ffho-salt-public/install-server/late-command.sh.tmpl

#!/bin/sh

set -e

export NACL_URL="{{ nacl_url }}"

SCRIPT_DIR="/opt/ffho/sbin"
export PATH="${PATH}:${SCRIPT_DIR}"

apt install python3-netifaces
echo

# Download scripts
echo "Downloading scripts to ${SCRIPT_DIR}... "
for script in register_ssh_keys get_fqdn ffho-first-boot.sh ; do
	echo " * ${script} "
	rm -f -- "${SCRIPT_DIR}/${script}"
	wget -q -P "${SCRIPT_DIR}" "http://noc.ffho.net/provision/${script}"
	chmod +x "${SCRIPT_DIR}/${script}"
done
echo "done."
echo ""


# Register SSH keys of this node
echo "Registering SSH keys..."
register_ssh_keys --mac
echo ""

################################################################################
#                                Set hostname                                  #
################################################################################

fqdn="$(${SCRIPT_DIR}/get_fqdn --mac)"
if [ $? != 0 ]; then
	echo "Failed to get FQDN, dying of shame." >&2
	exit 1
fi

echo "According to NACL we are ${fqdn}, hi there!"

hostname=$(echo $fqdn | cut -d. -f1)

echo -n "Checking hostname... "
if [ "$(hostname -f)" = "${fqdn}" ]; then
	echo "OK."
else
	echo -n "fixing... "
	echo "${hostname}" > /etc/hostname
	sed -i -e "s/^127.0.1.1.*/127.0.1.1     ${fqdn} ${hostname}/" /etc/hosts
	echo "done."
fi

echo

################################################################################
#                              Set up Salt minion                              #
################################################################################

echo -n "Configuring Salt minion..."

echo "${fqdn}" > /etc/salt/minion_id
cat << EOF > /etc/salt/minion
#
# Salt minion config (Salt managed)
#

master: {{ salt_master_fqdn }}
master_port: 4506
ipv6: True

# When waiting for a master to accept the minion's public key, salt will
# continuously attempt to reconnect until successful. This is the time, in
# seconds, between those reconnection attempts.
acceptance_wait_time: 10

# If this is nonzero, the time between reconnection attempts will increase by
# acceptance_wait_time seconds per iteration, up to this maximum. If this is
# set to zero, the time between reconnection attempts will stay constant.
acceptance_wait_time_max: 0

# Cache rendered pillar data on the minion. Default is False.
# This may cause 'cachedir'/pillar to contain sensitive data that should be
# protected accordingly.
minion_pillar_cache: False

# Set this option to 'True' to force a 'KeyError' to be raised whenever an
# attempt to retrieve a named value from pillar fails. When this option is set
# to 'False', the failed attempt returns an empty string. Default is 'False'.
pillar_raise_on_missing: True

# The state_verbose and state_output settings can be used to change the way
# state system data is printed to the display. By default all data is printed.
# The state_verbose setting can be set to True or False, when set to False
# all data that has a result of True and no changes will be suppressed.
state_verbose: False

# The state_output_diff setting changes whether or not the output from
# successful states is returned. Useful when even the terse output of these
# states is cluttering the logs. Set it to True to ignore them.
#state_output_diff: False

# The state_output_profile setting changes whether profile information
# will be shown for each state run.
#state_output_profile: True
EOF

echo "done."
echo

################################################################################
#                         Set up first boot service                            #
################################################################################

wget -q -P /etc/systemd/system/ http://noc.ffho.net/provision/ffho-first-boot.service
rm -f -- /etc/systemd/system/multi-user.target.wants/ffho-first-boot.service
ln -s /etc/systemd/system/ffho-first-boot.service /etc/systemd/system/multi-user.target.wants

# Cool, we're done here
mkdir -p /etc/freifunk
touch /etc/freifunk/late-command-OK