start-os/debian/postinst

#!/bin/sh
set -e

SYSTEMCTL=systemctl
if [ -n "$DPKG_MAINTSCRIPT_PACKAGE" ]; then
	  SYSTEMCTL=deb-systemd-helper
fi

if [ -f /usr/sbin/grub-probe ] && ! [ -L /usr/sbin/grub-probe ]; then
  mv /usr/sbin/grub-probe /usr/sbin/grub-probe-default
  ln -s /usr/lib/startos/scripts/grub-probe-eos /usr/sbin/grub-probe
fi

cp /usr/lib/startos/scripts/startos-initramfs-module /etc/initramfs-tools/scripts/startos

if ! grep overlay /etc/initramfs-tools/modules > /dev/null; then
    echo overlay >> /etc/initramfs-tools/modules
fi

update-initramfs -u -k all

if [ -f /etc/default/grub ]; then
    sed -i '/\(^\|#\)GRUB_CMDLINE_LINUX=/c\GRUB_CMDLINE_LINUX="boot=startos console=ttyS0,115200n8"' /etc/default/grub
    sed -i '/\(^\|#\)GRUB_DISTRIBUTOR=/c\GRUB_DISTRIBUTOR="StartOS v$(cat /usr/lib/startos/VERSION.txt)"' /etc/default/grub
    sed -i '/\(^\|#\)GRUB_TERMINAL=/c\GRUB_TERMINAL="serial"\nGRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1"' /etc/default/grub
fi

VERSION="$(cat /usr/lib/startos/VERSION.txt)"
ENVIRONMENT=$(cat /usr/lib/startos/ENVIRONMENT.txt)
VERSION_ENV="${VERSION}"
if [ -n "${ENVIRONMENT}" ]; then
    VERSION_ENV="${VERSION} (${ENVIRONMENT})"
fi

# set /etc/os-release
cat << EOF > /etc/os-release
NAME=StartOS
VERSION="${VERSION_ENV}"
ID=start-os
VERSION_ID="${VERSION}"
PRETTY_NAME="StartOS v${VERSION_ENV}"
HOME_URL="https://start9.com/"
SUPPORT_URL="https://docs.start9.com/0.3.5.x/support"
BUG_REPORT_URL="https://github.com/Start9Labs/start-os/issues"
VARIANT="${ENVIRONMENT}"
VARIANT_ID="${ENVIRONMENT}"
EOF

# set local and remote login prompt
cat << EOF > /etc/issue
StartOS v${VERSION} [\\m] on \\n.local (\\l)
EOF
cat << EOF > /etc/issue.net
StartOS v${VERSION}
EOF

# change timezone
rm -f /etc/localtime
ln -s /usr/share/zoneinfo/Etc/UTC /etc/localtime

rm /etc/resolv.conf
echo "nameserver 127.0.0.1" > /etc/resolv.conf
echo "nameserver 1.1.1.1" >> /etc/resolv.conf # Cloudflare DNS Fallback

# switch to network-manager
echo "#" > /etc/network/interfaces
cat << EOF > /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile
dns=systemd-resolved

[ifupdown]
managed=true
EOF
$SYSTEMCTL enable startd.service
$SYSTEMCTL enable systemd-resolved.service
$SYSTEMCTL enable ssh.service
$SYSTEMCTL disable wpa_supplicant.service
$SYSTEMCTL mask systemd-networkd-wait-online.service # currently use `NetworkManager-wait-online.service`

$SYSTEMCTL disable postgresql.service
$SYSTEMCTL disable tor.service
$SYSTEMCTL disable bluetooth.service
$SYSTEMCTL disable hciuart.service
$SYSTEMCTL disable triggerhappy.service

$SYSTEMCTL mask sleep.target
$SYSTEMCTL mask suspend.target
$SYSTEMCTL mask hibernate.target
$SYSTEMCTL mask hybrid-sleep.target

if which gsettings > /dev/null; then
    gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout '0'
    gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout '0'
fi

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/Restart=on-failure/Restart=always/g' /lib/systemd/system/tor@default.service
sed -i '/\(^\|#\)entries-per-entry-group-max=/c\entries-per-entry-group-max=128' /etc/avahi/avahi-daemon.conf
sed -i '/\(^\|#\)Storage=/c\Storage=persistent' /etc/systemd/journald.conf
sed -i '/\(^\|#\)Compress=/c\Compress=yes' /etc/systemd/journald.conf
sed -i '/\(^\|#\)SystemMaxUse=/c\SystemMaxUse=1G' /etc/systemd/journald.conf
sed -i '/\(^\|#\)ForwardToSyslog=/c\ForwardToSyslog=no' /etc/systemd/journald.conf
sed -i '/^\s*#\?\s*issue_discards\s*=\s*/c\issue_discards = 1' /etc/lvm/lvm.conf
sed -i '/\(^\|#\)\s*unqualified-search-registries\s*=\s*/c\unqualified-search-registries = ["docker.io"]' /etc/containers/registries.conf
sed -i 's/\(#\|\^\)\s*\([^=]\+\)=\(suspend\|hibernate\)\s*$/\2=ignore/g' /etc/systemd/logind.conf
sed -i '/\(^\|#\)MulticastDNS=/c\MulticastDNS=no' /etc/systemd/resolved.conf
sed -i '/\(^\|#\)DNSStubListener=/c\DNSStubListener=no' /etc/systemd/resolved.conf
sed -i '/\(^\|#\)LXC_DHCP_CONFILE=/c\LXC_DHCP_CONFILE=/etc/dnsmasq.conf' /etc/default/lxc-net
echo 'port=0' > /etc/dnsmasq.conf
sed -i 's/\[Service\]/[Service]\nEnvironment=SYSTEMD_LOG_LEVEL=debug/' /lib/systemd/system/systemd-timesyncd.service
sed -i "s/\.debian\./\./g;s/#FallbackNTP=/FallbackNTP=/"  /etc/systemd/timesyncd.conf
sed -i '/\(^\|#\)RootDistanceMaxSec=/c\RootDistanceMaxSec=10' /etc/systemd/timesyncd.conf

mkdir -p /etc/nginx/ssl

cat << EOF > /etc/tor/torrc
SocksPort 0.0.0.0:9050
SocksPolicy accept 127.0.0.1
SocksPolicy accept 172.18.0.0/16
SocksPolicy accept 10.0.3.0/24
SocksPolicy reject *
ControlPort 9051
CookieAuthentication 1
EOF

rm -rf /var/lib/tor/*
ln -sf /usr/lib/startos/scripts/chroot-and-upgrade /usr/bin/chroot-and-upgrade
ln -sf /usr/lib/startos/scripts/tor-check /usr/bin/tor-check
ln -sf /usr/lib/startos/scripts/gather-debug-info /usr/bin/gather-debug-info
ln -sf /usr/lib/startos/scripts/wireguard-vps-proxy-setup /usr/bin/wireguard-vps-proxy-setup

echo "fs.inotify.max_user_watches=1048576" > /etc/sysctl.d/97-startos.conf

# Old pi was set with this locale, because of pg we are now stuck with including that locale
locale-gen en_GB en_GB.UTF-8 
echo "locales locales/locales_to_be_generated multiselect en_GB.UTF-8 UTF-8" | debconf-set-selections
update-locale  LANGUAGE
rm -f "/etc/locale.gen"
dpkg-reconfigure --frontend noninteractive locales

if ! getent group | grep '^startos:'; then
    groupadd startos
fi

rm -f /etc/motd
ln -sf /usr/lib/startos/motd /etc/update-motd.d/00-startos
chmod -x /etc/update-motd.d/*
chmod +x /etc/update-motd.d/00-startos

# LXC
cat /etc/subuid | grep -v '^root:' > /etc/subuid.tmp || true
echo "root:100000:65536" >> /etc/subuid.tmp
mv /etc/subuid.tmp /etc/subuid

cat /etc/subgid | grep -v '^root:' > /etc/subgid.tmp || true
echo "root:100000:65536" >> /etc/subgid.tmp
mv /etc/subgid.tmp /etc/subgid

cat /etc/lxc/default.conf | grep -v '^lxc\.idmap = [ug]' > /etc/lxc/default.conf.tmp || true
echo "lxc.idmap = u 0 100000 65536" >> /etc/lxc/default.conf.tmp
echo "lxc.idmap = g 0 100000 65536" >> /etc/lxc/default.conf.tmp
mv /etc/lxc/default.conf.tmp /etc/lxc/default.conf