postinstall.sh

#!/bin/bash

set -eux

cat >> /etc/network/interfaces << 'EOF'
# VLAN interface configuration
auto enp98s0f0.4000
iface enp98s0f0.4000 inet static
    vlan-raw-device enp98s0f0
    vlan-id 4000
    mtu 1400
    address 172.16.32.2
    netmask 255.255.255.0
    up ip route add 172.16.0.0/16 via 172.16.32.1
EOF

useradd -m -s /bin/bash findforce
usermod -aG sudo findforce

echo "findforce ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/findforce

mkdir /home/findforce/.ssh
cp /root/.ssh/authorized_keys /home/findforce/.ssh/authorized_keys
chown -R findforce:findforce /home/findforce/

sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
sed -i -e '/^\(#\|\)KbdInteractiveAuthentication/s/^.*$/KbdInteractiveAuthentication no/' /etc/ssh/sshd_config
sed -i -e '/^\(#\|\)ChallengeResponseAuthentication/s/^.*$/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
sed -i -e '/^\(#\|\)MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config
sed -i -e '/^\(#\|\)X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config
sed -i -e '/^\(#\|\)AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config

cryptsetup luksFormat /dev/nvme1n1 /root/passphrase.txt
cryptsetup open /dev/nvme1n1 cryptvar --key-file /root/passphrase.txt
echo "cryptvar UUID=$(blkid -s UUID -o value /dev/nvme1n1) /root/passphrase.txt luks" >> /etc/crypttab
mkfs.xfs /dev/mapper/cryptvar
mkdir -p /var/lib
mount /dev/mapper/cryptvar /var/lib
echo "/dev/mapper/cryptvar /var/lib xfs defaults 0 0" >> /etc/fstab

apt-get update
apt-get install -y cryptsetup cryptsetup-initramfs vlan
update-initramfs -u