Add script for seting up media center

2025-08-11 10:20:07 +02:00 · 2025-08-11 10:20:07 +02:00 · c08110ae38
commit c08110ae38
parent 8789922ba6
6 changed files with 161 additions and 0 deletions
--- a/bin/admin/single-user
+++ b/bin/admin/single-user
@ -0,0 +1,65 @@
+#!/bin/bash
+## This script make autologin. If user has phisical access
+## to the device we can trust him, otherwiese we require password
+## for remote access
+
+
+# Parameters
+USERNAME="user"
+
+# Sanity check
+if [ "$(id -u)" -ne 0 ]; then
+    echo "Please run this script as root."
+    exit 1
+fi
+
+if ! id "$USERNAME" &>/dev/null; then
+    echo "User '$USERNAME' does not exist."
+    exit 1
+fi
+
+echo "Setting up passwordless sudo for physical access for user: $USERNAME"
+echo
+
+# 1. Configure sudoers: allow passwordless sudo
+echo "Configuring sudoers for $USERNAME..."
+echo "Defaults:$USERNAME !authenticate" >> /etc/sudoers.d/00-$USERNAME-nopasswd
+chmod 440 /etc/sudoers.d/00-$USERNAME-nopasswd
+
+# 2. Modify PAM for sudo to allow password only on non-physical ttys
+echo "Configuring PAM for sudo tty check..."
+PAM_FILE="/etc/pam.d/sudo"
+BACKUP_FILE="/etc/pam.d/sudo.bak"
+
+if ! grep -q "pam_succeed_if.so tty" "$PAM_FILE"; then
+    echo "Creating backup of $PAM_FILE to $BACKUP_FILE"
+    cp "$PAM_FILE" "$BACKUP_FILE"
+
+    sed -i '1iauth [success=1 default=ignore] pam_succeed_if.so tty =~ /dev/tty[0-9]*' "$PAM_FILE"
+    echo "PAM modified to restrict passwordless sudo to physical TTYs."
+else
+    echo "PAM sudo already appears configured."
+fi
+
+# 3. Enable autologin on tty1
+echo "Configuring systemd autologin on tty1 for $USERNAME..."
+mkdir -p /etc/systemd/system/getty@tty1.service.d
+AUTOLOGIN_CONF="/etc/systemd/system/getty@tty1.service.d/override.conf"
+
+cat > "$AUTOLOGIN_CONF" <<EOF
+[Service]
+ExecStart=
+ExecStart=-/sbin/agetty --autologin $USERNAME --noclear %I \$TERM
+EOF
+
+# Reload systemd and apply change
+echo "Reloading systemd and restarting tty1..."
+systemctl daemon-reexec
+systemctl daemon-reload
+systemctl restart getty@tty1
+
+echo
+echo "All done."
+echo "User '$USERNAME' will now auto-login on tty1 and can use sudo without a password if physically present."
+echo "Remote users (SSH) will still need to enter a password for sudo."
+
--- a/bin/vm
+++ b/bin/vm
@ -0,0 +1,34 @@
+#!/usr/bin/env ruby
+
+require 'optparse'
+require 'ostruct'
+require 'virtual-machine'
+
+# vm setup debian --arch "<host:arch64>" --name "<image_name: debian>"
+
+options = OpenStruct.new
+subcommand = ARGV.shift&.to_sym
+options.parameter = ARGV[0] && ARGV[0] !~ /^-/ ? ARGV.shift : nil
+
+OptionParser.new do |opt|
+  opt.on('--arch ARCH', 'Architecture arm64 or x86_64') do |arch| 
+    options.arch = arch
+  end
+
+  opt.on('--name NAME', 'Virtaul Machine name') do |arch| 
+    options.arch = arch
+  end
+
+end.parse!
+
+
+case subcommand
+when :create
+  puts "Creating image...."
+  
+when :setup
+  options[:distro] = subcommand
+  VirtualMachine.setup(options)
+else
+  puts "Error not found #{options.type}"
+end
--- a/bin/zshrc/init
+++ b/bin/zshrc/init
@ -19,6 +19,10 @@ function cdd {
  cd $DAT_ROOT
 }

+function cdp {
+  cd $PASSWORD_STORE_DIR
+}
+
 . $DAT_ROOT/bin/zshrc/prompt
 . $DAT_ROOT/bin/zshrc/utils