mirror of
https://git.libreschool.org/paspo/brasatore.git
synced 2024-12-22 13:43:43 +00:00
initial import
This commit is contained in:
commit
b9b7a404a0
9
README.md
Normal file
9
README.md
Normal file
@ -0,0 +1,9 @@
|
||||
# brasatore
|
||||
|
||||
Questo coso fa da gateway+dhcp+dns per una rete e tramite PXE ti permette di installare varie versioni di linux.
|
||||
|
||||
## TODO
|
||||
|
||||
- [ ] le immagini ubuntu-based non aggiornano il networking e restano senza dns dopo il boot
|
||||
- [ ] finire boot debian
|
||||
- [ ] finire boot kali
|
174
boot.txt
Normal file
174
boot.txt
Normal file
@ -0,0 +1,174 @@
|
||||
#!ipxe
|
||||
set boot-url http://${dhcp-server}
|
||||
|
||||
|
||||
:start
|
||||
# 2 secondi timeout
|
||||
isset ${menu-timeout} || set menu-timeout 2000
|
||||
isset ${enu-default} || set menu-default ubuntu
|
||||
menu iPXE boot menu
|
||||
item --key u ubuntu Boot Ubuntu 22.04
|
||||
item --key u popos Boot POP OS 22.04
|
||||
item --key u popos-nvidia Boot POP OS 22.04 (nvidia)
|
||||
item --key u mint-cinnamon Boot Linuxmint 21.2 Cinnamon
|
||||
item --key u mint-xfce Boot Linuxmint 21.2 XFCE
|
||||
item --key u mint-mate Boot Linuxmint 21.2 Mate
|
||||
item --key u mint-lmde Boot Linuxmint Debian Edition 6
|
||||
item --key u xubuntu Boot XUbuntu 22.04
|
||||
item --key u lubuntu Boot LUbuntu 22.04
|
||||
item --key u zorin-core Boot Zorin OS 16.3 Core
|
||||
item --key u zorin-lite Boot Zorin OS 16.3 Lite
|
||||
item --key u elementary Boot Elementary OS 7
|
||||
item --key u kali Boot Kali Linux 2023.3
|
||||
item --key u fedora Boot Fedora Workstation 38 Live
|
||||
item --key u opensuse Boot Booting openSUSE Leap 15.5
|
||||
item --key u ubuntu-http Boot Ubuntu 22.04 (HTTP)
|
||||
item --key f freedos Boot FreeDOS
|
||||
item --key n netboot-xyz netboot.xyz
|
||||
item shell iPXE shell
|
||||
item reboot Reboot
|
||||
item
|
||||
item --key x exit Exit iPXE and continue BIOS boot
|
||||
choose --timeout ${menu-timeout} --default ${menu-default} selected || goto cancel
|
||||
set menu-timeout 0
|
||||
goto ${selected}
|
||||
|
||||
:cancel
|
||||
echo You cancelled the menu, dropping you to a shell
|
||||
|
||||
:shell
|
||||
echo Type 'exit' to get the back to the menu
|
||||
shell
|
||||
set menu-timeout 0
|
||||
set submenu-timeout 0
|
||||
goto start
|
||||
|
||||
:failed
|
||||
echo Booting failed, dropping to shell
|
||||
goto shell
|
||||
|
||||
|
||||
:reboot
|
||||
reboot
|
||||
|
||||
:exit
|
||||
exit
|
||||
|
||||
:back
|
||||
set submenu-timeout 0
|
||||
clear submenu-default
|
||||
goto start
|
||||
|
||||
|
||||
:freedos
|
||||
echo Booting FreeDOS
|
||||
kernel ${boot-url}/memdisk iso raw
|
||||
initrd ${boot-url}/iso/FD13LIVE.iso
|
||||
boot || goto failed
|
||||
goto start
|
||||
|
||||
:netboot-xyz
|
||||
chain --autofree http://boot.netboot.xyz/ipxe/netboot.xyz.lkrn
|
||||
goto start
|
||||
```
|
||||
chain --autofree http://boot.netboot.xyz
|
||||
```
|
||||
|
||||
:ubuntu
|
||||
echo Booting Ubuntu 22.04 (NFS)
|
||||
initrd ${boot-url}/mount/ubuntu-22.04.3-desktop-amd64.iso/casper/initrd
|
||||
chain ${boot-url}/mount/ubuntu-22.04.3-desktop-amd64.iso/casper/vmlinuz ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/ubuntu-22.04.3-desktop-amd64.iso
|
||||
goto start
|
||||
|
||||
|
||||
:ubuntu-http
|
||||
echo Booting Ubuntu 22.04 (HTTP)
|
||||
initrd ${boot-url}/mount/ubuntu-22.04.3-desktop-amd64.iso/casper/initrd
|
||||
set url http://${dhcp-server}/iso/ubuntu-22.04.3-desktop-amd64.iso
|
||||
chain ${boot-url}/mount/ubuntu-22.04.3-desktop-amd64.iso/casper/vmlinuz ip=dhcp boot=casper netboot=url url=${url} initrd=initrd
|
||||
goto start
|
||||
|
||||
:popos
|
||||
echo Booting POP OS 22.04 (NFS)
|
||||
initrd ${boot-url}/mount/pop-os_22.04_amd64_intel_4.iso/casper/initrd.gz
|
||||
chain ${boot-url}/mount/pop-os_22.04_amd64_intel_4.iso/casper/vmlinuz.efi ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/pop-os_22.04_amd64_intel_4.iso
|
||||
goto start
|
||||
|
||||
:popos-nvidia
|
||||
echo Booting POP OS 22.04 - nvidia (NFS)
|
||||
initrd ${boot-url}/mount/pop-os_22.04_amd64_nvidia_4.iso/casper/initrd.gz
|
||||
chain ${boot-url}/mount/pop-os_22.04_amd64_nvidia_4.iso/casper/vmlinuz.efi ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/pop-os_22.04_amd64_nvidia_4.iso
|
||||
goto start
|
||||
|
||||
:elementary
|
||||
echo Booting Elementary OS 7 (NFS)
|
||||
initrd ${boot-url}/mount/elementaryos-7.1-stable.20230926rc.iso/casper/initrd.lz
|
||||
chain ${boot-url}/mount/elementaryos-7.1-stable.20230926rc.iso/casper/vmlinuz ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/elementaryos-7.1-stable.20230926rc.iso
|
||||
goto start
|
||||
|
||||
:mint-cinnamon
|
||||
echo Booting Linuxmint 21.2 cinnamon (NFS)
|
||||
initrd ${boot-url}/mount/linuxmint-21.2-cinnamon-64bit.iso/casper/initrd.lz
|
||||
chain ${boot-url}/mount/linuxmint-21.2-cinnamon-64bit.iso/casper/vmlinuz ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/linuxmint-21.2-cinnamon-64bit.iso
|
||||
goto start
|
||||
|
||||
:mint-xfce
|
||||
echo Booting Linuxmint 21.2 xfce (NFS)
|
||||
initrd ${boot-url}/mount/linuxmint-21.2-xfce-64bit.iso/casper/initrd.lz
|
||||
chain ${boot-url}/mount/linuxmint-21.2-xfce-64bit.iso/casper/vmlinuz ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/linuxmint-21.2-xfce-64bit.iso
|
||||
goto start
|
||||
|
||||
:mint-mate
|
||||
echo Booting Linuxmint 21.2 mate (NFS)
|
||||
initrd ${boot-url}/mount/linuxmint-21.2-mate-64bit.iso/casper/initrd.lz
|
||||
chain ${boot-url}/mount/linuxmint-21.2-mate-64bit.iso/casper/vmlinuz ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/linuxmint-21.2-mate-64bit.iso
|
||||
goto start
|
||||
|
||||
:mint-lmde
|
||||
echo Booting Linuxmint Debian Edition 6 (NFS)
|
||||
initrd ${boot-url}/mount/lmde-6-cinnamon-64bit.iso/casper/initrd.lz
|
||||
chain ${boot-url}/mount/lmde-6-cinnamon-64bit.iso/casper/vmlinuz ip=dhcp boot=live live-config live-media-path=/casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/lmde-6-cinnamon-64bit.iso
|
||||
goto start
|
||||
|
||||
:xubuntu
|
||||
echo Booting XUbuntu 22.04 (NFS)
|
||||
initrd ${boot-url}/mount/xubuntu-22.04.3-desktop-amd64.iso/casper/initrd
|
||||
chain ${boot-url}/mount/xubuntu-22.04.3-desktop-amd64.iso/casper/vmlinuz ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/xubuntu-22.04.3-desktop-amd64.iso
|
||||
goto start
|
||||
|
||||
:lubuntu
|
||||
echo Booting LUbuntu 22.04 (NFS)
|
||||
initrd ${boot-url}/mount/lubuntu-22.04.3-desktop-amd64.iso/casper/initrd
|
||||
chain ${boot-url}/mount/lubuntu-22.04.3-desktop-amd64.iso/casper/vmlinuz ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/lubuntu-22.04.3-desktop-amd64.iso
|
||||
goto start
|
||||
|
||||
:zorin-core
|
||||
echo Booting Zorin OS 16.3 Core (NFS)
|
||||
initrd ${boot-url}/mount/Zorin-OS-16.3-Core-64-bit.iso/casper/initrd.lz4
|
||||
chain ${boot-url}/mount/Zorin-OS-16.3-Core-64-bit.iso/casper/vmlinuz ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/Zorin-OS-16.3-Core-64-bit.iso
|
||||
goto start
|
||||
|
||||
:zorin-lite
|
||||
echo Booting Zorin OS 16.3 Lite (NFS)
|
||||
initrd ${boot-url}/mount/Zorin-OS-16.3-Lite-64-bit.iso/casper/initrd.lz4
|
||||
chain ${boot-url}/mount/Zorin-OS-16.3-Lite-64-bit.iso/casper/vmlinuz ip=dhcp boot=casper netboot=nfs nfsroot=${dhcp-server}:/srv/pxe/mount/Zorin-OS-16.3-Lite-64-bit.iso
|
||||
goto start
|
||||
|
||||
:fedora
|
||||
echo Booting Fedora Workstation 38 Live (NFS)
|
||||
initrd ${boot-url}/mount/Fedora-Workstation-Live-x86_64-38-1.6.iso/images/pxeboot/initrd.img
|
||||
chain ${boot-url}/mount/Fedora-Workstation-Live-x86_64-38-1.6.iso/images/pxeboot/vmlinuz rd.live.image root=live:nfs://${dhcp-server}/srv/pxe/mount/Fedora-Workstation-Live-x86_64-38-1.6.iso/LiveOS/squashfs.img
|
||||
goto start
|
||||
|
||||
:opensuse
|
||||
echo Booting openSUSE Leap 15.5 (NFS)
|
||||
initrd ${boot-url}/mount/openSUSE-Leap-15.5-DVD-x86_64-Build491.1-Media.iso/boot/x86_64/loader/initrd
|
||||
chain ${boot-url}/mount/openSUSE-Leap-15.5-DVD-x86_64-Build491.1-Media.iso/boot/x86_64/loader/linux install=${boot-url}/mount/openSUSE-Leap-15.5-DVD-x86_64-Build491.1-Media.iso splash=silent
|
||||
goto start
|
||||
|
||||
:kali
|
||||
echo Booting Kali Linux 2023.3 (NFS)
|
||||
initrd ${boot-url}/mount/kali-linux-2023.3-live-amd64.iso/live/initrd.img
|
||||
chain ${boot-url}/mount/kali-linux-2023.3-live-amd64.iso/live/vmlinuz ip=auto boot=live components quiet splash noeject hostname=kali-live findiso=${boot-url}/iso/kali-linux-2023.3-live-amd64.iso
|
||||
goto start
|
||||
|
202
install.sh
Normal file
202
install.sh
Normal file
@ -0,0 +1,202 @@
|
||||
#!/bin/bash
|
||||
|
||||
LAN_IFACE=ens224
|
||||
WAN_IFACE=ens192
|
||||
HOSTNAME=brasatore
|
||||
DHCP_START=172.16.77.50
|
||||
DHCP_END=172.16.77.150
|
||||
LAN_IP=172.16.77.1
|
||||
LAN_SUBNET=255.255.255.0
|
||||
|
||||
# pacchetti
|
||||
cat >/etc/apt/sources.list <<EOF
|
||||
deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
|
||||
deb http://deb.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
|
||||
deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
|
||||
EOF
|
||||
apt update
|
||||
apt install -y dnsmasq nginx iptables ipxe syslinux-common unzip nfs-kernel-server
|
||||
|
||||
# directory
|
||||
mkdir -p /srv/pxe/iso /srv/pxe/mount /srv/tftp
|
||||
|
||||
# nginx config
|
||||
cat > /etc/nginx/sites-available/pxe <<EOF
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
root /srv/pxe;
|
||||
location / {
|
||||
autoindex on;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
[ -f /etc/nginx/sites-enabled/default ] && rm /etc/nginx/sites-enabled/default
|
||||
[ ! -f /etc/nginx/sites-enabled/pxe ] && ln -s /etc/nginx/sites-available/pxe /etc/nginx/sites-enabled/pxe
|
||||
service nginx restart
|
||||
|
||||
# hostname
|
||||
echo "$HOSTNAME" > /etc/hostname
|
||||
hostname -F /etc/hostname
|
||||
cat > /etc/hosts <<EOF
|
||||
127.0.0.1 localhost
|
||||
127.0.1.1 $HOSTNAME
|
||||
# The following lines are desirable for IPv6 capable hosts
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
EOF
|
||||
|
||||
# network
|
||||
cat > /etc/network/interfaces.d/lan <<EOF
|
||||
auto $LAN_IFACE
|
||||
iface $LAN_IFACE inet static
|
||||
address $LAN_IP
|
||||
netmask $LAN_SUBNET
|
||||
EOF
|
||||
ifup $LAN_IFACE
|
||||
|
||||
# routing/firewall
|
||||
iptables -t nat -F
|
||||
iptables -t nat -A POSTROUTING -o $WAN_IFACE -j MASQUERADE
|
||||
iptables -F
|
||||
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
iptables -A INPUT -m state --state NEW -p icmp -j ACCEPT
|
||||
iptables -A INPUT -m state --state NEW ! -i $LAN_IFACE -j ACCEPT
|
||||
iptables -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT
|
||||
iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
|
||||
iptables -A INPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT
|
||||
iptables -A INPUT -m state --state NEW -p udp --dport 53 -j ACCEPT
|
||||
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p udp --dport 67 -j ACCEPT
|
||||
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p udp --dport 69 -j ACCEPT
|
||||
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p tcp --dport 111 -j ACCEPT
|
||||
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p udp --dport 111 -j ACCEPT
|
||||
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p tcp --dport 2049 -j ACCEPT
|
||||
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p udp --dport 2049 -j ACCEPT
|
||||
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p tcp --dport 4047 -j ACCEPT
|
||||
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p udp --dport 4047 -j ACCEPT
|
||||
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p tcp --dport 4048 -j ACCEPT
|
||||
iptables -A INPUT -m state --state NEW -i $LAN_IFACE -p udp --dport 4048 -j ACCEPT
|
||||
iptables -A FORWARD -i $LAN_IFACE -o $LAN_IFACE -j REJECT
|
||||
iptables -P INPUT DROP
|
||||
iptables-save > /etc/iptables.rules
|
||||
cat > /etc/network/if-pre-up.d/iptables <<EOF
|
||||
#!/bin/sh
|
||||
iptables-restore < /etc/iptables.rules
|
||||
exit 0
|
||||
EOF
|
||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/ipv4_forward.conf
|
||||
|
||||
|
||||
# dnsmasq config
|
||||
cat > /etc/dnsmasq.d/tftp <<EOF
|
||||
enable-tftp
|
||||
tftp-root=/srv/tftp
|
||||
tftp-no-fail
|
||||
EOF
|
||||
cat > /etc/dnsmasq.d/dhcp <<EOF
|
||||
dhcp-range=$DHCP_START,$DHCP_END,4h
|
||||
dhcp-option=option:router,$LAN_IP
|
||||
dhcp-option=option:dns-server,$LAN_IP
|
||||
dhcp-authoritative
|
||||
log-dhcp
|
||||
EOF
|
||||
cat > /etc/dnsmasq.d/dns <<EOF
|
||||
bogus-priv
|
||||
no-resolv
|
||||
server=9.9.9.9
|
||||
server=1.1.1.2
|
||||
expand-hosts
|
||||
log-queries
|
||||
EOF
|
||||
service dnsmasq restart
|
||||
|
||||
|
||||
# netboot.xyz (alternativa 1)
|
||||
#cat > /etc/dnsmasq.d/pxe <<EOF
|
||||
#dhcp-match=set:bios,option:client-arch,0
|
||||
#dhcp-boot=tag:bios,netboot.xyz.kpxe
|
||||
#dhcp-boot=tag:!bios,netboot.xyz.efi
|
||||
#EOF
|
||||
#wget -c -O /srv/tftp/netboot.xyz.kpxe http://boot.netboot.xyz/ipxe/netboot.xyz.kpxe
|
||||
#wget -c -O /srv/tftp/netboot.xyz.efi http://boot.netboot.xyz/ipxe/netboot.xyz.efi
|
||||
#service dnsmasq restart
|
||||
|
||||
# ipxe (alternativa 2)
|
||||
#cat > /etc/dnsmasq.d/pxe <<EOF
|
||||
#dhcp-match=set:bios,option:client-arch,0
|
||||
#dhcp-boot=tag:bios,undionly.kpxe
|
||||
#dhcp-boot=tag:!bios,ipxe.efi
|
||||
#dhcp-match=ipxe,175
|
||||
#dhcp-boot=net:ipxe,http://$LAN_IP/boot-netboot.txt
|
||||
#EOF
|
||||
#cat > /srv/pxe/boot-netboot.txt <<EOF
|
||||
##!ipxe
|
||||
#dhcp
|
||||
#chain --autofree http://boot.netboot.xyz
|
||||
#EOF
|
||||
#[ ! -f /srv/tftp/undionly.kpxe ] && cp /usr/lib/ipxe/undionly.kpxe /srv/tftp/undionly.kpxe
|
||||
#[ ! -f /srv/tftp/ipxe.efi ] && cp /usr/lib/ipxe/ipxe.efi /srv/tftp/ipxe.efi
|
||||
#service dnsmasq restart
|
||||
|
||||
# nfs
|
||||
sed -i 's/^RPCMOUNTDOPTS.*/RPCMOUNTDOPTS="--manage-gids --port 4047"/' /etc/default/nfs-kernel-server
|
||||
cat > /etc/exports <<EOF
|
||||
/srv/pxe ${LAN_IP}/${LAN_SUBNET}(ro,async,no_root_squash,no_subtree_check,crossmnt)
|
||||
EOF
|
||||
exportfs -r
|
||||
# questo è da fare meglio in modo che sia ripetibile
|
||||
cat >> /etc/services <<EOF
|
||||
mountd 4047/tcp
|
||||
mountd 4047/udp
|
||||
lockd 4048/tcp
|
||||
lockd 4048/udp
|
||||
EOF
|
||||
|
||||
|
||||
# ipxe OK
|
||||
cat > /etc/dnsmasq.d/pxe <<EOF
|
||||
dhcp-match=set:bios,option:client-arch,0
|
||||
dhcp-boot=tag:bios,undionly.kpxe
|
||||
dhcp-boot=tag:!bios,ipxe.efi
|
||||
dhcp-match=ipxe,175
|
||||
dhcp-boot=net:ipxe,http://$LAN_IP/boot.txt
|
||||
EOF
|
||||
[ ! -f /srv/tftp/undionly.kpxe ] && cp /usr/lib/ipxe/undionly.kpxe /srv/tftp/undionly.kpxe
|
||||
[ ! -f /srv/tftp/ipxe.efi ] && cp /usr/lib/ipxe/ipxe.efi /srv/tftp/ipxe.efi
|
||||
[ ! -f /srv/pxe/memdisk ] && cp /usr/lib/syslinux/memdisk /srv/pxe/memdisk
|
||||
if [ ! -f /srv/pxe/iso/freedos.iso] ; then
|
||||
wget -c -O /tmp/FD13-LiveCD.zip https://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/distributions/1.3/official/FD13-LiveCD.zip
|
||||
unzip /tmp/FD13-LiveCD.zip -d /srv/pxe/iso/ *.iso && rm /tmp/FD13-LiveCD.zip
|
||||
fi
|
||||
|
||||
|
||||
|
||||
# memtest: https://www.memtest.org/download/v6.20/mt86plus_6.20.binaries.zip
|
||||
|
||||
# mount on boot
|
||||
cat > /etc/systemd/system/mount-isos.service <<EOF
|
||||
[Unit]
|
||||
Description=Mount ISOs
|
||||
|
||||
[Service]
|
||||
ExecStart=/srv/pxe/mount/mount-all.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
cat > /srv/pxe/mount/mount-all.sh <<EOF
|
||||
#!/bin/bash
|
||||
|
||||
montami() {
|
||||
B=\$(basename \$1)
|
||||
mount "/srv/pxe/iso/\$B" "/srv/pxe/mount/\$B"
|
||||
echo "mounted '/srv/pxe/iso/\$B' on '/srv/pxe/mount/\$B'"
|
||||
}
|
||||
export -f montami
|
||||
find /srv/pxe/mount/ -mindepth 1 -maxdepth 1 -type d -exec bash -c 'montami "\$0"' {} \;
|
||||
|
||||
EOF
|
||||
chmod u+x /srv/pxe/mount/mount-all.sh
|
||||
systemctl enable mount-isos
|
Loading…
Reference in New Issue
Block a user