-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathbootstrap.sh
More file actions
177 lines (157 loc) · 5.02 KB
/
bootstrap.sh
File metadata and controls
177 lines (157 loc) · 5.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
#!/bin/bash
#########################
#### USER EDITABLE ######
#########################
# You should hardcode the base URL for your raw repository files. Set the value
# of REPO_RAW_URL to your fork, replacing the `authorized_keys` file with your own.
# i.e., "https://raw.githubusercontent.com/<GH_USER>/<GH_REPO>/<GH_BRANCH>"
REPO_RAW_URL="https://git.krislamo.org/kris/bootstrap/raw/branch/main"
AUTH_KEY_FILE="/authorized_keys"
# Optional debianzfs install script, accessed with -z
DEBIANZFS="https://git.krislamo.org/kris/debianzfs/raw/branch/main/debianzfs.sh"
DEBIANZFS_BIN="/usr/local/bin/debianzfs"
##############################
######## STOP EDITING ########
##############################
# Root required
if [ $EUID -ne 0 ]; then
echo "You must run this script as root"
exit 1
fi
# Clean environment
unset BOOT_CYCLE
unset CDROM_REMOVE
unset ENABLE_SSH
unset FIELD_IP_INDEX
unset GATEWAY_IP
unset NEW_HOSTNAME
unset IP
unset QRCODE_SSH
unset LIVECD
unset REPO
unset SSH_INSTALL
unset TELNUM
unset UPDATE_SYSTEM
unset ZFSINSTALL
unset DATE
unset CUR_HOSTNAME
unset SSH_PUB_KEY
unset SSH_FINGERPRINT
unset MACHINE_IP
unset MESSAGE
unset TEXT_MESSAGE
# Options
while getopts ':bcefg:h:i:lqr:st:uz' OPTION; do
case "$OPTION" in
b) BOOT_CYCLE="true";;
c) CDROM_REMOVE="true";;
e) ENABLE_SSH="true";;
f) FIELD_IP_INDEX="$OPTARG";;
g) GATEWAY_IP="$OPTARG";;
h) NEW_HOSTNAME="$OPTARG";;
i) IP="$OPTARG";;
l) LIVECD="true";;
q) QRCODE_SSH="true";;
r) REPO="$OPTARG";;
s) SSH_INSTALL="true";;
t) TELNUM="$OPTARG";;
u) UPDATE_SYSTEM="true";;
z) ZFSINSTALL="true";;
?)
echo "ERROR: Option not recognized"
exit 1;;
esac
done
# Use Live session settings
if [ "$LIVECD" == "true" ]; then
CDROM_REMOVE="true"
ENABLE_SSH="true"
QRCODE_SSH="true"
SSH_INSTALL="true"
UPDATE_SYSTEM="true"
fi
# Allow override but use default repo if not set
[ -z "$REPO" ] && REPO="$REPO_RAW_URL"
# Get current date and hostname
DATE=$(date '+%Y%m%d')
CUR_HOSTNAME=$(hostname)
# Remove CD sources from sources list
if [ "$CDROM_REMOVE" == "true" ]; then
echo "NOTICE: Backing up /etc/apt/sources.list => /etc/apt/sources.list.$DATE"
sed -i."$DATE" '/deb cdrom/d' /etc/apt/sources.list
fi
# Upgrade system software
if [ "$UPDATE_SYSTEM" == "true" ]; then
echo "NOTICE: Upgrading system"
apt-get update
apt-get upgrade -y
fi
# If IP is set, backup interfaces and configure static IP
if [ -n "$IP" ]; then
if [ -z "$GATEWAY_IP" ]; then
echo "ERROR: IP set without a GATEWAY address. See option -g"
exit 1
fi
echo "NOTICE: Backing up network interfaces file and installing a new static one"
sed -i."$DATE" "s/dhcp/static/g" /etc/network/interfaces
if ! grep -q "address" /etc/network/interfaces; then
echo " address $IP" >> /etc/network/interfaces
echo " gateway $GATEWAY_IP" >> /etc/network/interfaces
else
echo "ERROR: Address already set"
exit 1
fi
fi
# If NEW_HOSTNAME is set, configure new hostname and backup /etc/hosts
if [ -n "$NEW_HOSTNAME" ]; then
hostnamectl set-hostname "$NEW_HOSTNAME"
echo "NOTICE: Backing up /etc/hosts and setting new hostname to '$NEW_HOSTNAME'"
sed -i."$DATE" "s/$CUR_HOSTNAME/$NEW_HOSTNAME/g" /etc/hosts
fi
# Install personal SSH keys under root and install the OpenSSH server
if [ "$SSH_INSTALL" == "true" ]; then
# Does authorized_keys file already exist?
if [ -f /root/.ssh/authorized_keys ]; then
echo "ERROR: /root/.ssh/authorized_keys file already exists"
exit 1
fi
echo "NOTICE: Installing root's authorized_keys and the OpenSSH server"
mkdir -p /root/.ssh/
chmod 700 /root/.ssh/
wget "${REPO}${AUTH_KEY_FILE}" -O /root/.ssh/authorized_keys
chmod 644 /root/.ssh/authorized_keys
apt-get install openssh-server -y
if [ "$ENABLE_SSH" == "true" ]; then
echo "NOTICE: Enabling the OpenSSH server"
systemctl start ssh
fi
fi
# Download DebianZFS script
if [ "$ZFSINSTALL" == "true" ]; then
echo "NOTICE: Installing DebianZFS installation script"
wget "$DEBIANZFS" -O "$DEBIANZFS_BIN"
chmod u+x "$DEBIANZFS_BIN"
fi
# Restart or show SSH ECDSA public key fingerprint and IP addresses
if [ "$BOOT_CYCLE" == "true" ]; then
echo "NOTICE: Restarting the machine in 10 seconds..."
sleep 9
echo "NOTICE: Restarting!"
sleep 1
systemctl reboot
elif [ "$SSH_INSTALL" == "true" ] && [ "$ENABLE_SSH" == "true" ]; then
SSH_PUB_KEY="$(ssh-keyscan localhost 2>/dev/null | grep "ecdsa" | cut -f2- -d' ')"
SSH_FINGERPRINT="$(ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub | awk '{print $2}')"
[ -z "$FIELD_IP_INDEX" ] && FIELD_IP_INDEX=1
MACHINE_IP="$(hostname -I | cut -f"${FIELD_IP_INDEX}" -d' ')"
MESSAGE="SSH ECDSA KEY: $SSH_FINGERPRINT and IPs: $MACHINE_IP"
# Show QR code with a copy and paste secure and verified login script
if [ "$QRCODE_SSH" == "true" ]; then
apt-get update
apt-get install -y qrencode
[ -z "$TELNUM" ] && read -r -p "Enter SMS number (for QR code): " TELNUM
TEXT_MESSAGE="TF=\$(mktemp) && echo \"${MACHINE_IP} ${SSH_PUB_KEY}\" > \"\$TF\" && ssh -o \"UserKnownHostsFile \$TF\" root@${MACHINE_IP} && rm \"\$TF\""
qrencode -t ASCII "smsto:$TELNUM:$TEXT_MESSAGE"
fi
echo "$MESSAGE"
fi