From 1277b5dc97702022a16ffb338f6c87932da8c473 Mon Sep 17 00:00:00 2001
From: manuel <manuelsilvarosa@gmail.com>
Date: Fri, 12 Jul 2024 12:21:49 +0000
Subject: [PATCH] update server files

---
 .../debsrv_64/0520-removeapps.hook.chroot     |  2 +-
 .../debsrv_64/0620-installapps.hook.chroot    |  3 +-
 .../normal/debsrv_64/0660-selinux_hook.chroot | 41 +++++++++++++++++++
 .../devsrv_64/0520-removeapps.hook.chroot     |  2 +-
 .../normal/devsrv_64/0660-selinux_hook.chroot | 41 +++++++++++++++++++
 .../installer/preseed/debsrv_64/preseed.cfg   |  2 +-
 .../installer/preseed/devsrv_64/preseed.cfg   |  2 +-
 .../scripts/debsrv_64/06copy-files-to-cdrom   | 10 ++---
 .../scripts/devsrv_64/06copy-files-to-cdrom   | 10 ++---
 .../hooks/normal/0520-removeapps.hook.chroot  | 12 ------
 .../hooks/normal/0620-installapps.hook.chroot | 17 --------
 python_modules/conf.py                        |  9 ++--
 12 files changed, 103 insertions(+), 48 deletions(-)
 create mode 100755 iso_configs/hooks/normal/debsrv_64/0660-selinux_hook.chroot
 create mode 100755 iso_configs/hooks/normal/devsrv_64/0660-selinux_hook.chroot
 delete mode 100755 iso_configs/server/hooks/normal/0520-removeapps.hook.chroot
 delete mode 100755 iso_configs/server/hooks/normal/0620-installapps.hook.chroot

diff --git a/iso_configs/hooks/normal/debsrv_64/0520-removeapps.hook.chroot b/iso_configs/hooks/normal/debsrv_64/0520-removeapps.hook.chroot
index 95e54f7e..4275d086 100755
--- a/iso_configs/hooks/normal/debsrv_64/0520-removeapps.hook.chroot
+++ b/iso_configs/hooks/normal/debsrv_64/0520-removeapps.hook.chroot
@@ -8,5 +8,5 @@
 ### Missing files no longer cause builds to fail.
 
 # Remove software
-#apt --purge --yes autoremove nvidia* 
+apt --purge --yes autoremove nvidia* 
 
diff --git a/iso_configs/hooks/normal/debsrv_64/0620-installapps.hook.chroot b/iso_configs/hooks/normal/debsrv_64/0620-installapps.hook.chroot
index 65f82d3a..f9067075 100755
--- a/iso_configs/hooks/normal/debsrv_64/0620-installapps.hook.chroot
+++ b/iso_configs/hooks/normal/debsrv_64/0620-installapps.hook.chroot
@@ -5,5 +5,4 @@
 # SPDX-FileCopyrightText:  2023 PeppemrintOS Team  (peppermintosteam@proton.me)
 
 ### install cockpit server manager
-    apt -y install cockpit* 
-
+    apt -y install cockpit cockpit-machines cockpit-podman 
diff --git a/iso_configs/hooks/normal/debsrv_64/0660-selinux_hook.chroot b/iso_configs/hooks/normal/debsrv_64/0660-selinux_hook.chroot
new file mode 100755
index 00000000..f75c212b
--- /dev/null
+++ b/iso_configs/hooks/normal/debsrv_64/0660-selinux_hook.chroot
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# SPDX-FileCopyrightText:  2023 PeppemrintOS Team  (peppermintosteam@proton.me)
+
+set -e
+
+# Install required SELinux packages
+chroot $1 apt-get update
+chroot $1 apt-get -y install selinux-basics selinux-policy-default auditd
+
+# Initialize SELinux
+chroot $1 selinux-activate
+
+# Restart auditd service
+chroot $1 systemctl restart auditd
+
+# Enable SELinux policy activation on boot
+chroot $1 systemctl enable selinux-policy-activate
+
+# Disable AppArmor
+chroot $1 systemctl disable apparmor
+chroot $1 systemctl stop apparmor
+chroot $1 apt-get -y purge apparmor
+
+# Additional configuration (optional)
+# Here you can add commands to adjust policies or configure additional rules
+
+# Set SELinux to enforcing mode
+chroot $1 /usr/sbin/setenforce 1
+
+# Configure file contexts (example)
+chroot $1 /sbin/restorecon -Rv /etc/
+
+# Allow HTTPD scripts and modules to connect to the network (example)
+chroot $1 /usr/sbin/setsebool -P httpd_can_network_connect 1
+
+exit 0
+
+
diff --git a/iso_configs/hooks/normal/devsrv_64/0520-removeapps.hook.chroot b/iso_configs/hooks/normal/devsrv_64/0520-removeapps.hook.chroot
index 95e54f7e..4275d086 100755
--- a/iso_configs/hooks/normal/devsrv_64/0520-removeapps.hook.chroot
+++ b/iso_configs/hooks/normal/devsrv_64/0520-removeapps.hook.chroot
@@ -8,5 +8,5 @@
 ### Missing files no longer cause builds to fail.
 
 # Remove software
-#apt --purge --yes autoremove nvidia* 
+apt --purge --yes autoremove nvidia* 
 
diff --git a/iso_configs/hooks/normal/devsrv_64/0660-selinux_hook.chroot b/iso_configs/hooks/normal/devsrv_64/0660-selinux_hook.chroot
new file mode 100755
index 00000000..f75c212b
--- /dev/null
+++ b/iso_configs/hooks/normal/devsrv_64/0660-selinux_hook.chroot
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# SPDX-FileCopyrightText:  2023 PeppemrintOS Team  (peppermintosteam@proton.me)
+
+set -e
+
+# Install required SELinux packages
+chroot $1 apt-get update
+chroot $1 apt-get -y install selinux-basics selinux-policy-default auditd
+
+# Initialize SELinux
+chroot $1 selinux-activate
+
+# Restart auditd service
+chroot $1 systemctl restart auditd
+
+# Enable SELinux policy activation on boot
+chroot $1 systemctl enable selinux-policy-activate
+
+# Disable AppArmor
+chroot $1 systemctl disable apparmor
+chroot $1 systemctl stop apparmor
+chroot $1 apt-get -y purge apparmor
+
+# Additional configuration (optional)
+# Here you can add commands to adjust policies or configure additional rules
+
+# Set SELinux to enforcing mode
+chroot $1 /usr/sbin/setenforce 1
+
+# Configure file contexts (example)
+chroot $1 /sbin/restorecon -Rv /etc/
+
+# Allow HTTPD scripts and modules to connect to the network (example)
+chroot $1 /usr/sbin/setsebool -P httpd_can_network_connect 1
+
+exit 0
+
+
diff --git a/iso_configs/installer/preseed/debsrv_64/preseed.cfg b/iso_configs/installer/preseed/debsrv_64/preseed.cfg
index eda8f3ed..1face86f 100644
--- a/iso_configs/installer/preseed/debsrv_64/preseed.cfg
+++ b/iso_configs/installer/preseed/debsrv_64/preseed.cfg
@@ -29,5 +29,5 @@ popularity-contest popularity-contest/participate boolean false
 ### Account setup
 # Skip creation of a root account (normal user account will be able to
 # use sudo).
-d-i passwd/root-login boolean false
+#d-i passwd/root-login boolean false
 
diff --git a/iso_configs/installer/preseed/devsrv_64/preseed.cfg b/iso_configs/installer/preseed/devsrv_64/preseed.cfg
index 5bdea942..ffd5505b 100644
--- a/iso_configs/installer/preseed/devsrv_64/preseed.cfg
+++ b/iso_configs/installer/preseed/devsrv_64/preseed.cfg
@@ -29,5 +29,5 @@ popularity-contest popularity-contest/participate boolean false
 ### Account setup
 # Skip creation of a root account (normal user account will be able to
 # use sudo).
-d-i passwd/root-login boolean false
+#d-i passwd/root-login boolean false
 
diff --git a/iso_configs/installer/scripts/debsrv_64/06copy-files-to-cdrom b/iso_configs/installer/scripts/debsrv_64/06copy-files-to-cdrom
index a1fc3189..93a3bd5f 100755
--- a/iso_configs/installer/scripts/debsrv_64/06copy-files-to-cdrom
+++ b/iso_configs/installer/scripts/debsrv_64/06copy-files-to-cdrom
@@ -7,12 +7,12 @@
 # This script copies a file to the chroot and runs commands during the Debian installation process.
 
 # Copy files to the chroot directory
-#echo "Copying files to chroot..."
-#cp /preseed/grub/grub /cdrom/etc/default
+echo "Copying files to chroot..."
+cp /preseed/grub/grub /cdrom/etc/default
 
 # update grub and initramfs
-#chroot /cdrom update-initramfs -u
-#chroot /cdrom update-grub
+chroot /cdrom update-initramfs -u
+chroot /cdrom update-grub
 
-#exit 0
+exit 0
 
diff --git a/iso_configs/installer/scripts/devsrv_64/06copy-files-to-cdrom b/iso_configs/installer/scripts/devsrv_64/06copy-files-to-cdrom
index a1fc3189..93a3bd5f 100755
--- a/iso_configs/installer/scripts/devsrv_64/06copy-files-to-cdrom
+++ b/iso_configs/installer/scripts/devsrv_64/06copy-files-to-cdrom
@@ -7,12 +7,12 @@
 # This script copies a file to the chroot and runs commands during the Debian installation process.
 
 # Copy files to the chroot directory
-#echo "Copying files to chroot..."
-#cp /preseed/grub/grub /cdrom/etc/default
+echo "Copying files to chroot..."
+cp /preseed/grub/grub /cdrom/etc/default
 
 # update grub and initramfs
-#chroot /cdrom update-initramfs -u
-#chroot /cdrom update-grub
+chroot /cdrom update-initramfs -u
+chroot /cdrom update-grub
 
-#exit 0
+exit 0
 
diff --git a/iso_configs/server/hooks/normal/0520-removeapps.hook.chroot b/iso_configs/server/hooks/normal/0520-removeapps.hook.chroot
deleted file mode 100755
index 95e54f7e..00000000
--- a/iso_configs/server/hooks/normal/0520-removeapps.hook.chroot
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# SPDX-FileCopyrightText:  2023 PeppemrintOS Team  (peppermintosteam@proton.me)
-
-### Error checking added to "lint-trap" section.
-### Missing files no longer cause builds to fail.
-
-# Remove software
-#apt --purge --yes autoremove nvidia* 
-
diff --git a/iso_configs/server/hooks/normal/0620-installapps.hook.chroot b/iso_configs/server/hooks/normal/0620-installapps.hook.chroot
deleted file mode 100755
index 2933a1b3..00000000
--- a/iso_configs/server/hooks/normal/0620-installapps.hook.chroot
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# SPDX-FileCopyrightText:  2023 PeppemrintOS Team  (peppermintosteam@proton.me)
-
-# Check if it's Debian (based on ID field)
-if grep -q '^PRETTY_NAME="PeppermintOS Debian"' /etc/os-release && grep -q 'VERSION_CODENAME=bookworm' /etc/os-release; then
-    # Install software only if it's Debian and codename is bookworm
-    apt --yes install cockpit* || true
-# Check if it's Devuan (based on ID field)
-elif grep -q '^PRETTY_NAME="PeppermintOS Devuan' /etc/os-release && grep -q 'VERSION_CODENAME=daedalus' /etc/os-release; then
-    echo "This is Devuan distribution, and the codename is daedalus. Packages will not be installed."
-else
-    echo "This distribution is not supported. Packages will not be installed."
-fi
-
diff --git a/python_modules/conf.py b/python_modules/conf.py
index dd46553c..10398cd4 100644
--- a/python_modules/conf.py
+++ b/python_modules/conf.py
@@ -306,7 +306,7 @@ SERVER_LIST = ('zonefstoolspep\n'
                'libzbdpep1\n'
                'sudo\n'
                'task-ssh-server\n'
-               'task-web-server\n'
+               #'task-web-server\n'
                'sshguard\n'
                'btop\n'
                'whois\n'
@@ -315,11 +315,11 @@ SERVER_LIST = ('zonefstoolspep\n'
                'net-tools\n'
                'nfs-common\n'
                'firewalld\n'
-               'samba\n'
+               'openssl\n'
                'cups\n'
-               'gvfs-backends\n'
                'git\n'
                'wget\n'
+               'vim\n'
                )
 
 MINI_LIST = ('nano\n'
@@ -608,12 +608,15 @@ LBSET_SHARED_INSTALLER_DEV = (' --debian-installer-distribution "daedalus"'
                               )
 LBSET_SHARED_INSTALLER_MINI = (' --debootstrap-options --include=zstd,locales,dialog,krb5-locales'
                                ' --debian-installer cdrom'
+                               ' --debian-installer-preseedfile preseed.cfg'
                                )
 LBSET_PRIVATE_SERVER_DEB64 = (' --image-name "PeppermintOS-server-Debian-64"'
                               ' --debian-installer live'
+                              ' --debian-installer-preseedfile preseed.cfg'
                               )
 LBSET_PRIVATE_SERVER_DEV64 = (' --image-name "PeppermintOS-server-Devuan-64"'
                               ' --debian-installer live'
+                              ' --debian-installer-preseedfile preseed.cfg'
                               )
 LBSET_PRIVATE_MINI_DEB64 = (' --image-name "PeppermintOS-mini-Debian-64"')
 LBSET_PRIVATE_MINI_DEV64 = (' --image-name "PeppermintOS-mini-Devuan-64"')