Option to disable rsyslog and improvements (also security)

- Introduce chroot_exec function
- Allow choosing custom kernel
- Install raspberrypi-bootloader-nokernel package instead of getting firmware
  with wget
- Option to disable rsyslog and use only journald
- [SECURITY] ensure ssh host keys are generated on first boot
- allow control if default user is created
- allow control of root ssh login

1 files changed, 14 insertions, 0 deletions

diff --git a/README.md b/README.md
index 912c7ce..998c534 100644
--- a/README.md
+++ b/README.md
@@ -87,6 +87,10 @@ Enable IPv6 support. The network interface configuration is managed via systemd-
 ##### `ENABLE_SSHD`=true
 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
 
+##### `ENABLE_RSYSLOG`=true
+If set to false, disable and uninstall rsyslog (so logs will be available only
+in journal files)
+
 ##### `ENABLE_SOUND`=true
 Enable sound hardware and install Advanced Linux Sound Architecture.
 
@@ -118,6 +122,16 @@ Install and enable the hardware accelerated Xorg video driver `fbturbo`. Please
 ##### `ENABLE_IPTABLES`=false
 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
 
+##### `ENABLE_USER`=true
+Create pi user with password raspberry
+
+##### `ENABLE_ROOT`=true
+Set root user password so root login will be enabled
+
+##### `ENABLE_ROOT_SSH`=true
+Enable password root login via SSH. May be a security risk with default
+password, use only in trusted environments.
+
 ##### `ENABLE_HARDNET`=false
 Enable IPv4/IPv6 network stack hardening settings.