WIP
This commit is contained in:
parent
3992a2af3c
commit
3a60a69513
146
arch-custom/airootfs/etc/nslcd.conf
Normal file
146
arch-custom/airootfs/etc/nslcd.conf
Normal file
@ -0,0 +1,146 @@
|
||||
# This is the configuration file for the LDAP nameservice
|
||||
# switch library's nslcd daemon. It configures the mapping
|
||||
# between NSS names (see /etc/nsswitch.conf) and LDAP
|
||||
# information in the directory.
|
||||
# See the manual page nslcd.conf(5) for more information.
|
||||
|
||||
# The user and group nslcd should run as.
|
||||
uid nslcd
|
||||
gid nslcd
|
||||
|
||||
# The uri pointing to the LDAP server to use for name lookups.
|
||||
# Multiple entries may be specified. The address that is used
|
||||
# here should be resolvable without using LDAP (obviously).
|
||||
#uri ldap://127.0.0.1/
|
||||
#uri ldaps://127.0.0.1/
|
||||
#uri ldapi://%2fvar%2frun%2fldapi_sock/
|
||||
# Note: %2f encodes the '/' used as directory separator
|
||||
### CHANGE TO LDAP SERVER URI
|
||||
uri ldap://127.0.0.1/
|
||||
|
||||
# The LDAP version to use (defaults to 3
|
||||
# if supported by client library)
|
||||
#ldap_version 3
|
||||
|
||||
# The distinguished name of the search base.
|
||||
### CHANGE TO LDAP BASE
|
||||
base dc=example,dc=com
|
||||
|
||||
# The distinguished name to bind to the server with.
|
||||
# Optional: default is to bind anonymously.
|
||||
### CHANGE TO BINDDN
|
||||
#binddn cn=proxyuser,dc=example,dc=com
|
||||
|
||||
# The credentials to bind with.
|
||||
# Optional: default is no credentials.
|
||||
# Note that if you set a bindpw you should check the permissions of this file.
|
||||
### CHANGE TO BINDDN PASSWORD
|
||||
#bindpw secret
|
||||
|
||||
# The distinguished name to perform password modifications by root by.
|
||||
#rootpwmoddn cn=admin,dc=example,dc=com
|
||||
|
||||
# The default search scope.
|
||||
#scope sub
|
||||
#scope one
|
||||
#scope base
|
||||
|
||||
# Customize certain database lookups.
|
||||
#base group ou=Groups,dc=example,dc=com
|
||||
#base passwd ou=People,dc=example,dc=com
|
||||
#base shadow ou=People,dc=example,dc=com
|
||||
#scope group onelevel
|
||||
#scope hosts sub
|
||||
|
||||
# Bind/connect timelimit.
|
||||
#bind_timelimit 30
|
||||
|
||||
# Search timelimit.
|
||||
#timelimit 30
|
||||
|
||||
# Idle timelimit. nslcd will close connections if the
|
||||
# server has not been contacted for the number of seconds.
|
||||
#idle_timelimit 3600
|
||||
|
||||
# Use StartTLS without verifying the server certificate.
|
||||
#ssl start_tls
|
||||
#tls_reqcert never
|
||||
|
||||
# CA certificates for server certificate verification
|
||||
#tls_cacertdir /etc/ssl/certs
|
||||
#tls_cacertfile /etc/ssl/ca.cert
|
||||
|
||||
# Seed the PRNG if /dev/urandom is not provided
|
||||
#tls_randfile /var/run/egd-pool
|
||||
|
||||
# SSL cipher suite
|
||||
# See man ciphers for syntax
|
||||
#tls_ciphers TLSv1
|
||||
|
||||
# Client certificate and key
|
||||
# Use these, if your server requires client authentication.
|
||||
#tls_cert
|
||||
#tls_key
|
||||
|
||||
# Mappings for Services for UNIX 3.5
|
||||
#filter passwd (objectClass=User)
|
||||
#map passwd uid msSFU30Name
|
||||
#map passwd userPassword msSFU30Password
|
||||
#map passwd homeDirectory msSFU30HomeDirectory
|
||||
#map passwd homeDirectory msSFUHomeDirectory
|
||||
#filter shadow (objectClass=User)
|
||||
#map shadow uid msSFU30Name
|
||||
#map shadow userPassword msSFU30Password
|
||||
#filter group (objectClass=Group)
|
||||
#map group member msSFU30PosixMember
|
||||
|
||||
# Mappings for Services for UNIX 2.0
|
||||
#filter passwd (objectClass=User)
|
||||
#map passwd uid msSFUName
|
||||
#map passwd userPassword msSFUPassword
|
||||
#map passwd homeDirectory msSFUHomeDirectory
|
||||
#map passwd gecos msSFUName
|
||||
#filter shadow (objectClass=User)
|
||||
#map shadow uid msSFUName
|
||||
#map shadow userPassword msSFUPassword
|
||||
#map shadow shadowLastChange pwdLastSet
|
||||
#filter group (objectClass=Group)
|
||||
#map group member posixMember
|
||||
|
||||
# Mappings for Active Directory
|
||||
#pagesize 1000
|
||||
#referrals off
|
||||
#idle_timelimit 800
|
||||
#filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
|
||||
#map passwd uid sAMAccountName
|
||||
#map passwd homeDirectory unixHomeDirectory
|
||||
#map passwd gecos displayName
|
||||
#filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
|
||||
#map shadow uid sAMAccountName
|
||||
#map shadow shadowLastChange pwdLastSet
|
||||
#filter group (objectClass=group)
|
||||
|
||||
# Alternative mappings for Active Directory
|
||||
# (replace the SIDs in the objectSid mappings with the value for your domain)
|
||||
#pagesize 1000
|
||||
#referrals off
|
||||
#idle_timelimit 800
|
||||
#filter passwd (&(objectClass=user)(objectClass=person)(!(objectClass=computer)))
|
||||
#map passwd uid cn
|
||||
#map passwd uidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
|
||||
#map passwd gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
|
||||
#map passwd homeDirectory "/home/$cn"
|
||||
#map passwd gecos displayName
|
||||
#map passwd loginShell "/bin/bash"
|
||||
#filter group (|(objectClass=group)(objectClass=person))
|
||||
#map group gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
|
||||
|
||||
# Mappings for AIX SecureWay
|
||||
#filter passwd (objectClass=aixAccount)
|
||||
#map passwd uid userName
|
||||
#map passwd userPassword passwordChar
|
||||
#map passwd uidNumber uid
|
||||
#map passwd gidNumber gid
|
||||
#filter group (objectClass=aixAccessGroup)
|
||||
#map group cn groupName
|
||||
#map group gidNumber gid
|
18
arch-custom/airootfs/etc/nsswitch.conf
Normal file
18
arch-custom/airootfs/etc/nsswitch.conf
Normal file
@ -0,0 +1,18 @@
|
||||
# Name Service Switch configuration file.
|
||||
# See nsswitch.conf(5) for details.
|
||||
|
||||
passwd: files systemd ldap
|
||||
group: files [SUCCESS=merge] systemd ldap
|
||||
shadow: files ldap
|
||||
|
||||
publickey: files
|
||||
|
||||
hosts: files mymachines myhostname resolve [!UNAVAIL=return] dns
|
||||
networks: files
|
||||
|
||||
protocols: files
|
||||
services: files
|
||||
ethers: files
|
||||
rpc: files
|
||||
|
||||
netgroup: files
|
1
arch-custom/airootfs/etc/openldap/ldap.conf
Normal file
1
arch-custom/airootfs/etc/openldap/ldap.conf
Normal file
@ -0,0 +1 @@
|
||||
sudoers_base ou=sudoers,dc=example,dc=org
|
5
arch-custom/airootfs/etc/pam.d/passwd
Normal file
5
arch-custom/airootfs/etc/pam.d/passwd
Normal file
@ -0,0 +1,5 @@
|
||||
#%PAM-1.0
|
||||
password sufficient pam_ldap.so
|
||||
#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
|
||||
#password required pam_unix.so sha512 shadow use_authtok
|
||||
password required pam_unix.so sha512 shadow nullok
|
13
arch-custom/airootfs/etc/pam.d/su
Normal file
13
arch-custom/airootfs/etc/pam.d/su
Normal file
@ -0,0 +1,13 @@
|
||||
#%PAM-1.0
|
||||
auth sufficient pam_rootok.so
|
||||
auth sufficient pam_ldap.so
|
||||
# Uncomment the following line to implicitly trust users in the "wheel" group.
|
||||
#auth sufficient pam_wheel.so trust use_uid
|
||||
# Uncomment the following line to require a user to be in the "wheel" group.
|
||||
#auth required pam_wheel.so use_uid
|
||||
auth required pam_unix.so use_firt_pass
|
||||
account required pam_unix.so
|
||||
account sufficient pam_ldap.so
|
||||
session required pam_unix.so
|
||||
session sufficient pam_ldap.so
|
||||
password include system-auth
|
13
arch-custom/airootfs/etc/pam.d/su-l
Normal file
13
arch-custom/airootfs/etc/pam.d/su-l
Normal file
@ -0,0 +1,13 @@
|
||||
#%PAM-1.0
|
||||
auth sufficient pam_rootok.so
|
||||
auth sufficient pam_ldap.so
|
||||
# Uncomment the following line to implicitly trust users in the "wheel" group.
|
||||
#auth sufficient pam_wheel.so trust use_uid
|
||||
# Uncomment the following line to require a user to be in the "wheel" group.
|
||||
#auth required pam_wheel.so use_uid
|
||||
auth required pam_unix.so use_firt_pass
|
||||
account required pam_unix.so
|
||||
account sufficient pam_ldap.so
|
||||
session required pam_unix.so
|
||||
session sufficient pam_ldap.so
|
||||
password include system-auth
|
4
arch-custom/airootfs/etc/pam.d/sudo
Normal file
4
arch-custom/airootfs/etc/pam.d/sudo
Normal file
@ -0,0 +1,4 @@
|
||||
#%PAM-1.0
|
||||
auth sufficient pam_ldap.so
|
||||
auth required pam_unix.so try_first_pass
|
||||
auth required pam_nologin.so
|
30
arch-custom/airootfs/etc/pam.d/system-auth
Normal file
30
arch-custom/airootfs/etc/pam.d/system-auth
Normal file
@ -0,0 +1,30 @@
|
||||
#%PAM-1.0
|
||||
|
||||
auth sufficient pam_ldap.so
|
||||
auth required pam_faillock.so preauth
|
||||
# Optionally use requisite above if you do not want to prompt for the password
|
||||
# on locked accounts.
|
||||
auth [success=2 default=ignore] pam_unix.so try_first_pass nullok
|
||||
-auth [success=1 default=ignore] pam_systemd_home.so
|
||||
auth [default=die] pam_faillock.so authfail
|
||||
auth optional pam_permit.so
|
||||
auth required pam_env.so
|
||||
auth required pam_faillock.so authsucc
|
||||
# If you drop the above call to pam_faillock.so the lock will be done also
|
||||
# on non-consecutive authentication failures.
|
||||
|
||||
account sufficient pam_ldap.so
|
||||
-account [success=1 default=ignore] pam_systemd_home.so
|
||||
account required pam_unix.so
|
||||
account optional pam_permit.so
|
||||
account required pam_time.so
|
||||
|
||||
password sufficient pam_ldap.so
|
||||
-password [success=1 default=ignore] pam_systemd_home.so
|
||||
password required pam_unix.so try_first_pass nullok shadow sha512
|
||||
password optional pam_permit.so
|
||||
|
||||
session required pam_limits.so
|
||||
session required pam_unix.so
|
||||
session optional pam_ldap.so
|
||||
session optional pam_permit.so
|
@ -1 +1,2 @@
|
||||
root:x:0:0:root:/root:/usr/bin/zsh
|
||||
admin:x:1000:1000::/home/admin:/bin/bash
|
||||
|
@ -1 +1,2 @@
|
||||
root::14871::::::
|
||||
admin:$6$kdak37IiHqX5Ox5U$Arf.I3zHqkYC3t/Oo8vxLXINqyajKXrELoDjyRmEd/UnQOi3mYFLiF6Abs27OxJsMzskuTVKoq2CyX.fkIdmI0:18820:0:99999:7:::
|
9
arch-custom/airootfs/root/.ssh/authorized_keys
Normal file
9
arch-custom/airootfs/root/.ssh/authorized_keys
Normal file
@ -0,0 +1,9 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCri++HLNs7M+8NiQXPVI1W86JNrOs0rd4Kyl4mvLMvZqvucvuzI/4OmEOuBgx8mwYggquNHZ+nqOuQPhCYvIvFY6fCUI3c7XWEd2J2fe1Y1Ka9o6lNAkLvFAOLcjDboNzzLPg9i/xazfhHIDigTGijxKATcCfVRxakbfdiOLK2jEJNe7qtikGgF3+zlPktS3qRJE7wNBJVS53XcerNJe2JADSeGI7xPwLd3SwjuibirgzKbqOdPPlhfZHKZSIlVTrjtAi++q7AtWXQjMyQrc5X/a3xSB3vgHfJHZBJS5Xz2IxVjDJeF2RCTex9a6uxrVcYsDyWI7bH9lxKBB9S+HuvX9F+JvpmhYHEJ106z97Rh1iU+vxliu/W1ZKYsKd7BOaxvIAc1mM3qtKNPDLFLvbLFDtjBcLM0G3MxmoCDSl6YxBqCEHAUYvC1Ybe/NsxfCmcjkkdOfSQJIY6kzR1LBMSDhLzLWjBa2ZwhL7QNRR+a7tOEkpclcin6gCCOqh26b8= fix@radon
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnwEtCJFnhr1FHTkIquxjMYMwzSstMV/U+AktdyPg2l fix@xenon
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAT7JSDnbl5lFjszUxFN2WpjPSW6P4pJWke46MN8UCcX fix@morty
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDESsPAjfAUKrTcyPsrddMuLhK4fYaiDnNF4cydIUDtZ6ThS53P5eNJV3B9eZFo/lrAqFXkNiItqWcbee8w2jkZJnfnIFbKy2tkPqCeEGBpD7qI+x+XetYM7s13zCoruSWWWYdfnFby6KEchXUSsqDuiHDxlm4HQYxIEp7JKNcN+EGwV8r9fASc0VK/as+VgBmcjL5GDBWVf1rkM1Vpc1zSpS1lfw7Fd9cf069emFTk/+uMJuFpu/0IhYjS435h4NY7C3gOvBVmeoGfCd+zeLj+vrbfZ/EISbCY9IUQWYE6VNegXsmek3YL6cYQI+p7gktw6IQHudxPXVTNnfcibr8/ pi@raspi
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJ11F0P/IoUwSo9HEg75Ia9gHHoWd0zVn3+Jf0fk8AP fix@argon
|
||||
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFhd9fhfsxtUMFJJlST/3lfCIBcoKkhm2UD9Qn/yg9O85OdN63crhpd8YkOdh8SKqz4uIzSUZ8W0rFvORbkAE2wJlrtqsrQIKOE2RyKH9WVJnZRC26zkxGNfa/QMxeoKWj+2nWUWZ8NOWbQlbQe3YNqIhmUk6EGNnniWkIkCHsQYPjL2XtOrV+fAKQYZHqDdt0PR0hGhrcTQFknYsWHmjVRUATN8A4jxAAVVHxMArVynTJf4JwbCiZeQyFC2qOO/7ISTV5dPOP3MzQ/3SiGofWVVnRk7LzgNsScPHi32GuvImXKLkcbn9TsWsqYq9uYlJMaijoxlFBfoMVT5StJBDNrb1Ca3ebvzz9ugemqB3vW00He5yf9NVAJmy0WGZmGkdBo7gExdCKekr10wC1A44yHBkU70VIVd7fvQnPpImglLueHzjtN4S8MzmO+evuo0n5ecaF51gdglW9CoCbMkEwEM75scAIJ+bnK/PQvr69GNZ7CPl+10//7ZQKmaRg/klvpBPW1Onm13A4E07f7p9hd3et1sTdWzltITdr0CXtpLO4NDP6tTPNIgvK7ytL3K4n/0w+HOYYez8mgzl1JzHSw5huuN3kc1mrkTmArVPa+hlxs/U0RkHuAggRphtWSfZ0gzf1Lmbpbv1iBmmx0I7ebUN5JW7rqAIMFSZa7uc9HQ== f.schaal@tallence.com
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlhfBV/3uJBcfMw3o1pnxMbZdtTHskJSVY/fBvylIKM fix@apu
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMAddUJar3mtosfNShZE4HF/7o++Ty1bBhqb9Sd9R0uC fix@beth
|
@ -1,6 +1,3 @@
|
||||
#
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
#
|
||||
alsa-utils
|
||||
amd-ucode
|
||||
archinstall
|
||||
@ -76,11 +73,14 @@ ndisc6
|
||||
nfs-utils
|
||||
nilfs-utils
|
||||
nmap
|
||||
nss-pam-ldapd
|
||||
ntfs-3g
|
||||
nvme-cli
|
||||
openconnect
|
||||
openldap
|
||||
openssh
|
||||
openvpn
|
||||
pambase
|
||||
partclone
|
||||
parted
|
||||
partimage
|
||||
|
@ -1,10 +1,10 @@
|
||||
#!/usr/bin/env bash
|
||||
# shellcheck disable=SC2034
|
||||
|
||||
iso_name="archlinux"
|
||||
iso_name="archlinux-trauma"
|
||||
iso_label="ARCH_$(date +%Y%m)"
|
||||
iso_publisher="Arch Linux <https://archlinux.org>"
|
||||
iso_application="Arch Linux Live/Rescue CD"
|
||||
iso_publisher="fix <https://catefrauma.de>"
|
||||
iso_application="Arch Linux Trauma MR Edition"
|
||||
iso_version="$(date +%Y.%m.%d)"
|
||||
install_dir="arch"
|
||||
buildmodes=('iso')
|
||||
@ -15,8 +15,17 @@ airootfs_image_type="squashfs"
|
||||
airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M')
|
||||
file_permissions=(
|
||||
["/etc/shadow"]="0:0:400"
|
||||
["/etc/passwd"]="0:0:644"
|
||||
["/etc/nsswitch.conf"]="0:0:644"
|
||||
["/etc/nslcd.conf"]="0:0:644"
|
||||
["/etc/openldap/openldap.conf"]="0:0:644"
|
||||
["/etc/pamd.d"]="0:0:755"
|
||||
["/etc/pamd.d/system-auth", "/etc/pamd.d/sudo", "/etc/pamd.d/passwd"]="0:0:644"
|
||||
["/etc/pamd.d/su","/etc/pamd.d/su-l",]="0:0:755"
|
||||
["/root"]="0:0:750"
|
||||
["/root/.automated_script.sh"]="0:0:755"
|
||||
["/root/.ssh"]="0:0:600"
|
||||
["/root/.ssh/authorized_keys"]="0:0:700"
|
||||
["/usr/local/bin/choose-mirror"]="0:0:755"
|
||||
["/usr/local/bin/Installation_guide"]="0:0:755"
|
||||
["/usr/local/bin/livecd-sound"]="0:0:755"
|
||||
|
@ -3,32 +3,31 @@
|
||||
|
||||
LABEL arch64
|
||||
TEXT HELP
|
||||
Boot the Arch Linux install medium on BIOS.
|
||||
It allows you to install Arch Linux or perform system maintenance.
|
||||
Boot Trauma Linux
|
||||
ENDTEXT
|
||||
MENU LABEL Arch Linux install medium (x86_64, BIOS)
|
||||
MENU LABEL Trauma Linux
|
||||
LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
|
||||
INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
|
||||
APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL%
|
||||
|
||||
# Accessibility boot option
|
||||
LABEL arch64speech
|
||||
TEXT HELP
|
||||
Boot the Arch Linux install medium on BIOS with speakup screen reader.
|
||||
It allows you to install Arch Linux or perform system maintenance with speech feedback.
|
||||
ENDTEXT
|
||||
MENU LABEL Arch Linux install medium (x86_64, BIOS) with ^speech
|
||||
LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
|
||||
INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
|
||||
APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on
|
||||
#LABEL arch64speech
|
||||
#TEXT HELP
|
||||
#Boot the Arch Linux install medium on BIOS with speakup screen reader.
|
||||
#It allows you to install Arch Linux or perform system maintenance with speech feedback.
|
||||
#ENDTEXT
|
||||
#MENU LABEL Arch Linux install medium (x86_64, BIOS) with ^speech
|
||||
#LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
|
||||
#INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
|
||||
#APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on
|
||||
|
||||
# Copy to RAM boot option
|
||||
LABEL arch64ram
|
||||
TEXT HELP
|
||||
Boot the Arch Linux install medium on BIOS with Copy-to-RAM option
|
||||
It allows you to install Arch Linux or perform system maintenance.
|
||||
ENDTEXT
|
||||
MENU LABEL Arch Linux install medium (x86_64, BIOS, Copy to RAM)
|
||||
LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
|
||||
INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
|
||||
APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram
|
||||
#LABEL arch64ram
|
||||
#TEXT HELP
|
||||
#Boot the Arch Linux install medium on BIOS with Copy-to-RAM option
|
||||
#It allows you to install Arch Linux or perform system maintenance.
|
||||
#ENDTEXT
|
||||
#MENU LABEL Arch Linux install medium (x86_64, BIOS, Copy to RAM)
|
||||
#LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
|
||||
#INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
|
||||
#APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram
|
||||
|
Binary file not shown.
Before Width: | Height: | Size: 44 KiB After Width: | Height: | Size: 41 KiB |
Loading…
Reference in New Issue
Block a user