76 lines
2.7 KiB
Bash
Executable File
76 lines
2.7 KiB
Bash
Executable File
#!/bin/sh -eu
|
|
# vim: ts=4 et:
|
|
|
|
[ -z "$DEBUG" ] || [ "$DEBUG" = 0 ] || set -x
|
|
|
|
SETUP=/tmp/setup.d
|
|
TARGET=/mnt
|
|
|
|
# Enable ZDT repo
|
|
echo "@kubezero https://cdn.zero-downtime.net/alpine/v${VERSION}/kubezero" >> "$TARGET/etc/apk/repositories"
|
|
wget -q -O $TARGET/etc/apk/keys/stefan@zero-downtime.net-61bb6bfb.rsa.pub https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub
|
|
|
|
# Install ZDT packages here after repo is available
|
|
apk -U --root "$TARGET" --no-cache add \
|
|
fluent-bit@kubezero
|
|
|
|
# Install custom sysctl settings
|
|
cp $SETUP/zdt-sysctl.conf $TARGET/etc/sysctl.d/60-zdt.conf
|
|
|
|
# Fix dhcp to set MTU properly
|
|
install -o root -g root -Dm644 -t $TARGET/etc/dhcp $SETUP/dhclient.conf
|
|
echo 'Setup dhclient'
|
|
|
|
# Enable SSH keepalive
|
|
sed -i -e "s/^[\s#]*TCPKeepAlive\s.*/TCPKeepAlive yes/" -e "s/^[\s#]*ClientAliveInterval\s.*/ClientAliveInterval 60/" $TARGET/etc/ssh/sshd_config
|
|
echo 'Enabled SSH keep alives'
|
|
|
|
# CgroupsV2
|
|
sed -i -e "s/^[\s#]*rc_cgroup_mode=.*/rc_cgroup_mode=\"unified\"/" $TARGET/etc/rc.conf
|
|
|
|
# Setup syslog-ng json logging
|
|
cp $SETUP/syslog-ng.conf $TARGET/etc/syslog-ng/syslog-ng.conf
|
|
cp $SETUP/syslog-ng.logrotate.conf $TARGET/etc/logrotate.d/syslog-ng
|
|
mkdir -p $TARGET/var/log/containers
|
|
echo 'syslog set to json logging'
|
|
|
|
# Change logrotate to run hourly rather than daily
|
|
mv $TARGET/etc/periodic/daily/logrotate $TARGET/etc/periodic/hourly/
|
|
echo 'Switch logrotate to run hourly rather than daily'
|
|
|
|
# Install cloudbender shutdown hook
|
|
cp $SETUP/cloudbender.stop $TARGET/etc/local.d
|
|
mkdir -p $TARGET/etc/cloudbender/shutdown.d
|
|
echo 'Installed cloudbender shutdown hook'
|
|
|
|
# Install tools
|
|
cp $SETUP/route53.py $TARGET/usr/local/bin
|
|
cp $SETUP/get_iam_sshkeys.py $TARGET/usr/sbin
|
|
echo 'Installed route53.py and get_iam_sshkeys.py'
|
|
|
|
# ps_mem
|
|
#wget https://raw.githubusercontent.com/pixelb/ps_mem/master/ps_mem.py
|
|
#sed -i -e 's,#!/usr/bin/env python,#!/usr/bin/env python3,' ps_mem.py
|
|
#chmod +x ps_mem.py
|
|
cp $SETUP/ps_mem.py $TARGET/usr/local/bin/ps_mem
|
|
echo 'Installed ps_mem'
|
|
|
|
# use init to spawn monit
|
|
echo ":2345:respawn:/usr/bin/monit -Ic /etc/monitrc" >> $TARGET/etc/inittab
|
|
mkdir -p $TARGET/etc/monit.d
|
|
cp $SETUP/monitrc $TARGET/etc/monitrc && chmod 600 $TARGET/etc/monitrc
|
|
cp $SETUP/monit_alert.sh $TARGET/usr/local/bin/monit_alert.sh
|
|
echo 'Enable monit via init, hooked up cloudbender alerting'
|
|
|
|
# QoL
|
|
mv $TARGET/etc/profile.d/color_prompt.sh.disabled $TARGET/etc/profile.d/color_prompt.sh
|
|
echo 'alias rs="doas bash"' > $TARGET/etc/profile.d/alias.sh
|
|
|
|
# branding
|
|
cp $SETUP/neofetch.conf $TARGET/etc/neofetch.conf
|
|
cp $SETUP/zdt-ascii.txt $TARGET/etc/neofetch-logo.txt
|
|
echo '[ -n "$SSH_TTY" -a "$SHLVL" -eq 1 ] && neofetch --config /etc/neofetch.conf' > $TARGET/etc/profile.d/motd.sh
|
|
echo 'Installed ZDT branding via neofetch'
|
|
|
|
printf '\n# Zero Down Time config applied'
|