local/boot-configure

   1 #!/bin/sh -eu
   2 tool=$(readlink -e "${0%/*}/..")
   3 . "$tool"/local/lib.sh
   4
   5 sudo debconf-set-selections <<-EOF
   6         grub-pc grub-pc/install_devices multiselect
   7         EOF
   8 "$tool"/local/apt-get-install grub-pc
   9 sudo install -d -m 644 -o root -g root /boot/grub
  10 "$tool"/local/apt-get-install linux-image-$local_arch
  11 sudo install -m 644 -o root -g root /dev/stdin \
  12  /etc/default/grub <<-EOF
  13         GRUB_DEFAULT=0
  14         GRUB_TIMEOUT=5
  15         GRUB_DISTRIBUTOR=\`lsb_release -i -s 2> /dev/null || echo Debian\`
  16         GRUB_CMDLINE_LINUX_DEFAULT="quiet"
  17         GRUB_CMDLINE_LINUX="vt.default_utf8=1 rootfstype=ext4 loglevel=5 console=hvc0 console=ttyS0 ip=$local_ipv4::$local_gateway:$local_dropbear_netmask:$vm:eth0:off resume=/dev/mapper/${vm}_swap_deciphered"
  18         GRUB_DISABLE_RECOVERY="true"
  19         #GRUB_PRELOAD_MODULES="lvm"
  20         GRUB_TERMINAL="console serial"
  21         GRUB_SERIAL_COMMAND="serial --unit=0 --speed=38400 --word=8 --parity=no --stop=1"
  22         EOF
  23 sudo install -m 644 -o root -g root /dev/stdin \
  24  /boot/grub/device.map <<-EOF
  25         (hd0)   /dev/xvda
  26         (hd0)   /dev/mapper/domU-$(printf %s $local_fqdn-disk | sed -e 's/-/--/g')
  27         EOF
  28 sudo update-grub2 # NOTE: prend en compte /boot/grub/device.map
  29 "$tool"/local/initramfs-configure
  30 "$tool"/local/apt-get-install molly-guard
  31 sudo install -m 644 -o root -g root /dev/stdin \
  32  /etc/molly-guard/rc <<-EOF
  33         ALWAYS_QUERY_HOSTNAME=true
  34          # NOTE: une alternative est de dire à sudo de conserver les SSH_*
  35          #       néamoins demander tout le temps n'est pas trop contraignant
  36          #       et davantage sécurisant.
  37         EOF