Adding my FAI config space into git repo

class/DEBIAN.var

@@ -0,0 +1,13 @@
+release=buster
+apt_cdn=http://deb.debian.org
+security_cdn=http://security.debian.org
+
+CONSOLEFONT=
+KEYMAP=us-latin1
+
+# if you have enough RAM (>2GB) you may want to enable this line. It
+# also puts /var/cache into a ramdisk.
+#FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache"
+
+# if you want to use the faiserver as APT proxy
+#APTPROXY=http://faiserver:3142

debconf/DEBIAN

@@ -0,0 +1,8 @@
+locales locales/default_environment_locale select en_US.UTF-8
+locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8
+keyboard-configuration  keyboard-configuration/modelcode        string pc105
+keyboard-configuration  keyboard-configuration/xkb-keymap       select us
+keyboard-configuration  keyboard-configuration/variant  select USA
+keyboard-configuration  keyboard-configuration/model    select Generic 105-key (Intl) PC
+keyboard-configuration  keyboard-configuration/layoutcode       string us
+keyboard-configuration  keyboard-configuration/optionscode      string ctrl:nocaps,terminate:ctrl_alt_bksp

hooks/mountdisks.DEFAULT

@@ -0,0 +1,11 @@
+#! /bin/bash
+
+# stop resync of soft raid
+# why though?
+# FAI SUCKS
+if [ $do_init_tasks -eq 1 ]; then
+   if grep -q active /proc/mdstat 2>/dev/null; then
+       echo "frozen" | tee /sys/block/md*/md/sync_action >/dev/null
+   fi
+fi
+exit 0

hooks/savelog.LAST.sh

@@ -0,0 +1,216 @@
+#! /bin/bash
+
+# parse all log files for error messages
+# print errors and warnings found to error.log
+# WARNING: This will only work with english error messages!
+
+errfile=$LOGDIR/error.log
+
+# Define grep patterns. Do not start or end with an empty line!
+globalerrorpatterns="error
+fail
+warn
+ bad
+bad 
+no space
+syntax
+Couldn't stat
+Cannot access
+ conflict
+is bigger than the limit
+did not exist
+non existent
+not found
+couldn't
+can't
+E: Sorry, broken packages
+^E: 
+operator expected
+ambiguous redirect
+No previous regular expression
+No such
+Device or resource busy
+unknown option
+[a-z]\+\.log:E:
+No candidate version found
+segfault
+Couldn't find any package whose name or description matched
+cannot create
+The following packages have unmet dependencies"
+
+globalignorepatterns="[a-z]\+\.log:#
+Error: Driver 'pcspkr' is already registered, aborting
+: bytes  packets  errors  dropped
+:+ error=0
+:+ trap error=
+task_error_func=
+STOP_ON_ERROR=
+courier-webadmin
+plugins-bad
+Enabling conf localized-error-pages
+ibwebadmin
+kernel-patch-badram
+kolab-webadmin
+kolabadmin
+gstreamer.\+-plugins-really-bad
+liberrors.so
+liberrors-samba
+libsamba-errors
+gsambad
+libad
+libtest-nowarnings-perl
+libtest-warn-perl
+libclass-errorhandler-perl
+zope-ploneerrorreporting
+libroxen-errormessage
+liberror-perl
+libgpg-error-dev
+libgpg-error0
+Opts:.\+errors=remount
+[RT]X packets:
+WARNING: unexpected IO-APIC
+warned about = ( )
+daemon.warn
+kern.warn
+rw,errors=
+Expect some cache
+no error
+failmsg
+RPC call returned error 101
+deverror.out
+(floppy), sector 0
+mount version older than kernel
+Can't locate module
+Warning only .\+MB will be used.
+hostname: Host name lookup failure
+I can't tell the difference.
+warning, not much extra random data, consider using the -rand option
+confC._FILE
+Warning: 3 database(s) sources
+were not found, (but were created)
+removing exim
+The home dir you specified already exists.
+No Rule for /usr/lib/ispell/default.hash.
+/usr/sbin/update-fonts-.\+: warning: absolute path
+hostname: Unknown server error
+EXT2-fs warning: checktime reached
+RPC: sendmsg returned error 101
+can't print them to stdout. Define these classes
+warning: downgrading
+suppress emacs errors
+echo Error:
+Can't open dependencies file
+documents in /usr/doc are no longer supported
+if you have both a SCSI and an IDE CD-ROM
+Warning: /proc/ide/hd?/settings interface is obsolete, and will be removed soon
+Monitoring disabled
+Error: only one processor found.
+Error Recovery Strategy:
+sector 0 does not have an
+syslogin_perform_logout: logout() returned an error
+grub is not in an XFS filesystem.
+grub-install: line 374:
+grub-probe: error: Cannot open \`/boot/grub/device.map'
+is harmless
+not updating .\+ font directory data.
+register_serial(): autoconfig failed
+Fontconfig error: Cannot load default config file
+asking for cache data failed
+However, I can not read the target:
+Warning: The partition table looks like it was made
+task_error=0
+task_local_error=0
+^info: Trying to set
+warning: /usr/lib/X11/fonts
+can't read /etc/udev/rules.d/z25_persistent-net.rules
+/cow': No such file or directory
+Dummy start-stop-daemon called
+X: bytes  packets  errors
+ACPI Error
+ACPI Warning
+AE_NOT_FOUND
+conflicts with ACPI region
+cannot stat \`/etc/modprobe.d/\*.conf'
+cdrom: open failed.
+libgpg-error
+process \`kudzu' used the deprecated sysctl system call
+PM: Resume from disk failed
+JBD: barrier-based sync failed
+aufs: module is from the staging directory, the quality is unknown
+warning: linuxlogo stop runlevel arguments (none) do not match
+insserv: warning: script .\+ missing LSB tags and overrides
+live-premount.\+ If this fails
+cannot read table of mounted file systems
+error: no alternatives for
+ERST: Error Record Serialization Table (ERST) support is initialized
+ERST: Table is not found
+HEST: Table not found
+failed to stat /dev/pts
+Failed to connect to socket /var/run/dbus/system_bus_socket
+fail to add MMCONFIG information
+can't initialize iptables table
+can't initialize ip6tables table
+Authentication warning overridden
+41-warning.sh
+PCCT header not found
+Download is performed unsandboxed as root as file
+update-alternatives: warning: skip creation of
+loop: module verification failed: signature
+Warning: apt-key output should not be parsed
+WARNING: Failed to connect to lvmetad. Falling back to device scanning
+Warning: The home dir /var/lib/usbmux you specified
+diff: /var/lib/apparmor/profiles/.apparmor.md5sums: No such file or directory
+error reporting disabled
+Enabling Firmware First mode for corrected errors
+errors: 0
+ 0 errors
+Memory Error Correction:
+Memory Controller 0 - Channel . Error
+IIO RAS/Control Status/Global Errors
+__stack_chk_fail
+grub.cfg.new: Directory nonexistent
+can't derive routing for PCI INT A
+failed to load isci/isci_firmware.bin
+Direct firmware load for isci/isci_firmware.bin failed with error
+Loading user firmware failed, using default values
+stunnel4 you specified can't be accessed: No such file or directory
+install-docs --verbose --check file_name' may give more details about the above errors
+cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
+update-rc.d: warning: start and stop actions are no longer supported"
+
+# add pattern on some conditions
+if [ -n $FAI_ALLOW_UNSIGNED ] ; then
+   globalignorepatterns="$globalignorepatterns
+WARNING: untrusted versions
+WARNING: The following packages cannot be authenticated
+Ignoring these trust violations"
+fi
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Here you can define your own patterns. Put one pattern in a line,
+# do not create empty lines.
+myerrorpatterns="X_X-X_XX"
+myignorepatterns="X_X-X_XX"
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# The main routine
+errorpatterns="$globalerrorpatterns
+$myerrorpatterns"
+ignorepatterns="$globalignorepatterns
+$myignorepatterns"
+
+cd $LOGDIR || exit 3
+if [ -s $errfile ]; then
+    echo "Errorfile already exists. Aborting." >&2
+    exit
+fi
+
+grep -i "$errorpatterns" *.log | grep -vi "$ignorepatterns" > $errfile
+if [ X$verbose = X1 ]; then
+    egrep -v '^software.log:' $errfile > $LOGDIR/tempfile
+    mv $LOGDIR/tempfile $errfile
+fi
+
+if [ -s $errfile ]; then
+   echo "ERRORS found in log files. See $errfile" >&2
+else
+   echo "Congratulations! No errors found in log files."
+fi

hooks/setup.DEFAULT.sh

@@ -0,0 +1,10 @@
+#! /bin/bash
+
+# use short hostname instead of FQDN
+# otherwise it gets fucked up
+# FAI doesn't start
+# FAI SUCKS
+export HOSTNAME=${HOSTNAME%%.*}
+if [ $do_init_tasks -eq 1 ]; then
+  echo $HOSTNAME > /proc/sys/kernel/hostname
+fi

package_config/DEBIAN

@@ -0,0 +1,34 @@
+PACKAGES install-norec
+# only installs bare minimum needed for ansible to work
+openssh-client
+openssh-server
+time
+procinfo
+locales
+console-setup
+kbd
+sudo
+python
+
+PACKAGES install I386
+linux-image-686-pae
+memtest86+
+
+PACKAGES install CHROOT
+linux-image-686-pae-
+linux-image-amd64-
+
+PACKAGES install AMD64
+linux-image-amd64
+memtest86+
+
+PACKAGES install ARM64
+grub-efi-arm64
+linux-image-arm64
+
+PACKAGES install GRUB_PC
+grub-pc
+
+PACKAGES install GRUB_EFI_CRYPTO
+grub-efi
+

package_config/LVM_LUKS_RAID

@@ -0,0 +1,5 @@
+PACKAGES install
+mdadm
+lvm2
+cryptsetup
+

scripts/DEBIAN/10-rootpw

@@ -0,0 +1,8 @@
+#! /bin/bash
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+$ROOTCMD usermod -L root
+
+exit $error
+

scripts/DEBIAN/20-capabilities

@@ -0,0 +1,22 @@
+#!/bin/bash
+#
+# Capabilities get lost when creating the fai base.tar.xz image.
+# Restore them here.
+#
+
+set -e
+
+if [ ! -x $target/sbin/setcap ] ; then
+    exit 0
+fi
+
+for FILE in /bin/ping /bin/ping6 /usr/bin/fping /usr/bin/fping6; do
+    if [ -x $target/$FILE -a ! -h $target/$FILE ] ; then
+        if $ROOTCMD /sbin/setcap cap_net_raw+ep $FILE; then
+            echo "Setcap worked! $FILE is not suid!"
+        fi
+    fi
+done
+if [ -x $target/usr/bin/systemd-detect-virt ] ; then
+    $ROOTCMD /sbin/setcap cap_dac_override,cap_sys_ptrace+ep /usr/bin/systemd-detect-virt
+fi

scripts/DEBIAN/30-interface

@@ -0,0 +1,118 @@
+#! /bin/bash
+
+netplan_yaml() {
+    # network configuration using ubuntu's netplan.io
+    local IFNAME="$1"
+    local METHOD="$2"
+    echo     "Generating netplan configuration for $IFNAME ($METHOD)" >&2
+    echo     "# generated by FAI"
+    echo     "network:"
+    echo     "  version: 2"
+    echo     "  renderer: $RENDERER"
+    case "$RENDERER" in
+      networkd)
+        echo     "  ethernets:"
+        echo     "    $IFNAME:"
+        case "$METHOD" in
+          dhcp)
+            echo "      dhcp4: true"
+            ;;
+          static)
+            echo "      addresses: [$CIDR]"
+            echo "      gateway4: $GATEWAYS_1"
+            echo "      nameservers:"
+            echo "        search: [$DOMAIN]"
+            echo "        addresses: [${DNSSRVS// /, }]"
+            ;;
+        esac
+    esac
+}
+
+iface_stanza() {
+    # classic network configuration using /etc/network/interfaces
+    local IFNAME="$1"
+    local METHOD="$2"
+    echo "Generating interface configuration for $IFNAME ($METHOD)" >&2
+    echo "# generated by FAI"
+    echo "auto $IFNAME"
+    echo "iface $IFNAME inet $METHOD"
+    case "$METHOD" in
+      static)
+        echo "    address $IPADDR"
+        echo "    netmask $NETMASK"
+        echo "    broadcast $BROADCAST"
+        echo "    gateway $GATEWAYS"
+        ;;
+    esac
+}
+
+newnicnames() {
+
+    # determine predictable network names only for stretch and above
+
+    [ $do_init_tasks -eq 0 ] && return
+    [ -z "$NIC1" ] && return
+    ver=$($ROOTCMD dpkg-query --showformat='${Version}' --show udev)
+    if dpkg --compare-versions $ver lt 220-7; then
+	return
+    fi
+
+
+    fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH"
+    for field in $fields; do
+	name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p")
+	if [[ $name ]]; then
+	    NIC1=$name
+	    break
+	fi
+    done
+    if [[ ! $name ]]; then
+	echo "$0: error: could not find systemd predictable network name. Using $NIC1."
+    fi
+}
+
+if [ -z "$NIC1" ]; then
+    echo "WARNING: \$NIC1 is not defined. Cannot add ethernet to /etc/network/interfaces."
+fi
+CIDR=$(ip -o -f inet addr show $NIC1 | awk '{print $4}')
+newnicnames
+
+case "$FAI_ACTION" in
+  install|dirinstall)
+    ifclass DHCPC && METHOD=dhcp || METHOD=static
+    ifclass XORG && RENDERER=NetworkManager || RENDERER=networkd
+
+    if [ -d $target/etc/netplan ]; then
+        # Ubuntu >= 17.10 with netplan.io
+        if [ -n "$NIC1" ]; then
+            netplan_yaml $NIC1 $METHOD > $target/etc/netplan/01-${NIC1}.yaml
+        fi
+    elif [ -d $target/etc/network/interfaces.d ]; then
+        # ifupdown >= 0.7.41 (Debian >= 8, Ubuntu >= 14.04)
+        iface_stanza lo loopback > $target/etc/network/interfaces.d/lo
+
+        if [ -n "$NIC1" -a ! -f $target/etc/NetworkManager/NetworkManager.conf ]; then
+            iface_stanza $NIC1 $METHOD > $target/etc/network/interfaces.d/$NIC1
+        fi
+    else
+        (
+            iface_stanza lo loopback
+            iface_stanza $NIC1 $METHOD
+        ) > $target/etc/network/interfaces
+    fi
+
+    if ! ifclass DHCPC ; then
+        [ -n "$NETWORK" ] && echo "localnet $NETWORK" > $target/etc/networks
+        if [ ! -L $target/etc/resolv.conf -a -e /etc/resolv.conf ]; then
+            cp -p /etc/resolv.conf $target/etc
+        fi
+    fi
+    ;;
+esac
+
+# here fcopy is mostly used, when installing a client for running in a
+# different subnet than during the installation
+fcopy -iM /etc/resolv.conf
+fcopy -iM /etc/network/interfaces /etc/networks
+
+exit $error

scripts/DEBIAN/40-misc

@@ -0,0 +1,39 @@
+#! /bin/bash
+
+# (c) Thomas Lange, 2001-2016, lange@debian.org
+# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+echo $TIMEZONE    > $target/etc/timezone
+if [ -L $target/etc/localtime ]; then
+    ln -sf /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime
+else
+    cp -f /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime
+fi
+
+hostname -s > $target/etc/hostname
+
+if [ ! -e $target/etc/adjtime ]; then
+    printf "0.0 0 0.0\n0\nUTC\n" > $target/etc/adjtime
+fi
+if [ "$UTC" = "yes" ]; then
+    sed -i -e 's:^LOCAL$:UTC:' $target/etc/adjtime
+else
+    sed -i -e 's:^UTC$:LOCAL:' $target/etc/adjtime
+fi
+
+# make sure a machine-id exists
+if [ ! -f $target/etc/machine-id ]; then
+    > $target/etc/machine-id
+fi
+# recreate machine-id if the file is empty
+if [ X"$(stat -c '%s' $target/etc/machine-id 2>/dev/null)"  = X0 -a -f /bin/systemd-machine-id-setup ]; then
+    $ROOTCMD systemd-machine-id-setup
+fi
+
+ln -fs /proc/mounts $target/etc/mtab
+
+rm -f $target/etc/dpkg/dpkg.cfg.d/fai $target/etc/dpkg/dpkg.cfg.d/unsafe-io
+
+exit $error

scripts/GRUB_EFI_CRYPTO/10-setup

@@ -0,0 +1,74 @@
+#! /bin/bash
+# support for GRUB version 2
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+# This script assumes that the disk has a GPT partition table and
+# that the extended system partition (ESP) is mounted on /boot/efi.
+# When building a disk image, we don't change the NVRAM to point at
+# the boot image we made available, because the disk image is likely
+# not installed on the current system.  As a result, we force
+# installation into the removable media paths as well as the standard
+# debian path.
+
+set -a
+
+# do not set up grub during dirinstall
+if [ "$FAI_ACTION" = "dirinstall" ] ; then
+    exit 0
+fi
+# during softupdate use this file
+[ -r $LOGDIR/disk_var.sh ] && . $LOGDIR/disk_var.sh
+
+if [ -z "$BOOT_DEVICE" ]; then
+    exit 189
+fi
+
+# disable os-prober because of #788062
+echo "GRUB_DISABLE_OS_PROBER" >> /etc/default/grub
+
+# enable cryptodisk
+echo "GRUB_ENABLE_CRYPTODISK=y" >> $target/etc/default/grub.d/crypto.cfg
+
+# skip the rest, if not an initial installation
+if [ $FAI_ACTION != "install" ]; then
+    $ROOTCMD update-grub
+    exit $error
+fi
+
+GROOT=$($ROOTCMD grub-probe -tdrive -d $BOOT_DEVICE)
+
+# handle /boot in lvm-on-md
+_bdev=$(readlink -f $BOOT_DEVICE)
+if [ "${_bdev%%-*}" = "/dev/dm" ]; then
+  BOOT_DEVICE=$( lvs --noheadings -o devices $BOOT_DEVICE | sed -e 's/^*\([^(]*\)(.*$/\1/' )
+fi
+
+# override this, it doesn't work correctly for lvm on luks on raid
+BOOT_DEVICE="/dev/md0"
+
+# Check if RAID is used for the boot device
+if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then
+    raiddev=${BOOT_DEVICE#/dev/}
+    # install grub on all members of RAID
+    for device in `LC_ALL=C perl -ne 'if(/^'$raiddev'\s.+raid\d+\s(.+)/){ $_=$1; s/\d+\[\d+\]//g; print }' /proc/mdstat`; do
+	echo Install grub on /dev/$device
+	$ROOTCMD grub-install --no-floppy --force-extra-removable "/dev/$device"
+    done
+
+elif [[ $BOOT_DEVICE =~ '/dev/loop' ]]; then
+    # do not update vmram when using a loop device
+    $ROOTCMD grub-install --no-floppy --force-extra-removable --modules=part_gpt --no-nvram $BOOT_DEVICE
+    if [ $? -eq 0 ]; then
+        echo "Grub installed on hostdisk $BOOT_DEVICE"
+    fi
+
+else
+    $ROOTCMD grub-install --no-floppy --modules=part_gpt "$GROOT"
+    if [ $? -eq 0 ]; then
+        echo "Grub installed on $BOOT_DEVICE = $GROOT"
+    fi
+fi
+$ROOTCMD update-grub
+
+exit $error

scripts/SETUP_USER/10-setup-user

@@ -0,0 +1,20 @@
+#! /bin/bash
+
+# (c) Thomas Lange, 2001-2017, lange@debian.org
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+echo "SETUP USER: $username";
+
+# add additional user account
+if [ -n "$username" ]; then
+    if ! $ROOTCMD getent passwd $username ; then
+	$ROOTCMD adduser --disabled-login --gecos "$username user" $username
+	$ROOTCMD usermod -p "$USERPW" $username
+	userdir=$($ROOTCMD getent passwd "$username" | cut -d: -f6 )
+
+	for g in $groups; do
+	    $ROOTCMD adduser $username $g
+	done
+    fi
+fi

scripts/SETUP_USER/20-setup-sudo

@@ -0,0 +1,3 @@
+#!/bin/sh
+echo "$username ALL=(ALL:ALL) NOPASSWD: ALL" >> /target/etc/sudoers.d/user_nopasswd
+

scripts/SETUP_USER/30-authorized_keys

@@ -0,0 +1,4 @@
+#!/bin/sh
+mkdir $target/home/$username/.ssh;
+echo "$SSHKEY" > $target/home/$username/.ssh/authorized_keys;
+