From 351d4c0574f68d6b507207ca65b76bd327421652 Mon Sep 17 00:00:00 2001 From: mitchell Date: Mon, 31 Jan 2022 15:03:55 -0500 Subject: [PATCH] Add fwl, fix pkm & vm_inst, update debian_preseed & provision_linux --- .config/fish/functions/fwl.fish | 54 ++++++++++++ .config/fish/functions/pkm.fish | 2 + .config/fish/functions/vm_inst.fish | 41 ++++----- debian_preseed.cfg | 126 ++++++++++++++++------------ provision_linux | 15 ++-- 5 files changed, 152 insertions(+), 86 deletions(-) create mode 100644 .config/fish/functions/fwl.fish diff --git a/.config/fish/functions/fwl.fish b/.config/fish/functions/fwl.fish new file mode 100644 index 0000000..02326d0 --- /dev/null +++ b/.config/fish/functions/fwl.fish @@ -0,0 +1,54 @@ +function fwl -d 'Function to simplify interacting with firewalld' + argparse --ignore-unknown \ + p/permanent \ + r/reset \ + 'z/zone=' \ + 'o/policy=' \ + 's/service=' \ + -- $argv + + if set -q _flag_reset + echo 'Resetting fwl ...' + _fwl_reset + return + end + + if set -q _flag_permanent + if set -q _fwl_perm + set -ge _fwl_perm + else + set -g _fwl_perm --permanent + end + end + + if set -q _flag_zone + set -g _fwl_mode "--zone=$_flag_z" + else if set -q _flag_policy + set -g _fwl_mode "--policy=$_flag_o" + else if set -q _flag_service + set -g _fwl_mode "--service=$_flag_s" + end + + echo fwl_mode={$_fwl_perm} $_fwl_mode + + test -z "$argv"; and return + + switch $argv + case i info + set argv --list-all + case a all + set argv --list-all-zones + case on all-on + set argv --get-active-zones + case s services + set argv --get-services + end + + sudo firewall-cmd {$_fwl_perm} {$_fwl_mode} $argv +end + +function _fwl_reset -d 'Reset fwl global variables' + set -ge _fwl_mode + set -ge _fwl_perm + return 0 +end diff --git a/.config/fish/functions/pkm.fish b/.config/fish/functions/pkm.fish index 27f8b1b..3afa315 100644 --- a/.config/fish/functions/pkm.fish +++ b/.config/fish/functions/pkm.fish @@ -26,6 +26,7 @@ end function _pacman_commander -a pkm command set -l args $argv[3..] + set pkm (string split ' ' $pkm) switch $command case i install @@ -48,6 +49,7 @@ end function _apt_commander -a pkm command set -l args $argv[3..] + set pkm (string split ' ' $pkm) switch $command case i install diff --git a/.config/fish/functions/vm_inst.fish b/.config/fish/functions/vm_inst.fish index ff6133f..d18db73 100644 --- a/.config/fish/functions/vm_inst.fish +++ b/.config/fish/functions/vm_inst.fish @@ -1,35 +1,24 @@ function vm_inst -a name os_variant install_source argparse \ + --ignore-unknown \ 'm/memory=' \ 'c/cpus=' \ 'd/disk-size=' \ - 'b/bridge=' \ - s/backing_store \ + 'b/bridge=?' \ + s/backing-store \ i/import \ n/netboot \ - --ignore-unknown \ -- $argv + or return - set -l memory 4096 + set -l memory 2048 set -l vcpus 2 - set -l disk_size 40 + set -l disk_size 10 set -l bridge_iface br0 - - if test -n "$_flag_m" - set memory $_flag_m - end - - if test -n "$_flag_c" - set vcpus $_flag_c - end - - if test -n "$_flag_d" - set disk_size $_flag_d - end - - if test -n "$_flag_b" - set bridge_iface $_flag_b - end + set -q "$_flag_memory"; and set memory $_flag_m + set -q "$_flag_cpus"; and set vcpus $_flag_c + set -q "$_flag_disk_size"; and set disk_size $_flag_d + set -q "$_flag_bridge"; and not math $_flag_b &>/dev/null; or set bridge_iface $_flag_b set -l inst_args \ --name $name \ @@ -37,20 +26,20 @@ function vm_inst -a name os_variant install_source --vcpus $vcpus \ --os-variant $os_variant - if test -n "$_flag_b" + if set -q "$_flag_bridge" set inst_args $inst_args \ --network bridge=$bridge_iface end - if test -n "$_flag_i" + if test -n "$_flag_import" set inst_args $inst_args \ --disk $install_source \ --import - else if test -n "$_flag_s" + else if test -n "$_flag_backing_store" set inst_args $inst_args \ --disk size=$disk_size,sparse=yes,backing_store=$install_source \ --import - else if test -n "$_flag_n" + else if test -n "$_flag_netboot" set inst_args $inst_args \ --disk size=$disk_size,sparse=yes \ --pxe @@ -60,5 +49,5 @@ function vm_inst -a name os_variant install_source --cdrom $install_source end - virt-install $inst_args $argv + virt-install $inst_args $argv[4..-1] end diff --git a/debian_preseed.cfg b/debian_preseed.cfg index 1543b1f..7129f74 100644 --- a/debian_preseed.cfg +++ b/debian_preseed.cfg @@ -1,7 +1,8 @@ -#### Contents of the preconfiguration file (for buster) +#_preseed_V1 +#### Contents of the preconfiguration file (for bullseye) ### Localization # Preseeding only locale sets language, country and locale. -d-i debian-installer/locale string en_US.UTF-8 +d-i debian-installer/locale string en_US # The values can also be preseeded individually for greater flexibility. #d-i debian-installer/language string en @@ -65,13 +66,13 @@ d-i netcfg/choose_interface select auto # Any hostname and domain names assigned from dhcp take precedence over # values set here. However, setting the values still prevents the questions # from being shown, even if values come from dhcp. -d-i netcfg/get_hostname string m-debi -d-i netcfg/get_domain string local +d-i netcfg/get_hostname string debim +d-i netcfg/get_domain string lan # If you want to force a hostname, regardless of what either the DHCP # server returns or what the reverse DNS entry for the IP is, uncomment # and adjust the following line. -#d-i netcfg/hostname string somehost +d-i netcfg/hostname string debim # Disable that annoying WEP key dialog. d-i netcfg/wireless_wep string @@ -96,7 +97,7 @@ d-i netcfg/wireless_wep string # If you select ftp, the mirror/country string does not need to be set. #d-i mirror/protocol string ftp d-i mirror/country string manual -d-i mirror/http/hostname string ftp.us.debian.org +d-i mirror/http/hostname string debian.csail.mit.edu d-i mirror/http/directory string /debian d-i mirror/http/proxy string @@ -119,11 +120,11 @@ d-i passwd/root-login boolean false #d-i passwd/root-password-crypted password [crypt(3) hash] # To create a normal user account. -#d-i passwd/user-fullname string Debian User -#d-i passwd/username string debian +d-i passwd/user-fullname string m +d-i passwd/username string m # Normal user's password, either in clear text -#d-i passwd/user-password password insecure -#d-i passwd/user-password-again password insecure +d-i passwd/user-password password debim +d-i passwd/user-password-again password debim # or encrypted using a crypt(3) hash. #d-i passwd/user-password-crypted password [crypt(3) hash] # Create the first user with the specified UID instead of the default. @@ -139,7 +140,7 @@ d-i clock-setup/utc boolean true # You may set this to any valid setting for $TZ; see the contents of # /usr/share/zoneinfo/ for valid values. -d-i time/zone string US/Eastern +d-i time/zone string UTC # Controls whether to use NTP to set the clock during the install d-i clock-setup/ntp boolean true @@ -163,12 +164,12 @@ d-i clock-setup/ntp boolean true # - regular: use the usual partition types for your architecture # - lvm: use LVM to partition the disk # - crypto: use LVM within an encrypted partition -#d-i partman-auto/method string lvm +d-i partman-auto/method string regular # You can define the amount of space that will be used for the LVM volume # group. It can either be a size with its unit (eg. 20 GB), a percentage of # free space or the 'max' keyword. -#d-i partman-auto-lvm/guided_size string max +d-i partman-auto-lvm/guided_size string max # If one of the disks that are going to be automatically partitioned # contains an old LVM configuration, the user will normally receive a @@ -177,14 +178,14 @@ d-i clock-setup/ntp boolean true # The same applies to pre-existing software RAID array: #d-i partman-md/device_remove_md boolean true # And the same goes for the confirmation to write the lvm partitions. -#d-i partman-lvm/confirm boolean true -#d-i partman-lvm/confirm_nooverwrite boolean true +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true # You can choose one of the three predefined partitioning recipes: # - atomic: all files in one partition # - home: separate /home partition # - multi: separate /home, /var, and /tmp partitions -#d-i partman-auto/choose_recipe select atomic +d-i partman-auto/choose_recipe select atomic # Or provide a recipe of your own... # If you have a way to get a recipe file into the d-i environment, you can @@ -217,12 +218,32 @@ d-i clock-setup/ntp boolean true # system labels, volume group names and which physical devices to include # in a volume group. +## Partitioning for EFI +# If your system needs an EFI partition you could add something like +# this to the recipe above, as the first element in the recipe: +# 538 538 1075 free \ +# $iflabel{ gpt } \ +# $reusemethod{ } \ +# method{ efi } \ +# format{ } \ +# . \ +# +# The fragment above is for the amd64 architecture; the details may be +# different on other architectures. The 'partman-auto' package in the +# D-I source repository may have an example you can follow. + # This makes partman automatically partition without confirmation, provided # that you told it what to do using one of the methods above. -#d-i partman-partitioning/confirm_write_new_label boolean true -#d-i partman/choose_partition select finish -#d-i partman/confirm boolean true -#d-i partman/confirm_nooverwrite boolean true +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + +# Force UEFI booting ('BIOS compatibility' will be lost). Default: false. +#d-i partman-efi/non_efi_system boolean true +# Ensure the partition table is GPT - this is required for EFI +#d-i partman-partitioning/choose_label string gpt +#d-i partman-partitioning/default_label string gpt # When disk encryption is enabled, skip wiping the partitions beforehand. #d-i partman-auto-crypto/erase_disks boolean false @@ -271,11 +292,11 @@ d-i clock-setup/ntp boolean true # repository. # This makes partman automatically partition without confirmation. -#d-i partman-md/confirm boolean true -#d-i partman-partitioning/confirm_write_new_label boolean true -#d-i partman/choose_partition select finish -#d-i partman/confirm boolean true -#d-i partman/confirm_nooverwrite boolean true +d-i partman-md/confirm boolean true +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true ## Controlling how partitions are mounted # The default is to mount by UUID, but you can also choose "traditional" to @@ -291,18 +312,18 @@ d-i clock-setup/ntp boolean true # The kernel image (meta) package to be installed; "none" can be used if no # kernel is to be installed. -#d-i base-installer/kernel/image string linux-image-686 +d-i base-installer/kernel/image string linux-image-cloud-amd64 ### Apt setup # You can choose to install non-free and contrib software. -#d-i apt-setup/non-free boolean true -#d-i apt-setup/contrib boolean true +d-i apt-setup/non-free boolean true +d-i apt-setup/contrib boolean true # Uncomment this if you don't want to use a network mirror. #d-i apt-setup/use_mirror boolean false # Select which update services to use; define the mirrors to be used. # Values shown below are the normal defaults. -#d-i apt-setup/services-select multiselect security, updates -#d-i apt-setup/security_host string security.debian.org +d-i apt-setup/services-select multiselect security, updates +d-i apt-setup/security_host string security.debian.org # Additional repositories, local[0-9] available #d-i apt-setup/local0/repository string \ @@ -312,8 +333,12 @@ d-i clock-setup/ntp boolean true #d-i apt-setup/local0/source boolean true # URL to the public key of the local repository; you must provide a key or # apt will complain about the unauthenticated repository and so the -# sources.list line will be left commented out +# sources.list line will be left commented out. #d-i apt-setup/local0/key string http://local.server/key +# If the provided key file ends in ".asc" the key file needs to be an +# ASCII-armoured PGP key, if it ends in ".gpg" it needs to use the +# "GPG key public keyring" format, the "keybox database" format is +# currently not supported. # By default the installer requires that repositories be authenticated # using a known gpg key. This setting can be used to disable that @@ -328,7 +353,7 @@ d-i clock-setup/ntp boolean true tasksel tasksel/first multiselect standard, ssh-server # Individual additional packages to install -#d-i pkgsel/include string openssh-server build-essential +d-i pkgsel/include string git fish curl neovim kitty-terminfo firewalld qemu-guest-agent # Whether to upgrade packages after debootstrap. # Allowed values: none, safe-upgrade, full-upgrade #d-i pkgsel/upgrade select none @@ -336,34 +361,29 @@ tasksel tasksel/first multiselect standard, ssh-server # Some versions of the installer can report back on what software you have # installed, and what software you use. The default is not to report back, # but sending reports helps the project determine what software is most -# popular and include it on CDs. +# popular and should be included on the first CD/DVD. #popularity-contest popularity-contest/participate boolean false ### Boot loader installation -# Grub is the default boot loader (for x86). If you want lilo installed -# instead, uncomment this: -#d-i grub-installer/skip boolean true -# To also skip installing lilo, and install no bootloader, uncomment this -# too: -#d-i lilo-installer/skip boolean true +# Grub is the boot loader (for x86). - -# This is fairly safe to set, it makes grub install automatically to the MBR -# if no other operating system is detected on the machine. +# This is fairly safe to set, it makes grub install automatically to the UEFI +# partition/boot record if no other operating system is detected on the machine. d-i grub-installer/only_debian boolean true -# This one makes grub-installer install to the MBR if it also finds some other -# OS, which is less safe as it might not be able to boot that other OS. -d-i grub-installer/with_other_os boolean false +# This one makes grub-installer install to the UEFI partition/boot record, if +# it also finds some other OS, which is less safe as it might not be able to +# boot that other OS. +#d-i grub-installer/with_other_os boolean true -# Due notably to potential USB sticks, the location of the MBR can not be -# determined safely in general, so this needs to be specified: -#d-i grub-installer/bootdev string /dev/sda -# To install to the first device (assuming it is not a USB stick): +# Due notably to potential USB sticks, the location of the primary drive can +# not be determined safely in general, so this needs to be specified: +d-i grub-installer/bootdev string /dev/vda +# To install to the primary device (assuming it is not a USB stick): #d-i grub-installer/bootdev string default -# Alternatively, if you want to install to a location other than the mbr, -# uncomment and edit these lines: +# Alternatively, if you want to install to a location other than the UEFI +# parition/boot record, uncomment and edit these lines: #d-i grub-installer/only_debian boolean false #d-i grub-installer/with_other_os boolean false #d-i grub-installer/bootdev string (hd0,1) @@ -396,9 +416,9 @@ d-i finish-install/reboot_in_progress note # This is how to make the installer shutdown when finished, but not # reboot into the installed system. -#d-i debian-installer/exit/halt boolean true +d-i debian-installer/exit/halt boolean true # This will power off the machine instead of just halting it. -#d-i debian-installer/exit/poweroff boolean true +d-i debian-installer/exit/poweroff boolean true ### Preseeding other packages # Depending on what software you choose to install, or if things go wrong diff --git a/provision_linux b/provision_linux index 76a8a4e..91bb805 100755 --- a/provision_linux +++ b/provision_linux @@ -228,13 +228,14 @@ function install_libvirt set -l base_pkgs \ virt-manager \ virt-install \ - virt-viewer + virt-viewer \ + dnsmasq \ + dmidecode set -l arch_pkgs \ $base_pkgs \ libvirt \ qemu \ - dnsmasq \ ebtables set -l debian_pkgs \ @@ -259,18 +260,18 @@ end function install_pkgs -S switch $distro case arch - set -l cmd pacman + set -l cmd sudo pacman if command -q pikaur set cmd pikaur end - sudo $cmd --sync --refresh --sysupgrade --noconfirm - sudo $cmd --sync --noconfirm $arch_pkgs $argv + $cmd --sync --refresh --sysupgrade --noconfirm + and $cmd --sync --noconfirm $arch_pkgs $argv case debian sudo apt-get --quiet --yes update - sudo apt-get --quiet --yes upgrade - sudo apt-get --quiet --yes install $debian_pkgs $argv + and sudo apt-get --quiet --yes upgrade + and sudo apt-get --quiet --yes install $debian_pkgs $argv end end