V8.02.512.2025.05.30

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-05-30 00:28:39 +02:00
parent 2680012395
commit b2282d3475
172 changed files with 14057 additions and 41 deletions
--- a/scripts/etc/network/9999_interfaces_update_netcup.chroot
+++ b/scripts/etc/network/9999_interfaces_update_netcup.chroot
@@ -0,0 +1,144 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+set -C -e -u -o pipefail
+
+printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
+# sleep 1
+
+mv /etc/network/interfaces /root/.ciss/dlb/backup/interfaces.chroot
+rm -f /etc/network/interfaces
+
+cat << 'EOF' >| /etc/network/interfaces
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+### The loopback network interface
+auto lo
+iface lo inet loopback
+
+### Fully dynamic interface
+auto dynamic
+iface dynamic inet dhcp
+    pre-up \
+      IFACE=$(ip -o link show \
+        | awk -F': ' '{print $2}' \
+        | grep -m1 -v lo) && \
+      echo "Using interface $IFACE as dynamic" && \
+      ip link set dev "$IFACE" up && \
+      ip link set dev "$IFACE" name dynamic
+
+    post-down \
+      ip link set dev dynamic name "$IFACE" && \
+      echo "Restored interface name $IFACE"
+
+source /etc/network/interfaces.d/*
+
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
+EOF
+
+chmod 0644 /etc/network/interfaces
+
+mkdir -p /etc/network/interfaces.d
+
+cat << 'EOF' >| /etc/network/interfaces.d/99-netcup-static
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+### Static IPv6 Address for Netcup Root Server
+iface ens3 inet6 static
+    address MUST_BE_REPLACED/128
+    ### dns01.eddns.eu dns02.eddns.de
+    dns-nameservers 2a01:4f9:c012:a813:135:181:207:105 2a0a:4cc0:1:e6:89:58:62:53
+    gateway fe80::1
+
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
+EOF
+
+cat << 'EOF_SCRIPT' >| /usr/local/bin/insert_net_source.sh
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+### Insert the 'source' directive and restart networking
+
+declare -r INTERFACES_FILE="/etc/network/interfaces"
+declare -r INCLUDE_LINE="source /etc/network/interfaces.d/*"
+
+if ! grep -Fxq "${INCLUDE_LINE}" "${INTERFACES_FILE}"; then
+  cat << 'EOF_INNER' >> "${INTERFACES_FILE}"
+
+source /etc/network/interfaces.d/*
+
+EOF_INNER
+fi
+
+sleep 15
+systemctl restart networking
+exit 0
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
+EOF_SCRIPT
+
+chmod 0755 /usr/local/bin/insert_net_source.sh
+
+mkdir -p /etc/systemd/system
+
+cat << 'EOF' >> /etc/systemd/system/insert-net-source.service
+[Unit]
+Description=Insert network include directive and restart networking
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/insert_net_source.sh
+
+[Install]
+WantedBy=multi-user.target
+
+EOF
+
+mkdir -p /etc/systemd/system/multi-user.target.wants
+ln -fs /etc/systemd/system/insert-net-source.service /etc/systemd/system/multi-user.target.wants/insert-net-source.service
+
+
+printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
+# sleep 1
+
+exit 0
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh