#!/bin/dash BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main showHelp() { echo "alpine.sh" echo "" echo "use :" echo "sh alpine.sh [options]" } main() { APKUpdateDist APKInstallBase Customizations InstApps Reboot } APKUpdateDist() { apk update apk upgrade } APKInstallBase() { apk add newt SEL=$(whiptail --title "Base Apps" --checklist "" 0 0 0 "curl" "" on "lsof" "" on "bash-completion" "" on "iptables" "" on "ip6tables" "" on "openssh-server" "" on "gnupg" "" on "rsync" "" on "net-snmp" "" on "nano" "" on 3>&1 1>&2 2>&3) # shellcheck disable=SC2181 if [ "${?}" = "0" ]; then for ITM in ${SEL}; do # shellcheck disable=SC3000-SC4000 apk add "${ITM//\"/}" # shellcheck disable=SC3000-SC4000 case ${ITM//\"/} in "openssh-server") SSHEnableRootLogin rc-update add sshd service sshd start ;; "iptables") IPTablesInstall;; "ip6tables") IP6TablesInstall;; "net-snmp") SNMPDInstall;; "nano") NanoSetConfig;; esac done fi } IPTablesInstall() { wget -O /etc/iptables/rules-save "${BASE_URL}"/alpine/files/rules-save iptables-restore /etc/iptables/rules-save rc-update add iptables } IP6TablesInstall() { wget -O /etc/iptables/rules6-save "${BASE_URL}"/alpine/files/rules6-save ip6tables-restore /etc/iptables/rules6-save rc-update add ip6tables } SSHEnableRootLogin() { sed -i "/PermitRootLogin prohibit-password/c\PermitRootLogin yes #prohibit-password" /etc/ssh/sshd_config service sshd restart if [ -f "/etc/iptables/rules-save" ]; then sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT' /etc/iptables/rules-save sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # SSH' /etc/iptables/rules-save iptables-restore /etc/iptables/rules-save fi } SNMPDInstall() { cummunityname=public cummunityname=$(whiptail --title "SNMP Community name" --inputbox "" 0 30 "${cummunityname}" 3>&1 1>&2 2>&3) sed -i "s/public/${cummunityname}/" /etc/snmp/snmpd.conf sed -i "s/127.0.0.1/0.0.0.0/" /etc/snmp/snmpd.conf service snmpd restart rc-update add snmpd default if [ -f "/etc/iptables/rules-save" ]; then sed -i '/^-A INPUT -p icmp -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 161 -m state --state NEW -j ACCEPT' /etc/iptables/rules-save sed -i '/^-A INPUT -p icmp -j ACCEPT.*/a # SNMP' /etc/iptables/rules-save iptables-restore /etc/iptables/rules-save fi } NanoSetConfig() { sed -i "/tabsize/c\set tabsize 2" /etc/nanorc { echo "set numbercolor brightwhite" echo "set statuscolor brightwhite,green" echo "set keycolor cyan" echo "set functioncolor green" } >> /etc/nanorc { echo "set titlecolor brightwhite,red" echo "set statuscolor brightwhite,red" } > /root/.nanorc } Customizations() { SEL=$(whiptail --title "Additions" --checklist "" 0 0 0 "alias" "" on "ps1" "" on "issue" "" on 3>&1 1>&2 2>&3) # shellcheck disable=SC2181 if [ "${?}" = "0" ]; then for ITM in ${SEL}; do # shellcheck disable=SC3000-SC4000 case ${ITM//\"/} in "alias") ProfileSetAlias;; "ps1") ProfileSetPS;; "issue") IssueSetContent;; esac done fi } ProfileSetAlias() { wget -O /etc/profile.d/alias.sh "${BASE_URL}"/alpine/files/alias.sh } ProfileSetPS() { wget -O /etc/profile.d/ps1.sh "${BASE_URL}"/alpine/files/ps1.sh } IssueSetContent() { wget -O /etc/issue "${BASE_URL}"/alpine/files/issue } InstApps() { SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 "traefik" "" off "gitea" "" off "docker" "" off "portainer" "" off "rancher" "" off 3>&1 1>&2 2>&3) # shellcheck disable=SC2181 if [ "${?}" = "0" ]; then for ITM in ${SEL}; do cd /tmp || exit # shellcheck disable=SC3000-SC4000 wget "${BASE_URL}"/alpine/apps/"${ITM//\"/}"/"${ITM//\"/}".sh # shellcheck disable=SC3000-SC4000 sh ./"${ITM//\"/}".sh "${BASE_URL}" done fi } Reboot() { if whiptail --yesno "Reboot ?" 0 0 3>&1 1>&2 2>&3; then reboot fi } while [ ${#} -gt 0 ]; do case ${1} in --help) showHelp; exit 0;; -b | --base-url) BASE_URL="${2}"; shift;; *) shift;; esac done main