Initial commit

README.md

+# MPS/RA VM - StudentVersion
+
+## What is different compared to the official VM?
+- Based on current Debian buster (10.7) instead of Ubuntu 14.04 from 2014
+- The newer OS allows for easy customization with current applications if needed
+- Preconfigured with icons and theme for a more modern look and feel
+- Better startmenu (whiskermenu)
+- Automatic login to desktop (The login doesn't add any security in this case and only takes more time)
+- No automatic screensaver / logout
+- More lightweight and optimized for use in a VM and for the specific tasks required
+- Only ~46 tasks after boot compared to ~94 tasks on the original VM
+- Much more diskspace inside the VM with 19GB total instead of only 8GB (the disk is dynamic so it takes only actually used space from the host)
+- Much less diskspace used inside the VM with only ~2.5GB used instead of ~5.6GB
+- Much smaller image size with less than 1GB instead of ~2.7GB
+- Source Navigator is preconfigured to use the modern `utf-8` textencoding instead of `iso8859-1` from 1987. That makes it easy to use special chars in the textfiles on any modern machine. Keep in mind that this breaks the special chars in the given files (e.g. `äöü...`) since those are using the old encoding.
+- When mounting LabDisk and h-da user homedirectory, the username is automatically saved and reused
+- The full VPN is replaced by sshuttle, which acts in the same way but tunnels all traffic through ssh
+- With sshuttle the _VPN_ can also use passwordless authentication when it is configured
+- The VM is configured automatically ontop of a minimal debian server installation using ansible
+- The ansible config shows exactly what steps have been used to setup the VM as it is and provide a comprehensible log of what was changed
+- By using the ansible configuration, future updates (e.g. installing additional packages, changing binaries, ...) could be applied with one command inside the VM instead of needing to setup and configure a completely new VM image
+
+## Screenshots
+
+![](doc/screenshot1.png)
+
+![](doc/screenshot2.png)
+
+## How to use the hda-util.sh (Desktop shortcuts)
+A custom bashscript is installed to `/home/fs/hda-util.sh` which provides easy access to mounting h-da network shares, opening the VPN connection and more.
+This script is used in the desktop launcher shortcuts to provide 1-click actions for the most important functions.
+
+On the first run the script will ask for the st-account username and stores it into `/home/fs/.hda-username`. On each following call, the username stored in that file will be used automatically. To change the username the file can either be deleted (`rm ~/.hda-username`) or modified to contain the right username. When calling the script manually, you have to specify `-y` in the beginning if you want to automatically use the stored username.
+
+### Mounting the Network shares
+
+The script can mount the LabDisk and the homedir network shares. This uses the filemanager thunar with sftp.
+
+Mount LabDisk by hand:
+```sh
+hda-util.sh -m labdisk
+```
+
+Mount homedir by hand:
+```sh
+hda-util.sh -m homedir
+```
+
+### Connecting the _VPN_
+
+The script uses sshuttle to tunnel all traffic through ssh. This has pretty much the same effect as a real VPN would have and should not make a difference in this usecase.
+The word "VPN" is used in most locations to avoid confusion, even though this is __not__ a VPN connection.
+
+Connect the _VPN_ by hand:
+```sh
+hda-util.sh --vpn
+```
+
+## Virtualbox Guest Additions (Automatic resize, shared disks)
+
+The virtualbox guest additions should always be installed from the VirtualBox host to avoid compatibility issues. This can be done with the following steps:
+
+1. Start the VM
+2. Mount the guest additions 
+3. Open the guest addition directory in the terminal
+4. Enter `sudo sh VBoxLinuxAdditions.run`
+5. Unmount the guest additions from the VM
+6. Reboot the VM
+7. Add the fs user to vboxsf group `sudo usermod -G vboxsf -a fs`
+
+## Building the VM from scratch
+
+The VM is built ontop of the 32-bit version of debian 10.7.0 .
+
+Using the following steps the VM Image can be recreated from scratch:
+1. Download the netinstall ISO for 32 bit Debian 10.7.0 (debian-10.7.0-i386-netinst.iso)
+2. Install debian in the VM while using the following settings:
+   1. Create the default user with name `fs` and password `fs`
+   2. Leave the root password empty to automatically configure `sudo`
+   3. Install __only__ the standard system utilities from the software selection, no GUI
+   4. Finish the installation
+3. Boot into the new system and log into the terminal with the fs user
+4. Use the bootstrap command to install ansible+git and then execute the ansible playbook using ansible-pull:
+```sh
+$ wget -O /tmp/bs.sh https://code.fbi.h-da.de/vm/sv/-/raw/master/bootstrap.sh
+$ sudo sh /tmp/bs.sh
+```
+
+5. If everything went as planned the GUI, toolchain and other programs should be installed configured. So just reboot the VM and you should see the desktop
+
+Optionally the VM image can be compressed for the smallest possible image size:
+- Inside the VM
+```sh
+$ sudo apt clean
+$ sudo rm -r /var/lib/apt/lists/*
+```
+- To overwrite all free space with 0 for better compression, access from outside of the VM OS is needed. This can be accomplished for example using a live stick or recovery mode. The root_partition is the partition where `/` was installed to, e.g. `sda1`
+```sh
+$ sudo zerofree -v /dev/[root_partition]
+```
+- Optionally to compress the actual VM disk the following command must be exectued on the host:
+```sh
+$ vboxmange modifyhd --compact /path/to/the/vm/disk.vdi
+```
+- When exporting the VM now the image file should be as small as possible without removing further components
+
+## Further notes
+
+The tasks for RA and MPS labs are not included to prevent license and copyright issues. Since the toolchain consists of binaries and is provided as is, there should be no such issues there.
+
+## Known issues
+
+### System volume is on 0 by default
+- Workaround: Just turn it up
\ No newline at end of file

bootstrap.sh

+#!/bin/sh
+
+apt-get update
+apt-get install -y --no-install-recommends git ansible
+ansible-pull --purge -U https://code.fbi.h-da.de/vm/sv.git
\ No newline at end of file

files/bin/hda-util.sh

+#/bin/bash
+
+# @file hda-util.sh
+# @author Daniel Müller
+# @contact daniel.q.mueller@stud.h-da.de
+
+
+HDA_ENTRYPOINT="userv.fbi.h-da.de"
+USERNAME_FILE="$HOME/.hda-username"
+
+
+########## Help #########
+# Parse help command and print the help text
+#
+
+# Also show help when no parameters are given
+[ -z "$1" ] && set -- help
+
+case $1 in
+help|--help|-h)
+	echo "usage: $(basename $0) [-y] [-m mount_name] [--ssh] [--setup-pubkey] [--vpn]"
+	echo "params:"
+	echo "  -y                       Accept suggested username"
+	echo "  --mount | -m             Mount userv share mount_name"
+	echo "      mout_name: homedir   Mount hda home dir"
+	echo "      mout_name: labdisk   Mount hda lab disk"
+	echo "  --setup-pubkey           Setup passwordless auth for hda server"
+	echo "  --ssh [args]             Open ssh connection to hda server. args are"
+	echo "                           supplied to the ssh command"
+	echo "  --vpn                    Start sshuttle as replacement for a full VPN"
+	echo "                           This will route all trafic through the SSH"
+	exit 0
+;;
+esac
+
+
+########## Print msg and exit #########
+# This prints $2 and then exits the program with code $1
+#
+exit_msg() {
+	echo "$2"
+	exit $1
+}
+
+
+########## Trap EXIT signal to delete the ssh keys #########
+# This is executed when exiting while trying to copy the ssh keys
+# to the server. The newly generated ssh keys are deleted again, 
+# since the operation was not completed
+#
+trap_exit_pubkey() {
+	rm ~/.ssh/id_ed25519
+	rm ~/.ssh/id_ed25519.pub
+}
+
+
+########## Use stored username or enter new username ##########
+# Get a username either from terminal input or use cached username.
+# 
+get_username() {
+
+	[ -n "$username" ] && return
+
+	if [ -f $USERNAME_FILE ]; then
+		username=$(cat $USERNAME_FILE)
+		
+		if [ -z "$accept_username" ]; then
+		
+			read -p "Use username: $username? (y/n) " yesno
+			[ "$yesno" != "y" ] && unset username
+		
+		fi
+	fi
+
+	if [ -z "$username" ]; then
+
+		read -p "Enter st-account name: " username
+		[ -z "$username" ] && exit_msg 1 "No username given"
+
+		echo "$username" > $USERNAME_FILE
+
+	fi
+}
+
+
+########## Mount the userv network shares ##########
+# The selected network share from userv is mounted and 
+# opened in the thunar fileexplorer
+#
+module_mount() {
+
+	[ -z "$1" ] && exit_msg "No mount specified"
+	
+	get_username
+	
+	case $1 in 
+	labdisk|lab)
+		thunar --daemon sftp://$username@$HDA_ENTRYPOINT/home/groups/LabDisk
+	;;
+	
+	home|homedir)
+		thunar --daemon sftp://$username@$HDA_ENTRYPOINT/home/$username
+	;;
+	
+	*)
+		exit_msg 1 "Invalid mount"
+	;;
+	esac
+	
+}
+
+
+########## Open SSH Connection ##########
+# This function simply opens a ssh connection to the userv server.
+# The stored username is used
+#
+module_ssh_open() {
+	
+	get_username
+
+	ssh $username@$HDA_ENTRYPOINT $@
+}
+
+
+########## Open sshuttle connection ##########
+# This will use sshuttle to tunnel all traffic via ssh through the university
+# network. The ssh method is less powerfull and performant than a real VPN but
+# it is also much more lightweight and simpler. Since all cases where the VPN
+# was used before would have been sufficient with a ssh socks proxy, this should
+# not be a problem.
+# The log and the help inaccurately refer to this as "VPN" because this term is
+# widely understood and avoids confusion for the users
+#
+module_vpn() {
+
+	get_username
+	
+	echo "*******************"
+	echo "* Starting VPN... *"
+	echo "*******************"
+	echo ""
+	echo "This requires elevated privileges, so the user password might be needed"
+	echo "The connection itself will need the h-da password, if passwordless auth is not configured"
+	echo "As long as this program is running, the VPN connection will be active."
+	echo ""
+
+	sudo sh -c "echo ST-Account $username; sshuttle -x $HDA_ENTRYPOINT -r $username@$HDA_ENTRYPOINT 0.0.0.0/0"
+
+}
+
+
+########## Setup passwordless authentication ##########
+# This function creates a new ssh key, uploads it to the userv server and
+# then executes the `userv-set-authorized-keys` command on the server.
+# Since there are 2 ssh connections, 1 to copy and 1 to execute the commmand,
+# the password needs to be entered 2 times.
+# 
+module_setup_passwordless_auth() {
+	[ -f ~/.ssh/id_ed25519 ] && exit_msg 0 "A public key was already created."
+	
+	get_username
+	
+	ssh-keygen -f ~/.ssh/id_ed25519 -t ed25519 -q -P ""
+	
+	
+	echo "**************************************"
+	echo "*    Copying and applying SSH key    *"
+	echo "* Password entry is required 2 times *"
+	echo "*   once for copy, once for apply    *"
+	echo "* The password is the h-da password  *"
+	echo "**************************************"
+	
+	trap trap_exit_pubkey EXIT
+	
+	ssh-copy-id -i ~/.ssh/id_ed25519 $username@$HDA_ENTRYPOINT
+	ssh $username@$HDA_ENTRYPOINT -C "userv-set-authorized-keys /home/$username/.ssh/authorized_keys"
+	
+	echo ""
+	echo "**************************************"
+	echo "The public key has been installed on the server."
+	echo "It might take a few minutes until the server "
+	
+	trap - EXIT
+}
+
+
+########## Argument parsing ##########
+# Parses the commandline arguments and executes the right modules
+#
+while [ -n "$1" ]; do
+
+	case $1 in
+	-y)
+		shift
+		accept_username="true"
+	;;
+
+	--mount|-m)
+		shift
+		module_mount $1
+		shift
+	;;
+
+	--setup-pubkey)
+		shift
+		module_setup_passwordless_auth
+		exit 0
+	;;
+	
+	--ssh)
+		shift
+		module_ssh_open $@
+		exit 0
+	;;
+	
+	--vpn)
+		shift
+		module_vpn
+		exit 0
+	;;
+
+	*)
+		exit_msg 1 "Unknown argument: $1. Use --help for help"
+	;;
+	esac
+
+done
+

files/conf/firefox/policies.json

+{
+    "policies": {
+        "Certificates": {
+            "Install": [
+                "/usr/share/ca-certificates/dfn-ca-global-g2.crt"
+            ]
+        }
+    }
+}
\ No newline at end of file

files/conf/home-conf/.config/autostart/light-locker.desktop

+[Desktop Entry]
+Hidden=true
+

files/conf/home-conf/.config/xfce4/desktop/icons.screen0-1424x852.rc

+[xfdesktop-version-4.10.3+-rcfile_format]
+4.10.3+=true
+
+[Papierkorb]
+row=0
+col=0
+
+[/]
+row=1
+col=0
+
+[/home/fs]
+row=2
+col=0
+

files/conf/home-conf/.config/xfce4/desktop/icons.screen0-1424x854.rc

+[xfdesktop-version-4.10.3+-rcfile_format]
+4.10.3+=true
+
+[Papierkorb]
+row=0
+col=0
+
+[/]
+row=1
+col=0
+
+[/home/fs]
+row=2
+col=0
+

files/conf/home-conf/.config/xfce4/desktop/icons.screen0-1424x855.rc

+[xfdesktop-version-4.10.3+-rcfile_format]
+4.10.3+=true
+
+[Papierkorb]
+row=0
+col=0
+
+[/]
+row=1
+col=0
+
+[/home/fs]
+row=2
+col=0
+

files/conf/home-conf/.config/xfce4/desktop/icons.screen0-1904x1184.rc

+[xfdesktop-version-4.10.3+-rcfile_format]
+4.10.3+=true
+
+[Papierkorb]
+row=0
+col=0
+
+[/]
+row=1
+col=0
+
+[/home/fs]
+row=2
+col=0
+

files/conf/home-conf/.config/xfce4/desktop/icons.screen0-784x552.rc

+[xfdesktop-version-4.10.3+-rcfile_format]
+4.10.3+=true
+
+[Papierkorb]
+row=0
+col=0
+
+[/]
+row=1
+col=0
+
+[/home/fs]
+row=2
+col=0
+

files/conf/home-conf/.config/xfce4/desktop/icons.screen0-784x554.rc

+[xfdesktop-version-4.10.3+-rcfile_format]
+4.10.3+=true
+
+[Papierkorb]
+row=0
+col=0
+
+[/]
+row=1
+col=0
+
+[/home/fs]
+row=2
+col=0
+

files/conf/home-conf/.config/xfce4/desktop/icons.screen0-784x584.rc

+[xfdesktop-version-4.10.3+-rcfile_format]
+4.10.3+=true
+
+[Papierkorb]
+row=0
+col=0
+
+[/]
+row=1
+col=0
+
+[/home/fs]
+row=2
+col=0
+

files/conf/home-conf/.config/xfce4/panel/whiskermenu-1.rc

+favorites=exo-terminal-emulator.desktop,exo-file-manager.desktop,exo-mail-reader.desktop,exo-web-browser.desktop
+recent=xfce-settings-manager.desktop,xfce-display-settings.desktop
+button-title=Anwendungen
+button-icon=xfce4-whiskermenu
+button-single-row=false
+show-button-title=false
+show-button-icon=true
+launcher-show-name=true
+launcher-show-description=true
+launcher-show-tooltip=true
+item-icon-size=2
+hover-switch-category=false
+category-show-name=true
+category-icon-size=1
+load-hierarchy=false
+recent-items-max=10
+favorites-in-recent=true
+display-recent-default=false
+position-search-alternate=false
+position-commands-alternate=false
+position-categories-alternate=false
+stay-on-focus-out=false
+confirm-session-command=true
+menu-width=400
+menu-height=500
+menu-opacity=100
+command-settings=xfce4-settings-manager
+show-command-settings=true
+command-lockscreen=xflock4
+show-command-lockscreen=true
+command-switchuser=dm-tool switch-to-greeter
+show-command-switchuser=false
+command-logoutuser=xfce4-session-logout --logout --fast
+show-command-logoutuser=false
+command-restart=xfce4-session-logout --reboot --fast
+show-command-restart=false
+command-shutdown=xfce4-session-logout --halt --fast
+show-command-shutdown=false
+command-suspend=xfce4-session-logout --suspend
+show-command-suspend=false
+command-hibernate=xfce4-session-logout --hibernate
+show-command-hibernate=false
+command-logout=xfce4-session-logout
+show-command-logout=true
+command-menueditor=menulibre
+show-command-menueditor=true
+command-profile=mugshot
+show-command-profile=true
+search-actions=5
+
+[action0]
+name=Handbuchseiten
+pattern=#
+command=exo-open --launch TerminalEmulator man %s
+regex=false
+
+[action1]
+name=Internetsuche
+pattern=?
+command=exo-open --launch WebBrowser https://duckduckgo.com/?q=%u
+regex=false
+
+[action2]
+name=Wikipedia
+pattern=!w
+command=exo-open --launch WebBrowser https://en.wikipedia.org/wiki/%u
+regex=false
+
+[action3]
+name=Im Terminal ausführen
+pattern=!
+command=exo-open --launch TerminalEmulator %s
+regex=false
+
+[action4]
+name=Adresse öffnen
+pattern=^(file|http|https):\\/\\/(.*)$
+command=exo-open \\0
+regex=true
+

files/conf/home-conf/.config/xfce4/panel/xfce4-clipman-actions.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<actions>
+	<action>
+		<name>Bild</name>
+		<regex>(http|ftp).+\.(jpg|png|gif)</regex>
+		<group>0</group>
+		<commands>
+			<command>
+				<name>Mit GIMP bearbeiten</name>
+				<exec>gimp-remote &quot;\0&quot;</exec>
+			</command>
+			<command>
+				<name>Mit Ristretto betrachten</name>
+				<exec>ristretto &quot;\0&quot;</exec>
+			</command>
+		</commands>
+	</action>
+	<action>
+		<name>Fehler</name>
+		<regex>bug\s*#?\s*([0-9]+)</regex>
+		<group>0</group>
+		<commands>
+			<command>
+				<name>Fehler bei Xfce</name>
+				<exec>exo-open http://bugzilla.xfce.org/show_bug.cgi?id=\1</exec>
+			</command>
+			<command>
+				<name>Fehler bei Gnome</name>
+				<exec>exo-open http://bugzilla.gnome.org/show_bug.cgi?id=\1</exec>
+			</command>
+		</commands>
+	</action>
+	<action>
+		<name>Lange Netzadresse</name>
+		<regex>http://[^\s]{120,}</regex>
+		<group>0</group>
+		<commands>
+			<command>
+				<name>Netzadresse kürzen</name>
+				<exec>exo-open http://tinyurl.com/create.php?url=\0</exec>
+			</command>
+		</commands>
+	</action>
+</actions>
\ No newline at end of file

files/conf/home-conf/.config/xfce4/terminal/accels.scm

+; xfce4-terminal GtkAccelMap rc-file         -*- scheme -*-
+; this file is an automated accelerator map dump
+;
+(gtk_accel_path "<Actions>/terminal-window/goto-tab-1" "<Alt>1")
+(gtk_accel_path "<Actions>/terminal-window/goto-tab-3" "<Alt>3")
+; (gtk_accel_path "<Actions>/terminal-window/file-menu" "")
+; (gtk_accel_path "<Actions>/terminal-window/close-other-tabs" "")
+; (gtk_accel_path "<Actions>/terminal-window/search" "<Primary><Shift>f")
+; (gtk_accel_path "<Actions>/terminal-window/next-tab" "<Primary>Page_Down")
+; (gtk_accel_path "<Actions>/terminal-window/copy-html" "")
+; (gtk_accel_path "<Actions>/terminal-window/show-menubar" "")
+; (gtk_accel_path "<Actions>/terminal-window/zoom-reset" "<Primary>0")
+; (gtk_accel_path "<Actions>/terminal-window/close-window" "<Primary><Shift>q")