[debian12] feat: add script
This commit is contained in:
root
parent
2a5bfe2f71
commit
f6f51577ba
@ -1 +1,79 @@
|
||||
echo "> hello ..."
|
||||
# update guest
|
||||
apt-get update
|
||||
DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
|
||||
apt-get autoremove -y
|
||||
|
||||
# install rc.local script
|
||||
cat << 'EOL' | sudo tee /etc/rc.local
|
||||
#!/bin/sh -ef
|
||||
#
|
||||
test -f /etc/ssh/ssh_host_dsa_key || sudo -u root dpkg-reconfigure openssh-server
|
||||
exit 0
|
||||
EOL
|
||||
chmod +x /etc/rc.local
|
||||
|
||||
# cleaning logs
|
||||
echo '> cleaning logs ...'
|
||||
rm -rf /var/log/*
|
||||
|
||||
# cleans persistent udev rules
|
||||
echo '> cleaning persistent udev rules ...'
|
||||
if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then
|
||||
rm /etc/udev/rules.d/70-persistent-net.rules
|
||||
fi
|
||||
|
||||
# cleans /tmp directories
|
||||
echo '> cleaning /tmp directories ...'
|
||||
rm -rf /tmp/*
|
||||
rm -rf /var/tmp/*
|
||||
|
||||
# cleans SSH keys
|
||||
echo '> cleaning ssh host keys ...'
|
||||
rm -f /etc/ssh/ssh_host_*
|
||||
|
||||
# sets hostname to localhost
|
||||
echo '> setting hostname to localhost ...'
|
||||
cat /dev/null > /etc/hostname
|
||||
hostnamectl set-hostname localhost
|
||||
|
||||
# cleans apt.
|
||||
echo '> cleaning apt-get ...'
|
||||
apt-get clean
|
||||
|
||||
# cleans the machine-id
|
||||
echo '> cleaning the machine-id ...'
|
||||
truncate -s 0 /etc/machine-id
|
||||
rm /var/lib/dbus/machine-id
|
||||
ln -s /etc/machine-id /var/lib/dbus/machine-id
|
||||
|
||||
# install the ansible user
|
||||
echo '> create ansible user ...'
|
||||
useradd -m ansible
|
||||
|
||||
# configure ansible user
|
||||
echo '> configure ansible user ...'
|
||||
mkdir -p /home/ansible/.ssh
|
||||
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH9H3XK4IaK2pd8xegsbCm0at70kCi33vYkHDccV3Iyn" >> /home/ansible/.ssh/authorized_keys
|
||||
chmod 700 /home/ansible/.ssh
|
||||
chmod 600 /home/ansible/.ssh/authorized_keys
|
||||
chown -R ansible:ansible /home/ansible
|
||||
|
||||
# configure sudo for ansible
|
||||
echo "ansible ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible
|
||||
|
||||
# zero fill the disk
|
||||
echo '> zero fill disk ...'
|
||||
cat /dev/zero > /zero.file | exit 0 && sync && rm -f /zero.file
|
||||
|
||||
# disable root login over ssh
|
||||
sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
|
||||
|
||||
# cleans shell history
|
||||
echo '> cleaning shell history ...'
|
||||
unset HISTFILE
|
||||
history -cw
|
||||
echo > ~/.bash_history
|
||||
|
||||
# all done
|
||||
echo '> done.'
|
||||
echo '> packer template build -- complete'
|
||||
|
||||
Loading…
Reference in New Issue
Block a user