From f6f51577ba3e89869a60ec3dfa9cb3187bd9e02f Mon Sep 17 00:00:00 2001 From: root Date: Mon, 15 Jul 2024 16:10:56 +0000 Subject: [PATCH] [debian12] feat: add script --- scripts/debian12.sh | 80 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 79 insertions(+), 1 deletion(-) diff --git a/scripts/debian12.sh b/scripts/debian12.sh index d90ce2b..4ebdd39 100644 --- a/scripts/debian12.sh +++ b/scripts/debian12.sh @@ -1 +1,79 @@ -echo "> hello ..." +# update guest +apt-get update +DEBIAN_FRONTEND=noninteractive apt-get upgrade -y +apt-get autoremove -y + +# install rc.local script +cat << 'EOL' | sudo tee /etc/rc.local +#!/bin/sh -ef +# +test -f /etc/ssh/ssh_host_dsa_key || sudo -u root dpkg-reconfigure openssh-server +exit 0 +EOL +chmod +x /etc/rc.local + +# cleaning logs +echo '> cleaning logs ...' +rm -rf /var/log/* + +# cleans persistent udev rules +echo '> cleaning persistent udev rules ...' +if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then + rm /etc/udev/rules.d/70-persistent-net.rules +fi + +# cleans /tmp directories +echo '> cleaning /tmp directories ...' +rm -rf /tmp/* +rm -rf /var/tmp/* + +# cleans SSH keys +echo '> cleaning ssh host keys ...' +rm -f /etc/ssh/ssh_host_* + +# sets hostname to localhost +echo '> setting hostname to localhost ...' +cat /dev/null > /etc/hostname +hostnamectl set-hostname localhost + +# cleans apt. +echo '> cleaning apt-get ...' +apt-get clean + +# cleans the machine-id +echo '> cleaning the machine-id ...' +truncate -s 0 /etc/machine-id +rm /var/lib/dbus/machine-id +ln -s /etc/machine-id /var/lib/dbus/machine-id + +# install the ansible user +echo '> create ansible user ...' +useradd -m ansible + +# configure ansible user +echo '> configure ansible user ...' +mkdir -p /home/ansible/.ssh +echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH9H3XK4IaK2pd8xegsbCm0at70kCi33vYkHDccV3Iyn" >> /home/ansible/.ssh/authorized_keys +chmod 700 /home/ansible/.ssh +chmod 600 /home/ansible/.ssh/authorized_keys +chown -R ansible:ansible /home/ansible + +# configure sudo for ansible +echo "ansible ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible + +# zero fill the disk +echo '> zero fill disk ...' +cat /dev/zero > /zero.file | exit 0 && sync && rm -f /zero.file + +# disable root login over ssh +sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config + +# cleans shell history +echo '> cleaning shell history ...' +unset HISTFILE +history -cw +echo > ~/.bash_history + +# all done +echo '> done.' +echo '> packer template build -- complete'