From fb75cc36df6f3c4242e68b466900942c2defacb4 Mon Sep 17 00:00:00 2001 From: Matt Knoop Date: Mon, 8 Dec 2025 22:02:35 -0700 Subject: [PATCH] fix networking. --- config/container_cmd.sh | 4 +++ config/filesystem_chroot_install.sh | 49 ++++++++++++++++++++--------- config/interfaces.network | 5 +++ config/polystrap.cfg | 9 ------ config/resolved.conf | 9 ++++++ scripts/boot_image.sh | 2 +- scripts/build_filesystem.sh | 5 +++ scripts/build_initramfs.sh | 6 +--- 8 files changed, 60 insertions(+), 29 deletions(-) create mode 100644 config/interfaces.network delete mode 100644 config/polystrap.cfg create mode 100644 config/resolved.conf diff --git a/config/container_cmd.sh b/config/container_cmd.sh index 1b83776..f3460f5 100755 --- a/config/container_cmd.sh +++ b/config/container_cmd.sh @@ -15,6 +15,7 @@ echo "CONFIG_FRAMEBUFFER_CONSOLE=y" >> ./.config echo "CONFIG_DRM_VIRTIO_GPU=y" >> ./.config echo "CONFIG_VIRTIO_PCI=y" >> ./.config echo "CONFIG_VIRTIO_BLK=y" >> ./.config +echo "CONFIG_VIRTIO_ANCHOR=y" >> ./.config echo "CONFIG_SCSI_VIRTIO=y" >> ./.config echo "CONFIG_VIRTIO_NET=y" >> ./.config echo "CONFIG_VIRTIO_CONSOLE=y" >> ./.config @@ -22,6 +23,8 @@ echo "CONFIG_VIRTIO_PCI_LIB=y" >> ./.config echo "CONFIG_VIRTIO_PCI_LIB_LEGACY=y" >> ./.config echo "CONFIG_VIRTIO_MENU=y" >> ./.config echo "CONFIG_VIRTIO_BALLOON=y" >> ./.config +echo "CONFIG_HW_RANDOM_VIRTIO=y" >> ./.config +echo "CONFIG_VIRTIO_PCI_LEGACY=y" >> ./.config echo "CONFIG_VIRTIO_MEM=y" >> ./.config echo "CONFIG_VIRTIO_MMIO=y" >> ./.config echo "CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y" >> ./.config @@ -29,6 +32,7 @@ echo "CONFIG_VIRTIO_IOMMU=y" >> ./.config echo "CONFIG_VIRTIO_FS=y" >> ./.config echo "CONFIG_PCI=y" >> ./.config echo "CONFIG_PCI_HOST_GENERIC=y" >> ./.config +echo "CONFIG_RPMSG_VIRTIO=y" >> ./.config echo "CONFIG_DRM=y" >> ./.config /usr/bin/make olddefconfig /usr/bin/make -j ${cores} diff --git a/config/filesystem_chroot_install.sh b/config/filesystem_chroot_install.sh index 7d099cb..c2abd46 100644 --- a/config/filesystem_chroot_install.sh +++ b/config/filesystem_chroot_install.sh @@ -1,25 +1,46 @@ -echo "deb http://archive.ubuntu.com/ubuntu noble main restricted universe multiverse" > /etc/apt/sources.list -echo "deb http://archive.ubuntu.com/ubuntu noble-updates main restricted universe multiverse" >> /etc/apt/sources.list -echo "deb http://archive.ubuntu.com/ubuntu noble-backports main restricted universe multiverse" >> /etc/apt/sources.list -echo "deb http://security.ubuntu.com/ubuntu noble-security main restricted universe multiverse" >> /etc/apt/sources.list +#add sources list for noble. +set -e +echo "deb https://archive.ubuntu.com/ubuntu noble main restricted universe multiverse" > /etc/apt/sources.list +echo "deb https://archive.ubuntu.com/ubuntu noble-updates main restricted universe multiverse" >> /etc/apt/sources.list +echo "deb https://archive.ubuntu.com/ubuntu noble-backports main restricted universe multiverse" >> /etc/apt/sources.list +echo "deb https://security.ubuntu.com/ubuntu noble-security main restricted universe multiverse" >> /etc/apt/sources.list apt update -apt install -y gnome-core -systemd-nspawn --boot -#systemctl enable opensnitch -apt install -y ufw -ufw enable -apt install -y curl flatpak -#git opensnitch qemu-system python3-bpfcc python3-pip bpfcc-tools ipset doas lm-sensors flatpak net-tools iputils-ping -#pip install --break-system-packages dnslib psutil -flatpak remote-add flathub https://dl.flathub.org/repo/flathub.flatpakrepo + +#set locale +locale-gen "en_US.UTF-8" +echo "LANG=en_US.UTF-8" > /etc/default/locale + +#install base system packages +apt install -y --no-install-recommends gnome-core git curl flatpak systemd-resolved ufw nano htop ipset lm-sensors net-tools iputils-ping fish python3-bpfcc python3-pip bpfcc-tools gnome-shell-extension-ubuntu-dock gnome-shell-extension-ubuntu-tiling-assistant ffmpeg vlc +pip install --break-system-packages dnslib psutil + +#add setuid for some applications +chmod u+s /usr/bin/bwrap +chmod u+s /usr/bin/ping + +#enable services +systemctl enable systemd-resolved +systemctl enable systemd-networkd + +#ui changes +gsettings set org.gnome.desktop.interface color-scheme 'prefer-dark' + + #run echo "permit persist :sudo as root" >> /etc/doas.conf + + +#create the default user useradd -m -s /bin/bash ubuntu usermod -a -G sudo ubuntu yes defaultpass | passwd ubuntu + +#install flatpak apps +flatpak remote-add flathub https://dl.flathub.org/repo/flathub.flatpakrepo flatpak install --system --noninteractive flathub org.keepassxc.KeePassXC + +#install brave browser curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg curl -fsSLo /etc/apt/sources.list.d/brave-browser-release.sources https://brave-browser-apt-release.s3.brave.com/brave-browser.sources -apt remove -y snapd apt update apt install -y brave-browser diff --git a/config/interfaces.network b/config/interfaces.network new file mode 100644 index 0000000..51d3cbe --- /dev/null +++ b/config/interfaces.network @@ -0,0 +1,5 @@ +[Match] +Name=* + +[Network] +DHCP=yes diff --git a/config/polystrap.cfg b/config/polystrap.cfg deleted file mode 100644 index 10013cb..0000000 --- a/config/polystrap.cfg +++ /dev/null @@ -1,9 +0,0 @@ -# /tmp/polystrap.cfg -[system] -target = amd64-linux-gnu -rootfs = /tmp/rootfs -host = host -download = http://deb.debian.org/debian -distribution = bullseye -components = main contrib non-free -architectures = amd64 diff --git a/config/resolved.conf b/config/resolved.conf new file mode 100644 index 0000000..91ebe39 --- /dev/null +++ b/config/resolved.conf @@ -0,0 +1,9 @@ +[Resolve] +Domains=~. +DNSSEC=true +DNSOverTLS=yes +MulticastDNS=no +LLMNR=no +Cache=yes +DNSStubListener=yes +DNS=9.9.9.11#dns11.quad9.net DNS=1.1.1.1#cloudflare-dns.com diff --git a/scripts/boot_image.sh b/scripts/boot_image.sh index 93572aa..9e72eaf 100755 --- a/scripts/boot_image.sh +++ b/scripts/boot_image.sh @@ -2,4 +2,4 @@ cd "$(dirname "$0")" cd .. disk="./outputs/boot_image.img" -qemu-system-x86_64 -bios /usr/share/ovmf/OVMF.fd -drive format=raw,file=$disk -m 12G -smp 8 -vga none -usb -device usb-tablet --display sdl,gl=off --device virtio-gpu-pci -enable-kvm -machine type=pc-q35-3.1,accel=kvm,kernel_irqchip=on +qemu-system-x86_64 -bios /usr/share/ovmf/OVMF.fd -drive format=raw,file=$disk -m 16G -smp 8 -vga virtio -usb -device usb-tablet --display gtk,gl=off --device virtio-gpu-pci -enable-kvm -machine type=pc-q35-3.1,accel=kvm,kernel_irqchip=on diff --git a/scripts/build_filesystem.sh b/scripts/build_filesystem.sh index 5a4bca2..4764eec 100755 --- a/scripts/build_filesystem.sh +++ b/scripts/build_filesystem.sh @@ -9,6 +9,9 @@ cd "$(dirname "$0")" DIR="$(dirname "$0")" cd .. echo $PWD +if mountpoint -q "./outputs/chroot/proc/"; then + umount -lf "./outputs/chroot/proc/" +fi if [ ! -d ./outputs/root/bin ]; then rm -rf './outputs/root' @@ -25,6 +28,8 @@ if mountpoint -q "./outputs/chroot/proc/"; then fi mount --bind /proc ./outputs/chroot/proc cp ./config/filesystem_chroot_install.sh ./outputs/chroot/filesystem_chroot_install.sh +cp ./config/interfaces.network ./outputs/chroot/etc/systemd/network/10-all.network +cp ./config/resolved.conf ./outputs/chroot/etc/systemd/resolved.conf chmod +x ./outputs/chroot/filesystem_chroot_install.sh chroot ./outputs/chroot /bin/bash -c "/filesystem_chroot_install.sh" cd $DIR diff --git a/scripts/build_initramfs.sh b/scripts/build_initramfs.sh index ff79f80..071e61a 100755 --- a/scripts/build_initramfs.sh +++ b/scripts/build_initramfs.sh @@ -20,11 +20,7 @@ cp ./config/init.sh ./dependencies/initram/init chmod +x ./dependencies/initram/init echo "copying kernel" cp ./dependencies/linux/arch/x86_64/boot/bzImage ./outputs/bzImage.efi -cd ./dependencies/initram -cd "$(dirname "$0")" -cd .. -cd ./dependencies/initram -echo $PWD +cd ./dependencies/initram/ find . -type f -name "*" -exec chmod +x {} + find . -print0 | cpio --null -ov --format=newc | gzip -9 > ../../outputs/initramfs.cpio.gz echo "created initramfs."