update etersoft new scripts

75a0cbbe · Vitaly Lipatov · 829d4d65 · 75a0cbbe · 75a0cbbe
Commit 75a0cbbe authored Feb 12, 2021 by Vitaly Lipatov
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 8 deletions

tune_new_system.sh etersoft/tune_new_system.sh +21 -7

tune_new_user_su.sh etersoft/tune_new_user_su.sh +1 -1

No files found.
--- a/etersoft/tune_new_system.sh
+++ b/etersoft/tune_new_system.sh
-#!/bin/sh
+#!/bin/sh -x
+fatal()
+{
+    echo "FATAL: $*" >&2
+    exit 1
+}
 # Скрипт для настройки новых машин по нашим правилам
+# TODO: исключение для ARM
 #if grep -q ftp.altlinux.org /etc/apt/sources.list.d/alt.list ; then
 if [ ! -r /etc/apt/sources.list.d/etersoft.list ] ; then
    cat /etc/apt/sources.list.d/alt.list | sed -e "s|http://ftp.altlinux.org/pub/distributions|http://download.etersoft.ru/pub|" > /etc/apt/sources.list.d/etersoft.list
@@ -10,10 +17,10 @@ fi
 echo -n "Checking for epm ... "
 if which epm ; then
-    epm update
+    epm update || fatal
 else
    apt-get update
-    apt-get install eepm || exit
+    apt-get install eepm || fatal
    echo OK
 fi
@@ -35,7 +42,7 @@ fi
 # TODO: нужен или нет для cups?
 #epm -q avahi-daemon >/dev/null && epm remove avahi-daemon
-control sudo public
+control sudo wheelonly
 if ! grep "/home" /etc/fstab | grep -q nfs ; then
    cat <<EOF >>/etc/fstab
@@ -47,10 +54,11 @@ fi
 if ! epm rl | grep -q "LINUX@Etersoft" ; then
    epm ar etersoft
-    epm update
+    # TODO: improve for ARM
+    epm update || fatal
 fi
-epmi libnss-role etersoft-ca-root
+epmi libnss-role etersoft-ca-root || fatal
 # etersoft-desktop-essential-office
 #/srv/lav/Projects/git-eter/etersoft-admin-essential/dc-client/tune_sssd.sh lavadmin
@@ -66,6 +74,7 @@ subst "s|# WHEEL_USERS ALL=(ALL) NOPASSWD: ALL|WHEEL_USERS ALL=(ALL) NOPASSWD: A
 getent passwd user && userdel user
+# Подключение по ssh по Kerberos
 # server side
 subst "s|^#GSSAPIAuthentication no|GSSAPIAuthentication yes|" /etc/openssh/sshd_config
 subst "s|^#GSSAPICleanupCredentials yes|GSSAPICleanupCredentials yes|" /etc/openssh/sshd_config
@@ -90,6 +99,11 @@ serv chronyd on
 # add start range for the local users
 useradd uidrange -u 2000 -U -M
-# TODO: выключение NetworkManager для интерфейса
+epmi systemd-settings-disable-dumpcore systemd-settings-enable-log-to-tty12 systemd-settings-enable-showstatus || fatal
+serv cups on
+serv cups-browsed on
+# TODO: выключение NetworkManager для сетевого интерфейса
 # DISABLED=yes
 # NM_=no
--- a/etersoft/tune_new_user_su.sh
+++ b/etersoft/tune_new_user_su.sh
@@ -3,7 +3,7 @@
 NU="$1"
 [ -n "$NU" ] || exit
-if [ ! -L "/home/$NU/Projects" ] ; then
+if [ ! -d "/srv/$NU/Projects" ] ; then
    mkdir -p /srv/$NU/Projects || exit
    ln -s /srv/$NU/ /home/$NU/Projects