0-9]\|[0-9]\) ${EFI_PATH} .*;\1;p" /etc/mtab) + grub-install --target=x86_64-efi "${GRUB_DEVICE}" 2>/dev/null + if [ -d "${EFI_PATH}"/EFI ]; then + ## Copy efi entries to a boot directory + mkdir -p -- "${EFI_PATH}"/EFI/boot + find "${EFI_PATH}"/EFI/grub -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit 2>/dev/null + find "${EFI_PATH}"/EFI/debian -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit + fi +fi + +### }}} + +### Rsyslog {{{ + +# Install new Rsyslog configuration +if [ -f "${RSYSLOGD_CONF_PATH}" ]; then + cp -- "${RSYSLOGD_CONF_PATH}" "${RSYSLOGD_CONF_PATH}".orig + cp -- "${RSYSLOGD_CONF_SRC}" "${RSYSLOGD_CONF_PATH}" +fi +cp -- "${RSYSLOGD_INCLUDE_SRC}"* "${RSYSLOGD_INCLUDE_PATH}" + +# Restart Rsyslog service +systemctl restart rsyslog + +### }}} +### Logrotate {{{ + +# Install new Logrotate configuration +if [ -f "${LOGROTATE_CONF_PATH}" ]; then + cp -- "${LOGROTATE_CONF_PATH}" "${LOGROTATE_CONF_PATH}".orig + cp -- "${LOGROTATE_CONF_SRC}" "${LOGROTATE_CONF_PATH}" +fi +cp -- "${LOGROTATE_INCLUDE_SRC}"* "${LOGROTATE_INCLUDE_PATH}" + +# Create an archive directory for some log files (aptitude, dpkg,…) +mkdir -p -- /var/log/old_logs.d \ + /var/log/alternatives.d \ + /var/log/aptitude.d \ + /var/log/auth.d \ + /var/log/cron.d \ + /var/log/daemon.d \ + /var/log/dpkg.d \ + /var/log/kern.d \ + /var/log/lpr.d \ + /var/log/mail.d \ + /var/log/messages.d \ + /var/log/syslog.d + +chmod 0750 /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d +chown root:adm /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d + +# Create the log directory for journald (Systemd), need the configuration Storage=(auto|persistent) +mkdir -p -- /var/log/journal +### }}} + +exit 0 diff --git a/scripts/old/latecommand/post.stretch.sh b/scripts/old/latecommand/post.stretch.sh new file mode 100755 index 0000000..fa92a30 --- /dev/null +++ b/scripts/old/latecommand/post.stretch.sh @@ -0,0 +1,140 @@ +#!/bin/sh + +APT_CONF_INCLUDE_SRC="$(dirname $0)/stretch/etc/apt/apt.conf.d/" +APT_CONF_INCLUDE_PATH="/etc/apt/apt.conf.d/" + +RSYSLOGD_CONF_SRC="$(dirname $0)/stretch/etc/rsyslog.conf" +RSYSLOGD_CONF_PATH="/etc/rsyslog.conf" +RSYSLOGD_INCLUDE_SRC="$(dirname $0)/stretch/etc/rsyslog.d/" +RSYSLOGD_INCLUDE_PATH="/etc/rsyslog.d/" + +LOGROTATE_CONF_SRC="$(dirname $0)/stretch/etc/logrotate.conf" +LOGROTATE_CONF_PATH="/etc/logrotate.conf" +LOGROTATE_INCLUDE_SRC="$(dirname $0)/stretch/etc/logrotate.d/" +LOGROTATE_INCLUDE_PATH="/etc/logrotate.d/" + +# apt configuration {{{ + +# ensure to have some default configuration for Apt +cp -- "${APT_CONF_INCLUDE_SRC}"* "${APT_CONF_INCLUDE_PATH}" + +# }}} + +## Packages {{{ + +# update repositories and packages +apt update +apt -y full-upgrade + +# Ensure to have some basic packages +apt -y install aptitude tmux vim-nox zsh + +# Ensure to remove some "too"-basic packages +aptitude -y remove vim-tiny + + +# Ensure to have some systemd basic packages +aptitude -y install dbus libpam-systemd + +# Remove NFS and rpcbind +aptitude -y remove nfs-common rpcbind + +### Documentation {{{ +# If no X display is expected +if [ ! "$(dpkg -l xorg)" ]; then + ## Remove unwanted x11 lib + aptitude -y remove libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 xauth + if [ "$(dpkg -l task-english)" ]; then + ## Remove task-english + aptitude -y remove task-english iamerican ibritish ienglish-common ispell util-linux-locales wamerican + fi +else + if [ "$(dpkg -l task-english)" ]; then + ## Remove task-english + aptitude -y remove task-english + fi +fi + +# Ensure to have minimal documentation +aptitude -y install man-db manpages + +### }}} + +### SSH {{{ +# Remove task-ssh-server +if [ "$(dpkg -l task-ssh-server)" ]; then + aptitude -y remove task-ssh-server +fi + +# Ensure to install openssh-server +aptitude -y install openssh-server openssh-sftp-server + +### }}} + +# Ansible dependencies +aptitude -y install python-apt + +### Tasksel {{{ +# If tasksel and tasksel-data are the only task* relative packages +if [ "$(dpkg -l | grep -c task)" -eq "2" ]; then + aptitude -y remove tasksel tasksel-data +fi + +# purge configuration files +aptitude -y purge '~c' + +### }}} + +## }}} + +# Grub {{{ + +## If EFI directory is present +EFI_PATH="/boot/efi" +if [ -d "${EFI_PATH}" ]; then + ## Install grub-efi + aptitude install -y grub-efi-amd64 + ## Get grub device (keep only some patterns, eg. /dev/sda, /dev/vda, /dev/nvme0n1,…) + GRUB_DEVICE=$(sed -n "s;^\(/dev/[a-z]\{3\}\|/dev/nvme[a-z0-9]\{3\}\)\(p[0-9]\|[0-9]\) ${EFI_PATH} .*;\1;p" /etc/mtab) + grub-install --target=x86_64-efi "${GRUB_DEVICE}" 2>/dev/null + if [ -d "${EFI_PATH}"/EFI ]; then + ## Copy efi entries to a boot directory + mkdir -p -- "${EFI_PATH}"/EFI/boot + find "${EFI_PATH}"/EFI/grub -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit 2>/dev/null + find "${EFI_PATH}"/EFI/debian -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit + fi +fi + +### }}} + +### Rsyslog {{{ + +# Install new Rsyslog configuration +if [ -f "${RSYSLOGD_CONF_PATH}" ]; then + cp "${RSYSLOGD_CONF_SRC}" "${RSYSLOGD_CONF_PATH}" +fi +cp -- "${RSYSLOGD_INCLUDE_SRC}"* "${RSYSLOGD_INCLUDE_PATH}" + +# Restart Rsyslog service +systemctl restart rsyslog + +### }}} +### Logrotate {{{ + +# Install new Logrotate configuration +if [ -f "${LOGROTATE_CONF_PATH}" ]; then + cp "${LOGROTATE_CONF_SRC}" "${LOGROTATE_CONF_PATH}" +fi +cp -- "${LOGROTATE_INCLUDE_SRC}"* "${LOGROTATE_INCLUDE_PATH}" + +# Create an archive directory for some log files (aptitude, dpkg,…) +mkdir -p -- /var/log/old_logs.d /var/log/aptitude.d /var/log/dpkg.d /var/log/alternatives.d /var/log/syslog.d /var/log/cron.d /var/log/daemon.d /var/log/kern.d /var/log/lpr.d /var/log/mail.d /var/log/auth.d /var/log/messages.d + +chmod 0750 /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d +chown root:adm /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d + +# Create the log directory for journald (Systemd), need the configuration Storage=(auto|persistent) +mkdir -p -- /var/log/journal +### }}} + +exit 0 diff --git a/scripts/old/latecommand/stretch/etc/apt/apt.conf.d/25no-recommends.conf b/scripts/old/latecommand/stretch/etc/apt/apt.conf.d/25no-recommends.conf new file mode 100644 index 0000000..2c580cd --- /dev/null +++ b/scripts/old/latecommand/stretch/etc/apt/apt.conf.d/25no-recommends.conf @@ -0,0 +1,7 @@ +// Should APT install recommended or suggested packages? +APT::Install-Recommends "false"; +APT::Install-Suggests "false"; + +// Should APT autoremove recommended or suggested packages? +APT::AutoRemove::RecommendsImportant "false"; +APT::AutoRemove::SuggestsImportant "false"; diff --git a/scripts/old/latecommand/stretch/etc/logrotate.conf b/scripts/old/latecommand/stretch/etc/logrotate.conf new file mode 100644 index 0000000..504a88c --- /dev/null +++ b/scripts/old/latecommand/stretch/etc/logrotate.conf @@ -0,0 +1,29 @@ + +create +weekly +compress +delaycompress +dateext +notifempty +include /etc/logrotate.d + +# No packages own wtmp or btmp, they will be managed directly +/var/log/wtmp { + missingok + monthly + create 0664 root utmp + rotate 3 + olddir /var/log/old_logs.d + +} + +# No packages own wtmp or btmp, they will be managed directly +/var/log/btmp { + missingok + monthly + create 0660 root utmp + rotate 3 + olddir /var/log/old_logs.d + +} + diff --git a/scripts/old/latecommand/stretch/etc/logrotate.d/aptitude b/scripts/old/latecommand/stretch/etc/logrotate.d/aptitude new file mode 100644 index 0000000..a1ad0f5 --- /dev/null +++ b/scripts/old/latecommand/stretch/etc/logrotate.d/aptitude @@ -0,0 +1,7 @@ +/var/log/aptitude { + rotate 6 + monthly + missingok + olddir /var/log/aptitude.d + +} diff --git a/scripts/old/latecommand/stretch/etc/logrotate.d/dpkg b/scripts/old/latecommand/stretch/etc/logrotate.d/dpkg new file mode 100644 index 0000000..35441a2 --- /dev/null +++ b/scripts/old/latecommand/stretch/etc/logrotate.d/dpkg @@ -0,0 +1,18 @@ +/var/log/alternatives.log { + rotate 12 + monthly + missingok + create 644 root root + olddir /var/log/alternatives.d + +} + +/var/log/dpkg.log { + rotate 12 + monthly + missingok + create 644 root root + olddir /var/log/dpkg.d + +} + diff --git a/scripts/old/latecommand/stretch/etc/logrotate.d/rsyslog b/scripts/old/latecommand/stretch/etc/logrotate.d/rsyslog new file mode 100644 index 0000000..89dfbcf --- /dev/null +++ b/scripts/old/latecommand/stretch/etc/logrotate.d/rsyslog @@ -0,0 +1,116 @@ +# Default directives are activilly used, please see /etc/logrotate.conf + +/var/log/syslog +/var/log/syslog.log +/var/log/local0.log +/var/log/local1.log +/var/log/local2.log +/var/log/local3.log +/var/log/local4.log +/var/log/local5.log +/var/log/local6.log +/var/log/local7.log +/var/log/uucp.log +{ + rotate 8 + daily + missingok + olddir /var/log/syslog.d + + postrotate + invoke-rc.d rsyslog rotate > /dev/null + + endscript +} + +/var/log/cron.log /var/log/mark.log { + maxsize 250k + missingok + sharedscripts + olddir /var/log/cron.d + + postrotate + invoke-rc.d rsyslog rotate > /dev/null + + endscript +} + +/var/log/daemon.log { + maxsize 250k + missingok + sharedscripts + olddir /var/log/daemon.d + + postrotate + invoke-rc.d rsyslog rotate > /dev/null + + endscript +} + +/var/log/kern.log /var/log/kernel.log { + maxsize 250k + missingok + sharedscripts + olddir /var/log/kern.d + + postrotate + invoke-rc.d rsyslog rotate > /dev/null + + endscript +} + +/var/log/lpr.log { + maxsize 250k + missingok + sharedscripts + olddir /var/log/lpr.d + + postrotate + invoke-rc.d rsyslog rotate > /dev/null + + endscript +} + +/var/log/mail.log +/var/log/mail.info +/var/log/mail.warn +/var/log/mail.err +{ + maxsize 250k + missingok + sharedscripts + olddir /var/log/mail.d + + postrotate + invoke-rc.d rsyslog rotate > /dev/null + + endscript +} + +/var/log/auth.log +/var/log/authpriv.log +/var/log/user.log +{ + maxsize 250k + missingok + sharedscripts + olddir /var/log/auth.d + + postrotate + invoke-rc.d rsyslog rotate > /dev/null + + endscript +} + +/var/log/messages /var/log/debug { + maxsize 250k + missingok + sharedscripts + olddir /var/log/messages.d + + postrotate + invoke-rc.d rsyslog rotate > /dev/null + + endscript +} + diff --git a/scripts/old/latecommand/stretch/etc/rsyslog.conf b/scripts/old/latecommand/stretch/etc/rsyslog.conf new file mode 100644 index 0000000..31b426b --- /dev/null +++ b/scripts/old/latecommand/stretch/etc/rsyslog.conf @@ -0,0 +1,5 @@ +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf + diff --git a/scripts/old/latecommand/stretch/etc/rsyslog.d/00-global.conf b/scripts/old/latecommand/stretch/etc/rsyslog.d/00-global.conf new file mode 100644 index 0000000..37ccc49 --- /dev/null +++ b/scripts/old/latecommand/stretch/etc/rsyslog.d/00-global.conf @@ -0,0 +1,9 @@ +# This file is managed remotely, all changes will be lost + +# +# Global options +# +global( + defaultNetstreamDriver="ptcp" +) + diff --git a/scripts/old/latecommand/stretch/etc/rsyslog.d/05-common-defaults.conf b/scripts/old/latecommand/stretch/etc/rsyslog.d/05-common-defaults.conf new file mode 100644 index 0000000..7e81e59 --- /dev/null +++ b/scripts/old/latecommand/stretch/etc/rsyslog.d/05-common-defaults.conf @@ -0,0 +1,22 @@ +# This file is managed remotely, all changes will be lost + +# +# Set default permissions for all log files +# +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + + +# +# Where to place spool and state files +# +$WorkDirectory /var/spool/rsyslog + +# +# Log every message +# +$RepeatedMsgReduction off + diff --git a/scripts/old/latecommand/stretch/etc/rsyslog.d/10-local-modules.conf b/scripts/old/latecommand/stretch/etc/rsyslog.d/10-local-modules.conf new file mode 100644 index 0000000..960625d --- /dev/null +++ b/scripts/old/latecommand/stretch/etc/rsyslog.d/10-local-modules.conf @@ -0,0 +1,19 @@ +# This file is managed remotely, all changes will be lost + +# +# Log messages sent to local UNIX socket +# +$ModLoad imuxsock + +# +# Log kernel messages +# +$ModLoad imklog +$KLogPermitNonKernelFacility on + +# +# Log periodic -- MARK -- messages +# +$ModLoad immark +$MarkMessagePeriod 3600 + diff --git a/scripts/old/latecommand/stretch/etc/rsyslog.d/50-default-rulesets.conf b/scripts/old/latecommand/stretch/etc/rsyslog.d/50-default-rulesets.conf new file mode 100644 index 0000000..33926dd --- /dev/null +++ b/scripts/old/latecommand/stretch/etc/rsyslog.d/50-default-rulesets.conf @@ -0,0 +1,45 @@ +# This file is managed remotely, all changes will be lost + +# +# Standard log files, split by facility +# +auth,authpriv.* /var/log/auth.log +*.*;cron,auth,authpriv.none -/var/log/syslog +cron.* -/var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files +# +mail.info -/var/log/mail.info +mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err + +# +# Logging for INN news system +# +news.crit /var/log/news/news.crit +news.err /var/log/news/news.err +news.notice -/var/log/news/news.notice + +# +# Some "catch-all" log files +# +*.=debug;\ + auth,authpriv.none;\ + mail,news.none -/var/log/debug +*.=info;*.=notice;*.=warn;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail,news.none -/var/log/messages + +# +# Emergencies are sent to everybody logged in +# +*.emerg :omusrmsg:* +