default configuration

configure-debian-system.sh

@@ -0,0 +1,27 @@
+#!/bin/sh
+
+TFTP=/srv/tftp
+
+# create directories
+mkdir -p ${TFTP}
+mkdir -p ${TFTP}/pxelinux.cfg
+
+# copy Files from the Resource-Dir to the correct places:
+cp ./resources/lighttpd.conf /etc/lighttpd/lighttpd.conf
+cp ./resources/exports /etc/exports
+cp ./resources/default-minimal ${TFTP}/pxelinux.cfg/default
+cp ./resources/splash.png ${TFTP}/
+cp -a /usr/lib/syslinux/modules/bios ${TFTP}/
+
+# Link needed Files from installed Debian Packages to the TFTP-Root:
+ln /usr/lib/PXELINUX/pxelinux.0 $TFTP/
+ln /boot/ipxe.lkrn              $TFTP/
+ln ${TFTP}/bios/ldlinux.c32     $TFTP/
+ln ${TFTP}/pxelinux.cfg/default ${TFTP}/default -s
+
+# set file access
+chown www-data.www-data ${TFTP} -R
+chmod a+rwx ${TFTP} -R
+
+# restart services
+systemctl restart tftpd-hpa lighttpd nfs-kernel-server

install-debian-packages.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+apt install -y git tftpd-hpa nfs-kernel-server lighttpd ipxe pxelinux syslinux syslinux-common

resources/default-minimal

@@ -0,0 +1,26 @@
+rootprompt 0
+path bios
+default bios/vesamenu.c32
+TIMEOUT 300
+
+MENU TITLE PXE Bootserver
+MENU BACKGROUND splash.png
+
+LABEL disk0
+  localboot 0
+  MENU LABEL Boot from first Harddisk
+
+LABEL -
+  MENU LABEL --------------------------
+
+LABEL ipxe
+  MENU LABEL * iPXE Shell
+  KERNEL ipxe.lkrn dhcp && shell
+
+LABEL demo
+  MENU LABEL * iPXE Demonstration
+  KERNEL ipxe.lkrn dhcp && chain http://boot.ipxe.org/demo/boot.php
+
+LABEL fdos
+  MENU LABEL * iPXE FreeDOS over HTTP
+  KERNEL ipxe.lkrn dhcp && sanboot http://boot.ipxe.org/freedos/fdfullcd.iso

resources/exports

@@ -0,0 +1,11 @@
+# /etc/exports: the access control list for filesystems which may be exported
+#		to NFS clients.  See exports(5).
+#
+# Example for NFSv2 and NFSv3:
+# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
+#
+# Example for NFSv4:
+# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
+# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
+#
+/srv/tftp        *(ro,nohide,no_root_squash,no_subtree_check,insecure)

resources/lighttpd.conf

@@ -0,0 +1,55 @@
+server.modules = (
+	"mod_indexfile",
+	"mod_access",
+	"mod_alias",
+ 	"mod_redirect",
+)
+
+server.document-root        = "/srv/tftp"
+server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
+server.errorlog             = "/var/log/lighttpd/error.log"
+server.pid-file             = "/run/lighttpd.pid"
+server.username             = "www-data"
+server.groupname            = "www-data"
+server.port                 = 80
+dir-listing.activate        = "enable"
+
+# features
+#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
+server.feature-flags       += ("server.h2proto" => "enable")
+server.feature-flags       += ("server.h2c"     => "enable")
+server.feature-flags       += ("server.graceful-shutdown-timeout" => 5)
+#server.feature-flags       += ("server.graceful-restart-bg" => "enable")
+
+# strict parsing and normalization of URL for consistency and security
+# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
+# (might need to explicitly set "url-path-2f-decode" = "disable"
+#  if a specific application is encoding URLs inside url-path)
+server.http-parseopts = (
+  "header-strict"           => "enable",# default
+  "host-strict"             => "enable",# default
+  "host-normalize"          => "enable",# default
+  "url-normalize-unreserved"=> "enable",# recommended highly
+  "url-normalize-required"  => "enable",# recommended
+  "url-ctrls-reject"        => "enable",# recommended
+  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
+ #"url-path-2f-reject"      => "enable",
+  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
+ #"url-path-dotseg-reject"  => "enable",
+ #"url-query-20-plus"       => "enable",# consistency in query string
+)
+
+index-file.names            = ( "index.php", "index.html" )
+url.access-deny             = ( "~", ".inc" )
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
+
+# default listening port for IPv6 falls back to the IPv4 port
+include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
+include_shell "/usr/share/lighttpd/create-mime.conf.pl"
+include "/etc/lighttpd/conf-enabled/*.conf"
+
+#server.compat-module-load   = "disable"
+server.modules += (
+	"mod_dirlisting",
+	"mod_staticfile",
+)

tftp/default

@@ -1,170 +0,0 @@
-rootprompt 0
-path menu/
-default menu/vesamenu.c32
-TIMEOUT 300
-
-MENU TITLE OstrachNET PXE Bootservice
-MENU BACKGROUND menu/ostnet.png
-MENU ROWS 15
-MENU TABMSGROW 20
-MENU TIMEOUTROW 22
-
-LABEL disk0
-  localboot 0
-  MENU LABEL Starte von lokaler Platte (Default)
-
-label -
-  MENU LABEL Live-Systeme: --------------------------
-  MENU DISABLE
-
-LABEL knx9g
-  MENU LABEL * Knoppix 9.1 Live, Grafisch
-  KERNEL knx9/linux
-  APPEND nfsdir=192.168.75.3:/srv/knx9 nodhcp lang=de ramdisk_size=100000 init=/sbin/init apm=power-off nomce loglevel=1 initrd=knx9/miniroot.gz libata.force=noncq tz=localtime hpsa.hpsa_allow_any=1 hpsa.hpsa_allow_any=1 BOOT_IMAGE=knoppix
-
-MENU BEGIN
-  MENU LABEL *   Weitere Optionen...
-
-  LABEL knx9t
-   MENU LABEL * Knoppix 9.1 Live, Textmode
-   KERNEL knx9/linux
-   APPEND nfsdir=192.168.75.3:/srv/knx9 nodhcp lang=de ramdisk_size=100000 init=/sbin/init apm=power-off nomce loglevel=1 initrd=knx9/miniroot.gz libata.force=noncq tz=localtime hpsa.hpsa_allow_any=1 hpsa.hpsa_allow_any=1 BOOT_IMAGE=knoppix 2
-
-  LABEL slitazfull
-   MENU LABEL * Slitaz Linux Live, Grafisch
-   linux slitaz/boot/bzImage
-   APPEND initrd=slitaz/boot/rootfs4.gz,slitaz/boot/rootfs3.gz,slitaz/boot/rootfs2.gz,slitaz/boot/rootfs1.gz root=/dev/null video=-32 autologin kbd lang=de_DE kmap=de-latin1 tz=Europe/Berlin
-
-  LABEL slitazcore
-   MENU LABEL * Slitaz Linux Live, minimal
-   linux slitaz/boot/bzImage
-   APPEND initrd=slitaz/boot/rootfs4.gz root=/dev/null video=-32 autologin kbd lang=de_DE kmap=de-latin1 tz=Europe/Berlin
-
-  LABEL slitazf
-   MENU LABEL * Slitaz Linux Floppyimage
-   kernel menu/memdisk
-   append initrd=img/floppy-grub4dos
-
-  LABEL zurueck...
-   MENU EXIT
-MENU END
-
-label -
-  MENU LABEL Backup & Restore: ----------------------
-  MENU DISABLE
-
-LABEL rescue
-  MENU LABEL * Rescuezilla Live
-  kernel rescue/vmlinuz
-  APPEND initrd=rescue/initrd.lz netboot=nfs root=/dev/nfs ramdisk_size=1500000 ip=dhcp nfsroot=192.168.75.3:/srv/rescue boot=casper locale=de_DE keyboard-configuration/layoutcode=de bootkbd=de console-setup/layoutcode=de quiet
-
-MENU BEGIN
-  MENU LABEL *   Weitere Optionen...
-
-  LABEL rescue2
-    MENU LABEL * Rescuezilla Live Fail-Safe
-    kernel rescue/vmlinuz
-    APPEND initrd=rescue/initrd.lz netboot=nfs root=/dev/nfs ramdisk_size=1500000 ip=dhcp nfsroot=192.168.75.3:/srv/rescue boot=casper locale=de_DE keyboard-configuration/layoutcode=de bootkbd=de> xforcevesa nomodeset vga=791 quiet
-
-  LABEL clonei686
-    MENU LABEL * Clonezilla Live i686 (Ramdisk)
-    KERNEL clone/vmlinuz.i686
-    APPEND initrd=clone/initrd.i686.img boot=live username=user union=overlay config components noswap edd=on nomodeset nodmraid locales=de_DE.UTF-8 keyboard-layouts=de-latin-1 ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_batch=no net.ifnames=0 nosplash noprompt fetch=tftp://192.168.75.3/clone/filesystem.i686.squashfs quiet
-
-  LABEL clonex64
-    MENU LABEL * Clonezilla Live x64 (Ramdisk)
-    KERNEL clone/vmlinuz.x64
-    APPEND initrd=clone/initrd.x64.img boot=live username=user union=overlay config components noswap edd=on nomodeset nodmraid locales=de_DE.UTF-8 keyboard-layouts=de-latin-1 ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_batch=no net.ifnames=0 nosplash noprompt fetch=tftp://192.168.75.3/clone/filesystem.x64.squashfs quiet
-
-  LABEL acr11
-    MENU LABEL * Acronis True Image Home 2011
-    LINUX  menu/memdisk
-    INITRD acronis/acronis2011.iso
-    APPEND iso raw
-
-  LABEL acr10
-    MENU LABEL * Acronis True Image 2010
-    LINUX  menu/memdisk
-    INITRD acronis/acronis2010.iso
-    APPEND iso raw
-
-  LABEL acr09
-    MENU LABEL * Acronis True Image 2009
-    LINUX  menu/memdisk
-    INITRD acronis/acronis2009.iso
-    APPEND iso raw
-
-  LABEL zurueck...
-  MENU EXIT
-MENU END
-
-label -
-  MENU LABEL Installer: ------------------------------
-  MENU DISABLE
-
-MENU BEGIN
-  MENU LABEL * Debian Installer...
-
-  LABEL deb
-   menu label * Debian 12 Installer 64Bit Textmodus
-   kernel deb/linux
-   append vga=788 initrd=deb/initrd.gz --- quiet
-
-  LABEL deb64
-   MENU LABEL * Debian 11 Installer 64Bit Textmodus
-   CONFIG deb/debian-installer/amd64/pxelinux.cfg/default
-   APPEND deb/
-  LABEL deb32
-   MENU LABEL * Debian 11 Installer 32Bit Textmodus
-   CONFIG deb/debian-installer/i386/pxelinux.cfg/default
-   APPEND deb/
-
-  LABEL zurueck...
-  MENU EXIT
-MENU END
-
-label -
-  MENU LABEL Boot- & System-Tools: --------------------
-  MENU DISABLE
-
-  LABEL hdt
-   MENU LABEL * Hardware Erkennung
-   COM32 menu/hdt.c32
-
-  LABEL memtestpl
-   MENU LABEL * Memtest86+
-   kernel img/memtest86+
-
-MENU BEGIN
-  MENU LABEL *   Weitere Optionen...
-
-  label sbm
-    MENU LABEL * Smart Boot Manager
-    kernel menu/memdisk
-    append initrd=img/sbm.imz
-
-  LABEL plop
-   MENU LABEL * PloP Boot Manager
-   kernel menu/plop.exe
-
-  LABEL memtest
-   MENU LABEL * Memtest86
-   kernel img/memtest86
-
-  label win98
-    MENU LABEL * Windows 98 Bootdisk (DOS 7)
-    kernel menu/memdisk
-    append initrd=img/win98.img
-
-  label ether
-    MENU LABEL * Etherboot
-    kernel menu/memdisk
-    append initrd=img/ether.img
-
-  LABEL zurueck...
-  MENU EXIT
-MENU END
-
-# interessante optionen...
-# rescuezilla: APPEND initrd=rescue/initrd.lz boot=live noswap fetch=tftp://192.168.75.3:/rescue/filesystem.squashfs toram ---
-