diff --git a/CHANGELOG.md b/CHANGELOG.md index bffa4dc..9d3341c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ ### Bullseye support * Download current Debian Testing * Basic preseed file. +* Set new latecommand script (update packages,…). ### Improvement * Add an UEFI entry to manage specific partitions (see #16). diff --git a/scripts/latecommand.tar.gz b/scripts/latecommand.tar.gz index 3ee2337..6e911e6 100644 Binary files a/scripts/latecommand.tar.gz and b/scripts/latecommand.tar.gz differ diff --git a/scripts/latecommand/bullseye/etc/apt/apt.conf.d/25no-recommends.conf b/scripts/latecommand/bullseye/etc/apt/apt.conf.d/25no-recommends.conf new file mode 100644 index 0000000..455f9e0 --- /dev/null +++ b/scripts/latecommand/bullseye/etc/apt/apt.conf.d/25no-recommends.conf @@ -0,0 +1,7 @@ +// Should APT install recommended or suggested packages? +APT::Install-Recommends "false"; +APT::Install-Suggests "false"; + +// APT should not consider recommended or suggested packages to be unused +APT::AutoRemove::RecommendsImportant "true"; +APT::AutoRemove::SuggestsImportant "true"; diff --git a/scripts/latecommand/bullseye/etc/apt/sources.list b/scripts/latecommand/bullseye/etc/apt/sources.list new file mode 100644 index 0000000..84c479f --- /dev/null +++ b/scripts/latecommand/bullseye/etc/apt/sources.list @@ -0,0 +1,6 @@ +# From latecommand - Debian's preseed +deb http://ftp.fr.debian.org/debian/ bullseye main non-free contrib +deb-src http://ftp.fr.debian.org/debian/ bullseye main non-free contrib + +deb http://security.debian.org/debian-security bullseye/updates main contrib non-free +deb-src http://security.debian.org/debian-security bullseye/updates main contrib non-free diff --git a/scripts/latecommand/bullseye/etc/logrotate.conf b/scripts/latecommand/bullseye/etc/logrotate.conf new file mode 100644 index 0000000..12b4c1e --- /dev/null +++ b/scripts/latecommand/bullseye/etc/logrotate.conf @@ -0,0 +1,29 @@ +# see "man logrotate" for details + +# global options do not affect preceding include directives + +# rotate log files weekly +weekly + +# keep 4 weeks worth of backlogs +rotate 4 + +# create new (empty) log files after rotating old ones +create + +# use date as a suffix of the rotated file +dateext + +# compress log files +compress + +# Postpone compression of the previous log file to the next rotation cycle +delaycompress + +# Do not rotate the log if it is empty +notifempty + +# packages drop log rotation information into this directory +include /etc/logrotate.d + +# system-specific logs may also be configured here. diff --git a/scripts/latecommand/bullseye/etc/logrotate.d/alternatives b/scripts/latecommand/bullseye/etc/logrotate.d/alternatives new file mode 100644 index 0000000..9c617c7 --- /dev/null +++ b/scripts/latecommand/bullseye/etc/logrotate.d/alternatives @@ -0,0 +1,7 @@ +/var/log/alternatives.log { + monthly + rotate 12 + missingok + create 644 root root + olddir /var/log/alternatives.d +} diff --git a/scripts/latecommand/bullseye/etc/logrotate.d/apt b/scripts/latecommand/bullseye/etc/logrotate.d/apt new file mode 100644 index 0000000..e516fbd --- /dev/null +++ b/scripts/latecommand/bullseye/etc/logrotate.d/apt @@ -0,0 +1,12 @@ +/var/log/apt/term.log { + rotate 12 + monthly + missingok +} + +/var/log/apt/history.log { + rotate 12 + monthly + missingok +} + diff --git a/scripts/latecommand/bullseye/etc/logrotate.d/aptitude b/scripts/latecommand/bullseye/etc/logrotate.d/aptitude new file mode 100644 index 0000000..a1ad0f5 --- /dev/null +++ b/scripts/latecommand/bullseye/etc/logrotate.d/aptitude @@ -0,0 +1,7 @@ +/var/log/aptitude { + rotate 6 + monthly + missingok + olddir /var/log/aptitude.d + +} diff --git a/scripts/latecommand/bullseye/etc/logrotate.d/btmp b/scripts/latecommand/bullseye/etc/logrotate.d/btmp new file mode 100644 index 0000000..e2ce942 --- /dev/null +++ b/scripts/latecommand/bullseye/etc/logrotate.d/btmp @@ -0,0 +1,8 @@ +# no packages own btmp -- we'll rotate it here +/var/log/btmp { + missingok + monthly + create 0660 root utmp + rotate 3 + olddir /var/log/old_logs.d +} diff --git a/scripts/latecommand/bullseye/etc/logrotate.d/dpkg b/scripts/latecommand/bullseye/etc/logrotate.d/dpkg new file mode 100644 index 0000000..d9c78a2 --- /dev/null +++ b/scripts/latecommand/bullseye/etc/logrotate.d/dpkg @@ -0,0 +1,7 @@ +/var/log/dpkg.log { + monthly + rotate 12 + missingok + create 644 root root + olddir /var/log/dpkg.d +} diff --git a/scripts/latecommand/bullseye/etc/logrotate.d/rsyslog b/scripts/latecommand/bullseye/etc/logrotate.d/rsyslog new file mode 100644 index 0000000..76a4fc2 --- /dev/null +++ b/scripts/latecommand/bullseye/etc/logrotate.d/rsyslog @@ -0,0 +1,108 @@ +# Default directives are activilly used, please see /etc/logrotate.conf + +/var/log/syslog +/var/log/syslog.log +/var/log/local0.log +/var/log/local1.log +/var/log/local2.log +/var/log/local3.log +/var/log/local4.log +/var/log/local5.log +/var/log/local6.log +/var/log/local7.log +/var/log/uucp.log +{ + rotate 8 + daily + missingok + olddir /var/log/syslog.d + + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} + +/var/log/cron.log /var/log/mark.log { + maxsize 250k + missingok + sharedscripts + olddir /var/log/cron.d + + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} + +/var/log/daemon.log { + maxsize 250k + missingok + sharedscripts + olddir /var/log/daemon.d + + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} + +/var/log/kern.log /var/log/kernel.log { + maxsize 250k + missingok + sharedscripts + olddir /var/log/kern.d + + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} + +/var/log/lpr.log { + maxsize 250k + missingok + sharedscripts + olddir /var/log/lpr.d + + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} + +/var/log/mail.log +/var/log/mail.info +/var/log/mail.warn +/var/log/mail.err +{ + maxsize 250k + missingok + sharedscripts + olddir /var/log/mail.d + + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} + +/var/log/auth.log +/var/log/authpriv.log +/var/log/user.log +{ + maxsize 250k + missingok + sharedscripts + olddir /var/log/auth.d + + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} + +/var/log/messages /var/log/debug { + maxsize 250k + missingok + sharedscripts + olddir /var/log/messages.d + + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} + diff --git a/scripts/latecommand/bullseye/etc/logrotate.d/wtmp b/scripts/latecommand/bullseye/etc/logrotate.d/wtmp new file mode 100644 index 0000000..b0e0a76 --- /dev/null +++ b/scripts/latecommand/bullseye/etc/logrotate.d/wtmp @@ -0,0 +1,9 @@ +# no packages own wtmp -- we'll rotate it here +/var/log/wtmp { + missingok + monthly + create 0664 root utmp + minsize 1M + rotate 3 + olddir /var/log/old_logs.d +} diff --git a/scripts/latecommand/bullseye/etc/rsyslog.conf b/scripts/latecommand/bullseye/etc/rsyslog.conf new file mode 100644 index 0000000..f4a741a --- /dev/null +++ b/scripts/latecommand/bullseye/etc/rsyslog.conf @@ -0,0 +1,107 @@ +# /etc/rsyslog.conf Configuration file for rsyslog. +# +# For more information install rsyslog-doc and see +# /usr/share/doc/rsyslog-doc/html/configuration/index.html + + +################# +#### MODULES #### +################# + +# +# Provides support for local system logging +# +module(load="imuxsock") + +# +# Provides kernel logging support +# +module(load="imklog") + +# +# Provides --MARK-- message capability +# +#module(load="immark") + +# +# Provides UDP syslog reception +# +#module(load="imudp") +#input(type="imudp" port="514" ruleset="remote") + +# +# Provides TCP syslog reception +# +#module(load="imtcp") +#input(type="imtcp" port="514") + + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# +# Use traditional timestamp format. +# To enable high precision timestamps, comment out the following line. +# +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat + +# +# Set the default permissions for all log files. +# +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +# +# Where to place spool and state files +# +$WorkDirectory /var/spool/rsyslog + +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf + + +############### +#### RULES #### +############### + +# +# First some standard log files. Log by facility. +# +auth,authpriv.* /var/log/auth.log +*.*;auth,authpriv.none -/var/log/syslog +cron.* /var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. +# +mail.info -/var/log/mail.info +mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err + +# +# Some "catch-all" log files. +# +*.=debug;\ + auth,authpriv.none;\ + news.none;mail.none -/var/log/debug +*.=info;*.=notice;*.=warn;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail,news.none -/var/log/messages + +# +# Emergencies are sent to everybody logged in. +# +*.emerg :omusrmsg:* diff --git a/scripts/latecommand/bullseye/etc/rsyslog.d/cron-session.conf b/scripts/latecommand/bullseye/etc/rsyslog.d/cron-session.conf new file mode 100644 index 0000000..d5b0185 --- /dev/null +++ b/scripts/latecommand/bullseye/etc/rsyslog.d/cron-session.conf @@ -0,0 +1,25 @@ +# +# Redirect PAM session information for 'cron' entries to the cron log file, +# to avoid filling up auth.log +# +if ($msg contains "pam_unix(cron:session): session opened for user") then { + action( + type="omfile" + file="/var/log/cron.log" + fileOwner="root" + fileGroup="adm" + fileCreateMode="0640" + dirCreateMode="0755" + ) + stop +} else if ($msg contains "pam_unix(cron:session): session closed for user") then { + action( + type="omfile" + file="/var/log/cron.log" + fileOwner="root" + fileGroup="adm" + fileCreateMode="0640" + dirCreateMode="0755" + ) + stop +} diff --git a/scripts/latecommand/bullseye/etc/rsyslog.d/postfix.conf b/scripts/latecommand/bullseye/etc/rsyslog.d/postfix.conf new file mode 100644 index 0000000..7b5d9b0 --- /dev/null +++ b/scripts/latecommand/bullseye/etc/rsyslog.d/postfix.conf @@ -0,0 +1,4 @@ +# Create an additional socket in postfix's chroot in order not to break +# mail logging when rsyslog is restarted. If the directory is missing, +# rsyslog will silently skip creating the socket. +$AddUnixListenSocket /var/spool/postfix/dev/log diff --git a/scripts/latecommand/post.bullseye.sh b/scripts/latecommand/post.bullseye.sh new file mode 100755 index 0000000..e19f9c0 --- /dev/null +++ b/scripts/latecommand/post.bullseye.sh @@ -0,0 +1,159 @@ +#!/bin/sh + +APT_CONF_INCLUDE_SRC="$(dirname $0)/bullseye/etc/apt/apt.conf.d/" +APT_CONF_INCLUDE_PATH="/etc/apt/apt.conf.d/" + +APT_SOURCES_SRC="$(dirname $0)/bullseye/etc/apt/sources.list" +APT_SOURCES_PATH="/etc/apt/sources.list" + +RSYSLOGD_CONF_SRC="$(dirname $0)/bullseye/etc/rsyslog.conf" +RSYSLOGD_CONF_PATH="/etc/rsyslog.conf" +RSYSLOGD_INCLUDE_SRC="$(dirname $0)/bullseye/etc/rsyslog.d/" +RSYSLOGD_INCLUDE_PATH="/etc/rsyslog.d/" + +LOGROTATE_CONF_SRC="$(dirname $0)/bullseye/etc/logrotate.conf" +LOGROTATE_CONF_PATH="/etc/logrotate.conf" +LOGROTATE_INCLUDE_SRC="$(dirname $0)/bullseye/etc/logrotate.d/" +LOGROTATE_INCLUDE_PATH="/etc/logrotate.d/" + +# apt configuration {{{ + +# ensure to have some default configuration for Apt +cp -- "${APT_CONF_INCLUDE_SRC}"* "${APT_CONF_INCLUDE_PATH}" + +# ensure to have a correct sources.list file for Apt +cp -- "${APT_SOURCES_SRC}" "${APT_SOURCES_PATH}" + +# }}} + +## Packages {{{ + +# update repositories and packages +apt update +apt -y full-upgrade + +# Ensure to have some basic packages +apt -y install aptitude tmux zsh + +# If no X display is expected +if [ ! "$(dpkg -l xorg)" ]; then + ## Remove unwanted x11 lib + aptitude -y remove libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 xauth + if [ "$(dpkg -l task-english)" ]; then + ## Remove task-english + aptitude -y remove task-english iamerican ibritish ienglish-common ispell util-linux-locales wamerican + fi +else + if [ "$(dpkg -l task-english)" ]; then + ## Remove task-english + aptitude -y remove task-english + fi +fi + +### Documentation {{{ +# Remove task-french +if [ "$(dpkg -l task-french)" ]; then + # Move default wordlist to american before remove all packages + select-default-wordlist --set-default=american + aptitude -y remove task-french + + # Reinstall useful french doc and move back to french dict + aptitude -y install aspell-fr ifrench-gut manpages-fr wfrench + select-default-wordlist --set-default=".*(F|f)rench.*" +fi + +# Ensure to have minimal documentation +aptitude -y install man-db manpages manpages-fr + +### }}} + +### SSH {{{ +# Remove task-ssh-server +if [ "$(dpkg -l task-ssh-server)" ]; then + aptitude -y remove task-ssh-server ncurses-term +fi + +# Ensure to install openssh-server +aptitude -y install openssh-server openssh-sftp-server + +### }}} + +# Ansible dependencies +aptitude -y install python3-apt + +### Tasksel {{{ +# If tasksel and tasksel-data are the only task* relative packages +if [ "$(dpkg -l | grep -c '^ii task')" -eq "2" ]; then + aptitude -y remove tasksel tasksel-data +fi + +# purge configuration files +aptitude -y purge '~c' + +### }}} + +## }}} + +# Grub {{{ + +## If EFI directory is present +EFI_PATH="/boot/efi" +if [ -d "${EFI_PATH}" ]; then + ## Install grub-efi + aptitude install -y grub-efi-amd64 + ## Get grub device (keep only some patterns, eg. /dev/sda, /dev/vda, /dev/nvme0n1,…) + GRUB_DEVICE=$(sed -n "s;^\(/dev/[a-z]\{3\}\|/dev/nvme[a-z0-9]\{3\}\)\(p[0-9]\|[0-9]\) ${EFI_PATH} .*;\1;p" /etc/mtab) + grub-install --target=x86_64-efi "${GRUB_DEVICE}" 2>/dev/null + if [ -d "${EFI_PATH}"/EFI ]; then + ## Copy efi entries to a boot directory + mkdir -p -- "${EFI_PATH}"/EFI/boot + find "${EFI_PATH}"/EFI/grub -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit 2>/dev/null + find "${EFI_PATH}"/EFI/debian -type f -iname "grubx64.efi" -exec cp {} "${EFI_PATH}"/EFI/boot/bootx64.efi \; -quit + fi +fi + +### }}} + +### Rsyslog {{{ + +# Install new Rsyslog configuration +if [ -f "${RSYSLOGD_CONF_PATH}" ]; then + cp -- "${RSYSLOGD_CONF_PATH}" "${RSYSLOGD_CONF_PATH}".orig + cp -- "${RSYSLOGD_CONF_SRC}" "${RSYSLOGD_CONF_PATH}" +fi +cp -- "${RSYSLOGD_INCLUDE_SRC}"* "${RSYSLOGD_INCLUDE_PATH}" + +# Restart Rsyslog service +systemctl restart rsyslog + +### }}} +### Logrotate {{{ + +# Install new Logrotate configuration +if [ -f "${LOGROTATE_CONF_PATH}" ]; then + cp -- "${LOGROTATE_CONF_PATH}" "${LOGROTATE_CONF_PATH}".orig + cp -- "${LOGROTATE_CONF_SRC}" "${LOGROTATE_CONF_PATH}" +fi +cp -- "${LOGROTATE_INCLUDE_SRC}"* "${LOGROTATE_INCLUDE_PATH}" + +# Create an archive directory for some log files (aptitude, dpkg,…) +mkdir -p -- /var/log/old_logs.d \ + /var/log/alternatives.d \ + /var/log/aptitude.d \ + /var/log/auth.d \ + /var/log/cron.d \ + /var/log/daemon.d \ + /var/log/dpkg.d \ + /var/log/kern.d \ + /var/log/mail.d \ + /var/log/messages.d \ + /var/log/syslog.d + +chmod 0750 /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d +chown root:adm /var/log/auth.d /var/log/daemon.d /var/log/kern.d /var/log/messages.d /var/log/syslog.d + +# Create the log directory for journald (Systemd), need the configuration Storage=(auto|persistent) +mkdir -p -- /var/log/journal +### }}} + +exit 0