Commit 3bf62c87 authored by Natanael Copa's avatar Natanael Copa

remove setup-ads, setup-alpine-web and setup-cryptswap

parent d7de48e0
......@@ -11,13 +11,10 @@ TMP := $(PV)
LIB_FILES := libalpine.sh
SBIN_FILES := lbu\
setup-acf\
setup-ads\
setup-alpine-web\
setup-alpine\
setup-apkcache\
setup-apkrepos\
setup-bootable\
setup-cryptswap\
setup-disk\
setup-dns\
setup-gparted-desktop\
......
#!/bin/sh
#
# Join AD
# for uclibc systems
#
# Copyright (c) 2007 A.Poslavsky
# May be distributed under gpl2
# TODO:
# * suggest a domain name based on hostname -d? /etc/resolv.conf?
# * suggest DC server(s) based on
# $(dig _kerberos._tcp.dc._msdcs.$DOMAIN SRV +short)
VERSION=@VERSION@
PROGRAM=setup-ads
. $PREFIX/lib/libalpine.sh
KRBCONF="/etc/krb5.conf"
SMBCONF="/etc/samba/smb.conf"
DOMAINADMIN="Administrator"
PW=""
HOSTNAME=$(hostname)
FORCE=""
retcode=0
die() {
echo $* >&2
exit 1
}
ask_info() {
echo "Configuring kerberos"
echon "Enter your full Domain name in uppercase [$DOMAIN]: "
default_read DOMAIN $DOMAIN
echon "Enter your short Domain name (Workgroup) [$WORKGROUP]: "
default_read WORKGROUP $WORKGROUP
echon "Domain controller(s) (separate with space) [$DC]: "
default_read DC $DC
echon "Domain Administrator [$DOMAINADMIN]: "
default_read DOMAINADMIN $DOMAINADMIN
}
conf_krb() {
[ -f $KRBCONF ] && cp $KRBCONF $KRBCONF.bak ; [ "$VERBOSE" ] && echo "Making backup copy of $KRBCONF to $KRBCONF.bak"
echo "Writing $KRBCONF"
echo "[libdefaults]
default_realm = $DOMAIN
[realms]
$DOMAIN = {
$(for a in $DC
do
echo " kdc = $a"
done)
admin_server = $(echo $DC | sed "s/ .*//")
}
[login]
krb4_convert = true
krb4_get_tickets = true" > $KRBCONF
kinit $DOMAINADMIN@$DOMAIN || die "Sorry, could not authenticate against kerberos!"
}
join_ads() {
if [ -f $SMBCONF ] ; then
cp $SMBCONF $SMBCONF.bak
[ "$VERBOSE" ] && echo "Making backup copy of $SMBCONF to $SMBCONF.bak"
fi
echo "smb.conf witten by $PROGRAM
[global]
# Browsing/Identification
domain master = no
domain logons = no
preferred master = no
# Domain info
security = ADS
password server = $(echo $DC)
workgroup = $WORKGROUP
realm = $DOMAIN
netbios name = $HOSTNAME
server string = "Samba Server $HOSTNAME"
allow trusted domains = no
idmap backend = rid:$WORKGROUP=50000-100000000
winbind separator = -
winbind nested groups = Yes
winbind enum users = yes
winbind enum groups = yes
idmap uid = 50000-100000000
idmap gid = 50000-100000000
wins server = $(echo $DC)
guest account = nobody
[testshare]
comment = Secret data
writable = yes
path = /srv/Samba/Test
public = yes
" > $SMBCONF
[ "$VERBOSE" ] && echo "net ads join -W $DOMAIN -S $(echo $DC | sed "s/ .*//") -U $DOMAINADMIN"
net ads join -W $DOMAIN -S $(echo $DC | awk '{ print $1 }') -U $DOMAINADMIN\
|| echo "Sorry could not join $DOMAIN domain" && exit 1
}
check_exist() {
if [ -f "$SMBCONF" -o -f "$KRBCONF" ] ; then
[ ! "$FORCE" ] && die "Config file(s) already exist(s),
use -f to force overwriting of these file(s)"
fi
}
usage() {
echo "$PROGRAM $VERSION"
echo "usage: $PROGRAM [options] [args]
Options:
-h Show help for subcommand.
-q Quiet mode.
-v Verbose mode.
-K <kerberosconfigfile>
-S <sambaconfigfile>
-U <domain administrator>
-D <domain>
-P <password>
-f force overwrite of existing configfiles (will do backup)
"
exit 1
}
# parse common args
while getopts "D:fP:hvU:K:S:" opt ; do
case "$opt" in
h) usage
;;
P) PW="$OPTARG"
;;
v) VERBOSE="$VERBOSE -v"
;;
U) DOMAINADMIN="$OPTARG"
;;
K) KRBCONF="$OPTARG"
;;
S) SMBCONF="$OPTARG"
;;
D) DOMAIN="$OPTARG"
;;
f) FORCE="$FORCE -f"
;;
esac
done
shift `expr $OPTIND - 1`
apk add samba-ldap
check_exist
ask_info
conf_krb
join_ads
echo "kerberos initialized, domain joined"
exit $retcode
#!/bin/sh
PROGRAM=${0##*/}
BRNUM=0
CNET="10.$BRNUM.0"
HNAME=alpine
DOMAIN="bootstrap.invalid"
IFACE_LIST=/tmp/interfaces
get_interfaces() {
[ -f "$IFACE_LIST" ] || tail -n +3 /proc/net/dev \
| awk -F: '$1 !~ /lo/ { print $1 }' > "$IFACE_LIST"
cat "$IFACE_LIST"
}
make_dhcp_subnet() {
local num=$1
local iface=$2
local network="$CNET.$num"
local netmask=255.255.255.240
local router="$CNET.$(( $num + 1 ))"
local poolstart="$CNET.$(( $num + 3 ))"
local poolend="$CNET.$(( $num + 14 ))"
echo "subnet $network netmask $netmask {"
echo " range $poolstart $poolend;"
echo " option routers $router;"
echo "}"
echo ""
ip addr add $router/28 dev $iface || echo "Failed to set address $router/28 on $iface" >&2
ip link set dev $iface up
iptables -t nat -A PREROUTING -i $iface -j DNAT --to-destination $router
}
make_dhcp_global() {
echo "option domain-name \"$DOMAIN\";"
echo "option domain-name-servers $CNET.1;"
echo "ddns-update-style none;"
echo ""
}
do_setup() {
local i
local count
hostname $HNAME
# install needed packages
apk add dhcp iptables "$@"
# config dhcp server
make_dhcp_global > /etc/dhcp/dhcpd.conf
count=0
for i in $(get_interfaces); do
# maximum 16 network interfaces
[ $count -ge 16 ] && break
make_dhcp_subnet $(( $count * 16 )) $i >> /etc/dhcp/dhcpd.conf
count=$(( $count + 1 ))
done
/etc/init.d/syslog start
/etc/init.d/dhcpd start
FORCE_SETUP_WEBCONF=yes setup-acf "$@"
# set up http listener/forwarder
mkdir -p /var/www/redirect
cat <<EOF >/var/www/redirect/index.html
<html>
<head>
<meta HTTP-EQUIV="REFRESH" content="0; url=https://$(hostname)">
</head>
<body></body>
</html>
EOF
echo "E404:/var/www/redirect/index.html" > /etc/httpd.conf
echo "HTTPD_OPTS=\"-h /var/www/redirect\"" > /etc/conf.d/httpd
/etc/init.d/httpd start
# dummy dns
echo "* $CNET.1" > /etc/dnsd.conf
/etc/init.d/dnsd start
}
# reconf dhcp and kill all interfaces but $1
do_reset() {
local iface=$1
local i
local oldip=$(ip addr show dev $iface | awk '/inet / { print $2 } ' | head -n 1)
# setup new dhcpd.conf
make_dhcp_global > /etc/dhcp/dhcpd.conf
cat >> /etc/dhcp/dhcpd.conf <<EOF
subnet $CNET.0 netmask 255.255.255.0 {
range $CNET.3 $CNET.14;
option routers $CNET.1;
}
EOF
# shut down all interfaces
for i in $(get_interfaces); do
ip addr flush dev $i
[ "$i" = "$iface" ] && continue
ip link set dev $i down
done
# bring interface up again and flush iptables
ip addr add $oldip dev $iface
ip addr add $CNET.1/24 dev $iface
iptables -t nat -F PREROUTING
/etc/init.d/dhcpd restart
}
usage() {
cat <<EOF
usage: $PROGRAM [-c X.Y.Z] [-H HOSTNAME] [-R IFACE]
options:
-c Use X.Y.Z as network prefix rather than $CNET
-H set hostname
-R reset previously configured initerfaces and configure IFACE
EOF
exit 0
}
# require root
if [ "$(id -u)" != "0" ]; then
echo "ERROR: This script must be run as root" 1>&2
exit 1
fi
# parse args
while getopts "b:c:d:H:hR:" opts; do
case "$opts" in
b) BRNUM="$OPTARG";;
c) CNET="$OPTARG";;
d) DOMAIN="$OPTARG";;
H) HNAME="$OPTARG";;
h) usage;;
R) KEEP_IFACE="$OPTARG";;
esac
done
shift $(( $OPTIND - 1 ))
if [ -z "$KEEP_IFACE" ]; then
do_setup "$@"
exit 0
fi
do_reset "$KEEP_IFACE"
#!/bin/sh
PREFIX=
. "$PREFIX/lib/libalpine.sh"
list_partitions() {
awk '$1 ~ /[0-9]/ {print " " $4}' /proc/partitions
}
if [ -z "$1" ] ; then
while [ "x$verify" != "xy" ] ; do
echo "Available partitions: " $(list_partitions)
echon "Use what partition for encrypted swap? [none] "
default_read part "none"
# check if user requested to abort
if [ "x$part" = "xabort" ] || [ "x$part" = "xnone" ] ; then
exit
fi
# check if device exist
[ -e /dev/$part ] || continue
# let the user verify
echon "Warning! you will lose all data on $part. Continue? (y/n) [n] "
default_read verify "n"
done
else
part=$1
fi
apk add cryptsetup-luks
# set the device in /etc/conf.f/cryptswap
if grep ^DEVICE= /etc/conf.d/cryptswap >/dev/null ; then
sed -i 's:^DEVICE=.*:DEVICE=/dev/'$part':' /etc/conf.d/cryptswap
else
echo "DEVICE=/dev/$part" >> /etc/conf.d/cryptswap
fi
rc_add -k -s 05 cryptswap
rc_add -k -s 06 swap
/etc/init.d/cryptswap start
/etc/init.d/swap start
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment