privacyidea: hardcoded user ids, using the new makefile
This commit is contained in:
parent
ba303c4fc6
commit
d580021c7e
|
|
@ -1,4 +1,8 @@
|
||||||
preinstall:
|
preinstall:
|
||||||
|
# hardcoded users and groups
|
||||||
|
$(inroot) useradd --system --comment="created from appliance building - zabbix user" --home-dir="/var/lib/zabbix/home" --shell="/sbin/nologin" --no-create-home --uid 600 --user-group zabbix
|
||||||
|
$(inroot) useradd --system --comment="created from appliance building - freeradius user" --home-dir="/var/log/radius" --shell="/sbin/nologin" --no-create-home --uid 604 --user-group radius
|
||||||
|
$(inroot) useradd --system --comment="created from appliance building - privacyidea user" --home-dir="/var/lib/privacyidea/home" --shell="/sbin/nologin" --no-create-home --uid 605 --user-group privacyidea
|
||||||
# switch to hardened, build hardened toolchain, rebuild everything
|
# switch to hardened, build hardened toolchain, rebuild everything
|
||||||
mkdir -p $(CHROOT)/etc/portage/profile
|
mkdir -p $(CHROOT)/etc/portage/profile
|
||||||
echo "-hardened" >> $(CHROOT)/etc/portage/profile/use.mask
|
echo "-hardened" >> $(CHROOT)/etc/portage/profile/use.mask
|
||||||
|
|
@ -8,25 +12,20 @@ preinstall:
|
||||||
$(inroot) $(EMERGE) $(USEPKG) --emptytree @world
|
$(inroot) $(EMERGE) $(USEPKG) --emptytree @world
|
||||||
$(inroot) bash -c 'yes YES | etc-update --automode -9'
|
$(inroot) bash -c 'yes YES | etc-update --automode -9'
|
||||||
|
|
||||||
# Unitas-Portage-Overlay einbinden
|
postinstall: base/timesyncd.conf base/firstboot.start
|
||||||
$(inroot) $(EMERGE) -n $(USEPKG) app-portage/layman
|
|
||||||
sed -i 's/check_official : Yes/check_official : No/' $(CHROOT)/etc/layman/layman.cfg
|
|
||||||
wget -P $(CHROOT)/etc/layman/overlays http://dev.unitas-network.de/raw/Gentoo/Unitas.git/master/unitas-overlays.xml
|
|
||||||
$(inroot) layman -l | grep -q unitas || $(inroot) layman -La unitas
|
|
||||||
|
|
||||||
postinstall: timesyncd.conf firstboot.start
|
|
||||||
# Konfigurationen anpassen
|
# Konfigurationen anpassen
|
||||||
cp timesyncd.conf $(CHROOT)/etc/systemd/timesyncd.conf
|
cp base/timesyncd.conf $(CHROOT)/etc/systemd/timesyncd.conf
|
||||||
mkdir -p $(CHROOT)/etc/local.d
|
mkdir -p $(CHROOT)/etc/local.d
|
||||||
cp firstboot.start $(CHROOT)/etc/local.d/firstboot.start
|
cp base/firstboot.start $(CHROOT)/etc/local.d/firstboot.start
|
||||||
touch $(CHROOT)/firstboot
|
touch $(CHROOT)/firstboot
|
||||||
sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' $(CHROOT)/etc/sudoers
|
sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' $(CHROOT)/etc/sudoers
|
||||||
$(inroot) useradd -m -G users,wheel -s /bin/bash admin
|
$(inroot) useradd -m -G users,wheel -s /bin/bash --comment="virtual appliance admin" --uid 2000 admin
|
||||||
$(inroot) passwd -d admin; $(inroot) passwd -e admin
|
$(inroot) passwd -d admin; $(inroot) passwd -e admin
|
||||||
$(inroot) systemctl enable tmux@root.service
|
$(inroot) systemctl enable tmux@root.service
|
||||||
|
cp base/tmux.conf $(CHROOT)/root/.tmux.conf
|
||||||
|
|
||||||
# Beispiel feste IP-Adresse
|
# Beispiel feste IP-Adresse
|
||||||
cp 00-eth0.network $(CHROOT)/00-eth0.network.example
|
cp base/00-eth0.network $(CHROOT)/00-eth0.network.example
|
||||||
|
|
||||||
# MariaDB-Konfiguration ($$, weil make ein $ entfernt)
|
# MariaDB-Konfiguration ($$, weil make ein $ entfernt)
|
||||||
sed -i "s/^character-set-server.*$$/character-set-server = utf8mb4\ncollation-server = utf8mb4_general_ci\ntransaction_isolation = READ-COMMITTED\nbinlog_format = ROW\nexpire_logs_days = 3/" $(CHROOT)/etc/mysql/my.cnf
|
sed -i "s/^character-set-server.*$$/character-set-server = utf8mb4\ncollation-server = utf8mb4_general_ci\ntransaction_isolation = READ-COMMITTED\nbinlog_format = ROW\nexpire_logs_days = 3/" $(CHROOT)/etc/mysql/my.cnf
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,3 @@
|
||||||
|
set -g mouse on
|
||||||
|
set-option -g set-titles on
|
||||||
|
set-option -g set-titles-string "#S / #T"
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# Compiler: gcc (Gentoo Hardened 9.2.0-r2 p3) 9.2.0
|
# Compiler: gcc (Gentoo 9.2.0-r2 p3) 9.2.0
|
||||||
#
|
#
|
||||||
CONFIG_CC_IS_GCC=y
|
CONFIG_CC_IS_GCC=y
|
||||||
CONFIG_GCC_VERSION=90200
|
CONFIG_GCC_VERSION=90200
|
||||||
|
|
@ -1161,7 +1161,7 @@ CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
|
||||||
CONFIG_XEN_BLKDEV_FRONTEND=y
|
CONFIG_XEN_BLKDEV_FRONTEND=y
|
||||||
# CONFIG_XEN_BLKDEV_BACKEND is not set
|
# CONFIG_XEN_BLKDEV_BACKEND is not set
|
||||||
CONFIG_VIRTIO_BLK=y
|
CONFIG_VIRTIO_BLK=y
|
||||||
# CONFIG_VIRTIO_BLK_SCSI is not set
|
CONFIG_VIRTIO_BLK_SCSI=y
|
||||||
# CONFIG_BLK_DEV_RBD is not set
|
# CONFIG_BLK_DEV_RBD is not set
|
||||||
# CONFIG_BLK_DEV_RSXX is not set
|
# CONFIG_BLK_DEV_RSXX is not set
|
||||||
|
|
||||||
|
|
@ -1804,14 +1804,14 @@ CONFIG_HVC_DRIVER=y
|
||||||
CONFIG_HVC_IRQ=y
|
CONFIG_HVC_IRQ=y
|
||||||
CONFIG_HVC_XEN=y
|
CONFIG_HVC_XEN=y
|
||||||
CONFIG_HVC_XEN_FRONTEND=y
|
CONFIG_HVC_XEN_FRONTEND=y
|
||||||
# CONFIG_VIRTIO_CONSOLE is not set
|
CONFIG_VIRTIO_CONSOLE=y
|
||||||
# CONFIG_IPMI_HANDLER is not set
|
# CONFIG_IPMI_HANDLER is not set
|
||||||
CONFIG_HW_RANDOM=y
|
CONFIG_HW_RANDOM=y
|
||||||
# CONFIG_HW_RANDOM_TIMERIOMEM is not set
|
# CONFIG_HW_RANDOM_TIMERIOMEM is not set
|
||||||
CONFIG_HW_RANDOM_INTEL=y
|
CONFIG_HW_RANDOM_INTEL=y
|
||||||
# CONFIG_HW_RANDOM_AMD is not set
|
# CONFIG_HW_RANDOM_AMD is not set
|
||||||
# CONFIG_HW_RANDOM_VIA is not set
|
# CONFIG_HW_RANDOM_VIA is not set
|
||||||
CONFIG_HW_RANDOM_VIRTIO=y
|
# CONFIG_HW_RANDOM_VIRTIO is not set
|
||||||
# CONFIG_NVRAM is not set
|
# CONFIG_NVRAM is not set
|
||||||
# CONFIG_APPLICOM is not set
|
# CONFIG_APPLICOM is not set
|
||||||
# CONFIG_MWAVE is not set
|
# CONFIG_MWAVE is not set
|
||||||
|
|
|
||||||
|
|
@ -16,3 +16,5 @@ KERNEL_CONFIG = appliances/$(APPLIANCE)/kernel.config
|
||||||
ENABLE_SSHD = YES
|
ENABLE_SSHD = YES
|
||||||
TIMEZONE=Europe/Berlin
|
TIMEZONE=Europe/Berlin
|
||||||
LOCALE=de_DE.utf8
|
LOCALE=de_DE.utf8
|
||||||
|
REPO_NAMES = unitas
|
||||||
|
REPO_URI_unitas = https://dev.unitas-network.de/r/Gentoo/Unitas.git
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
app-admin/logrotate
|
app-admin/logrotate
|
||||||
app-admin/sudo
|
app-admin/sudo
|
||||||
app-emulation/open-vm-tools
|
app-emulation/open-vm-tools
|
||||||
|
app-emulation/qemu-guest-agent
|
||||||
app-misc/mc
|
app-misc/mc
|
||||||
app-misc/tmuxservice
|
app-misc/tmuxservice
|
||||||
net-analyzer/zabbix
|
net-analyzer/zabbix
|
||||||
|
|
|
||||||
Reference in New Issue