Copyright (C) 2008-2021 Oliver Bohlen.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
A copy of the license is included in the section entitled "GNU Free Documentation License".
This documentation comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
Here a little documentation how I installed the basesystem for my thinclients. The special thing of these clients is that they are booted from a read only nfs filesystem. The goal of this is that the system can be booted at the same time from more different computers.
I installed it in a chroot on my Server. You can use the Gentoo Handbook for the basic installation. Here are some changes I used to make it to a read only thinclient.
This is the profile I use:
rm /etc/make.profile
ln -s /usr/portage/profiles/default/linux/x86/2008.0/desktop /etc/make.profile
chroot /srv/thinclient/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge app-arch/p7zip sys-apps/sdparm sys-apps/hdparm app-arch/unace app-arch/unarj app-arch/unlzx app-arch/rar app-arch/arj app-arch/lha app-arch/unadf app-misc/mc app-cdr/k3b app-editors/vim app-office/openoffice app-portage/genlop app-portage/gentoolkit app-text/acroread dev-util/strace media-sound/alsa-tools media-sound/alsa-utils media-sound/musescore media-sound/timidity++ media-video/dvdrip net-im/licq net-wireless/ipw2100-firmware net-wireless/ipw2200-firmware sys-kernel/gentoo-sources sys-libs/libstdc++-v3 sys-process/vixie-cron virtual/libstdc++ www-client/mozilla-firefox www-plugins/adobe-flash sys-power/acpid app-laptop/radeontool sys-fs/dosfstools app-text/unix2dos app-text/dos2unix net-analyzer/nmap net-misc/netkit-telnetd sys-apps/parted sys-block/gparted mail-client/mozilla-thunderbird net-wireless/bluez-firmware net-wireless/bluez-hcidump sys-apps/ethtool sys-kernel/linux-firmware media-gfx/gimp net-misc/rdate net-misc/ntp net-nds/yp-tools net-nds/ypbind app-emulation/wine sys-process/htop media-video/kino media-sound/audacity games-action/chromium net-print/foomatic-filters-ppds net-im/skype net-analyzer/iptraf app-mobilephone/wammu app-mobilephone/gnokii net-fs/curlftpfs sys-fs/sshfs-fuse net-fs/fusesmb sys-power/acpid app-office/qbankmanager app-office/grisbi app-cdr/xfburn x11-terms/terminal app-editors/mousepad app-office/orage media-gfx/ristretto media-sound/grip media-gfx/gqview media-plugins/mytharchive media-plugins/mythbrowser media-plugins/mythcontrols media-plugins/mythflix media-plugins/mythgallery media-plugins/mythgame media-plugins/mythmovies media-plugins/mythmusic media-plugins/mythnews media-plugins/mythphone media-plugins/mythvideo media-plugins/mythweather media-plugins/mythzoneminder dev-python/imdbpy net-im/pidgin media-sound/tagtool media-sound/audacious media-plugins/audacious-plugins media-plugins/audacious-xosd x11-themes/audacious-themes app-arch/xarchiver media-gfx/inkscape app-office/dia app-misc/fdupes dev-util/geany media-sound/id3v2 media-libs/exiftool dev-perl/MP3-Tag'
If you want to use this solution you need the following howto(s) finished:
chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge app-admin/rsyslog' chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge net-fs/nfs-utils'
File permissions:
Owner: root
Group: root
Permissions: -rwx------
Click here for a download of the complete file: /etc/cron.weekly/gtcupdate
Changed on 05.01.09Update the thinclient system automatically once a week
#!/bin/bash
. /etc/bash/gaboshlib.include
g_lockfile
g_nice
# Hibiscus
g_echo_ok "Hibiscus Update"
ARCH=`uname -m | grep -o '64'`
JAMEICAVERSION=`wget -q -O - http://www.willuhn.de/products/jameica/releases/version-nightly`
HIBISCUSVERSION=`wget -q -O - http://www.willuhn.de/products/hibiscus/releases/version-nightly`
cd $g_tmp
wget -q http://www.willuhn.de/products/jameica/releases/current/jameica/jameica-linux64.zip
wget -q http://www.willuhn.de/products/hibiscus/releases/current/hibiscus.zip
hibiscusfile="hibiscus.zip"
jameicafile="jameica-linux64.zip"
cd /opt
rm -rf /opt/jameica
unzip -q $g_tmp/${jameicafile}
cd jameica/plugins
unzip -q $g_tmp/${hibiscusfile}
umg=test
rm -rf /gtc/$umg/opt/jameica
cd /gtc/$umg/opt
unzip -q $g_tmp/${jameicafile}
cd jameica/plugins
unzip -q $g_tmp/${hibiscusfile}
echo -e "[Desktop Entry]\n"\
"Name=Hibiscus\n"\
"Comment=Hibiscus die freie Homebanking-Anwendung\n"\
"Exec=/opt/jameica/jameica.sh\n"\
"Terminal=false\n"\
"Encoding=UTF-8\n"\
"Type=Application\n"\
"Icon=/opt/jameica/jameica-icon.png\n"\
"Categories=Office;Finance\n"\
> /gtc/$umg/usr/share/applications/Hibiscus.desktop
cat /gtc/$umg/usr/share/applications/Hibiscus.desktop >/usr/share/applications/Hibiscus.desktop
rm $g_tmp/${jameicafile}
rm $g_tmp/${hibiscusfile}
# Apache Config
cp -p /etc/apache2/vhosts.d/00_gabosh.conf /gtc/test/etc/apache2/vhosts.d/
cp -p /etc/apache2/vhosts.d/letsencrypt.include /gtc/test/etc/apache2/vhosts.d/
# Update GTC
g_echo_ok "Gentoo-GTC-Update in detached tmux"
cp -p /etc/bash/gaboshlib.include /gtc/$umg/etc/bash/gaboshlib.include
cat <<EOF > /gtc/$umg/root/Gentoo-GTC-Update.sh
#!/bin/bash
. /etc/bash/gaboshlib.include
g_portagesync
# Kernel
emerge gentoo-sources
gtc-buildkernel
g_gentooupdate
# JavaScript dlc-decypter per npmjs.com (MIT License)
npm update -g decrypt-dlc-cli
# Icons
rm -f /usr/share/applications/hp-uiscan.desktop /etc/xdg/autostart/hplip-systray.desktop
rm -f /etc/xdg/autostart/._cfg0000_hplip-systray.desktop /usr/share/applications/._cfg0000_hp-uiscan.desktop
# Start(Sub)menu
echo '<!DOCTYPE Menu PUBLIC "-//freedesktop//DTD Menu 1.0//EN"
"http://www.freedesktop.org/standards/menu-spec/menu-1.0.dtd">
<Menu>
<Name>Applications</Name>
<Menu>
<Name>GTC</Name>
<Directory>GTC.directory</Directory>
<Include>
<Category>GTC</Category>
</Include>
<Menu>
<Name>GTC-System</Name>
<Directory>GTC.directory</Directory>
<Include>
<Category>GTC-System</Category>
</Include>
</Menu>
<Menu>
<Name>GTC-Tools</Name>
<Directory>GTC.directory</Directory>
<Include>
<Category>GTC-Programs-Accessories</Category>
</Include>
</Menu>
</Menu>
</Menu>
' >/etc/xdg/menus/applications-merged/gtc.menu
echo '[Desktop Entry]
Type=Directory
Name=GTC
Icon=/usr/share/icons/gentoo/64x64/gentoo.png
' >/usr/share/desktop-directories/GTC.directory
echo "[Desktop Entry]
Name=GTC Desktopfreigabe
Comment=X11VNC über SSH-Tunnel
Exec=mate-terminal --window --command=/etc/thinclient/scripts/gtc-x11vnc
Path=
Icon=help-browser
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Network;
">/usr/share/applications/gtc-x11vnc.desktop
echo "[Desktop Entry]
Name=GTC Desktopfreigabe beenden
Comment=X11VNC über SSH-Tunnel
Exec=mate-terminal --window --command=\"/etc/thinclient/scripts/gtc-x11vnc STOP\"
Path=
Icon=help-browser
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Network;
">/usr/share/applications/gtc-x11vnc-stop.desktop
echo "[Desktop Entry]
Name=GTC Config editieren
Comment=
Exec=mate-terminal --window --command=\"sudo -i leafpad /etc/current-gtc-profile/thinclient.conf\"
Path=
Icon=/usr/share/icons/gabosh/linux.png
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Core;Utility;
">/usr/share/applications/gtc-editprofile.desktop
echo "[Desktop Entry]
Name=GTC Startscrit editieren
Comment=
Exec=mate-terminal --window --command=\"sudo -i leafpad /etc/current-gtc-profile/start.sh\"
Path=
Icon=/usr/share/icons/gabosh/linux.png
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Core;Utility;
">/usr/share/applications/gtc-editstartsh.desktop
echo "[Desktop Entry]
Name=GTC NVIDIA Legacy Treiber aktivieren
Comment=
Exec=mate-terminal --window --command=\"sudo -i /etc/thinclient/scripts/gtc-nvidia-legacy-driver\"
Path=
Icon=nvidia-settings
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Core;Utility;
">/usr/share/applications/gtc-nvidialegacy.desktop
echo "[Desktop Entry]
Name=GTC NVIDIA OpenSource Treiber aktivieren
Comment=
Exec=mate-terminal --window --command=\"sudo -i /etc/thinclient/scripts/gtc-nouveau\"
Path=
Icon=nvidia-settings
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Core;Utility;
">/usr/share/applications/gtc-nvidianouveau.desktop
echo "[Desktop Entry]
Name=GTC NVIDIA Treiber aktivieren
Comment=
Exec=mate-terminal --window --command=\"sudo -i /etc/thinclient/scripts/gtc-nvidia\"
Path=
Icon=nvidia-settings
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Core;Utility;
">/usr/share/applications/gtc-nvidia.desktop
echo "[Desktop Entry]
Name=GTC Druckerverwaltung
Comment=
Exec=firefox localhost:631
Path=
Icon=/usr/share/icons/gabosh/linux.png
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Core;Utility;
">/usr/share/applications/gtc-printconfig.desktop
echo "[Desktop Entry]
Name=GTC Update
Comment=Linux Update
Exec=mate-terminal --window --command=\"sudo -i /etc/thinclient/scripts/gtc-update\"
Path=
Icon=/usr/share/icons/gabosh/linux.png
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Core;Utility;
">/usr/share/applications/gtc-update.desktop
echo "[Desktop Entry]
Name=GTC Update erzwingen
Comment=Linux Update erzwingen
Exec=mate-terminal --window --command=\"sudo -i /etc/thinclient/scripts/gtc-update-force\"
Path=
Icon=/usr/share/icons/gabosh/linux.png
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Core;Utility;
">/usr/share/applications/gtc-update-force.desktop
echo "[Desktop Entry]
Name=GTC Release Notes
Comment=GTC Release Notes
Exec=mate-terminal --window --command=\"leafpad /etc/thinclient/gtc-release-notes\"
Path=
Icon=/usr/share/icons/gabosh/linux.png
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Core;Utility;
">/usr/share/applications/gtc-release-notes.desktop
echo "[Desktop Entry]
Name=GTC Passwort von root ändern
Comment=Root/Admin Passwort ändern
Exec=mate-terminal --window --command=\"sudo -i passwd || sleep 30\"
Path=
Icon=user-available
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Core;Utility;
" >/usr/share/applications/gtc-rootpasswd.desktop
echo "[Desktop Entry]
Name=GTC Passwort von User ändern
Comment=Passwort ändern
Exec=mate-terminal --window --command=\"passwd || sleep 30\"
Path=
Icon=avatar-default
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Core;Utility;
" >/usr/share/applications/gtc-passwd.desktop
echo "[Desktop Entry]
Name=GTC Samba Passwort von User ändern
Comment=Passwort ändern
Exec=mate-terminal --window --command=\"smbpasswd || sleep 30\"
Path=
Icon=avatar-default
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Core;Utility;
" >/usr/share/applications/gtc-smbpasswd.desktop
echo "[Desktop Entry]
Name=Brave Browser
Comment=
Exec=/etc/thinclient/scripts/brave-browser.sh
Path=
Icon=/usr/share/icons/gabosh/brave-browser.png
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Core;Utility;
" >/usr/share/applications/gtc-brave-browser.desktop
echo "[Desktop Entry]
Name=Geotag for Images
Comment=
Exec=/usr/bin/java -jar /usr/local/lib/geotag-0.103.jar
Path=
Icon=/usr/share/icons/gabosh/geotag.gif
Terminal=false
StartupNotify=false
Type=Application
Categories=Graphics;2DGraphics;RasterGraphics;GTK;
" >/usr/share/applications/geotag.desktop
echo "[Desktop Entry]
Name=GTC Speichermedium verschlüsseln
Comment=Device verschlüsseln
Exec=mate-terminal --window --command=\"/etc/thinclient/scripts/gtc-cryptdevice\"
Path=
Icon=/usr/share/icons/gabosh/linux.png
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Core;Utility;
" >/usr/share/applications/gtc-cryptdevice.desktop
echo "[Desktop Entry]
Name=GTC Passwort von verschlüsseltem Speichermedium ändern
Comment=GTC Passwort von verschlüsseltem Speichermedium ändern
Exec=mate-terminal --window --command=\"/etc/thinclient/scripts/gtc-cryptdevice-chpass\"
Path=
Icon=avatar-default
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Core;Utility;
" >/usr/share/applications/gtc-cryptdevice-chpass.desktop
echo "[Desktop Entry]
Name=Zippyshare DLC in Downloads
Comment=Decrypten und herunterladen von DLC-Dateien in Downloads mit plowdown
Exec=mate-terminal --window --command=\"/etc/thinclient/scripts/dlcdown.sh\"
Path=
Icon=/usr/share/icons/gabosh/linux.png
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Network;
" >/usr/share/applications/gtc-dlcdown.desktop
echo "[Desktop Entry]
Name=Download Video per URL
Comment=Herunterladen von Videos per youtube-dl per URL nach Downloads
Exec=mate-terminal --window --command=\"/etc/thinclient/scripts/youtube-dl.sh --proxy localhost:8118\"
Path=
Icon=/usr/share/icons/gabosh/linux.png
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Network;
" >/usr/share/applications/gtc-youtube-dl.desktop
echo "[Desktop Entry]
Name=Download Video per URL ohne Tor
Comment=Herunterladen von Videos per youtube-dl per URL nach Downloads ohne Tor
Exec=mate-terminal --window --command=\"/etc/thinclient/scripts/youtube-dl.sh\"
Path=
Icon=/usr/share/icons/gabosh/linux.png
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Network;
" >/usr/share/applications/gtc-youtube-dl-wotor.desktop
echo "[Desktop Entry]
Name=Install/Update Nextcloud
Comment=Install/Update Nextcloud in docker container
Exec=mate-terminal --window --command=\"/etc/thinclient/scripts/docker-nextcloud.sh\"
Path=
Icon=/usr/share/icons/gabosh/nextcloud.ico
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;
" >/usr/share/applications/gtc-nextcloud.desktop
echo "[Desktop Entry]
Name=Install/Update Wordpress
Comment=Install/Update Wordpress in docker container
Exec=mate-terminal --window --command=\"/etc/thinclient/scripts/docker-wordpress.sh\"
Path=
Icon=/usr/share/icons/gabosh/linux.png
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;
" >/usr/share/applications/gtc-wordpress.desktop
echo "[Desktop Entry]
Name=Komprimiere Mediendateien
Comment=Komprimiere Videos, Audios, Bilder
Exec=mate-terminal --window --command=\"/etc/thinclient/scripts/media-compress.sh\"
Path=
Icon=/usr/share/icons/gabosh/linux.png
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;AudioVideo;Audio;Video;
" >/usr/share/applications/gtc-media-compress.desktop
echo "[Desktop Entry]
Name=Alfaview
Comment=Alfaview Conference Tool
Exec=/opt/alfaview/alfaview
Path=/opt/alfaview
Icon=/opt/alfaview/alfaview-Icon.jpg
Terminal=false
StartupNotify=false
Type=Application
Categories=Network;
" >/usr/share/applications/gtc-alfaview.desktop
# Netmount starts NetworkManager/Network whick should be startet by GTC-Scripts apfter Profile-Rollout
rc-update del netmount default
# Damit Bildschirm entsperren geht
chmod u+s /sbin/unix_chkpwd
# Steam Lib links
ln -sf /usr/lib/libva.so /usr/lib/libva.so.1
ln -sf /usr/lib/libva-x11.so /usr/lib/libva-x11.so.1
ln -sf /usr/lib/libva-glx.so /usr/lib/libva-glx.so.1
ln -sf /usr/lib/libva-drm.so /usr/lib/libva-drm.so.1
# Apache
rm -f /etc/apache2/vhosts.d/00_default_*vhost.conf
rm -f /etc/apache2/vhosts.d/._cfg0000_00_default_*vhost.conf
ln -sf /usr/lib64/apache2 /usr/lib/apache2
# PXE
mkdir -p /gtc/pxe
cp -p /usr/share/syslinux/pxelinux.0 /gtc/pxe/
cp -p /usr/share/syslinux/menu.c32 /gtc/pxe/
cp -p /usr/share/syslinux/ldlinux.c32 /gtc/pxe
cp -p /usr/share/syslinux/libutil.c32 /gtc/pxe
ln -f /boot/kernel /gtc/pxe/kernel
ln -f /boot/initrd /gtc/pxe/initrd
mkdir -p /gtc/pxe/pxelinux.cfg
echo '
default menu.c32
prompt 0
menu title GTC-PXELinux Boot Menu
NOESCAPE 1
ALLOWOPTIONS 1
MENU AUTOBOOT Starting GTC Linux in # seconds
label GTC
timeout 100
menu default
menu label ^GTC Linux
kernel /kernel
append initrd=/initrd root=/dev/nfs nfsroot=XXX.XXX.XXX.XXX:/_gtcroot ramdisk_size=256000 acpi_sleep=s3_bios real_root=/dev/nfs raid=noautodetect consoleblank=0 clocksource=hpet
ipappend 3
label bootlocal
menu label ^Boot from local Disk
localboot 0
' >/gtc/pxe/pxelinux.cfg/default
# Damit nicht überall die Nvidia Incons im Startmenü sind
etc-update --automode -3 /usr/share/applications/nvidia-settings.desktop
etc-update --automode -7 /etc/xdg/autostart/blueman.desktop
mv /usr/share/applications/nvidia-settings.desktop /usr/share/applications/nvidia-settings.gtc-unused >/dev/null 2>&1
EOF
chmod 700 /gtc/$umg/root/Gentoo-GTC-Update.sh
tmux new-session -d -s "Gentoo-GTC-Update" "chroot /gtc/$umg /bin/bash -c /root/Gentoo-GTC-Update.sh ; /gtc/pxe/linkkernel.sh"
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/chromium/default
Changed on 29.06.20Default Start Options fpr Chromium
CHROMIUM_FLAGS=""After change
CHROMIUM_FLAGS="--password-store=basic --ignore-gpu-blacklist --enable-gpu-rasterization --enable-zero-copy"
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/conf.d/apache2
Changed on 02.04.20Apache startoptions for enabling PHP5 and SSL
APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE"After change
APACHE2_OPTS="-D DAV -D DAV_FS -D PHP -D SSL -D LANGUAGE -D PROXY -D MPM_ITK -D AUTHNZ_EXTERNAL"
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/conf.d/dhcpd-tornet0
Changed on 28.03.20Tor Net DHCP
DHCPD_CONF="/etc/dhcp/dhcpd-tornet0.conf" DHCPD_IFACE="tornet0"
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/conf.d/dhcpd-vnet0
Changed on 28.03.20Virtual Networking DHCP
DHCPD_CONF="/etc/dhcp/dhcpd-vnet0.conf" DHCPD_IFACE="vnet0"
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/conf.d/display-manager
Changed on 09.10.09Configure the Thinclient
DISPLAYMANAGER="xdm"After change
DISPLAYMANAGER="lightdm"
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/conf.d/docker
Changed on 28.03.20Docker Data Dir noch in RAMDISK
DOCKER_OPTS="-g /home/data/docker"
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/conf.d/hwclock
Changed on 06.09.08Local Clock
clock="UTC"After change
clock="local"
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/conf.d/in.tftpd
Changed on 09.10.09Configure the Thinclient
INTFTPD_OPTS="-R 4096:32767 -s ${INTFTPD_PATH}"
After change
INTFTPD_PATH="/gtc/pxe"
INTFTPD_OPTS="-p -u nobody -s ${INTFTPD_PATH} -vvv"
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/conf.d/local
Changed on 09.10.09Allow console input/output in local-services
rc_verbose=yes
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/conf.d/net
Changed on 28.03.20Virtual Networking Bridge
bridge_vnet0="" config_vnet0="XXX.XXX.XXX.XXX netmask XXX.XXX.XXX.XXX" bridge_forward_delay_vnet0=0 bridge_hello_time_vnet0=1000 enable_ipv6_vnet0="false" dad_timeout_vnet0=0
Bridge for transparent Tor Proxy
bridge_tornet0="" config_tornet0="XXX.XXX.XXX.XXX netmask XXX.XXX.XXX.XXX" bridge_forward_delay_tornet0=0 bridge_hello_time_tornet0=1000 enable_ipv6_tornet0="false" dad_timeout_tornet0=0
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/conf.d/NetworkManager
Changed on 11.01.18Configure the Thinclient Networkíng
INACTIVE_TIMEOUT=1After change
INACTIVE_TIMEOUT=0 # --- # /etc/conf.d/nfs # If you wish to set the port numbers for lockd, # please see /etc/sysctl.conf # Optional services to include in default `/etc/init.d/nfs start` # For NFSv4 users, you'll want to add "rpc.idmapd" here. NFS_NEEDED_SERVICES="rpc.idmapd" # Options to pass to rpc.nfsd # before|||23.12.08|||olli|||Server for thinclients|||Allow a maximum of 20 Clients at the same time on your NFS Server #OPTS_RPC_NFSD="8"After change
OPTS_RPC_NFSD="-u 20"
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/conf.d/sshd
Changed on 28.11.12Do not start dhcp at boot
rc_need="!net"
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/conf.d/xdm
Changed on 09.10.09Configure the Thinclient
DISPLAYMANAGER="xdm"After change
DISPLAYMANAGER="lightdm"
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/crontab
Changed on 19.07.13System health checks
# Check Disk Usage */5 * * * * root [ -e /etc/thinclient/scripts/check-hdd.sh ] && /etc/thinclient/scripts/check-hdd.sh 30 * * * * root rm -rf /tmp/df-?d?? # Check Memory */5 * * * * root [ -e /etc/thinclient/scripts/check-mem.sh ] && /etc/thinclient/scripts/check-mem.sh # Check Swap */5 * * * * root [ -e /etc/thinclient/scripts/check-swap.sh ] && /etc/thinclient/scripts/check-swap.sh # Check temperature */5 * * * * root [ -e /etc/thinclient/scripts/check-temperature.sh ] && /etc/thinclient/scripts/check-temperature.sh # Check time */5 * * * * root ntpdate -s 0.de.pool.ntp.org >/dev/null 2>&1 || ntpdate -s 1.de.pool.ntp.org >/dev/null 2>&1
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/default/btrfsmaintenance
Changed on 03.01.19Auto find btrfs-Volumes
BTRFS_LOG_OUTPUT="stdout"After change
BTRFS_LOG_OUTPUT="syslog"
Auto find btrfs-Volumes
BTRFS_BALANCE_MOUNTPOINTS="/"After change
BTRFS_BALANCE_MOUNTPOINTS="auto"
Auto find btrfs-Volumes
BTRFS_SCRUB_MOUNTPOINTS="/"After change
BTRFS_SCRUB_MOUNTPOINTS="auto"
Auto find btrfs-Volumes
BTRFS_TRIM_MOUNTPOINTS="/"After change
BTRFS_TRIM_MOUNTPOINTS="auto"
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/dhcpcd.conf
Changed on 30.10.09Timeout for dhcpcd
timeout 20
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/dhcp/dhcpd-tornet0.conf
Changed on 28.03.20Tor Networking DHCP
option domain-name "tornet0";
default-lease-time 600;
max-lease-time 7200;
option subnet-mask XXX.XXX.XXX.XXX;
option broadcast-address XXX.XXX.XXX.XXX;
option domain-name-servers XXX.XXX.XXX.XXX;
option routers XXX.XXX.XXX.XXX;
default-lease-time 7200;
max-lease-time 14400;
ddns-update-style none;
subnet XXX.XXX.XXX.XXX netmask XXX.XXX.XXX.XXX {
range XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX;
}
next-server XXX.XXX.XXX.XXX;
option architecture-type code 93 = unsigned integer 16;
if option architecture-type = 00:09 {
filename "bootx64.efi";
} elsif option architecture-type = 00:07 {
filename "bootx64.efi";
} else {
filename "pxelinux.0";
}
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/dhcp/dhcpd-vnet0.conf
Changed on 28.03.20Virtual Networking DHCP
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/etc-update.conf
Changed on 28.03.20Automerge without asking
rm_opts="-i"After change
rm_opts=""
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/exports
Changed on 09.10.09Configure the Thinclient
/_gtcroot XXX.XXX.XXX.XXX/XXX.XXX.XXX.XXX(fsid=1,no_subtree_check,async,no_root_squash,ro,insecure)
File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x
Click here for a download of the complete file: /gtc/test/etc/init.d/checkroot
Changed on 19.03.10This stops remounting/mounting the root. Mounting stuff for is done in the initrd.
if cat /proc/cmdline | grep -i root=/dev/nfs >/dev/null then exit 0 fi
File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x
Click here for a download of the complete file: /gtc/test/etc/init.d/procfs
Changed on 17.11.19Get rid of "binfmt-misc module needs to be loaded" message on boot
# if ! grep -qs binfmt_misc /proc/filesystems && # modprobe -q binfmt-misc; then # ewarn "The binfmt-misc module needs to be loaded by" \ # "the modules service or built in." # fiAfter change
# if ! grep -qs binfmt_misc /proc/filesystems && # modprobe -q binfmt-misc; then # ewarn "The binfmt-misc module needs to be loaded by" \ # "the modules service or built in." # fi
File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x
Click here for a download of the complete file: /gtc/test/etc/local.d/gtc.start
Changed on 09.10.09Configure the Thinclient
/etc/thinclient/startup/gtc-startupconfig 2>&1 | tee -a /var/log/thinclient.log /etc/init.d/xdm zap >/dev/null 2>&1
File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x
Click here for a download of the complete file: /gtc/test/etc/local.d/gtc.stop
Changed on 19.09.12Store Passwords and Mixer settings if the BGTC is local
#!/bin/bash if mount | grep "/_gtcroot type nfs" >/dev/null then echo "This GTC is network booted" else echo "Savin printer settings" mkdir -p /_gtcroot/etc/thinclient/profiles/`hostname`/etc/cups [ -f /etc/cups/printers.conf ] && cp -p /etc/cups/printers.conf /_gtcroot/etc/thinclient/profiles/`hostname`/etc/cups/ [ -d /etc/cups/ppd ] && cp -rp /etc/cups/ppd /_gtcroot/etc/thinclient/profiles/`hostname`/etc/cups/ echo "Saving NetworkManager settings" mkdir -p /_gtcroot/etc/thinclient/profiles/`hostname`/etc/NetworkManager/ rsync -aXAh --delete /etc/NetworkManager/ /_gtcroot/etc/thinclient/profiles/`hostname`/etc/NetworkManager/ . /etc/thinclient/scripts/gtc-confs.sh mkdir -p /_gtcroot/etc/thinclient/profiles/`hostname`/local echo "Saving mixersettings" alsactl store -f /_gtcroot/etc/thinclient/profiles/`hostname`/local/mixersettings echo "Saving passwords" cat /etc/shadow | grep -a "^root" > /_gtcroot/etc/thinclient/profiles/`hostname`/local/shadow for LU in $LOCALUSER do cat -vT /etc/shadow | grep -a "^$LU" >> /_gtcroot/etc/thinclient/profiles/`hostname`/local/shadow done # sync sync fi
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/modprobe.d/iwl4965.conf
Changed on 09.10.09Speed UP WLAN
options iwl4965 swcrypto=1 11n_disable=1
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/modprobe.d/iwlagn.conf
Changed on 09.10.09Speed UP WLAN
after options iwlagn swcrypto=1 11n_disable=1
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/modprobe.d/iwlwifi.conf
Changed on 09.10.09Speed UP WLAN
#options iwlwifi swcrypto=1 options iwlwifi 11n_disable=8 options iwlwifi bt_coex_active=0 #options iwlwifi led_mode=2
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/modprobe.d/snd-hda-intel.conf
Changed on 09.10.09ThinkPad Sound
options snd_hda_intel model=thinkpad
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/NetworkManager/nm-system-settings.conf
Changed on 28.03.20Ignore vnet0 by NetworkManager
[keyfile] unmanaged-devices=interface-name:vnet0;interface-name:tornet0
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/pam.d/login
Changed on 03.01.19Start gnome-keyring-daemon at login
session optional pam_gnome_keyring.so auto_start auth optional pam_gnome_keyring.so
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/postfix/main.cf
Changed on 02.07.12Mailsettings
inet_protocols = ipv4 myorigin = $myhostname mydestination = mynetworks_style = subnet smtpd_relay_restrictions = permit_mynetworks, defer relay_domains = $myhostname relayhost = $mydomain local_recipient_maps = inet_interfaces = all local_transport = error:local delivery is disabled
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/profile
Changed on 09.10.09All in group should have gegerally rwx permission others none
umask 022After change
umask 007 if [ "$EUID" -eq 0 ] then umask 022 fi
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/ssh/ssh_config
Changed on 05.01.09Some SSH security settings
## Ciphers Check https://sshcheck.com/server/example.com/8081 KexAlgorithms curve25519-sha256@libssh.org HostKeyAlgorithms ssh-ed25519 Ciphers chacha20-poly1305@openssh.com,aes256mail@example.com,aes128mail@example.com MACs hmac-sha2-512mail@example.com,hmac-sha2-256mail@example.com,umac-128mail@example.com
File permissions:
Owner: root
Group: root
Permissions: -rw-------
Click here for a download of the complete file: /gtc/test/etc/ssh/sshd_config
Changed on 05.01.09Some SSH security settings
# Ciphers Check https://sshcheck.com/server/ # nmap -p22 -n -sV --script ssh2-enum-algos localhost KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 HostKeyAlgorithms ssh-ed25519 Ciphers chacha20-poly1305@openssh.com,aes256mail@example.com,aes128mail@example.com MACs hmac-sha2-512mail@example.com,hmac-sha2-256mail@example.com,umac-128mail@example.com PermitRootLogin yes
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/sysctl.conf
Changed on 06.09.08Network Optimazions for SSHFS/NFS
net.ipv4.tcp_rmem = 4096 87380 8388608 net.ipv4.tcp_wmem = 4096 87380 8388608 net.core.rmem_max = 8388608 net.core.wmem_max = 8388608 net.core.netdev_max_backlog = 5000 net.ipv4.tcp_window_scaling = 1
Virtual Networking Routing
net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.ip_dynaddr = 1
File permissions:
Owner: root
Group: root
Permissions: -rwxr-x---
Click here for a download of the complete file: /gtc/test/etc/thinclient/scripts/check-hdd.sh
Changed on 19.07.13Cron-Check Script for disk usage
#!/bin/bash df -l /dev/?d?? 2>/dev/null | grep "^/dev/" | perl -pe 's/[ \%]+/ /g' | cut -d" " -f1,5 2>/dev/null | while read i do disk=`echo $i | cut -d" " -f1 | cut -d"/" -f3` usa=`echo $i | cut -d" " -f2` lock="/tmp/df-$disk" if [ $usa -gt 95 ] then if [ -f $lock ] then date >>$lock else echo -e "Disk usage $disk at $usa%:\n`df -l /dev/?d?? | grep $usa\%`\n\n `ps aux`\n\n`free -m`" | mail -s "`hostname`: Disk usage $disk at $usa% - CRITICAL" `ls -1 /home/ | egrep -v 'lost.found|man|data'| while read m; do echo -n $m,; done`root date >$lock fi else if [ -f $lock ] then echo -e "Disk usage $disk at $usa%:\n`cat $lock`" | mail -s "`hostname`: Disk usage $disk at $usa% - OK" `ls -1 /home/ | egrep -v 'lost.found|man|data' | while read m; do echo -n $m,; done`root rm -f $lock fi fi done
File permissions:
Owner: root
Group: root
Permissions: -rwxr-x---
Click here for a download of the complete file: /gtc/test/etc/thinclient/scripts/check-mem.sh
Changed on 19.07.13Cron Check script for memory usage
#!/bin/bash mem=`free -m | grep "^Mem:" | perl -pe 's/[ ]+/ /g' | cut -d" " -f 6` if [ $mem -lt 32 ] then if [ -f "/tmp/memlow" ] then echo "`date` --> $mem" >>/tmp/memlow else echo -e "Free Mem low ($mem MB):\n`free -m`\n\n`ps aux`" | mail -s "`hostname`: Free mem low ($mem MB)" `ls -1 /home/ | egrep -v 'lost.found|man|data' | while read m; do echo -n $m,; done`root echo "`date` --> $mem" >>/tmp/memlow fi else rm -f /tmp/memlow fi
File permissions:
Owner: root
Group: root
Permissions: -rwxr-x---
Click here for a download of the complete file: /gtc/test/etc/thinclient/scripts/check-swap.sh
Changed on 19.07.13Cron Check script for swap usage
#!/bin/bash blkid | grep GTCSWAP >/dev/null || exit 0 if [ `free -m | grep "^Swap:" | perl -pe 's/[ ]+/ /g' | cut -d" " -f 4` -lt 64 ] then echo -e "Free Swap low:\n`free -m`\n\n`ps aux`" | mail -s "`hostname`: Free swap low (under 256MB)" `ls -1 /home/ | egrep -v 'lost.found|man|data' | while read m; do echo -n $m,; done`root fi
File permissions:
Owner: root
Group: root
Permissions: -rwxr-x---
Cron Check script for system temperature sensors
#!/bin/bash
ls -1 /sys/devices/platform/coretemp.*/hwmon/hwmon*/temp*_input >/dev/null 2>&1 || exit 0
for sensor in `ls -1 /sys/devices/platform/coretemp.*/hwmon/hwmon*/temp*_input`
do
sens=`basename $sensor`
if [ `cat $sensor` -gt 85000 ]
then
sleep 300
if [ `cat $sensor` -gt 85000 ]
then
if [ -f /tmp/sensor-$sens ]
then
date >>/tmp/sensor-$sens
else
let temp=`cat $sensor`/1000
echo -e "Temperature of $sens up to $temp degree Centigrade...\n\n`sensors`\n\n`ps aux`\n\n`free -m`\n\n`df -lh | cat -vT `" | cat -vT | mail -s "`hostname`: Temperature up to $temp degree Centigrade" `ls -1 /home/ | egrep -v 'lost.found|man|data' | while read m; do echo -n $m,; done`root
date >/tmp/sensor-$sens
fi
fi
else
if [ -f /tmp/sensor-$sens ]
then
let temp=`cat $sensor`/1000
echo -e "Temperature OK - $temp degree Centigrade...\n\n`cat /tmp/sensor-$sens`" | mail -s "`hostname`: Temperature OK again $temp" `ls -1 /home/ | egrep -v 'lost.found|man|data' | while read m; do echo -n $m,; done`root
rm -f /tmp/sensor-$sens
fi
fi
done
File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x
This script installs additional/optional software defined in the thinclient.conf[.local]
#!/bin/bash # Insert make.conf source /etc/portage/make.conf source /etc/thinclient/scripts/gtc-confs.sh if [ -z "$PACKAGES" ] then echo "No PACKAGES to install!" exit 0 fi # Mount proc for compiling mount -t proc proc /proc 2>/dev/null # Create /_additionalsw-Dir and remove possible old DB entries if [ ! -d /_additionalsw ] then mkdir -p /_additionalsw chmod 0755 /_additionalsw for i in `echo $PACKAGES` do if [ -d /var/db/pkg/$i* ] then rm -r /var/db/pkg/$i* fi done fi # Link package database if [ ! -L /_additionalsw/var/db/pkg ] then mkdir -p /_additionalsw/var/db/ ln -sf /var/db/pkg /_additionalsw/var/db/pkg fi mkdir -p /_additionalsw/var/cache/edb ln -sf /var/cache/edb/counter /_additionalsw/var/cache/edb/counter # Optionally source a user defined script for doing things before emerge if [ -f "/etc/gtc-preupdate.sh" ] then . /etc/gtc-preupdate.sh fi # Install the packages in an other root KERNEL_DIR="/usr/src/linux" ACCEPT_LICENSE="*" ROOT="/_additionalsw" emerge -uq --keep-going --config-root=/ $PACKAGES # Remove probably old links echo "Searching for old /_additionalsw-SymLinks" for i in `find / -xdev -type l -printf "%h/%f;%l\n" | grep ";/_additionalsw/" | cut -d";" -f1` do echo "Removing old /_additionalsw-SymLink $i" rm -f $i done # Search for nonexisting directories find /_additionalsw -type d | sed 's/^\/_additionalsw//' | while read i do if [ ! -e "$i" ] then echo "Linking Directory $i" ln -s "/_additionalsw$i" "$i" fi done # Search for nonexisting files find /_additionalsw -type f | sed 's/^\/_additionalsw//' | while read i do if [ ! -e "$i" ] then echo "Linking File $i" ln -s "/_additionalsw$i" "$i" fi done # Search for nonexisting links find /_additionalsw -type l | sed 's/^\/_additionalsw//' | while read i do if [ ! -e "$i" ] then echo "Linking Link $i" ln -s "/_additionalsw/$i" "$i" fi done echo "Running some environment-updates" env-update source /etc/profile depmod -a ldconfig echo "Putting the packages into the world-file" ACCEPT_LICENSE="*" emerge -nq $PACKAGES echo " The following packages have been linked in: $PACKAGES"
File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x
This script deletes all additional/optional installed software
#!/bin/bash source /etc/thinclient/scripts/gtc-confs.sh [ -n $PACKAGES ] && if ! [ -z "$PACKAGES" ] then echo "Cleaning world file" emerge --deselect $PACKAGES echo "Cleaning portage" emerge --depclean fi echo "Searching for /_additionalsw-SymLinks" find / -xdev -type l -printf "%h/%f;%l\n" | grep ";/_additionalsw" | cut -d";" -f1 | while read i do echo "Removing SymLink $i" rm -f "$i" done echo "Deleting /_additionalsw" rm -rf /_additionalsw
File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x
Click here for a download of the complete file: /gtc/test/etc/thinclient/scripts/gtc-ieurl
Changed on 21.11.09Script for starting Firefox with URLs/Links/Bookmarks/Favorites from the Internet Explorer (*.url-files)
#!/bin/bash firefox `cat "$1" | grep "^URL" | cut -d"=" -f2`
File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x
Click here for a download of the complete file: /gtc/test/etc/thinclient/scripts/gtc-info
Changed on 02.12.10Script for collecting systeminformations. This maybe for supportmails.
#!/bin/bash # # Script for getting system informations: echo ' set -x # boot and hardware cat /proc/cmdline cat /proc/cpuinfo dmesg -T free -m lspci lsusb # network ifconfig -a route -n brctl show brctl show | while read bridge do br=`echo $bridge | grep "8000\." | cut -d" " -f1` if [ -n "$br" ] then brctl showstp $br fi done # tasks and user who ps aux # time ls -ld /etc/localtime date # hdds mount df -h cat /proc/mounts # logs find /var/log -type f | grep -v emerge.log | while read log do if file $log | grep text then ls -l $log cat $log fi done # configs find /etc -type f | while read conf do if file -b $conf | grep text then ls -l $conf cat $conf fi done ' >/tmp/gtc-info date=`date +%Y-%m-%d-%H-%M-%S` sh /tmp/gtc-info > ~/gtc-info-$date-$$.log 2>&1 echo "Informations are in /root/gtc-info-*" echo -n "Please enter an eMail-Address to send the info: " read mail cat ~/gtc-info-$date-$$.log | mail -s "GTC-Info `hostname` $date-$$" $mail
File permissions:
Owner: root
Group: root
Permissions: -rwx------
Click here for a download of the complete file: /gtc/test/etc/thinclient/scripts/gtc-install
Changed on 08.11.10Userinteractive Installationscript for the GTC on a disk.
#!/bin/bash
echo "Welcome to the GTC installer!"
# Choosing a Disk
echo "
This will guide you through the installation on a local disk or USB device."
if blkid | grep 'LABEL="GTC"' >/dev/null
then
if blkid | grep 'LABEL="GTCDATA"' >/dev/null
then
if blkid | grep 'LABEL="GTCSWAP"' >/dev/null
then
gtcdisk=`blkid | grep 'LABEL="GTC"' | tail -n1 | cut -d ":" -f1`
gtcdata=`blkid | grep 'LABEL="GTCDATA"' | tail -n1 | cut -d ":" -f1`
gtcswap=`blkid | grep 'LABEL="GTCSWAP"' | tail -n1 | cut -d ":" -f1`
dev=`echo $gtcdisk | sed 's/[0-9]//g'`
echo "Found Partition-Labels for the GTC-Partitions:
GTC-Systemdisk is $gtcdisk
GTC-Datadisk is $gtcdata
GTC-Swapdisk is $gtcswap
Shall we install/update on this partitions and overwrite the bootsector (MBR) on $dev? If yes please enter \"yes\""
read partitions
fi
fi
fi
if [ "$partitions" = "yes" ]
then
umount -lf $gtcdata
umount -lf $gtcdisk
echo "Disks selected."
else
echo "Here is a list of devices the GTC can be installed:
"
fdisk -l | grep " /dev/" | egrep -v "t contain|ram"
echo "
WARNING: ALL DATA ON THE DISK YOU CHOOSE WILL BE DELETED!!!!
Please enter the devicname name e.g. /dev/sdb you want to install the GTC."
echo "Device: "
read dev
dev=`echo $dev | sed 's/^\/dev\///'`
dev="/dev/$dev"
if cat /proc/mounts | grep $dev
then
echo "
$dev is already mounted - Cannot install on a mounted disk"
exit 1
fi
if [ -b "$dev" ]
then
echo "WARNING: ALL DATA ON $dev WILL BE DELETED!!!!"
echo "If you are absolutely sure you want to delete all data in $dev and install the GTC in it enter \"yes\": "
read sure
if [ "$sure" = "yes" ]
then
echo "OK, so let's install GTC on $dev!"
else
echo "Installation canceld!"
exit 1
fi
else
echo "$dev does not exist or is not a valid block device!"
exit 1
fi
fi
for i in `cat /proc/mounts | grep $dev | cut -d" " -f1`
do
echo "
$i is already mounted - Umounting..."
umount -lf $i
done
# Choosing the systems role
echo "
What system role do you want to install?
- Server (A Server for the Gentoo ThinClients)
- Live (A Livesystem e.g.: for testing the GTC)
- Profile (A System with a specified profile)
Please enter Server, Profile or Live: "
read role
if echo "$role" | grep -i "^s"
then
inst="gtc-srvinst"
elif echo "$role" | grep -i "^p"
then
inst="gtc-profileinst"
elif echo "$role" | grep -i "^l"
then
inst="gtc-liveinst"
else
echo "No valid role entered!"
exit 1
fi
inst="/etc/thinclient/scripts/$inst"
if [ "$partitions" = "yes" ]
then
$inst $gtcdisk $dev
else
# Create a partition and a filesystem
echo "Preparing $dev"
echo "Creating partitions on $dev"
sfdisk --delete $dev
sfdisk $dev <<__EOF__
2048,81140000,L
,2480000,S
,,L
__EOF__
sleep 5
echo "Setting bootable flag on ${dev}1"
sfdisk -A ${dev} 1
sleep 5
echo "Formating partitions on $dev"
mkfs.ext4 -m1 -F -L "GTC" ${dev}1 || exit 1
mkswap ${dev}2 -f -L "GTCSWAP" || exit 1
mkfs.ext4 -m1 -F -L "GTCDATA" ${dev}3 || exit 1
# Start installation
echo "Starting the installation"
$inst ${dev}1 $dev
fi
File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x
Click here for a download of the complete file: /gtc/test/etc/thinclient/scripts/gtc-mkiso
Changed on 08.11.09Script for creating the GTC DVD-Image
#!/bin/bash rm -rf /gtcdvd mkdir -p /gtcdvd/boot KERN=`basename \`ls -tr1 /boot/kernel-genkernel-* | tail -n1\`` INITRD=`basename \`ls -tr1 /boot/initramfs-genkernel-* | tail -n1\`` cp /boot/$KERN /gtcdvd/boot/kernel cp /boot/$INITRD /gtcdvd/boot/initrd cp /usr/share/syslinux/isolinux.bin /gtcdvd/ cp /usr/share/syslinux/menu.c32 /gtcdvd/ version=`head /etc/thinclient/gtc-release-notes -n1 | cut -d" " -f2` echo "default menu.c32 prompt 0 menu title GTC LiveDVD $version ALLOWOPTIONS 1 MENU AUTOBOOT Starting GTC DVD in # seconds label GTC-$KERN menu label ^GTC - Livesystem - $version timeout 150 kernel /boot/kernel append initrd=/boot/initrd ramdisk_size=256000 acpi_sleep=s3_bios real_root=/dev/nfs gtcdvd dokeymap i915.modeset=1 radeon.modeset=1 label GTC-$KERN menu label ^GTC - Server with XXX.XXX.XXX.XXX/24 - $version kernel /boot/kernel append initrd=/boot/initrd ramdisk_size=256000 acpi_sleep=s3_bios real_root=/dev/nfs gtcdvd gtcserver i915.modeset=1 radeon.modeset=1 dokeymap ip=XXX.XXX.XXX.XXX:XXX.XXX.XXX.XXX:XXX.XXX.XXX.XXX:XXX.XXX.XXX.XXX BOOTIF=eth label GTC-$KERN menu label ^GTC - Installation - $version kernel /boot/kernel append initrd=/boot/initrd ramdisk_size=256000 acpi_sleep=s3_bios real_root=/dev/nfs gtcdvd gtcinstall dokeymap i915.modeset=1 radeon.modeset=1 " > /gtcdvd/isolinux.cfg if [ -d "/_gtcroot" ] then echo "Using /_gtcroot" else mkdir -p /_gtcroot mount --bind / /_gtcroot fi cp /etc/thinclient/gtc-release-notes /gtcdvd/`date +%Y%m%d` mksquashfs /_gtcroot/ /gtcdvd/gtc -e gtcdvd.iso -e gtcdvd -e _gtcroot -e etc/thinclient/profiles -e _additionalsw -e usr/portage/distfiles -e usr/src -e etc/thinclient/thinclient.conf.local umount /_gtcroot 2>/dev/null ; rmdir /_gtcroot 2>/dev/null mkisofs -R -V "GTC DVD" -o /gtcdvd.iso -b isolinux.bin -c boot.catalog -no-emul-boot -boot-load-size 4 -boot-info-table /gtcdvd/
File permissions:
Owner: root
Group: root
Permissions: -rwx------
Click here for a download of the complete file: /gtc/test/etc/thinclient/scripts/gtc-update
Changed on 08.12.09GTC-Systemupdate Update script
#!/bin/bash
if mount | grep -q "/_gtcroot type nfs"
then
echo "No update on an NFS-Client possible!"
exit 1
fi
if ! mount | grep -q /_gtcroot
then
echo "No GTC System"
exit 1
fi
find /_gtcroot/update-down -mtime +3 -exec rm -f {} \; >/dev/null 2>&1
. /etc/thinclient/scripts/gtc-confs.sh
if [ "$UPDATECHANNEL" = "test" ]
then
chan="-test"
echo "WARNING: Using Test-Channel"
fi
rm -rf /var/log/emerge.log /var/log/portage
for syncpath in /etc/thinclient/scripts /etc/thinclient/share
do
until RSYNC_PASSWORD="UHexWfBzJjCfwgwTUaUPN2ryYmXIp92j" rsync -aH --timeout=300 rsync://mail@example.com/thinclient$chan/$syncpath/ /$syncpath/
do
echo "!!! ERROR downloading System-Update Update - Retrying in 30 seconds"
sleep 30
done
rsync -aH /$syncpath/ /_gtcroot/$syncpath/
done
cat /etc/thinclient/scripts/gaboshlib.include >/etc/bash/gaboshlib.include
RSYNC_PASSWORD="UHexWfBzJjCfwgwTUaUPN2ryYmXIp92j" rsync -aH --delete --timeout=300 rsync://mail@example.com/thinclient$chan/etc/thinclient/login/ /_gtcroot/etc/thinclient/login/
RSYNC_PASSWORD="UHexWfBzJjCfwgwTUaUPN2ryYmXIp92j" rsync -aH --timeout=300 rsync://mail@example.com/thinclient$chan/etc/thinclient/startup/ /_gtcroot/etc/thinclient/startup/
RSYNC_PASSWORD="UHexWfBzJjCfwgwTUaUPN2ryYmXIp92j" rsync -aH --timeout=300 rsync://mail@example.com/thinclient$chan/etc/local.d/ /_gtcroot/etc/local.d/
RSYNC_PASSWORD="UHexWfBzJjCfwgwTUaUPN2ryYmXIp92j" rsync -aH --timeout=300 rsync://mail@example.com/thinclient$chan/etc/bash/ /_gtcroot/etc/bash/
rsync -aH /_gtcroot/etc/local.d/ /etc/local.d/
rsync -aH /_gtcroot/etc/bash/ /etc/bash/
until RSYNC_PASSWORD="UHexWfBzJjCfwgwTUaUPN2ryYmXIp92j" rsync -aH --timeout=300 rsync://mail@example.com/thinclient$chan/etc/thinclient/gtc-release-notes /etc/thinclient/gtc-release-notes-new
do
echo "!!! ERROR downloading GTC Release-Information - Retrying"
sleep 30
done
if [ "`cat /_gtcroot/etc/thinclient/gtc-release-notes | head -n1`" = "`cat /etc/thinclient/gtc-release-notes-new | head -n1`" ]
then
echo "No Update from `cat /etc/thinclient/gtc-release-notes | head -n1` available"
exit 0
else
echo "Updateing from `cat /etc/thinclient/gtc-release-notes | head -n1` to `cat /etc/thinclient/gtc-release-notes-new | head -n1`"
fi
sync
echo ">>> System-Update Update successfully finished"
sh /etc/thinclient/scripts/gtc-update-fetch
File permissions:
Owner: root
Group: root
Permissions: -rwx------
Click here for a download of the complete file: /gtc/test/etc/thinclient/scripts/gtc-update-post
Changed on 02.01.12GTC-Systemupdate Update script
#!/bin/bash
if mount | grep "/_gtcroot type nfs"
then
echo "No update on an NFS-Client possible!"
exit 1
fi
. /etc/thinclient/scripts/gtc-confs.sh
if [ "$UPDATECHANNEL" = "test" ]
then
chan="-test"
fi
# Resync unimportant parts
mkdir -p /_gtcroot/usr/portage /_gtcroot/opt
echo ">>> Resyncing /opt"
RSYNC_PASSWORD="UHexWfBzJjCfwgwTUaUPN2ryYmXIp92j" rsync -aH --info=progress2 --no-i-r -h --timeout=300 --contimeout=300 --delete --numeric-ids rsync://mail@example.com/thinclient$chan/opt/ /_gtcroot/opt/
echo ">>> Resyncing /usr/portage"
RSYNC_PASSWORD="UHexWfBzJjCfwgwTUaUPN2ryYmXIp92j" rsync -aH --info=progress2 --no-i-r -h --timeout=300 --contimeout=300 --delete --numeric-ids --exclude=.tmp* --exclude=distfiles rsync://mail@example.com/thinclient$chan/usr/portage/ /_gtcroot/usr/portage/
echo ">>> Renewing additional Software"
mkdir -p /_gtcroot/proc /_gtcroot/dev
cp -p /etc/resolv.conf /_gtcroot/etc/resolv.conf
mount -t devtmpfs udev /_gtcroot/dev
mount -t proc proc /_gtcroot/proc
chroot /_gtcroot /bin/bash -c "env-update &>/dev/null && source /etc/profile && gtc-additional-sw-del ; gtc-additional-sw-add"
sudo umount /_gtcroot/dev /_gtcroot/proc
# Remove unwanted Software
if [ "$SWPROFILE" == "binredisonly" ]
then
/etc/thinclient/scripts/gtc-binredisonly
fi
if [ "$SWPROFILE" == "ossonly" ]
then
/etc/thinclient/scripts/gtc-ossonly
fi
if lspci | egrep -q "NVIDIA.+G86M"
then
/etc/thinclient/scripts/gtc-nvidia-legacy-driver
fi
if lspci | egrep -q "NVIDIA"
then
echo 'modules="nvidia nvidia-drm"' >>/_gtcroot/etc/conf.d/modules
fi
if ! grep -q "RAM Test" /boot/grub/grub.cfg
then
g_boot=$(grep "set uuid_root" /boot/grub/grub.cfg | head -n1)
echo "
menuentry 'RAM Test' {
$g_boot
search --no-floppy --fs-uuid \$uuid_root --set=root
set root=\$root
linux16 /boot/memtest86plus/memtest.bin
}
" >>/_gtcroot/boot/grub/grub.cfg
fi
sync
echo "
Update is finished!!! System will reboot now...
"
sleep 10
reboot
File permissions:
Owner: root
Group: root
Permissions: -r-x------
Click here for a download of the complete file: /gtc/test/etc/thinclient/startup/gtc-startupconfig
Changed on 27.10.09This runs all the scripts for configuring global and individual settings for all thinclients..
g_echo_ok "Loading VirtualBox modules"
modprobe vboxdrv >/dev/null 2>&1
modprobe vboxnetadp >/dev/null 2>&1
modprobe vboxnetflt >/dev/null 2>&1
modprobe vboxpci >/dev/null 2>&1
# Swappiness
echo 10 >/proc/sys/vm/swappiness
# Disable ipv6 for bridges (parameter in /etc/conf.d/net doesn't work)
echo 1 >/proc/sys/net/ipv6/conf/vnet0/disable_ipv6
echo 1 >/proc/sys/net/ipv6/conf/tornet0/disable_ipv6
#g_echo_ok "Loading snd-pcm-oss module for getting /dev/dsp i.e. for old games"
##modprobe snd-pcm-oss 2>/dev/null
#
#g_echo_ok "Loading snd_seq module needed e.g. by dosbox"
#modprobe snd_seq
g_echo_ok "Loading new microcode e.g. because of Spectre/Meltdown"
[ -e /sys/devices/system/cpu/microcode/reload ] && echo 1 > /sys/devices/system/cpu/microcode/reload
g_echo_ok "Disabling power_save of wlan0 if present"
iw dev wlan0 set power_save off >/dev/null 2>&1
g_echo_ok "Enabling ip_forward for network routing of spectial networks like vlan0 or tornet0"
echo 1 > /proc/sys/net/ipv4/ip_forward
g_echo_ok "Creating /dev/dvd,cdrom,cdrecorder Symlinks needed by some apps like xine"
ln -sf /dev/sr0 /dev/dvd
ln -sf /dev/sr0 /dev/cdrom
ln -sf /dev/sr0 /dev/cdrecorder
g_echo_ok "Setting rights of /"
chmod 755 /
g_echo_ok "Linking GTC-Profile"
ln -s /_gtcroot/etc/thinclient/profiles/`hostname` /etc/current-gtc-profile
# No log send?
if [ -f /etc/thinclient/profiles/`hostname`/local/send-no-log ]
then
g_echo_ok "Disabling Sending of Logs"
if [ -f /_gtcroot/etc/rsyslog.d/00-gtc.conf ]
then
rm -f /_gtcroot/etc/rsyslog.d/00-gtc.conf
/etc/init.d/rsyslog restart
fi
fi
g_echo_ok "Pipe Xorg log to syslog"
touch /var/log/Xorg.0.log
chown root:root /var/log/Xorg.0.log
chmod 644 /var/log/Xorg.0.log
echo 'tail -F /var/log/Xorg.0.log | logger -i -t "Xorg"' | at now >/dev/null 2>&1
g_echo_ok "Disabling console blanking"
setterm -blank 0
g_echo_ok "Cleaning up sudo-io logs"
rm -rf /var/log/sudo-io/*
g_echo_ok "Reset AccountsService"
rm -f /var/lib/AccountsService/users/*
g_echo_ok "Mounting GTCDATA and GTCSWAP-Partitions"
mkdir -p /srv
mount LABEL=GTCDATA /srv >/dev/null 2>&1 || rmdir /srv
swapon LABEL=GTCSWAP >/dev/null 2>&1
### GTC-Server?
#if [ -d /srv/config ]
#then
# rsync -a --exclude=thinclient.conf.local --exclude=profiles --exclude=global-profile --delete /etc/thinclient/ /srv/config/
# mount -B /srv/config /etc/thinclient
#fi
#if [ -d /srv/profiles ]
#then
# mount -B /srv/profiles /etc/thinclient/profiles
#fi
#if [ -d /srv/global-profile ]
#then
# mount -B /srv/global-profile /etc/thinclient/global-profile
#fi
#g_echo_ok "Adding `hostname` to /etc/hosts"
#echo "127.0.0.1 `hostname`" >>/etc/hosts
. /etc/thinclient/scripts/gtc-confs.sh
g_echo_ok "Create smb.conf needed by cups in some cases"
touch /etc/samba/smb.conf
# Check for enabled Debug-Mode
if [ $DEBUG == "yes" ]
then
g_echo_warn "Enabling Debug output"
set -x
fi
g_echo_ok "Enable wheel group for sudo to root"
echo '%wheel ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
g_echo_ok "Creating user(s)"
if [ -z "$LOCALUSER" ]
then
g_echo "Creating no local User"
else
for LU in $LOCALUSER
do
g_echo_ok "Creating user $LU"
cp -p /etc/shadow /etc/shadow.bak
useradd -g users -G wheel,root -d /home/$LU $LU 2>&1 | egrep -vi 'already exists|Not copying any file from skel directory into it'
for grp in docker games sambashare wheel root audio video cdrom vboxusers cdrw usb disk lpadmin lp scanner sys adm floppy plugdev dialout libvirt
do
usermod -aG $grp $LU
done
if grep -q -a "^$LU" /etc/thinclient/profiles/`hostname`/local/shadow
then
if [ -f /etc/thinclient/profiles/`hostname`/local/shadow ]
then
g_echo_ok "Restoring $LU password"
grep -a "^$LU" /etc/thinclient/profiles/`hostname`/local/shadow > /etc/shadow2
cat -vT /etc/shadow | grep -a -v "^$LU" >> /etc/shadow2
mv /etc/shadow2 /etc/shadow
chmod 0600 /etc/shadow
fi
else
g_echo_ok "Setting $LU password to default gtc"
echo $LU:GTCL1nux | chpasswd
fi
if ! [ -d /home/$LU ]
then
g_echo_ok "Creating homedir for $LU"
mkdir -p /home/$LU
chown $LU:users /home/$LU
chmod 0700 /home/$LU
fi
done
if [ -f /etc/thinclient/profiles/`hostname`/local/shadow ]
then
if grep -q -a "^root" /etc/thinclient/profiles/`hostname`/local/shadow
then
g_echo_ok "Restoring root password"
grep -a "^root" /etc/thinclient/profiles/`hostname`/local/shadow > /etc/shadow2
cat -vT /etc/shadow | grep -a -v "^root" >> /etc/shadow2
mv /etc/shadow2 /etc/shadow
chmod 0600 /etc/shadow
else
echo root:GTCL1nux | chpasswd
fi
fi
fi
# If this is a local GTC
if mount | grep "/_gtcroot type nfs" >/dev/null
then
g_echo_ok "This GTC seems to be network booted - doing network jobs"
g_echo_ok "NET: Disabling network and loop uounts and remount,ro during shutdown which may cause hangs"
echo '
stop()
{
return 0
}
' >> /etc/init.d/localmount
cat /etc/init.d/localmount >>/etc/init.d/netmount
# No remount,ro while shutdown:
echo "#!/bin/bash
exit 0
" > /etc/init.d/mount-ro
else
g_echo_ok "This GTC seems to be local booted - doing local jobs"
g_echo_ok "LOCAL: Creating Update Switch button depending on actual update channel"
if [ $UPDATECHANNEL = "test" ]
then
echo "[Desktop Entry]
Name=GTC Update von stable-Kanal
Comment=GTC Update von stable-Kanal
Exec=mate-terminal --window --command=\"sudo /etc/thinclient/scripts/gtc-update-switch-test-stable.sh\"
Path=
Icon=/usr/share/icons/gabosh/linux.png
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Core;Utility;
">/usr/share/applications/gtc-update-switch-test-stable.desktop
else
echo "[Desktop Entry]
Name=GTC Update von test-Kanal
Comment=GTC Update von test-Kanal
Exec=mate-terminal --window --command=\"sudo /etc/thinclient/scripts/gtc-update-switch-test-stable.sh\"
Path=
Icon=/usr/share/icons/gabosh/linux.png
Terminal=false
StartupNotify=false
Type=Application
Categories=GTC;Core;Utility;
">/usr/share/applications/gtc-update-switch-test-stable.desktop
fi
g_echo_ok "LOCAL: Starting Firewall (UFW)"
/etc/init.d/ufw start
# Restore mixer settings
if [ -f /etc/thinclient/profiles/`hostname`/local/mixersettings ]
then
g_echo_ok "LOCAL: Restoring Mixer settings"
alsactl restore -f /etc/thinclient/profiles/`hostname`/local/mixersettings || rm -f /_gtcroot/etc/thinclient/profiles/`hostname`/local/mixersettings
fi
g_echo_ok "LOCAL: Use homedirs from disk"
mount --bind /_gtcroot/root /root
mkdir -p /srv/home /home
mount --bind /srv/home /home
g_echo_ok "LOCAL: Storing SSH keys"
mkdir -p /_gtcroot/etc/thinclient/profiles/`hostname`/etc/ssh
cp -p /etc/ssh/*_key* /_gtcroot/etc/thinclient/profiles/`hostname`/etc/ssh/
g_echo_ok "LOCAL: Copying this profiles thinclient.conf to default-profile for PXE boots"
cat /_gtcroot/etc/thinclient/profiles/`hostname`/thinclient.conf >/_gtcroot/etc/thinclient/default-profile/thinclient.conf
echo "LOCALUSER=gtc" >>/_gtcroot/etc/thinclient/default-profile/thinclient.conf
fi
## Now in initrd?
#g_echo_ok "====== Loading global profile ====="
## Sync global profile
#rsync -a$RSYNC_OPT /etc/thinclient/global-profile/etc/ /etc/
## Now in initrd?
#if [ -d "/etc/thinclient/profiles/`hostname`/etc" ]
#then
# g_echo_ok "====== Loading individual profile ====="
# rsync -a$RSYNC_OPT /etc/thinclient/profiles/`hostname`/etc/ /etc/
#fi
## Now in default runlevel becaus profile in initrd
#for service in rsyslog nscd haveged acpid sshd
#do
# g_echo_ok "Starting service $service"
# /etc/init.d/$service start >/dev/null 2>&1
#done
# Now in initrd 5 default runlevel
if ! ps ax | grep -v grep | grep -q NetworkManager
then
# Local Network?
if ! mount | grep "/_gtcroot type nfs" >/dev/null
then
echo -e "\n==============================\nLoading Network Manager\n==============================\n"
# NetworkManager
iw dev wlan0 set power_save off >/dev/null 2>&1
find /etc/thinclient/profiles/*/etc/NetworkManager/system-connections -type f ! -name '\.*' ! -iname "GTC*" ! -empty | while read netfile
do
if egrep -q "^ssid|^psk" "$netfile"
then
bnetfile=`basename $netfile`
egrep -v "^mac-address=" "$netfile" >"/etc/NetworkManager/system-connections/$bnetfile" 2>/dev/null
fi
done
sed -i 's/^permissions=.*/permissions=/;' /etc/NetworkManager/system-connections/*
fdupes -q -d -N /etc/NetworkManager/system-connections
chmod 600 /etc/NetworkManager/system-connections/*
/etc/init.d/NetworkManager start 2>&1 | egrep -iv '\.pid.: No such file or directory|dispatcher'
fi
fi
#sleep 5
if lsmod | grep -q bluetooth
then
echo '[Desktop Entry]
Name=Blueman Applet
Name[de]=Blueman Applet
Comment=Blueman Bluetooth Manager
Comment[de]=Blueman Bluetooth Manager
Icon=blueman
Exec=blueman-applet
Terminal=false
Type=Application
Categories=' >/etc/xdg/autostart/blueman.desktop
chmod 644 /etc/xdg/autostart/blueman.desktop
fi
for i in `find /etc/thinclient/startup/jobs/ -type f | sort`
do
g_echo_ok "Running $i"
. $i
done
File permissions:
Owner: root
Group: root
Permissions: -r--------
Click here for a download of the complete file: /gtc/test/etc/thinclient/startup/jobs/gtc-anonproxy
Changed on 30.10.09Start Privoxy/Tor Services
#!/bin/bash if [ $ANONPROXY == "yes" ] then echo ' listen-address 0.0.0.0:3128 forward-socks5t / 127.0.0.1:9050 . ' >> /etc/privoxy/config echo 'User tor PIDFile /var/run/tor/tor.pid Log notice syslog DataDirectory /var/lib/tor/data BridgeRelay 0 SOCKSPort 0.0.0.0:9050 ExitPolicy reject *:* ControlPort 9051 HashedControlPassword 16:F7222A0CBC254E536056DCBBD27A7D051D68BCF1E9020681C0A3656B84 # Seting up TOR transparent proxy for tor-router VirtualAddrNetwork XXX.XXX.XXX.XXX/10 AutomapHostsOnResolve 1 TransPort 0.0.0.0:9040 DNSPort 0.0.0.0:5353 ' >/etc/tor/torrc touch /var/run/tor.pid chmod 777 /var/run/tor.pid echo "/usr/bin/tor -f /etc/tor/torrc --runasdaemon 1 --PidFile /var/run/tor.pid >/dev/null" | at now >/dev/null 2>&1 echo "/usr/sbin/privoxy --pidfile /var/run/privoxy.pid --user privoxy.privoxy /etc/privoxy/config >/dev/null" | at now >/dev/null 2>&1 fi
File permissions:
Owner: root
Group: root
Permissions: -r--------
Click here for a download of the complete file: /gtc/test/etc/thinclient/startup/jobs/gtc-autologin
Changed on 30.10.09Script for enabling Autologin
#!/bin/bash # Check if AUTOLOGIN is set #if [ $AUTOLOGIN == "yes" ] #then # echo "Enabling Autologin for user gtc (Password: gtc)" # # Create gtc-User for Autologin # useradd gtc -d /var/gtcdummy -m -g users -G wheel,root,audio,video,cdrom,vboxusers,cdrw,usb,disk,lpadmin,lp,scanner,sys,adm,floppy,plugdev # echo "gtc:gtc" | chpasswd >/dev/null 2>&1 # echo "Starting X" # echo 'su - gtc -c "XSESSION=MATE startx ; init 0"' | at now >/dev/null 2>&1 #fi
File permissions:
Owner: root
Group: root
Permissions: -r--------
Click here for a download of the complete file: /gtc/test/etc/thinclient/startup/jobs/gtc-ldap
Changed on 13.10.09Script for enabling LDAP.
#!/bin/bash # Check LDAP # Check if LDAP is set if [ $LDAP == "yes" ] then # LDAP and NIS aren't allowed together if [ $NIS == "yes" ] then echo "You can not use LDAP and NIS! Please change your configuration in your thinclient.conf." exit 1 fi # Configuring LDAP echo "Configuring LDAP" if [ $LDAP_TLS == "yes" ] then LDAP_PORT=636 LDAP_CONNECT="ldaps://$LDAP_SERVER:636 tls_reqcert allow" else LDAP_PORT=389 LDAP_CONNECT="ldap://$LDAP_SERVER:389" fi echo "Setting up /etc/ldap.conf" echo "suffix $LDAP_BASEDN uri $LDAP_CONNECT pam_password exop #ldap_version 3 #pam_filter objectclass=posixAccount #pam_login_attribute uid #pam_member_attribute memberuid #nss_base_passwd ou=People,$LDAP_BASEDN #nss_base_shadow ou=People,$LDAP_BASEDN #nss_base_group ou=Group,$LDAP_BASEDN #scope one pam_login_attribute uid:caseExactMatch: tls_reqcert allow NETWORK_TIMEOUT 3 timeout 3 timelimit 3 bind_timelimit 3 nss_reconnect_tries 0 nss_reconnect_sleeptime 1 nss_reconnect_maxsleeptime 2 nss_reconnect_maxconntries 1 " > /etc/ldap.conf echo "Setting up /etc/openldap/ldap.conf" echo "BASE $LDAP_BASEDN URI $LDAP_CONNECT pam_login_attribute uid:caseExactMatch: TLS_REQCERT allow NETWORK_TIMEOUT 3 timeout 3 timelimit 3 bind_timelimit 3 nss_reconnect_tries 0 nss_reconnect_sleeptime 1 nss_reconnect_maxsleeptime 2 nss_reconnect_maxconntries 1 " > /etc/openldap/ldap.conf nmap -p $LDAP_PORT $LDAP_SERVER | grep open >/dev/null if [ $? == "0" ] then echo "Setting up /etc/nsswitch.conf" cp /etc/nsswitch.conf /tmp/nsswitch.conf.tcorig cat /tmp/nsswitch.conf.tcorig | \ sed 's/^passwd:.*/passwd: ldap files/' | \ sed 's/^shadow:.*/shadow: ldap files/' | \ sed 's/^group:.*/group: ldap files/' > /etc/nsswitch.conf echo "Setting up /etc/pam.d/system-auth" cp /etc/pam.d/system-auth /tmp/system-auth.tcorig cat /tmp/system-auth.tcorig | \ sed 's/^auth.*required.*pam_unix.so/auth sufficient pam_unix.so/' | \ sed 's/nullok $/nullok\nauth sufficient pam_ldap.so use_first_pass\nauth required pam_deny.so/' | \ sed 's/^account.*required.*pam_unix.so/account sufficient pam_ldap.so\naccount required pam_unix.so/' | \ sed 's/^password.*required.*pam_unix.so/password sufficient pam_unix.so/' | \ sed 's/shadow $/shadow\npassword sufficient pam_ldap.so use_authtok use_first_pass\npassword required pam_deny.so/' | \ sed 's/^session.*optional.*pam_permit.so/session optional pam_ldap.so\nsession optional pam_permit.so/' > /etc/pam.d/system-auth echo " auth include system-auth account include system-auth password include system-auth session include system-auth " >/etc/pam.d/lightdm # Restart nscd /etc/init.d/nscd restart >/dev/null 2>&1 # Workaround for programms which are searching directly in /etc/passwd and/or /etc/group (lightdm/dbus) getent passwd > /tmp/passwd getent group > /tmp/group cat /tmp/passwd > /etc/passwd cat /tmp/group > /etc/group else echo "LDAP-Server doesn't seem to be reachable. Skipping editing of nsswitch.conf" fi else echo "LDAP is not set to yes in your $conf" fi
File permissions:
Owner: root
Group: root
Permissions: -r--------
Click here for a download of the complete file: /gtc/test/etc/thinclient/startup/jobs/gtc-local
Changed on 25.10.09Script to run individual things on every thinclient
#!/bin/bash if [ -f $LOCAL_SCRIPT ] then echo "Running $LOCAL_SCRIPT" chmod 755 $LOCAL_SCRIPT $LOCAL_SCRIPT fi
File permissions:
Owner: root
Group: root
Permissions: -r--------
Script for localization
#!/bin/bash
if [ -n "$LOC_KEYMAP" ]
then
echo "Setting Keymap to $LOC_KEYMAP"
loadkeys --unicode $LOC_KEYMAP
#cp /etc/conf.d/keymaps /tmp/keymaps.tcorig
#cat /tmp/keymaps.tcorig | sed 's/^KEYMAP=.*/KEYMAP=$LOC_KEYMAP/' >/etc/conf.d/keymaps
#/etc/init.d/keymaps restart
fi
if [ -n "$LOC_LANG" ]
then
echo "Setting Language to $LOC_LANG"
echo "LANG=\"$LOC_LANG\"" >>/etc/env.d/02locale
echo "export LANG=\"$LOC_LANG\"" >>/etc/profile.env
fi
if [ -n "$LOC_TIMEZONE" ]
then
echo "Setting Timezone to $LOC_TIMEZONE"
rm /etc/localtime
ln -sf /usr/share/zoneinfo/$LOC_TIMEZONE /etc/localtime
fi
if [ -z "$LOC_HWCLOCK" ]
then
HWCKOCK=localtime
fi
#if [ "$LOC_MOZLANG" != "" ]
#then
# mkdir -p /etc/firefoxlang
# mkdir -p /etc/thunderbirdlang
# cp -rp "/usr/lib/firefox/extensions/langpack-$LOC_MOZLANG@firefox.mozilla.org" /etc/firefoxlang/
# mount --bind /etc/firefoxlang /usr/lib/firefox/extensions
# cp -rp "/usr/lib/thunderbird/extensions/langpack-$LOC_MOZLANG@thunderbird.mozilla.org" /etc/thunderbirdlang/
# mount --bind /etc/thunderbirdlang /usr/lib/thunderbird/extensions
#fi
# time
#hwclock --hctosys --$LOC_HWCLOCK >/dev/null 2>&1 &
#source /etc/profile
# xorg lang
if [ -z $LOC_XKBLANG ]
then
LOC_XKBLANG="us"
else
echo "
Section \"InputClass\"
Identifier \"Keyboard Defaults\"
MatchIsKeyboard \"yes\"
Option \"XkbLayout\" \"$LOC_XKBLANG\"
EndSection
" >> /etc/X11/xorg.conf
fi
File permissions:
Owner: root
Group: root
Permissions: -r--------
Click here for a download of the complete file: /gtc/test/etc/thinclient/startup/jobs/gtc-nfsmount
Changed on 30.10.09Script for mounting NFS-Share(s)
#!/bin/bash for i in $NFSMOUNT do SERVER=`echo "$i" | cut -d":" -f1` SHARE=`echo "$i" | cut -d":" -f2` MOUNTPOINT=`echo "$i" | cut -d":" -f3` echo "Mounting $SERVER:$SHARE to $MOUNTPOINT" mkdir -p $MOUNTPOINT mount -t nfs $SERVER:$SHARE $MOUNTPOINT done
File permissions:
Owner: root
Group: root
Permissions: -r--------
Click here for a download of the complete file: /gtc/test/etc/thinclient/startup/jobs/gtc-thinkpad
Changed on 20.02.18Special Things for ThinkPads
#!/bin/bash
if lshw | grep -q ThinkPad
then
echo "This seems to be a ThinkPad"
modprobe "thinkpad_acpi"
# ACPI SLEEP
echo '#Fn+F4 button/sleep SBTN 00000080 00000000 K
event=button/sleep
action=/etc/acpi/actions/FnF4-sleep.sh' >/etc/acpi/events/FnF4-sleep
echo '#!/bin/sh
hibernate-ram
/sbin/hwclock --adjust
/sbin/hwclock --hctosys
' >/etc/acpi/actions/FnF4-sleep.sh
# ACPI SLEEP DISPLAY/LID CLOSED
echo '#Display/LID close
event=button/lid
action=/etc/acpi/actions/LID-sleep.sh' >/etc/acpi/events/LID-sleep
echo '#!/bin/sh
sleep 5
cat /proc/acpi/button/lid/LID/state | grep -q open && exit 0
hibernate-ram
/sbin/hwclock --adjust
/sbin/hwclock --hctosys
' >/etc/acpi/actions/LID-sleep.sh
# ACPI HIBERNATE
echo '#Fn+F12 button/sleep SBTN 00000080 00000000 K
event=button/suspend
action=/etc/acpi/actions/FnF12-suspend.sh' >/etc/acpi/events/FnF12-suspend
echo '#!/bin/sh
logger "[ACPI] Fn+F12 pressed suspend to disk"
hibernate
/sbin/hwclock --adjust
/sbin/hwclock --hctosys
' >/etc/acpi/actions/FnF12-suspend.sh
# WIFI Button
echo '#Fn+F5 button/wlan WLAN 00000080 00000000 K
event=button/wlan
action=/etc/acpi/actions/FnF5-wifi.sh' >/etc/acpi/events/FnF5-wifi
echo '#!/bin/sh
logger "[ACPI] Fn+F5 pressed, WiFi rfkill state toggled"
rf=/sys/class/rfkill/rfkill0
case $(< $rf/state) in
0) echo 1 >$rf/state;;
1) echo 0 >$rf/state;;
esac
' >/etc/acpi/actions/FnF5-wifi.sh
chmod 755 /etc/acpi/actions/*.sh
/etc/init.d/acpid restart >/dev/null 2>&1
# GPS
echo '
DEVICES="ttyUSB2"
' >>/etc/conf.d/gpsd
/etc/init.d/gpsd start >/dev/null 2>&1
# WWAN
echo 'ttyUSB0
921600
lock
crtscts
modem
passive
novj
defaultroute
noipdefault
usepeerdns
noauth
hide-password
persist
holdoff 10
maxfail 0
debug
' >/etc/ppp/options-mobile
echo
# Fan
/etc/init.d/thinkfan start >/dev/null 2>&1
# Thermal-Control
/etc/init.d/thermald start >/dev/null 2>&1
# LMT
/etc/init.d/laptop_mode start >/dev/null 2>&1
fi
File permissions:
Owner: root
Group: root
Permissions: -r--------
Start Update
#!/bin/bash if mount | grep "/_gtcroot type nfs" >/dev/null then echo 'No update on network boot!' else echo " /etc/cron.daily/gtc-service" | at now+2minutes >/dev/null 2>&1 if [ $AUTOUPDATE == "yes" ] then if [ -f /_gtcroot/update-down ] then /etc/thinclient/scripts/gtc-update-do else echo "/etc/thinclient/scripts/gtc-update >/_gtcroot/tmp/gtc-update 2>&1" | at now+5minutes >/dev/null 2>&1 fi fi fi
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /gtc/test/etc/thinclient/thinclient.conf.local
Changed on 13.10.09This is the local central configuration file for default thinclient settings. Settings of the thinclient.conf are overwritten.
# DNS Settings NAMESERVER=my.lan.ip.addr NAMESERVERBACKUP="" SEARCH="example.com" # Some localization settings LOC_LANG="de_DE.UTF-8" LOC_KEYMAP="de-latin1" LOC_TIMEZONE="Europe/Berlin" LOC_HWCLOCK="localtime" LOC_XKBLANG="de" # Autologin as gtc-User AUTOLOGIN="no" # Settings for LDAP Authentication LDAP=yes LDAP_SERVER=my.lan.ip.addr LDAP_TLS=yes LDAP_BASEDN="dc=example,dc=com" # Settings for NIS Authentication NIS=no NIS_SERVER=XXX.XXX.XXX.XXX NIS_DOMAIN=domainname # Run local script on all thinclients #LOCAL_SCRIPT="/path/to/my/local/script" #UPDATECHANNEL=test DEBUG=no #PACKAGES="www-plugins/adobe-flash dev-util/android-sdk-update-manager" PACKAGES=""
File permissions:
Owner: root
Group: root
Permissions: -rw-r-----
Click here for a download of the complete file: /gtc/test/etc/ufw/after.rules
Changed on 28.03.20Virtual/Tor Networking Routing vnet0 and tornet0
# Allow SSH -A ufw-after-input -p tcp --dport 22 -j ACCEPT -A ufw-after-input -p udp --dport 22 -j ACCEPT # Allow docker sending mails -A ufw-after-input -p tcp -d XXX.XXX.XXX.XXX --dport 25 -j ACCEPT -A ufw-after-input -p udp -d XXX.XXX.XXX.XXX --dport 25 -j ACCEPT # Allow DNS/TorDNS(5353) Requests from vnet0 and tornet0 -A ufw-after-input -p udp --dport 53 -i vnet0 -j ACCEPT -A ufw-after-input -p udp --dport 53 -i tornet0 -j ACCEPT -A ufw-after-input -p udp --dport 5353 -i tornet0 -j ACCEPT # Allow Tor/Privoxy Requests from tornet0,vnet0 (9040 for transparent proxy in tornet0 only) -A ufw-after-input -p tcp --dport 3128 -i tornet0 -j ACCEPT -A ufw-after-input -p tcp --dport 3128 -i vet0 -j ACCEPT -A ufw-after-input -p tcp --dport 9040 -i tornet0 -j ACCEPT -A ufw-after-input -p tcp --dport 9050 -i tornet0 -j ACCEPT -A ufw-after-input -p tcp --dport 9050 -i vnet0 -j ACCEPT # Allow NTP TFTP and NFS from vnet0 and tornet0 -A ufw-after-input -p udp --dport 69 -i vnet0 -j ACCEPT -A ufw-after-input -p udp --dport 69 -i tornet0 -j ACCEPT -A ufw-after-input -p tcp --dport 111 -i vnet0 -j ACCEPT -A ufw-after-input -p tcp --dport 111 -i tornet0 -j ACCEPT -A ufw-after-input -p udp --dport 111 -i vnet0 -j ACCEPT -A ufw-after-input -p udp --dport 111 -i tornet0 -j ACCEPT -A ufw-after-input -p udp --dport 123 -i vnet0 -j ACCEPT -A ufw-after-input -p udp --dport 123 -i tornet0 -j ACCEPT -A ufw-after-input -p tcp --dport 2049 -i vnet0 -j ACCEPT -A ufw-after-input -p tcp --dport 2049 -i tornet0 -j ACCEPT -A ufw-after-input -p udp --dport 2049 -i vnet0 -j ACCEPT -A ufw-after-input -p udp --dport 2049 -i tornet0 -j ACCEPT -A ufw-after-input -p tcp --dport 32765:32768 -i vnet0 -j ACCEPT -A ufw-after-input -p tcp --dport 32765:32768 -i tornet0 -j ACCEPT -A ufw-after-input -p udp --dport 32765:32768 -i vnet0 -j ACCEPT -A ufw-after-input -p udp --dport 32765:32768 -i tornet0 -j ACCEPT # Allow Samba -A ufw-after-input -p tcp --dport 445 -j ACCEPT -A ufw-after-input -p udp --dport 445 -j ACCEPT # Allow http/https -A ufw-after-input -p tcp --dport 443 -j ACCEPT -A ufw-after-input -p tcp --dport 80 -j ACCEPT
File permissions:
Owner: root
Group: root
Permissions: -rw-r-----
Click here for a download of the complete file: /gtc/test/etc/ufw/before.rules
Changed on 28.03.20Virtual/Tor Networking Routing vnet0 and tornet0
*nat :POSTROUTING ACCEPT - [0:0] # Route network XXX.XXX.XXX.XXX/24 (vnet0) -A POSTROUTING -s XXX.XXX.XXX.XXX/24 -j MASQUERADE # Route network XXX.XXX.XXX.XXX/24 (tornet0) to transparent Tor-Proxy (udp not supported by Tor) # Activate "normal" routing for non-Internet Networks -A POSTROUTING -s XXX.XXX.XXX.XXX/24 -j MASQUERADE -A PREROUTING -i tornet0 -d XXX.XXX.XXX.XXX/8 -j RETURN -A PREROUTING -i tornet0 -d 10.0.0.0/8 -j RETURN -A PREROUTING -i tornet0 -d XXX.XXX.XXX.XXX/16 -j RETURN -A PREROUTING -i tornet0 -d XXX.XXX.XXX.XXX/12 -j RETURN -A PREROUTING -i tornet0 -d 0.0.0.0/8 -j RETURN -A PREROUTING -i tornet0 -d XXX.XXX.XXX.XXX/10 -j RETURN -A PREROUTING -i tornet0 -d XXX.XXX.XXX.XXX/16 -j RETURN -A PREROUTING -i tornet0 -d XXX.XXX.XXX.XXX/24 -j RETURN -A PREROUTING -i tornet0 -d XXX.XXX.XXX.XXX/24 -j RETURN -A PREROUTING -i tornet0 -d XXX.XXX.XXX.XXX/24 -j RETURN -A PREROUTING -i tornet0 -d XXX.XXX.XXX.XXX/15 -j RETURN -A PREROUTING -i tornet0 -d XXX.XXX.XXX.XXX/24 -j RETURN -A PREROUTING -i tornet0 -d XXX.XXX.XXX.XXX/24 -j RETURN -A PREROUTING -i tornet0 -d XXX.XXX.XXX.XXX/4 -j RETURN -A PREROUTING -i tornet0 -d 240.0.0.0/4 -j RETURN -A PREROUTING -i tornet0 -d XXX.XXX.XXX.XXX/32 -j RETURN # Redirect all TCP-Connections to transparent Tor-Proxy -A PREROUTING -i tornet0 -s XXX.XXX.XXX.XXX/24 -p tcp --syn -j REDIRECT --to-ports 9040 # Redirect DNS to TorDNS -A PREROUTING -i tornet0 -s XXX.XXX.XXX.XXX/24 -d XXX.XXX.XXX.XXX -p udp --dport 53 -j REDIRECT --to-ports 5353 # Redirect all non TCP-Connections into nirvana because Tor only speaks TCP -A PREROUTING -i tornet0 -s 192.168.43.0/24 ! -p tcp -j DNAT --to 127.0.0.1:1 COMMIT
Virtual/Tor Networking Routing vnet0 and tornet0
-A ufw-before-forward -i vnet0 -m conntrack --ctstate NEW -j ACCEPT -A ufw-before-forward -i tornet0 -m conntrack --ctstate NEW -j ACCEPT
For starting the new service after system reboot you should add it to a runlevel with the following command(s):
chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && rc-update add sshd default' chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && rc-update add rsyslog default' chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && rc-update add nscd default' chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && rc-update add dbus default' chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && rc-update add hald ' chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && rc-update add udev-postmount '
Please send a feedback to: doc<at>gabosh.net
Howto listingHere you can find the official Gentoo Linux Forums where you can find a lot of answers.
Here a link to the official Gentoo Linux Homepage.