enoch/armbian-build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ef49fbe6b1
armbian-build/config/templates/customize-image.sh.template
Thomas Kaiser a37f267034 [OMV] Set permitrootlogin to false 
...hoping for OMV soon implementing a mandatory web UI passwd change at first login that also changes root passwd.
2017-07-31 21:16:18 +02:00

198 lines
9.5 KiB
Bash
Raw Blame History

#!/bin/bash
# arguments: $RELEASE $LINUXFAMILY $BOARD $BUILD_DESKTOP
#
# This is the image customization script
#
# NOTE: It is copied to /tmp directory inside the image
# and executed there inside chroot environment
# so don't reference any files that are not already installed
RELEASE=$1
LINUXFAMILY=$2
BOARD=$3
BUILD_DESKTOP=$4
Main() {
case $RELEASE in
jessie)
# your code here
# InstallOpenMediaVault # uncomment to get an OMV 3 image
;;
xenial)
# your code here
;;
stretch)
# your code here
;;
esac
} # Main
InstallOpenMediaVault() {
# use this routine to create a Debian Jessie based fully functional
# OpenMediaVault 3 OS image. Use of mainline kernel highly recommended!
# After exchanging userpatches/customize-image.sh or at least uncommenting
# InstallOpenMediaVault line above you would then run this for a NEO 2
# for example: ./compile.sh RELEASE=jessie BRANCH=dev BOARD=nanopineo2
#
# Please note that this variant changes Armbian default security
# policies since you end up with root password 'openmediavault' which
# you have to change yourself later.
#
# This routine is based on idea/code courtesy Benny Stark. For fixes,
# discussion and feature requests please refer to
# https://forum.armbian.com/index.php?/topic/2644-openmediavault-3x-customize-imagesh/
echo root:openmediavault | chpasswd
rm /root/.not_logged_in_yet
cp -p /etc/default/cpufrequtils /etc/default/cpufrequtils.bak
locale-gen "en_US.UTF-8"
locale-gen "C"
export LANG=C LC_ALL="en_US.UTF-8"
#Add OMV source.list and Update System
cat > /etc/apt/sources.list.d/openmediavault.list <<- EOF
# deb http://packages.openmediavault.org/public erasmus main
deb https://openmediavault.github.io/packages/ erasmus main
## Uncomment the following line to add software from the proposed repository.
# deb http://packages.openmediavault.org/public erasmus-proposed main
deb https://openmediavault.github.io/packages/ erasmus-proposed main
## This software is not part of OpenMediaVault, but is offered by third-party
## developers as a service to OpenMediaVault users.
# deb http://packages.openmediavault.org/public erasmus partner
EOF
# Add OMV and OMV Plugin developer keys, add Cloudshell 2 repo for XU4
if [ "${BOARD}" = "odroidxu4" ]; then
add-apt-repository -y ppa:kyle1117/ppa
sed -i 's/jessie/xenial/' /etc/apt/sources.list.d/kyle1117-ppa-jessie.list
fi
debconf-apt-progress -- apt-get update
apt-get --yes --force-yes --allow-unauthenticated install openmediavault-keyring
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7AA630A1EDEE7D73
# install debconf-utils, postfix and OMV
debconf-set-selections <<< "postfix postfix/mailname string openmediavault"
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'No configuration'"
apt-get --yes --force-yes --allow-unauthenticated --fix-missing --no-install-recommends \
-o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install \
debconf-utils postfix
# move newaliases temporarely out of the way (see Ubuntu bug 1531299)
cp -p /usr/bin/newaliases /usr/bin/newaliases.bak && ln -sf /bin/true /usr/bin/newaliases
# set hostname
read HOSTNAME </etc/hostname
sed -i -e "s/^::1 localhost.*/::1 ${HOSTNAME} localhost ip6-localhost ip6-loopback/" \
-e "s/^127.0.0.1 localhost.*/127.0.0.1 ${HOSTNAME} localhost/" /etc/hosts
sed -i -e "s/^mydestination =.*/mydestination = ${HOSTNAME}, localhost.localdomain, localhost/" \
-e "s/^myhostname =.*/myhostname = ${HOSTNAME}/" /etc/postfix/main.cf
export DEBIAN_FRONTEND=noninteractive
apt-get --yes --force-yes --allow-unauthenticated --fix-missing --no-install-recommends \
-o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install \
openmediavault
# install OMV extras, enable folder2ram, tweak some settings
FILE=$(mktemp)
wget https://github.com/OpenMediaVault-Plugin-Developers/packages/raw/master/openmediavault-omvextrasorg_latest_all3.deb -qO $FILE && dpkg -i $FILE
/usr/sbin/omv-update
# Install flashmemory plugin and netatalk by default, use nice logo for the latter
. /usr/share/openmediavault/scripts/helper-functions
apt-get -y -q install openmediavault-netatalk openmediavault-flashmemory
AFP_Options="mimic model = Macmini"
xmlstarlet ed -L -u "/config/services/afp/extraoptions" -v "$(echo -e "${AFP_Options}")" \
/etc/openmediavault/config.xml
/usr/sbin/omv-mkconf netatalk
# use folder2ram instead of log2ram with OMV, configure services
xmlstarlet ed -L -u "/config/services/flashmemory/enable" -v "1" /etc/openmediavault/config.xml
xmlstarlet ed -L -u "/config/services/ssh/enable" -v "1" /etc/openmediavault/config.xml
xmlstarlet ed -L -u "/config/services/ssh/permitrootlogin" -v "0" /etc/openmediavault/config.xml
xmlstarlet ed -L -u "/config/system/time/ntp/enable" -v "1" /etc/openmediavault/config.xml
xmlstarlet ed -L -u "/config/system/time/timezone" -v "UTC" /etc/openmediavault/config.xml
xmlstarlet ed -L -u "/config/system/network/dns/hostname" -v "${HOSTNAME}" /etc/openmediavault/config.xml
/usr/sbin/omv-mkconf flashmemory
/usr/sbin/omv-mkconf ssh
/usr/sbin/omv-mkconf ntp
/usr/sbin/omv-mkconf timezone
systemctl disable log2ram
rm /etc/cron.daily/log2ram
/sbin/folder2ram -enablesystemd
sed -i 's|-j /var/lib/rrdcached/journal/ ||' /etc/init.d/rrdcached
#FIX TFTPD ipv4
[ -f /etc/default/tftpd-hpa ] && sed -i 's/--secure/--secure --ipv4/' /etc/default/tftpd-hpa
# rootfs resize to 7.3G max and adding omv-initsystem to firstrun -- q&d but shouldn't matter
echo 15500000s >/root/.rootfs_resize
sed -i '/systemctl\ disable\ firstrun/i \
mv /usr/bin/newaliases.bak /usr/bin/newaliases \
export DEBIAN_FRONTEND=noninteractive \
apt-get install -f || exit 0 \
/usr/sbin/omv-initsystem \
mv /etc/default/cpufrequtils.bak /etc/default/cpufrequtils \
. /etc/default/cpufrequtils \
echo -e "OMV_CPUFREQUTILS_GOVERNOR=${GOVERNOR}" >>/etc/default/openmediavault \
echo -e "OMV_CPUFREQUTILS_MINSPEED=${MIN_SPEED}" >>/etc/default/openmediavault \
echo -e "OMV_CPUFREQUTILS_MAXSPEED=${MAX_SPEED}" >>/etc/default/openmediavault \
/usr/sbin/omv-rpc -u admin "perfstats" "set" \x27{"enable":false}\x27 \
/usr/sbin/omv-rpc -u admin "config" "applyChanges" \x27{ "modules": ["monit","rrdcached","collectd"],"force": true }\x27 \
/usr/sbin/omv-mkconf monit \
/usr/sbin/omv-mkconf rrdcached \
/usr/sbin/omv-mkconf collectd \
lsusb | grep -q "0bda:8153" || sed -i "/r8152/d" /etc/modules \
lsusb | egrep -q "0b95:1790|0b95:178a|0df6:0072" || sed -i "/ax88179_178a/d" /etc/modules' /etc/init.d/firstrun
sed -i '/systemctl\ disable\ firstrun/a \
sync && sleep 30 && reboot' /etc/init.d/firstrun
# add USB3 Gigabit Ethernet and NAS Dock support
echo -e "r8152\nax88179_178a" >>/etc/modules
egrep -q "air|neo|zero" <<<${BOARD} && echo "overlays=usbhost0 usbhost2 usbhost3" >>/boot/armbianEnv.txt
# some performance tuning: Samba, cpufreq behaviour, IO scheduling/priority
SMB_Options="min receivefile size = 16384\nwrite cache size = 524288\ngetwd cache = yes\nsocket options = TCP_NODELAY IPTOS_LOWDELAY"
xmlstarlet ed -L -u "/config/services/smb/extraoptions" -v "$(echo -e "${SMB_Options}")" ${OMV_CONFIG_FILE}
/usr/sbin/omv-mkconf samba
# Special treatment for ODROID-XU4 (and later Amlogic S912, RK3399 and other big.LITTLE
# based devices). Move all NAS daemons to the big cores. Increase coherent-memory size
# to 1MB: https://forum.odroid.com/viewtopic.php?f=146&t=26016&start=200#p197729
if [ "${BOARD}" = "odroidxu4" ]; then
XU4_HMP_Fix='; taskset -c -p 4-7 $i '
# Cloudshell stuff (fan, lcd, missing serials on 1st CS2 batch)
echo "H4sIAKdXHVkCA7WQXWuDMBiFr+eveOe6FcbSrEIH3WihWx0rtVbUFQqCqAkYGhJn
tF1x/vep+7oebDfh5DmHwJOzUxwzgeNIpRp9zWRegDPznya4VDlWTXXbpS58XJtD
i7ICmFBFxDmgI6AXSLgsiUop54gnBC40rkoVA9rDG0SHHaBHPQx16GN3Zs/XqxBD
leVMFNAz6n6zSWlEAIlhEw8p4xTyFtwBkdoJTVIJ+sz3Xa9iZEMFkXk9mQT6cGSQ
QL+Cr8rJJSmTouuuRzfDtluarm1aLVHksgWmvanm5sbfOmY3JEztWu5tV9bCXn4S
HB8RIzjoUbGvFvPw/tmr0UMr6bWSBupVrulY2xp9T1bruWnVga7DdAqYFgkuCd3j
vORUDQgej9HPJxmDDv+3WxblBSuYFH8oiNpHz8XvPIkU9B3JVCJ/awIAAA==" \
| tr -d '[:blank:]' | base64 --decode | gunzip -c >/usr/local/sbin/coudshell2-support.sh
chmod 755 /usr/local/sbin/coudshell2-support.sh
apt install -y i2c-tools odroid-cloudshell cloudshell2-fan
sed -i '/systemctl\ disable\ firstrun/i \
/usr/sbin/i2cdetect -y 1 | grep -q "60: 60" && /usr/local/sbin/coudshell2-support.sh' /etc/init.d/firstrun
sed -i 's/extraargs}"/extraargs} coherent_pool=1M"/' /boot/boot.ini
fi
echo "* * * * * root for i in \`pgrep \"ftpd|nfsiod|smbd|afpd|cnid\"\` ; do ionice -c1 -p \$i ${XU4_HMP_Fix}; done >/dev/null 2>&1" \
>/etc/cron.d/make_nas_processes_faster
chmod 600 /etc/cron.d/make_nas_processes_faster
# add SATA port multiplier hint if appropriate
[ "${LINUXFAMILY}" = "sunxi" ] && \
echo -e "#\n# If you want to use a SATA PM add \"ahci_sunxi.enable_pmp=1\" to bootargs above" \
>>/boot/boot.cmd
# Update smartmontools drive database
wget https://raw.githubusercontent.com/mirror/smartmontools/master/drivedb.h -qO $FILE
grep -q 'drivedb.h' $FILE && mv $FILE /var/lib/smartmontools/drivedb/drivedb.h && \
chmod 644 /var/lib/smartmontools/drivedb/drivedb.h
# Filter out some log messages
echo ':msg, contains, "do ionice -c1" ~' >/etc/rsyslog.d/omv-armbian.conf
echo ':msg, contains, "action " ~' >>/etc/rsyslog.d/omv-armbian.conf
echo ':msg, contains, "netsnmp_assert" ~' >>/etc/rsyslog.d/omv-armbian.conf
echo ':msg, contains, "Failed to initiate sched scan" ~' >>/etc/rsyslog.d/omv-armbian.conf
} # InstallOpenMediaVault
Main "$@"
Reference in New Issue View Git Blame Copy Permalink