Add script for seting up media center

2025-08-11 10:20:07 +02:00 · 2025-08-11 10:20:07 +02:00 · c08110ae38
commit c08110ae38
parent 8789922ba6
6 changed files with 161 additions and 0 deletions
--- a/bin/admin/single-user
+++ b/bin/admin/single-user
@ -0,0 +1,65 @@
 #!/bin/bash
 ## This script make autologin. If user has phisical access
 ## to the device we can trust him, otherwiese we require password
 ## for remote access
 # Parameters
 USERNAME="user"
 # Sanity check
 if [ "$(id -u)" -ne 0 ]; then
    echo "Please run this script as root."
    exit 1
 fi
 if ! id "$USERNAME" &>/dev/null; then
    echo "User '$USERNAME' does not exist."
    exit 1
 fi
 echo "Setting up passwordless sudo for physical access for user: $USERNAME"
 echo
 # 1. Configure sudoers: allow passwordless sudo
 echo "Configuring sudoers for $USERNAME..."
 echo "Defaults:$USERNAME !authenticate" >> /etc/sudoers.d/00-$USERNAME-nopasswd
 chmod 440 /etc/sudoers.d/00-$USERNAME-nopasswd
 # 2. Modify PAM for sudo to allow password only on non-physical ttys
 echo "Configuring PAM for sudo tty check..."
 PAM_FILE="/etc/pam.d/sudo"
 BACKUP_FILE="/etc/pam.d/sudo.bak"
 if ! grep -q "pam_succeed_if.so tty" "$PAM_FILE"; then
    echo "Creating backup of $PAM_FILE to $BACKUP_FILE"
    cp "$PAM_FILE" "$BACKUP_FILE"
    sed -i '1iauth [success=1 default=ignore] pam_succeed_if.so tty =~ /dev/tty[0-9]*' "$PAM_FILE"
    echo "PAM modified to restrict passwordless sudo to physical TTYs."
 else
    echo "PAM sudo already appears configured."
 fi
 # 3. Enable autologin on tty1
 echo "Configuring systemd autologin on tty1 for $USERNAME..."
 mkdir -p /etc/systemd/system/getty@tty1.service.d
 AUTOLOGIN_CONF="/etc/systemd/system/getty@tty1.service.d/override.conf"
 cat > "$AUTOLOGIN_CONF" <<EOF
 [Service]
 ExecStart=
 ExecStart=-/sbin/agetty --autologin $USERNAME --noclear %I \$TERM
 EOF
 # Reload systemd and apply change
 echo "Reloading systemd and restarting tty1..."
 systemctl daemon-reexec
 systemctl daemon-reload
 systemctl restart getty@tty1
 echo
 echo "All done."
 echo "User '$USERNAME' will now auto-login on tty1 and can use sudo without a password if physically present."
 echo "Remote users (SSH) will still need to enter a password for sudo."
--- a/bin/vm
+++ b/bin/vm
@ -0,0 +1,34 @@
 #!/usr/bin/env ruby
 require 'optparse'
 require 'ostruct'
 require 'virtual-machine'
 # vm setup debian --arch "<host:arch64>" --name "<image_name: debian>"
 options = OpenStruct.new
 subcommand = ARGV.shift&.to_sym
 options.parameter = ARGV[0] && ARGV[0] !~ /^-/ ? ARGV.shift : nil
 OptionParser.new do |opt|
  opt.on('--arch ARCH', 'Architecture arm64 or x86_64') do |arch| 
    options.arch = arch
  end
  opt.on('--name NAME', 'Virtaul Machine name') do |arch| 
    options.arch = arch
  end
 end.parse!
 case subcommand
 when :create
  puts "Creating image...."
 when :setup
  options[:distro] = subcommand
  VirtualMachine.setup(options)
 else
  puts "Error not found #{options.type}"
 end
--- a/bin/zshrc/init
+++ b/bin/zshrc/init
@ -19,6 +19,10 @@ function cdd {
  cd $DAT_ROOT
 }
 function cdp {
  cd $PASSWORD_STORE_DIR
 }
 . $DAT_ROOT/bin/zshrc/prompt
 . $DAT_ROOT/bin/zshrc/utils
--- a/lib/data/resources/iso-images.rb
+++ b/lib/data/resources/iso-images.rb
@ -0,0 +1,21 @@
 module VirtualMachine
    ISO_URLS = {
        debian: {
            arm64: {
                install: "https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-13.0.0-arm64-netinst.iso"
            },
            x86_64: {
                install: "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-13.0.0-amd64-netinst.iso",
                live: "https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-13.0.0-amd64-standard.iso"
            }
        },
        archlinux: {
            x86_64: {
                live: "https://geo.mirror.pkgbuild.com/iso/2025.08.01/archlinux-x86_64.iso"
            }
        }
    }
 end
--- a/lib/downloader.rb
+++ b/lib/downloader.rb
@ -0,0 +1,21 @@
 require 'uri'
 require 'addressable/uri'
 module Downloader
    # use_cache => save in the home and return path to it
    # forced => download even if the file exists in the cache, saves to chace if use_cache == true
    def self.get(url, use_cache = true, forced = false)
        puts "downloading..."
        puts url
        uri = Addressable::URI.parse(url)
        path = File.join("#{ENV["HOME"]}/.cache/dat/downloads/", uri.domain, uri.path)
        #uri = URI.parse(url)
        #file_name = File.basename(uri.path)
        puts "Download path: #{path}"
        yield path
    end
 end
--- a/lib/virtual-machine.rb
+++ b/lib/virtual-machine.rb
@ -0,0 +1,16 @@
 require 'downloader'
 require_relative 'data/resources/iso-images'
 module VirtualMachine 
    def self.distro(name, arch, type = :install)
        ISO_URLS[:debian][:arm64][:install]
    end
    def self.setup(options)
        distro = options[:distro]
        arch = :arm64
        type = :install
        url = distro(name, arch, type)
        Downloader.get(url)
    end
 end