infra-ansible
ansible script to ship alpine/ssh/wireguard
git clone https://9o.is/git/infra-ansible.git
genapkovl-mkimgoverlay.sh.j2
(1603B)
1 #!/bin/sh -e
2
3 HOSTNAME="{{ inventory_hostname }}"
4
5 cleanup() {
6 rm -rf "$tmp"
7 }
8
9 makefile() {
10 OWNER="$1"
11 PERMS="$2"
12 FILENAME="$3"
13 cat > "$FILENAME"
14 chown "$OWNER" "$FILENAME"
15 chmod "$PERMS" "$FILENAME"
16 }
17
18 rc_add() {
19 mkdir -p "$tmp"/etc/runlevels/"$2"
20 ln -sf /etc/init.d/"$1" "$tmp"/etc/runlevels/"$2"/"$1"
21 }
22
23 tmp="$(mktemp -d)"
24 trap cleanup EXIT
25
26 mkdir -p "$tmp"/etc
27
28 makefile root:root 0644 "$tmp"/etc/hostname <<EOF
29 $HOSTNAME
30 EOF
31
32 mkdir -p "$tmp"/etc/network
33
34 makefile root:root 0644 "$tmp"/etc/network/interfaces <<EOF
35 auto lo
36 iface lo inet loopback
37
38 auto {{ static_interface }}
39 iface {{ static_interface }} inet static
40 address {{ static_ip }}
41 netmask {{ static_subnet }}
42 gateway {{ static_gateway }}
43 mtu {{ static_mtu }}
44 EOF
45
46 makefile root:root 0644 "$tmp"/etc/resolv.conf <<EOF
47 nameserver {{ static_nameservers[0] }}
48 nameserver {{ static_nameservers[1] }}
49 EOF
50
51 mkdir -p "$tmp"/etc/apk
52
53 makefile root:root 0644 "$tmp"/etc/apk/world <<EOF
54 alpine-base
55 openssh
56 python3
57 EOF
58
59 mkdir -p "$tmp"/etc/ssh
60
61 makefile root:root 0644 "$tmp"/etc/ssh/sshd_config <<EOF
62 AuthorizedKeysFile /etc/ssh/authorized_keys
63 Subsystem sftp internal-sftp
64 EOF
65
66 makefile root:root 0644 "$tmp"/etc/ssh/authorized_keys <<EOF
67 {{ ssh_authorized_key }}
68 EOF
69
70 rc_add devfs sysinit
71 rc_add dmesg sysinit
72 rc_add mdev sysinit
73 rc_add hwclock boot
74 rc_add modules boot
75 rc_add sysctl boot
76 rc_add hostname boot
77 rc_add bootmisc boot
78 rc_add syslog boot
79 rc_add networking boot
80 rc_add sshd default
81 rc_add mount-ro shutdown
82 rc_add killprocs shutdown
83 rc_add savecache shutdown
84
85 tar -c -C "$tmp" etc | gzip -9n > $HOSTNAME.apkovl.tar.gz