#!/bin/sh -eu # vim: ts=4 et: [ -z "$DEBUG" ] || [ "$DEBUG" = 0 ] || set -x SETUP=/tmp/setup.d TARGET=/mnt # Enable ZDT repo echo "@kubezero https://cdn.zero-downtime.net/alpine/v${VERSION}/kubezero" >> "$TARGET/etc/apk/repositories" wget -q -O $TARGET/etc/apk/keys/stefan@zero-downtime.net-61bb6bfb.rsa.pub https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub # Install ZDT packages here after repo is available apk -U --root "$TARGET" --no-cache add \ fluent-bit@kubezero # Install custom sysctl settings cp $SETUP/zdt-sysctl.conf $TARGET/etc/sysctl.d/60-zdt.conf # Fix dhcp to set MTU properly install -o root -g root -Dm644 -t $TARGET/etc/dhcp $SETUP/dhclient.conf echo 'Setup dhclient' # Enable SSH keepalive sed -i -e "s/^[\s#]*TCPKeepAlive\s.*/TCPKeepAlive yes/" -e "s/^[\s#]*ClientAliveInterval\s.*/ClientAliveInterval 60/" $TARGET/etc/ssh/sshd_config echo 'Enabled SSH keep alives' # CgroupsV2 sed -i -e "s/^[\s#]*rc_cgroup_mode=.*/rc_cgroup_mode=\"unified\"/" $TARGET/etc/rc.conf # Setup syslog-ng json logging cp $SETUP/syslog-ng.conf $TARGET/etc/syslog-ng/syslog-ng.conf cp $SETUP/syslog-ng.logrotate.conf $TARGET/etc/logrotate.d/syslog-ng mkdir -p $TARGET/var/log/containers echo 'syslog set to json logging' # Change logrotate to run hourly rather than daily mv $TARGET/etc/periodic/daily/logrotate $TARGET/etc/periodic/hourly/ echo 'Switch logrotate to run hourly rather than daily' # Install cloudbender shutdown hook cp $SETUP/cloudbender.stop $TARGET/etc/local.d mkdir -p $TARGET/etc/cloudbender/shutdown.d echo 'Installed cloudbender shutdown hook' # Install tools cp $SETUP/route53.py $TARGET/usr/local/bin cp $SETUP/get_iam_sshkeys.py $TARGET/usr/sbin echo 'Installed route53.py and get_iam_sshkeys.py' # ps_mem #wget https://raw.githubusercontent.com/pixelb/ps_mem/master/ps_mem.py #sed -i -e 's,#!/usr/bin/env python,#!/usr/bin/env python3,' ps_mem.py #chmod +x ps_mem.py cp $SETUP/ps_mem.py $TARGET/usr/local/bin/ps_mem echo 'Installed ps_mem' # use init to spawn monit echo ":2345:respawn:/usr/bin/monit -Ic /etc/monitrc" >> $TARGET/etc/inittab mkdir -p $TARGET/etc/monit.d cp $SETUP/monitrc $TARGET/etc/monitrc && chmod 600 $TARGET/etc/monitrc cp $SETUP/monit_alert.sh $TARGET/usr/local/bin/monit_alert.sh echo 'Enable monit via init, hooked up cloudbender alerting' # QoL mv $TARGET/etc/profile.d/color_prompt.sh.disabled $TARGET/etc/profile.d/color_prompt.sh echo 'alias rs="doas bash"' > $TARGET/etc/profile.d/alias.sh # branding cp $SETUP/neofetch.conf $TARGET/etc/neofetch.conf cp $SETUP/zdt-ascii.txt $TARGET/etc/neofetch-logo.txt echo '[ -n "$SSH_TTY" -a "$SHLVL" -eq 1 ] && neofetch --config /etc/neofetch.conf' > $TARGET/etc/profile.d/motd.sh echo 'Installed ZDT branding via neofetch' printf '\n# Zero Down Time config applied'