debian_postinstall.sh (1176B)
1 #!/usr/bin/env bash 2 # 3 # Postinstall scripts after Debian preseed 4 # 5 # set -o errexit 6 # set -o nounset 7 set -o xtrace 8 9 # Reset ssh root login 10 sed -i 's/^.*PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config 11 12 # Configure sudoers and ssh pubkeys 13 echo "$USERNAME ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/90-packer 14 mkdir -p "/home/$USERNAME/.ssh" 15 echo -e "$AUTHORIZED_KEYS" > "/home/$USERNAME/.ssh/authorized_keys" 16 17 # Disable LXC bridge 18 sed -i 's/^USE_LXC_BRIDGE="true"/USE_LXC_BRIDGE="false"/g' /etc/default/lxc-net 19 20 # Disable dhcp on eth0 21 sed -i 's/^iface eth0 inet dhcp/iface eth0 inet static/g' /etc/network/interfaces 22 23 # Enable host device bridge 24 # https://wiki.debian.org/LXC/SimpleBridge#Host_device_as_bridge 25 cat <<EOF > /etc/network/interfaces.d/br0 26 auto br0 27 iface br0 inet dhcp 28 hwaddress ether 02:cf:f3:37:2a:be 29 bridge_ports eth0 30 bridge_fd 0 31 bridge_maxwait 0 32 EOF 33 34 cat <<EOF > /etc/apparmor.d/lxc/lxc-gatus 35 profile lxc-gatus flags=(attach_disconnected,mediate_deleted) { 36 # Include base container profile 37 #include <abstractions/lxc/container-base> 38 39 # Allow mounting a specific directory 40 mount fstype=nfs -> /etc/nginx/tls/, 41 } 42 EOF