diff options
author | pico.dev <pico.dev@gmail.com> | 2020-05-10 17:38:47 +0200 |
---|---|---|
committer | pico.dev <pico.dev@gmail.com> | 2020-05-10 17:38:47 +0200 |
commit | 10c1207da89a8c59880f4037d03f09699d3192d7 (patch) | |
tree | d5278cf117a900b22d3bd43ed237672e8fc8439d | |
parent | 8168e52ec15997ae90efe3f3444d218eb20867b2 (diff) |
Initial support for systemd-homed
-rw-r--r-- | alis.conf | 10 | ||||
-rw-r--r-- | alis.sh | 170 | ||||
-rw-r--r-- | packer/alis-packer-efi-ext4-luks-lvm-systemd-systemdhomed.json | 52 |
3 files changed, 146 insertions, 86 deletions
@@ -52,11 +52,11 @@ USER_PASSWORD="archlinux" # Main user password. Warning: change it! USER_PASSWORD_RETYPE="archlinux" ADDITIONAL_USERS=() # eg. ("user1=password1" "user2=password2") -#SYSTEMD_HOMED="false" -#SYSTEMD_HOMED_STORAGE="directory !fscrypt !luks !cifs !subvolume" -#SYSTEMD_HOMED_IMAGE_PATH="" -#SYSTEMD_HOMED_CIFS_DOMAIN="" -#SYSTEMD_HOMED_CIFS_SERVICE="" +SYSTEMD_HOMED="false" # (note: "true" value requires interactivity to set user password) +SYSTEMD_HOMED_STORAGE="directory !fscrypt !luks !cifs !subvolume" +SYSTEMD_HOMED_IMAGE_PATH="" +SYSTEMD_HOMED_CIFS_DOMAIN="" +SYSTEMD_HOMED_CIFS_SERVICE="" # mkinitcpio HOOKS="base !udev !usr !resume !systemd !btrfs keyboard autodetect modconf block !net !dmraid !mdadm !mdadm_udev !keymap !consolefont !sd-vconsole !encrypt !lvm2 !sd-encrypt !sd-lvm2 fsck filesystems" @@ -89,7 +89,7 @@ function sanitize_variables() { SWAP_SIZE=$(sanitize_variable "$SWAP_SIZE") KERNELS=$(sanitize_variable "$KERNELS") KERNELS_COMPRESSION=$(sanitize_variable "$KERNELS_COMPRESSION") -# SYSTEMD_HOMED_STORAGE=$(sanitize_variable "$SYSTEMD_HOMED_STORAGE") + SYSTEMD_HOMED_STORAGE=$(sanitize_variable "$SYSTEMD_HOMED_STORAGE") BOOTLOADER=$(sanitize_variable "$BOOTLOADER") DESKTOP_ENVIRONMENT=$(sanitize_variable "$DESKTOP_ENVIRONMENT") DISPLAY_DRIVER=$(sanitize_variable "$DISPLAY_DRIVER") @@ -142,18 +142,18 @@ function check_variables() { check_variables_value "USER_PASSWORD" "$USER_PASSWORD" check_variables_equals "ROOT_PASSWORD" "ROOT_PASSWORD_RETYPE" "$ROOT_PASSWORD" "$ROOT_PASSWORD_RETYPE" check_variables_equals "USER_PASSWORD" "USER_PASSWORD_RETYPE" "$USER_PASSWORD" "$USER_PASSWORD_RETYPE" -# check_variables_boolean "SYSTEMD_HOMED" "$SYSTEMD_HOMED" -# if [ "$SYSTEMD_HOMED" == "true" ]; then -# check_variables_list "SYSTEMD_HOMED_STORAGE" "$SYSTEMD_HOMED_STORAGE" "directory fscrypt luks cifs subvolume" "true" -# -# if [ "$SYSTEMD_HOMED_STORAGE" == "fscrypt" ]; then -# check_variables_list "FILE_SYSTEM_TYPE" "$FILE_SYSTEM_TYPE" "ext4 f2fs" "true" -# fi -# if [ "$SYSTEMD_HOMED_STORAGE" == "cifs" ]; then -# check_variables_value "SYSTEMD_HOMED_CIFS_DOMAIN" "$SYSTEMD_HOMED_CIFS_DOMAIN" -# check_variables_value "SYSTEMD_HOMED_CIFS_SERVICE" "$SYSTEMD_HOMED_CIFS_SERVICE" -# fi -# fi + check_variables_boolean "SYSTEMD_HOMED" "$SYSTEMD_HOMED" + if [ "$SYSTEMD_HOMED" == "true" ]; then + check_variables_list "SYSTEMD_HOMED_STORAGE" "$SYSTEMD_HOMED_STORAGE" "directory fscrypt luks cifs subvolume" "true" + + if [ "$SYSTEMD_HOMED_STORAGE" == "fscrypt" ]; then + check_variables_list "FILE_SYSTEM_TYPE" "$FILE_SYSTEM_TYPE" "ext4 f2fs" "true" + fi + if [ "$SYSTEMD_HOMED_STORAGE" == "cifs" ]; then + check_variables_value "SYSTEMD_HOMED_CIFS_DOMAIN" "$SYSTEMD_HOMED_CIFS_DOMAIN" + check_variables_value "SYSTEMD_HOMED_CIFS_SERVICE" "$SYSTEMD_HOMED_CIFS_SERVICE" + fi + fi check_variables_value "HOOKS" "$HOOKS" check_variables_list "BOOTLOADER" "$BOOTLOADER" "grub refind systemd" check_variables_list "AUR" "$AUR" "aurman yay" "false" @@ -791,7 +791,6 @@ function bootloader_refind() { arch-chroot /mnt rm /boot/refind_linux.conf arch-chroot /mnt sed -i 's/^timeout.*/timeout 5/' "$ESP_DIRECTORY/EFI/refind/refind.conf" arch-chroot /mnt sed -i 's/^#scan_all_linux_kernels.*/scan_all_linux_kernels false/' "$ESP_DIRECTORY/EFI/refind/refind.conf" - #arch-chroot /mnt sed -i 's/^#default_selection "+,bzImage,vmlinuz"/default_selection "+,bzImage,vmlinuz"/' "$ESP_DIRECTORY/EFI/refind/refind.conf" REFIND_MICROCODE="" @@ -1036,7 +1035,7 @@ EOT function users() { print_step "users()" - create_user $USER_NAME $USER_PASSWORD + create_user "$USER_NAME" "$USER_PASSWORD" for U in ${ADDITIONAL_USERS[@]}; do IFS='=' S=(${U}) @@ -1049,80 +1048,89 @@ function users() { pacman_install "xdg-user-dirs" -# if [ "$SYSTEMD_HOMED" == "true" ]; then -# cat <<EOT > "/etc/pam.d/nss-auth" -##%PAM-1.0 -# -#auth sufficient pam_unix.so try_first_pass nullok -#auth sufficient pam_systemd_home.so -#auth required pam_deny.so -# -#account sufficient pam_unix.so -#account sufficient pam_systemd_home.so -#account required pam_deny.so -# -#password sufficient pam_unix.so try_first_pass nullok sha512 shadow -#password sufficient pam_systemd_home.so -#password required pam_deny.so -#EOT -# -# cat <<EOT > "/etc/pam.d/system-auth" -##%PAM-1.0 -# -#auth substack nss-auth -#auth optional pam_permit.so -#auth required pam_env.so -# -#account substack nss-auth -#account optional pam_permit.so -#account required pam_time.so -# -#password substack nss-auth -#password optional pam_permit.so -# -#session required pam_limits.so -#session optional pam_systemd_home.so -#session required pam_unix.so -#EOT -# fi + if [ "$SYSTEMD_HOMED" == "true" ]; then + cat <<EOT > "/mnt/etc/pam.d/nss-auth" +#%PAM-1.0 + +auth sufficient pam_unix.so try_first_pass nullok +auth sufficient pam_systemd_home.so +auth required pam_deny.so + +account sufficient pam_unix.so +account sufficient pam_systemd_home.so +account required pam_deny.so + +password sufficient pam_unix.so try_first_pass nullok sha512 shadow +password sufficient pam_systemd_home.so +password required pam_deny.so +EOT + + cat <<EOT > "/mnt/etc/pam.d/system-auth" +#%PAM-1.0 + +auth substack nss-auth +auth optional pam_permit.so +auth required pam_env.so + +account substack nss-auth +account optional pam_permit.so +account required pam_time.so + +password substack nss-auth +password optional pam_permit.so + +session required pam_limits.so +session optional pam_systemd_home.so +session required pam_unix.so +session optional pam_permit.so +EOT + fi } function create_user() { USER_NAME=$1 USER_PASSWORD=$2 create_user_useradd $USER_NAME $USER_PASSWORD -# if [ "$SYSTEMD_HOMED" == "true" ]; then -# arch-chroot /mnt systemctl enable systemd-homed.service -# create_user_homectl $USER_NAME $USER_PASSWORD -# else -# create_user_useradd $USER_NAME $USER_PASSWORD -# fi + if [ "$SYSTEMD_HOMED" == "true" ]; then + arch-chroot /mnt systemctl enable systemd-homed.service +# create_user_homectl $USER_NAME $USER_PASSWORD + create_user_useradd $USER_NAME $USER_PASSWORD + else + create_user_useradd $USER_NAME $USER_PASSWORD + fi } -#function create_user_homectl() { -# USER_NAME=$1 -# USER_PASSWORD=$2 -# STORAGE="" -# CIFS_DOMAIN="" -# CIFS_USERNAME="" -# CIFS_SERVICE="" -# TZ=$(echo ${TIMEZONE} | sed "s/\/usr\/share\/zoneinfo\///g") -# L=$(echo ${LOCALE_CONF[0]} | sed "s/LANG=//g") -# -# if [ -n "$SYSTEMD_HOMED_STORAGE" ]; then -# STORAGE="--storage=$SYSTEMD_HOMED_STORAGE" -# fi -# if [ "$SYSTEMD_HOMED_STORAGE" == "cifs" ]; then -# CIFS_DOMAIN="--cifs-domain=$SYSTEMD_HOMED_CIFS_DOMAIN" -# CIFS_USERNAME="--cifs-user-name=$USER_NAME" -# CIFS_SERVICE="--cifs-service=$SYSTEMD_HOMED_CIFS_SERVICE" -# fi -# -# arch-chroot /mnt homectl --password-change-now=yes --timezone=$TZ --language=$L create $USER_NAME $STORAGE $CIFS_DOMAIN $CIFS_USERNAME $CIFS_SERVICE -G wheel,storage,optical -# #arch-chroot /mnt homectl --timezone=$TZ update $USER_NAME -# #arch-chroot /mnt homectl --language=$L update $USER_NAME -# #printf "$USER_PASSWORD\n$USER_PASSWORD" | arch-chroot /mnt homectl passwd $USER_NAME -#} +function create_user_homectl() { + USER_NAME=$1 + USER_PASSWORD=$2 + STORAGE="" + CIFS_DOMAIN="" + CIFS_USERNAME="" + CIFS_SERVICE="" + TZ=$(echo ${TIMEZONE} | sed "s/\/usr\/share\/zoneinfo\///g") + L=$(echo ${LOCALE_CONF[0]} | sed "s/LANG=//g") + IMAGE_PATH="--image-path=/mnt/home/$USER_NAME.homedir" + HOME_DIR="--home-dir=/mnt/home/$USER_NAME" + + if [ -n "$SYSTEMD_HOMED_STORAGE" ]; then + STORAGE="--storage=$SYSTEMD_HOMED_STORAGE" + fi + if [ "$SYSTEMD_HOMED_STORAGE" == "cifs" ]; then + CIFS_DOMAIN="--cifs-domain=$SYSTEMD_HOMED_CIFS_DOMAIN" + CIFS_USERNAME="--cifs-user-name=$USER_NAME" + CIFS_SERVICE="--cifs-service=$SYSTEMD_HOMED_CIFS_SERVICE" + fi + if [ "$SYSTEMD_HOMED_STORAGE" == "luks" ]; then + IMAGE_PATH="--image-path=/mnt/home/$USER_NAME.home" + fi + + ### something missing, inside alis this not works, after install the user is in state infixated + ### after install and reboot this commands works + #--no-ask-password --password-change-now=true + systemctl start systemd-homed.service + homectl create "$USER_NAME" --enforce-password-policy=no --timezone=$TZ --language=$L $STORAGE $IMAGE_PATH $CIFS_DOMAIN $CIFS_USERNAME $CIFS_SERVICE -G wheel,storage,optical + homectl activate "$USER_NAME" $HOME_DIR +} function create_user_useradd() { USER_NAME=$1 diff --git a/packer/alis-packer-efi-ext4-luks-lvm-systemd-systemdhomed.json b/packer/alis-packer-efi-ext4-luks-lvm-systemd-systemdhomed.json new file mode 100644 index 0000000..7edffe9 --- /dev/null +++ b/packer/alis-packer-efi-ext4-luks-lvm-systemd-systemdhomed.json @@ -0,0 +1,52 @@ +{ + "variables": { + "iso": "https://mirror.rackspace.com/archlinux/iso/latest/archlinux-2020.05.01-x86_64.iso", + "disk_size": "16384" + }, + "builders": [ + { + "name": "archlinux-alis-virtualbox", + "type": "virtualbox-iso", + "guest_os_type": "ArchLinux_64", + "guest_additions_mode": "attach", + "headless": false, + "http_directory": ".", + "vboxmanage": [ + ["modifyvm", "{{.Name}}", "--memory", "2048"], + ["modifyvm", "{{.Name}}", "--vram", "128"], + ["modifyvm", "{{.Name}}", "--cpus", "2"], + ["modifyvm", "{{.Name}}", "--firmware", "efi"] + ], + "disk_size": "{{user `disk_size`}}", + "hard_drive_interface": "sata", + "iso_url": "{{user `iso`}}", + "iso_checksum": "fe15ff1c688c078d035e275a4946075281f5324e", + "iso_checksum_type": "sha1", + "ssh_username": "vagrant", + "ssh_password": "vagrant", + "ssh_wait_timeout": "60m", + "boot_wait": "5s", + "boot_command": [ + "<wait30s>", + "wget http://{{.HTTPIP}}:{{.HTTPPort}}/alis.conf<enter><wait1s>", + "wget http://{{.HTTPIP}}:{{.HTTPPort}}/alis.sh<enter><wait1s>", + "sed -i \"s/FILE_SYSTEM_TYPE=.*/FILE_SYSTEM_TYPE=\\\"ext4\\\"/\" ./alis.conf<enter><wait1s>", + "sed -i \"s/LVM=.*/LVM=\\\"true\\\"/\" ./alis.conf<enter><wait1s>", + "sed -i \"s/LUKS_PASSWORD=.*/LUKS_PASSWORD=\\\"archlinux\\\"/\" ./alis.conf<enter><wait1s>", + "sed -i \"s/LUKS_PASSWORD_RETYPE=.*/LUKS_PASSWORD_RETYPE=\\\"archlinux\\\"/\" ./alis.conf<enter><wait1s>", + "sed -i \"s/SYSTEMD_HOMED=.*/SYSTEMD_HOMED=\\\"true\\\"/\" ./alis.conf<enter><wait1s>", + "sed -i \"s/BOOTLOADER=.*/BOOTLOADER=\\\"systemd\\\"/\" ./alis.conf<enter><wait1s>", + "chmod +x ./alis.sh<enter><wait1s>", + "./alis.sh<enter><wait3>y<wait1s><enter>", + "<wait10s><wait10s><wait10s><wait10s><wait10s><wait10s><wait10s><wait60m>" + ], + "shutdown_command": "systemctl poweroff" + } + ], + "post-processors": [ + { + "type": "vagrant", + "output": "archlinux-alis-{{.BuildName}}.box" + } + ] + }
\ No newline at end of file |