privacyidea: hardcoded user ids, using the new makefile
This commit is contained in:
parent
ba303c4fc6
commit
d580021c7e
|
|
@ -1,4 +1,8 @@
|
|||
preinstall:
|
||||
# hardcoded users and groups
|
||||
$(inroot) useradd --system --comment="created from appliance building - zabbix user" --home-dir="/var/lib/zabbix/home" --shell="/sbin/nologin" --no-create-home --uid 600 --user-group zabbix
|
||||
$(inroot) useradd --system --comment="created from appliance building - freeradius user" --home-dir="/var/log/radius" --shell="/sbin/nologin" --no-create-home --uid 604 --user-group radius
|
||||
$(inroot) useradd --system --comment="created from appliance building - privacyidea user" --home-dir="/var/lib/privacyidea/home" --shell="/sbin/nologin" --no-create-home --uid 605 --user-group privacyidea
|
||||
# switch to hardened, build hardened toolchain, rebuild everything
|
||||
mkdir -p $(CHROOT)/etc/portage/profile
|
||||
echo "-hardened" >> $(CHROOT)/etc/portage/profile/use.mask
|
||||
|
|
@ -8,25 +12,20 @@ preinstall:
|
|||
$(inroot) $(EMERGE) $(USEPKG) --emptytree @world
|
||||
$(inroot) bash -c 'yes YES | etc-update --automode -9'
|
||||
|
||||
# Unitas-Portage-Overlay einbinden
|
||||
$(inroot) $(EMERGE) -n $(USEPKG) app-portage/layman
|
||||
sed -i 's/check_official : Yes/check_official : No/' $(CHROOT)/etc/layman/layman.cfg
|
||||
wget -P $(CHROOT)/etc/layman/overlays http://dev.unitas-network.de/raw/Gentoo/Unitas.git/master/unitas-overlays.xml
|
||||
$(inroot) layman -l | grep -q unitas || $(inroot) layman -La unitas
|
||||
|
||||
postinstall: timesyncd.conf firstboot.start
|
||||
postinstall: base/timesyncd.conf base/firstboot.start
|
||||
# Konfigurationen anpassen
|
||||
cp timesyncd.conf $(CHROOT)/etc/systemd/timesyncd.conf
|
||||
cp base/timesyncd.conf $(CHROOT)/etc/systemd/timesyncd.conf
|
||||
mkdir -p $(CHROOT)/etc/local.d
|
||||
cp firstboot.start $(CHROOT)/etc/local.d/firstboot.start
|
||||
cp base/firstboot.start $(CHROOT)/etc/local.d/firstboot.start
|
||||
touch $(CHROOT)/firstboot
|
||||
sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' $(CHROOT)/etc/sudoers
|
||||
$(inroot) useradd -m -G users,wheel -s /bin/bash admin
|
||||
$(inroot) useradd -m -G users,wheel -s /bin/bash --comment="virtual appliance admin" --uid 2000 admin
|
||||
$(inroot) passwd -d admin; $(inroot) passwd -e admin
|
||||
$(inroot) systemctl enable tmux@root.service
|
||||
cp base/tmux.conf $(CHROOT)/root/.tmux.conf
|
||||
|
||||
# Beispiel feste IP-Adresse
|
||||
cp 00-eth0.network $(CHROOT)/00-eth0.network.example
|
||||
cp base/00-eth0.network $(CHROOT)/00-eth0.network.example
|
||||
|
||||
# MariaDB-Konfiguration ($$, weil make ein $ entfernt)
|
||||
sed -i "s/^character-set-server.*$$/character-set-server = utf8mb4\ncollation-server = utf8mb4_general_ci\ntransaction_isolation = READ-COMMITTED\nbinlog_format = ROW\nexpire_logs_days = 3/" $(CHROOT)/etc/mysql/my.cnf
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
set -g mouse on
|
||||
set-option -g set-titles on
|
||||
set-option -g set-titles-string "#S / #T"
|
||||
|
|
@ -4,7 +4,7 @@
|
|||
#
|
||||
|
||||
#
|
||||
# Compiler: gcc (Gentoo Hardened 9.2.0-r2 p3) 9.2.0
|
||||
# Compiler: gcc (Gentoo 9.2.0-r2 p3) 9.2.0
|
||||
#
|
||||
CONFIG_CC_IS_GCC=y
|
||||
CONFIG_GCC_VERSION=90200
|
||||
|
|
@ -1161,7 +1161,7 @@ CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
|
|||
CONFIG_XEN_BLKDEV_FRONTEND=y
|
||||
# CONFIG_XEN_BLKDEV_BACKEND is not set
|
||||
CONFIG_VIRTIO_BLK=y
|
||||
# CONFIG_VIRTIO_BLK_SCSI is not set
|
||||
CONFIG_VIRTIO_BLK_SCSI=y
|
||||
# CONFIG_BLK_DEV_RBD is not set
|
||||
# CONFIG_BLK_DEV_RSXX is not set
|
||||
|
||||
|
|
@ -1804,14 +1804,14 @@ CONFIG_HVC_DRIVER=y
|
|||
CONFIG_HVC_IRQ=y
|
||||
CONFIG_HVC_XEN=y
|
||||
CONFIG_HVC_XEN_FRONTEND=y
|
||||
# CONFIG_VIRTIO_CONSOLE is not set
|
||||
CONFIG_VIRTIO_CONSOLE=y
|
||||
# CONFIG_IPMI_HANDLER is not set
|
||||
CONFIG_HW_RANDOM=y
|
||||
# CONFIG_HW_RANDOM_TIMERIOMEM is not set
|
||||
CONFIG_HW_RANDOM_INTEL=y
|
||||
# CONFIG_HW_RANDOM_AMD is not set
|
||||
# CONFIG_HW_RANDOM_VIA is not set
|
||||
CONFIG_HW_RANDOM_VIRTIO=y
|
||||
# CONFIG_HW_RANDOM_VIRTIO is not set
|
||||
# CONFIG_NVRAM is not set
|
||||
# CONFIG_APPLICOM is not set
|
||||
# CONFIG_MWAVE is not set
|
||||
|
|
|
|||
|
|
@ -16,3 +16,5 @@ KERNEL_CONFIG = appliances/$(APPLIANCE)/kernel.config
|
|||
ENABLE_SSHD = YES
|
||||
TIMEZONE=Europe/Berlin
|
||||
LOCALE=de_DE.utf8
|
||||
REPO_NAMES = unitas
|
||||
REPO_URI_unitas = https://dev.unitas-network.de/r/Gentoo/Unitas.git
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
app-admin/logrotate
|
||||
app-admin/sudo
|
||||
app-emulation/open-vm-tools
|
||||
app-emulation/qemu-guest-agent
|
||||
app-misc/mc
|
||||
app-misc/tmuxservice
|
||||
net-analyzer/zabbix
|
||||
|
|
|
|||
Reference in New Issue