#!/bin/sh # Make swap file and set vm.swappiness. # mkswap needs to be given the full path to the swap file including the # root file system's mount point, or else this false error happens: # mkswap: error: /var/swap is mounted; will not make swapspace fallocate -l 4GiB "${target}/var/swap" || return 1 # TODO: Increase chmod 0600 "${target}/var/swap" || return 1 mkswap "${target}/var/swap" || return 1 printf 'vm.swappiness = 10\n' >"${target}/etc/sysctl.d/vm-swappiness.conf" # Hibernation. root="UUID=$(blkid -o value -s UUID "${dev}1")" offset="$(in_target filefrag -v /var/swap | sed -n ' /physical_offset:/{ n; s/^[ 0-9.]*:[ 0-9.]*: *\([0-9][0-9]*\)...*$/\1/; p; q; };')" cmdline="quiet iommu=pt resume=${root} resume_offset=${offset}" # TODO: cmdline="${cmdline} nouveau.config=NvBios=vbios.rom" cp -p "${target}/etc/default/grub" "${target}/etc/default/grub.dist" sed 's|^\(GRUB_CMDLINE_LINUX_DEFAULT\)=.*$|\1="'"${cmdline}"'"|;' \ "${target}/etc/default/grub.dist" >"${target}/etc/default/grub" # Disable ast and snd_hda_intel Linux driver modules. cat >"${target}/etc/modprobe.d/ast.conf" <<-EOF blacklist ast EOF cat >"${target}/etc/modprobe.d/alsa.conf" <<-EOF blacklist snd_hda_intel EOF # Set up sensors and fancontrol. Ensure that k10temp and fam15h_power are # loaded in a predictable order. Also load i2c-dev, needed for ddcutil. cat >"${target}/etc/modprobe.d/sensors.conf" <<-EOF blacklist k10temp blacklist fam15h_power EOF cat >"${target}/etc/modules" <<-EOF k10temp fam15h_power w83627ehf w83795 i2c-dev EOF cat >"${target}/etc/fancontrol" <<-EOF # Configuration file generated by pwmconfig, changes will be lost INTERVAL=5 DEVPATH=hwmon1=devices/pci0000:00/0000:00:18.3 hwmon4=devices/pci0000:00/0000:00:14.0/i2c-1/1-002f DEVNAME=hwmon1=k10temp hwmon4=w83795g FCTEMPS=hwmon4/device/pwm1=hwmon1/temp1_input FCFANS= hwmon4/device/pwm1=hwmon4/device/fan1_input MINTEMP=hwmon4/device/pwm1=30 MAXTEMP=hwmon4/device/pwm1=60 MINSTART=hwmon4/device/pwm1=150 MINSTOP=hwmon4/device/pwm1=0 EOF # Turn on numlock on the VTs. cat >"${target}/etc/rc.local" <<'EOF' #!/bin/sh -e for tty in /dev/tty[1-6]; do /usr/bin/setleds -D +num 0<"${tty}" done EOF # Disable mpd service. in_target update-rc.d mpd disable # Install backported packages. in_target apt-get -q -y install kicad/stretch-backports || return 1 in_target apt-get -q -y install tor/stretch-backports torsocks || return 1 in_target apt-get -q -y -t stretch-backports install debhelper || return 1 # Install diffoscope (needs "--no-install-recommends") and related packages. in_target apt-get -q -y --no-install-recommends install diffoscope \ jsbeautifier trydiffoscope # Set default x-www-browser. in_target update-alternatives --set x-www-browser /usr/bin/midori # Purge systemd. in_target apt-get -q -y purge libpam-systemd systemd || return 1 in_target apt-get -q -y --purge autoremove || return 1 # Remove packages from APT cache. in_target apt-get clean || return 1 # Install GRUB. in_target update-grub in_target grub-install "${dev}" # Update initramfs. in_target update-initramfs -u # Configure X. cat >"${target}/etc/X11/xorg.conf" <"${target}/etc/sudoers.d/sudo" # Add udev rule for USBtinyISP(-compatible) programmers. cat >"${target}/etc/udev/rules.d/10-usbtinyisp.rules" <<-EOF SUBSYSTEM=="usb", ATTR{idVendor}=="1781", ATTR{idProduct}=="0c9f", MODE="0660", GROUP="adm" EOF # Add udev rule for CH341A-based programmers. cat >"${target}/etc/udev/rules.d/10-ch341a.rules" <<-EOF SUBSYSTEM=="usb", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="5512", MODE="0666" EOF # Install Vertex themes. in_target apt-get -q -y install gnome-themes-standard gtk2-engines-murrine \ libgtk-3-dev in_target sudo -u pj sh <<-EOF set -e git clone https://github.com/horst3180/vertex-theme \ /home/pj/src/vertex-theme/ cd /home/pj/src/vertex-theme/ ./autogen.sh ln -s /usr/local/share/themes/ /home/pj/.themes EOF [ ${?} -ne 0 ] && return 1 in_target sh <<-EOF cd /home/pj/src/vertex-theme/ set -e make install EOF [ ${?} -ne 0 ] && return 1 # Install skippy-xd. in_target sudo -u pj sh <<-EOF set -e git clone https://github.com/richardgv/skippy-xd \ /home/pj/src/skippy-xd/ cd /home/pj/src/skippy-xd/ make EOF [ ${?} -ne 0 ] && return 1 in_target sh <<-EOF set -e cd /home/pj/src/skippy-xd/ make PREFIX=/usr/local install EOF [ ${?} -ne 0 ] && return 1 # Install fbpanel patched to set _NET_WM_STATE_SKIP_TASKBAR and # _NET_WM_STATE_SKIP_PAGER. in_target wget 'http://www.pehjota.net/~pj/fbpanel/fbpanel_7.0-3.1_amd64.deb' printf '%s %s\n' \ '65d78c522f6df5f7b378a8e2520f4ab4f9c4c34d20da00820973e915f95393d0' \ 'fbpanel_7.0-3.1_amd64.deb' | in_target sha256sum -c in_target dpkg -i 'fbpanel_7.0-3.1_amd64.deb' in_target rm -f 'fbpanel_7.0-3.1_amd64.deb' # Install inkscape patched to match document size against known paper sizes. in_target wget \ 'http://www.pehjota.net/~pj/inkscape/inkscape_0.92.3-1~bpo9+1_amd64.deb' printf '%s %s\n' \ '1742aeef4a878714a05fbd85451fd65982b88da109ea01fe5cb94100b90f723f' \ 'inkscape_0.92.3-1~bpo9+1_amd64.deb' | in_target sha256sum -c in_target dpkg -i 'inkscape_0.92.3-1~bpo9+1_amd64.deb' in_target rm -f 'inkscape_0.92.3-1~bpo9+1_amd64.deb' # Install ssic. in_target wget 'http://www.pehjota.net/~pj/ssic/ssic_1.0.0-1_all.deb' printf '%s %s\n' \ '324ef3522f932e20be28f3f9fa8f3b1cad01a4739863be3d97fe7ceffaa1b2b4' \ 'ssic_1.0.0-1_all.deb' | in_target sha256sum -c in_target dpkg -i 'ssic_1.0.0-1_all.deb' in_target rm -f 'ssic_1.0.0-1_all.deb' # Convert wallpaper. wp_dir='/usr/share/desktop-base/softwaves-theme/wallpaper/contents/images' in_target sudo -u pj sh <<-EOF rsvg-convert '${wp_dir}/1280x1024.svg' >'/home/pj/.wallpaper' EOF # Use temporary configuation SSH key. install -d -o 1000 -g 1000 -m 0700 "${target}/home/pj/.ssh" || return 1 cat >"${target}/home/pj/.ssh/id_rsa" <<-EOF -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCzAF0zqeS2X0TuVOIxqMec3lMzZy/MHQswPP+BQkmc2D3YVb2x px1YAAweQnfZ27pGJkDztStOtMQJeaOsnAVdm2NSe+hEdaKAOxf9p6t+F930HM/w 1wkm1ddlsnCaaCipzGVOM77Q/brEItWvuq8G0+/fgN1o4pZzl4Bub/4D4QIDAQAB AoGAS+wKnAAiXuv3m7LrIa75w2JVHcdVcZicB0DICnYoLNtXF+v+AlzkSE/009zT YtccoeZVxEiCbuajA3XRY0PlzgGHTbsGn1BWqI9cjdXTiotnjzOH8zr3JiMZMWwf hqwbtleP+yruNPHMxQ8dKVXv875NKJW+aArmQWtjeMOy/vECQQDdsvPJ4bUu8M7/ MXqGtz8CJbrRp+ZMKUw0WuwSwTfHRs/Jp27mWf5+t/u+RN8WK/RRD8FHvz4azLhr sNUFiE69AkEAzrI/DFBFOM5mUECujs2UvCCeWZiAi9QoJ7kDrrAkcG+hMalpNUU3 SUZ76stBUk3hZNpc82aq0a0o8ac0VrBd9QJAB3nbYrlrxLN2J4Dhot1XEJl5HUzO JU9XNITEZTWCzgODSkeNI9NxE5DcumPUKgk9aeZgHC1EyN6ScX87D76y+QJAL8DE ii69X1toDeBzs7BRTYlnrCFsiWGRiWPYMvKk6IkRv6x5DwKXvEkZdexRghdWHHvK f71Xd6u+yt2rXN/QRQJBALv6SwbokdXp5qKJV48QG452dSOT7FQEINnCsIeNUKP6 9YyaZxqLia6pEbEKTSRdztXaMqRsrmOG8E084sFg8DQ= -----END RSA PRIVATE KEY----- EOF in_target chown pj:pj '/home/pj/.ssh/id_rsa' in_target chmod 0600 '/home/pj/.ssh/id_rsa' # Set up SSH known hosts. cat >"${target}/home/pj/.ssh/known_hosts" <<-EOF |1|fypb7kn7NH0fqHGj9Xs/rdpO71s=|SCtg2BdMNB9zL5bAPYkJy1uiNSM= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXcG5BuZi4947D9WqY1L6CzaH4Qjw7YA7Dja+09y0nZjLVDd1saZCPkTjo1PEHxVCvSHvc0VmRqIZ2wUGtuqIlgGPMphCPAtdHN63YcNXqIhjEygLsaSZgy1Qz33YQF+YSANbeZQ4vnqiYr3C1IA7Cw4km/0s1BvP3t9yJf/iYODZqjVqUhqB4hzXJcBZHrgnM4LmPD4NH81fCqpwfRviNQNFAqd/aT1YTvgdn46HTVz7dV8ahW6SLXBTJZvO9dLAAKOPPZwuluaRphBqjPLC83zsihQ884SAH+AKcpN1ne73UZUuA1Gyk3HW+a/ngbzm1nmoeC0Sm1nNlTvC4WrLD |1|z7it+otnWcn/98YKdeaBCXl+ug8=|NFRpdQZBMTAuWbUDAqXLptFR5Ao= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXcG5BuZi4947D9WqY1L6CzaH4Qjw7YA7Dja+09y0nZjLVDd1saZCPkTjo1PEHxVCvSHvc0VmRqIZ2wUGtuqIlgGPMphCPAtdHN63YcNXqIhjEygLsaSZgy1Qz33YQF+YSANbeZQ4vnqiYr3C1IA7Cw4km/0s1BvP3t9yJf/iYODZqjVqUhqB4hzXJcBZHrgnM4LmPD4NH81fCqpwfRviNQNFAqd/aT1YTvgdn46HTVz7dV8ahW6SLXBTJZvO9dLAAKOPPZwuluaRphBqjPLC83zsihQ884SAH+AKcpN1ne73UZUuA1Gyk3HW+a/ngbzm1nmoeC0Sm1nNlTvC4WrLD EOF in_target chown pj:pj '/home/pj/.ssh/known_hosts' in_target chmod 0600 '/home/pj/.ssh/known_hosts' # Bootstrap vcsh and mr. rm -f "${target}/home/pj/.profile" "${target}/home/pj/.bashrc" \ "${target}/home/pj/.bash_logout" in_target sudo -u pj vcsh clone ssh://git@git.pehjota.net/dotfiles/mr.git mr \ || return 1 in_target sudo -u pj mr update || return 1 in_target sudo -u pj /home/pj/bin/dfen anacron claws-mail clipit fluxbox \ gpicview gimp gtk icecat keychain kicad midori mpd mpv offlineimap \ partsdb-backup redshift xdg-user-dirs xfce4-terminal xscreensaver # Create XDG directories. sed 's/#.*$//; /^$/d;' "${target}/home/pj/.config/user-dirs.dirs" | \ while IFS='=' read var val; do in_target sudo -u pj sh -c "HOME='/home/pj'; mkdir \"${val}\"" done # Add empty folder list to prevent Claws Mail wizard from running. cat >"${target}/home/pj/.claws-mail/folderlist.xml" <<-EOF EOF in_target chown pj:pj '/home/pj/.claws-mail/folderlist.xml' # Install master crontab and any dotfile crontabs. in_target sudo -u pj sh -c 'mkdir ~/.config/cron ~/.config/cron.reboot' cat >"${target}/home/pj/.config/cron/CRONTAB" <<-EOF SHELL = /bin/sh PATH = /home/pj/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games # d m d # o o o #m h m n w command @reboot run-parts --report ~/.config/cron.reboot 0 * * * * run-parts --list ~/.config/cron | xargs cat | crontab - EOF in_target chown pj:pj '/home/pj/.config/cron/CRONTAB' in_target sudo -u pj sh -c \ 'run-parts --list ~/.config/cron | xargs cat | crontab -' # Generate target's SSH keypair. rm -f "${target}/home/pj/.ssh/id_rsa" "${target}/home/pj/.ssh/id_rsa.pub" || \ return 1 install -o 1000 -g 1000 -m 0600 '/home/pj/.ssh/id_rsa' \ "${target}/home/pj/.ssh/id_rsa" || return 1 install -o 1000 -g 1000 -m 0600 '/home/pj/.ssh/id_rsa.pub' \ "${target}/home/pj/.ssh/id_rsa.pub" || return 1 #in_target ssh-keygen -b 4096 -C pj@alsvid200 -t rsa -f /home/pj/.ssh/id_rsa \ #