brammp/linux
Archived
1
0
Fork 0
Code Activity

Mege with extenal repo

Browse Source
This commit is contained in:
Bram Prieshof
2023-05-21 17:41:57 +02:00
parent 68d18a78c0
commit 53b2b5e849
18 changed files with 1051 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
scripts/Deb11Upgrade_Basic.sh Normal file
View File

@@ -0,0 +1,61 @@
#!/bin/bash
#####################################################################
# @description: #
# Debian 10 to Debian 11 upgrade tool for basic debian 10 system #
# #
# @author: Bram Prieshof #
#####################################################################
#ScriptVars
UpgradeDist=deb11
InstalledOptions=("${SelectedOptions[@]}" "${EnabledAons[@]}")
Sysup2Date=no
#OS Detection
dist_ver=$(grep --color=never -Po "^VERSION_ID=\K.*" "/etc/os-release")
dist=$(grep --color=never -Po "^ID=\K.*" "/etc/os-release")
if [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then
CurDist=deb10
else
echo "This OS in not eligible for this upgrade"
exit
fi
#PackageManager-config
PKGM=apt
PKGUC="$PKGM update"
PKGUP="$PKGM upgrade -y"
PKGI="${PKGM} install -y --no-install-recommends"
#Update current release
if [ $Sysup2Date = no ]; then
echo "The system will now update the packages for the current release"
read -r -s -p $'Press enter to continue, or ctrl+c to quit'
$PKGUC
DEBIAN_FRONTEND=noninteractive $PKGUP -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
$PKGM dist-upgrade -y
$PKGM clean all
$PKGM autoremove -y
sed -i -e '/Sysup2Date=no/c\Sysup2Date=yes' "$0"
echo "The current release is up to date,"
echo "please reboot the system and re-run this scipt to continue"
exit
fi
echo "The system will now update the repositories to the new release and update all packages"
read -r -s -p $'Press enter to continue, or ctrl+c to quit'
#Update Debian repo's
sed -i -e 's/buster/bullseye/g' -e 's#http://security.debian.org/debian-security#https://deb.debian.org/debian-security#g' -e 's#http://security.debian.org#https://deb.debian.org/debian-security#g' -e 's#bullseye/updates#bullseye-security#g' /etc/apt/sources.list
#Update Hetzner mirrror repo's
sed -i -e 's/buster/bullseye/g' /etc/apt/sources.list.d/hetzner* -e 's#bullseye/updates#bullseye-security#g' /etc/apt/sources.list.d/hetzner*
#Running updates
$PKGM update
DEBIAN_FRONTEND=noninteractive $PKGUP --without-new-pkgs -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
DEBIAN_FRONTEND=noninteractive $PKGM full-upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
$PKGM autoremove -y
echo "Upgrade finished, please reboot the system"

39
scripts/Ufw-AddCustomRule-SSH_4242.sh Normal file
View File

@@ -0,0 +1,39 @@
###############################################################
# @description: #
# Add Custom rule to UFW for limiting ssh(4242/tcp) #
# #
# @author: Bram Prieshof #
###############################################################
#Sed in a function to detect line from $FindLine and insert the content of $AddLine on a new line above the match
UpdateFile () {
file="$1"
sed -i 's/'"$FindLine"'/'"$AddLine"'\n&/g' $file
unset FindLine AddLine
}
#Delete Existng SSH(4242/tcp) rule(s)
ufw delete limit 4242/tcp
#Add needed filters (IPv4)
FindLine="# End required lines"
AddLine=":ufw-user-limit - [0:0]\n:ufw-user-limit-accept - [0:0]"
UpdateFile /etc/ufw/after.rules
#Add needed filters (IPv6)
FindLine="# End required lines"
AddLine=":ufw6-user-limit - [0:0]\n:ufw6-user-limit-accept - [0:0]"
UpdateFile /etc/ufw/after6.rules
#Add custom SSH(4242/tcp) limit rule (IPv4)
FindLine="# don't delete the 'COMMIT' line or these rules won't be processed"
AddLine="### SSH limit tcp\n-A ufw-after-input -p tcp --dport 4242 -m conntrack --ctstate NEW -m recent --set\n-A ufw-after-input -p tcp --dport 4242 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 15 -j ufw-user-limit\n-A ufw-after-input -p tcp --dport 4242 -j ufw-user-limit-accept\n"
UpdateFile /etc/ufw/after.rules
#Add custom SSH(4242/tcp) limit rule (IPv6)
FindLine="# don't delete the 'COMMIT' line or these rules won't be processed"
AddLine="### SSH limit tcp\n-A ufw6-after-input -p tcp --dport 4242 -m conntrack --ctstate NEW -m recent --set\n-A ufw6-after-input -p tcp --dport 4242 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 15 -j ufw6-user-limit\n-A ufw6-after-input -p tcp --dport 4242 -j ufw6-user-limit-accept\n"
UpdateFile /etc/ufw/after6.rules
#Reload ufw rules
ufw reload

33
scripts/detect-os-V1.sh Normal file
View File

@@ -0,0 +1,33 @@
#!/bin/bash
source /etc/os-release
#echo used Vars for testing only
echo $VERSION
#formaring $VERSION to a useable fromat
VERSION=$(echo $VERSION | grep -o '[0-9]\+.' | tr -d '\n')
#echo used Vars for testing only
echo $ID
echo $VERSION
#example if statement
if [ "$ID" = "debian" ]; then
echo "Execute Commands"
elif [ "$ID" = "ubuntu" ]; then
echo "Executue Ubuntu version detection"
if [[ "$VERSION" == "18.04"* ]]; then
echo "this ubuntu Ubuntu 18.04"
elif [[ "$VERSION" == "16.04"* ]]; then
echo "this ubuntu 16.04"
else
echo "this version of ubuntu is not yet supported"
fi
elif [ "$ID" = "centos" ]; then
echo "Executue Centos Commands"
elif [ "$ID" = "rhel" ]; then
echo "Executue Red hat enterpise Linux Commands"
else
echo "this OS is not yet supported"
fi

0
scripts/detect-os.sh → scripts/detect-os-V2.sh
View File

215
scripts/installgit.sh Normal file
View File

@@ -0,0 +1,215 @@
##----------##
# Menu #
##----------##
echo "Ubuntu 18.04 gitea install script."
echo "Domein without www:"
read domain
while true; do
read -p "Does www.${domain} exist in DNS -> yes/no?" yn
case $yn in
[Yy]* ) domainwww=1
break;;
[Nn]* ) domainwww=0
break;;
* ) echo "choose yes or no.";;
esac
done
echo "System password:"
read password
echo "Administrator email:"
read email
##----------------##
# Pre-Config #
##----------------##
apt install -y software-properties-common
add-apt-repository -y ppa:certbot/certbot
apt update
apt upgrade -y
apt install -y mysql-server nginx git
timedatectl set-timezone Europe/Amsterdam
sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf
sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf
sed -i 's/IPV6=yes/IPV6=no/g' /etc/default/ufw
sed -i "\$a0 3 * * 1 root apt update >/dev/null 2>&1&& apt upgrade -y >/dev/null 2>&1" /etc/crontab
systemctl restart cron
ufw allow OpenSSH
ufw allow 443/tcp
ufw allow 80/tcp
ufw limit ssh
echo "y" | ufw enable
##------------------##
# MySQL Config #
##------------------##
# mysql_secure_installation automated
mysqladmin -u root password "$password"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''"
mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'"
mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
mysql -u root -p"$password" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$password"';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
rm /etc/mysql/my.cnf
cat > /etc/mysql/my.cnf <<- "EOF"
# - "/etc/mysql/my.cnf" to set global options,
[mysqld_safe]
socket = /var/run/mysqld/mysqld.sock
nice = 0
[mysqld]
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
innodb_buffer_pool_size = 1G # (adjust value here, 50%-70% of total RAM)
innodb_log_file_size = 256M
innodb_flush_log_at_trx_commit = 1 # may change to 2 or 0
innodb_flush_method = O_DIRECT
bind-address = 127.0.0.1
key_buffer_size = 16M
max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 8
myisam-recover-options = BACKUP
#max_connections = 100
#table_open_cache = 64
#thread_concurrency = 10
query_cache_limit = 1M
query_cache_size = 16M
log_error = /var/log/mysql/error.log
expire_logs_days = 10
max_binlog_size = 100M
EOF
db_pass=$(date +%s|sha256sum|base64|head -c 32)
mysql -u root -p"$password" -e "CREATE DATABASE "giteadb" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
mysql -u root -p"$password" -e "GRANT ALL ON "giteadb".* TO '"gitea"'@'localhost' IDENTIFIED BY '"$db_pass"';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
echo $db_pass > ~/db-pass.txt
##------------------##
# Nginx Config #
##------------------##
cat <<EOF > /etc/nginx/sites-available/"$domain"
server {
server_name git.ictmaatwerk.com;
client_max_body_size 40M;
listen 80 ;
location / {
proxy_pass http://localhost:3000;
}
location /.well-known {
alias /var/www/git.ictmaatwerk.com/.well-known;
}
}
EOF
ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/
mkdir -p /var/www/"$domain"/html
chmod -R 755 /var/www
systemctl restart nginx
##-------------##
# Certbot #
##-------------##
apt install -y python-certbot-nginx
if [ $domainwww = 1 ]; then
certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
elif [ $domainwww = 0 ]; then
certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
fi
debconf-set-selections <<< "postfix postfix/mailname string $domain"
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
apt install -y mailutils
sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
sed -i 's/relayhost =/mydestination = '$domain', localhost.'$domain', '$domain'/g' /etc/postfix/main.cf
cat <<EOF > /etc/aliases
# See man 5 aliases for format
postmaster: root
root: $email
EOF
newaliases
##-----------##
# gitea #
##-----------##
wget https://dl.gitea.io/gitea/1.7.0/gitea-1.7.0-linux-amd64 -O gitea
chmod +x gitea
adduser \
--system \
--shell /bin/bash \
--gecos 'Git Version Control' \
--group \
--disabled-password \
--home /home/git \
git
mkdir -p /var/lib/gitea/{custom,data,log}
chown -R git:git /var/lib/gitea/
chmod -R 750 /var/lib/gitea/
mkdir /etc/gitea
chown root:git /etc/gitea
chmod 770 /etc/gitea
mv gitea /usr/local/bin/gitea
cat <<EOF > /etc/systemd/system/gitea.service
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
After=mysqld.service
#After=postgresql.service
#After=memcached.service
#After=redis.service
[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
# If you want to bind Gitea to a port below 1024 uncomment
# the two values below
###
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
EOF
echo certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos > activatessl.sh
echo "Please put config here: /etc/gitea/app.ini"
echo "then run: systemctl enable gitea && systemctl start gitea"
echo "if service starts then reboot the system to finsh the installation"

10
scripts/kweb.sh Normal file
View File

@@ -0,0 +1,10 @@
service php-fpm53 stop
service php-fpm54 stop
service php-fpm55 stop
service php-fpm56 stop
service php-fpm70 stop
service php-fpm71 stop
service php-fpm72 stop
service php-fpm73 stop
service httpd stop
service nginx stop

10
scripts/rweb.sh Normal file
View File

@@ -0,0 +1,10 @@
service php-fpm53 restart
service php-fpm54 restart
service php-fpm55 restart
service php-fpm56 restart
service php-fpm70 restart
service php-fpm71 restart
service php-fpm72 restart
service php-fpm73 restart
service httpd restart
service nginx restart

10
scripts/servstat.sh Normal file
View File

@@ -0,0 +1,10 @@
service php-fpm53 status
service php-fpm54 status
service php-fpm55 status
service php-fpm56 status
service php-fpm70 status
service php-fpm71 status
service php-fpm72 status
service php-fpm73 status
service httpd status
service nginx status

10
scripts/sweb.sh Normal file
View File

@@ -0,0 +1,10 @@
service php-fpm53 start
service php-fpm54 start
service php-fpm55 start
service php-fpm56 start
service php-fpm70 start
service php-fpm71 start
service php-fpm72 start
service php-fpm73 start
service httpd start
service nginx start

168
scripts/tc/Setup-TC-Generic-Kiosk.sh Normal file
View File

@@ -0,0 +1,168 @@
#!/bin/bash
#########Tested on#########
## Debian 9(i386) ##
# Hp t5740e #
## Debian 9(amd64) ##
# Dell Optiplex Fx160 #
###########################
echo "Debian 9 Thin client install script."
echo "Full url including http(s)://:"
read url
apt update
# get software
apt install xorg chromium openbox lightdm nedit locales spacefm sudo gmessage unattended-upgrades plymouth plymouth-themes -y
# dir
mkdir -p /home/kiosk/.config/openbox
mkdir -p /home/kiosk/Bureaublad
# create group
groupadd kiosk
# create user if not exists
id -u kiosk &>/dev/null || useradd -m kiosk -g kiosk -s /bin/bash
# rights
chown -R kiosk:kiosk /home/kiosk
# create config
echo oldurl=${url} > /var/log/browserurl.log
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/gui/grub-4x3.png -O /usr/share/desktop-base/softwaves-theme/grub/grub-4x3.png
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/gui/grub-16x9.png -O /usr/share/desktop-base/softwaves-theme/grub/grub-16x9.png
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/gui/joy-ictm.tar.gz -O /tmp/joy-ictm.tar.gz
tar -zxf /tmp/joy-ictm.tar.gz -C /usr/share/plymouth/themes/
sed -i 's|GRUB_TIMEOUT=5|GRUB_TIMEOUT=1|g' /etc/default/grub
sed -i 's|GRUB_CMDLINE_LINUX_DEFAULT="quiet"|GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"|g' /etc/default/grub
update-grub
plymouth-set-default-theme -R joy-ictm
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/20auto-upgrades -O /etc/apt/apt.conf.d/20auto-upgrades
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/50unattended-upgrades -O /etc/apt/apt.conf.d/50unattended-upgrades
if [ -e "/etc/lightdm/lightdm.conf" ]; then
mv /etc/lightdm/lightdm.conf /etc/lightdm/lightdm.conf.backup
fi
cat > /etc/lightdm/lightdm.conf << EOF
[SeatDefaults]
autologin-user=kiosk
EOF
# create autostart
if [ -e "/home/kiosk/.config/openbox/autostart" ]; then
mv /home/kiosk/.config/openbox/autostart /home/kiosk/.config/openbox/autostart.backup
fi
cat > /home/kiosk/.config/openbox/autostart << EOF
#!/bin/bash
sleep 1; spacefm --desktop &
chromium \
--no-first-run \
--disable \
--disable-translate \
--disable-infobars \
--disable-suggestions-service \
--disable-save-password-bubble \
--disable-session-crashed-bubble \
--incognito \
"${url}"
EOF
#creating app files
cat > /home/kiosk/Bureaublad/chromium.desktop << EOF
[Desktop Entry]
Version=1.0
Name=Chromium
GenericName=Web Browser
GenericName[nl]=Webbrowser
Comment=Access the Internet
Comment[nl]=Verbinding maken met internet
Exec=/usr/bin/chromium --no-first-run --disable --disable-translate --disable-infobars --disable-suggestions-service --disable-save-password-bubble --disable-session-crashed-bubble --incognito ${url}
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=chromium.png
Categories=Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml_xml;application/x-mimearchive;x-scheme-handler/http;x-scheme-handler/https;
StartupWMClass=chromium
StartupNotify=true
EOF
cat > /home/kiosk/Bureaublad/nedit.desktop << EOF
[Desktop Entry]
Version=1.0
Name=NEdit
Name[en]=NEdit
Name[nl]=NEdit
Exec=nedit-nc %F
Icon=nedit
Terminal=false
Type=Application
MimeType=text/plain;
Categories=Motif;Utility;TextTools;
Keywords=Customizable;Scripts;Powerful;
GenericName=Text Editor
GenericName[en]=Text Editor
GenericName[nl]=Tekstverwerker
EOF
cat > /home/kiosk/Bureaublad/shutdown.desktop << EOF
[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
Terminal=false
Exec=shutdown-menu
Name=Shutdown
Icon=/usr/share/icons/Adwaita/64x64/actions/system-shutdown-symbolic.symbolic.png
EOF
cp -r /home/kiosk/Bureaublad/ /home/kiosk/Desktop
# rights for apps folder
chown -R kiosk:kiosk /home/kiosk/Bureaublad
chown -R kiosk:kiosk /home/kiosk/Desktop
# setting user power privileges
cat > /etc/sudoers.d/powerctl << EOF
# Cmnd alias specification
Cmnd_Alias SHUTDOWN = /sbin/shutdown
Cmnd_Alias REBOOT = /sbin/reboot
# User privilege specification
kiosk ALL=SHUTDOWN
kiosk ALL=NOPASSWD: SHUTDOWN
kiosk ALL=REBOOT
kiosk ALL=NOPASSWD: REBOOT
EOF
cat > /usr/bin/shutdown-menu << EOF
gmessage "Weet u zeker dat u de computer wilt afsluiten?" -center -title "Shutdown" -font "Sans bold 10" -default "Cancel" -buttons "_Annuleren":1,"_Opnieuw opstarten":3,"_Afsluiten":4 >/dev/null
case \$? in
1)
echo "Exit";;
3)
pkill spacefm
sudo shutdown -r now;;
4)
pkill spacefm
sudo shutdown -h now;;
esac
EOF
chmod 775 /usr/bin/shutdown-menu
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/update-url.sh -O /root/update-url.sh
echo "Done!"

176
scripts/tc/Setup-TC-t510-Kiosk.sh Normal file
View File

@@ -0,0 +1,176 @@
#!/bin/bash
#######Made for:#######
## Debian 9 ##
# Hp t510 #
#######################
echo "Debian 9 Thin client install script."
echo "Full url including http(s)://:"
read url
apt-get update
# get software
apt-get install xorg chromium openbox lightdm nedit locales spacefm sudo gmessage unattended-upgrades plymouth plymouth-themes xserver-xorg-video-openchrome -y
# dir
mkdir -p /home/kiosk/.config/openbox
mkdir -p /home/kiosk/Bureaublad
# create group
groupadd kiosk
# create user if not exists
id -u kiosk &>/dev/null || useradd -m kiosk -g kiosk -s /bin/bash
# rights
chown -R kiosk:kiosk /home/kiosk
# create config
echo oldurl=${url} > /var/log/browserurl.log
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/gui/grub-4x3.png -O /usr/share/desktop-base/softwaves-theme/grub/grub-4x3.png
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/gui/grub-16x9.png -O /usr/share/desktop-base/softwaves-theme/grub/grub-16x9.png
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/gui/joy-ictm.tar.gz -O /tmp/joy-ictm.tar.gz
tar -zxf /tmp/joy-ictm.tar.gz -C /usr/share/plymouth/themes/
sed -i 's|GRUB_TIMEOUT=5|GRUB_TIMEOUT=1|g' /etc/default/grub
sed -i 's|GRUB_CMDLINE_LINUX_DEFAULT="quiet"|GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"|g' /etc/default/grub
update-grub
plymouth-set-default-theme -R joy-ictm
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/20auto-upgrades -O /etc/apt/apt.conf.d/20auto-upgrades
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/50unattended-upgrades -O /etc/apt/apt.conf.d/50unattended-upgrades
if [ -e "/etc/lightdm/lightdm.conf" ]; then
mv /etc/lightdm/lightdm.conf /etc/lightdm/lightdm.conf.backup
fi
cat > /etc/lightdm/lightdm.conf << EOF
[SeatDefaults]
autologin-user=kiosk
EOF
# create autostart
if [ -e "/home/kiosk/.config/openbox/autostart" ]; then
mv /home/kiosk/.config/openbox/autostart /home/kiosk/.config/openbox/autostart.backup
fi
cat > /home/kiosk/.config/openbox/autostart << EOF
#!/bin/bash
sleep 1; spacefm --desktop &
chromium \
--no-first-run \
--disable \
--disable-translate \
--disable-infobars \
--disable-suggestions-service \
--disable-save-password-bubble \
--disable-session-crashed-bubble \
--incognito \
"${url}"
EOF
#creating app files
cat > /home/kiosk/Bureaublad/chromium.desktop << EOF
[Desktop Entry]
Version=1.0
Name=Chromium
GenericName=Web Browser
GenericName[nl]=Webbrowser
Comment=Access the Internet
Comment[nl]=Verbinding maken met internet
Exec=/usr/bin/chromium --no-first-run --disable --disable-translate --disable-infobars --disable-suggestions-service --disable-save-password-bubble --disable-session-crashed-bubble --incognito ${url}
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=chromium.png
Categories=Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml_xml;application/x-mimearchive;x-scheme-handler/http;x-scheme-handler/https;
StartupWMClass=chromium
StartupNotify=true
EOF
cat > /home/kiosk/Bureaublad/nedit.desktop << EOF
[Desktop Entry]
Version=1.0
Name=NEdit
Name[en]=NEdit
Name[nl]=NEdit
Exec=nedit-nc %F
Icon=nedit
Terminal=false
Type=Application
MimeType=text/plain;
Categories=Motif;Utility;TextTools;
Keywords=Customizable;Scripts;Powerful;
GenericName=Text Editor
GenericName[en]=Text Editor
GenericName[nl]=Tekstverwerker
EOF
cat > /home/kiosk/Bureaublad/shutdown.desktop << EOF
[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
Terminal=false
Exec=shutdown-menu
Name=Shutdown
Icon=/usr/share/icons/Adwaita/64x64/actions/system-shutdown-symbolic.symbolic.png
EOF
cp -r /home/kiosk/Bureaublad/ /home/kiosk/Desktop
# rights for apps folder
chown -R kiosk:kiosk /home/kiosk/Bureaublad
chown -R kiosk:kiosk /home/kiosk/Desktop
# setting user power privileges
cat > /etc/sudoers.d/powerctl << EOF
# Cmnd alias specification
Cmnd_Alias SHUTDOWN = /sbin/shutdown
Cmnd_Alias REBOOT = /sbin/reboot
# User privilege specification
kiosk ALL=SHUTDOWN
kiosk ALL=NOPASSWD: SHUTDOWN
kiosk ALL=REBOOT
kiosk ALL=NOPASSWD: REBOOT
EOF
cat > /usr/bin/shutdown-menu << EOF
gmessage "Weet u zeker dat u de computer wilt afsluiten?" -center -title "Shutdown" -font "Sans bold 10" -default "Cancel" -buttons "_Annuleren":1,"_Opnieuw opstarten":3,"_Afsluiten":4 >/dev/null
case \$? in
1)
echo "Exit";;
3)
pkill spacefm
sudo shutdown -r now;;
4)
pkill spacefm
sudo shutdown -h now;;
esac
EOF
chmod 775 /usr/bin/shutdown-menu
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/update-url.sh -O /root/update-url.sh
cat > /etc/modprobe.d/blacklist-framebuffer.conf << EOF
blacklist tridentfb
blacklist vesafb
blacklist vfb
blacklist viafb
blacklist vt8623fb
blacklist udlfb
EOF
echo "Done!"

4
scripts/tc/config/20auto-upgrades Normal file
View File

@@ -0,0 +1,4 @@
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

25
scripts/tc/config/50unattended-upgrades Normal file
View File

@@ -0,0 +1,25 @@
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
Unattended-Upgrade::Mail "root";
// Automatically upgrade packages from these
Unattended-Upgrade::Origins-Pattern {
"o=Debian,a=stable";
"o=Debian,a=stable-updates";
"o=Debian,a=proposed-updates";
"origin=Debian,codename=${distro_codename},label=Debian-Security";
};
// You can specify your own packages to NOT automatically upgrade here
Unattended-Upgrade::Package-Blacklist {
// "vim";
// "libc6";
// "libc6-dev";
// "libc6-i686";
};
Unattended-Upgrade::MailOnlyOnError "false";
Unattended-Upgrade::Automatic-Reboot "false";

BIN
scripts/tc/config/gui/grub-16x9.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 892 KiB

BIN
scripts/tc/config/gui/grub-4x3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 179 KiB

BIN
scripts/tc/config/gui/joy-ictm.tar.gz Normal file
View File

Binary file not shown.

277
scripts/tc/debian-generic-preseed.txt Normal file
View File

@@ -0,0 +1,277 @@
#### Contents of the preconfiguration file (for stretch)
### Localization
# Preseeding only locale sets language, country and locale.
#d-i debian-installer/locale string en_US
# The values can also be preseeded individually for greater flexibility.
d-i debian-installer/language string nl
d-i debian-installer/country string NL
d-i debian-installer/locale string nl_NL.UTF-8
# Optionally specify additional locales to be generated.
#d-i localechooser/supported-locales multiselect en_US.UTF-8, nl_NL.UTF-8
# Keyboard selection.
d-i keyboard-configuration/xkb-keymap select us
# d-i keyboard-configuration/toggle select No toggling
### Network configuration
# Disable network configuration entirely. This is useful for cdrom
# installations on non-networked devices where the network questions,
# warning and long timeouts are a nuisance.
#d-i netcfg/enable boolean false
# netcfg will choose an interface that has link if possible. This makes it
# skip displaying a list if there is more than one interface.
d-i netcfg/choose_interface select auto
# To pick a particular interface instead:
#d-i netcfg/choose_interface select eth1
# To set a different link detection timeout (default is 3 seconds).
# Values are interpreted as seconds.
#d-i netcfg/link_wait_timeout string 10
# If you have a slow dhcp server and the installer times out waiting for
# it, this might be useful.
#d-i netcfg/dhcp_timeout string 60
#d-i netcfg/dhcpv6_timeout string 60
# If you prefer to configure the network manually, uncomment this line and
# the static network configuration below.
#d-i netcfg/disable_autoconfig boolean true
# Any hostname and domain names assigned from dhcp take precedence over
# values set here. However, setting the values still prevents the questions
# from being shown, even if values come from dhcp.
d-i netcfg/get_hostname string Thin-Client
d-i netcfg/get_domain string
# If you want to force a hostname, regardless of what either the DHCP
# server returns or what the reverse DNS entry for the IP is, uncomment
# and adjust the following line.
#d-i netcfg/hostname string somehost
# Disable that annoying WEP key dialog.
d-i netcfg/wireless_wep string
# The wacky dhcp hostname that some ISPs use as a password of sorts.
#d-i netcfg/dhcp_hostname string radish
# If non-free firmware is needed for the network or other hardware, you can
# configure the installer to always try to load it, without prompting. Or
# change to false to disable asking.
#d-i hw-detect/load_firmware boolean true
### Network console
# Use the following settings if you wish to make use of the network-console
# component for remote installation over SSH. This only makes sense if you
# intend to perform the remainder of the installation manually.
#d-i anna/choose_modules string network-console
#d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key
#d-i network-console/password password r00tme
#d-i network-console/password-again password r00tme
### Mirror settings
# If you select ftp, the mirror/country string does not need to be set.
#d-i mirror/protocol string ftp
d-i mirror/country string manual
d-i mirror/http/hostname string ftp.nl.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
# Suite to install.
#d-i mirror/suite string testing
# Suite to use for loading installer components (optional).
#d-i mirror/udeb/suite string testing
### Account setup
# Skip creation of a root account (normal user account will be able to
# use sudo).
#d-i passwd/root-login boolean false
# Alternatively, to skip creation of a normal user account.
d-i passwd/make-user boolean false
# Root password, either in clear text
#d-i passwd/root-password password r00tme
#d-i passwd/root-password-again password r00tme
# or encrypted using a crypt(3) hash.
#d-i passwd/root-password-crypted password [crypt(3) hash]
### Clock and time zone setup
# Controls whether or not the hardware clock is set to UTC.
d-i clock-setup/utc boolean true
# You may set this to any valid setting for $TZ; see the contents of
# /usr/share/zoneinfo/ for valid values.
d-i time/zone string Europe/Amsterdam
# Controls whether to use NTP to set the clock during the install
d-i clock-setup/ntp boolean true
# NTP server to use. The default is almost always fine here.
#d-i clock-setup/ntp-server string ntp.example.com
### Partitioning
## Partitioning example
# If the system has free space you can choose to only partition that space.
# This is only honoured if partman-auto/method (below) is not set.
#d-i partman-auto/init_automatically_partition select biggest_free
# Alternatively, you may specify a disk to partition. If the system has only
# one disk the installer will default to using that, but otherwise the device
# name must be given in traditional, non-devfs format (so e.g. /dev/sda
# and not e.g. /dev/discs/disc0/disc).
# For example, to use the first SCSI/SATA hard disk:
#d-i partman-auto/disk string /dev/sda
# In addition, you'll need to specify the method to use.
# The presently available methods are:
# - regular: use the usual partition types for your architecture
# - lvm: use LVM to partition the disk
# - crypto: use LVM within an encrypted partition
d-i partman-auto/method string regular
# If one of the disks that are going to be automatically partitioned
# contains an old LVM configuration, the user will normally receive a
# warning. This can be preseeded away...
#d-i partman-lvm/device_remove_lvm boolean true
# The same applies to pre-existing software RAID array:
d-i partman-md/device_remove_md boolean true
# And the same goes for the confirmation to write the lvm partitions.
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
# You can choose one of the three predefined partitioning recipes:
# - atomic: all files in one partition
# - home: separate /home partition
# - multi: separate /home, /var, and /tmp partitions
d-i partman-auto/choose_recipe select atomic
# This makes partman automatically partition without confirmation.
d-i partman-md/confirm boolean true
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
## Controlling how partitions are mounted
# The default is to mount by UUID, but you can also choose "traditional" to
# use traditional device names, or "label" to try filesystem labels before
# falling back to UUIDs.
#d-i partman/mount_style select uuid
### Base system installation
# Configure APT to not install recommended packages by default. Use of this
# option can result in an incomplete system and should only be used by very
# experienced users.
#d-i base-installer/install-recommends boolean false
# The kernel image (meta) package to be installed; "none" can be used if no
# kernel is to be installed.
#d-i base-installer/kernel/image string linux-image-686
### Apt setup
# You can choose to install non-free and contrib software.
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true
# Uncomment this to add multiarch configuration for i386
#d-i apt-setup/multiarch string i386
### Package selection
tasksel tasksel/first multiselect standard
# Individual additional packages to install
d-i pkgsel/include string openssh-server xorg chromium openbox lightdm nedit locales spacefm sudo gmessage unattended-upgrades plymouth plymouth-themes
# Some versions of the installer can report back on what software you have
# installed, and what software you use. The default is not to report back,
# but sending reports helps the project determine what software is most
# popular and include it on CDs.
#popularity-contest popularity-contest/participate boolean false
### Boot loader installation
# Grub is the default boot loader (for x86). If you want lilo installed
# instead, uncomment this:
#d-i grub-installer/skip boolean true
# To also skip installing lilo, and install no bootloader, uncomment this
# too:
#d-i lilo-installer/skip boolean true
# This is fairly safe to set, it makes grub install automatically to the MBR
# if no other operating system is detected on the machine.
###d-i grub-installer/only_debian boolean true
# This one makes grub-installer install to the MBR if it also finds some other
# OS, which is less safe as it might not be able to boot that other OS.
###d-i grub-installer/with_other_os boolean true
# Due notably to potential USB sticks, the location of the MBR can not be
# determined safely in general, so this needs to be specified:
#d-i grub-installer/bootdev string /dev/sda
# To install to the first device (assuming it is not a USB stick):
#d-i grub-installer/bootdev string default
# Use the following option to add additional boot parameters for the
# installed system (if supported by the bootloader installer).
# Note: options passed to the installer will be added automatically.
#d-i debian-installer/add-kernel-opts string nousb
### Finishing up the installation
# During installations from serial console, the regular virtual consoles
# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next
# line to prevent this.
#d-i finish-install/keep-consoles boolean true
# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
# This will prevent the installer from ejecting the CD during the reboot,
# which is useful in some situations.
#d-i cdrom-detect/eject boolean false
# This is how to make the installer shutdown when finished, but not
# reboot into the installed system.
#d-i debian-installer/exit/halt boolean true
# This will power off the machine instead of just halting it.
#d-i debian-installer/exit/poweroff boolean true
### Preseeding other packages
# Depending on what software you choose to install, or if things go wrong
# during the installation process, it's possible that other questions may
# be asked. You can preseed those too, of course. To get a list of every
# possible question that could be asked during an install, do an
# installation, and then run these commands:
# debconf-get-selections --installer > file
# debconf-get-selections >> file
#### Advanced options
### Running custom commands during the installation
# d-i preseeding is inherently not secure. Nothing in the installer checks
# for attempts at buffer overflows or other exploits of the values of a
# preconfiguration file like this one. Only use preconfiguration files from
# trusted locations! To drive that home, and because it's generally useful,
# here's a way to run any shell command you'd like inside the installer,
# automatically.
# This first command is run as early as possible, just after
# preseeding is read.
#d-i preseed/early_command string anna-install some-udeb
# This command is run immediately before the partitioner starts. It may be
# useful to apply dynamic partitioner preseeding that depends on the state
# of the disks (which may not be visible when preseed/early_command runs).
#d-i partman/early_command \
# string debconf-set partman-auto/disk "$(list-devices disk | head -n1)"
# This command is run just before the install finishes, but when there is
# still a usable /target directory. You can chroot to /target and use it
# directly, or use the apt-install and in-target commands to easily install
# packages and run commands in the target system.
d-i preseed/late_command string \
in-target wget -O /root/Setup-TC-Generic-Kiosk.sh https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/Setup-TC-Generic-Kiosk.sh # ; \
#in-target bash /root/Setup-TC-Generic-Kiosk.sh

13
scripts/tc/update-url.sh Normal file
View File

@@ -0,0 +1,13 @@
echo "Thin client url updater."
echo "enter the full url including http(s)://"
read url
source /var/log/browserurl.log
sed -i "s|$oldurl|$url|g" /home/kiosk/Bureaublad/chromium.desktop
sed -i "s|$oldurl|$url|g" /home/kiosk/Desktop/chromium.desktop
sed -i "s|$oldurl|$url|g" /home/kiosk/.config/openbox/autostart
echo oldurl=${url} > /var/log/browserurl.log
echo "Done!"