EDIT: Well this is kind of akward, but it turned out that I could resolve this rather quickly using heredoc strings. Given I'm using Ansible to create the installerconfig file, just copying the modified sshd_config into installerconfig in full via templates actually seems to be the easiest solution here, so I'll stick with it. In case someone wonders what I ended up with:
Where
Original Post:
Hello!
I am currently in the process of writing an installerconfig file for a FreeBSD installation via bsdinstall(8).
I have a working installation script that installs the base system along with some packages and it also
sets up an initial non-root user with authorized_keys, so the system can immediately used via SSH.
The installerconfig currently looks like this:
Here lies my issue: With regards to scripted installs, many guides I found on this forum seem to recommend modifying
files from the installerconfig script during the install, on a single line basis. If push comes to shove this would work
for me, but I was wondering if there is a way with which I can inject and replace certain base level configuration files
during the install and therefore keep the annotated version of the config file, as opposed to only my few lines of changes from the default.
Is replacing these config files in the installation media the right way to go, or should I do this another way?
I'm looking forward for any help on this matter.
Cheers!
Bash:
SSHD_CONFIG=$(
cat <<'END_HEREDOC'
{{ lookup('ansible.builtin.file', 'sshd_config') }}
END_HEREDOC
)
echo "$SSHD_CONFIG" > /etc/ssh/sshd_configWhere
{{ lookup('ansible.builtin.file', 'sshd_config') }} is a call to Ansibles jinja2 templating engine.Original Post:
Hello!
I am currently in the process of writing an installerconfig file for a FreeBSD installation via bsdinstall(8).
I have a working installation script that installs the base system along with some packages and it also
sets up an initial non-root user with authorized_keys, so the system can immediately used via SSH.
The installerconfig currently looks like this:
Code:
DISTRIBUTIONS="kernel.txz base.txz src.txz"
PARTITIONS=nvd0
export nonInteractive="YES"
#!/bin/sh
echo "nameserver 1.1.1.1" > /etc/resolv.conf
echo johndoe::::01-01-1970::John Doe::tcsh:none | adduser -w none -G wheel -f -
pw usermod johndoe -p -
mkdir /home/johndoe/.ssh
touch /home/johndoe/.ssh/authorized_keys
chown johndoe:johndoe /home/johndoe/.ssh/authorized_keys
chown johndoe:johndoe /home/johndoe/.ssh
echo "<john-does-really-long-ssh-rsa-key>" > /home/johndoe/.ssh/authorized_keys
echo "ifconfig_ix0=DHCP" >> /etc/rc.conf
echo "sshd_enable=YES" >> /etc/rc.conf
ifconfig ix0 up
dhclient ix0
env ASSUME_ALWAYS_YES=YES pkg bootstrap -f | cat
pkg install -y sudo wget vim
poweroffHere lies my issue: With regards to scripted installs, many guides I found on this forum seem to recommend modifying
files from the installerconfig script during the install, on a single line basis. If push comes to shove this would work
for me, but I was wondering if there is a way with which I can inject and replace certain base level configuration files
during the install and therefore keep the annotated version of the config file, as opposed to only my few lines of changes from the default.
The /etc/ssh/sshd_config` file is of particular interest to me, as I'd like to disable SSH password authentication
from the first boot of the system onwards (which the default config has enabled).Is replacing these config files in the installation media the right way to go, or should I do this another way?
I'm looking forward for any help on this matter.
Cheers!