blob: 16c549596fad1f70b0c7726e94f662dfa82997d6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
# shellcheck disable=SC2148
post_install() {
post_upgrade
}
post_upgrade() {
echo "==> Ensuring KVMD users and groups ..."
systemd-sysusers /usr/lib/sysusers.d/kvmd.conf
# https://github.com/systemd/systemd/issues/13522
# shellcheck disable=SC2013
for user in $(grep '^u ' /usr/lib/sysusers.d/kvmd.conf | awk '{print $2}'); do
usermod --expiredate= "$user" >/dev/null
done
chown kvmd:kvmd /etc/kvmd/htpasswd || true
chown kvmd-ipmi:kvmd-ipmi /etc/kvmd/ipmipasswd || true
chown kvmd-vnc:kvmd-vnc /etc/kvmd/vncpasswd || true
chmod 600 /etc/kvmd/*passwd || true
for target in nginx redirect-to-https ssl listen-http listen-https; do
chmod 644 "/etc/kvmd/nginx/$target.conf" || true
done
chown kvmd /var/lib/kvmd/msd 2>/dev/null || true
chown kvmd-pst /var/lib/kvmd/pst 2>/dev/null || true
if [ ! -e /etc/kvmd/nginx/ssl/server.crt ]; then
echo "==> Generating KVMD-Nginx certificate ..."
kvmd-gencert --do-the-thing
fi
if [ ! -e /etc/kvmd/vnc/ssl/server.crt ]; then
echo "==> Generating KVMD-VNC certificate ..."
kvmd-gencert --do-the-thing --vnc
fi
for target in nginx vnc; do
chown root:root /etc/kvmd/$target/ssl || true
owner="root:kvmd-$target"
path="/etc/kvmd/$target/ssl/server.key"
if [ ! -L "$path" ]; then
chown "$owner" "$path" || true
chmod 440 "$path" || true
fi
path="/etc/kvmd/$target/ssl/server.crt"
if [ ! -L "$path" ]; then
chown "$owner" "$path" || true
chmod 444 "$path" || true
fi
done
echo "==> Patching configs ..."
[ ! -f /etc/pacman.conf ] || sed -i -e "s|^Server = https://pikvm.org/repos/|Server = https://files.pikvm.org/repos/arch/|g" /etc/pacman.conf
[ ! -f /boot/config.txt ] || sed -i -e 's/^dtoverlay=pi3-disable-bt$/dtoverlay=disable-bt/g' /boot/config.txt
[ ! -f /boot/config.txt ] || sed -i -e 's/^dtoverlay=dwc2$/dtoverlay=dwc2,dr_mode=peripheral/g' /boot/config.txt
[ ! -f /etc/conf.d/rngd ] || (echo 'RNGD_OPTS="-o /dev/random -r /dev/hwrng -x jitter -x pkcs11 -x rtlsdr"' > /etc/conf.d/rngd)
[ ! -f /etc/pam.d/system-login ] || sed -i -e '/\<pam_systemd\.so\>/ s/^#*/#/' /etc/pam.d/system-login
[ ! -f /etc/pam.d/system-auth ] || sed -i -e '/\<pam_systemd_home\.so\>/ s/^#*/#/' /etc/pam.d/system-auth
[ ! -e /etc/systemd/network/99-default.link ] || ln -s /dev/null /etc/systemd/network/99-default.link
# Some update deletes /etc/motd, WTF
# shellcheck disable=SC2015,SC2166
[ ! -f /etc/motd -a -f /etc/motd.pacsave ] && mv /etc/motd.pacsave /etc/motd || true
}
|