|
|
@@ -1,9 +1,128 @@
|
|
|
-# systemd-first-boot-script
|
|
|
+# Introduction
|
|
|
+
|
|
|
+`systemd-first-boot-script` is a set of scripts to configure GNU+Linux systems at first boot.
|
|
|
+
|
|
|
+## Purpose
|
|
|
+
|
|
|
+Setting up pre-configured virtual machines or GNU+Linux system is easy. Sharing them to other people involves sharing credentials, which is not a good thing from security point of view.
|
|
|
+
|
|
|
+This set of scripts allows running several configuration programs in order to:
|
|
|
+
|
|
|
+- reset SSH server keys
|
|
|
+- change root password
|
|
|
+- change main user password (which is supposed to be in sudoers group)
|
|
|
+- create a new user within sudoers group
|
|
|
+- change machine name
|
|
|
+- display connection information (or anything else)
|
|
|
+
|
|
|
+A skeleton is provided to create one's own scripts.
|
|
|
+
|
|
|
+## Deployment
|
|
|
+
|
|
|
+The target machine should have a working `ssh` server.
|
|
|
+
|
|
|
+The preparation of script is done on another machine (local machine e.g.) from which the script can be sent using a synchronization script.
|
|
|
+
|
|
|
+Actually, this prevent from installing `git` on the target machine (which is not wanted for some systems).
|
|
|
+
|
|
|
+# Installation and configuration
|
|
|
+
|
|
|
+Clone this directory on your local machine.
|
|
|
+
|
|
|
+## Configuration
|
|
|
+
|
|
|
+Copy `sync.data.example` to `sync.data` :
|
|
|
+
|
|
|
+```bash
|
|
|
+cp sync.data.example sync.data
|
|
|
+```
|
|
|
+
|
|
|
+Edit `sync.data` with credential for target machine (using `ssh` keys is recommended but not mandatory).
|
|
|
+
|
|
|
+## Deployment
|
|
|
+
|
|
|
+### Remote copy
|
|
|
+
|
|
|
+Run synchronization script from local machine:
|
|
|
+
|
|
|
+```bash
|
|
|
+./dosync.sh
|
|
|
+```
|
|
|
+
|
|
|
+All files should be copied on the target machine
|
|
|
+
|
|
|
+### On target machine
|
|
|
+
|
|
|
+Everything here should be run as super-user (or with `sudo`).
|
|
|
+
|
|
|
+From the synced directory, run the deployment script:
|
|
|
+
|
|
|
+```bash
|
|
|
+cd install-systemd-first-boot-script # or the name you chose in sync.data
|
|
|
+./deploy
|
|
|
+```
|
|
|
+
|
|
|
+All files are copied to `/etc/first-boot/`
|
|
|
+
|
|
|
+Select the files to be executed in `/etc/first-boot/scripts` (here is selected a subset of available scripts) :
|
|
|
+
|
|
|
+```bash
|
|
|
+cd /etc/first-boot/scripts
|
|
|
+chmod -x *
|
|
|
+chmod +x 01-renew-ssh-keys 02-password 03-user-password 50-hostname
|
|
|
+```
|
|
|
+
|
|
|
+Check the permissions are correct (only scripts with execution permission will be run):
|
|
|
+
|
|
|
+```bash
|
|
|
+ls -l /etc/first-boot/scripts
|
|
|
+-rwxr-xr-x@ 1 root root 625 10 oct 10:59 01-renew-ssh-keys
|
|
|
+-rwxr-xr-x@ 1 root root 581 10 oct 10:59 02-password
|
|
|
+-rwxr-xr-x@ 1 root root 662 10 oct 11:01 03-user-password
|
|
|
+-rw-r--r--@ 1 root root 1114 10 oct 11:08 04-create-default-user
|
|
|
+-rwxr-xr-x 1 root root 660 10 oct 11:09 50-hostname
|
|
|
+-rw-r--r--@ 1 root root 732 11 oct 15:42 90-display-ip
|
|
|
+-rw-r--r--@ 1 root root 755 10 oct 10:59 skeleton
|
|
|
+```
|
|
|
+
|
|
|
+Now the machine is ready to be rebooted.
|
|
|
+
|
|
|
+### Test
|
|
|
+
|
|
|
+You can test by rebooting the machine.
|
|
|
+
|
|
|
+You will have to answer to all question (it is not possible to kill process). So use passwords you know.
|
|
|
+
|
|
|
+Once is is OK for you, re-run the deployment script (this will reset the flag that indicates the script was already run):
|
|
|
+
|
|
|
+```bash
|
|
|
+cd install-systemd-first-boot-script # or the name you chose in sync.data
|
|
|
+./deploy
|
|
|
+```
|
|
|
+
|
|
|
+And check once again the permissions in `/etc/first-boot/scripts` (just to be sure, even they should not have been changed)
|
|
|
+
|
|
|
+You can now delete the installation directory (which could be recreated using the `dosync.sh` script from your local machine :
|
|
|
+
|
|
|
+```bash
|
|
|
+cd ..
|
|
|
+rm -r install-systemd-first-boot-script
|
|
|
+```
|
|
|
+
|
|
|
+## Use it
|
|
|
+
|
|
|
+### Strong passwords
|
|
|
+
|
|
|
+Don't forget to use strong passwords on your systems
|
|
|
+
|
|
|
+### Share your work
|
|
|
+
|
|
|
+Once ready, shutdown the system and provide it to the person who will use it: this person will have to set its own passwords at first boot.
|
|
|
|
|
|
-A skeleton for GNU+Linux system first boot configuration
|
|
|
|
|
|
# References
|
|
|
|
|
|
+- [How to start a script on tty instead of asking for login in systemd? - Unix & Linux Stack Exchange](https://unix.stackexchange.com/questions/265014/how-to-start-a-script-on-tty-instead-of-asking-for-login-in-systemd)
|
|
|
- [ubuntu - Run script on first boot - Server Fault](https://serverfault.com/a/853403/139286)
|
|
|
- [How To Use Systemctl to Manage Systemd Services and Units | DigitalOcean](https://www.digitalocean.com/community/tutorials/how-to-use-systemctl-to-manage-systemd-services-and-units)
|
|
|
- [How to Create and Run New Service Units in Systemd Using Shell Script](https://www.tecmint.com/create-new-service-units-in-systemd/)
|
Laurent HUBERT