diff --git a/custom.seed b/custom.seed index 1532e7f..d2de394 100644 --- a/custom.seed +++ b/custom.seed @@ -37,7 +37,7 @@ ubiquity ubiquity/minimal_install boolean true ubiquity ubiquity/download_updates boolean false # Network -d-i netcfg/get_hostname string vnoi-localhost +d-i netcfg/get_hostname string icpc-localhost d-i netcfg/get_domain string localdomain # Clock diff --git a/src/.gitignore b/src/.gitignore index 56f8159..495df72 100644 --- a/src/.gitignore +++ b/src/.gitignore @@ -1,4 +1,3 @@ html/fonts config.local.sh config.sh -misc/vnoi_cup.pub \ No newline at end of file diff --git a/src/bin/cleanup.sh b/src/bin/cleanup.sh index e125af7..1023d3a 100644 --- a/src/bin/cleanup.sh +++ b/src/bin/cleanup.sh @@ -8,12 +8,12 @@ reset_home() { rm -rf /home mkdir /home cd /home - cp -r /etc/skel /home/vnoi && chown -R vnoi:vnoi /home/vnoi + cp -r /etc/skel /home/icpc && chown -R icpc:icpc /home/icpc } help() { echo "Usage: $0 [desktop|record|all|help]" - echo "desktop: reset /home/vnoi to default" + echo "desktop: reset /home/icpc to default" echo "record: clean all records" echo "all: do both" echo "help: show this help" diff --git a/src/bin/vnoiconf.sh b/src/bin/vnoiconf.sh index 8bc408c..74be215 100755 --- a/src/bin/vnoiconf.sh +++ b/src/bin/vnoiconf.sh @@ -14,76 +14,6 @@ check_ip() fi } - -do_config() -{ - - local CONF=$1 # vpn config filepath - local CRED=$2 # contestant credential - - if ! test -f "$CONF"; then - echo "Can't read $CONF" - exit 1 - fi - - WORKDIR=`mktemp -d` - - tar jxf $CONF -C $WORKDIR - if [ $? -ne 0 ]; then - echo "Failed to unpack $CONF" - rm -rf $WORKDIR - exit 1 - fi - - IP=$(cat $WORKDIR/vpn/ip.conf) - MASK=$(cat $WORKDIR/vpn/mask.conf) - DNS=$(cat $WORKDIR/vpn/dns.conf) - - if ! check_ip "$IP" || ! check_ip "$MASK"; then - echo Bad IP numbers - rm -r $WORKDIR - exit 1 - fi - - echo "$IP" > /etc/tinc/vpn/ip.conf - echo "$MASK" > /etc/tinc/vpn/mask.conf - echo "$DNS" > /etc/tinc/vpn/dns.conf - rm /etc/tinc/vpn/hosts/* 2> /dev/null - cp $WORKDIR/vpn/hosts/* /etc/tinc/vpn/hosts/ - cp $WORKDIR/vpn/rsa_key.* /etc/tinc/vpn/ - cp $WORKDIR/vpn/tinc.conf /etc/tinc/vpn - cp $WORKDIR/vpn/vnoibackup* /opt/vnoi/config/ssh/ - - rm -r $WORKDIR - USERID=$(cat /etc/tinc/vpn/tinc.conf | grep Name | cut -d\ -f3) - chfn -f "$USERID" vnoi - - # Stop Zabbix agent - systemctl stop zabbix-agent 2> /dev/null - systemctl disable zabbix-agent 2> /dev/null - - # Restart firewall and VPN - systemctl enable tinc@vpn 2> /dev/null - systemctl restart tinc@vpn - /opt/vnoi/sbin/firewall.sh start - - # Start Zabbix configuration - systemctl enable zabbix-agent 2> /dev/null - systemctl start zabbix-agent 2> /dev/null - - # Generate an instance ID to uniquely id this VM - if [ ! -f /opt/vnoi/run/instanceid.txt ]; then - openssl rand 10 | base32 > /opt/vnoi/run/instanceid.txt - fi - - # store credential - echo "${CRED%|*}" > /opt/vnoi/run/username.txt - echo "${CRED##*|}" > /opt/vnoi/run/password.txt - - exit 0 -} - - logger -p local0.info "VNOICONF: invoke $1" case "$1" in @@ -122,17 +52,8 @@ case "$1" in if [ -e /opt/vnoi/run/lockdown ]; then echo Not allowed to control firewall during lockdown mode else - systemctl stop tinc@vpn - systemctl disable tinc@vpn 2> /dev/null - systemctl stop zabbix-agent - systemctl disable zabbix-agent 2> /dev/null + systemctl stop wg-quick@client /opt/vnoi/sbin/firewall.sh stop - rm /etc/tinc/vpn/ip.conf 2> /dev/null - rm /etc/tinc/vpn/mask.conf 2> /dev/null - rm /etc/tinc/vpn/hosts/* 2> /dev/null - rm /etc/tinc/vpn/rsa_key.* 2> /dev/null - rm /etc/tinc/vpn/tinc.conf 2> /dev/null - rm /opt/vnoi/config/ssh/vnoibackup* 2> /dev/null chfn -f "" vnoi fi ;; @@ -193,13 +114,13 @@ EOM setscreenlock) if [ "$2" = "on" ]; then touch /opt/vnoi/config/screenlock - sudo -Hu vnoi xvfb-run gsettings set org.gnome.desktop.screensaver lock-enabled true + sudo -Hu icpc xvfb-run gsettings set org.gnome.desktop.screensaver lock-enabled true echo Screensaver lock enabled elif [ "$2" = "off" ]; then if [ -f /opt/vnoi/config/screenlock ]; then rm /opt/vnoi/config/screenlock fi - sudo -Hu vnoi xvfb-run gsettings set org.gnome.desktop.screensaver lock-enabled false + sudo -Hu icpc xvfb-run gsettings set org.gnome.desktop.screensaver lock-enabled false echo Screensaver lock disabled else cat - <> ~icpc/.profile +echo 'export TZ' >> ~icpc/.profile + +# Mark Gnome's initial setup as complete +sudo -Hu icpc bash -c 'echo yes > ~/.config/gnome-initial-setup-done' + +# Copy VSCode extensions +mkdir -p ~icpc/.vscode/extensions +tar jxf /opt/vnoi/misc/vscode-extensions.tar.bz2 -C ~icpc/.vscode/extensions +chown -R icpc.icpc ~icpc/.vscode + +logger -p local0.info "MKICPCUSER: ICPC user created" diff --git a/src/sbin/mkvnoiuser.sh b/src/sbin/mkvnoiuser.sh deleted file mode 100755 index 9ea971c..0000000 --- a/src/sbin/mkvnoiuser.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh - -logger -p local0.info "MKVNOIUSER: Create a new vnoi user" - -# Create vnoi account -useradd -m vnoi - -# Setup desktop background -sudo -Hu vnoi xvfb-run gsettings set org.gnome.desktop.session idle-delay 900 -sudo -Hu vnoi xvfb-run gsettings set org.gnome.desktop.screensaver lock-delay 30 -if [ -f /opt/vnoi/config/screenlock ]; then - sudo -Hu vnoi xvfb-run gsettings set org.gnome.desktop.screensaver lock-enabled true -else - sudo -Hu vnoi xvfb-run gsettings set org.gnome.desktop.screensaver lock-enabled false -fi - -# set default fullname -chfn -f "vnoi" vnoi - -# Update path -echo 'TZ=$(cat /opt/vnoi/config/timezone)' >> ~vnoi/.profile -echo 'export TZ' >> ~vnoi/.profile - -# Mark Gnome's initial setup as complete -sudo -Hu vnoi bash -c 'echo yes > ~/.config/gnome-initial-setup-done' - -# Copy VSCode extensions -mkdir -p ~vnoi/.vscode/extensions -tar jxf /opt/vnoi/misc/vscode-extensions.tar.bz2 -C ~vnoi/.vscode/extensions -chown -R vnoi.vnoi ~vnoi/.vscode - -logger -p local0.info "MKVNOIUSER: VNOI user created" diff --git a/src/setup.sh b/src/setup.sh index 8459537..587f27f 100755 --- a/src/setup.sh +++ b/src/setup.sh @@ -73,16 +73,16 @@ echo "Asia/Bangkok" > /opt/vnoi/config/timezone # Default to enable screensaver lock touch /opt/vnoi/config/screenlock -# Create vnoi account -echo "Create vnoi account" -/opt/vnoi/sbin/mkvnoiuser.sh +# Create ICPC account +echo "Create icpc account" +/opt/vnoi/sbin/mkuser.sh -# Set VNOI user's initial password -echo "vnoi:vnoi" | chpasswd +# Set ICPC user's initial password +echo "icpc:icpc" | chpasswd # Fix permission and ownership -chown vnoi.vnoi /opt/vnoi/store/submissions -chmod 770 /opt/vnoi/store/log +chown icpc.icpc /opt/vnoi/store/submissions +chmod 770 /opt/icpc/store/log # Add our own syslog facility @@ -92,7 +92,7 @@ echo "local0.* /opt/vnoi/store/log/local.log" >> /etc/rsyslog.d/10-vnoi.conf cat - < /etc/systemd/timesyncd.conf [Time] -NTP=time.windows.com time.nist.gov +NTP=ntp.ubuntu.com time.windows.com EOM # GRUB config: quiet, and password for edit @@ -140,26 +140,26 @@ chmod +x /etc/gdm3/PostSession/Default mkdir -p /opt/vnoi/misc/records/ # Configure startup script, hidden from vnoi user access -mkdir -p /home/vnoi/.config/autostart +mkdir -p /home/icpc/.config/autostart -cat - <<'EOM' > /home/vnoi/.config/autostart/vnoi.desktop +cat - <<'EOM' > /home/icpc/.config/autostart/icpc.desktop [Desktop Entry] Type=Application Exec=sudo /opt/vnoi/sbin/startup.sh NoDisplay=true X-GNOME-Autostart-enabled=true -Name[en_US]=vnoi -Name=vnoi +Name[en_US]=icpc +Name=icpc Comment[en_US]= Comment= EOM -chown root:root /home/vnoi/.config/autostart/vnoi.desktop +chown root:root /home/icpc/.config/autostart/icpc.desktop # only allow execution -chmod 744 /home/vnoi/.config/autostart/vnoi.desktop +chmod 744 /home/icpc/.config/autostart/icpc.desktop # Create cronjob to run `python3 /opt/vnoi/sbin/report.py` every 15 seconds -cat - <<'EOM' > /etc/cron.d/vnoi +cat - <<'EOM' > /etc/cron.d/icpc * * * * * /opt/vnoi/sbin/report.py * * * * * sleep 10; /opt/vnoi/sbin/report.py * * * * * sleep 20; /opt/vnoi/sbin/report.py @@ -168,21 +168,21 @@ cat - <<'EOM' > /etc/cron.d/vnoi * * * * * sleep 50; /opt/vnoi/sbin/report.py EOM -crontab /etc/cron.d/vnoi -rm /etc/cron.d/vnoi +crontab /etc/cron.d/icpc +rm /etc/cron.d/icpc # Allow vlc to run as root sed -i 's/geteuid/getppid/' /usr/bin/vlc # Allow cvlc, ffmpeg and client to run as root without password -cat - <<'EOM' > /etc/sudoers.d/02-vnoi -vnoi ALL=(root) NOPASSWD: /opt/vnoi/bin/client, /opt/vnoi/sbin/startup.sh +cat - <<'EOM' > /etc/sudoers.d/02-icpc +icpc ALL=(root) NOPASSWD: /opt/vnoi/bin/client, /opt/vnoi/sbin/startup.sh EOM -chmod 440 /etc/sudoers.d/02-vnoi +chmod 440 /etc/sudoers.d/02-icpc # Add aliases to .bashrc -cat - <<'EOM' >> /home/vnoi/.bashrc -alias client='sudo /opt/vnoi/bin/client & disown' +cat - <<'EOM' >> /home/icpc/.bashrc +alias client='sudo /opt/icpc/bin/client & disown' EOM # Disable cloud-init @@ -190,12 +190,11 @@ touch /etc/cloud/cloud-init.disabled # Update /etc/hosts echo "${AUTH_ADDRESS} vpn.vnoi.info" >> /etc/hosts -echo "10.1.0.2 contest.vnoi.info" >> /etc/hosts -echo "${WEBSERVER_PUBLIC_ADDRESS} contest2.vnoi.info" >> /etc/hosts +echo "10.1.0.1 contest.icpc.info" >> /etc/hosts +echo "${WEBSERVER_PUBLIC_ADDRESS} contest2.icpc.info" >> /etc/hosts # Time servers echo 185.125.190.56 ntp.ubuntu.com >> /etc/hosts echo 168.61.215.74 time.windows.com >> /etc/hosts -echo 132.163.96.3 ntp1.glb.nist.gov >> /etc/hosts # Disable nouveau by forcing it to fail to load cat - <<'EOM' > /etc/modprobe.d/blacklist.conf @@ -273,8 +272,8 @@ if [ -n "$VERSION" ] ; then echo "$VERSION" > /opt/vnoi/misc/VERSION fi -# Deny vnoi user from SSH login -echo "DenyUsers vnoi" >> /etc/ssh/sshd_config +# Deny icpc user from SSH login +echo "DenyUsers icpc" >> /etc/ssh/sshd_config echo "### DONE ###" echo "- Remember to run cleanup script."