diff --git a/.gitignore b/.gitignore index 98cc5dc..a9b266b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ -packer_cache/ \ No newline at end of file +packer_cache/ +output/ +*.retry \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..ef79abd --- /dev/null +++ b/Makefile @@ -0,0 +1,18 @@ +ROOT_PASSWORD=uuunifi +OUTPUT_IMAGE=$(shell find output/base -type f -name '*.ova' | head -1) + +all: output/unifi/ + +output/base/: + packer build -var root_password=$(ROOT_PASSWORD) packer/base.json + +output/unifi/: output/base/ + packer build -var root_password=$(ROOT_PASSWORD) \ + -var source_image=$(OUTPUT_IMAGE) packer/provision.json + +clean: clean_base clean_provisioned +clean_base: + rm -r output/base +clean_provisioned: + rm -r output/unifi +.PHONY: all clean \ No newline at end of file diff --git a/build.json b/build.json deleted file mode 100644 index 9689eb1..0000000 --- a/build.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "variables": { - "memory": "4G", - "cpus": "2", - - "iso_url": "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.8.0-amd64-netinst.iso", - "iso_checksum": "cc4a6bd50925c1c4af98049060e304494bc9da61eb5eb272c556d67608de14d4e6a4b8bc1c9412a0f810083912e228569f3771ffffa7174538f3e26f45a05245", - "iso_checksum_type": "sha512", - - "boot_wait": "3s", - "boot_key_interval": "10ms", - - "ssh_username": "unifi", - "ssh_password": "uuunifi", - "ssh_timeout": "60m", - - "machine_hostname": "unifi-controller", - "machine_domain": "lab.uncomfortably.online", - - "http_directory": "http/", - "preseed_file": "preseed.cfg" - }, - "builders": [ - { - "type": "qemu", - "accelerator": "kvm", - "qemuargs": [ - [ "-m", "{{ user `memory` }}" ], - [ "-smp", "cpus={{ user `cpus`}}"] - ], - - "iso_url": "{{user `iso_url`}}", - "iso_checksum": "{{user `iso_checksum`}}", - "iso_checksum_type": "{{user `iso_checksum_type`}}", - - "http_directory": "{{user `http_directory`}}", - - "boot_wait": "{{user `boot_wait`}}", - "boot_key_interval": "{{user `boot_key_interval`}}", - "boot_command": [ - "", - "install ", - "auto=true ", - "url=http://{{.HTTPIP}}:{{.HTTPPort}}/{{user `preseed_file`}} ", - - "hostname={{user `machine_hostname`}} ", - "domain={{user `machine_domain`}} ", - "interface=auto ", - - "passwd/user-fullname={{user `ssh_username`}} ", - "passwd/username={{user `ssh_username`}} ", - "passwd/user-password={{user `ssh_password`}} ", - "passwd/user-password-again={{user `ssh_password`}} ", - - "" - ], - - "communicator": "ssh", - "ssh_username": "{{user `ssh_username`}}", - "ssh_password": "{{user `ssh_password`}}", - "ssh_timeout": "{{user `ssh_timeout`}}" - } - ] -} \ No newline at end of file diff --git a/http/answers b/http/answers new file mode 100644 index 0000000..455136f --- /dev/null +++ b/http/answers @@ -0,0 +1,19 @@ +KEYMAPOPTS="us us" + +HOSTNAMEOPTS="-n :hostname:" +INTERFACESOPTS="auto lo +iface lo inet loopback + +auto eth0 +iface eth0 inet dhcp + hostname :hostname:" + +DNSOPTS="-d 8.8.8.8" +TIMEZONEOPTS="-z UTC" +PROXYOPTS="none" + +APKREPOSOPTS="-1" +SSHDOPTS="-c openssh" +NTPOPTS="-c chrony" + +DISKOPTS="-m sys /dev/sda" \ No newline at end of file diff --git a/http/preseed.cfg b/http/preseed.cfg deleted file mode 100644 index 7a1e306..0000000 --- a/http/preseed.cfg +++ /dev/null @@ -1,62 +0,0 @@ -### Localization -# Preseeding only locale sets language, country and locale. -d-i debian-installer/locale string en_US - -# Keyboard selection. -d-i keyboard-configuration/xkb-keymap select us - -### Network configuration -# netcfg will choose an interface that has link if possible. This makes it -# skip displaying a list if there is more than one interface. -d-i netcfg/choose_interface select auto - -# Disable that annoying WEP key dialog. -d-i netcfg/wireless_wep string - -### Mirror settings -d-i mirror/country string manual -d-i mirror/http/hostname string http.us.debian.org -d-i mirror/http/directory string /debian -d-i mirror/http/proxy string - -### Account setup -# Skip creation of a root account (normal user account will be able to -# use sudo). -d-i passwd/root-login boolean false - -## Package setup -d-i hw-detect/load_firmware boolean false -d-i hw-detect/load_media boolean false -apt-cdrom-setup apt-setup/cdrom/set-first boolean false -tasksel tasksel/first multiselect print-server, ssh-server, standard -d-i pkgsel/include string sudo, unattended-upgrades -popularity-contest popularity-contest/participate boolean false - -### Clock and time zone setup -d-i clock-setup/utc boolean true -d-i time/zone string UTC -d-i clock-setup/ntp boolean true - -### Partitioning -d-i partman-auto/method string lvm -d-i partman-lvm/device_remove_lvm boolean true -d-i partman-md/device_remove_md boolean true -d-i partman-lvm/confirm boolean true -d-i partman-lvm/confirm_nooverwrite boolean true -d-i partman-auto/choose_recipe select atomic -d-i partman-partitioning/confirm_write_new_label boolean true -d-i partman/choose_partition select finish -d-i partman/confirm boolean true -d-i partman/confirm_nooverwrite boolean true - -# This makes partman automatically partition without confirmation. -d-i partman-md/confirm boolean true -d-i partman-partitioning/confirm_write_new_label boolean true -d-i partman/choose_partition select finish -d-i partman/confirm boolean true -d-i partman/confirm_nooverwrite boolean true - -### Boot loader installation -d-i grub-installer/only_debian boolean true -d-i grub-installer/with_other_os boolean true -d-i finish-install/reboot_in_progress note diff --git a/packer/base.json b/packer/base.json new file mode 100644 index 0000000..69900fd --- /dev/null +++ b/packer/base.json @@ -0,0 +1,66 @@ +{ + "variables": { + "iso_url": "http://dl-cdn.alpinelinux.org/alpine/v3.9/releases/x86_64/alpine-standard-3.9.3-x86_64.iso", + "iso_checksum": "6e28c5c902ccb6db24596dfb6a1c255c7989d0b9be4e92e87a8eff523201a459", + "iso_checksum_type": "sha256", + + "boot_wait": "10s", + + "root_password": null, + "ssh_timeout": "60m", + + "machine_hostname": "unifi", + + "http_directory": "http/", + "output_directory": "output/base/" + }, + "builders": [ + { + "type": "virtualbox-iso", + "guest_os_type": "Linux_64", + "format": "ova", + + "iso_url": "{{user `iso_url`}}", + "iso_checksum": "{{user `iso_checksum`}}", + "iso_checksum_type": "{{user `iso_checksum_type`}}", + + "http_directory": "{{user `http_directory`}}", + "output_directory": "{{user `output_directory`}}", + + "boot_wait": "{{user `boot_wait`}}", + "boot_command": [ + "root", + + "ifconfig eth0 up && ", + "udhcpc -i eth0", + "", + + "wget http://{{ .HTTPIP }}:{{ .HTTPPort }}/answers", + "sed -i ", + "-e \"s/:hostname:/{{user `machine_hostname`}}/g\" ", + "answers", + + "sed -i \"s/rc-service \\$svc start/#&/\" /sbin/setup-sshd", + + "setup-alpine -f answers && ", + "mount /dev/sda3 /mnt && ", + "echo 'PermitRootLogin yes' >> /mnt/etc/ssh/sshd_config && ", + "rc-update add acpid && ", + "umount /mnt && ", + "reboot", + "", + "", + + "{{user `root_password`}}", + "{{user `root_password`}}", + + "y" + ], + + "communicator": "ssh", + "ssh_username": "root", + "ssh_password": "{{user `root_password`}}", + "ssh_timeout": "{{user `ssh_timeout`}}" + } + ] +} \ No newline at end of file diff --git a/packer/provision.json b/packer/provision.json new file mode 100644 index 0000000..1cebeeb --- /dev/null +++ b/packer/provision.json @@ -0,0 +1,42 @@ +{ + "variables": { + "source_image": null, + "root_password": null, + + "boot_wait": "10s", + "output_directory": "output/unifi/" + }, + "builders": [ + { + "type": "virtualbox-ovf", + "format": "ova", + + "source_path": "{{user `source_image`}}", + "checksum_type": "none", + + "output_directory": "{{user `output_directory`}}", + + "boot_wait": "{{user `boot_wait`}}", + "shutdown_command": "echo '{{user `root_password`}}' | sudo -S poweroff", + + "communicator": "ssh", + "ssh_username": "root", + "ssh_password": "{{user `root_password`}}" + } + ], + "provisioners": [ + { + "type": "shell", + "inline": [ + "apk update", + "apk add python sudo" + ] + }, + { + "type": "ansible", + "extra_arguments": [], + "user": "root", + "playbook_file": "./provisioning/setup.yml" + } + ] +} \ No newline at end of file diff --git a/provisioning/setup.yml b/provisioning/setup.yml new file mode 100644 index 0000000..64c300e --- /dev/null +++ b/provisioning/setup.yml @@ -0,0 +1,69 @@ +- hosts: default + debugger: on_failed + vars: + unifi_software_url: https://dl.ubnt.com/unifi/5.10.21/UniFi.unix.zip + tasks: + - replace: + path: /etc/apk/repositories + regexp: '^#(.*v\d+.\d+/community.*)$' + replace: '\1' + - apk: + name: openjdk8-jre + state: present + update_cache: yes + - apk: + name: '{{item}}' + state: present + loop: + - shadow + - mongodb + - s6 + - unzip + - user: + name: unifi + home: /srv/unifi + - get_url: + url: '{{unifi_software_url}}' + dest: /tmp/UniFi.unix.zip + - command: unzip /tmp/UniFi.unix.zip + args: + chdir: /tmp + warn: false + - shell: mv /tmp/UniFi/* /srv/unifi + - command: rm /srv/unifi/bin/mongod + - file: + path: /srv/unifi + owner: unifi + mode: o-rwx + recurse: yes + - file: + dest: /srv/unifi/bin/mongod + src: /usr/bin/mongod + state: link + - file: + path: /etc/unifi/log + state: directory + - template: + src: templates/unifi/run + dest: /etc/unifi/run + mode: 755 + - template: + src: templates/unifi/log/run + dest: /etc/unifi/log/run + mode: 755 + - user: + name: log + home: /var/log + - file: + path: /var/log/unifi + state: directory + owner: log + mode: 750 + - template: + src: templates/init.d/unifi + dest: /etc/init.d/unifi + mode: 755 + - service: + name: unifi + state: started + enabled: yes \ No newline at end of file diff --git a/provisioning/templates/init.d/unifi b/provisioning/templates/init.d/unifi new file mode 100644 index 0000000..666704a --- /dev/null +++ b/provisioning/templates/init.d/unifi @@ -0,0 +1,16 @@ +#!/sbin/openrc-run + +name="unifi" +supervisor=s6 +s6_service_path="${RC_SVCDIR}/s6-scan/${name}" + +depend() { + need net s6-svscan + after firewall +} + +start_pre() { + if [ ! -L "${RC_SVCDIR}/s6-scan/${name}" ]; then + ln -s "/etc/${name}" "${RC_SVCDIR}/s6-scan/${name}" + fi +} \ No newline at end of file diff --git a/provisioning/templates/unifi/log/run b/provisioning/templates/unifi/log/run new file mode 100644 index 0000000..1eeee10 --- /dev/null +++ b/provisioning/templates/unifi/log/run @@ -0,0 +1,5 @@ +#!/bin/ash + +log_user='log' + +exec s6-setuidgid $log_user s6-log -b n20 s1000000 t /var/log/unifi \ No newline at end of file diff --git a/provisioning/templates/unifi/run b/provisioning/templates/unifi/run new file mode 100644 index 0000000..e03f4e3 --- /dev/null +++ b/provisioning/templates/unifi/run @@ -0,0 +1,19 @@ +#!/bin/ash + +user='unifi' +group='unifi' + +exec 2>&1 + +base='/srv/unifi' + +if [ -d $base ]; then + cd $base + chown -R $user:$group . + version=`head -1 webapps/ROOT/app-unifi/.version` + echo "Starting UniFi Controller $version" + exec s6-setuidgid $user java -jar lib/ace.jar start +else + echo "Missing $base ... aborting" + touch down +fi