privacyidea: add letsencrypt, sudo ssh forward
This commit is contained in:
parent
0db3a4c2bb
commit
a267b8c3c4
|
@ -19,6 +19,8 @@ postinstall: base/timesyncd.conf base/firstboot.start
|
||||||
cp base/firstboot.start $(CHROOT)/etc/local.d/firstboot.start
|
cp base/firstboot.start $(CHROOT)/etc/local.d/firstboot.start
|
||||||
touch $(CHROOT)/firstboot
|
touch $(CHROOT)/firstboot
|
||||||
sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' $(CHROOT)/etc/sudoers
|
sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' $(CHROOT)/etc/sudoers
|
||||||
|
sed -i 's#^auth.*$$#auth [success=2 default=ignore] pam_ssh_agent_auth.so file=~/.ssh/authorized_keys\nauth include system-auth#' $(CHROOT)/etc/pam.d/sudo
|
||||||
|
echo "Defaults env_keep += SSH_AUTH_SOCK" > $(CHROOT)/etc/sudoers.d/ssh_auth_sock
|
||||||
$(inroot) useradd -m -G users,wheel -s /bin/bash --comment="virtual appliance admin" --uid 2000 admin
|
$(inroot) useradd -m -G users,wheel -s /bin/bash --comment="virtual appliance admin" --uid 2000 admin
|
||||||
$(inroot) passwd -d admin; $(inroot) passwd -e admin
|
$(inroot) passwd -d admin; $(inroot) passwd -e admin
|
||||||
$(inroot) systemctl enable tmux@root.service
|
$(inroot) systemctl enable tmux@root.service
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
CFLAGS="-O2 -pipe"
|
CFLAGS="-O2 -pipe"
|
||||||
CXXFLAGS="-O2 -pipe"
|
CXXFLAGS="-O2 -pipe"
|
||||||
USE="hardened justify pie ssp urandom xattr -fortran -jit -orc -pch -pic -prelink -profile -tcc"
|
USE="hardened justify pie ssp urandom xattr -fortran -pch -pic -prelink -profile -tcc"
|
||||||
MAKEOPTS="-j5"
|
MAKEOPTS="-j5"
|
||||||
PYTHON_TARGETS="python3_6"
|
PYTHON_TARGETS="python3_6"
|
||||||
PYTHON_SINGLE_TARGET="python3_6"
|
PYTHON_SINGLE_TARGET="python3_6"
|
||||||
|
|
|
@ -33,3 +33,6 @@ sci-libs/hdf5 -cxx -fortran -hl
|
||||||
# RADIUS (ohne Samba kein rlm_mschap.so)
|
# RADIUS (ohne Samba kein rlm_mschap.so)
|
||||||
net-dialup/freeradius kerberos ldap mysql -python samba
|
net-dialup/freeradius kerberos ldap mysql -python samba
|
||||||
net-fs/samba ads gnutls ldap winbind
|
net-fs/samba ads gnutls ldap winbind
|
||||||
|
|
||||||
|
# LDAP
|
||||||
|
net-nds/openldap overlays perl sasl
|
||||||
|
|
|
@ -8,6 +8,7 @@ net-analyzer/zabbix
|
||||||
sys-auth/pam_ssh_agent_auth
|
sys-auth/pam_ssh_agent_auth
|
||||||
sys-fs/mdadm
|
sys-fs/mdadm
|
||||||
sys-power/acpid
|
sys-power/acpid
|
||||||
|
app-crypt/certbot-apache
|
||||||
dev-db/mariadb
|
dev-db/mariadb
|
||||||
www-apps/privacyidea
|
www-apps/privacyidea
|
||||||
www-apps/privacyideaadm
|
www-apps/privacyideaadm
|
||||||
|
|
Reference in New Issue