From fd48e4001be8f0094abeda644dad900fd93127fc Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Wed, 12 Mar 2014 15:09:01 +0100 Subject: vm setup: misc changes Signed-off-by: Florian Pritz --- setup-arch-vm | 57 +++++++++++++++++++++++++++++++-------------------------- 1 file changed, 31 insertions(+), 26 deletions(-) (limited to 'setup-arch-vm') diff --git a/setup-arch-vm b/setup-arch-vm index 4444591..fbf3be1 100644 --- a/setup-arch-vm +++ b/setup-arch-vm @@ -42,12 +42,22 @@ cat </etc/pacman.d/mirrorlist Server = http://mirror.server-speed.net/\$repo/os/\$arch EOF -pacstrap /mnt base syslinux sudo openssh haveged htop git zsh screen dnsutils vim net-tools avahi +pacstrap /mnt base syslinux sudo openssh haveged htop git zsh screen dnsutils vim net-tools genfstab -p /mnt >> /mnt/etc/fstab mymac=$(ip addr show dev eth0 | sed -rn 's#^\s+link/ether ([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}).*$#\1#p') get_url "http://$server/hostnames/$mymac" "archvm" > /mnt/etc/hostname +hostname=$(cat /mnt/etc/hostname) + +cat << EOF >/mnt/etc/systemd/network/10-static-ethernet.network +[Match] +Name=e* + +[Network] +$(get_url "http://$server/network/$hostname") +EOF + ln -s /usr/share/zoneinfo/Europe/Athens /mnt/etc/localtime echo "en_US.UTF-8 UTF-8" > /mnt/etc/locale.gen arch-chroot /mnt locale-gen @@ -62,37 +72,32 @@ cat </mnt/boot/syslinux/syslinux.cfg serial 0 115200 DEFAULT arch PROMPT 0 -TIMEOUT 50 +TIMEOUT 30 +UI menu.c32 LABEL arch MENU LABEL Arch Linux LINUX ../vmlinuz-linux - APPEND root=${disk}1 rw logo.nologo elevator=deadline console=tty0 console=ttyS0 nomodeset + APPEND root=${disk}1 rw logo.nologo elevator=deadline nomodeset INITRD ../initramfs-linux.img EOF -cat </mnt/etc/avahi/avahi-daemon.conf -[server] -browse-domains= -use-ipv4=yes -use-ipv6=yes -ratelimit-interval-usec=1000000 -ratelimit-burst=1000 - -[wide-area] -enable-wide-area=no - -[publish] - -[reflector] - -[rlimits] -rlimit-core=0 -rlimit-data=4194304 -rlimit-fsize=0 -rlimit-nofile=768 -rlimit-stack=4194304 -rlimit-nproc=3 +cat </mnt/etc/ssh/sshd_config +Port 22 +Protocol 2 +PermitRootLogin yes +PubkeyAuthentication yes +AuthorizedKeysFile .ssh/authorized_keys +PasswordAuthentication no +ChallengeResponseAuthentication no +UsePAM yes +GatewayPorts clientspecified +PrintMotd no # pam does that +UsePrivilegeSeparation sandbox # Default for new installations. +Ciphers aes256-ctr,aes192-ctr,aes128-ctr +Subsystem sftp internal-sftp +Match Group "ssh-password" + PasswordAuthentication yes EOF arch-chroot /mnt mkinitcpio -p linux @@ -116,7 +121,7 @@ arch-chroot /mnt passwd -d $newuser curl https://git.server-speed.net/users/flo/bin/plain/init_new_user.sh | arch-chroot /mnt sudo -u $newuser bash arch-chroot /mnt chsh -s /bin/zsh $newuser -arch-chroot /mnt systemctl enable multi-user.target sshd haveged dhcpcd avahi-daemon +arch-chroot /mnt systemctl enable multi-user.target sshd haveged dhcpcd systemd-networkd sync systemctl reboot -- cgit v1.2.3-24-g4f1b