ashikk
/
alpine-linux-headless-bootstrap
mirror of https://github.com/macmpi/alpine-linux-headless-bootstrap.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: ashikk:f7571ac6e559c73fae9b4c8b06f76bede0310534
Branches Tags
ashikk:main
ashikk:dev
ashikk:v1.2
ashikk:v1.1
ashikk:v1.0
ashikk:v0.9
ashikk:v0.8
ashikk:v0.7
..
compare: ashikk:e263862335943c9c61eb35beb5f8270e64705199
Branches Tags
ashikk:dev
ashikk:main
ashikk:v1.2
ashikk:v1.1
ashikk:v1.0
ashikk:v0.9
ashikk:v0.8
ashikk:v0.7

6 Commits
f7571ac6e5 ... e263862335

Author SHA1 Message Date
macmpi e263862335
Merge pull request #18 from macmpi/dev 
Release 0.9
 2023-09-20 14:17:33 +02:00
macmpi 03eb12b52f version 0.9 
Allow authorized_keys authentication
Fix apkovl file detection (again)
Test internet availability
Misc wording tweaks
 2023-09-20 14:10:29 +02:00
macmpi ab94ea6f31 log messages tweaks 2023-09-20 12:03:16 +02:00
macmpi e85ef08be2 fix ovl file detection again 2023-09-20 10:54:42 +02:00
macmpi 33742dec79 Allow authorized_keys 2023-09-20 09:09:30 +02:00
macmpi ebc52d13a8 Add test for internet availability 2023-09-18 19:25:40 +02:00
4 changed files with 49 additions and 14 deletions
Show Stats Expand all files Collapse all files

3
README.md
View File

@ -22,7 +22,8 @@ From there, actual system install can be performed as usual with `setup-alpine`
Extra files may be added next to `headless.apkovl.tar.gz` to customise boostrapping configuration (check sample files): Extra files may be added next to `headless.apkovl.tar.gz` to customise boostrapping configuration (check sample files):
- `wpa_supplicant.conf`[^3] (*mandatory for wifi usecase*): define wifi SSID & password. - `wpa_supplicant.conf`[^3] (*mandatory for wifi usecase*): define wifi SSID & password.
- `interfaces`[^3] (*optional*): define network interfaces at will, if defaults DCHP-based are not suitable. - `interfaces`[^3] (*optional*): define network interfaces at will, if defaults DCHP-based are not suitable.
- `ssh_host_*_key*` (*optional*): provide custom ssh keys to be injected (may be stored), instead of using bundled ones[^2] (not stored). Providing an empty key file will trigger new keys generation (ssh server may take longer to start). - `authorized_keys` (*optional*): provide client's public SSH key to secure `root` ssh login.
- `ssh_host_*_key*` (*optional*): provide server's custom ssh keys to be injected (may be stored), instead of using bundled ones[^2] (not stored). Providing an empty key file will trigger new keys generation (ssh server may take longer to start).
- `unattended.sh`[^3] (*optional*): create custom automated deployment script to further tune & extend actual setup (backgrounded). - `unattended.sh`[^3] (*optional*): create custom automated deployment script to further tune & extend actual setup (backgrounded).

BIN
headless.apkovl.tar.gz
View File

Binary file not shown.

53
overlay/etc/local.d/headless.start
View File

@ -3,7 +3,7 @@
# Copyright 2022 - 2023, macmpi # Copyright 2022 - 2023, macmpi
# SPDX-License-Identifier: MIT # SPDX-License-Identifier: MIT
VERSION="0.8" VERSION="0.9"
_apk() { _apk() {
@ -39,7 +39,7 @@ _restore() {
fi fi
} }
##### End of part to be dupplicated into post-cleanup (do not alter!) ##### End of part to be duplicated into post-cleanup (do not alter!)
# Redirect stdout and errors to console as rc.local does not log anything # Redirect stdout and errors to console as rc.local does not log anything
@ -47,29 +47,31 @@ exec 1>/dev/console 2>&1
logger -st ${0##*/} "Alpine Linux headless bootstrap v$VERSION by macmpi" logger -st ${0##*/} "Alpine Linux headless bootstrap v$VERSION by macmpi"
mkdir /tmp/.trash install -dm 0700 /tmp/.trash
# grab used ovl filename from dmesg # grab used ovl filename from dmesg
ovl="$( dmesg | grep -o 'Loading user settings from .*:' | awk '{print $5}' | sed 's/:.*$//' )" ovl="$( dmesg | grep -o 'Loading user settings from .*:' | awk '{print $5}' | sed 's/:.*$//' )"
ovlpath="$( dirname "$ovl" )" ovl="$( basename "${ovl}" )"
# search path again as mountpoint may have been changed later in the boot process...
ovlpath=$( find /media -maxdepth 2 -type d -path '*/.*' -prune -o -type f -name "${ovl}" -exec dirname {} \; | head -1 )
# Help randomness for wpa_supplicant and ssh server # Help randomness for wpa_supplicant and ssh server
rc-service seedrng start rc-service seedrng start
## Setup Network interfaces ## Setup Network interfaces
if [ -f "${ovlpath}/wpa_supplicant.conf" ]; then if [ -f "${ovlpath}/wpa_supplicant.conf" ]; then
logger -st ${0##*/} "Wifi setup found !" logger -st ${0##*/} "Configuring wifi..."
_apk add wpa_supplicant _apk add wpa_supplicant
_preserve "/etc/wpa_supplicant/wpa_supplicant.conf" _preserve "/etc/wpa_supplicant/wpa_supplicant.conf"
install -m600 "${ovlpath}/wpa_supplicant.conf" /etc/wpa_supplicant/wpa_supplicant.conf install -m600 "${ovlpath}/wpa_supplicant.conf" /etc/wpa_supplicant/wpa_supplicant.conf
else else
logger -st ${0##*/} "Wifi setup not found !" logger -st ${0##*/} "No wifi setup supplied !"
fi fi
_preserve "/etc/network/interfaces" _preserve "/etc/network/interfaces"
if ! install -m644 "${ovlpath}/interfaces" /etc/network/interfaces; then if ! install -m644 "${ovlpath}/interfaces" /etc/network/interfaces; then
# set default interfaces if not specified by interface file on boot storage # set default interfaces if not specified by interface file on boot storage
logger -st ${0##*/} "No interfaces file supplied, building default interfaces..." logger -st ${0##*/} "No interfaces file supplied, building defaults..."
for dev in $(ls /sys/class/net) for dev in $(ls /sys/class/net)
do do
case ${dev%%[0-9]*} in case ${dev%%[0-9]*} in
@ -132,12 +134,26 @@ _apk add openssh
_preserve "/etc/ssh/sshd_config" _preserve "/etc/ssh/sshd_config"
_preserve "/etc/conf.d/sshd" _preserve "/etc/conf.d/sshd"
cat <<-EOF >> /etc/ssh/sshd_config cat <<-EOF > /etc/ssh/sshd_config
AuthenticationMethods none
PermitEmptyPasswords yes
PermitRootLogin yes PermitRootLogin yes
Banner /tmp/.trash/banner Banner /tmp/.trash/banner
EOF EOF
if install -m600 "${ovlpath}/authorized_keys" /tmp/.trash/authorized_keys; then
logger -st ${0##*/} "Enabling public key SSH authentication..."
cat <<-EOF >> /etc/ssh/sshd_config
AuthenticationMethods publickey
AuthorizedKeysFile /tmp/.trash/authorized_keys
# relax strict mode as authorized_keys are inside /tmp
StrictModes no
EOF
else
logger -st ${0##*/} "No SSH authentication."
cat <<-EOF >> /etc/ssh/sshd_config
AuthenticationMethods none
PermitEmptyPasswords yes
EOF
fi
# Banner file # Banner file
warn="" warn=""
@ -149,7 +165,7 @@ cat <<-EOF > /tmp/.trash/banner
Alpine Linux headless bootstrap v$VERSION by macmpi Alpine Linux headless bootstrap v$VERSION by macmpi
You may want to delete/rename .apkovl file before reboot ${warn}: You may want to delete/rename .apkovl file before reboot ${warn}:
$ovl ${ovlpath}/${ovl}
(can be done automatically with unattended script - see sample snippet) (can be done automatically with unattended script - see sample snippet)
@ -189,6 +205,16 @@ sed -n '/^#* End .*alter!)$/q;p' /etc/local.d/headless.start > /tmp/.trash/post-
cat <<-EOF >> /tmp/.trash/post-cleanup cat <<-EOF >> /tmp/.trash/post-cleanup
_tst_inet() {
## Tested URL redirects to github project page: is.gd shortener provides basic analytics.
## Analytics are public and can be checked at https://is.gd/stats.php?url=apkovl_run
## Privacy policy: https://is.gd/privacy.php
INET="failed"
wget -q -T 10 --spider https://is.gd/apkovl_run > /dev/null 2>&1 &&
INET="success"
logger -st ${0##*/} "Internet access: \$INET"
}
logger -st ${0##*/} "Cleaning-up..." logger -st ${0##*/} "Cleaning-up..."
_restore "/etc/ssh/sshd_config" _restore "/etc/ssh/sshd_config"
_restore "/etc/conf.d/sshd" _restore "/etc/conf.d/sshd"
@ -202,6 +228,11 @@ cat <<-EOF >> /tmp/.trash/post-cleanup
rc-update del local default rc-update del local default
rm /etc/local.d/headless.start rm /etc/local.d/headless.start
# Internet connectivity test
# Can be skipped by creating a 'opt-out'-named dummy file aside apkovl file
[ -f "${ovlpath}/opt-out" ] || _tst_inet &
# Run unattended script if available
if [ -f "${ovlpath}/unattended.sh" ]; then if [ -f "${ovlpath}/unattended.sh" ]; then
install -m755 "${ovlpath}/unattended.sh" /tmp/unattended.sh install -m755 "${ovlpath}/unattended.sh" /tmp/unattended.sh
/tmp/unattended.sh >/dev/console 2>&1 & /tmp/unattended.sh >/dev/console 2>&1 &

7
sample_unattended.sh
View File

@ -14,13 +14,16 @@ sleep 60
## This snippet removes apkovl file on volume after initial boot ## This snippet removes apkovl file on volume after initial boot
# grab used ovl filename from dmesg
ovl="$( dmesg | grep -o 'Loading user settings from .*:' | awk '{print $5}' | sed 's/:.*$//' )" ovl="$( dmesg | grep -o 'Loading user settings from .*:' | awk '{print $5}' | sed 's/:.*$//' )"
ovlpath="$( dirname "$ovl" )" ovl="$( basename "${ovl}" )"
# search path again as mountpoint may have been changed later in the boot process...
ovlpath=$( find /media -maxdepth 2 -type d -path '*/.*' -prune -o -type f -name "${ovl}" -exec dirname {} \; | head -1 )
# also works in case volume is mounted read-only # also works in case volume is mounted read-only
grep -q "${ovlpath}.*[[:space:]]ro[[:space:],]" /proc/mounts; RO=$? grep -q "${ovlpath}.*[[:space:]]ro[[:space:],]" /proc/mounts; RO=$?
[ "$RO" -eq "0" ] && mount -o remount,rw "${ovlpath}" [ "$RO" -eq "0" ] && mount -o remount,rw "${ovlpath}"
rm -f "${ovl}" rm -f "${ovlpath}/${ovl}"
[ "$RO" -eq "0" ] && mount -o remount,ro "${ovlpath}" [ "$RO" -eq "0" ] && mount -o remount,ro "${ovlpath}"
######################################################## ########################################################