summaryrefslogtreecommitdiffstats
path: root/hosts/alsvid2/postinst
blob: 89858df79fff12f91ee8939f178ccae10f9a6cb6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
#!/bin/sh

# Make swap file and set vm.swappiness.
# mkswap needs to be given the full path to the swap file including the
# root file system's mount point, or else this false error happens:
#   mkswap: error: /var/swap is mounted; will not make swapspace
fallocate -l 12GiB "${target}/var/swap" || return 1
chmod 0600 "${target}/var/swap" || return 1
mkswap "${target}/var/swap" || return 1
printf 'vm.swappiness = 10\n' >"${target}/etc/sysctl.d/vm-swappiness.conf"

# Hibernation.
mkdir -p "${target}/boot/grub/" || return 1
root="UUID=$(blkid -o value -s UUID "${dev}1")"
offset="$(in_target filefrag -v /var/swap | sed -n '
	/physical_offset:/{
		n;
		s/^[ 0-9.]*:[ 0-9.]*: *\([0-9][0-9]*\)...*$/\1/;
		p;
		q;
	};')"
cmdline="root=${root} ro quiet resume=${root} resume_offset=${offset}"
cat >"${target}/boot/grub/libreboot_grub.cfg" <<-EOF
	set root=(ahci0,msdos1)
	linux /vmlinuz ${cmdline}
	initrd /initrd.img
	boot
	EOF

# Disable mpd service.
in_target update-rc.d mpd disable

# Add "deb-src" line and backports.
cat >"${target}/etc/apt/sources.list" <<-EOF
	deb http://httpredir.debian.org/debian jessie main
	deb-src http://httpredir.debian.org/debian jessie main
	EOF
cat >"${target}/etc/apt/sources.list.d/jessie-backports.list" <<-EOF
	deb http://httpredir.debian.org/debian jessie-backports main
	deb-src http://httpredir.debian.org/debian jessie-backports main
	EOF
cat >"${target}/etc/apt/sources.list.d/jessie-security.list" <<-EOF
	deb http://security.debian.org/debian-security jessie/updates main
	deb-src http://security.debian.org/debian-security jessie/updates main
	EOF
in_target apt-get update || return 1
in_target apt-get -q -y install midori || return 1
in_target apt-get -q -y install youtube-dl/jessie-backports || return 1
in_target apt-get -q -y install kicad/jessie-backports || return 1
in_target apt-get -q -y install tor/jessie-backports torsocks/jessie-backports \
	|| return 1

# Set default x-www-browser.
in_target update-alternatives --set x-www-browser /usr/bin/midori

# Purge systemd.
in_target apt-get -q -y purge libpam-systemd systemd || return 1
in_target apt-get -q -y --purge autoremove || return 1

# Remove packages from APT cache.
in_target apt-get clean || return 1

# Add user to groups created by postinst_pkgs.
in_target adduser pj scanner || return 1
in_target adduser pj wireshark || return 1
in_target adduser pj sbuild || return 1

# Add udev rule for USBtinyISP(-compatible) programmers.
cat >"${target}/etc/udev/rules.d/10-usbtinyisp.rules" <<-EOF
	SUBSYSTEM=="usb", ATTR{idVendor}=="1781", ATTR{idProduct}=="0c9f", MODE="0660", GROUP="adm"
	EOF

# Add udev rule for CH341A-based programmers.
cat >"${target}/etc/udev/rules.d/10-ch341a.rules" <<-EOF
	SUBSYSTEM=="usb", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="5512", MODE="0666"
	EOF

# Install Vertex themes.
in_target apt-get -q -y install gnome-themes-standard gtk2-engines-murrine \
	libgtk-3-dev
in_target sudo -u pj sh <<-EOF
	set -e
	git clone https://github.com/horst3180/vertex-theme \
		/home/pj/src/vertex-theme/
	cd /home/pj/src/vertex-theme/
	./autogen.sh --prefix=/home/pj/.local
	make install
	ln -s .local/share/themes/ /home/pj/.themes
	EOF
[ ${?} -ne 0 ] && return 1

# Download wallpaper.
in_target sudo -u pj wget -O /home/pj/.wallpaper \
	http://product-files.libiquity.com/taurinus/boot-splash/x200/background.png

# Use temporary configuation SSH key.
install -d -o 1000 -g 1000 -m 0700 "${target}/home/pj/.ssh" || return 1
cat >"${target}/home/pj/.ssh/id_rsa" <<-EOF
	-----BEGIN RSA PRIVATE KEY-----
	MIICXAIBAAKBgQCzAF0zqeS2X0TuVOIxqMec3lMzZy/MHQswPP+BQkmc2D3YVb2x
	px1YAAweQnfZ27pGJkDztStOtMQJeaOsnAVdm2NSe+hEdaKAOxf9p6t+F930HM/w
	1wkm1ddlsnCaaCipzGVOM77Q/brEItWvuq8G0+/fgN1o4pZzl4Bub/4D4QIDAQAB
	AoGAS+wKnAAiXuv3m7LrIa75w2JVHcdVcZicB0DICnYoLNtXF+v+AlzkSE/009zT
	YtccoeZVxEiCbuajA3XRY0PlzgGHTbsGn1BWqI9cjdXTiotnjzOH8zr3JiMZMWwf
	hqwbtleP+yruNPHMxQ8dKVXv875NKJW+aArmQWtjeMOy/vECQQDdsvPJ4bUu8M7/
	MXqGtz8CJbrRp+ZMKUw0WuwSwTfHRs/Jp27mWf5+t/u+RN8WK/RRD8FHvz4azLhr
	sNUFiE69AkEAzrI/DFBFOM5mUECujs2UvCCeWZiAi9QoJ7kDrrAkcG+hMalpNUU3
	SUZ76stBUk3hZNpc82aq0a0o8ac0VrBd9QJAB3nbYrlrxLN2J4Dhot1XEJl5HUzO
	JU9XNITEZTWCzgODSkeNI9NxE5DcumPUKgk9aeZgHC1EyN6ScX87D76y+QJAL8DE
	ii69X1toDeBzs7BRTYlnrCFsiWGRiWPYMvKk6IkRv6x5DwKXvEkZdexRghdWHHvK
	f71Xd6u+yt2rXN/QRQJBALv6SwbokdXp5qKJV48QG452dSOT7FQEINnCsIeNUKP6
	9YyaZxqLia6pEbEKTSRdztXaMqRsrmOG8E084sFg8DQ=
	-----END RSA PRIVATE KEY-----
	EOF
in_target chown pj:pj '/home/pj/.ssh/id_rsa'
in_target chmod 0600 '/home/pj/.ssh/id_rsa'

# Set up SSH known hosts.
cat >"${target}/home/pj/.ssh/known_hosts" <<-EOF
	|1|fypb7kn7NH0fqHGj9Xs/rdpO71s=|SCtg2BdMNB9zL5bAPYkJy1uiNSM= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXcG5BuZi4947D9WqY1L6CzaH4Qjw7YA7Dja+09y0nZjLVDd1saZCPkTjo1PEHxVCvSHvc0VmRqIZ2wUGtuqIlgGPMphCPAtdHN63YcNXqIhjEygLsaSZgy1Qz33YQF+YSANbeZQ4vnqiYr3C1IA7Cw4km/0s1BvP3t9yJf/iYODZqjVqUhqB4hzXJcBZHrgnM4LmPD4NH81fCqpwfRviNQNFAqd/aT1YTvgdn46HTVz7dV8ahW6SLXBTJZvO9dLAAKOPPZwuluaRphBqjPLC83zsihQ884SAH+AKcpN1ne73UZUuA1Gyk3HW+a/ngbzm1nmoeC0Sm1nNlTvC4WrLD
	|1|z7it+otnWcn/98YKdeaBCXl+ug8=|NFRpdQZBMTAuWbUDAqXLptFR5Ao= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXcG5BuZi4947D9WqY1L6CzaH4Qjw7YA7Dja+09y0nZjLVDd1saZCPkTjo1PEHxVCvSHvc0VmRqIZ2wUGtuqIlgGPMphCPAtdHN63YcNXqIhjEygLsaSZgy1Qz33YQF+YSANbeZQ4vnqiYr3C1IA7Cw4km/0s1BvP3t9yJf/iYODZqjVqUhqB4hzXJcBZHrgnM4LmPD4NH81fCqpwfRviNQNFAqd/aT1YTvgdn46HTVz7dV8ahW6SLXBTJZvO9dLAAKOPPZwuluaRphBqjPLC83zsihQ884SAH+AKcpN1ne73UZUuA1Gyk3HW+a/ngbzm1nmoeC0Sm1nNlTvC4WrLD
	EOF
in_target chown pj:pj '/home/pj/.ssh/known_hosts'
in_target chmod 0600 '/home/pj/.ssh/known_hosts'

# Bootstrap vcsh and mr.
rm -f "${target}/home/pj/.profile" "${target}/home/pj/.bashrc" \
	"${target}/home/pj/.bash_logout"
in_target sudo -u pj vcsh clone ssh://git@git.pehjota.net/dotfiles/mr.git mr \
	|| return 1
in_target sudo -u pj mr update || return 1
in_target sudo -u pj /home/pj/bin/dfen claws-mail clipit fluxbox gpicview gimp \
	gtk kicad midori mpd mpv redshift roxterm xdg-user-dirs xscreensaver

# Create XDG directories.
sed 's/#.*$//; /^$/d;' "${target}/home/pj/.config/user-dirs.dirs" | \
	while IFS='=' read var val; do
		HOME='/home/pj'
		eval "mkdir '${target}/'${val}"
	done

# Add empty folder list to prevent Claws Mail wizard from running.
cat >"${target}/home/pj/.claws-mail/folderlist.xml" <<-EOF
	<?xml version="1.0" encoding="UTF-8"?>
	<folderlist>
	    <folder type="imap" sort="0" collapsed="0" account_id="1" name="pj@pehjota.net">
	    </folder>
	    <folder type="imap" sort="0" collapsed="0" account_id="2" name="patrick.mcdermott@libiquity.com">
	    </folder>
	</folderlist>
	EOF

# Generate target's SSH keypair.
rm -f "${target}/home/pj/.ssh/id_rsa" "${target}/home/pj/.ssh/id_rsa.pub" || \
	return 1
install -o 1000 -g 1000 -m 0600 '/home/pj/.ssh/id_rsa' \
	"${target}/home/pj/.ssh/id_rsa" || return 1
install -o 1000 -g 1000 -m 0600 '/home/pj/.ssh/id_rsa.pub' \
	"${target}/home/pj/.ssh/id_rsa.pub" || return 1
#in_target ssh-keygen -b 4096 -C pj@alsvid200 -t rsa -f /home/pj/.ssh/id_rsa \
#	</dev/null || return 1
#cp "${target}/home/pj/.ssh/id_rsa.pub" 'pj@alsvid200.pub' || return 1

return 0