Add Ubuntu scripts

ubuntu-20.04/files/alias.sh

@@ -0,0 +1,11 @@
+alias ls='ls --color=auto -hl --time-style long-iso'
+alias l='ls --color=auto -hlA --time-style long-iso'
+alias ll='ls --color=auto -hla --time-style long-iso'
+alias cd..='cd ..'
+alias ff='find / -name'
+alias f='find . -name'
+alias fif='grep -rnw . -e'
+alias grep='grep --color=auto'
+alias ip='ip -c'
+alias vdir='vdir --color=auto'
+alias watch='watch --color'

ubuntu-20.04/files/issue

@@ -0,0 +1,21 @@
+\v \r \l
+
+    .o oOOOOOOOo                                            OOOo
+    Ob.OOOOOOOo  OOOo.      oOOo.                      .adOOOOOOO
+    OboO"""""""""""".OOo. .oOOOOOo.    OOOo.oOOOOOo.."""""""""'OO
+    OOP.oOOOOOOOOOOO "POOOOOOOOOOOo.   `"OOOOOOOOOP,OOOOOOOOOOOB'
+    `O'OOOO'     `OOOOo"OOOOOOOOOOO` .adOOOOOOOOO"oOOO'    `OOOOo
+    .OOOO'            `OOOOOOOOOOOOOOOOOOOOOOOOOO'            `OO
+    OOOOO                 '"OOOOOOOOOOOOOOOO"`                oOO
+   oOOOOOba.                .adOOOOOOOOOOba               .adOOOOo.
+  oOOOOOOOOOOOOOba.    .adOOOOOOOOOO@^OOOOOOOba.     .adOOOOOOOOOOOO
+ OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO"`  '"OOOOOOOOOOOOO.OOOOOOOOOOOOOO
+ "OOOO"       "YOoOOOOMOIONODOO"`  .   '"OOROAOPOEOOOoOY"     "OOO"
+    Y           'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?'         :`
+    :            .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO?         .
+    .            oOOP"%OOOOOOOOoOOOOOOO?oOOOOO?OOOO"OOo
+                 '%o  OOOO"%OOOO%"%OOOOO"OOOOOO"OOO':
+                      `$"  `OOOO' `O"Y ' `OOOO'  o             .
+    .                  .     OP"          : o     .
+                              :
+                              .

ubuntu-20.04/files/ps1.sh

@@ -0,0 +1,5 @@
+clrreset='\e[0m'
+clrwhite='\e[1;37m'
+clrgreen='\e[1;32m'
+clrred='\e[1;31m'
+export PS1="\[$clrred\][$USER@$HOSTNAME]\[$clrwhite\] \w \`if [ \$? = 0 ]; then echo -e '\[$clrgreen\]'; else echo -e '\[$clrred\]'; fi\`\\$ \[$clrreset\]"

ubuntu-20.04/files/rules.v4

@@ -0,0 +1,13 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+# Ping
+-A INPUT -p icmp -j ACCEPT
+# SSH
+-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
+# SNMPD
+-A INPUT -p udp -m udp --dport 161 -m state --state NEW -j ACCEPT
+COMMIT

ubuntu-20.04/files/rules.v6

@@ -0,0 +1,7 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+COMMIT

ubuntu-20.04/init.sh

@@ -0,0 +1,304 @@
+#!/bin/bash
+
+declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
+declare DIR_URL=ubuntu-20.04
+declare IPV4=127.0.0.1
+declare ISLXC=0
+
+showHelp() {
+	echo "init.sh"
+	echo ""
+	echo "use :"
+	echo "sh init.sh [options]"
+	echo " -b | --base-url url"
+}
+
+InitConst() {
+	IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
+	
+	grep -q -v -a lxc /proc/1/environ
+	ISLXC=$?
+}
+
+Main() {
+	InitConst
+	if [[ ${ISLXC} == 0 ]]; then
+		NetSetHostname
+		NetIPConfig
+	else
+		APTCleanupLXCPackage
+	fi
+	NetCleanUpSystemdResolved
+	APTSetProxy
+	APTUpdateDist
+	APTInstallBase
+	APTCleanAll
+	BashSetAlias
+	BashSetPS
+	BashRMbashrc
+	NanoSetConfig
+	IssueSetContent
+	SSHEnableRootLogin
+	GrubSetConfig
+	InstApps
+	Reboot
+}
+
+NetSetHostname() {
+	hostname=$(hostname)
+	hostname=$(whiptail --title "Hostname + Domain" --inputbox "" 0 30 "${hostname}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ] && [ "${hostname}" != "" ]; then
+		hostnamectl set-hostname "${hostname}"
+	fi
+}
+NetIPConfig() {
+	options=()
+	options+=("DHCP" "")
+	options+=("Static" "")
+	sel=$(whiptail --title "Network" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		case ${sel} in
+			"Static") NetIPConfigStatic;;
+		esac
+	fi
+}
+NetIPConfigStatic() {
+	netif="$(ip a | grep ens | head -n1 | cut -d: -f2)"
+	netif=${netif:1}
+	netip="${IPV4}"
+	netmask="255.255.255.0"
+	netgw="$(echo "${IPV4}" | cut -d. -f1-3).1"
+	netdns="$(echo "${IPV4}" | cut -d. -f1-3).1"
+	netip=$(whiptail --title "Network" --inputbox "IP" 0 30 "${netip}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ] && [ "${netip}" != "" ]; then
+		netmask=$(whiptail --title "Network" --inputbox "Mask" 0 30 "${netmask}" 3>&1 1>&2 2>&3)
+		if [ "$?" = "0" ] && [ "${netmask}" != "" ]; then
+			netgw=$(whiptail --title "Network" --inputbox "Route" 0 30 "${netgw}" 3>&1 1>&2 2>&3)
+			if [ "$?" = "0" ] && [ "${netgw}" != "" ]; then
+				netdns=$(whiptail --title "Network" --inputbox "DNS" 0 30 "${netdns}" 3>&1 1>&2 2>&3)
+				if [ "$?" = "0" ] && [ "${netdns}" != "" ]; then
+					echo "allow-hotplug ${netif}" > /etc/network/interfaces.d/${netif}
+					echo "iface ${netif} inet static" >> /etc/network/interfaces.d/${netif}
+					echo -e "\taddress ${netip}" >> /etc/network/interfaces.d/${netif}
+					echo -e "\tnetmask ${netmask}" >> /etc/network/interfaces.d/${netif}
+					echo -e "\tgateway ${netgw}" >> /etc/network/interfaces.d/${netif}
+					sed -i "/${netif}/d" /etc/network/interfaces
+					echo "nameserver ${netdns}" > /etc/resolv.conf
+				fi
+			fi
+		fi
+	fi
+}
+NetCleanUpSystemdResolved() {
+	sed -i s/#LLMNR=yes/LLMNR=no/ /etc/systemd/resolved.conf
+	sed -i s/#DNSStubListener=yes/DNSStubListener=no/ /etc/systemd/resolved.conf
+	systemctl restart systemd-resolved
+}
+
+APTSetProxy() {
+	proxy=""
+	if [ "${IPV4:0:9}" == "10.80.80." ]; then
+		proxy="http://10.80.80.5:8080/"
+	elif [ "${IPV4:0:6}" == "10.80." ]; then
+		proxy="http://10.80.70.5:8080/"
+	fi
+	proxy=$(whiptail --title "Proxy" --inputbox "ex : http://192.168.1.200/ or leave empty for none" 0 30 "${proxy}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		if [ "${proxy}" != "" ]; then
+			echo "Acquire::http { Proxy \"${proxy}\"; };" > /etc/apt/apt.conf.d/02proxy
+		fi
+	fi
+}
+APTCleanupLXCPackage() {
+	echo "Skip"
+	# apt remove -y bind9-host debian-faq doc-debian postfix x11-common fontconfig-config fonts-dejavu-core gdbm-l10n python-apt-common
+}
+APTUpdateDist() {
+	apt update -y
+	apt dist-upgrade -y
+}
+APTInstallBase() {
+	options=()
+	options+=("curl" "" on)
+	options+=("wget" "" on)
+	options+=("lsof" "" on)
+	options+=("acpi" "" on)
+	options+=("bash-completion" "" on)
+	options+=("iptables" "" on)
+	options+=("iptables-persistent" "" on)
+	options+=("openssh-server" "" on)
+	options+=("gnupg" "" on)
+	options+=("rsync" "" on)
+	options+=("nmon" "" on)
+	options+=("snmpd" "" on)
+	options+=("clevis-net" "" off)
+  sel=$(whiptail --title "Basic Install" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+  if [ "$?" = "0" ]; then
+		pkg=""
+		for itm in ${sel}; do
+			case ${itm} in
+			'"iptables-persistent"')
+				pkg="${pkg} $(echo ${itm} | sed 's/"//g')"
+				IPTablesPostInstall;;
+			'"clevis-net"')
+				pkg="${pkg} clevis clevis-luks clevis-systemd clevis-initramfs clevis-tpm2";;
+			*)
+				pkg="${pkg} $(echo ${itm} | sed 's/"//g')";;
+			esac
+		done
+		apt install -y ${pkg}
+		for itm in ${sel}; do
+			case ${itm} in
+			'"iptables-persistent"')
+				IPTablesConfig;;
+			'"snmpd"')
+				SNMPDConfig;;
+			'"clevis-net"')
+				ClevisNetInit;;
+			esac
+		done
+	fi
+}
+APTCleanAll() {
+	apt-get autoremove -y
+	apt-get autoclean -y
+}
+
+BashSetAlias() {
+	wget -O /etc/profile.d/alias.sh "${BASE_URL}"/"${DIR_URL}"/files/alias.sh
+}
+BashSetPS() {
+	wget -O /etc/profile.d/ps1.sh "${BASE_URL}"/"${DIR_URL}"/files/ps1.sh
+}
+BashRMbashrc() {
+	rm /root/.bashrc
+}
+
+NanoSetConfig() {
+	sed -i "/tabsize/c\set tabsize 2" /etc/nanorc
+	{
+		echo "set numbercolor brightwhite"
+		echo "set statuscolor brightwhite,green"
+		echo "set keycolor cyan"
+		echo "set functioncolor green"
+	} >> /etc/nanorc
+	{
+		echo "set titlecolor brightwhite,red"
+		echo "set statuscolor brightwhite,red"
+	} > /root/.nanorc
+}
+
+IssueSetContent() {
+	wget -O /etc/issue "${BASE_URL}"/"${DIR_URL}"/files/issue
+}
+
+IPTablesPostInstall() {
+	echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
+	echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
+}
+IPTablesConfig() {
+	wget -O /etc/iptables/rules.v4 "${BASE_URL}"/"${DIR_URL}"/files/rules.v4
+	wget -O /etc/iptables/rules.v6 "${BASE_URL}"/"${DIR_URL}"/files/rules.v6
+	iptables-restore /etc/iptables/rules.v4
+	ip6tables-restore /etc/iptables/rules.v6
+}
+
+SNMPDConfig() {
+	cummunityname=public
+	cummunityname=$(whiptail --title "SNMP Community name" --inputbox "" 0 30 "${cummunityname}" 3>&1 1>&2 2>&3)
+	sed -i "s/public/${cummunityname}/" /etc/snmp/snmpd.conf
+	sed -i "s/127.0.0.1,\[::1\]/0.0.0.0/" /etc/snmp/snmpd.conf
+	systemctl restart snmpd
+}
+
+ClevisNetInit() {
+	LUKSPARTS=$(lsblk -p -l --fs |grep LUKS |cut -d " " -f1)
+	options=()
+	IFS_ORIG=$IFS
+	IFS=$'\n'
+	for LUKSPART in ${LUKSPARTS}
+	do  
+		options+=("${LUKSPART}" "")
+	done
+	IFS=$IFS_ORIG
+  DEV=$(whiptail --title "Select root LUKS part" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+  if [ "$?" = "0" ]; then
+		TANGURL=$(whiptail --title "Tang Server" --inputbox "URL" 0 30 "" 3>&1 1>&2 2>&3)
+		if [ "$?" = "0" ]; then
+			clevis luks bind -d ${DEV} tang "{\"url\": \"${TANGURL}\"}"
+			systemctl enable clevis-luks-askpass.path
+		fi
+  fi
+}
+
+SSHEnableRootLogin() {
+	sed -i "/PermitRootLogin prohibit-password/c\PermitRootLogin yes #prohibit-password" /etc/ssh/sshd_config
+	systemctl restart sshd
+}
+
+GrubSetConfig() {
+	if [ -f "/etc/default/grub" ]; then
+		sed -i "/GRUB_TIMEOUT/c\GRUB_TIMEOUT=1" /etc/default/grub
+		update-grub
+	fi
+}
+
+InstApps() {
+	options=()
+	#if [[ ${ISLXC} == 0 ]]; then
+	#	options+=("docker" "" off)
+	#	options+=("portainer" "" off)
+	#fi
+	options+=("zimbra-10" "Need Debian 12 zm-builder" off)
+	options+=("zimbra-10-zpush" "Need zimbra 10" off)
+	options+=("misc-apps" "..." off)
+	sel=$(whiptail --title "More Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	if [ "$?" = "0" ]; then
+		for itm in ${sel}; do
+			case ${itm//\"/} in
+			misc-apps)
+				InstMiscApps;;
+			archived-apps)
+				InstArchivedApps;;
+			*)
+				cd /tmp
+				wget matmoul.ch/inst/ubuntu-20.04/${itm//\"/}.sh
+				bash ./${itm//\"/}.sh;;
+			esac
+		done
+	fi
+}
+InstMiscApps() {
+	options=()
+	options+=("bind9" "" off)
+	options+=("iperf3" "" off)
+	sel=$(whiptail --title "Misc Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	if [ "$?" = "0" ]; then
+		for itm in ${sel}; do
+			cd /tmp
+			wget matmoul.ch/inst/ubuntu-20.04/${itm//\"/}.sh
+			bash ./${itm//\"/}.sh
+		done
+	fi
+}
+
+Reboot() {
+	if $(whiptail --yesno "Reboot ?" 0 0 3>&1 1>&2 2>&3); then
+		reboot
+	fi
+}
+
+while [ ${#} -gt 0 ]; do
+  case ${1} in
+		--help) showHelp; exit 0;;
+		-b | --base-url) BASE_URL="${2}"; shift;;
+		*) shift;;
+  esac
+done
+
+Main

ubuntu.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
+declare UBUNTUVER=0
+
+showHelp() {
+	echo "ubuntu.sh"
+	echo ""
+	echo "use :"
+	echo "sh ubuntu.sh [options]"
+	echo " -b | --base-url url"
+}
+
+main() {
+	UBUNTUVER=$(grep "VERSION_ID=" /etc/os-release | sed 's/"//g' | sed 's/.*=//')
+	apt update -y
+	apt install -y wget
+	wget -O /tmp/init.sh "${BASE_URL}"/ubuntu-"${UBUNTUVER}"/init.sh
+	sh /tmp/init.sh -b "${BASE_URL}"
+	rm /tmp/init.sh
+}
+
+
+while [ ${#} -gt 0 ]; do
+	case ${1} in
+		--help) showHelp; exit 0;;
+		-b | --base-url) BASE_URL="${2}"; shift;;
+		*) shift;;
+	esac
+done
+
+main