diff --git a/new.md b/new.md new file mode 100644 index 0000000..f13d6fe --- /dev/null +++ b/new.md @@ -0,0 +1,75 @@ +apt-get update +apt-get full-upgrade -y +raspi-config +reboot +raspi-config -> alle einstellungen setzen - ohne vnc +apt-get install --no-install-recommends -y xserver-xorg x11-xserver-utils xinit chromium-browser fonts-noto-color-emoji nfs-common xdotool rsync +apt-get install --no-install-recommends -y realvnc-vnc-server +systemctl enable vncserver-virtuald.service +apt-get autoremove +apt-get clean >>/var/log/install +rm -rf /var/lib/apt/lists/* +touch /root/.vnc/config.d/vncserver-x11 +echo "Authentication=none" >> /root/.vnc/config.d/vncserver-x11 + +adduser --disabled-password --gecos "" loginuser +usermod -aG video loginuser +mkdir -p /etc/chromium/policies/managed /home/wis/.ssh /usr/bin/custom +tee /etc/sudoers.d/loginuser >/dev/null << 'EOF' +loginuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop chromium-monitor, /usr/bin/systemctl start chromium-monitor +loginuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop watchdog-monitor, /usr/bin/systemctl start watchdog-monitor +loginuser ALL=(ALL) NOPASSWD: /usr/bin/cat /var/lib/dhcp/* +loginuser ALL=(ALL) NOPASSWD: /usr/bin/cp /etc/watchdog.conf /etc/watchdog.conf.bak +loginuser ALL=(ALL) NOPASSWD: /usr/bin/tee /etc/watchdog.conf, /usr/bin/tee -a /etc/watchdog.conf +loginuser ALL=(ALL) NOPASSWD: /usr/bin/sed -i +loginuser ALL=(ALL) NOPASSWD: /usr/bin/sed -r 's/[x]+/,/g' +loginuser ALL=(ALL) NOPASSWD: /usr/bin/fbset -s +loginuser ALL=(ALL) NOPASSWD: /usr/bin/hostnamectl set-hostname +loginuser ALL=(ALL) NOPASSWD: /usr/sbin/dhclient eth0 +loginuser ALL=(ALL) NOPASSWD: /usr/sbin/reboot +EOF + +mkdir -p /etc/systemd/system/getty@tty1.service.d/ +declare -A files=( + ["/root/rps-client/boot/ro-root.sh"]="/boot/ro-root.sh" + ["/root/rps-client/boot/firmware/ro-root.sh"]="/boot/firmware/ro-root.sh" + ["/root/rps-client/etc/dhcp/dhclient.conf"]="/etc/dhcp/dhclient.conf" + ["/root/rps-client/etc/systemd/system/hostname.service"]="/etc/systemd/system/hostname.service" + ["/root/rps-client/etc/systemd/system/watchdog-monitor.service"]="/etc/systemd/system/watchdog-monitor.service" + ["/root/rps-client/etc/systemd/system/chromium-monitor.service"]="/etc/systemd/system/chromium-monitor.service" + ["/root/rps-client/etc/systemd/system/getty@tty1.service.d/override.conf"]="/etc/systemd/system/getty@tty1.service.d/override.conf" + ["/root/rps-client/etc/chromium/policies/managed/disable_password_saving.json"]="/etc/chromium/policies/managed/disable_password_saving.json" + ["/root/rps-client/home/loginuser/.bash_profile"]="/home/loginuser/.bash_profile" + ["/root/rps-client/home/loginuser/.xinitrc"]="/home/loginuser/.xinitrc" + ["/root/rps-client/home/wis/.ssh/id_rsa.pub"]="/home/wis/.ssh/id_rsa.pub" + ["/root/rps-client/root/remove_unused_kernel.sh"]="/root/remove_unused_kernel.sh" + ["/root/rps-client/usr/bin/custom/hostname"]="/usr/bin/custom/hostname" + ["/root/rps-client/usr/bin/custom/chromium-monitor"]="/usr/bin/custom/chromium-monitor" + ["/root/rps-client/usr/bin/custom/watchdog-monitor"]="/usr/bin/custom/watchdog-monitor" +) +RSYNC_OPTS="-a --numeric-ids --info=progress2 --no-owner --no-group" +for src in "${!files[@]}"; do + dst="${files[$src]}" + echo "Copying $src to $dst..." + rsync $RSYNC_OPTS "$src" "$dst" +done + +chown loginuser:loginuser -R /home/loginuser +chown wis:wis -R /home/wis +touch /var/log/watchdog.log /var/log/chromium-monitor.log /var/log/hostname.log +chown loginuser:loginuser /var/log/watchdog.log /var/log/chromium-monitor.log /var/log/hostname.log +chmod 777 /var/log/watchdog.log /var/log/chromium-monitor.log /var/log/hostname.log +chmod +x /usr/bin/custom/* + +systemctl daemon-reload +systemctl enable hostname chromium-monitor getty@tty1 +systemctl restart getty@tty1 +systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target + +sudo tee /etc/ssh/sshd_config >/dev/null << 'EOF' +PermitRootLogin no +EOF +sudo passwd -l root + +bash /root/remove_unused_kernel.sh -u -e +reboot \ No newline at end of file