Read-Only filesytem for Raspbian Lite

piconfig/readonly.sh

@@ -0,0 +1,46 @@
+apt remove -y --purge triggerhappy logrotate dphys-swapfile cron
+apt autoremove -y --purge
+apt install -y busybox-syslogd
+# dpkg --purge rsyslog
+apt remove -y --purge rsyslog
+echo -n "fastboot noswap ro" >>/boot/cmdline.txt
+rm -rf /var/lib/dhcp/ /var/run /var/spool /var/lock /etc/resolv.conf
+ln -s /tmp /var/lib/dhcp
+ln -s /tmp /var/run
+ln -s /tmp /var/spool
+ln -s /tmp /var/lock
+touch /tmp/dhcpcd.resolv.conf; ln -s /tmp/dhcpcd.resolv.conf /etc/resolv.conf
+rm /var/lib/systemd/random-seed
+ln -s /tmp/random-seed /var/lib/systemd/random-seed
+sed -i /lib/systemd/system/systemd-random-seed.service 's#ExecStart=/lib/systemd/systemd-random-seed load#ExecStartPre=/bin/echo "" >/tmp/random-seed\nExecStart=/lib/systemd/systemd-random-seed load#'
+systemctl daemon-reload
+insserv -r bootlogs
+insserv -r console-setup
+sed -i /etc/fstab 's#\(.*PARTUUID.*defaults\)\(.*\)#\1,ro\2#'
+cat <<EOT >>/etc/fstab
+ 
+tmpfs           /tmp            tmpfs   nosuid,nodev         0       0
+tmpfs           /var/log        tmpfs   nosuid,nodev         0       0
+tmpfs           /var/tmp        tmpfs   nosuid,nodev         0       0
+EOT
+
+cat <<EOT >>/etc/bash.bashrc
+# set variable identifying the filesystem you work in (used in the prompt below)
+set_bash_prompt(){
+    fs_mode=$(mount | sed -n -e "s/^\/dev\/.* on \/ .*(\(r[w|o]\).*/\1/p")
+    PS1='\[\033[01;32m\]\u@\h${fs_mode:+($fs_mode)}\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+}
+ 
+alias ro='sudo mount -o remount,ro / ; sudo mount -o remount,ro /boot'
+alias rw='sudo mount -o remount,rw / ; sudo mount -o remount,rw /boot'
+ 
+# setup fancy prompt"
+PROMPT_COMMAND=set_bash_prompt
+EOT
+
+cat <<EOT >>/etc/bash.bash_logout
+mount -o remount,rw /
+history -a
+mount -o remount,ro /
+mount -o remount,ro /boot
+EOT