Первая автонастройка и автозахват образа для доменного использования Astra Linux 1.8

new file:   domain_builder_1.8.sh
new file:   prepare_files/admin-helper.bin
new file:   prepare_files/grub_default.conf
new file:   prepare_files/krb5.conf
new file:   prepare_files/skel_profile.conf
new file:   prepare_files/sssd.conf

prepare_files/grub_default.conf

@@ -0,0 +1,10 @@
+GRUB_TIMEOUT=1
+GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
+GRUB_CMDLINE_LINUX_DEFAULT="quiet splash parsec.mac=0 parsec.max_ilev=63"
+GRUB_CMDLINE_LINUX=""
+GRUB_CMDLINE_LINUX_HARDENED="slub_debug=P page_poison=1 slab_nomerge pti=on user.max_user_namespaces=0 kernel.kptr_restrict=1 vsyscall=none"
+GRUB_GFXMODE=1024x768
+GRUB_DISABLE_RECOVERY="true"
+GRUB_DISABLE_SUBMENU=y
+GRUB_DEFAULT=gnulinux-6.1.158-1-generic-advanced-ccd7a7eb-1ae9-4832-88be-6d02deda01bc
+GRUB_DISABLE_OS_PROBER=True

prepare_files/krb5.conf

@@ -0,0 +1,33 @@
+[libdefaults]
+    default_realm = GK.ROSATOM.LOCAL
+    default_ccache_name = FILE:/tmp/krb5cc_%{uid}
+    kdc_timesync = 1
+    ccache_type = 4
+    forwardable = true
+    proxiable = true
+    fcc-mit-ticketflags = true
+    dns_lookup_realm = false
+    dns_lookup_kdc = true
+    v4_instance_resolve = false
+    v4_name_convert = {
+        host = {
+            rcmd = host
+            ftp = ftp
+        }
+        plain = {
+            something = something-else
+        }
+    }
+    rdns = false
+
+[realms]
+    GK.ROSATOM.LOCAL = {
+    default_domain = GK.ROSATOM.LOCAL 
+    }
+
+[domain_realm]
+    .gk.rosatom.local = GK.ROSATOM.LOCAL
+    gk.rosatom.local = GK.ROSATOM.LOCAL
+[login]
+    krb4_convert = true
+    krb4_get_tickets = false

prepare_files/skel_profile.conf

@@ -0,0 +1,46 @@
+if [ -n "$BASH_VERSION" ]; then
+    # include .bashrc if it exists
+    if [ -f "$HOME/.bashrc" ]; then
+        . "$HOME/.bashrc"
+    fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+    PATH="$HOME/bin:$PATH"
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/.local/bin" ] ; then
+    PATH="$HOME/.local/bin:$PATH"
+fi
+
+if [ -n "$DISPLAY" ] && [ -z "$GNOME_KEYRING_CONTROL" ]; then
+    KEYRING_DIR="$HOME/.local/share/keyrings"
+    LOGIN_KEYRING="$KEYRING_DIR/login.keyring"
+
+    if [ ! -f "$LOGIN_KEYRING" ]; then
+        # Создаем директорию
+        mkdir -p "$KEYRING_DIR"
+
+        # Создаем минимальный ключ-ринг
+        cat > "$LOGIN_KEYRING" << 'EOF'
+[keyring]
+display-name=Вход
+ctime=$TIMESTAMP
+mtime=$TIMESTAMP
+lock-on-idle=false
+lock-after=false
+EOF
+
+        # Заменяем timestamp
+        sed -i "s/TIMESTAMP/$(date +%s)/g" "$LOGIN_KEYRING"
+    fi
+
+    # Экспортируем переменные
+    export GNOME_KEYRING_CONTROL="$XDG_RUNTIME_DIR/keyring"
+    export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/keyring/ssh"
+
+    # Запускаем daemon
+    gnome-keyring-daemon --start --components=secrets >/dev/null 2>&1 &
+fi

prepare_files/sssd.conf

@@ -0,0 +1,29 @@
+[sssd]
+domains = gk.rosatom.local
+config_file_version = 2
+services = nss, pam, ifp
+default_domain_suffix = gk.rosatom.local
+
+[domain/]
+ad_domain = gk.rosatom.local
+krb5_realm = GK.ROSATOM.LOCAL
+realmd_tags = manages-system joined-with-adcli 
+cache_credentials = True
+id_provider = ad
+krb5_store_password_if_offline = True
+default_shell = /bin/bash
+ldap_id_mapping = True
+use_fully_qualified_names = True
+fallback_homedir = /home/%d/%u
+access_provider = ad
+ad_gpo_access_control = disabled
+ignore_group_members = True
+krb5_auth_timeout = 20
+case_sensitive = false
+dyndns_update = true
+dyndns_refresh_interval = 43200
+dyndns_update_ptr = true
+dyndns_ttl = 3600
+
+[pam]
+pam_id_timeout = 20