diff --git a/vm.sh b/vm.sh index e839032..f1ab4ea 100755 --- a/vm.sh +++ b/vm.sh @@ -14,8 +14,8 @@ echo # Set up repositories cat </etc/apk/repositories -http://dl-cdn.alpinelinux.org/alpine/v3.13/main -http://dl-cdn.alpinelinux.org/alpine/v3.13/community +http://dl-cdn.alpinelinux.org/alpine/v3.15/main +http://dl-cdn.alpinelinux.org/alpine/v3.15/community EOF # Install disk management tools @@ -35,10 +35,6 @@ p 2 -t -2 -8e -w EOF # Set up partition encryption @@ -72,12 +68,8 @@ UUID=${BOOT_UUID} /boot ext4 rw,noatime,data=ordered 0 2 EOF echo "system UUID=${CRYPT_UUID} none luks" >/mnt/etc/crypttab -# Rebuild initfs -sed -i 's/lvm/lvm cryptsetup/' /mnt/etc/mkinitfs/mkinitfs.conf -mkinitfs -c /mnt/etc/mkinitfs/mkinitfs.conf -b /mnt $(ls /mnt/lib/modules) - # Update extlinux (ignore the errors) -sed -i "s/rootfstype=ext4/rootfstype=ext4 cryptroot=UUID=${CRYPT_UUID} cryptdm=system/" /mnt/etc/update-extlinux.conf +sed -i "s/crypdm=root/cryptdm=system/" /mnt/etc/update-extlinux.conf chroot /mnt update-extlinux sed -i 's/overwrite=1/overwrite=0/' /mnt/etc/update-extlinux.conf @@ -89,11 +81,16 @@ apk --no-cache add apache2-utils gettext wget https://repo.spotter.cz/vm.tar.gz -O - | tar xzf - -C /mnt envsubst /mnt/boot/extlinux.conf.new mv /mnt/boot/extlinux.conf.new /mnt/boot/extlinux.conf -chroot /mnt apk --no-cache add ca-certificates curl e2fsprogs-extra gettext iptables kbd-misc logrotate postfix nginx openssh-server openssh-sftp-server util-linux podman@edgecommunity spoc@spotter vmmgr@spotter +chroot /mnt apk --no-cache add ca-certificates curl e2fsprogs-extra gettext kbd-misc logrotate postfix nginx openssh-server openssh-sftp-server util-linux podman spoc@spotter vmmgr@spotter chroot /mnt newaliases -for SERVICE in consolefont crond iptables networking nginx ntpd podman postfix spoc swap urandom vmmgr; do + +# Enable services +for SERVICE in cgroups consolefont crond networking nginx ntpd postfix spoc swap urandom vmmgr; do ln -s /etc/init.d/${SERVICE} /mnt/etc/runlevels/boot done + +# Configure spoc and vmmgr +chroot /mnt adduser -D spoc ADMINPWD=$(htpasswd -bnBC 10 '' "${ENCPWD}" | tr -d ':\n' | sed 's/$2y/$2b/') envsubst /mnt/etc/vmmgr/config.json.new mv /mnt/etc/vmmgr/config.json.new /mnt/etc/vmmgr/config.json diff --git a/vm/etc/apk/repositories b/vm/etc/apk/repositories index 1cbf4d0..3ef1ecf 100644 --- a/vm/etc/apk/repositories +++ b/vm/etc/apk/repositories @@ -1,5 +1,3 @@ -http://dl-cdn.alpinelinux.org/alpine/v3.13/main -http://dl-cdn.alpinelinux.org/alpine/v3.13/community -@edge http://dl-cdn.alpinelinux.org/alpine/edge/main -@edgecommunity http://dl-cdn.alpinelinux.org/alpine/edge/community -@spotter https://repo.spotter.cz/alpine/v3.13/apk +http://dl-cdn.alpinelinux.org/alpine/v3.15/main +http://dl-cdn.alpinelinux.org/alpine/v3.15/community +@spotter https://repo.spotter.cz/alpine/v3.15/apk diff --git a/vm/etc/conf.d/iptables b/vm/etc/conf.d/iptables deleted file mode 100644 index fec1ad5..0000000 --- a/vm/etc/conf.d/iptables +++ /dev/null @@ -1,14 +0,0 @@ -# /etc/conf.d/iptables - -# Location in which iptables initscript will save set rules on -# service shutdown -IPTABLES_SAVE="/etc/iptables/rules-save" - -# Options to pass to iptables-save and iptables-restore -SAVE_RESTORE_OPTIONS="-c" - -# Save state on stopping iptables -SAVE_ON_STOP="no" - -# Enable/disable IPv4 forwarding with the rules -IPFORWARD="yes" diff --git a/vm/etc/iptables/rules-save b/vm/etc/iptables/rules-save deleted file mode 100644 index 8d489a6..0000000 --- a/vm/etc/iptables/rules-save +++ /dev/null @@ -1,7 +0,0 @@ -*nat -:PREROUTING ACCEPT [0:0] -:INPUT ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] -:POSTROUTING ACCEPT [0:0] -[0:0] -A POSTROUTING -o eth0 -j MASQUERADE -COMMIT diff --git a/vm/etc/subgid b/vm/etc/subgid new file mode 100644 index 0000000..11d22d2 --- /dev/null +++ b/vm/etc/subgid @@ -0,0 +1 @@ +spoc:100000:65536 diff --git a/vm/etc/subuid b/vm/etc/subuid new file mode 100644 index 0000000..11d22d2 --- /dev/null +++ b/vm/etc/subuid @@ -0,0 +1 @@ +spoc:100000:65536