Implement audit enrichments, TUI workflows, and production ISO scaffold

iso/builder/genapkovl-bee.sh

@@ -0,0 +1,82 @@
+#!/bin/sh -e
+HOSTNAME="$1"
+[ -n "$HOSTNAME" ] || { echo "usage: $0 hostname"; exit 1; }
+OVERLAY="${BEE_OVERLAY_DIR}"
+[ -n "$OVERLAY" ] || { echo "ERROR: BEE_OVERLAY_DIR not set"; exit 1; }
+
+cleanup() { rm -rf "$tmp"; }
+tmp="$(mktemp -d)"
+trap cleanup EXIT
+
+makefile() { OWNER="$1" PERMS="$2" FILENAME="$3"; cat > "$FILENAME"; chown "$OWNER" "$FILENAME"; chmod "$PERMS" "$FILENAME"; }
+rc_add() { mkdir -p "$tmp/etc/runlevels/$2"; ln -sf /etc/init.d/"$1" "$tmp/etc/runlevels/$2/$1"; }
+
+mkdir -p "$tmp/etc"
+makefile root:root 0644 "$tmp/etc/hostname" <<EOT
+$HOSTNAME
+EOT
+
+mkdir -p "$tmp/etc/network"
+makefile root:root 0644 "$tmp/etc/network/interfaces" <<EOT
+auto lo
+iface lo inet loopback
+EOT
+
+mkdir -p "$tmp/etc/apk"
+makefile root:root 0644 "$tmp/etc/apk/world" <<EOT
+alpine-base
+dmidecode
+smartmontools
+nvme-cli
+pciutils
+ipmitool
+util-linux
+lsblk
+e2fsprogs
+lshw
+openrc
+ca-certificates
+tzdata
+jq
+wget
+EOT
+
+rc_add devfs sysinit
+rc_add dmesg sysinit
+rc_add mdev sysinit
+rc_add hwdrivers sysinit
+rc_add modloop sysinit
+
+rc_add hwclock boot
+rc_add modules boot
+rc_add sysctl boot
+rc_add hostname boot
+rc_add bootmisc boot
+rc_add syslog boot
+
+rc_add mount-ro shutdown
+rc_add killprocs shutdown
+rc_add savecache shutdown
+
+rc_add bee-network default
+rc_add bee-update default
+rc_add bee-nvidia default
+rc_add bee-audit default
+
+if [ -d "$OVERLAY/etc" ]; then
+    cp -r "$OVERLAY/etc/." "$tmp/etc/"
+    chmod +x "$tmp/etc/init.d/"* 2>/dev/null || true
+fi
+
+mkdir -p "$tmp/usr"
+if [ -d "$OVERLAY/usr" ]; then
+    cp -r "$OVERLAY/usr/." "$tmp/usr/"
+    chmod +x "$tmp/usr/local/bin/"* 2>/dev/null || true
+fi
+
+if [ -d "$OVERLAY/lib" ]; then
+    mkdir -p "$tmp/lib"
+    cp -r "$OVERLAY/lib/." "$tmp/lib/"
+fi
+
+tar -c -C "$tmp" etc usr lib 2>/dev/null | gzip -9n > "$HOSTNAME.apkovl.tar.gz"