summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xcreate-new-vm.sh14
-rw-r--r--setup-arch-vm57
2 files changed, 36 insertions, 35 deletions
diff --git a/create-new-vm.sh b/create-new-vm.sh
index dd4a4ed..8e51a15 100755
--- a/create-new-vm.sh
+++ b/create-new-vm.sh
@@ -9,6 +9,11 @@ TMPDIR="`mktemp -d "/tmp/fb-client-up.XXXXXX"`"
trap "rm -rf '${TMPDIR}'" EXIT TERM
cd "$TMPDIR"
+if [[ ! -f /srv/http/vms/network/$name ]]; then
+ echo "Missing vm network definition /srv/http/vms/network/$name" >&2
+ exit 1
+fi
+
cat <<EOF >vm.xml
<domain type='kvm'>
<name>$name</name>
@@ -36,25 +41,19 @@ cat <<EOF >vm.xml
<driver name='qemu' type='qcow2'/>
<source file='/mnt/data/libvirt/storage/${name}.img'/>
<target dev='vda' bus='virtio'/>
- <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</disk>
<controller type='usb' index='0'>
- <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pci-root'/>
<controller type='ide' index='0'>
- <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<controller type='scsi' index='0'>
- <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</controller>
<controller type='scsi' index='1' model='virtio-scsi'>
- <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
</controller>
<interface type='network'>
<source network='mynet'/>
<model type='virtio'/>
- <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<serial type='pty'>
<target port='0'/>
@@ -65,14 +64,11 @@ cat <<EOF >vm.xml
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='-1' autoport='yes'/>
<sound model='ich6'>
- <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</sound>
<video>
<model type='cirrus' vram='9216' heads='1'/>
- <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<memballoon model='virtio'>
- <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</memballoon>
</devices>
</domain>
diff --git a/setup-arch-vm b/setup-arch-vm
index 4444591..fbf3be1 100644
--- a/setup-arch-vm
+++ b/setup-arch-vm
@@ -42,12 +42,22 @@ cat <<EOF >/etc/pacman.d/mirrorlist
Server = http://mirror.server-speed.net/\$repo/os/\$arch
EOF
-pacstrap /mnt base syslinux sudo openssh haveged htop git zsh screen dnsutils vim net-tools avahi
+pacstrap /mnt base syslinux sudo openssh haveged htop git zsh screen dnsutils vim net-tools
genfstab -p /mnt >> /mnt/etc/fstab
mymac=$(ip addr show dev eth0 | sed -rn 's#^\s+link/ether ([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}).*$#\1#p')
get_url "http://$server/hostnames/$mymac" "archvm" > /mnt/etc/hostname
+hostname=$(cat /mnt/etc/hostname)
+
+cat << EOF >/mnt/etc/systemd/network/10-static-ethernet.network
+[Match]
+Name=e*
+
+[Network]
+$(get_url "http://$server/network/$hostname")
+EOF
+
ln -s /usr/share/zoneinfo/Europe/Athens /mnt/etc/localtime
echo "en_US.UTF-8 UTF-8" > /mnt/etc/locale.gen
arch-chroot /mnt locale-gen
@@ -62,37 +72,32 @@ cat <<EOF >/mnt/boot/syslinux/syslinux.cfg
serial 0 115200
DEFAULT arch
PROMPT 0
-TIMEOUT 50
+TIMEOUT 30
+UI menu.c32
LABEL arch
MENU LABEL Arch Linux
LINUX ../vmlinuz-linux
- APPEND root=${disk}1 rw logo.nologo elevator=deadline console=tty0 console=ttyS0 nomodeset
+ APPEND root=${disk}1 rw logo.nologo elevator=deadline nomodeset
INITRD ../initramfs-linux.img
EOF
-cat <<EOF >/mnt/etc/avahi/avahi-daemon.conf
-[server]
-browse-domains=
-use-ipv4=yes
-use-ipv6=yes
-ratelimit-interval-usec=1000000
-ratelimit-burst=1000
-
-[wide-area]
-enable-wide-area=no
-
-[publish]
-
-[reflector]
-
-[rlimits]
-rlimit-core=0
-rlimit-data=4194304
-rlimit-fsize=0
-rlimit-nofile=768
-rlimit-stack=4194304
-rlimit-nproc=3
+cat <<EOF >/mnt/etc/ssh/sshd_config
+Port 22
+Protocol 2
+PermitRootLogin yes
+PubkeyAuthentication yes
+AuthorizedKeysFile .ssh/authorized_keys
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+UsePAM yes
+GatewayPorts clientspecified
+PrintMotd no # pam does that
+UsePrivilegeSeparation sandbox # Default for new installations.
+Ciphers aes256-ctr,aes192-ctr,aes128-ctr
+Subsystem sftp internal-sftp
+Match Group "ssh-password"
+ PasswordAuthentication yes
EOF
arch-chroot /mnt mkinitcpio -p linux
@@ -116,7 +121,7 @@ arch-chroot /mnt passwd -d $newuser
curl https://git.server-speed.net/users/flo/bin/plain/init_new_user.sh | arch-chroot /mnt sudo -u $newuser bash
arch-chroot /mnt chsh -s /bin/zsh $newuser
-arch-chroot /mnt systemctl enable multi-user.target sshd haveged dhcpcd avahi-daemon
+arch-chroot /mnt systemctl enable multi-user.target sshd haveged dhcpcd systemd-networkd
sync
systemctl reboot