proxy_role/overlay/Linux/usr/local/Whonix-Host.rc
2024-01-06 01:57:28 +00:00

139 lines
5.1 KiB
Bash
Executable File

#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
. /usr/local/etc/local.d/local.bash
chmod 775 /usr/local/sbin/*sh /usr/local/bin/*sh
export PATH=$PATH:/usr/local/bin:/usr/local/sbin
grep -q root=/dev/vda /proc/cmdline
PROXY_IS_VDA=$?
if [ $PROXY_IS_VDA -eq 0 ] ; then
/usr/local/sbin/proxy_whonix_lib.bash proxy_vda_config
fi
# Host and Vda
[ -d /etc/apt ] && \
local_manual_stop_services openvpn exim4 apt-daily-upgrade udisks2 \
sdwdate tb-updater-first-boot lvm2-monitor
# BEGIN ANSIBLE MANAGED BLOCK base initctl
if [ ! -e /dev/initctl -a -e /run/initctl ] ; then
ln -s /run/initctl /dev/initctl
elif [ ! -e /dev/initctl ] ; then
mknod -m=0600 /dev/initctl p
fi
# END ANSIBLE MANAGED BLOCK base initctl
# BEGIN ANSIBLE MANAGED BLOCK base
( cd /var/tmp && rm -rf ansible-local-* Temp-* ssh-* pulse-* .xfsm-ICE-* )
# END ANSIBLE MANAGED BLOCK base
# sh "/var/local/etc/local.d/testforge.start"
# redis
# WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
#? echo never > /sys/kernel/mm/transparent_hugepage/enabled
if false;then
# failsafe but independent of whether wlan exists
[ -f /usr/local/sbin/proxy_whonix_host_libvirt.bash ] && \
sh /usr/local/sbin/proxy_whonix_host_libvirt.bash proxy_whonix_libvirt_start
if ! /usr/local/sbin/proxy_whonix_host.bash config ; then
echo WARN: Whonix-Host.rc proxy_whonix_host.bash config failed $?
fi
if ! /usr/local/sbin/proxy_whonix_host.bash start ; then
echo WARN: Whonix-Host.rc proxy_whonix_host.bash start failed $?
fi
if ! /usr/local/sbin/proxy_whonix_host.bash test ; then
echo WARN: Whonix-Host.rc proxy_whonix_host.bash test failed $?
fi
fi
exit 0
# BEGIN ANSIBLE MANAGED BLOCK update lati_unix.yml text
local_systemd_stop_services display-manager
# END ANSIBLE MANAGED BLOCK update lati_unix.yml text
# BEGIN ANSIBLE MANAGED BLOCK update lati_unix.yml fstab
for eltin h i j o q v q w l ; do
[ -d /mnt/$elt/tmp ] || mount /mnt/$elt
done
exit 0
# END ANSIBLE MANAGED BLOCK update lati_unix.yml fstab
# BEGIN ANSIBLE MANAGED BLOCK update lati_unix.yml mask
# local_manual_stop_services
SYSTEMD_STOP_AND_MASK="
debug-shell.service
systemd-backlight@.service
phpsessionclean.service
phpsessionclean.timer
apt-daily-upgrade.service
apt-daily-upgrade.timer
dbus-org.freedesktop.nm-dispatcher.service
tb-updater-first-boot.service
openvpn.service
systemd-backlight@.service
systemd-backlight@backlight.service
vboxadd-service.service
vboxautostart-service.service
vboxballoonctrl-service.service
vboxdrv.service
vboxweb-service.service
"
# /usr/local/etc/local.d/local.bash local_systemd_stop_and_mask $SYSTEMD_STOP_AND_MASK
for file in /usr/local/etc/systemd/*.mask ; do
cat $file | /usr/local/etc/local.d/local.bash local_systemd_stop_and_mask
done
# END ANSIBLE MANAGED BLOCK update lati_unix.yml mask
/var/local/bin/harden_dbus_neuter.bash
which brightnessctl 2>/dev/null >/dev/null && brightnessctl set 90%
# BEGIN ANSIBLE MANAGED BLOCK update
/usr/local/etc/local.d/local.bash local_disable_lid
# END ANSIBLE MANAGED BLOCK update
# BEGIN ANSIBLE MANAGED BLOCK update local_disable_lid
/usr/local/etc/local.d/local.bash local_disable_lid
# END ANSIBLE MANAGED BLOCK update local_disable_lid
# BEGIN ANSIBLE MANAGED BLOCK base lati_unix.yml mask
ROLE=base
for file in /usr/local/etc/systemd/$ROLE.mask ; do
cat $file | /usr/local/etc/local.d/local.bash local_systemd_stop_and_mask
done
# END ANSIBLE MANAGED BLOCK base lati_unix.yml mask
# BEGIN ANSIBLE MANAGED BLOCK gpgkey lati_unix.yml mask
ROLE=gpgkey
for file in /usr/local/etc/systemd/$ROLE.mask ; do
cat $file | /usr/local/etc/local.d/local.bash local_systemd_stop_and_mask
done
# END ANSIBLE MANAGED BLOCK gpgkey lati_unix.yml mask
# BEGIN ANSIBLE MANAGED BLOCK hostvms lati_unix.yml mask
ROLE=hostvms
for file in /usr/local/etc/systemd/$ROLE.mask ; do
cat $file | /usr/local/etc/local.d/local.bash local_systemd_stop_and_mask
done
# END ANSIBLE MANAGED BLOCK hostvms lati_unix.yml mask
# BEGIN ANSIBLE MANAGED BLOCK privacy lati_unix.yml mask
ROLE=privacy
for file in /usr/local/etc/systemd/$ROLE.mask ; do
cat $file | /usr/local/etc/local.d/local.bash local_systemd_stop_and_mask
done
# END ANSIBLE MANAGED BLOCK privacy lati_unix.yml mask
# BEGIN ANSIBLE MANAGED BLOCK proxy lati_unix.yml mask
ROLE=proxy
for file in /usr/local/etc/systemd/$ROLE.mask ; do
cat $file | /usr/local/etc/local.d/local.bash local_systemd_stop_and_mask
done
# END ANSIBLE MANAGED BLOCK proxy lati_unix.yml mask
# BEGIN ANSIBLE MANAGED BLOCK testforge lati_unix.yml mask
ROLE=testforge
for file in /usr/local/etc/systemd/$ROLE.mask ; do
cat $file | /usr/local/etc/local.d/local.bash local_systemd_stop_and_mask
done
# END ANSIBLE MANAGED BLOCK testforge lati_unix.yml mask