64 lines
1.6 KiB
Bash
64 lines
1.6 KiB
Bash
|
#!/bin/bash
|
||
|
|
||
|
set -ex
|
||
|
|
||
|
add_fqdn_to_hosts() {
|
||
|
hostname=$1
|
||
|
ip_addr=$(getent hosts $hostname | cut -d' ' -f1)
|
||
|
sed -E "/${ip_addr}.*\\b${hostname}\\b/d" /etc/hosts > /tmp/hosts
|
||
|
cat /tmp/hosts > /etc/hosts
|
||
|
rm /tmp/hosts
|
||
|
echo "$ip_addr $hostname.csclub.internal $hostname" >> /etc/hosts
|
||
|
}
|
||
|
|
||
|
# set FQDN in /etc/hosts
|
||
|
add_fqdn_to_hosts phosphoric-acid
|
||
|
add_fqdn_to_hosts auth1
|
||
|
|
||
|
export DEBIAN_FRONTEND=noninteractive
|
||
|
apt update
|
||
|
|
||
|
# LDAP
|
||
|
apt install -y --no-install-recommends libnss-ldapd
|
||
|
service nslcd stop || true
|
||
|
cp .drone/ldap.conf /etc/ldap/ldap.conf
|
||
|
grep -Eq '^map group member uniqueMember$' /etc/nslcd.conf || \
|
||
|
echo 'map group member uniqueMember' >> /etc/nslcd.conf
|
||
|
sed -E -i 's/^uri .*$/uri ldap:\/\/auth1.csclub.internal/' /etc/nslcd.conf
|
||
|
sed -E -i 's/^base .*$/base dc=csclub,dc=internal/' /etc/nslcd.conf
|
||
|
cp .drone/nsswitch.conf /etc/nsswitch.conf
|
||
|
|
||
|
# KERBEROS
|
||
|
apt install -y krb5-user libpam-krb5 libsasl2-modules-gssapi-mit
|
||
|
cp .drone/krb5.conf /etc/krb5.conf
|
||
|
|
||
|
# sync with auth1
|
||
|
apt install -y netcat-openbsd
|
||
|
synced=false
|
||
|
# give it 5 minutes
|
||
|
for i in {1..60}; do
|
||
|
if nc -vz auth1 9000 ; then
|
||
|
synced=true
|
||
|
break
|
||
|
fi
|
||
|
sleep 5
|
||
|
done
|
||
|
test $synced = true
|
||
|
|
||
|
rm -f /etc/krb5.keytab
|
||
|
cat <<EOF | kadmin -p sysadmin/admin
|
||
|
krb5
|
||
|
addprinc -randkey host/phosphoric-acid.csclub.internal
|
||
|
ktadd host/phosphoric-acid.csclub.internal
|
||
|
addprinc -randkey ceod/phosphoric-acid.csclub.internal
|
||
|
ktadd ceod/phosphoric-acid.csclub.internal
|
||
|
addprinc -randkey ceod/admin
|
||
|
ktadd ceod/admin
|
||
|
EOF
|
||
|
service nslcd start
|
||
|
|
||
|
# initialize the skel directory
|
||
|
shopt -s dotglob
|
||
|
mkdir -p /users/skel
|
||
|
cp /etc/skel/* /users/skel/
|