start-os/debian/postinst

#!/bin/sh
set -e

SYSTEMCTL=systemctl
if [ -n "$DPKG_MAINTSCRIPT_PACKAGE" ]; then
	  SYSTEMCTL=deb-systemd-helper
fi

if [ -f /usr/sbin/grub-probe ] && ! [ -L /usr/sbin/grub-probe ]; then
  mv /usr/sbin/grub-probe /usr/sbin/grub-probe-default
  ln -s /usr/lib/startos/scripts/grub-probe-eos /usr/sbin/grub-probe
fi

cp /usr/lib/startos/scripts/startos-initramfs-module /etc/initramfs-tools/scripts/startos

if ! grep overlay /etc/initramfs-tools/modules > /dev/null; then
    echo overlay >> /etc/initramfs-tools/modules
fi

update-initramfs -u -k all

if [ -f /etc/default/grub ]; then
    sed -i '/\(^\|#\)GRUB_CMDLINE_LINUX=/c\GRUB_CMDLINE_LINUX="boot=startos"' /etc/default/grub
    sed -i '/\(^\|#\)GRUB_DISTRIBUTOR=/c\GRUB_DISTRIBUTOR="StartOS v$(cat /usr/lib/startos/VERSION.txt)"' /etc/default/grub
fi

# change timezone
rm -f /etc/localtime
ln -s /usr/share/zoneinfo/Etc/UTC /etc/localtime

# switch to systemd-resolved & network-manager
echo "#" > /etc/network/interfaces
if ! [ -f /etc/resolv.conf ]; then
  rm -f /etc/resolv.conf
  echo "nameserver 8.8.8.8" > /etc/resolv.conf # Google DNS Fallback
fi
if ! [ -f /run/systemd/resolve/stub-resolv.conf ]; then
    mkdir -p /run/systemd/resolve
    cp /etc/resolv.conf /run/systemd/resolve/stub-resolv.conf
fi
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
cat << EOF > /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile
dns=systemd-resolved

[ifupdown]
managed=true
EOF
$SYSTEMCTL enable startd.service
$SYSTEMCTL enable systemd-resolved.service
$SYSTEMCTL enable ssh.service
$SYSTEMCTL disable wpa_supplicant.service
$SYSTEMCTL mask systemd-networkd-wait-online.service # currently use `NetworkManager-wait-online.service`

$SYSTEMCTL disable docker.service
$SYSTEMCTL disable postgresql.service
$SYSTEMCTL disable tor.service
$SYSTEMCTL disable bluetooth.service
$SYSTEMCTL disable hciuart.service
$SYSTEMCTL disable triggerhappy.service

$SYSTEMCTL mask sleep.target
$SYSTEMCTL mask suspend.target
$SYSTEMCTL mask hibernate.target
$SYSTEMCTL mask hybrid-sleep.target

if which gsettings > /dev/null; then
    gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout '0'
    gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout '0'
fi

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/Restart=on-failure/Restart=always/g' /lib/systemd/system/tor@default.service
sed -i '/\(^\|#\)entries-per-entry-group-max=/c\entries-per-entry-group-max=128' /etc/avahi/avahi-daemon.conf
sed -i '/\(^\|#\)Storage=/c\Storage=persistent' /etc/systemd/journald.conf
sed -i '/\(^\|#\)Compress=/c\Compress=yes' /etc/systemd/journald.conf
sed -i '/\(^\|#\)SystemMaxUse=/c\SystemMaxUse=1G' /etc/systemd/journald.conf
sed -i '/\(^\|#\)ForwardToSyslog=/c\ForwardToSyslog=no' /etc/systemd/journald.conf
sed -i '/^\s*#\?\s*issue_discards\s*=\s*/c\issue_discards = 1' /etc/lvm/lvm.conf
sed -i '/\(^\|#\)\s*unqualified-search-registries\s*=\s*/c\unqualified-search-registries = ["docker.io"]' /etc/containers/registries.conf

mkdir -p /etc/nginx/ssl

cat << EOF > /etc/tor/torrc
SocksPort 0.0.0.0:9050
SocksPolicy accept 127.0.0.1
SocksPolicy accept 172.18.0.0/16
SocksPolicy reject *
ControlPort 9051
CookieAuthentication 1
EOF

rm -rf /var/lib/tor/*
ln -sf /usr/lib/startos/scripts/tor-check.sh /usr/bin/tor-check

echo "fs.inotify.max_user_watches=1048576" > /etc/sysctl.d/97-embassy.conf

# Old pi was set with this locale, because of pg we are now stuck with including that locale
locale-gen en_GB en_GB.UTF-8 
echo "locales locales/locales_to_be_generated multiselect en_GB.UTF-8 UTF-8" | debconf-set-selections
update-locale  LANGUAGE
rm -f "/etc/locale.gen"
dpkg-reconfigure --frontend noninteractive locales

if ! getent group | grep '^embassy:'; then
    groupadd embassy
fi

ln -sf /usr/lib/startos/scripts/dhclient-exit-hook /etc/dhcp/dhclient-exit-hooks.d/embassy

rm -f /etc/motd
ln -sf /usr/lib/startos/motd /etc/update-motd.d/00-embassy
chmod -x /etc/update-motd.d/*
chmod +x /etc/update-motd.d/00-embassy

# LXC
cat /etc/subuid | grep -v '^root:' > /etc/subuid.tmp || true
echo "root:100000:65536" >> /etc/subuid.tmp
mv /etc/subuid.tmp /etc/subuid

cat /etc/subgid | grep -v '^root:' > /etc/subgid.tmp || true
echo "root:100000:65536" >> /etc/subgid.tmp
mv /etc/subgid.tmp /etc/subgid

cat /etc/lxc/default.conf | grep -v '^lxc\.idmap = [ug]' > /etc/lxc/default.conf.tmp || true
echo "lxc.idmap = u 0 100000 65536" >> /etc/lxc/default.conf.tmp
echo "lxc.idmap = g 0 100000 65536" >> /etc/lxc/default.conf.tmp
mv /etc/lxc/default.conf.tmp /etc/lxc/default.conf