diff options
-rwxr-xr-x | create-new-vm.sh | 14 | ||||
-rw-r--r-- | setup-arch-vm | 57 |
2 files changed, 36 insertions, 35 deletions
diff --git a/create-new-vm.sh b/create-new-vm.sh index dd4a4ed..8e51a15 100755 --- a/create-new-vm.sh +++ b/create-new-vm.sh @@ -9,6 +9,11 @@ TMPDIR="`mktemp -d "/tmp/fb-client-up.XXXXXX"`" trap "rm -rf '${TMPDIR}'" EXIT TERM cd "$TMPDIR" +if [[ ! -f /srv/http/vms/network/$name ]]; then + echo "Missing vm network definition /srv/http/vms/network/$name" >&2 + exit 1 +fi + cat <<EOF >vm.xml <domain type='kvm'> <name>$name</name> @@ -36,25 +41,19 @@ cat <<EOF >vm.xml <driver name='qemu' type='qcow2'/> <source file='/mnt/data/libvirt/storage/${name}.img'/> <target dev='vda' bus='virtio'/> - <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/> </disk> <controller type='usb' index='0'> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> </controller> <controller type='pci' index='0' model='pci-root'/> <controller type='ide' index='0'> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> </controller> <controller type='scsi' index='0'> - <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/> </controller> <controller type='scsi' index='1' model='virtio-scsi'> - <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/> </controller> <interface type='network'> <source network='mynet'/> <model type='virtio'/> - <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> <serial type='pty'> <target port='0'/> @@ -65,14 +64,11 @@ cat <<EOF >vm.xml <input type='mouse' bus='ps2'/> <graphics type='vnc' port='-1' autoport='yes'/> <sound model='ich6'> - <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> </sound> <video> <model type='cirrus' vram='9216' heads='1'/> - <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> </video> <memballoon model='virtio'> - <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> </memballoon> </devices> </domain> diff --git a/setup-arch-vm b/setup-arch-vm index 4444591..fbf3be1 100644 --- a/setup-arch-vm +++ b/setup-arch-vm @@ -42,12 +42,22 @@ cat <<EOF >/etc/pacman.d/mirrorlist Server = http://mirror.server-speed.net/\$repo/os/\$arch EOF -pacstrap /mnt base syslinux sudo openssh haveged htop git zsh screen dnsutils vim net-tools avahi +pacstrap /mnt base syslinux sudo openssh haveged htop git zsh screen dnsutils vim net-tools genfstab -p /mnt >> /mnt/etc/fstab mymac=$(ip addr show dev eth0 | sed -rn 's#^\s+link/ether ([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}).*$#\1#p') get_url "http://$server/hostnames/$mymac" "archvm" > /mnt/etc/hostname +hostname=$(cat /mnt/etc/hostname) + +cat << EOF >/mnt/etc/systemd/network/10-static-ethernet.network +[Match] +Name=e* + +[Network] +$(get_url "http://$server/network/$hostname") +EOF + ln -s /usr/share/zoneinfo/Europe/Athens /mnt/etc/localtime echo "en_US.UTF-8 UTF-8" > /mnt/etc/locale.gen arch-chroot /mnt locale-gen @@ -62,37 +72,32 @@ cat <<EOF >/mnt/boot/syslinux/syslinux.cfg serial 0 115200 DEFAULT arch PROMPT 0 -TIMEOUT 50 +TIMEOUT 30 +UI menu.c32 LABEL arch MENU LABEL Arch Linux LINUX ../vmlinuz-linux - APPEND root=${disk}1 rw logo.nologo elevator=deadline console=tty0 console=ttyS0 nomodeset + APPEND root=${disk}1 rw logo.nologo elevator=deadline nomodeset INITRD ../initramfs-linux.img EOF -cat <<EOF >/mnt/etc/avahi/avahi-daemon.conf -[server] -browse-domains= -use-ipv4=yes -use-ipv6=yes -ratelimit-interval-usec=1000000 -ratelimit-burst=1000 - -[wide-area] -enable-wide-area=no - -[publish] - -[reflector] - -[rlimits] -rlimit-core=0 -rlimit-data=4194304 -rlimit-fsize=0 -rlimit-nofile=768 -rlimit-stack=4194304 -rlimit-nproc=3 +cat <<EOF >/mnt/etc/ssh/sshd_config +Port 22 +Protocol 2 +PermitRootLogin yes +PubkeyAuthentication yes +AuthorizedKeysFile .ssh/authorized_keys +PasswordAuthentication no +ChallengeResponseAuthentication no +UsePAM yes +GatewayPorts clientspecified +PrintMotd no # pam does that +UsePrivilegeSeparation sandbox # Default for new installations. +Ciphers aes256-ctr,aes192-ctr,aes128-ctr +Subsystem sftp internal-sftp +Match Group "ssh-password" + PasswordAuthentication yes EOF arch-chroot /mnt mkinitcpio -p linux @@ -116,7 +121,7 @@ arch-chroot /mnt passwd -d $newuser curl https://git.server-speed.net/users/flo/bin/plain/init_new_user.sh | arch-chroot /mnt sudo -u $newuser bash arch-chroot /mnt chsh -s /bin/zsh $newuser -arch-chroot /mnt systemctl enable multi-user.target sshd haveged dhcpcd avahi-daemon +arch-chroot /mnt systemctl enable multi-user.target sshd haveged dhcpcd systemd-networkd sync systemctl reboot |