mietzen · February 9, 2025 12:01
diff --git a/proxmox-debian-template-setup.sh b/proxmox-debian-template-setup.sh
 #!/bin/bash

 set +exo pipefail

 ## Install Cloud-Init
 apt-get update
 apt-get install cloud-init openssh-server -y

 ## Set grub timeout to 1 sec
 sed -i 's/^GRUB_TIMEOUT=.*/GRUB_TIMEOUT=1/' /etc/default/grub
 sed -i 's/^GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200n8"/' /etc/default/grub
 update-grub

 ## No ssh root / password login
 sed -i 's/^#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config 
 sed -i 's/^#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config 

 ## Generate MOTD
 rm -rf /etc/update-motd.d/*
 cat << 'EOF' > /etc/update-motd.d/00-update-motd
 #!/bin/bash

 source /etc/os-release

 load=$(cat /proc/loadavg | awk '{print $1}')
 root_usage=$(df -h / | awk '/\// {print $(NF-1)}')
 memory_usage=$(free -m | awk '/Mem:/ { total=$2 } /buffers\/cache/ { used=$3 } END { printf("%3.1f%%", used/total*100)}')
 swap_usage=$(free -m | awk '/Swap/ { printf("%3.1f%%", "exit !$2;$3/$2*100") }')
 users=$(users | wc -w)
 time=$(uptime | grep -ohe 'up .*' | sed 's/,/\ hours/g' | awk '{ printf $2" "$3 }')
 processes=$(ps aux | wc -l)
 ip=$(ip addr | grep inet.*eth | sed 's/.*inet //' | sed 's/\/.*//' | head -n1)
 pkgs=$(apt list --upgradable 2> /dev/null | grep 'upgradable' | wc -l)

 echo $(date)
 echo
 echo -e "\033[1mWelcome to $(hostname) - ${ID^} ${VERSION_ID} $(uname -r)\033[0m"
 echo
 echo -e "System load:\t${load}\tIP Address:\t${ip}"
 echo -e "Memory usage:\t${memory_usage}\tSystem uptime:\t${time}"
 echo -e "Usage on /:\t${root_usage}\tSwap usage:\t${swap_usage}"
 echo
 if [ ${pkgs} -gt 0 ]; then
    echo -e "\033[1;31mSystem needs ${pkgs} updates!\033[0m"
 else
    echo -e "\033[1;32mSystem is up to date!\033[0m"
 fi
 EOF

 chmod +x /etc/update-motd.d/00-update-motd

 echo "" > /etc/motd

 ## Generate Issue message

 cat << EOF > /etc/issue
 Debian GNU/Linux 12 \n \l

 IP (eth0): \4{eth0}

 EOF

 ## Fix resultion in xterm.js

 cat << 'EOF' >> /etc/profile

 res() {

  old=$(stty -g)
  stty raw -echo min 0 time 5

  printf '\0337\033[r\033[999;999H\033[6n\0338' > /dev/tty
  IFS='[;R' read -r _ rows cols _ < /dev/tty

  stty "$old"

  # echo "cols:$cols"
  # echo "rows:$rows"
  stty cols "$cols" rows "$rows"
 }

 [ $(tty) = /dev/ttyS0 ] && res
 EOF

 ## Unset root password

 cat << 'EOF' > /etc/systemd/system/lock-root.service
 [Unit]
 Description=Lock root user after cloud-init
 After=cloud-final.service
 Requisite=cloud-init.target
 ConditionPathExists=!/root/.locked

 [Service]
 Type=oneshot
 ExecStart=/usr/sbin/usermod -p ! root
 ExecStart=/bin/touch /root/.locked
 StandardOutput=tty
 StandardError=tty

 [Install]
 WantedBy=cloud-init.target
 EOF

 systemctl daemon-reload
 systemctl enable lock-root.service


 ## Delete History
 history -c
	#!/bin/bash

	set +exo pipefail

	## Install Cloud-Init
	apt-get update
	apt-get install cloud-init openssh-server -y

	## Set grub timeout to 1 sec
	sed -i 's/^GRUB_TIMEOUT=.*/GRUB_TIMEOUT=1/' /etc/default/grub
	sed -i 's/^GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200n8"/' /etc/default/grub
	update-grub

	## No ssh root / password login
	sed -i 's/^#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
	sed -i 's/^#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config

	## Generate MOTD
	rm -rf /etc/update-motd.d/*
	cat << 'EOF' > /etc/update-motd.d/00-update-motd
	#!/bin/bash

	source /etc/os-release

	load=$(cat /proc/loadavg \| awk '{print $1}')
	root_usage=$(df -h / \| awk '/\// {print $(NF-1)}')
	memory_usage=$(free -m \| awk '/Mem:/ { total=$2 } /buffers\/cache/ { used=$3 } END { printf("%3.1f%%", used/total*100)}')
	swap_usage=$(free -m \| awk '/Swap/ { printf("%3.1f%%", "exit !$2;$3/$2*100") }')
	users=$(users \| wc -w)
	time=$(uptime \| grep -ohe 'up .*' \| sed 's/,/\ hours/g' \| awk '{ printf $2" "$3 }')
	processes=$(ps aux \| wc -l)
	ip=$(ip addr \| grep inet.eth \| sed 's/.inet //' \| sed 's/\/.*//' \| head -n1)
	pkgs=$(apt list --upgradable 2> /dev/null \| grep 'upgradable' \| wc -l)

	echo $(date)
	echo
	echo -e "\033[1mWelcome to $(hostname) - ${ID^} ${VERSION_ID} $(uname -r)\033[0m"
	echo
	echo -e "System load:\t${load}\tIP Address:\t${ip}"
	echo -e "Memory usage:\t${memory_usage}\tSystem uptime:\t${time}"
	echo -e "Usage on /:\t${root_usage}\tSwap usage:\t${swap_usage}"
	echo
	if [ ${pkgs} -gt 0 ]; then
	echo -e "\033[1;31mSystem needs ${pkgs} updates!\033[0m"
	else
	echo -e "\033[1;32mSystem is up to date!\033[0m"
	fi
	EOF

	chmod +x /etc/update-motd.d/00-update-motd

	echo "" > /etc/motd

	## Generate Issue message

	cat << EOF > /etc/issue
	Debian GNU/Linux 12 \n \l

	IP (eth0): \4{eth0}

	EOF

	## Fix resultion in xterm.js

	cat << 'EOF' >> /etc/profile

	res() {

	old=$(stty -g)
	stty raw -echo min 0 time 5

	printf '\0337\033[r\033[999;999H\033[6n\0338' > /dev/tty
	IFS='[;R' read -r _ rows cols _ < /dev/tty

	stty "$old"

	# echo "cols:$cols"
	# echo "rows:$rows"
	stty cols "$cols" rows "$rows"
	}

	[ $(tty) = /dev/ttyS0 ] && res
	EOF

	## Unset root password

	cat << 'EOF' > /etc/systemd/system/lock-root.service
	[Unit]
	Description=Lock root user after cloud-init
	After=cloud-final.service
	Requisite=cloud-init.target
	ConditionPathExists=!/root/.locked

	[Service]
	Type=oneshot
	ExecStart=/usr/sbin/usermod -p ! root
	ExecStart=/bin/touch /root/.locked
	StandardOutput=tty
	StandardError=tty

	[Install]
	WantedBy=cloud-init.target
	EOF

	systemctl daemon-reload
	systemctl enable lock-root.service


	## Delete History
	history -c