m/os-init
2
0
Fork 0
Code Issues Wiki Activity

Compare commits

base: m:cb2b798a667dd2ae102daef47687919109fcc7f4
Branches Tags
m:main
...
compare: m:main
Branches Tags
m:main

12 Commits
cb2b798a66 ... main

Author SHA1 Message Date
MatMoul
fd17bea829 Add ubuntu 26.04 2025-11-09 20:01:08 +01:00
MatMoul
caaea6d202 Add ubuntu 24 to 26 2025-11-09 19:56:28 +01:00
MatMoul
090fde2843 Add ubuntu 22 to 24 2025-11-09 19:52:44 +01:00
MatMoul
5bc50b81bc ubuntu-up.sh 2025-11-09 19:41:36 +01:00
MatMoul
36f601678d Add ubuntu-up 20.04 to 22.04 2025-11-09 19:15:17 +01:00
MatMoul
60b6ee3845 Add ubuntu 22.04 and 24.04 2025-11-09 18:57:13 +01:00
MatMoul
92d48d0e81 alpine: add e2fsprogs-extra 2025-11-01 23:06:46 +01:00
MatMoul
18c05c7ec9 alpine: reorder apps 2025-11-01 22:23:38 +01:00
MatMoul
f1cbd13de6 alpine: clean docker script 2025-11-01 22:10:35 +01:00
MatMoul
6ac636fff4 Update portainer download path 2025-11-01 22:09:09 +01:00
MatMoul
cad7c24295 Refactor docker and clean old apps 2025-11-01 22:06:02 +01:00
MatMoul
45afd634db alpine: add latest-update option 2025-11-01 21:24:46 +01:00
35 changed files with 1307 additions and 286 deletions
Expand all files Collapse all files

22
alpine/apps/docker/docker.sh
View File

@@ -1,5 +1,7 @@
#!/bin/dash #!/bin/dash
BASE_URL=${1}
mkdir /srv/stacks mkdir /srv/stacks
mkdir /srv/data mkdir /srv/data
@@ -13,3 +15,23 @@ apk add docker docker-cli-compose
rc-update add docker boot rc-update add docker boot
service docker start service docker start
InstStacks() {
SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 \
"portainer" "" off 3>&1 1>&2 2>&3)
#SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 \
# "portainer" "" off \
# "traefik" "" off \
# "gitea" "" off 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "${?}" = "0" ]; then
for ITM in ${SEL}; do
cd /tmp || exit
# shellcheck disable=SC3000-SC4000
wget "${BASE_URL}"/alpine/apps/docker/stacks/"${ITM//\"/}"/"${ITM//\"/}".sh
# shellcheck disable=SC3000-SC4000
sh ./"${ITM//\"/}".sh "${BASE_URL}"
done
fi
}
InstStacks

0
alpine/apps/portainer/compose.yaml → alpine/apps/docker/stacks/portainer/compose.yaml
View File

8
alpine/apps/docker/stacks/portainer/portainer.sh Normal file
View File

@@ -0,0 +1,8 @@
#!/bin/dash
BASE_URL=${1}
mkdir /srv/stacks/portainer
cd /srv/stacks/portainer
wget "${BASE_URL}"/alpine/apps/docker/stacks/portainer/compose.yaml
docker compose up -d

10
alpine/apps/portainer/portainer.sh
View File

@@ -1,10 +0,0 @@
#!/bin/dash
# docker run -d --name="portainer" --restart=unless-stopped -p 8000:8000 -p 9000:9000 -p 9443:9443 -v /var/run/docker.sock:/var/run/docker.sock -v /srv/portainer/data:/data portainer/portainer-ce
BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
mkdir /srv/stacks/portainer
cd /srv/stacks/portainer
wget "${BASE_URL}"/alpine/apps/portainer/compose.yaml
docker compose up -d

4
alpine/apps/rancher/rancher.sh
View File

@@ -1,4 +0,0 @@
#!/bin/dash
mount --make-rshared /
docker run -d --name="rancher" --restart=unless-stopped -p 4080:80 -p 4443:443 --privileged rancher/rancher:latest

266
alpine/apps/traefik/traefik.sh
View File

@@ -1,266 +0,0 @@
#!/bin/dash
RELEASE=2.6.3
ACMEACCOUNT=@gmail.com
main() {
TraefikConfig
TraefikEtcCertsSelfsigned
TraefikEtcServices
TraefikEtcConfig
TraefikEtcIptable
TraefikBinUpdateTraefik
TraefikService
}
TraefikConfig() {
RELEASE=$(whiptail --title "Release" --inputbox "" 0 30 "${RELEASE}" 3>&1 1>&2 2>&3)
ACMEACCOUNT=$(whiptail --title "ACME Account" --inputbox "" 0 30 "${ACMEACCOUNT}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ]; then
if [ "${proxy}" != "" ]; then
echo "Acquire::http { Proxy \"${proxy}\"; };" > /etc/apt/apt.conf.d/02proxy
fi
fi
}
TraefikEtcCertsSelfsigned() {
mkdir -p /etc/traefik/certs
openssl ecparam -name secp256r1 -genkey -out /etc/traefik/certs/self.key
openssl req -new -x509 -key /etc/traefik/certs/self.key -sha256 -nodes -out /etc/traefik/certs/self.crt -days 3650
}
TraefikEtcServices() {
mkdir -p /etc/traefik/services
TraefikEtcServicesShared
TraefikEtcServicesDefault
}
TraefikEtcServicesShared() {
cat >> /etc/traefik/services/_shared.yaml << "EOF"
tls:
stores:
default:
defaultCertificate:
certFile: "/etc/traefik/certs/self.crt"
keyFile: "/etc/traefik/certs/self.key"
options:
default:
minVersion: "VersionTLS12"
# sniStrict: true
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
mintls13:
minVersion: "VersionTLS13"
http:
middlewares:
to-https:
redirectScheme:
scheme: "https"
permanent: true
to-no-www:
redirectRegex:
regex: "^https://www.(.*)"
replacement: "https://${1}"
permanent: true
hsts-min:
headers:
sslRedirect: true
stsIncludeSubdomains: false
stsPreload: true
stsSeconds: 63072000
contentTypeNosniff: true
accessControlMaxAge: 100
addVaryheader: true
hsts_light:
headers:
sslRedirect: true
frameDeny: true
stsIncludeSubdomains: false
stsPreload: true
stsSeconds: 63072000
contentTypeNosniff: true
accessControlMaxAge: 100
addVaryheader: true
hsts:
headers:
sslRedirect: true
frameDeny: true
stsIncludeSubdomains: false
stsPreload: true
stsSeconds: 63072000
contentTypeNosniff: true
accessControlMaxAge: 100
addVaryheader: true
referrerPolicy: "origin-when-cross-origin"
hsts-strict:
headers:
sslRedirect: true
frameDeny: true
stsIncludeSubdomains: false
stsPreload: true
stsSeconds: 63072000
contentTypeNosniff: true
accessControlMaxAge: 100
addVaryheader: true
contentSecurityPolicy: "script-src 'self'"
referrerPolicy: "origin-when-cross-origin"
services:
dummy:
loadBalancer:
servers:
- url: "https://127.0.0.1:2"
# matomo:
# loadBalancer:
# servers:
# - url: "https://x.x.x.x:xxx"
EOF
}
TraefikEtcServicesDefault() {
cat >> /etc/traefik/services/_default.yaml << "EOF"
http:
routers:
_default:
entryPoints:
- http
rule: "PathPrefix(`/`)"
# priority: 100
# service: _default-matomo
service: _default
_default-secure:
entryPoints:
- https
rule: "PathPrefix(`/`)"
# priority: 100
# service: _default-matomo
service: _default
tls: {}
services:
# _default-matomo:
# mirroring:
# service: _default
# maxBodySize: 1024
# mirrors:
# - name: matomo
# percent: 100
_default:
loadBalancer:
servers:
- url: https://127.0.0.1:2
EOF
}
TraefikEtcConfig() {
cat >> /etc/traefik/traefik.yaml << "EOF"
entryPoints:
http:
address: ":80"
https:
address: ":443"
traefik:
address: ":8099"
api:
dashboard: true
insecure: true
serversTransport:
insecureSkipVerify: true
providers:
file:
directory: "/etc/traefik/services/"
watch: true
certificatesResolvers:
acmev2:
acme:
email: "X{ACMEACCOUNT}"
caserver: "https://acme-v02.api.letsencrypt.org/directory"
storage: "/etc/traefik/certs/acmev2.json"
keyType: "EC384"
tlsChallenge: {}
acmev2-staging:
acme:
email: "X{ACMEACCOUNT}"
caserver: "https://acme-staging-v02.api.letsencrypt.org/directory"
storage: "/etc/traefik/certs/acmev2-staging.json"
keyType: "EC384"
tlsChallenge: {}
EOF
# sed -i /X{ACMEACCOUNT}/${ACMEACCOUNT}/g /etc/traefik/traefik.yaml
}
TraefikEtcIptable() {
if [ -f "/etc/iptables/rules-save" ]; then
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8099 -m state --state NEW -j ACCEPT' /etc/iptables/rules-save
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules-save
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules-save
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # Traefik' /etc/iptables/rules-save
iptables-restore /etc/iptables/rules-save
fi
}
TraefikBinUpdateTraefik() {
cat >> /usr/local/bin/update-traefik << "EOF"
#!/bin/ash
if [[ -z ${1} ]]; then
echo "update-traefik version"
echo "version : x.x.x"
exit 1
fi
version=${1}
mkdir -p /tmp/traefik
cd /tmp/traefik
wget https://github.com/traefik/traefik/releases/download/v${version}/traefik_v${version}_linux_amd64.tar.gz
tar -xf traefik_v${version}_linux_amd64.tar.gz
systemctl stop traefik
cp traefik /usr/local/bin
systemctl start traefik
cd
rm -R /tmp/traefik
EOF
chmod 755 /usr/local/bin/update-traefik
update-traefik "${RELEASE}"
}
TraefikService() {
cat >> /etc/init.d/traefik << "EOF"
#!/sbin/openrc-run
name="traefik"
command="/usr/local/bin/traefik"
command_args="-configFile /etc/traefik/traefik.yaml"
command_background=true
pidfile=/run/traefik.pid
depend() {
need net
}
EOF
chmod 755 /etc/init.d/traefik
rc-update add traefik boot
service traefik start
}
main

17
alpine/init.sh
View File

@@ -1,6 +1,6 @@
#!/bin/dash #!/bin/dash
BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main BASE_URL=${1}
showHelp() { showHelp() {
echo "alpine.sh" echo "alpine.sh"
@@ -10,6 +10,7 @@ showHelp() {
} }
main() { main() {
APKLatestStable
APKUpdateDist APKUpdateDist
APKInstallBase APKInstallBase
Customizations Customizations
@@ -17,6 +18,12 @@ main() {
Reboot Reboot
} }
APKLatestStable() {
if whiptail --yesno "Use latest-stable repos ?" 0 0 3>&1 1>&2 2>&3; then
CURVER=$(cat /etc/os-release | grep "PRETTY_NAME" | grep 'Alpine Linux ' | awk -F'Alpine Linux ' '{print $2}' | awk -F'"' '{print $1}')
sed -i 's/'"${CURVER}"'/latest-stable/' /etc/apk/repositories
fi
}
APKUpdateDist() { APKUpdateDist() {
apk update apk update
apk upgrade apk upgrade
@@ -29,6 +36,7 @@ APKInstallBase() {
"bash-completion" "" on \ "bash-completion" "" on \
"iptables" "" on \ "iptables" "" on \
"ip6tables" "" on \ "ip6tables" "" on \
"e2fsprogs-extra" "" on \
"openssh-server" "" on \ "openssh-server" "" on \
"gnupg" "" on \ "gnupg" "" on \
"rsync" "" on \ "rsync" "" on \
@@ -126,12 +134,9 @@ IssueSetContent() {
InstApps() { InstApps() {
SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 \ SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 \
"traefik" "" off \
"gitea" "" off \
"gitea-act_runner" "" off\
"docker" "" off \ "docker" "" off \
"portainer" "" off \ "gitea" "" off \
"rancher" "" off 3>&1 1>&2 2>&3) "gitea-act_runner" "" off 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181 # shellcheck disable=SC2181
if [ "${?}" = "0" ]; then if [ "${?}" = "0" ]; then
for ITM in ${SEL}; do for ITM in ${SEL}; do

37
ubuntu-20.04/ubuntu-up.sh Normal file
View File

@@ -0,0 +1,37 @@
#!/bin/bash
declare -r FREEMEM=$(free |grep Mem: | awk '{print $4}')
if [ "${FREEMEM}" -lt 130000 ]; then
echo "Not enough free ram, exiting"
exit 1
fi
sed -i 's/focal/jammy/' /etc/apt/sources.list
sed -i 's/focal/jammy/' /etc/apt/sources.list.d/*
# Check other sources if needed
# Can resolve dpkg issue :
# echo "" > /var/lib/dpkg/available
# sh -c 'for i in /var/lib/apt/lists/*_Packages; do dpkg --merge-avail "$i"; done'
apt update
apt dist-upgrade -y
apt autoclean -y
apt autopurge -y
#if [ -d /sys/firmware/efi ]; then
# if [ -d /etc/pve ]; then
# apt install -y systemd-boot
# fi
#fi
echo ""
hostname
read -n 1 -s -r -p "Press any key to reboot"
reboot

10
ubuntu-22.04/apps/bind9/bind9.sh Normal file
View File

@@ -0,0 +1,10 @@
#!/bin/bash
apt install -y bind9
if [ -f "/etc/iptables/rules.v4" ]; then
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # DNS' /etc/iptables/rules.v4
iptables-restore /etc/iptables/rules.v4
fi

10
ubuntu-22.04/apps/iperf3/iperf3.sh Normal file
View File

@@ -0,0 +1,10 @@
#!/bin/bash
apt install -y iperf3
if [ -f "/etc/iptables/rules.v4" ]; then
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # IPERF' /etc/iptables/rules.v4
iptables-restore /etc/iptables/rules.v4
fi

11
ubuntu-22.04/files/alias.sh Normal file
View File

@@ -0,0 +1,11 @@
alias ls='ls --color=auto -hl --time-style long-iso'
alias l='ls --color=auto -hlA --time-style long-iso'
alias ll='ls --color=auto -hla --time-style long-iso'
alias cd..='cd ..'
alias ff='find / -name'
alias f='find . -name'
alias fif='grep -rnw . -e'
alias grep='grep --color=auto'
alias ip='ip -c'
alias vdir='vdir --color=auto'
alias watch='watch --color'

21
ubuntu-22.04/files/issue Normal file
View File

@@ -0,0 +1,21 @@
\v \r \l
.o oOOOOOOOo OOOo
Ob.OOOOOOOo OOOo. oOOo. .adOOOOOOO
OboO"""""""""""".OOo. .oOOOOOo. OOOo.oOOOOOo.."""""""""'OO
OOP.oOOOOOOOOOOO "POOOOOOOOOOOo. `"OOOOOOOOOP,OOOOOOOOOOOB'
`O'OOOO' `OOOOo"OOOOOOOOOOO` .adOOOOOOOOO"oOOO' `OOOOo
.OOOO' `OOOOOOOOOOOOOOOOOOOOOOOOOO' `OO
OOOOO '"OOOOOOOOOOOOOOOO"` oOO
oOOOOOba. .adOOOOOOOOOOba .adOOOOo.
oOOOOOOOOOOOOOba. .adOOOOOOOOOO@^OOOOOOOba. .adOOOOOOOOOOOO
OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO"` '"OOOOOOOOOOOOO.OOOOOOOOOOOOOO
"OOOO" "YOoOOOOMOIONODOO"` . '"OOROAOPOEOOOoOY" "OOO"
Y 'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?' :`
: .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO? .
. oOOP"%OOOOOOOOoOOOOOOO?oOOOOO?OOOO"OOo
'%o OOOO"%OOOO%"%OOOOO"OOOOOO"OOO':
`$" `OOOO' `O"Y ' `OOOO' o .
. . OP" : o .
:
.

5
ubuntu-22.04/files/ps1.sh Normal file
View File

@@ -0,0 +1,5 @@
clrreset='\e[0m'
clrwhite='\e[1;37m'
clrgreen='\e[1;32m'
clrred='\e[1;31m'
export PS1="\[$clrred\][$USER@$HOSTNAME]\[$clrwhite\] \w \`if [ \$? = 0 ]; then echo -e '\[$clrgreen\]'; else echo -e '\[$clrred\]'; fi\`\\$ \[$clrreset\]"

13
ubuntu-22.04/files/rules.v4 Normal file
View File

@@ -0,0 +1,13 @@
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
# Ping
-A INPUT -p icmp -j ACCEPT
# SSH
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
# SNMPD
-A INPUT -p udp -m udp --dport 161 -m state --state NEW -j ACCEPT
COMMIT

7
ubuntu-22.04/files/rules.v6 Normal file
View File

@@ -0,0 +1,7 @@
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
COMMIT

302
ubuntu-22.04/init.sh Normal file
View File

@@ -0,0 +1,302 @@
#!/bin/bash
declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
declare DIR_URL=ubuntu-22.04
declare IPV4=127.0.0.1
declare ISLXC=0
showHelp() {
echo "init.sh"
echo ""
echo "use :"
echo "bash init.sh [options]"
echo " -b | --base-url url"
}
InitConst() {
IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
grep -q -v -a lxc /proc/1/environ
ISLXC=$?
}
Main() {
InitConst
if [[ ${ISLXC} == 0 ]]; then
NetSetHostname
NetIPConfig
else
APTCleanupLXCPackage
fi
NetCleanUpSystemdResolved
APTSetProxy
APTUpdateDist
APTInstallBase
APTCleanAll
BashSetAlias
BashSetPS
BashRMbashrc
NanoSetConfig
IssueSetContent
SSHEnableRootLogin
GrubSetConfig
InstApps
Reboot
}
NetSetHostname() {
hostname=$(hostname)
hostname=$(whiptail --title "Hostname + Domain" --inputbox "" 0 30 "${hostname}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ] && [ "${hostname}" != "" ]; then
hostnamectl set-hostname "${hostname}"
fi
}
NetIPConfig() {
options=()
options+=("DHCP" "")
options+=("Static" "")
sel=$(whiptail --title "Network" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ]; then
case ${sel} in
"Static") NetIPConfigStatic;;
esac
fi
}
NetIPConfigStatic() {
netif="$(ip a | grep ens | head -n1 | cut -d: -f2)"
netif=${netif:1}
netip="${IPV4}"
netmask="255.255.255.0"
netgw="$(echo "${IPV4}" | cut -d. -f1-3).1"
netdns="$(echo "${IPV4}" | cut -d. -f1-3).1"
netip=$(whiptail --title "Network" --inputbox "IP" 0 30 "${netip}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ] && [ "${netip}" != "" ]; then
netmask=$(whiptail --title "Network" --inputbox "Mask" 0 30 "${netmask}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ] && [ "${netmask}" != "" ]; then
netgw=$(whiptail --title "Network" --inputbox "Route" 0 30 "${netgw}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ] && [ "${netgw}" != "" ]; then
netdns=$(whiptail --title "Network" --inputbox "DNS" 0 30 "${netdns}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ] && [ "${netdns}" != "" ]; then
echo "allow-hotplug ${netif}" > /etc/network/interfaces.d/${netif}
echo "iface ${netif} inet static" >> /etc/network/interfaces.d/${netif}
echo -e "\taddress ${netip}" >> /etc/network/interfaces.d/${netif}
echo -e "\tnetmask ${netmask}" >> /etc/network/interfaces.d/${netif}
echo -e "\tgateway ${netgw}" >> /etc/network/interfaces.d/${netif}
sed -i "/${netif}/d" /etc/network/interfaces
echo "nameserver ${netdns}" > /etc/resolv.conf
fi
fi
fi
fi
}
NetCleanUpSystemdResolved() {
sed -i s/#LLMNR=yes/LLMNR=no/ /etc/systemd/resolved.conf
sed -i s/#DNSStubListener=yes/DNSStubListener=no/ /etc/systemd/resolved.conf
systemctl restart systemd-resolved
}
APTSetProxy() {
proxy=""
proxy=$(whiptail --title "Proxy" --inputbox "ex : http://192.168.1.200/ or leave empty for none" 0 30 "${proxy}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ]; then
if [ "${proxy}" != "" ]; then
echo "Acquire::http { Proxy \"${proxy}\"; };" > /etc/apt/apt.conf.d/02proxy
fi
fi
}
APTCleanupLXCPackage() {
echo "Skip"
# apt remove -y bind9-host debian-faq doc-debian postfix x11-common fontconfig-config fonts-dejavu-core gdbm-l10n python-apt-common
}
APTUpdateDist() {
apt update -y
apt dist-upgrade -y
}
APTInstallBase() {
options=()
options+=("curl" "" on)
options+=("wget" "" on)
options+=("lsof" "" on)
options+=("acpi" "" on)
options+=("bash-completion" "" on)
options+=("iptables" "" on)
options+=("iptables-persistent" "" on)
options+=("openssh-server" "" on)
options+=("gnupg" "" on)
options+=("rsync" "" on)
options+=("nmon" "" on)
options+=("snmpd" "" on)
options+=("clevis-net" "" off)
sel=$(whiptail --title "Basic Install" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
# shellcheck disable=SC2001
if [ "$?" = "0" ]; then
pkg=""
for itm in ${sel}; do
case ${itm} in
'"iptables-persistent"')
pkg="${pkg} $(echo "${itm}" | sed 's/"//g')"
IPTablesPostInstall;;
'"clevis-net"')
pkg="${pkg} clevis clevis-luks clevis-systemd clevis-initramfs clevis-tpm2";;
*)
pkg="${pkg} $(echo "${itm}" | sed 's/"//g')";;
esac
done
# shellcheck disable=SC2086
apt install -y ${pkg}
for itm in ${sel}; do
case ${itm} in
'"iptables-persistent"')
IPTablesConfig;;
'"snmpd"')
SNMPDConfig;;
'"clevis-net"')
ClevisNetInit;;
esac
done
fi
}
APTCleanAll() {
apt-get autoremove -y
apt-get autoclean -y
}
BashSetAlias() {
wget -O /etc/profile.d/alias.sh "${BASE_URL}"/"${DIR_URL}"/files/alias.sh
}
BashSetPS() {
wget -O /etc/profile.d/ps1.sh "${BASE_URL}"/"${DIR_URL}"/files/ps1.sh
}
BashRMbashrc() {
rm /root/.bashrc
}
NanoSetConfig() {
sed -i "/tabsize/c\set tabsize 2" /etc/nanorc
{
echo "set numbercolor brightwhite"
echo "set statuscolor brightwhite,green"
echo "set keycolor cyan"
echo "set functioncolor green"
} >> /etc/nanorc
{
echo "set titlecolor brightwhite,red"
echo "set statuscolor brightwhite,red"
} > /root/.nanorc
}
IssueSetContent() {
wget -O /etc/issue "${BASE_URL}"/"${DIR_URL}"/files/issue
}
IPTablesPostInstall() {
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
}
IPTablesConfig() {
wget -O /etc/iptables/rules.v4 "${BASE_URL}"/"${DIR_URL}"/files/rules.v4
wget -O /etc/iptables/rules.v6 "${BASE_URL}"/"${DIR_URL}"/files/rules.v6
iptables-restore /etc/iptables/rules.v4
ip6tables-restore /etc/iptables/rules.v6
}
SNMPDConfig() {
cummunityname=public
cummunityname=$(whiptail --title "SNMP Community name" --inputbox "" 0 30 "${cummunityname}" 3>&1 1>&2 2>&3)
sed -i "s/public/${cummunityname}/" /etc/snmp/snmpd.conf
sed -i "s/127.0.0.1,\[::1\]/0.0.0.0/" /etc/snmp/snmpd.conf
systemctl restart snmpd
}
ClevisNetInit() {
LUKSPARTS=$(lsblk -p -l --fs |grep LUKS |cut -d " " -f1)
options=()
IFS_ORIG=$IFS
IFS=$'\n'
for LUKSPART in ${LUKSPARTS}
do
options+=("${LUKSPART}" "")
done
IFS=$IFS_ORIG
DEV=$(whiptail --title "Select root LUKS part" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ]; then
TANGURL=$(whiptail --title "Tang Server" --inputbox "URL" 0 30 "" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ]; then
clevis luks bind -d "${DEV}" tang "{\"url\": \"${TANGURL}\"}"
systemctl enable clevis-luks-askpass.path
fi
fi
}
SSHEnableRootLogin() {
sed -i "/PermitRootLogin prohibit-password/c\PermitRootLogin yes #prohibit-password" /etc/ssh/sshd_config
systemctl restart sshd
}
GrubSetConfig() {
if [ -f "/etc/default/grub" ]; then
sed -i "/GRUB_TIMEOUT/c\GRUB_TIMEOUT=1" /etc/default/grub
update-grub
fi
}
InstApps() {
options=()
#if [[ ${ISLXC} == 0 ]]; then
# options+=("docker" "" off)
# options+=("portainer" "" off)
#fi
options+=("misc-apps" "..." off)
SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ]; then
for ITM in ${SEL}; do
case ${ITM//\"/} in
misc-apps)
InstMiscApps;;
archived-apps)
InstArchivedApps;;
*)
cd /tmp || exit
wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}";;
esac
done
fi
}
InstMiscApps() {
options=()
options+=("bind9" "" off)
options+=("iperf3" "" off)
SEL=$(whiptail --title "Misc Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ]; then
for ITM in ${SEL}; do
cd /tmp || exit
wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"
done
fi
}
Reboot() {
if whiptail --yesno "Reboot ?" 0 0 3>&1 1>&2 2>&3; then
reboot
fi
}
while [ ${#} -gt 0 ]; do
case ${1} in
--help) showHelp; exit 0;;
-b | --base-url) BASE_URL="${2}"; shift;;
*) shift;;
esac
done
Main

37
ubuntu-22.04/ubuntu-up.sh Normal file
View File

@@ -0,0 +1,37 @@
#!/bin/bash
declare -r FREEMEM=$(free |grep Mem: | awk '{print $4}')
if [ "${FREEMEM}" -lt 130000 ]; then
echo "Not enough free ram, exiting"
exit 1
fi
sed -i 's/jammy/noble/' /etc/apt/sources.list
sed -i 's/jammy/noble/' /etc/apt/sources.list.d/*
# Check other sources if needed
# Can resolve dpkg issue :
# echo "" > /var/lib/dpkg/available
# sh -c 'for i in /var/lib/apt/lists/*_Packages; do dpkg --merge-avail "$i"; done'
apt update
apt dist-upgrade -y
apt autoclean -y
apt autopurge -y
#if [ -d /sys/firmware/efi ]; then
# if [ -d /etc/pve ]; then
# apt install -y systemd-boot
# fi
#fi
echo ""
hostname
read -n 1 -s -r -p "Press any key to reboot"
reboot

10
ubuntu-24.04/apps/bind9/bind9.sh Normal file
View File

@@ -0,0 +1,10 @@
#!/bin/bash
apt install -y bind9
if [ -f "/etc/iptables/rules.v4" ]; then
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # DNS' /etc/iptables/rules.v4
iptables-restore /etc/iptables/rules.v4
fi

10
ubuntu-24.04/apps/iperf3/iperf3.sh Normal file
View File

@@ -0,0 +1,10 @@
#!/bin/bash
apt install -y iperf3
if [ -f "/etc/iptables/rules.v4" ]; then
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # IPERF' /etc/iptables/rules.v4
iptables-restore /etc/iptables/rules.v4
fi

11
ubuntu-24.04/files/alias.sh Normal file
View File

@@ -0,0 +1,11 @@
alias ls='ls --color=auto -hl --time-style long-iso'
alias l='ls --color=auto -hlA --time-style long-iso'
alias ll='ls --color=auto -hla --time-style long-iso'
alias cd..='cd ..'
alias ff='find / -name'
alias f='find . -name'
alias fif='grep -rnw . -e'
alias grep='grep --color=auto'
alias ip='ip -c'
alias vdir='vdir --color=auto'
alias watch='watch --color'

21
ubuntu-24.04/files/issue Normal file
View File

@@ -0,0 +1,21 @@
\v \r \l
.o oOOOOOOOo OOOo
Ob.OOOOOOOo OOOo. oOOo. .adOOOOOOO
OboO"""""""""""".OOo. .oOOOOOo. OOOo.oOOOOOo.."""""""""'OO
OOP.oOOOOOOOOOOO "POOOOOOOOOOOo. `"OOOOOOOOOP,OOOOOOOOOOOB'
`O'OOOO' `OOOOo"OOOOOOOOOOO` .adOOOOOOOOO"oOOO' `OOOOo
.OOOO' `OOOOOOOOOOOOOOOOOOOOOOOOOO' `OO
OOOOO '"OOOOOOOOOOOOOOOO"` oOO
oOOOOOba. .adOOOOOOOOOOba .adOOOOo.
oOOOOOOOOOOOOOba. .adOOOOOOOOOO@^OOOOOOOba. .adOOOOOOOOOOOO
OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO"` '"OOOOOOOOOOOOO.OOOOOOOOOOOOOO
"OOOO" "YOoOOOOMOIONODOO"` . '"OOROAOPOEOOOoOY" "OOO"
Y 'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?' :`
: .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO? .
. oOOP"%OOOOOOOOoOOOOOOO?oOOOOO?OOOO"OOo
'%o OOOO"%OOOO%"%OOOOO"OOOOOO"OOO':
`$" `OOOO' `O"Y ' `OOOO' o .
. . OP" : o .
:
.

5
ubuntu-24.04/files/ps1.sh Normal file
View File

@@ -0,0 +1,5 @@
clrreset='\e[0m'
clrwhite='\e[1;37m'
clrgreen='\e[1;32m'
clrred='\e[1;31m'
export PS1="\[$clrred\][$USER@$HOSTNAME]\[$clrwhite\] \w \`if [ \$? = 0 ]; then echo -e '\[$clrgreen\]'; else echo -e '\[$clrred\]'; fi\`\\$ \[$clrreset\]"

13
ubuntu-24.04/files/rules.v4 Normal file
View File

@@ -0,0 +1,13 @@
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
# Ping
-A INPUT -p icmp -j ACCEPT
# SSH
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
# SNMPD
-A INPUT -p udp -m udp --dport 161 -m state --state NEW -j ACCEPT
COMMIT

7
ubuntu-24.04/files/rules.v6 Normal file
View File

@@ -0,0 +1,7 @@
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
COMMIT

302
ubuntu-24.04/init.sh Normal file
View File

@@ -0,0 +1,302 @@
#!/bin/bash
declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
declare DIR_URL=ubuntu-24.04
declare IPV4=127.0.0.1
declare ISLXC=0
showHelp() {
echo "init.sh"
echo ""
echo "use :"
echo "bash init.sh [options]"
echo " -b | --base-url url"
}
InitConst() {
IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
grep -q -v -a lxc /proc/1/environ
ISLXC=$?
}
Main() {
InitConst
if [[ ${ISLXC} == 0 ]]; then
NetSetHostname
NetIPConfig
else
APTCleanupLXCPackage
fi
NetCleanUpSystemdResolved
APTSetProxy
APTUpdateDist
APTInstallBase
APTCleanAll
BashSetAlias
BashSetPS
BashRMbashrc
NanoSetConfig
IssueSetContent
SSHEnableRootLogin
GrubSetConfig
InstApps
Reboot
}
NetSetHostname() {
hostname=$(hostname)
hostname=$(whiptail --title "Hostname + Domain" --inputbox "" 0 30 "${hostname}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ] && [ "${hostname}" != "" ]; then
hostnamectl set-hostname "${hostname}"
fi
}
NetIPConfig() {
options=()
options+=("DHCP" "")
options+=("Static" "")
sel=$(whiptail --title "Network" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ]; then
case ${sel} in
"Static") NetIPConfigStatic;;
esac
fi
}
NetIPConfigStatic() {
netif="$(ip a | grep ens | head -n1 | cut -d: -f2)"
netif=${netif:1}
netip="${IPV4}"
netmask="255.255.255.0"
netgw="$(echo "${IPV4}" | cut -d. -f1-3).1"
netdns="$(echo "${IPV4}" | cut -d. -f1-3).1"
netip=$(whiptail --title "Network" --inputbox "IP" 0 30 "${netip}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ] && [ "${netip}" != "" ]; then
netmask=$(whiptail --title "Network" --inputbox "Mask" 0 30 "${netmask}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ] && [ "${netmask}" != "" ]; then
netgw=$(whiptail --title "Network" --inputbox "Route" 0 30 "${netgw}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ] && [ "${netgw}" != "" ]; then
netdns=$(whiptail --title "Network" --inputbox "DNS" 0 30 "${netdns}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ] && [ "${netdns}" != "" ]; then
echo "allow-hotplug ${netif}" > /etc/network/interfaces.d/${netif}
echo "iface ${netif} inet static" >> /etc/network/interfaces.d/${netif}
echo -e "\taddress ${netip}" >> /etc/network/interfaces.d/${netif}
echo -e "\tnetmask ${netmask}" >> /etc/network/interfaces.d/${netif}
echo -e "\tgateway ${netgw}" >> /etc/network/interfaces.d/${netif}
sed -i "/${netif}/d" /etc/network/interfaces
echo "nameserver ${netdns}" > /etc/resolv.conf
fi
fi
fi
fi
}
NetCleanUpSystemdResolved() {
sed -i s/#LLMNR=yes/LLMNR=no/ /etc/systemd/resolved.conf
sed -i s/#DNSStubListener=yes/DNSStubListener=no/ /etc/systemd/resolved.conf
systemctl restart systemd-resolved
}
APTSetProxy() {
proxy=""
proxy=$(whiptail --title "Proxy" --inputbox "ex : http://192.168.1.200/ or leave empty for none" 0 30 "${proxy}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ]; then
if [ "${proxy}" != "" ]; then
echo "Acquire::http { Proxy \"${proxy}\"; };" > /etc/apt/apt.conf.d/02proxy
fi
fi
}
APTCleanupLXCPackage() {
echo "Skip"
# apt remove -y bind9-host debian-faq doc-debian postfix x11-common fontconfig-config fonts-dejavu-core gdbm-l10n python-apt-common
}
APTUpdateDist() {
apt update -y
apt dist-upgrade -y
}
APTInstallBase() {
options=()
options+=("curl" "" on)
options+=("wget" "" on)
options+=("lsof" "" on)
options+=("acpi" "" on)
options+=("bash-completion" "" on)
options+=("iptables" "" on)
options+=("iptables-persistent" "" on)
options+=("openssh-server" "" on)
options+=("gnupg" "" on)
options+=("rsync" "" on)
options+=("nmon" "" on)
options+=("snmpd" "" on)
options+=("clevis-net" "" off)
sel=$(whiptail --title "Basic Install" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
# shellcheck disable=SC2001
if [ "$?" = "0" ]; then
pkg=""
for itm in ${sel}; do
case ${itm} in
'"iptables-persistent"')
pkg="${pkg} $(echo "${itm}" | sed 's/"//g')"
IPTablesPostInstall;;
'"clevis-net"')
pkg="${pkg} clevis clevis-luks clevis-systemd clevis-initramfs clevis-tpm2";;
*)
pkg="${pkg} $(echo "${itm}" | sed 's/"//g')";;
esac
done
# shellcheck disable=SC2086
apt install -y ${pkg}
for itm in ${sel}; do
case ${itm} in
'"iptables-persistent"')
IPTablesConfig;;
'"snmpd"')
SNMPDConfig;;
'"clevis-net"')
ClevisNetInit;;
esac
done
fi
}
APTCleanAll() {
apt-get autoremove -y
apt-get autoclean -y
}
BashSetAlias() {
wget -O /etc/profile.d/alias.sh "${BASE_URL}"/"${DIR_URL}"/files/alias.sh
}
BashSetPS() {
wget -O /etc/profile.d/ps1.sh "${BASE_URL}"/"${DIR_URL}"/files/ps1.sh
}
BashRMbashrc() {
rm /root/.bashrc
}
NanoSetConfig() {
sed -i "/tabsize/c\set tabsize 2" /etc/nanorc
{
echo "set numbercolor brightwhite"
echo "set statuscolor brightwhite,green"
echo "set keycolor cyan"
echo "set functioncolor green"
} >> /etc/nanorc
{
echo "set titlecolor brightwhite,red"
echo "set statuscolor brightwhite,red"
} > /root/.nanorc
}
IssueSetContent() {
wget -O /etc/issue "${BASE_URL}"/"${DIR_URL}"/files/issue
}
IPTablesPostInstall() {
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
}
IPTablesConfig() {
wget -O /etc/iptables/rules.v4 "${BASE_URL}"/"${DIR_URL}"/files/rules.v4
wget -O /etc/iptables/rules.v6 "${BASE_URL}"/"${DIR_URL}"/files/rules.v6
iptables-restore /etc/iptables/rules.v4
ip6tables-restore /etc/iptables/rules.v6
}
SNMPDConfig() {
cummunityname=public
cummunityname=$(whiptail --title "SNMP Community name" --inputbox "" 0 30 "${cummunityname}" 3>&1 1>&2 2>&3)
sed -i "s/public/${cummunityname}/" /etc/snmp/snmpd.conf
sed -i "s/127.0.0.1,\[::1\]/0.0.0.0/" /etc/snmp/snmpd.conf
systemctl restart snmpd
}
ClevisNetInit() {
LUKSPARTS=$(lsblk -p -l --fs |grep LUKS |cut -d " " -f1)
options=()
IFS_ORIG=$IFS
IFS=$'\n'
for LUKSPART in ${LUKSPARTS}
do
options+=("${LUKSPART}" "")
done
IFS=$IFS_ORIG
DEV=$(whiptail --title "Select root LUKS part" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ]; then
TANGURL=$(whiptail --title "Tang Server" --inputbox "URL" 0 30 "" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ]; then
clevis luks bind -d "${DEV}" tang "{\"url\": \"${TANGURL}\"}"
systemctl enable clevis-luks-askpass.path
fi
fi
}
SSHEnableRootLogin() {
sed -i "/PermitRootLogin prohibit-password/c\PermitRootLogin yes #prohibit-password" /etc/ssh/sshd_config
systemctl restart sshd
}
GrubSetConfig() {
if [ -f "/etc/default/grub" ]; then
sed -i "/GRUB_TIMEOUT/c\GRUB_TIMEOUT=1" /etc/default/grub
update-grub
fi
}
InstApps() {
options=()
#if [[ ${ISLXC} == 0 ]]; then
# options+=("docker" "" off)
# options+=("portainer" "" off)
#fi
options+=("misc-apps" "..." off)
SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ]; then
for ITM in ${SEL}; do
case ${ITM//\"/} in
misc-apps)
InstMiscApps;;
archived-apps)
InstArchivedApps;;
*)
cd /tmp || exit
wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}";;
esac
done
fi
}
InstMiscApps() {
options=()
options+=("bind9" "" off)
options+=("iperf3" "" off)
SEL=$(whiptail --title "Misc Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ]; then
for ITM in ${SEL}; do
cd /tmp || exit
wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"
done
fi
}
Reboot() {
if whiptail --yesno "Reboot ?" 0 0 3>&1 1>&2 2>&3; then
reboot
fi
}
while [ ${#} -gt 0 ]; do
case ${1} in
--help) showHelp; exit 0;;
-b | --base-url) BASE_URL="${2}"; shift;;
*) shift;;
esac
done
Main

37
ubuntu-24.04/ubuntu-up.sh Normal file
View File

@@ -0,0 +1,37 @@
#!/bin/bash
declare -r FREEMEM=$(free |grep Mem: | awk '{print $4}')
if [ "${FREEMEM}" -lt 130000 ]; then
echo "Not enough free ram, exiting"
exit 1
fi
sed -i 's/noble/resolute/' /etc/apt/sources.list
sed -i 's/noble/resolute/' /etc/apt/sources.list.d/*
# Check other sources if needed
# Can resolve dpkg issue :
# echo "" > /var/lib/dpkg/available
# sh -c 'for i in /var/lib/apt/lists/*_Packages; do dpkg --merge-avail "$i"; done'
apt update
apt dist-upgrade -y
apt autoclean -y
apt autopurge -y
#if [ -d /sys/firmware/efi ]; then
# if [ -d /etc/pve ]; then
# apt install -y systemd-boot
# fi
#fi
echo ""
hostname
read -n 1 -s -r -p "Press any key to reboot"
reboot

10
ubuntu-26.04/apps/bind9/bind9.sh Normal file
View File

@@ -0,0 +1,10 @@
#!/bin/bash
apt install -y bind9
if [ -f "/etc/iptables/rules.v4" ]; then
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # DNS' /etc/iptables/rules.v4
iptables-restore /etc/iptables/rules.v4
fi

10
ubuntu-26.04/apps/iperf3/iperf3.sh Normal file
View File

@@ -0,0 +1,10 @@
#!/bin/bash
apt install -y iperf3
if [ -f "/etc/iptables/rules.v4" ]; then
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # IPERF' /etc/iptables/rules.v4
iptables-restore /etc/iptables/rules.v4
fi

11
ubuntu-26.04/files/alias.sh Normal file
View File

@@ -0,0 +1,11 @@
alias ls='ls --color=auto -hl --time-style long-iso'
alias l='ls --color=auto -hlA --time-style long-iso'
alias ll='ls --color=auto -hla --time-style long-iso'
alias cd..='cd ..'
alias ff='find / -name'
alias f='find . -name'
alias fif='grep -rnw . -e'
alias grep='grep --color=auto'
alias ip='ip -c'
alias vdir='vdir --color=auto'
alias watch='watch --color'

21
ubuntu-26.04/files/issue Normal file
View File

@@ -0,0 +1,21 @@
\v \r \l
.o oOOOOOOOo OOOo
Ob.OOOOOOOo OOOo. oOOo. .adOOOOOOO
OboO"""""""""""".OOo. .oOOOOOo. OOOo.oOOOOOo.."""""""""'OO
OOP.oOOOOOOOOOOO "POOOOOOOOOOOo. `"OOOOOOOOOP,OOOOOOOOOOOB'
`O'OOOO' `OOOOo"OOOOOOOOOOO` .adOOOOOOOOO"oOOO' `OOOOo
.OOOO' `OOOOOOOOOOOOOOOOOOOOOOOOOO' `OO
OOOOO '"OOOOOOOOOOOOOOOO"` oOO
oOOOOOba. .adOOOOOOOOOOba .adOOOOo.
oOOOOOOOOOOOOOba. .adOOOOOOOOOO@^OOOOOOOba. .adOOOOOOOOOOOO
OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO"` '"OOOOOOOOOOOOO.OOOOOOOOOOOOOO
"OOOO" "YOoOOOOMOIONODOO"` . '"OOROAOPOEOOOoOY" "OOO"
Y 'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?' :`
: .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO? .
. oOOP"%OOOOOOOOoOOOOOOO?oOOOOO?OOOO"OOo
'%o OOOO"%OOOO%"%OOOOO"OOOOOO"OOO':
`$" `OOOO' `O"Y ' `OOOO' o .
. . OP" : o .
:
.

5
ubuntu-26.04/files/ps1.sh Normal file
View File

@@ -0,0 +1,5 @@
clrreset='\e[0m'
clrwhite='\e[1;37m'
clrgreen='\e[1;32m'
clrred='\e[1;31m'
export PS1="\[$clrred\][$USER@$HOSTNAME]\[$clrwhite\] \w \`if [ \$? = 0 ]; then echo -e '\[$clrgreen\]'; else echo -e '\[$clrred\]'; fi\`\\$ \[$clrreset\]"

13
ubuntu-26.04/files/rules.v4 Normal file
View File

@@ -0,0 +1,13 @@
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
# Ping
-A INPUT -p icmp -j ACCEPT
# SSH
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
# SNMPD
-A INPUT -p udp -m udp --dport 161 -m state --state NEW -j ACCEPT
COMMIT

7
ubuntu-26.04/files/rules.v6 Normal file
View File

@@ -0,0 +1,7 @@
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
COMMIT

302
ubuntu-26.04/init.sh Normal file
View File

@@ -0,0 +1,302 @@
#!/bin/bash
declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
declare DIR_URL=ubuntu-26.04
declare IPV4=127.0.0.1
declare ISLXC=0
showHelp() {
echo "init.sh"
echo ""
echo "use :"
echo "bash init.sh [options]"
echo " -b | --base-url url"
}
InitConst() {
IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
grep -q -v -a lxc /proc/1/environ
ISLXC=$?
}
Main() {
InitConst
if [[ ${ISLXC} == 0 ]]; then
NetSetHostname
NetIPConfig
else
APTCleanupLXCPackage
fi
NetCleanUpSystemdResolved
APTSetProxy
APTUpdateDist
APTInstallBase
APTCleanAll
BashSetAlias
BashSetPS
BashRMbashrc
NanoSetConfig
IssueSetContent
SSHEnableRootLogin
GrubSetConfig
InstApps
Reboot
}
NetSetHostname() {
hostname=$(hostname)
hostname=$(whiptail --title "Hostname + Domain" --inputbox "" 0 30 "${hostname}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ] && [ "${hostname}" != "" ]; then
hostnamectl set-hostname "${hostname}"
fi
}
NetIPConfig() {
options=()
options+=("DHCP" "")
options+=("Static" "")
sel=$(whiptail --title "Network" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ]; then
case ${sel} in
"Static") NetIPConfigStatic;;
esac
fi
}
NetIPConfigStatic() {
netif="$(ip a | grep ens | head -n1 | cut -d: -f2)"
netif=${netif:1}
netip="${IPV4}"
netmask="255.255.255.0"
netgw="$(echo "${IPV4}" | cut -d. -f1-3).1"
netdns="$(echo "${IPV4}" | cut -d. -f1-3).1"
netip=$(whiptail --title "Network" --inputbox "IP" 0 30 "${netip}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ] && [ "${netip}" != "" ]; then
netmask=$(whiptail --title "Network" --inputbox "Mask" 0 30 "${netmask}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ] && [ "${netmask}" != "" ]; then
netgw=$(whiptail --title "Network" --inputbox "Route" 0 30 "${netgw}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ] && [ "${netgw}" != "" ]; then
netdns=$(whiptail --title "Network" --inputbox "DNS" 0 30 "${netdns}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ] && [ "${netdns}" != "" ]; then
echo "allow-hotplug ${netif}" > /etc/network/interfaces.d/${netif}
echo "iface ${netif} inet static" >> /etc/network/interfaces.d/${netif}
echo -e "\taddress ${netip}" >> /etc/network/interfaces.d/${netif}
echo -e "\tnetmask ${netmask}" >> /etc/network/interfaces.d/${netif}
echo -e "\tgateway ${netgw}" >> /etc/network/interfaces.d/${netif}
sed -i "/${netif}/d" /etc/network/interfaces
echo "nameserver ${netdns}" > /etc/resolv.conf
fi
fi
fi
fi
}
NetCleanUpSystemdResolved() {
sed -i s/#LLMNR=yes/LLMNR=no/ /etc/systemd/resolved.conf
sed -i s/#DNSStubListener=yes/DNSStubListener=no/ /etc/systemd/resolved.conf
systemctl restart systemd-resolved
}
APTSetProxy() {
proxy=""
proxy=$(whiptail --title "Proxy" --inputbox "ex : http://192.168.1.200/ or leave empty for none" 0 30 "${proxy}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ]; then
if [ "${proxy}" != "" ]; then
echo "Acquire::http { Proxy \"${proxy}\"; };" > /etc/apt/apt.conf.d/02proxy
fi
fi
}
APTCleanupLXCPackage() {
echo "Skip"
# apt remove -y bind9-host debian-faq doc-debian postfix x11-common fontconfig-config fonts-dejavu-core gdbm-l10n python-apt-common
}
APTUpdateDist() {
apt update -y
apt dist-upgrade -y
}
APTInstallBase() {
options=()
options+=("curl" "" on)
options+=("wget" "" on)
options+=("lsof" "" on)
options+=("acpi" "" on)
options+=("bash-completion" "" on)
options+=("iptables" "" on)
options+=("iptables-persistent" "" on)
options+=("openssh-server" "" on)
options+=("gnupg" "" on)
options+=("rsync" "" on)
options+=("nmon" "" on)
options+=("snmpd" "" on)
options+=("clevis-net" "" off)
sel=$(whiptail --title "Basic Install" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
# shellcheck disable=SC2001
if [ "$?" = "0" ]; then
pkg=""
for itm in ${sel}; do
case ${itm} in
'"iptables-persistent"')
pkg="${pkg} $(echo "${itm}" | sed 's/"//g')"
IPTablesPostInstall;;
'"clevis-net"')
pkg="${pkg} clevis clevis-luks clevis-systemd clevis-initramfs clevis-tpm2";;
*)
pkg="${pkg} $(echo "${itm}" | sed 's/"//g')";;
esac
done
# shellcheck disable=SC2086
apt install -y ${pkg}
for itm in ${sel}; do
case ${itm} in
'"iptables-persistent"')
IPTablesConfig;;
'"snmpd"')
SNMPDConfig;;
'"clevis-net"')
ClevisNetInit;;
esac
done
fi
}
APTCleanAll() {
apt-get autoremove -y
apt-get autoclean -y
}
BashSetAlias() {
wget -O /etc/profile.d/alias.sh "${BASE_URL}"/"${DIR_URL}"/files/alias.sh
}
BashSetPS() {
wget -O /etc/profile.d/ps1.sh "${BASE_URL}"/"${DIR_URL}"/files/ps1.sh
}
BashRMbashrc() {
rm /root/.bashrc
}
NanoSetConfig() {
sed -i "/tabsize/c\set tabsize 2" /etc/nanorc
{
echo "set numbercolor brightwhite"
echo "set statuscolor brightwhite,green"
echo "set keycolor cyan"
echo "set functioncolor green"
} >> /etc/nanorc
{
echo "set titlecolor brightwhite,red"
echo "set statuscolor brightwhite,red"
} > /root/.nanorc
}
IssueSetContent() {
wget -O /etc/issue "${BASE_URL}"/"${DIR_URL}"/files/issue
}
IPTablesPostInstall() {
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
}
IPTablesConfig() {
wget -O /etc/iptables/rules.v4 "${BASE_URL}"/"${DIR_URL}"/files/rules.v4
wget -O /etc/iptables/rules.v6 "${BASE_URL}"/"${DIR_URL}"/files/rules.v6
iptables-restore /etc/iptables/rules.v4
ip6tables-restore /etc/iptables/rules.v6
}
SNMPDConfig() {
cummunityname=public
cummunityname=$(whiptail --title "SNMP Community name" --inputbox "" 0 30 "${cummunityname}" 3>&1 1>&2 2>&3)
sed -i "s/public/${cummunityname}/" /etc/snmp/snmpd.conf
sed -i "s/127.0.0.1,\[::1\]/0.0.0.0/" /etc/snmp/snmpd.conf
systemctl restart snmpd
}
ClevisNetInit() {
LUKSPARTS=$(lsblk -p -l --fs |grep LUKS |cut -d " " -f1)
options=()
IFS_ORIG=$IFS
IFS=$'\n'
for LUKSPART in ${LUKSPARTS}
do
options+=("${LUKSPART}" "")
done
IFS=$IFS_ORIG
DEV=$(whiptail --title "Select root LUKS part" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ]; then
TANGURL=$(whiptail --title "Tang Server" --inputbox "URL" 0 30 "" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ]; then
clevis luks bind -d "${DEV}" tang "{\"url\": \"${TANGURL}\"}"
systemctl enable clevis-luks-askpass.path
fi
fi
}
SSHEnableRootLogin() {
sed -i "/PermitRootLogin prohibit-password/c\PermitRootLogin yes #prohibit-password" /etc/ssh/sshd_config
systemctl restart sshd
}
GrubSetConfig() {
if [ -f "/etc/default/grub" ]; then
sed -i "/GRUB_TIMEOUT/c\GRUB_TIMEOUT=1" /etc/default/grub
update-grub
fi
}
InstApps() {
options=()
#if [[ ${ISLXC} == 0 ]]; then
# options+=("docker" "" off)
# options+=("portainer" "" off)
#fi
options+=("misc-apps" "..." off)
SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ]; then
for ITM in ${SEL}; do
case ${ITM//\"/} in
misc-apps)
InstMiscApps;;
archived-apps)
InstArchivedApps;;
*)
cd /tmp || exit
wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}";;
esac
done
fi
}
InstMiscApps() {
options=()
options+=("bind9" "" off)
options+=("iperf3" "" off)
SEL=$(whiptail --title "Misc Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ]; then
for ITM in ${SEL}; do
cd /tmp || exit
wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"
done
fi
}
Reboot() {
if whiptail --yesno "Reboot ?" 0 0 3>&1 1>&2 2>&3; then
reboot
fi
}
while [ ${#} -gt 0 ]; do
case ${1} in
--help) showHelp; exit 0;;
-b | --base-url) BASE_URL="${2}"; shift;;
*) shift;;
esac
done
Main

18
ubuntu-up.sh Normal file
View File

@@ -0,0 +1,18 @@
#!/bin/bash
declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
declare UBUNTUVER=0
getVer() {
UBUNTUVER=$(grep "VERSION_ID=" /etc/os-release | sed 's/"//g' | sed 's/.*=//')
}
run() {
apt update -y
apt install -y wget
wget -P /tmp ${BASE_URL}/ubuntu-${UBUNTUVER}/ubuntu-up.sh
bash /tmp/ubuntu-up.sh
}
getVer
run