From 24061801956123bdb509c8d01941a6812cc91907 Mon Sep 17 00:00:00 2001 From: MatMoul Date: Sun, 19 Nov 2023 20:28:09 +0100 Subject: [PATCH] Add Ubuntu scripts --- ubuntu-20.04/apps/bind9/bind9.sh | 10 + ubuntu-20.04/apps/iperf3/iperf3.sh | 10 + .../apps/zimbra-10-zpush/zimbra-10-zpush.sh | 197 ++++++++++++ ubuntu-20.04/apps/zimbra-10/zimbra-10.sh | 66 ++++ ubuntu-20.04/files/alias.sh | 11 + ubuntu-20.04/files/issue | 21 ++ ubuntu-20.04/files/ps1.sh | 5 + ubuntu-20.04/files/rules.v4 | 13 + ubuntu-20.04/files/rules.v6 | 7 + ubuntu-20.04/init.sh | 304 ++++++++++++++++++ ubuntu.sh | 32 ++ 11 files changed, 676 insertions(+) create mode 100644 ubuntu-20.04/apps/bind9/bind9.sh create mode 100644 ubuntu-20.04/apps/iperf3/iperf3.sh create mode 100644 ubuntu-20.04/apps/zimbra-10-zpush/zimbra-10-zpush.sh create mode 100644 ubuntu-20.04/apps/zimbra-10/zimbra-10.sh create mode 100644 ubuntu-20.04/files/alias.sh create mode 100644 ubuntu-20.04/files/issue create mode 100644 ubuntu-20.04/files/ps1.sh create mode 100644 ubuntu-20.04/files/rules.v4 create mode 100644 ubuntu-20.04/files/rules.v6 create mode 100644 ubuntu-20.04/init.sh create mode 100644 ubuntu.sh diff --git a/ubuntu-20.04/apps/bind9/bind9.sh b/ubuntu-20.04/apps/bind9/bind9.sh new file mode 100644 index 0000000..6a1bbc6 --- /dev/null +++ b/ubuntu-20.04/apps/bind9/bind9.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +apt install -y bind9 + +if [ -f "/etc/iptables/rules.v4" ]; then + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4 + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4 + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # DNS' /etc/iptables/rules.v4 + iptables-restore /etc/iptables/rules.v4 +fi diff --git a/ubuntu-20.04/apps/iperf3/iperf3.sh b/ubuntu-20.04/apps/iperf3/iperf3.sh new file mode 100644 index 0000000..78ee00e --- /dev/null +++ b/ubuntu-20.04/apps/iperf3/iperf3.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +apt install -y iperf3 + +if [ -f "/etc/iptables/rules.v4" ]; then + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4 + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4 + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # IPERF' /etc/iptables/rules.v4 + iptables-restore /etc/iptables/rules.v4 +fi diff --git a/ubuntu-20.04/apps/zimbra-10-zpush/zimbra-10-zpush.sh b/ubuntu-20.04/apps/zimbra-10-zpush/zimbra-10-zpush.sh new file mode 100644 index 0000000..a8483f9 --- /dev/null +++ b/ubuntu-20.04/apps/zimbra-10-zpush/zimbra-10-zpush.sh @@ -0,0 +1,197 @@ +#!/bin/bash + +ZPUSHVER="2.7.1" +ZPUSHVER=$(whiptail --title "Z-Push version" --inputbox "" 0 30 "${ZPUSHVER}" 3>&1 1>&2 2>&3) +TIMEZONE="Europe\/Zurich" +TIMEZONE=$(whiptail --title "Default timezone" --inputbox "" 0 30 "${TIMEZONE}" 3>&1 1>&2 2>&3) +BACKENDVER=71 +BACKENDVER=$(whiptail --title "Backend version" --inputbox "" 0 30 "${BACKENDVER}" 3>&1 1>&2 2>&3) +ZIMBRAURL="https://test.mbx.netm.ch" +ZIMBRAURL=$(whiptail --title "Zimbra URL" --inputbox "" 0 30 "${ZIMBRAURL}" 3>&1 1>&2 2>&3) +APACHE2PORT=4433 +APACHE2PORT=$(whiptail --title "Apache SSL Port" --inputbox "" 0 30 "${APACHE2PORT}" 3>&1 1>&2 2>&3) + +main() { + inst_dep + inst_z-push "${ZPUSHVER}" "${TIMEZONE}" + inst_z-push-update + inst_z-push-backend "${BACKENDVER}" "${ZIMBRAURL}" + inst_z-push-backend-update + conf_apache2 + conf_logrotate +} + +inst_dep() { + apt -y install php php-cli php-soap php-mbstring php-curl php-intl php-fpm + mkdir /var/lib/z-push + mkdir /var/log/z-push + mkdir /var/www/z-push +} + +inst_z-push() { # $1=version $2=timezone + cd || exit 1 + wget -O z-push.tar.gz https://github.com/Z-Hub/Z-Push/archive/refs/tags/"${1}".tar.gz + tar xzvf z-push.tar.gz + cp -r Z-Push-"${1}"/src/* /var/www/z-push + rm z-push.tar.gz + rm -r Z-Push-"${1}" + # Config + sed -i "s/'TIMEZONE', ''/'TIMEZONE', '${2}'/" /var/www/z-push/config.php + sed -i "s/'BACKEND_PROVIDER', ''/'BACKEND_PROVIDER', 'BackendZimbra'/" /var/www/z-push/config.php +} + +inst_z-push-update() { + cat << 'EOF' > /usr/local/bin/mtm-zpushupdate +show_help() { + echo "mtm-zpushupdate version" + echo "" + echo "Example :" + echo "mtm-zpushupdate 2.7.1" + echo "Look at :" + echo "https://github.com/Z-Hub/Z-Push/releases" +} + +if [ "${1}" == "" ]; then + show_help + exit 1 +fi + +cd || exit 1 +wget -O z-push.tar.gz https://github.com/Z-Hub/Z-Push/archive/refs/tags/"${1}".tar.gz +tar xzvf z-push.tar.gz +mv /var/www/z-push /var/www/z-push.upd +mkdir /var/www/z-push +cp -r Z-Push-"${1}"/src/* /var/www/z-push +mv /var/www/z-push/config.php /var/www/z-push/config.php.new +mv /var/www/z-push.upd/config.php /var/www/z-push/ +mv /var/www/z-push.upd/backend/zimbra /var/www/z-push/backend/ +# chown -R www-data:www-data /var/www/z-push +systemctl restart apache2.service +rm -r /var/www/z-push.upd +rm z-push.tar.gz +rm -r Z-Push-"${1}" +diff /var/www/z-push/config.php /var/www/z-push/config.php.new +EOF + chmod 755 /usr/local/bin/mtm-zpushupdate +} + +inst_z-push-backend() { # $1=version $2=zimbraurl + cd || exit 1 + wget https://sourceforge.net/projects/zimbrabackend/files/Release"${1}"/zimbra"${1}".tgz/download + tar -xf download + cp -r zimbra"${1}" /var/www/z-push/backend/zimbra + rm download + rm -r zimbra"${1}" + # Config + sed -i "/define('ZIMBRA_URL', 'https:\/\/127.0.0.1');/a \ define('ZIMBRA_URL', '${2}');" /var/www/z-push/backend/zimbra/config.php +} + +inst_z-push-backend-update() { + cat << 'EOF' > /usr/local/bin/mtm-zpushbackendupdate +show_help() { + echo "mtm-zpushbackendupdate version" + echo "" + echo "Example :" + echo "mtm-zpushbackendupdate 71" + echo "Look at :" + echo "https://sourceforge.net/projects/zimbrabackend/files" +} + +if [ "${1}" == "" ]; then + show_help + exit 1 +fi + +cd || exit 1 +wget https://sourceforge.net/projects/zimbrabackend/files/Release"${1}"/zimbra"${1}".tgz/download +tar -xf download +mv /var/www/z-push/backend/zimbra /var/www/z-push/backend/zimbra.upd +cp -r zimbra"${1}" /var/www/z-push/backend/zimbra +mv /var/www/z-push/backend/zimbra/config.php /var/www/z-push/backend/zimbra/config.php.new +mv /var/www/z-push/backend/zimbra.upd/config.php /var/www/z-push/backend/zimbra/config.php +# chown -R www-data:www-data /var/www/z-push/backend/zimbra +systemctl restart apache2.service +rm -r /var/www/z-push/backend/zimbra.upd +rm download +rm -r zimbra"${1}" +diff /var/www/z-push/backend/zimbra/config.php /var/www/z-push/backend/zimbra/config.php.new +EOF + chmod 755 /usr/local/bin/mtm-zpushbackendupdate +} + +conf_apache2() { + chown -R www-data:www-data /var/lib/z-push + chown -R www-data:www-data /var/log/z-push + # chown -R www-data:www-data /var/www/z-push + a2dissite 000-default.conf + a2enmod ssl + a2enmod proxy_fcgi setenvif + a2enconf php7.4-fpm + + cat << EOF > /etc/apache2/ports.conf + + Listen ${APACHE2PORT} + + + Listen ${APACHE2PORT} + +EOF + + cat << EOF > /etc/apache2/sites-available/z-push.conf + + + ServerAdmin admin@mtm.lan + ServerName 127.0.0.1 + + # Indexes + Directory Root. + DirectoryIndex index.php + DocumentRoot /var/www/z-push/ + Alias /Microsoft-Server-ActiveSync /var/www/z-push/index.php + AliasMatch (?i)/Autodiscover/Autodiscover.xml /var/www/z-push/autodiscover/autodiscover.php + + + Require all granted + #AllowOverride None + + + php_flag magic_quotes_gpc off + php_flag register_globals off + php_flag magic_quotes_runtime off + php_flag short_open_tag on + + # Logfiles + ErrorLog /var/log/z-push/error.log + CustomLog /var/log/z-push/access.log combined + + # SSL + SSLEngine on + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key + + +EOF + a2ensite z-push.conf + systemctl restart apache2.service +} + +conf_logrotate() { + cat << EOF > /etc/logrotate.d/z-push +/var/log/z-push/*.log { + daily + missingok + rotate 14 + compress + delaycompress + notifempty +} +EOF +} + +main + +# iptables +if [ -f "/etc/iptables/rules.v4" ]; then + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport '"${APACHE2PORT}"' -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4 + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # Z-PUSH' /etc/iptables/rules.v4 + iptables-restore /etc/iptables/rules.v4 +fi diff --git a/ubuntu-20.04/apps/zimbra-10/zimbra-10.sh b/ubuntu-20.04/apps/zimbra-10/zimbra-10.sh new file mode 100644 index 0000000..1e712fe --- /dev/null +++ b/ubuntu-20.04/apps/zimbra-10/zimbra-10.sh @@ -0,0 +1,66 @@ +#!/bin/bash + +MTMZMBUILDER="http://127.0.0.1" +MTMZMBUILDER=$(whiptail --title "ZM Builder URL" --inputbox "" 0 30 "${MTMZMBUILDER}" 3>&1 1>&2 2>&3) +ZIMBRAVER=10.0.5 +ZIMBRAVER=$(whiptail --title "Zimbra version" --inputbox "" 0 30 "${ZIMBRAVER}" 3>&1 1>&2 2>&3) + +DNSIP=$(grep "nameserver " /etc/resolv.conf | awk -F ' ' '{print $2}') +FQDN=$(hostname -A) + +apt -y remove postfix +apt -y autoremove + +mkdir v"${ZIMBRAVER}" +cd v"${ZIMBRAVER}" || exit 1 +wget "${MTMZMBUILDER}"/zcs-"${ZIMBRAVER}".tgz +tar xf zcs-*.tgz +cd "$(ls -d ./*/)" || exit 1 +systemctl disable systemd-resolved.service +systemctl stop systemd-resolved.service +./install.sh +cd || exit 1 +sed -i "s/127.0.0.1/${DNSIP}/" /etc/resolv.conf +sudo -u zimbra bash -c "/opt/zimbra/bin/zmprov mcf zimbraPublicServiceHostname ${FQDN}" +sudo -u zimbra bash -c "/opt/zimbra/bin/zmprov mcf zimbraPublicServicePort 443" + +cat << 'EOF' > /usr/local/bin/mtm-zmupdate +#!/bin/bash +MTMZMBUILDER=${1} +ZIMBRAVER=${2} + +show_help() { + echo "mtm-zmupdate zmbuilder zmversion" + echo "" + echo "Example :" + echo "mtm-zmupdate https://x.x.x.x 10.0.5" +} + +if [ "${MTMZMBUILDER}" == "" ] || [ "${ZIMBRAVER}" == "" ]; then + show_help + exit 1 +fi + +cd || exit 1 +mkdir v"${ZIMBRAVER}" +cd v"${ZIMBRAVER}" || exit 1 +wget "${MTMZMBUILDER}"/zcs-"${ZIMBRAVER}".tgz +tar xf zcs-*.tgz +cd "$(ls -d ./*/)" || exit 1 +./install.sh + +cd || exit 1 +EOF +chmod 755 /usr/local/bin/mtm-zmupdate + +apt update +apt -y dist-upgrade + +if [ -f "/etc/iptables/rules.v4" ]; then + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4 + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 7071 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4 + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4 + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4 + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # ZIMBRA' /etc/iptables/rules.v4 + iptables-restore /etc/iptables/rules.v4 +fi diff --git a/ubuntu-20.04/files/alias.sh b/ubuntu-20.04/files/alias.sh new file mode 100644 index 0000000..43d610f --- /dev/null +++ b/ubuntu-20.04/files/alias.sh @@ -0,0 +1,11 @@ +alias ls='ls --color=auto -hl --time-style long-iso' +alias l='ls --color=auto -hlA --time-style long-iso' +alias ll='ls --color=auto -hla --time-style long-iso' +alias cd..='cd ..' +alias ff='find / -name' +alias f='find . -name' +alias fif='grep -rnw . -e' +alias grep='grep --color=auto' +alias ip='ip -c' +alias vdir='vdir --color=auto' +alias watch='watch --color' diff --git a/ubuntu-20.04/files/issue b/ubuntu-20.04/files/issue new file mode 100644 index 0000000..eb49462 --- /dev/null +++ b/ubuntu-20.04/files/issue @@ -0,0 +1,21 @@ +\v \r \l + + .o oOOOOOOOo OOOo + Ob.OOOOOOOo OOOo. oOOo. .adOOOOOOO + OboO"""""""""""".OOo. .oOOOOOo. OOOo.oOOOOOo.."""""""""'OO + OOP.oOOOOOOOOOOO "POOOOOOOOOOOo. `"OOOOOOOOOP,OOOOOOOOOOOB' + `O'OOOO' `OOOOo"OOOOOOOOOOO` .adOOOOOOOOO"oOOO' `OOOOo + .OOOO' `OOOOOOOOOOOOOOOOOOOOOOOOOO' `OO + OOOOO '"OOOOOOOOOOOOOOOO"` oOO + oOOOOOba. .adOOOOOOOOOOba .adOOOOo. + oOOOOOOOOOOOOOba. .adOOOOOOOOOO@^OOOOOOOba. .adOOOOOOOOOOOO + OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO"` '"OOOOOOOOOOOOO.OOOOOOOOOOOOOO + "OOOO" "YOoOOOOMOIONODOO"` . '"OOROAOPOEOOOoOY" "OOO" + Y 'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?' :` + : .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO? . + . oOOP"%OOOOOOOOoOOOOOOO?oOOOOO?OOOO"OOo + '%o OOOO"%OOOO%"%OOOOO"OOOOOO"OOO': + `$" `OOOO' `O"Y ' `OOOO' o . + . . OP" : o . + : + . diff --git a/ubuntu-20.04/files/ps1.sh b/ubuntu-20.04/files/ps1.sh new file mode 100644 index 0000000..b2e5b29 --- /dev/null +++ b/ubuntu-20.04/files/ps1.sh @@ -0,0 +1,5 @@ +clrreset='\e[0m' +clrwhite='\e[1;37m' +clrgreen='\e[1;32m' +clrred='\e[1;31m' +export PS1="\[$clrred\][$USER@$HOSTNAME]\[$clrwhite\] \w \`if [ \$? = 0 ]; then echo -e '\[$clrgreen\]'; else echo -e '\[$clrred\]'; fi\`\\$ \[$clrreset\]" diff --git a/ubuntu-20.04/files/rules.v4 b/ubuntu-20.04/files/rules.v4 new file mode 100644 index 0000000..7336aaf --- /dev/null +++ b/ubuntu-20.04/files/rules.v4 @@ -0,0 +1,13 @@ +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -i lo -j ACCEPT +# Ping +-A INPUT -p icmp -j ACCEPT +# SSH +-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT +# SNMPD +-A INPUT -p udp -m udp --dport 161 -m state --state NEW -j ACCEPT +COMMIT diff --git a/ubuntu-20.04/files/rules.v6 b/ubuntu-20.04/files/rules.v6 new file mode 100644 index 0000000..0bf819a --- /dev/null +++ b/ubuntu-20.04/files/rules.v6 @@ -0,0 +1,7 @@ +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -i lo -j ACCEPT +COMMIT diff --git a/ubuntu-20.04/init.sh b/ubuntu-20.04/init.sh new file mode 100644 index 0000000..01840ea --- /dev/null +++ b/ubuntu-20.04/init.sh @@ -0,0 +1,304 @@ +#!/bin/bash + +declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main +declare DIR_URL=ubuntu-20.04 +declare IPV4=127.0.0.1 +declare ISLXC=0 + +showHelp() { + echo "init.sh" + echo "" + echo "use :" + echo "bash init.sh [options]" + echo " -b | --base-url url" +} + +InitConst() { + IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /) + + grep -q -v -a lxc /proc/1/environ + ISLXC=$? +} + +Main() { + InitConst + if [[ ${ISLXC} == 0 ]]; then + NetSetHostname + NetIPConfig + else + APTCleanupLXCPackage + fi + NetCleanUpSystemdResolved + APTSetProxy + APTUpdateDist + APTInstallBase + APTCleanAll + BashSetAlias + BashSetPS + BashRMbashrc + NanoSetConfig + IssueSetContent + SSHEnableRootLogin + GrubSetConfig + InstApps + Reboot +} + +NetSetHostname() { + hostname=$(hostname) + hostname=$(whiptail --title "Hostname + Domain" --inputbox "" 0 30 "${hostname}" 3>&1 1>&2 2>&3) + # shellcheck disable=SC2181 + if [ "$?" = "0" ] && [ "${hostname}" != "" ]; then + hostnamectl set-hostname "${hostname}" + fi +} +NetIPConfig() { + options=() + options+=("DHCP" "") + options+=("Static" "") + sel=$(whiptail --title "Network" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3) + # shellcheck disable=SC2181 + if [ "$?" = "0" ]; then + case ${sel} in + "Static") NetIPConfigStatic;; + esac + fi +} +NetIPConfigStatic() { + netif="$(ip a | grep ens | head -n1 | cut -d: -f2)" + netif=${netif:1} + netip="${IPV4}" + netmask="255.255.255.0" + netgw="$(echo "${IPV4}" | cut -d. -f1-3).1" + netdns="$(echo "${IPV4}" | cut -d. -f1-3).1" + netip=$(whiptail --title "Network" --inputbox "IP" 0 30 "${netip}" 3>&1 1>&2 2>&3) + # shellcheck disable=SC2181 + if [ "$?" = "0" ] && [ "${netip}" != "" ]; then + netmask=$(whiptail --title "Network" --inputbox "Mask" 0 30 "${netmask}" 3>&1 1>&2 2>&3) + if [ "$?" = "0" ] && [ "${netmask}" != "" ]; then + netgw=$(whiptail --title "Network" --inputbox "Route" 0 30 "${netgw}" 3>&1 1>&2 2>&3) + if [ "$?" = "0" ] && [ "${netgw}" != "" ]; then + netdns=$(whiptail --title "Network" --inputbox "DNS" 0 30 "${netdns}" 3>&1 1>&2 2>&3) + if [ "$?" = "0" ] && [ "${netdns}" != "" ]; then + echo "allow-hotplug ${netif}" > /etc/network/interfaces.d/${netif} + echo "iface ${netif} inet static" >> /etc/network/interfaces.d/${netif} + echo -e "\taddress ${netip}" >> /etc/network/interfaces.d/${netif} + echo -e "\tnetmask ${netmask}" >> /etc/network/interfaces.d/${netif} + echo -e "\tgateway ${netgw}" >> /etc/network/interfaces.d/${netif} + sed -i "/${netif}/d" /etc/network/interfaces + echo "nameserver ${netdns}" > /etc/resolv.conf + fi + fi + fi + fi +} +NetCleanUpSystemdResolved() { + sed -i s/#LLMNR=yes/LLMNR=no/ /etc/systemd/resolved.conf + sed -i s/#DNSStubListener=yes/DNSStubListener=no/ /etc/systemd/resolved.conf + systemctl restart systemd-resolved +} + +APTSetProxy() { + proxy="" + proxy=$(whiptail --title "Proxy" --inputbox "ex : http://192.168.1.200/ or leave empty for none" 0 30 "${proxy}" 3>&1 1>&2 2>&3) + # shellcheck disable=SC2181 + if [ "$?" = "0" ]; then + if [ "${proxy}" != "" ]; then + echo "Acquire::http { Proxy \"${proxy}\"; };" > /etc/apt/apt.conf.d/02proxy + fi + fi +} +APTCleanupLXCPackage() { + echo "Skip" + # apt remove -y bind9-host debian-faq doc-debian postfix x11-common fontconfig-config fonts-dejavu-core gdbm-l10n python-apt-common +} +APTUpdateDist() { + apt update -y + apt dist-upgrade -y +} +APTInstallBase() { + options=() + options+=("curl" "" on) + options+=("wget" "" on) + options+=("lsof" "" on) + options+=("acpi" "" on) + options+=("bash-completion" "" on) + options+=("iptables" "" on) + options+=("iptables-persistent" "" on) + options+=("openssh-server" "" on) + options+=("gnupg" "" on) + options+=("rsync" "" on) + options+=("nmon" "" on) + options+=("snmpd" "" on) + options+=("clevis-net" "" off) + sel=$(whiptail --title "Basic Install" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3) + # shellcheck disable=SC2181 + # shellcheck disable=SC2001 + if [ "$?" = "0" ]; then + pkg="" + for itm in ${sel}; do + case ${itm} in + '"iptables-persistent"') + pkg="${pkg} $(echo "${itm}" | sed 's/"//g')" + IPTablesPostInstall;; + '"clevis-net"') + pkg="${pkg} clevis clevis-luks clevis-systemd clevis-initramfs clevis-tpm2";; + *) + pkg="${pkg} $(echo "${itm}" | sed 's/"//g')";; + esac + done + # shellcheck disable=SC2086 + apt install -y ${pkg} + for itm in ${sel}; do + case ${itm} in + '"iptables-persistent"') + IPTablesConfig;; + '"snmpd"') + SNMPDConfig;; + '"clevis-net"') + ClevisNetInit;; + esac + done + fi +} +APTCleanAll() { + apt-get autoremove -y + apt-get autoclean -y +} + +BashSetAlias() { + wget -O /etc/profile.d/alias.sh "${BASE_URL}"/"${DIR_URL}"/files/alias.sh +} +BashSetPS() { + wget -O /etc/profile.d/ps1.sh "${BASE_URL}"/"${DIR_URL}"/files/ps1.sh +} +BashRMbashrc() { + rm /root/.bashrc +} + +NanoSetConfig() { + sed -i "/tabsize/c\set tabsize 2" /etc/nanorc + { + echo "set numbercolor brightwhite" + echo "set statuscolor brightwhite,green" + echo "set keycolor cyan" + echo "set functioncolor green" + } >> /etc/nanorc + { + echo "set titlecolor brightwhite,red" + echo "set statuscolor brightwhite,red" + } > /root/.nanorc +} + +IssueSetContent() { + wget -O /etc/issue "${BASE_URL}"/"${DIR_URL}"/files/issue +} + +IPTablesPostInstall() { + echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections + echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections +} +IPTablesConfig() { + wget -O /etc/iptables/rules.v4 "${BASE_URL}"/"${DIR_URL}"/files/rules.v4 + wget -O /etc/iptables/rules.v6 "${BASE_URL}"/"${DIR_URL}"/files/rules.v6 + iptables-restore /etc/iptables/rules.v4 + ip6tables-restore /etc/iptables/rules.v6 +} + +SNMPDConfig() { + cummunityname=public + cummunityname=$(whiptail --title "SNMP Community name" --inputbox "" 0 30 "${cummunityname}" 3>&1 1>&2 2>&3) + sed -i "s/public/${cummunityname}/" /etc/snmp/snmpd.conf + sed -i "s/127.0.0.1,\[::1\]/0.0.0.0/" /etc/snmp/snmpd.conf + systemctl restart snmpd +} + +ClevisNetInit() { + LUKSPARTS=$(lsblk -p -l --fs |grep LUKS |cut -d " " -f1) + options=() + IFS_ORIG=$IFS + IFS=$'\n' + for LUKSPART in ${LUKSPARTS} + do + options+=("${LUKSPART}" "") + done + IFS=$IFS_ORIG + DEV=$(whiptail --title "Select root LUKS part" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3) + # shellcheck disable=SC2181 + if [ "$?" = "0" ]; then + TANGURL=$(whiptail --title "Tang Server" --inputbox "URL" 0 30 "" 3>&1 1>&2 2>&3) + if [ "$?" = "0" ]; then + clevis luks bind -d "${DEV}" tang "{\"url\": \"${TANGURL}\"}" + systemctl enable clevis-luks-askpass.path + fi + fi +} + +SSHEnableRootLogin() { + sed -i "/PermitRootLogin prohibit-password/c\PermitRootLogin yes #prohibit-password" /etc/ssh/sshd_config + systemctl restart sshd +} + +GrubSetConfig() { + if [ -f "/etc/default/grub" ]; then + sed -i "/GRUB_TIMEOUT/c\GRUB_TIMEOUT=1" /etc/default/grub + update-grub + fi +} + +InstApps() { + options=() + #if [[ ${ISLXC} == 0 ]]; then + # options+=("docker" "" off) + # options+=("portainer" "" off) + #fi + options+=("zimbra-10" "Need Debian 12 zm-builder" off) + options+=("zimbra-10-zpush" "Need zimbra 10" off) + options+=("misc-apps" "..." off) + sel=$(whiptail --title "More Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3) + # shellcheck disable=SC2181 + if [ "$?" = "0" ]; then + for itm in ${sel}; do + case ${itm//\"/} in + misc-apps) + InstMiscApps;; + archived-apps) + InstArchivedApps;; + *) + cd /tmp || exit + wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh + bash ./"${itm//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}";; + esac + done + fi +} +InstMiscApps() { + options=() + options+=("bind9" "" off) + options+=("iperf3" "" off) + sel=$(whiptail --title "Misc Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3) + # shellcheck disable=SC2181 + if [ "$?" = "0" ]; then + for itm in ${sel}; do + cd /tmp || exit + wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh + bash ./"${itm//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}" + done + fi +} + +Reboot() { + if whiptail --yesno "Reboot ?" 0 0 3>&1 1>&2 2>&3; then + reboot + fi +} + +while [ ${#} -gt 0 ]; do + case ${1} in + --help) showHelp; exit 0;; + -b | --base-url) BASE_URL="${2}"; shift;; + *) shift;; + esac +done + +Main diff --git a/ubuntu.sh b/ubuntu.sh new file mode 100644 index 0000000..143d8d5 --- /dev/null +++ b/ubuntu.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main +declare UBUNTUVER=0 + +showHelp() { + echo "ubuntu.sh" + echo "" + echo "use :" + echo "bash ubuntu.sh [options]" + echo " -b | --base-url url" +} + +main() { + UBUNTUVER=$(grep "VERSION_ID=" /etc/os-release | sed 's/"//g' | sed 's/.*=//') + apt update -y + apt install -y wget + wget -O /tmp/init.sh "${BASE_URL}"/ubuntu-"${UBUNTUVER}"/init.sh + bash /tmp/init.sh -b "${BASE_URL}" + rm /tmp/init.sh +} + + +while [ ${#} -gt 0 ]; do + case ${1} in + --help) showHelp; exit 0;; + -b | --base-url) BASE_URL="${2}"; shift;; + *) shift;; + esac +done + +main