From 8e6ad8acef0221b58e3a7b73195699722df230ca Mon Sep 17 00:00:00 2001
From: Gardais Jeremy <jeremy.gardais@univ-rennes1.fr>
Date: Thu, 24 Jan 2019 17:15:19 +0100
Subject: [PATCH] Create a specific post script for Debian Sid

---
 scripts/latecommand/post.sid.sh               | 160 ++++++++++++++++++
 .../etc/apt/apt.conf.d/25no-recommends.conf   |   7 +
 scripts/latecommand/sid/etc/apt/sources.list  |   3 +
 scripts/latecommand/sid/etc/logrotate.conf    |  10 ++
 scripts/latecommand/sid/etc/logrotate.d/apt   |  12 ++
 .../latecommand/sid/etc/logrotate.d/aptitude  |   7 +
 scripts/latecommand/sid/etc/logrotate.d/btmp  |   8 +
 scripts/latecommand/sid/etc/logrotate.d/dpkg  |  16 ++
 .../latecommand/sid/etc/logrotate.d/rsyslog   | 108 ++++++++++++
 scripts/latecommand/sid/etc/logrotate.d/wtmp  |   9 +
 scripts/latecommand/sid/etc/rsyslog.conf      |   5 +
 .../sid/etc/rsyslog.d/00-global.conf          |  12 ++
 .../sid/etc/rsyslog.d/05-common-defaults.conf |  20 +++
 .../sid/etc/rsyslog.d/10-local-modules.conf   |  19 +++
 .../etc/rsyslog.d/50-default-rulesets.conf    |  43 +++++
 15 files changed, 439 insertions(+)
 create mode 100755 scripts/latecommand/post.sid.sh
 create mode 100644 scripts/latecommand/sid/etc/apt/apt.conf.d/25no-recommends.conf
 create mode 100644 scripts/latecommand/sid/etc/apt/sources.list
 create mode 100644 scripts/latecommand/sid/etc/logrotate.conf
 create mode 100644 scripts/latecommand/sid/etc/logrotate.d/apt
 create mode 100644 scripts/latecommand/sid/etc/logrotate.d/aptitude
 create mode 100644 scripts/latecommand/sid/etc/logrotate.d/btmp
 create mode 100644 scripts/latecommand/sid/etc/logrotate.d/dpkg
 create mode 100644 scripts/latecommand/sid/etc/logrotate.d/rsyslog
 create mode 100644 scripts/latecommand/sid/etc/logrotate.d/wtmp
 create mode 100644 scripts/latecommand/sid/etc/rsyslog.conf
 create mode 100644 scripts/latecommand/sid/etc/rsyslog.d/00-global.conf
 create mode 100644 scripts/latecommand/sid/etc/rsyslog.d/05-common-defaults.conf
 create mode 100644 scripts/latecommand/sid/etc/rsyslog.d/10-local-modules.conf
 create mode 100644 scripts/latecommand/sid/etc/rsyslog.d/50-default-rulesets.conf

diff --git a/scripts/latecommand/post.sid.sh b/scripts/latecommand/post.sid.sh
new file mode 100755
index 0000000..5e378db
--- /dev/null
+++ b/scripts/latecommand/post.sid.sh
@@ -0,0 +1,160 @@
+#!/bin/sh
+
+APT_CONF_INCLUDE_SRC="$(dirname $0)/sid/etc/apt/apt.conf.d/"
+APT_CONF_INCLUDE_PATH="/etc/apt/apt.conf.d/"
+
+APT_SOURCES_SRC="$(dirname $0)/sid/etc/apt/sources.list"
+APT_SOURCES_PATH="/etc/apt/sources.list"
+
+RSYSLOGD_CONF_SRC="$(dirname $0)/sid/etc/rsyslog.conf"
+RSYSLOGD_CONF_PATH="/etc/rsyslog.conf"
+RSYSLOGD_INCLUDE_SRC="$(dirname $0)/sid/etc/rsyslog.d/"
+RSYSLOGD_INCLUDE_PATH="/etc/rsyslog.d/"
+
+LOGROTATE_CONF_SRC="$(dirname $0)/sid/etc/logrotate.conf"
+LOGROTATE_CONF_PATH="/etc/logrotate.conf"
+LOGROTATE_INCLUDE_SRC="$(dirname $0)/sid/etc/logrotate.d/"
+LOGROTATE_INCLUDE_PATH="/etc/logrotate.d/"
+
+# apt configuration {{{
+
+# ensure to have some default configuration for Apt
+cp -- "${APT_CONF_INCLUDE_SRC}"* "${APT_CONF_INCLUDE_PATH}"
+
+# ensure to have a correct sources.list file for Apt
+cp -- "${APT_SOURCES_SRC}" "${APT_SOURCES_PATH}"
+
+# }}}
+
+## Packages {{{
+
+# update repositories and packages
+apt update
+apt -y full-upgrade
+
+# Ensure to have some basic packages
+apt -y install aptitude tmux zsh
+
+# If no X display is expected
+if [ ! "$(dpkg -l xorg)" ]; then
+	## Remove unwanted x11 lib
+	aptitude -y remove libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 xauth
+	if [ "$(dpkg -l task-english)" ]; then
+		## Remove task-english
+		aptitude -y remove task-english iamerican ibritish ienglish-common ispell util-linux-locales wamerican
+	fi
+else
+	if [ "$(dpkg -l task-english)" ]; then
+		## Remove task-english
+		aptitude -y remove task-english
+	fi
+fi
+
+### Documentation {{{
+# Remove task-french
+if [ "$(dpkg -l task-french)" ]; then
+	# Move default wordlist to american before remove all packages
+	select-default-wordlist --set-default=american
+	aptitude -y remove task-french
+
+	# Reinstall useful french doc and move back to french dict
+	aptitude -y install aspell-fr doc-debian-fr doc-linux-fr-text ifrench-gut manpages-fr manpages-fr-extra wfrench
+	select-default-wordlist --set-default=".*(F|f)rench.*"
+fi
+
+# Ensure to have minimal documentation
+aptitude -y install man-db manpages
+
+### }}}
+
+### SSH {{{
+# Remove task-ssh-server
+if [ "$(dpkg -l task-ssh-server)" ]; then
+	aptitude -y remove task-ssh-server krb5-locales ncurses-term
+fi
+
+# Ensure to install openssh-server
+aptitude -y install openssh-server openssh-sftp-server
+
+### }}}
+
+# Ansible dependencies
+aptitude -y install python-apt
+
+### Tasksel {{{
+# If tasksel and tasksel-data are the only task* relative packages
+if [ "$(dpkg -l | grep -c task)" -eq "2" ]; then
+	aptitude -y remove tasksel tasksel-data
+fi
+
+# purge configuration files
+aptitude -y purge '~c'
+
+### }}}
+
+## }}}
+
+# Grub {{{
+
+## If EFI directory is present
+EFI_PATH="/boot/efi"
+if [ -d "${EFI_PATH}" ]; then
+	## Install grub-efi
+	aptitude install -y grub-efi-amd64
+	## Get grub device (keep only some patterns, eg. /dev/sda, /dev/vda, /dev/nvme0n1,…)
+	GRUB_DEVICE=$(sed -n "s;^\(/dev/[a-z]\{3\}\|/dev/nvme[a-z0-9]\{3\}\)\(p[0-9]\|[0-9]\) ${EFI_PATH} .*;\1;p" /etc/mtab)
+	grub-install --target=x86_64-efi "${GRUB_DEVICE}" 2>/dev/null
+	if [ -d "${EFI_PATH}"/EFI ]; then
+		## Copy efi entries to a boot directory
+		mkdir -p -- "${EFI_PATH}"/EFI/boot
+		find "${EFI_PATH}"/EFI/grub -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit 2>/dev/null
+		find "${EFI_PATH}"/EFI/debian -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit
+	fi
+fi
+
+### }}}
+
+### Rsyslog {{{
+
+# Install new Rsyslog configuration
+if [ -f "${RSYSLOGD_CONF_PATH}" ]; then
+  cp -- "${RSYSLOGD_CONF_PATH}" "${RSYSLOGD_CONF_PATH}".orig
+  cp -- "${RSYSLOGD_CONF_SRC}" "${RSYSLOGD_CONF_PATH}"
+fi
+cp -- "${RSYSLOGD_INCLUDE_SRC}"* "${RSYSLOGD_INCLUDE_PATH}"
+
+# Restart Rsyslog service
+systemctl restart rsyslog
+
+### }}}
+### Logrotate {{{
+
+# Install new Logrotate configuration
+if [ -f "${LOGROTATE_CONF_PATH}" ]; then
+  cp -- "${LOGROTATE_CONF_PATH}" "${LOGROTATE_CONF_PATH}".orig
+  cp -- "${LOGROTATE_CONF_SRC}" "${LOGROTATE_CONF_PATH}"
+fi
+cp -- "${LOGROTATE_INCLUDE_SRC}"* "${LOGROTATE_INCLUDE_PATH}"
+
+# Create an archive directory for some log files (aptitude, dpkg,…)
+mkdir -p -- /var/log/old_logs.d \
+	/var/log/alternatives.d \
+	/var/log/aptitude.d \
+	/var/log/auth.d \
+	/var/log/cron.d \
+	/var/log/daemon.d \
+	/var/log/dpkg.d \
+	/var/log/kern.d \
+	/var/log/lpr.d \
+	/var/log/mail.d \
+	/var/log/messages.d \
+	/var/log/syslog.d
+
+chmod 0750 /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d
+chown root:adm /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d
+
+# Create the log directory for journald (Systemd), need the configuration Storage=(auto|persistent)
+mkdir -p -- /var/log/journal
+### }}}
+
+exit 0
diff --git a/scripts/latecommand/sid/etc/apt/apt.conf.d/25no-recommends.conf b/scripts/latecommand/sid/etc/apt/apt.conf.d/25no-recommends.conf
new file mode 100644
index 0000000..455f9e0
--- /dev/null
+++ b/scripts/latecommand/sid/etc/apt/apt.conf.d/25no-recommends.conf
@@ -0,0 +1,7 @@
+// Should APT install recommended or suggested packages?
+APT::Install-Recommends "false";
+APT::Install-Suggests "false";
+
+// APT should not consider recommended or suggested packages to be unused
+APT::AutoRemove::RecommendsImportant "true";
+APT::AutoRemove::SuggestsImportant "true";
diff --git a/scripts/latecommand/sid/etc/apt/sources.list b/scripts/latecommand/sid/etc/apt/sources.list
new file mode 100644
index 0000000..1b98a41
--- /dev/null
+++ b/scripts/latecommand/sid/etc/apt/sources.list
@@ -0,0 +1,3 @@
+# From latecommand - Debian's preseed
+deb http://ftp.fr.debian.org/debian/ sid main non-free contrib
+deb-src http://ftp.fr.debian.org/debian/ sid main non-free contrib
diff --git a/scripts/latecommand/sid/etc/logrotate.conf b/scripts/latecommand/sid/etc/logrotate.conf
new file mode 100644
index 0000000..10c01b7
--- /dev/null
+++ b/scripts/latecommand/sid/etc/logrotate.conf
@@ -0,0 +1,10 @@
+
+create
+weekly
+compress
+delaycompress
+dateext
+notifempty
+include /etc/logrotate.d
+rotate 4
+
diff --git a/scripts/latecommand/sid/etc/logrotate.d/apt b/scripts/latecommand/sid/etc/logrotate.d/apt
new file mode 100644
index 0000000..e516fbd
--- /dev/null
+++ b/scripts/latecommand/sid/etc/logrotate.d/apt
@@ -0,0 +1,12 @@
+/var/log/apt/term.log {
+  rotate 12
+  monthly
+  missingok
+}
+
+/var/log/apt/history.log {
+  rotate 12
+  monthly
+  missingok
+}
+
diff --git a/scripts/latecommand/sid/etc/logrotate.d/aptitude b/scripts/latecommand/sid/etc/logrotate.d/aptitude
new file mode 100644
index 0000000..a1ad0f5
--- /dev/null
+++ b/scripts/latecommand/sid/etc/logrotate.d/aptitude
@@ -0,0 +1,7 @@
+/var/log/aptitude {
+    rotate 6
+    monthly
+    missingok
+    olddir /var/log/aptitude.d
+
+}
diff --git a/scripts/latecommand/sid/etc/logrotate.d/btmp b/scripts/latecommand/sid/etc/logrotate.d/btmp
new file mode 100644
index 0000000..e2ce942
--- /dev/null
+++ b/scripts/latecommand/sid/etc/logrotate.d/btmp
@@ -0,0 +1,8 @@
+# no packages own btmp -- we'll rotate it here
+/var/log/btmp {
+    missingok
+    monthly
+    create 0660 root utmp
+    rotate 3
+    olddir /var/log/old_logs.d
+}
diff --git a/scripts/latecommand/sid/etc/logrotate.d/dpkg b/scripts/latecommand/sid/etc/logrotate.d/dpkg
new file mode 100644
index 0000000..4bce6bb
--- /dev/null
+++ b/scripts/latecommand/sid/etc/logrotate.d/dpkg
@@ -0,0 +1,16 @@
+/var/log/alternatives.log {
+    rotate 12
+    monthly
+    missingok
+    create 644 root root
+    olddir /var/log/alternatives.d
+}
+
+/var/log/dpkg.log {
+    rotate 12
+    monthly
+    missingok
+    create 644 root root
+    olddir /var/log/dpkg.d
+}
+
diff --git a/scripts/latecommand/sid/etc/logrotate.d/rsyslog b/scripts/latecommand/sid/etc/logrotate.d/rsyslog
new file mode 100644
index 0000000..76a4fc2
--- /dev/null
+++ b/scripts/latecommand/sid/etc/logrotate.d/rsyslog
@@ -0,0 +1,108 @@
+# Default directives are activilly used, please see /etc/logrotate.conf
+
+/var/log/syslog
+/var/log/syslog.log
+/var/log/local0.log
+/var/log/local1.log
+/var/log/local2.log
+/var/log/local3.log
+/var/log/local4.log
+/var/log/local5.log
+/var/log/local6.log
+/var/log/local7.log
+/var/log/uucp.log
+{
+    rotate 8
+    daily
+    missingok
+    olddir /var/log/syslog.d
+
+    postrotate
+      /usr/lib/rsyslog/rsyslog-rotate
+    endscript
+}
+
+/var/log/cron.log /var/log/mark.log {
+    maxsize 250k
+    missingok
+    sharedscripts
+    olddir /var/log/cron.d
+
+    postrotate
+      /usr/lib/rsyslog/rsyslog-rotate
+    endscript
+}
+
+/var/log/daemon.log {
+    maxsize 250k
+    missingok
+    sharedscripts
+    olddir /var/log/daemon.d
+
+    postrotate
+      /usr/lib/rsyslog/rsyslog-rotate
+    endscript
+}
+
+/var/log/kern.log /var/log/kernel.log {
+    maxsize 250k
+    missingok
+    sharedscripts
+    olddir /var/log/kern.d
+
+    postrotate
+      /usr/lib/rsyslog/rsyslog-rotate
+    endscript
+}
+
+/var/log/lpr.log {
+    maxsize 250k
+    missingok
+    sharedscripts
+    olddir /var/log/lpr.d
+
+    postrotate
+      /usr/lib/rsyslog/rsyslog-rotate
+    endscript
+}
+
+/var/log/mail.log
+/var/log/mail.info
+/var/log/mail.warn
+/var/log/mail.err
+{
+    maxsize 250k
+    missingok
+    sharedscripts
+    olddir /var/log/mail.d
+
+    postrotate
+      /usr/lib/rsyslog/rsyslog-rotate
+    endscript
+}
+
+/var/log/auth.log
+/var/log/authpriv.log
+/var/log/user.log
+{
+    maxsize 250k
+    missingok
+    sharedscripts
+    olddir /var/log/auth.d
+
+    postrotate
+      /usr/lib/rsyslog/rsyslog-rotate
+    endscript
+}
+
+/var/log/messages /var/log/debug {
+    maxsize 250k
+    missingok
+    sharedscripts
+    olddir /var/log/messages.d
+
+    postrotate
+      /usr/lib/rsyslog/rsyslog-rotate
+    endscript
+}
+
diff --git a/scripts/latecommand/sid/etc/logrotate.d/wtmp b/scripts/latecommand/sid/etc/logrotate.d/wtmp
new file mode 100644
index 0000000..b0e0a76
--- /dev/null
+++ b/scripts/latecommand/sid/etc/logrotate.d/wtmp
@@ -0,0 +1,9 @@
+# no packages own wtmp -- we'll rotate it here
+/var/log/wtmp {
+    missingok
+    monthly
+    create 0664 root utmp
+    minsize 1M
+    rotate 3
+    olddir /var/log/old_logs.d
+}
diff --git a/scripts/latecommand/sid/etc/rsyslog.conf b/scripts/latecommand/sid/etc/rsyslog.conf
new file mode 100644
index 0000000..31b426b
--- /dev/null
+++ b/scripts/latecommand/sid/etc/rsyslog.conf
@@ -0,0 +1,5 @@
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
diff --git a/scripts/latecommand/sid/etc/rsyslog.d/00-global.conf b/scripts/latecommand/sid/etc/rsyslog.d/00-global.conf
new file mode 100644
index 0000000..f850eeb
--- /dev/null
+++ b/scripts/latecommand/sid/etc/rsyslog.d/00-global.conf
@@ -0,0 +1,12 @@
+#
+# Global options
+#
+global(
+  defaultNetstreamDriver="ptcp"
+)
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
diff --git a/scripts/latecommand/sid/etc/rsyslog.d/05-common-defaults.conf b/scripts/latecommand/sid/etc/rsyslog.d/05-common-defaults.conf
new file mode 100644
index 0000000..7fed09b
--- /dev/null
+++ b/scripts/latecommand/sid/etc/rsyslog.d/05-common-defaults.conf
@@ -0,0 +1,20 @@
+#
+# Set default permissions for all log files
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Log every message
+#
+$RepeatedMsgReduction off
+
diff --git a/scripts/latecommand/sid/etc/rsyslog.d/10-local-modules.conf b/scripts/latecommand/sid/etc/rsyslog.d/10-local-modules.conf
new file mode 100644
index 0000000..ad031cb
--- /dev/null
+++ b/scripts/latecommand/sid/etc/rsyslog.d/10-local-modules.conf
@@ -0,0 +1,19 @@
+#
+# Log messages sent to local UNIX socket
+#
+# provides support for local system logging
+module(load="imuxsock")
+
+#
+# Log kernel messages
+#
+# provides kernel logging support
+module(load="imklog" permitnonkernelfacility="on")
+
+#
+# Log periodic -- MARK -- messages
+#
+# provides --MARK-- message capability
+#module(load="immark")
+#module(load="immark" markmessageperiod="3600")
+
diff --git a/scripts/latecommand/sid/etc/rsyslog.d/50-default-rulesets.conf b/scripts/latecommand/sid/etc/rsyslog.d/50-default-rulesets.conf
new file mode 100644
index 0000000..19a6218
--- /dev/null
+++ b/scripts/latecommand/sid/etc/rsyslog.d/50-default-rulesets.conf
@@ -0,0 +1,43 @@
+#
+# Standard log files, split by facility
+#
+auth,authpriv.*                /var/log/auth.log
+*.*;cron,auth,authpriv.none    -/var/log/syslog
+cron.*                         -/var/log/cron.log
+daemon.*                       -/var/log/daemon.log
+kern.*                         -/var/log/kern.log
+lpr.*                          -/var/log/lpr.log
+mail.*                         -/var/log/mail.log
+user.*                         -/var/log/user.log
+
+#
+# Logging for the mail system. Split it up so that
+# it is easy to write scripts to parse these files
+#
+mail.info                      -/var/log/mail.info
+mail.warn                      -/var/log/mail.warn
+mail.err                       /var/log/mail.err
+
+#
+# Logging for INN news system
+#
+news.crit                      /var/log/news/news.crit
+news.err                       /var/log/news/news.err
+news.notice                    -/var/log/news/news.notice
+
+#
+# Some "catch-all" log files
+#
+*.=debug;\
+        auth,authpriv.none;\
+        news.none;mail.none     -/var/log/debug
+*.=info;*.=notice;*.=warn;\
+        auth,authpriv.none;\
+        cron,daemon.none;\
+        mail,news.none          -/var/log/messages
+
+#
+# Emergencies are sent to everybody logged in
+#
+*.emerg                         :omusrmsg:*
+