2015-12-18 01:54:15 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
# Set timezone
|
|
|
|
echo 'UTC' > /etc/timezone
|
|
|
|
|
|
|
|
# Set locale
|
|
|
|
echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen
|
|
|
|
echo 'en_US ISO-8859-1' >> /etc/locale.gen
|
2015-12-20 12:47:48 +00:00
|
|
|
locale-gen -q
|
2015-12-18 01:54:15 +00:00
|
|
|
eselect locale set en_US.utf8
|
|
|
|
|
|
|
|
# Some rootfs stuff
|
|
|
|
grep -v rootfs /proc/mounts > /etc/mtab
|
|
|
|
|
|
|
|
# This is set in rackspaces prep, might help us
|
|
|
|
echo 'net.ipv4.conf.eth0.arp_notify = 1' >> /etc/sysctl.conf
|
|
|
|
echo 'vm.swappiness = 0' >> /etc/sysctl.conf
|
|
|
|
|
2016-04-25 23:24:56 +00:00
|
|
|
# Let's configure our grub
|
|
|
|
# Access on both regular tty and serial console
|
2015-12-18 01:54:15 +00:00
|
|
|
mkdir /boot/grub
|
2016-04-25 23:24:56 +00:00
|
|
|
cat >>/etc/default/grub <<EOF
|
|
|
|
GRUB_TERMINAL='serial console'
|
|
|
|
GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8"
|
|
|
|
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
|
|
|
|
EOF
|
2020-04-02 23:48:52 +00:00
|
|
|
grub-mkconfig -o /boot/grub/grub.cfg
|
2016-01-13 02:51:12 +00:00
|
|
|
sed -r -i 's/loop[0-9]+p1/LABEL\=cloudimg-rootfs/g' /boot/grub/grub.cfg
|
|
|
|
sed -i 's/root=.*\ ro/root=LABEL\=cloudimg-rootfs\ ro/' /boot/grub/grub.cfg
|
2015-12-18 01:54:15 +00:00
|
|
|
|
|
|
|
# And the fstab
|
2016-01-13 02:51:12 +00:00
|
|
|
echo 'LABEL=cloudimg-rootfs / ext4 defaults 0 0' > /etc/fstab
|
2015-12-18 01:54:15 +00:00
|
|
|
|
|
|
|
# allow the console log
|
|
|
|
sed -i 's/#s0/s0/g' /etc/inittab
|
|
|
|
|
|
|
|
# let ipv6 use normal slaac
|
|
|
|
sed -i 's/slaac/#slaac/g' /etc/dhcpcd.conf
|
|
|
|
# don't let dhcpcd set domain name or hostname
|
|
|
|
sed -i 's/domain_name\,\ domain_search\,\ host_name/domain_search/g' /etc/dhcpcd.conf
|
|
|
|
|
|
|
|
# need to do this here because it clobbers an openrc owned file
|
|
|
|
cat > /etc/conf.d/hostname << "EOL"
|
|
|
|
# Set to the hostname of this machine
|
|
|
|
if [ -f /etc/hostname ];then
|
|
|
|
hostname=$(cat /etc/hostname 2> /dev/null | cut -d"." -f1 2> /dev/null)
|
|
|
|
else
|
|
|
|
hostname="localhost"
|
|
|
|
fi
|
|
|
|
EOL
|
|
|
|
chmod 0644 /etc/conf.d/hostname
|
|
|
|
chown root:root /etc/conf.d/hostname
|
|
|
|
|
|
|
|
# set a nice default for /etc/resolv.conf
|
|
|
|
cat > /etc/resolv.conf << EOL
|
|
|
|
nameserver 8.8.8.8
|
2016-04-14 00:34:22 +00:00
|
|
|
nameserver 2001:4860:4860::8888
|
2015-12-18 01:54:15 +00:00
|
|
|
EOL
|
|
|
|
|
|
|
|
# let's upgrade (security fixes and otherwise)
|
|
|
|
USE="-build" emerge -uDNv --with-bdeps=y --jobs=2 @world
|
|
|
|
USE="-build" emerge --verbose=n --depclean
|
|
|
|
USE="-build" emerge -v --usepkg=n @preserved-rebuild
|
2015-12-21 02:36:50 +00:00
|
|
|
etc-update --automode -5
|
2015-12-18 01:54:15 +00:00
|
|
|
|
|
|
|
# Clean up portage
|
|
|
|
emerge --verbose=n --depclean
|
2016-01-26 00:40:28 +00:00
|
|
|
if [[ -a /usr/bin/eix ]]; then
|
|
|
|
eix-update
|
|
|
|
fi
|
2015-12-18 01:54:15 +00:00
|
|
|
emaint all -f
|
|
|
|
eselect news read all
|
|
|
|
eclean-dist --destructive
|
|
|
|
sed -i '/^USE=\"\${USE}\ \ build\"$/d' /etc/portage/make.conf
|
2019-02-20 17:32:36 +00:00
|
|
|
echo 'PORTAGE_GPG_DIR="/var/lib/gentoo/gkeys/keyrings/gentoo/release"' >> /etc/portage/make.conf
|
2015-12-18 01:54:15 +00:00
|
|
|
|
|
|
|
# clean up system
|
|
|
|
passwd -d root
|
|
|
|
passwd -l root
|
2016-01-04 22:39:07 +00:00
|
|
|
for i in $(find /var/log -type f); do truncate -s 0 $i; done
|
2016-01-10 21:55:27 +00:00
|
|
|
# remove foreign manpages
|
|
|
|
find /usr/share/man/ -mindepth 1 -maxdepth 1 -path "/usr/share/man/man*" -prune -o -exec rm -rf {} \;
|
2016-01-22 07:53:00 +00:00
|
|
|
|
|
|
|
# fine if this fails, aka non-hardened
|
2016-04-25 23:24:18 +00:00
|
|
|
if [[ -x /usr/sbin/migrate-pax ]]; then
|
2016-01-26 00:40:28 +00:00
|
|
|
echo 'migraging pax'
|
|
|
|
/usr/sbin/migrate-pax -m
|
|
|
|
fi
|