tune_new_system.sh: more safe

etersoft/tune_new_system.sh

 #!/bin/sh
 
+# Скрипт для настройки новых машин по нашим правилам
+
 #if grep -q ftp.altlinux.org /etc/apt/sources.list.d/alt.list ; then
 if [ ! -r /etc/apt/sources.list.d/etersoft.list ] ; then
     cat /etc/apt/sources.list.d/alt.list | sed -e "s|http://ftp.altlinux.org/pub/distributions|http://download.etersoft.ru/pub|" > /etc/apt/sources.list.d/etersoft.list
@@ -27,7 +29,9 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpX0yMvZS1r4mfEaeN4rjMlPPbtV3vdsLvV++wcajyx
 EOF
 fi
 
-epm -q avahi-daemon >/dev/null && epm remove avahi-daemon
+# TODO: нужен или нет для cups?
+#epm -q avahi-daemon >/dev/null && epm remove avahi-daemon
+
 control sudo public
 
 if ! grep "/home" /etc/fstab | grep -q nfs ; then
@@ -55,19 +59,24 @@ fi
 # TODO
 subst "s|# WHEEL_USERS ALL=(ALL) NOPASSWD: ALL|WHEEL_USERS ALL=(ALL) NOPASSWD: ALL|" /etc/sudoers
 
-userdel user
+getent passwd user && userdel user
 
+# server side
 subst "s|^#GSSAPIAuthentication no|GSSAPIAuthentication yes|" /etc/openssh/sshd_config
 subst "s|^#GSSAPICleanupCredentials yes|GSSAPICleanupCredentials yes|" /etc/openssh/sshd_config
 
-# TODO: тонкости. seat?
-serv lightdm off
-serv dm on
+# client side
+subst "s|#   GSSAPIAuthentication yes|    GSSAPIAuthentication yes|" /etc/openssh/ssh_config
+subst "s|#   GSSAPIDelegateCredentials yes|    GSSAPIDelegateCredentials yes|" /etc/openssh/ssh_config
+
+# TODO: тонкости. seat? (eterbug #12145)
+#serv lightdm off
+#serv dm on
 
 # https://bugs.etersoft.ru/show_bug.cgi?id=12207
 epmi chrony
-serv chronyd on
 subst "s|^\(pool pool.ntp.*\)|server ntp.etersoft.ru iburst\n#\1|" /etc/chrony.conf
+serv chronyd on
 
 # TODO: выключение NetworkManager для интерфейса
 # DISABLED=yes