local/boot-configure

   1 #!/bin/sh -eu
   2 tool=$(readlink -e "${0%/*}/..")
   3 . "$tool"/local/lib.sh
   4
   5 sudo debconf-set-selections <<-EOF
   6         grub-pc grub-pc/install_devices multiselect
   7         EOF
   8 "$tool"/local/apt-get-install grub-pc
   9 sudo install -d -m 644 -o root -g root /boot/grub
  10 "$tool"/local/apt-get-install linux-image-$local_arch
  11 sudo install -m 644 -o root -g root /dev/stdin \
  12  /etc/default/grub <<-EOF
  13         GRUB_DEFAULT=0
  14         GRUB_TIMEOUT=5
  15         GRUB_DISTRIBUTOR=\`lsb_release -i -s 2> /dev/null || echo Debian\`
  16         GRUB_CMDLINE_LINUX_DEFAULT="quiet"
  17         GRUB_CMDLINE_LINUX="vt.default_utf8=1 rootfstype=ext4 loglevel=5 console=hvc0 ip=$local_ipv4::$local_gateway:$local_netmask:$vm:eth0:off resume=/dev/mapper/${vm}_swap_deciphered"
  18         GRUB_DISABLE_RECOVERY="true"
  19         #GRUB_PRELOAD_MODULES="lvm"
  20         EOF
  21 sudo install -m 644 -o root -g root /dev/stdin \
  22  /boot/grub/device.map <<-EOF
  23         (hd0)   /dev/xvda
  24         (hd0)   /dev/mapper/domU-$(printf %s $local_fqdn-disk | sed -e 's/-/--/g')
  25         EOF
  26 sudo update-grub2 # NOTE: prend en compte /boot/grub/device.map
  27 "$tool"/local/initramfs-configure
  28 "$tool"/local/apt-get-install molly-guard
  29 sudo install -m 644 -o root -g root /dev/stdin \
  30  /etc/molly-guard/rc <<-EOF
  31         ALWAYS_QUERY_HOSTNAME=true
  32          # NOTE: une alternative est de dire à sudo de conserver les SSH_*
  33          #       néamoins demander tout le temps n'est pas trop contraignant
  34          #       et davantage sécurisant.
  35         EOF