1
0
mirror of https://git.libreschool.org/paspo/brasatore.git synced 2024-12-22 13:43:43 +00:00

initial import

This commit is contained in:
Paolo Asperti 2023-10-22 14:50:29 +02:00
commit b9b7a404a0
Signed by: paspo
GPG Key ID: 06D46905D19D5182
3 changed files with 385 additions and 0 deletions

9
README.md Normal file
View File

@ -0,0 +1,9 @@
# brasatore
Questo coso fa da gateway+dhcp+dns per una rete e tramite PXE ti permette di installare varie versioni di linux.
## TODO
- [ ] le immagini ubuntu-based non aggiornano il networking e restano senza dns dopo il boot
- [ ] finire boot debian
- [ ] finire boot kali

174
boot.txt Normal file
View File

@ -0,0 +1,174 @@
#!ipxe
set boot-url http://${dhcp-server}
:start
# 2 secondi timeout
isset ${menu-timeout} || set menu-timeout 2000
isset ${enu-default} || set menu-default ubuntu
menu iPXE boot menu
item --key u ubuntu Boot Ubuntu 22.04
item --key u popos Boot POP OS 22.04
item --key u popos-nvidia Boot POP OS 22.04 (nvidia)
item --key u mint-cinnamon Boot Linuxmint 21.2 Cinnamon
item --key u mint-xfce Boot Linuxmint 21.2 XFCE
item --key u mint-mate Boot Linuxmint 21.2 Mate
item --key u mint-lmde Boot Linuxmint Debian Edition 6
item --key u xubuntu Boot XUbuntu 22.04
item --key u lubuntu Boot LUbuntu 22.04
item --key u zorin-core Boot Zorin OS 16.3 Core
item --key u zorin-lite Boot Zorin OS 16.3 Lite
item --key u elementary Boot Elementary OS 7
item --key u kali Boot Kali Linux 2023.3
item --key u fedora Boot Fedora Workstation 38 Live
item --key u opensuse Boot Booting openSUSE Leap 15.5
item --key u ubuntu-http Boot Ubuntu 22.04 (HTTP)
item --key f freedos Boot FreeDOS
item --key n netboot-xyz netboot.xyz
item shell iPXE shell
item reboot Reboot
item
item --key x exit Exit iPXE and continue BIOS boot
choose --timeout ${menu-timeout} --default ${menu-default} selected || goto cancel
set menu-timeout 0
goto ${selected}
:cancel
echo You cancelled the menu, dropping you to a shell
:shell
echo Type 'exit' to get the back to the menu
shell
set menu-timeout 0
set submenu-timeout 0
goto start
:failed
echo Booting failed, dropping to shell
goto shell
:reboot
reboot
:exit
exit
:back
set submenu-timeout 0
clear submenu-default
goto start
:freedos
echo Booting FreeDOS
kernel ${boot-url}/memdisk iso raw
initrd ${boot-url}/iso/FD13LIVE.iso
boot || goto failed
goto start
:netboot-xyz
chain --autofree http://boot.netboot.xyz/ipxe/netboot.xyz.lkrn
goto start
```
chain --autofree http://boot.netboot.xyz
```
:ubuntu
echo Booting Ubuntu 22.04 (NFS)
initrd ${boot-url}/mount/ubuntu-22.04.3-desktop-amd64.iso/casper/initrd
chain ${boot-url}/mount/ubuntu-22.04.3-desktop-amd64.iso/casper/vmlinuz ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/ubuntu-22.04.3-desktop-amd64.iso
goto start
:ubuntu-http
echo Booting Ubuntu 22.04 (HTTP)
initrd ${boot-url}/mount/ubuntu-22.04.3-desktop-amd64.iso/casper/initrd
set url http://${dhcp-server}/iso/ubuntu-22.04.3-desktop-amd64.iso
chain ${boot-url}/mount/ubuntu-22.04.3-desktop-amd64.iso/casper/vmlinuz ip=dhcp boot=casper netboot=url url=${url} initrd=initrd
goto start
:popos
echo Booting POP OS 22.04 (NFS)
initrd ${boot-url}/mount/pop-os_22.04_amd64_intel_4.iso/casper/initrd.gz
chain ${boot-url}/mount/pop-os_22.04_amd64_intel_4.iso/casper/vmlinuz.efi ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/pop-os_22.04_amd64_intel_4.iso
goto start
:popos-nvidia
echo Booting POP OS 22.04 - nvidia (NFS)
initrd ${boot-url}/mount/pop-os_22.04_amd64_nvidia_4.iso/casper/initrd.gz
chain ${boot-url}/mount/pop-os_22.04_amd64_nvidia_4.iso/casper/vmlinuz.efi ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/pop-os_22.04_amd64_nvidia_4.iso
goto start
:elementary
echo Booting Elementary OS 7 (NFS)
initrd ${boot-url}/mount/elementaryos-7.1-stable.20230926rc.iso/casper/initrd.lz
chain ${boot-url}/mount/elementaryos-7.1-stable.20230926rc.iso/casper/vmlinuz ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/elementaryos-7.1-stable.20230926rc.iso
goto start
:mint-cinnamon
echo Booting Linuxmint 21.2 cinnamon (NFS)
initrd ${boot-url}/mount/linuxmint-21.2-cinnamon-64bit.iso/casper/initrd.lz
chain ${boot-url}/mount/linuxmint-21.2-cinnamon-64bit.iso/casper/vmlinuz ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/linuxmint-21.2-cinnamon-64bit.iso
goto start
:mint-xfce
echo Booting Linuxmint 21.2 xfce (NFS)
initrd ${boot-url}/mount/linuxmint-21.2-xfce-64bit.iso/casper/initrd.lz
chain ${boot-url}/mount/linuxmint-21.2-xfce-64bit.iso/casper/vmlinuz ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/linuxmint-21.2-xfce-64bit.iso
goto start
:mint-mate
echo Booting Linuxmint 21.2 mate (NFS)
initrd ${boot-url}/mount/linuxmint-21.2-mate-64bit.iso/casper/initrd.lz
chain ${boot-url}/mount/linuxmint-21.2-mate-64bit.iso/casper/vmlinuz ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/linuxmint-21.2-mate-64bit.iso
goto start
:mint-lmde
echo Booting Linuxmint Debian Edition 6 (NFS)
initrd ${boot-url}/mount/lmde-6-cinnamon-64bit.iso/casper/initrd.lz
chain ${boot-url}/mount/lmde-6-cinnamon-64bit.iso/casper/vmlinuz ip=dhcp boot=live live-config live-media-path=/casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/lmde-6-cinnamon-64bit.iso
goto start
:xubuntu
echo Booting XUbuntu 22.04 (NFS)
initrd ${boot-url}/mount/xubuntu-22.04.3-desktop-amd64.iso/casper/initrd
chain ${boot-url}/mount/xubuntu-22.04.3-desktop-amd64.iso/casper/vmlinuz ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/xubuntu-22.04.3-desktop-amd64.iso
goto start
:lubuntu
echo Booting LUbuntu 22.04 (NFS)
initrd ${boot-url}/mount/lubuntu-22.04.3-desktop-amd64.iso/casper/initrd
chain ${boot-url}/mount/lubuntu-22.04.3-desktop-amd64.iso/casper/vmlinuz ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/lubuntu-22.04.3-desktop-amd64.iso
goto start
:zorin-core
echo Booting Zorin OS 16.3 Core (NFS)
initrd ${boot-url}/mount/Zorin-OS-16.3-Core-64-bit.iso/casper/initrd.lz4
chain ${boot-url}/mount/Zorin-OS-16.3-Core-64-bit.iso/casper/vmlinuz ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/Zorin-OS-16.3-Core-64-bit.iso
goto start
:zorin-lite
echo Booting Zorin OS 16.3 Lite (NFS)
initrd ${boot-url}/mount/Zorin-OS-16.3-Lite-64-bit.iso/casper/initrd.lz4
chain ${boot-url}/mount/Zorin-OS-16.3-Lite-64-bit.iso/casper/vmlinuz ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/Zorin-OS-16.3-Lite-64-bit.iso
goto start
:fedora
echo Booting Fedora Workstation 38 Live (NFS)
initrd ${boot-url}/mount/Fedora-Workstation-Live-x86_64-38-1.6.iso/images/pxeboot/initrd.img
chain ${boot-url}/mount/Fedora-Workstation-Live-x86_64-38-1.6.iso/images/pxeboot/vmlinuz rd.live.image root=live:nfs://${dhcp-server}/srv/pxe/mount/Fedora-Workstation-Live-x86_64-38-1.6.iso/LiveOS/squashfs.img
goto start
:opensuse
echo Booting openSUSE Leap 15.5 (NFS)
initrd ${boot-url}/mount/openSUSE-Leap-15.5-DVD-x86_64-Build491.1-Media.iso/boot/x86_64/loader/initrd
chain ${boot-url}/mount/openSUSE-Leap-15.5-DVD-x86_64-Build491.1-Media.iso/boot/x86_64/loader/linux install=${boot-url}/mount/openSUSE-Leap-15.5-DVD-x86_64-Build491.1-Media.iso splash=silent
goto start
:kali
echo Booting Kali Linux 2023.3 (NFS)
initrd ${boot-url}/mount/kali-linux-2023.3-live-amd64.iso/live/initrd.img
chain ${boot-url}/mount/kali-linux-2023.3-live-amd64.iso/live/vmlinuz ip=auto boot=live components quiet splash noeject hostname=kali-live findiso=${boot-url}/iso/kali-linux-2023.3-live-amd64.iso
goto start

202
install.sh Normal file
View File

@ -0,0 +1,202 @@
#!/bin/bash
LAN_IFACE=ens224
WAN_IFACE=ens192
HOSTNAME=brasatore
DHCP_START=172.16.77.50
DHCP_END=172.16.77.150
LAN_IP=172.16.77.1
LAN_SUBNET=255.255.255.0
# pacchetti
cat >/etc/apt/sources.list <<EOF
deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
deb http://deb.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
EOF
apt update
apt install -y dnsmasq nginx iptables ipxe syslinux-common unzip nfs-kernel-server
# directory
mkdir -p /srv/pxe/iso /srv/pxe/mount /srv/tftp
# nginx config
cat > /etc/nginx/sites-available/pxe <<EOF
server {
listen 80 default_server;
listen [::]:80 default_server;
root /srv/pxe;
location / {
autoindex on;
}
}
EOF
[ -f /etc/nginx/sites-enabled/default ] && rm /etc/nginx/sites-enabled/default
[ ! -f /etc/nginx/sites-enabled/pxe ] && ln -s /etc/nginx/sites-available/pxe /etc/nginx/sites-enabled/pxe
service nginx restart
# hostname
echo "$HOSTNAME" > /etc/hostname
hostname -F /etc/hostname
cat > /etc/hosts <<EOF
127.0.0.1 localhost
127.0.1.1 $HOSTNAME
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
EOF
# network
cat > /etc/network/interfaces.d/lan <<EOF
auto $LAN_IFACE
iface $LAN_IFACE inet static
address $LAN_IP
netmask $LAN_SUBNET
EOF
ifup $LAN_IFACE
# routing/firewall
iptables -t nat -F
iptables -t nat -A POSTROUTING -o $WAN_IFACE -j MASQUERADE
iptables -F
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -p icmp -j ACCEPT
iptables -A INPUT -m state --state NEW ! -i $LAN_IFACE -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -m state --state NEW -p udp --dport 53 -j ACCEPT
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p udp --dport 67 -j ACCEPT
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p udp --dport 69 -j ACCEPT
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p tcp --dport 111 -j ACCEPT
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p udp --dport 111 -j ACCEPT
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p tcp --dport 2049 -j ACCEPT
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p udp --dport 2049 -j ACCEPT
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p tcp --dport 4047 -j ACCEPT
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p udp --dport 4047 -j ACCEPT
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p tcp --dport 4048 -j ACCEPT
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p udp --dport 4048 -j ACCEPT
iptables -A FORWARD -i $LAN_IFACE -o $LAN_IFACE -j REJECT
iptables -P INPUT DROP
iptables-save > /etc/iptables.rules
cat > /etc/network/if-pre-up.d/iptables <<EOF
#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0
EOF
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/ipv4_forward.conf
# dnsmasq config
cat > /etc/dnsmasq.d/tftp <<EOF
enable-tftp
tftp-root=/srv/tftp
tftp-no-fail
EOF
cat > /etc/dnsmasq.d/dhcp <<EOF
dhcp-range=$DHCP_START,$DHCP_END,4h
dhcp-option=option:router,$LAN_IP
dhcp-option=option:dns-server,$LAN_IP
dhcp-authoritative
log-dhcp
EOF
cat > /etc/dnsmasq.d/dns <<EOF
bogus-priv
no-resolv
server=9.9.9.9
server=1.1.1.2
expand-hosts
log-queries
EOF
service dnsmasq restart
# netboot.xyz (alternativa 1)
#cat > /etc/dnsmasq.d/pxe <<EOF
#dhcp-match=set:bios,option:client-arch,0
#dhcp-boot=tag:bios,netboot.xyz.kpxe
#dhcp-boot=tag:!bios,netboot.xyz.efi
#EOF
#wget -c -O /srv/tftp/netboot.xyz.kpxe http://boot.netboot.xyz/ipxe/netboot.xyz.kpxe
#wget -c -O /srv/tftp/netboot.xyz.efi http://boot.netboot.xyz/ipxe/netboot.xyz.efi
#service dnsmasq restart
# ipxe (alternativa 2)
#cat > /etc/dnsmasq.d/pxe <<EOF
#dhcp-match=set:bios,option:client-arch,0
#dhcp-boot=tag:bios,undionly.kpxe
#dhcp-boot=tag:!bios,ipxe.efi
#dhcp-match=ipxe,175
#dhcp-boot=net:ipxe,http://$LAN_IP/boot-netboot.txt
#EOF
#cat > /srv/pxe/boot-netboot.txt <<EOF
##!ipxe
#dhcp
#chain --autofree http://boot.netboot.xyz
#EOF
#[ ! -f /srv/tftp/undionly.kpxe ] && cp /usr/lib/ipxe/undionly.kpxe /srv/tftp/undionly.kpxe
#[ ! -f /srv/tftp/ipxe.efi ] && cp /usr/lib/ipxe/ipxe.efi /srv/tftp/ipxe.efi
#service dnsmasq restart
# nfs
sed -i 's/^RPCMOUNTDOPTS.*/RPCMOUNTDOPTS="--manage-gids --port 4047"/' /etc/default/nfs-kernel-server
cat > /etc/exports <<EOF
/srv/pxe ${LAN_IP}/${LAN_SUBNET}(ro,async,no_root_squash,no_subtree_check,crossmnt)
EOF
exportfs -r
# questo è da fare meglio in modo che sia ripetibile
cat >> /etc/services <<EOF
mountd 4047/tcp
mountd 4047/udp
lockd 4048/tcp
lockd 4048/udp
EOF
# ipxe OK
cat > /etc/dnsmasq.d/pxe <<EOF
dhcp-match=set:bios,option:client-arch,0
dhcp-boot=tag:bios,undionly.kpxe
dhcp-boot=tag:!bios,ipxe.efi
dhcp-match=ipxe,175
dhcp-boot=net:ipxe,http://$LAN_IP/boot.txt
EOF
[ ! -f /srv/tftp/undionly.kpxe ] && cp /usr/lib/ipxe/undionly.kpxe /srv/tftp/undionly.kpxe
[ ! -f /srv/tftp/ipxe.efi ] && cp /usr/lib/ipxe/ipxe.efi /srv/tftp/ipxe.efi
[ ! -f /srv/pxe/memdisk ] && cp /usr/lib/syslinux/memdisk /srv/pxe/memdisk
if [ ! -f /srv/pxe/iso/freedos.iso] ; then
wget -c -O /tmp/FD13-LiveCD.zip https://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/distributions/1.3/official/FD13-LiveCD.zip
unzip /tmp/FD13-LiveCD.zip -d /srv/pxe/iso/ *.iso && rm /tmp/FD13-LiveCD.zip
fi
# memtest: https://www.memtest.org/download/v6.20/mt86plus_6.20.binaries.zip
# mount on boot
cat > /etc/systemd/system/mount-isos.service <<EOF
[Unit]
Description=Mount ISOs
[Service]
ExecStart=/srv/pxe/mount/mount-all.sh
[Install]
WantedBy=multi-user.target
EOF
cat > /srv/pxe/mount/mount-all.sh <<EOF
#!/bin/bash
montami() {
B=\$(basename \$1)
mount "/srv/pxe/iso/\$B" "/srv/pxe/mount/\$B"
echo "mounted '/srv/pxe/iso/\$B' on '/srv/pxe/mount/\$B'"
}
export -f montami
find /srv/pxe/mount/ -mindepth 1 -maxdepth 1 -type d -exec bash -c 'montami "\$0"' {} \;
EOF
chmod u+x /srv/pxe/mount/mount-all.sh
systemctl enable mount-isos