new.md hinzugefügt

new.md

@@ -0,0 +1,75 @@
+apt-get update
+apt-get full-upgrade -y
+raspi-config
+reboot
+raspi-config -> alle einstellungen setzen - ohne vnc
+apt-get install --no-install-recommends -y xserver-xorg x11-xserver-utils xinit chromium-browser fonts-noto-color-emoji nfs-common xdotool rsync
+apt-get install --no-install-recommends -y realvnc-vnc-server
+systemctl enable vncserver-virtuald.service
+apt-get autoremove
+apt-get clean >>/var/log/install
+rm -rf /var/lib/apt/lists/*
+touch /root/.vnc/config.d/vncserver-x11
+echo "Authentication=none" >> /root/.vnc/config.d/vncserver-x11
+
+adduser --disabled-password --gecos "" loginuser
+usermod -aG video loginuser
+mkdir -p /etc/chromium/policies/managed /home/wis/.ssh /usr/bin/custom
+tee /etc/sudoers.d/loginuser >/dev/null << 'EOF'
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop chromium-monitor, /usr/bin/systemctl start chromium-monitor
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop watchdog-monitor, /usr/bin/systemctl start watchdog-monitor
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/cat /var/lib/dhcp/*
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/cp /etc/watchdog.conf /etc/watchdog.conf.bak
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/tee /etc/watchdog.conf, /usr/bin/tee -a /etc/watchdog.conf
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/sed -i
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/sed -r 's/[x]+/,/g'
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/fbset -s
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/hostnamectl set-hostname
+loginuser ALL=(ALL) NOPASSWD: /usr/sbin/dhclient eth0
+loginuser ALL=(ALL) NOPASSWD: /usr/sbin/reboot
+EOF
+
+mkdir -p /etc/systemd/system/getty@tty1.service.d/
+declare -A files=(
+    ["/root/rps-client/boot/ro-root.sh"]="/boot/ro-root.sh"
+    ["/root/rps-client/boot/firmware/ro-root.sh"]="/boot/firmware/ro-root.sh"
+    ["/root/rps-client/etc/dhcp/dhclient.conf"]="/etc/dhcp/dhclient.conf"
+    ["/root/rps-client/etc/systemd/system/hostname.service"]="/etc/systemd/system/hostname.service"
+    ["/root/rps-client/etc/systemd/system/watchdog-monitor.service"]="/etc/systemd/system/watchdog-monitor.service"
+    ["/root/rps-client/etc/systemd/system/chromium-monitor.service"]="/etc/systemd/system/chromium-monitor.service"
+    ["/root/rps-client/etc/systemd/system/getty@tty1.service.d/override.conf"]="/etc/systemd/system/getty@tty1.service.d/override.conf"
+    ["/root/rps-client/etc/chromium/policies/managed/disable_password_saving.json"]="/etc/chromium/policies/managed/disable_password_saving.json"
+    ["/root/rps-client/home/loginuser/.bash_profile"]="/home/loginuser/.bash_profile"
+    ["/root/rps-client/home/loginuser/.xinitrc"]="/home/loginuser/.xinitrc"
+    ["/root/rps-client/home/wis/.ssh/id_rsa.pub"]="/home/wis/.ssh/id_rsa.pub"
+    ["/root/rps-client/root/remove_unused_kernel.sh"]="/root/remove_unused_kernel.sh"
+    ["/root/rps-client/usr/bin/custom/hostname"]="/usr/bin/custom/hostname"
+    ["/root/rps-client/usr/bin/custom/chromium-monitor"]="/usr/bin/custom/chromium-monitor"
+    ["/root/rps-client/usr/bin/custom/watchdog-monitor"]="/usr/bin/custom/watchdog-monitor"
+)
+RSYNC_OPTS="-a --numeric-ids --info=progress2 --no-owner --no-group"
+for src in "${!files[@]}"; do
+    dst="${files[$src]}"
+    echo "Copying $src to $dst..."
+    rsync $RSYNC_OPTS "$src" "$dst"
+done
+
+chown loginuser:loginuser -R /home/loginuser
+chown wis:wis -R /home/wis
+touch /var/log/watchdog.log /var/log/chromium-monitor.log /var/log/hostname.log
+chown loginuser:loginuser /var/log/watchdog.log /var/log/chromium-monitor.log /var/log/hostname.log 
+chmod 777 /var/log/watchdog.log /var/log/chromium-monitor.log /var/log/hostname.log 
+chmod +x /usr/bin/custom/*
+
+systemctl daemon-reload
+systemctl enable hostname chromium-monitor getty@tty1
+systemctl restart getty@tty1
+systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
+
+sudo tee /etc/ssh/sshd_config >/dev/null << 'EOF'
+PermitRootLogin no
+EOF
+sudo passwd -l root
+
+bash /root/remove_unused_kernel.sh -u -e
+reboot