diff --git a/configure-debian-system.sh b/configure-debian-system.sh new file mode 100755 index 0000000..eec8c56 --- /dev/null +++ b/configure-debian-system.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +TFTP=/srv/tftp + +# create directories +mkdir -p ${TFTP} +mkdir -p ${TFTP}/pxelinux.cfg + +# copy Files from the Resource-Dir to the correct places: +cp ./resources/lighttpd.conf /etc/lighttpd/lighttpd.conf +cp ./resources/exports /etc/exports +cp ./resources/default-minimal ${TFTP}/pxelinux.cfg/default +cp ./resources/splash.png ${TFTP}/ +cp -a /usr/lib/syslinux/modules/bios ${TFTP}/ + +# Link needed Files from installed Debian Packages to the TFTP-Root: +ln /usr/lib/PXELINUX/pxelinux.0 $TFTP/ +ln /boot/ipxe.lkrn $TFTP/ +ln ${TFTP}/bios/ldlinux.c32 $TFTP/ +ln ${TFTP}/pxelinux.cfg/default ${TFTP}/default -s + +# set file access +chown www-data.www-data ${TFTP} -R +chmod a+rwx ${TFTP} -R + +# restart services +systemctl restart tftpd-hpa lighttpd nfs-kernel-server diff --git a/install-debian-packages.sh b/install-debian-packages.sh new file mode 100755 index 0000000..d9c09fd --- /dev/null +++ b/install-debian-packages.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +apt install -y git tftpd-hpa nfs-kernel-server lighttpd ipxe pxelinux syslinux syslinux-common diff --git a/resources/default-minimal b/resources/default-minimal new file mode 100755 index 0000000..b82bed4 --- /dev/null +++ b/resources/default-minimal @@ -0,0 +1,26 @@ +rootprompt 0 +path bios +default bios/vesamenu.c32 +TIMEOUT 300 + +MENU TITLE PXE Bootserver +MENU BACKGROUND splash.png + +LABEL disk0 + localboot 0 + MENU LABEL Boot from first Harddisk + +LABEL - + MENU LABEL -------------------------- + +LABEL ipxe + MENU LABEL * iPXE Shell + KERNEL ipxe.lkrn dhcp && shell + +LABEL demo + MENU LABEL * iPXE Demonstration + KERNEL ipxe.lkrn dhcp && chain http://boot.ipxe.org/demo/boot.php + +LABEL fdos + MENU LABEL * iPXE FreeDOS over HTTP + KERNEL ipxe.lkrn dhcp && sanboot http://boot.ipxe.org/freedos/fdfullcd.iso diff --git a/resources/exports b/resources/exports new file mode 100644 index 0000000..024220d --- /dev/null +++ b/resources/exports @@ -0,0 +1,11 @@ +# /etc/exports: the access control list for filesystems which may be exported +# to NFS clients. See exports(5). +# +# Example for NFSv2 and NFSv3: +# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check) +# +# Example for NFSv4: +# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check) +# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check) +# +/srv/tftp *(ro,nohide,no_root_squash,no_subtree_check,insecure) diff --git a/resources/lighttpd.conf b/resources/lighttpd.conf new file mode 100644 index 0000000..8839747 --- /dev/null +++ b/resources/lighttpd.conf @@ -0,0 +1,55 @@ +server.modules = ( + "mod_indexfile", + "mod_access", + "mod_alias", + "mod_redirect", +) + +server.document-root = "/srv/tftp" +server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) +server.errorlog = "/var/log/lighttpd/error.log" +server.pid-file = "/run/lighttpd.pid" +server.username = "www-data" +server.groupname = "www-data" +server.port = 80 +dir-listing.activate = "enable" + +# features +#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails +server.feature-flags += ("server.h2proto" => "enable") +server.feature-flags += ("server.h2c" => "enable") +server.feature-flags += ("server.graceful-shutdown-timeout" => 5) +#server.feature-flags += ("server.graceful-restart-bg" => "enable") + +# strict parsing and normalization of URL for consistency and security +# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails +# (might need to explicitly set "url-path-2f-decode" = "disable" +# if a specific application is encoding URLs inside url-path) +server.http-parseopts = ( + "header-strict" => "enable",# default + "host-strict" => "enable",# default + "host-normalize" => "enable",# default + "url-normalize-unreserved"=> "enable",# recommended highly + "url-normalize-required" => "enable",# recommended + "url-ctrls-reject" => "enable",# recommended + "url-path-2f-decode" => "enable",# recommended highly (unless breaks app) + #"url-path-2f-reject" => "enable", + "url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app) + #"url-path-dotseg-reject" => "enable", + #"url-query-20-plus" => "enable",# consistency in query string +) + +index-file.names = ( "index.php", "index.html" ) +url.access-deny = ( "~", ".inc" ) +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) + +# default listening port for IPv6 falls back to the IPv4 port +include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port +include_shell "/usr/share/lighttpd/create-mime.conf.pl" +include "/etc/lighttpd/conf-enabled/*.conf" + +#server.compat-module-load = "disable" +server.modules += ( + "mod_dirlisting", + "mod_staticfile", +) diff --git a/resources/splash.png b/resources/splash.png new file mode 100755 index 0000000..1ea7927 Binary files /dev/null and b/resources/splash.png differ diff --git a/tftp/default b/tftp/default deleted file mode 100755 index 697b5c7..0000000 --- a/tftp/default +++ /dev/null @@ -1,170 +0,0 @@ -rootprompt 0 -path menu/ -default menu/vesamenu.c32 -TIMEOUT 300 - -MENU TITLE OstrachNET PXE Bootservice -MENU BACKGROUND menu/ostnet.png -MENU ROWS 15 -MENU TABMSGROW 20 -MENU TIMEOUTROW 22 - -LABEL disk0 - localboot 0 - MENU LABEL Starte von lokaler Platte (Default) - -label - - MENU LABEL Live-Systeme: -------------------------- - MENU DISABLE - -LABEL knx9g - MENU LABEL * Knoppix 9.1 Live, Grafisch - KERNEL knx9/linux - APPEND nfsdir=192.168.75.3:/srv/knx9 nodhcp lang=de ramdisk_size=100000 init=/sbin/init apm=power-off nomce loglevel=1 initrd=knx9/miniroot.gz libata.force=noncq tz=localtime hpsa.hpsa_allow_any=1 hpsa.hpsa_allow_any=1 BOOT_IMAGE=knoppix - -MENU BEGIN - MENU LABEL * Weitere Optionen... - - LABEL knx9t - MENU LABEL * Knoppix 9.1 Live, Textmode - KERNEL knx9/linux - APPEND nfsdir=192.168.75.3:/srv/knx9 nodhcp lang=de ramdisk_size=100000 init=/sbin/init apm=power-off nomce loglevel=1 initrd=knx9/miniroot.gz libata.force=noncq tz=localtime hpsa.hpsa_allow_any=1 hpsa.hpsa_allow_any=1 BOOT_IMAGE=knoppix 2 - - LABEL slitazfull - MENU LABEL * Slitaz Linux Live, Grafisch - linux slitaz/boot/bzImage - APPEND initrd=slitaz/boot/rootfs4.gz,slitaz/boot/rootfs3.gz,slitaz/boot/rootfs2.gz,slitaz/boot/rootfs1.gz root=/dev/null video=-32 autologin kbd lang=de_DE kmap=de-latin1 tz=Europe/Berlin - - LABEL slitazcore - MENU LABEL * Slitaz Linux Live, minimal - linux slitaz/boot/bzImage - APPEND initrd=slitaz/boot/rootfs4.gz root=/dev/null video=-32 autologin kbd lang=de_DE kmap=de-latin1 tz=Europe/Berlin - - LABEL slitazf - MENU LABEL * Slitaz Linux Floppyimage - kernel menu/memdisk - append initrd=img/floppy-grub4dos - - LABEL zurueck... - MENU EXIT -MENU END - -label - - MENU LABEL Backup & Restore: ---------------------- - MENU DISABLE - -LABEL rescue - MENU LABEL * Rescuezilla Live - kernel rescue/vmlinuz - APPEND initrd=rescue/initrd.lz netboot=nfs root=/dev/nfs ramdisk_size=1500000 ip=dhcp nfsroot=192.168.75.3:/srv/rescue boot=casper locale=de_DE keyboard-configuration/layoutcode=de bootkbd=de console-setup/layoutcode=de quiet - -MENU BEGIN - MENU LABEL * Weitere Optionen... - - LABEL rescue2 - MENU LABEL * Rescuezilla Live Fail-Safe - kernel rescue/vmlinuz - APPEND initrd=rescue/initrd.lz netboot=nfs root=/dev/nfs ramdisk_size=1500000 ip=dhcp nfsroot=192.168.75.3:/srv/rescue boot=casper locale=de_DE keyboard-configuration/layoutcode=de bootkbd=de> xforcevesa nomodeset vga=791 quiet - - LABEL clonei686 - MENU LABEL * Clonezilla Live i686 (Ramdisk) - KERNEL clone/vmlinuz.i686 - APPEND initrd=clone/initrd.i686.img boot=live username=user union=overlay config components noswap edd=on nomodeset nodmraid locales=de_DE.UTF-8 keyboard-layouts=de-latin-1 ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_batch=no net.ifnames=0 nosplash noprompt fetch=tftp://192.168.75.3/clone/filesystem.i686.squashfs quiet - - LABEL clonex64 - MENU LABEL * Clonezilla Live x64 (Ramdisk) - KERNEL clone/vmlinuz.x64 - APPEND initrd=clone/initrd.x64.img boot=live username=user union=overlay config components noswap edd=on nomodeset nodmraid locales=de_DE.UTF-8 keyboard-layouts=de-latin-1 ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_batch=no net.ifnames=0 nosplash noprompt fetch=tftp://192.168.75.3/clone/filesystem.x64.squashfs quiet - - LABEL acr11 - MENU LABEL * Acronis True Image Home 2011 - LINUX menu/memdisk - INITRD acronis/acronis2011.iso - APPEND iso raw - - LABEL acr10 - MENU LABEL * Acronis True Image 2010 - LINUX menu/memdisk - INITRD acronis/acronis2010.iso - APPEND iso raw - - LABEL acr09 - MENU LABEL * Acronis True Image 2009 - LINUX menu/memdisk - INITRD acronis/acronis2009.iso - APPEND iso raw - - LABEL zurueck... - MENU EXIT -MENU END - -label - - MENU LABEL Installer: ------------------------------ - MENU DISABLE - -MENU BEGIN - MENU LABEL * Debian Installer... - - LABEL deb - menu label * Debian 12 Installer 64Bit Textmodus - kernel deb/linux - append vga=788 initrd=deb/initrd.gz --- quiet - - LABEL deb64 - MENU LABEL * Debian 11 Installer 64Bit Textmodus - CONFIG deb/debian-installer/amd64/pxelinux.cfg/default - APPEND deb/ - LABEL deb32 - MENU LABEL * Debian 11 Installer 32Bit Textmodus - CONFIG deb/debian-installer/i386/pxelinux.cfg/default - APPEND deb/ - - LABEL zurueck... - MENU EXIT -MENU END - -label - - MENU LABEL Boot- & System-Tools: -------------------- - MENU DISABLE - - LABEL hdt - MENU LABEL * Hardware Erkennung - COM32 menu/hdt.c32 - - LABEL memtestpl - MENU LABEL * Memtest86+ - kernel img/memtest86+ - -MENU BEGIN - MENU LABEL * Weitere Optionen... - - label sbm - MENU LABEL * Smart Boot Manager - kernel menu/memdisk - append initrd=img/sbm.imz - - LABEL plop - MENU LABEL * PloP Boot Manager - kernel menu/plop.exe - - LABEL memtest - MENU LABEL * Memtest86 - kernel img/memtest86 - - label win98 - MENU LABEL * Windows 98 Bootdisk (DOS 7) - kernel menu/memdisk - append initrd=img/win98.img - - label ether - MENU LABEL * Etherboot - kernel menu/memdisk - append initrd=img/ether.img - - LABEL zurueck... - MENU EXIT -MENU END - -# interessante optionen... -# rescuezilla: APPEND initrd=rescue/initrd.lz boot=live noswap fetch=tftp://192.168.75.3:/rescue/filesystem.squashfs toram --- -