From ad389a318c78800dc74eafb6f0d14daa989a267d Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Mon, 8 Aug 2016 16:41:18 +0300 Subject: Initial commit --- authorized_keys | 1 + router.conf | 14 ++++++++++++++ router.customize | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 62 insertions(+) create mode 100644 authorized_keys create mode 100644 router.conf create mode 100755 router.customize diff --git a/authorized_keys b/authorized_keys new file mode 100644 index 0000000..b7e5273 --- /dev/null +++ b/authorized_keys @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzc5k+s8dm6zwxlfgIAUVY8x1UPOXDnxLgIpMbS7DuHmtpo7a6doFRGdaPnQStteliLWmmggVwh5q3PPvgegTT6SIc3mPoL3UK/2bnkU+wGwUfhykP/Uulhtzr6Dsr3vgTNp6dFCvSd5ZEb+ih9I9nRviWM9vDYXccc4jKoxb9Zepb6QWp3F8dPpUFEf6GbH+WunE2TFj8aJ5f4R77phpof+vLfiJyV0QTUVpf3BYPfnnmbOVLy/3t4YvdUde+FMdXiWwmfb35ZNmRqpD0U4jzFVGg2TgeGXCu18kva04i20S2yrQEY5oQndnaRZdbWa7Hp83WRIuk1d0X1TXViVPcw== liw diff --git a/router.conf b/router.conf new file mode 100644 index 0000000..44ce72e --- /dev/null +++ b/router.conf @@ -0,0 +1,14 @@ +[config] +mirror = http://192.168.0.35/debian +enable-dhcp = no +size = 4G +verbose = yes +grub = yes +sparse = yes +sudo = yes +package = ssh, python, dnsmasq +customize = ./router.customize +hostname = router +arch = amd64 +distribution = jessie +image = router.img diff --git a/router.customize b/router.customize new file mode 100755 index 0000000..2a5dc26 --- /dev/null +++ b/router.customize @@ -0,0 +1,47 @@ +#!/bin/sh +# +# router.customize - configure router disk image for management by ansible +# +# This sets up a very basic image, just enough to allow ansible to log +# in and become root with sudo. Also, bring up DHCP server on LAN +# ports to allow access over ssh. All the rest of the configuration +# happens via ansible. +# +# Copyright 2016 Lars Wirzenius +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +set -eu + +# Avoid any problems (mainly weird perl warnings) from inherited +# locale from user. +export LC_ALL=C + +rootdir="$1" + +# Create an account for ansible. +chroot "$rootdir" adduser --gecos 'Ansible' --disabled-password ansible + +# Install an authorize_keys file so that ansible can access the account. +chroot "$rootdir" install -d -o ansible -g ansible -m 0700 /home/ansible/.ssh +install -m 0600 authorized_keys "$rootdir/home/ansible/.ssh/authorized_keys" +chroot "$rootdir" chown ansible:ansible /home/ansible/.ssh/authorized_keys + +# Add ansible to sudoers, without password. +cat <> "$rootdir/etc/sudoers.d/ansible" +ansible ALL=(ALL:ALL) NOPASSWD: ALL +EOF +chroot "$rootdir" chown root:root /etc/sudoers.d/ansible +chroot "$rootdir" chmod 0440 /etc/sudoers.d/ansible -- cgit v1.2.1