path: root/installMinimalDevuanASCII.sh

# User tweakable parameters.
#   GOLIVE - CACHE is only needed for the desktop during testing.
#CACHE="sda23"
DISK="sdb2"
MIRROR="http://deb.devuan.org/"
NS="8.8.8.8"
#PASS="password"
TYPE="server"
TZ="Europe/Amsterdam"
USER="onefang"
WORK="/media/devuan_install"


# Filter out the worst of the excess output.
aptInstall ()
{
  chroot ${WORK} apt-get --yes install $* | grep -v -e "^Selecting previously unselected package " -e "^Preparing to unpack " -e "^ create mode " -e "^ rename "
}


# Setup the disk.
umount /dev/${DISK}
mkdir -p ${WORK}
dpkg -i debootstrap_1.0.89-devuan2.1_all.deb
mkfs.ext4 -j -O extent -L "" /dev/${DISK}
sync
mount /dev/${DISK} ${WORK}
mkdir -p ${WORK}/var/cache/apt/archives
#mount /dev/${CACHE} ${WORK}/var/cache/apt
mount --bind /var/cache/apt/archives ${WORK}/var/cache/apt/archives


# Various env variable tweaks.
export DEBIAN_FRONTEND=readline
export TERM=xterm-color
export LANG=C.UTF-8
# Prevent some leakage.
export LD_LIBRARY_PATH=""
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin"
export PKG_CONFIG_PATH=""
export PYTHONINCLUDE=""
export PYTHONPATH=""
export XDG_DATA_DIRS=""


# Start installing it.
debootstrap --arch amd64 --variant=minbase --include=makedev,apt-utils,git,etckeeper,rsyslog,swapspace,debconf-utils ascii ${WORK} ${MIRROR}/merged

# Setup the chroot.
mount -o bind /sys ${WORK}/sys
chroot ${WORK} /bin/bash <<- zzzEOFzzz
  mount -t proc proc /proc
  mount -t devpts devpts /dev/pts
  cd /dev
  echo "Filling /dev"
  MAKEDEV generic
  mknod /dev/${DISK} b 259 5
  cd /
  etckeeper post-install | grep -v -e "^ create mode " -e "^ rename "
zzzEOFzzz


# Turn off the daily etckeeper commits, and make it stop and complain when there are changes to be comitted.
sed -i -e 's/#AVOID_DAILY_AUTOCOMMITS=1/AVOID_DAILY_AUTOCOMMITS=1/' -e 's/#AVOID_COMMIT_BEFORE_INSTALL=1/AVOID_COMMIT_BEFORE_INSTALL=1/' ${WORK}/etc/etckeeper/etckeeper.conf

# Configure apt.
cat > ${WORK}/etc/apt/sources.list <<- zzzEOFzzz
	deb ${MIRROR}/merged ascii main contrib non-free
	deb ${MIRROR}/merged ascii-security main contrib non-free
	deb ${MIRROR}/merged ascii-updates main contrib non-free
	deb ${MIRROR}/devuan ascii-proposed main contrib non-free
	deb ${MIRROR}/merged ascii-backports main contrib non-free
zzzEOFzzz
# Keep things minimal.
cat > ${WORK}/etc/apt/apt.conf.d/01lean <<- zzzEOFzzz
	APT::Install-Recommends "0";
	APT::AutoRemove::RecommendsImportant "false";
zzzEOFzzz
cat > ${WORK}/etc/apt/apt.conf.d/99synaptic <<- zzzEOFzzz
	APT::Install-Recommends "false";
zzzEOFzzz
# Not sure, but may need different "profiles" in this file.
cat > ${WORK}/etc/apt/listchanges.conf <<- zzzEOFzzz
	[apt]
	frontend=pager
	pager=mcview
	email_address=root
	confirm=true
	save_seen=/var/lib/apt/listchanges.db
	which=both
	headers=1
zzzEOFzzz

#cp /etc/fstab ${WORK}/etc/fstab
cat > ${WORK}/etc/fstab <<- zzzEOFzzz
	proc /proc proc nodev,noexec,nosuid 0 0
	/dev/${DISK} / ext4 errors=remount-ro 0 1
zzzEOFzzz
cat > ${WORK}/etc/adjtime <<- zzzEOFzzz
	0.0 0 0.0
	0
	UTC
zzzEOFzzz
cat > ${WORK}/etc/timezone <<- zzzEOFzzz
	${TZ}
zzzEOFzzz
rm ${WORK}/etc/localtime
ln -s /usr/share/zoneinfo/${TZ} ${WORK}/etc/localtime

# Provide pre canned answers, so this script can run with minimal user interaction.
# Use something like this to find what to set here - debconf-get-selections | grep locales
chroot ${WORK} debconf-set-selections <<- zzzEOFzzz
	console-setup console-setup/codeset47 select # Latin1 and Latin5 - western Europe and Turkic languages
	locales locales/locales_to_be_generated multiselect All locales
	locales locales/default_environment_locale select en_AU.UTF-8
	keyboard-configuration keyboard-configuration/layout select English (US)

	grub-pc grub-pc/install_devices multiselect /dev/${DISK}

	courier-base courier-base/webadmin-configmode boolean true
	phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2

	wireshark-common wireshark-common/install-setuid boolean false
zzzEOFzzz


# Create user, and set passwords.
cp -r fileSystem/etc/skel/.[^.]* ${WORK}/etc/skel
#chroot ${WORK} useradd -m -U ${USER} -G sudo -s /bin/bash
cp -r fileSystem/etc/skel/.[^.]* ${WORK}/root
#if [ -z "${PASS}" ]
#then
#  echo "User ${USER} - "
#  chroot ${WORK} passwd ${USER}
#  echo "User root - "
#  chroot ${WORK} passwd
#else
#  chroot ${WORK} passwd ${USER} <<- zzzEOFzzz
#	${PASS}
#	${PASS}
#zzzEOFzzz
#  chroot ${WORK} passwd <<- zzzEOFzzz
#	toor${PASS}
#	toor${PASS}
#zzzEOFzzz
#fi


# Update the debootstrap installed stuff.
chroot ${WORK} /bin/bash <<- zzzEOFzzz
  etckeeper commit "Initial 'manual' configurations." | grep -v -e "^ create mode " -e "^ rename "
  apt-get update
  apt-get --yes dist-upgrade | grep -v -e "^Selecting previously unselected package " -e "^Preparing to unpack " -e "^ create mode " -e "^ rename "
zzzEOFzzz


# Install kernel and friends.
#chroot ${WORK} etckeeper commit "Tweak grub config." | grep -v -e "^ create mode " -e "^ rename "
aptInstall linux-image-`dpkg --print-architecture` linux-headers-`dpkg --print-architecture` os-prober eudev bash-completion psmisc irqbalance grub2 \
  firmware-linux firmware-misc-nonfree amd64-microcode intel-microcode


# Install base stuff that everyone needs.
aptInstall console-setup locales
cat > ${WORK}/etc/default/console-setup <<- zzzEOFzzz
	# CONFIGURATION FILE FOR SETUPCON
	# Consult the console-setup(5) manual page.

	ACTIVE_CONSOLES="/dev/tty[2-6]"
	CHARMAP="UTF-8"
	CODESET="Lat15"
	FONTFACE="Terminus"
	FONTSIZE="6x12"
	VIDEOMODE=
zzzEOFzzz
cat > ${WORK}/etc/default/keyboard <<- zzzEOFzzz
	# KEYBOARD CONFIGURATION FILE
	# Consult the keyboard(5) manual page.

	XKBMODEL="pc105"
	XKBLAYOUT="us"
	XKBVARIANT=""
	XKBOPTIONS=""
	BACKSPACE="guess"
zzzEOFzzz
cat > ${WORK}/etc/default/locale <<- zzzEOFzzz
	LANG=en_AU.UTF-8
zzzEOFzzz
chroot ${WORK} etckeeper commit "Tweak console and keyboard configs." | grep -v -e "^ create mode " -e "^ rename "

aptInstall busybox netbase net-tools iproute2 ifupdown isc-dhcp-client inetutils-ping ntp shorewall shorewall6 dnsutils lynx wget curl \
  make dns-root-data resolvconf kmod openssh-server openssh-client traceroute keychain courier-mta cron maildrop
# Prevent root from sshing in, and other sshd tweaks.
sed -i -e 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' -e 's/#Port 22/Port 501/' \
    -e 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' -e 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' ${WORK}/etc/ssh/sshd_config
chroot ${WORK} etckeeper commit "Don't let root login to ssh, and other sshd tweaks." | grep -v -e "^ create mode " -e "^ rename "


mkdir -p ${WORK}/etc/network/interfaces.d
cp /etc/network/interfaces ${WORK}/etc/network/interfaces
cp /etc/network/interfaces.d/* ${WORK}/etc/network/interfaces.d
#cat > ${WORK}/etc/network/interfaces <<- zzzEOFzzz
#	auto lo
#	iface lo inet loopback
#	allow-hotplug eth0
#	auto eth0
#	iface eth0 inet dhcp
#	allow-hotplug eth1
#	auto eth1
#	iface eth1 inet dhcp
#	allow-hotplug eth2
#	auto eth2
#	iface eth2 inet dhcp
#zzzEOFzzz
cp /etc/hosts ${WORK}/etc/hosts
cp /etc/hostname ${WORK}/etc/hostname
#cat > ${WORK}/etc/hosts <<- zzzEOFzzz
#	127.0.0.1	localhost
#	127.0.1.1	${HOST}

#	# The following lines are desirable for IPv6 capable hosts.
#	::1     localhost ip6-localhost ip6-loopback ${HOST}
#	fe00::0 ip6-localnet
#	ff00::0 ip6-mcastprefix
#	ff02::1 ip6-allnodes
#	ff02::2 ip6-allrouters
#	ff02::3 ip6-allhosts
#zzzEOFzzz
# resolvconf changes this, desktop uses dnsmasq, server uses Google DNS, and we override it ourselves later anyway.
#cat > ${WORK}/etc/resolv.conf <<- zzzEOFzzz
#	nameserver ${NS}
#zzzEOFzzz
chroot ${WORK} etckeeper commit "Tweak network configs." | grep -v -e "^ create mode " -e "^ rename "

# Install networking (and btrfs) stuff needed only by desktop.
# Currently the server uses Google DNS directly, not dnsmasq.
if [ "${TYPE}" == "desktop" ]
then
  if [ -f /etc/dnsmasq.conf ]; then aptInstall dnsmasq; fi
  aptInstall ppp ndisc6 radvd mailfilter fetchmail btrfs-progs
  # wide-dhcpv6-client
  cp -r /etc/dnsmasq.d ${WORK}/etc
  cp /etc/dnsmasq.conf ${WORK}/etc
  cp -r /etc/ppp ${WORK}/etc
  chroot ${WORK} etckeeper commit "Tweak desktop network configs." | grep -v -e "^ create mode " -e "^ rename "
fi


# Install other stuff that every one needs.
aptInstall pciutils less man-db manpages mc sudo tmux arj bzip2 p7zip-full unace unar unrar-free sysv-rc-conf multitail logrotate logwatch \
  smartmontools rkhunter nmap unhide lm-sensors tofrodos mlocate imagemagick molly-guard file expect debootstrap pinfo parted \
  powermgmt-base checksecurity cruft-ng lsb-release wbritish monit gnupg2 gnupg-agent ssh-askpass whois fail2ban whiptail haveged hddtemp
# logcheck tripwire | integrit | aide | samhain | fcheck debsecan ?


# Install server stuff.
# Don't do drupal7, coz that's a few versions behind, so still have to deal with it manually.
# Plus, I'll want to upgrade to drupal8 sooner or later.
aptInstall certbot courier-imap rsync mariadb-server mariadb-client apache2 polipo prosody-modules vsftpd openvpn easy-rsa bitlbee \
   php7.0 php-pear php7.0-mysql php7.0-gd php7.0-mbstring php7.0-curl php7.0-bz2 libgd-tools php-apcu php-apcu-bc
chroot ${WORK} adduser --system --shell /usr/sbin/nologin --no-create-home ovpn
chroot ${WORK} groupadd ovpn
chroot ${WORK} usermod -g ovpn ovpn
#aptInstall phpmyadmin
#cp -r /etc/bitlbee ${WORK}/etc
#cp -r /var/lib/bitlbee ${WORK}/var/lib
#chroot ${WORK} etckeeper commit "Tweak server configs." | grep -v -e "^ create mode " -e "^ rename "


# Install developer stuff.
aptInstall luajit luarocks uuid-runtime g++ check bison flex colorgcc colormake ccache distcc gdb pkg-config re2c lemon valgrind m4 patch \
  cmake meson build-essential groff git-extras git-doc 
aptInstall mono-complete mono-mcs nunit autoconf autogen automake autopoint gettext libtool doxygen nasm gpsim gputils picprog


if [ "${TYPE}" == "desktop" ]
then
  # Add repos for the desktop.
  cat > ${WORK}/etc/apt/sources.list.d/deb-multimedia.list <<- zzzEOFzzz
	deb http://mirror.internode.on.net/pub/deb-multimedia/ stretch main non-free
	deb http://mirror.internode.on.net/pub/deb-multimedia/ stretch-backports main
zzzEOFzzz
  cat > ${WORK}/etc/apt/sources.list.d/google-chrome.list <<- zzzEOFzzz
	deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main
zzzEOFzzz
  cat > ${WORK}/etc/apt/sources.list.d/palemoon.list <<- zzzEOFzzz
	deb http://download.opensuse.org/repositories/home:/stevenpusser/Debian_9.0/ /
zzzEOFzzz
  cat > ${WORK}/etc/apt/sources.list.d/signal.list <<- zzzEOFzzz
	deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main
zzzEOFzzz
  chroot ${WORK} /bin/bash <<- zzzEOFzzz
    wget http://www.deb-multimedia.org/pool/main/d/deb-multimedia-keyring/deb-multimedia-keyring_2016.8.1_all.deb -O deb-multimedia-keyring.deb
    dpkg -i deb-multimedia-keyring.deb
    wget -nv -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -
    wget -nv -O - https://download.opensuse.org/repositories/home:stevenpusser/Debian_9.0/Release.key | apt-key add -
    wget -nv -O - https://updates.signal.org/desktop/apt/keys.asc | apt-key add -
    rm deb-multimedia-keyring.deb
    etckeeper commit "Adding external repos." | grep -v -e "^ create mode " -e "^ rename "
    apt-get update
    apt-get --yes dist-upgrade | grep -v -e "^Selecting previously unselected package " -e "^Preparing to unpack " -e "^ create mode " -e "^ rename "
zzzEOFzzz


  # Install basic X stuff.
  aptInstall xinit x11-xserver-utils xserver-xorg libgl1-nvidia-glx nvidia-driver fonts-liberation xfonts-100dpi xfonts-75dpi xfonts-base xfonts-scalable xscreensaver
  # Note - the wacom driver should be installed below, rather than above, otherwise I think that's what's stopping all input.
  aptInstall lxdm lxde lxlauncher lxtask lxlock openbox obconf gtk2-engines-xfce menu xdg-utils menu-xdg desktop-base desktop-file-utils \
    termit synaptic qgit git-cola suckless-tools stterm surf surf2 awesome awesome-extra lxqt qt4-qtconfig xserver-xorg-input-wacom
  # Have LXDM show the keyboard selector, not show the list of users, and not show that huge Login: image.
  sed -i -e 's/keyboard=0/keyboard=1/' -e 's/disable=0/disable=1/' \
         -e 's\bg=/usr/share/images/desktop-base/login-background.svg\bg=/usr/share/images/desktop-base/your-way_darkpurpy-wide-large.svg\' ${WORK}/etc/lxdm/lxdm.conf
  cp -r fileSystem/usr/share/lxdm/themes/Industrial/login.png ${WORK}/usr/share/lxdm/themes/Industrial
  chroot ${WORK} etckeeper commit "Adjust lxdm config." | grep -v -e "^ create mode " -e "^ rename "


  # Install other desktop stuff.
  # NOTE - this drags in whiptail, or would if we didn't install it ourselves above.
  aptInstall gparted qasmixer pulseaudio pavucontrol paman paprefs pavumeter gnome-colors geeqie smplayer smplayer-themes hexchat hexchat-plugins hexchat-otr hexchat-lua \
    geany geany-plugin-addons geany-plugin-lua geany-plugin-markdown geany-plugin-scope geany-plugin-spellcheck
  aptInstall claws-mail claws-mail-plugins claws-mail-extra-plugins claws-mail-themes claws-mail-tools clawsker keepassx keepass2 qalculate-gtk conky-all
  aptInstall gimp gimp-cbmplugs gimp-data-extras gimp-dds gimp-gap gimp-gluas gimp-gmic gimp-help-common gimp-help-en gimp-lensfun gimp-plugin-registry gimp-texturize gimp-ufraw \
    create-resources blender meld graphicsmagick makehuman dia dia-shapes inkscape muse musescore firefox-esr chromium dillo netsurf links2 ddd wireshark etherape spacenavd \
    dasher cheese libreoffice linphone tortoisehg evince galternatives
  aptInstall libvirt0 libvirt-deamon-system virt-manager virt-viewer virtinst qemu-utils qemu-kvm qemu-system-arm qemu-system-x86 qemu-system-misc qemu-efi fslint
  # These all get updated from deb-multimedia, so don't install them before that's enabled.
  aptInstall gstreamer1.0-plugins-good gstreamer1.0-plugins-bad gstreamer1.0-plugins-ugly vlc ffmpeg cinelerra
  aptInstall google-chrome-stable palemoon signal-desktop
fi

# monitoring shit  docs
# awstats collectd collectd-utils libmariadbclient18 libatasmart4
# icinga icinga-doc fping nagios-images monitoring-plugins libjson-perl libdata-validate-domain-perl libdata-validate-ip-perl libmonitoring-plugin-perl
# Some hacking of the external plugins is needed.  mailq, rbl.
# Manually install CGraphz, coz it's not in the repo.


# Make apt nicer.
aptInstall apt-listbugs apt-listchanges apt-transport-https apt-show-versions apt-file apt-forktracer
chroot ${WORK} apt-file update


cp -r fileSystem/* ${WORK}
#cp -r /etc/rsyslog.d ${WORK}/etc
#cp -r /etc/sysctl.d ${WORK}/etc
#cp /etc/sysctl.conf ${WORK}/etc
#chroot ${WORK} chown -R ${USER}:${USER} /home/${USER}
#cp /usr/share/sounds/* ${WORK}/usr/share/sounds
#chroot ${WORK} etckeeper commit "Tweak the rest of the configs and file system." | grep -v -e "^ create mode " -e "^ rename "


#chroot ${WORK} sensors-detect
#chroot ${WORK} etckeeper commit "Detected sensors" | grep -v -e "^ create mode " -e "^ rename "


# Clean up.

chroot ${WORK} /bin/bash <<- zzzEOFzzz
  sysv-rc-conf apache2 off
  sysv-rc-conf avahi-daemon off
  sysv-rc-conf bitlbee off
  sysv-rc-conf courier off
  sysv-rc-conf courier-authdaemon off
  sysv-rc-conf courier-imap off
  sysv-rc-conf courier-imap-ssl off
  sysv-rc-conf courier-msa off
  sysv-rc-conf courier-mta off
  sysv-rc-conf courier-mta-ssl off
  sysv-rc-conf courierfilter off
  sysv-rc-conf distcc off
  sysv-rc-conf fail2ban off
  sysv-rc-conf fetchmail off
  sysv-rc-conf monit off
  sysv-rc-conf mysql off
  sysv-rc-conf openvpn off
  sysv-rc-conf polipo off
  sysv-rc-conf prosody off
  sysv-rc-conf radvd off
  sysv-rc-conf rsync off
  sysv-rc-conf spamassassin off
  sysv-rc-conf vsftpd off
  etckeeper commit "Turn off services." | grep -v -e "^ create mode " -e "^ rename "
zzzEOFzzz

chroot ${WORK} apt-get --yes autoremove
chroot ${WORK} etckeeper commit "Cleaning out autoremoves." | grep -v -e "^ create mode " -e "^ rename "
umount ${WORK}/dev/pts
umount ${WORK}/proc
umount ${WORK}/sys
umount ${WORK}/var/cache/apt/archives

#update-grub