#!/bin/bash declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main declare DIR_URL=debian-12 IPV4=127.0.0.1 ISLXC=0 ISPVE=0 ISPMG=0 showHelp() { echo "init.sh" echo "" echo "usage :" echo "bash init.sh [options]" echo " -b | --base-url url" } InitConst() { IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /) grep -q -v -a lxc /proc/1/environ ISLXC=$? if [[ -d "/etc/pve" ]]; then ISPVE=1 fi if [[ -d "/etc/pmg" ]]; then ISPMG=1 fi } Main() { InitConst if [[ ${ISLXC} == 0 ]]; then if [[ ${ISPVE} == 0 ]]; then NetSetHostname NetIPConfig fi else if [[ ${ISPMG} == 0 ]]; then APTCleanupLXCPackage fi fi if [[ ${ISPVE} == 0 ]]; then NetCleanUpSystemdResolved fi APTSetProxy APTUpdateDist APTInstallBase APTCleanAll BashSetAlias BashSetPS NanoSetConfig if [[ ${ISPVE} == 0 ]]; then IssueSetContent fi SSHEnableRootLogin GrubSetConfig if [[ ${ISPVE} == 0 ]]; then InstApps fi Reboot } NetSetHostname() { hostname=$(hostname) hostname=$(whiptail --title "Hostname + Domain" --inputbox "" 0 30 "${hostname}" 3>&1 1>&2 2>&3) # shellcheck disable=SC2181 if [ "$?" = "0" ] && [ "${hostname}" != "" ]; then hostnamectl set-hostname "${hostname}" fi } NetIPConfig() { options=() options+=("DHCP" "") options+=("Static" "") sel=$(whiptail --title "Network" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3) # shellcheck disable=SC2181 if [ "$?" = "0" ]; then case ${sel} in "Static") NetIPConfigStatic;; esac fi } NetIPConfigStatic() { netif="$(ip a | grep ens | head -n1 | cut -d: -f2)" netif=${netif:1} netip="${IPV4}" netmask="255.255.255.0" netgw="$(echo "${IPV4}" | cut -d. -f1-3).1" netdns="$(echo "${IPV4}" | cut -d. -f1-3).1" netip=$(whiptail --title "Network" --inputbox "IP" 0 30 "${netip}" 3>&1 1>&2 2>&3) # shellcheck disable=SC2181 if [ "$?" = "0" ] && [ "${netip}" != "" ]; then netmask=$(whiptail --title "Network" --inputbox "Mask" 0 30 "${netmask}" 3>&1 1>&2 2>&3) if [ "$?" = "0" ] && [ "${netmask}" != "" ]; then netgw=$(whiptail --title "Network" --inputbox "Route" 0 30 "${netgw}" 3>&1 1>&2 2>&3) if [ "$?" = "0" ] && [ "${netgw}" != "" ]; then netdns=$(whiptail --title "Network" --inputbox "DNS" 0 30 "${netdns}" 3>&1 1>&2 2>&3) if [ "$?" = "0" ] && [ "${netdns}" != "" ]; then echo "allow-hotplug ${netif}" > /etc/network/interfaces.d/"${netif}" echo "iface ${netif} inet static" >> /etc/network/interfaces.d/"${netif}" echo -e "\taddress ${netip}" >> /etc/network/interfaces.d/"${netif}" echo -e "\tnetmask ${netmask}" >> /etc/network/interfaces.d/"${netif}" echo -e "\tgateway ${netgw}" >> /etc/network/interfaces.d/"${netif}" sed -i "/${netif}/d" /etc/network/interfaces echo "nameserver ${netdns}" > /etc/resolv.conf fi fi fi fi } NetCleanUpSystemdResolved() { sed -i s/#LLMNR=yes/LLMNR=no/ /etc/systemd/resolved.conf sed -i s/#DNSStubListener=yes/DNSStubListener=no/ /etc/systemd/resolved.conf systemctl restart systemd-resolved } APTSetProxy() { proxy="" proxy=$(whiptail --title "Proxy" --inputbox "ex : http://192.168.1.200/ or leave empty for none" 0 30 "${proxy}" 3>&1 1>&2 2>&3) # shellcheck disable=SC2181 if [ "$?" = "0" ]; then if [ "${proxy}" != "" ]; then echo "Acquire::http { Proxy \"${proxy}\"; };" > /etc/apt/apt.conf.d/02proxy fi fi } APTCleanupLXCPackage() { apt remove -y bind9-host debian-faq doc-debian postfix x11-common fontconfig-config fonts-dejavu-core gdbm-l10n python-apt-common } APTUpdateDist() { apt update -y apt dist-upgrade -y } APTInstallBase() { options=() options+=("curl" "" on) options+=("wget" "" on) options+=("lsof" "" on) options+=("acpi" "" on) options+=("bash-completion" "" on) if [[ ${ISPVE} == 0 ]]; then options+=("iptables" "" on) options+=("iptables-persistent" "" on) else options+=("iptables" "" off) options+=("iptables-persistent" "" off) fi options+=("openssh-server" "" on) options+=("gnupg" "" on) options+=("rsync" "" on) options+=("nmon" "" on) options+=("snmpd" "" on) options+=("clevis-net" "" off) sel=$(whiptail --title "Basic Install" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3) # shellcheck disable=SC2181 if [ "$?" = "0" ]; then pkg="" for itm in ${sel}; do # shellcheck disable=SC2001 case ${itm} in '"iptables-persistent"') pkg="${pkg} $(echo "${itm}" | sed 's/"//g')" IPTablesPostInstall;; '"clevis-net"') pkg="${pkg} clevis clevis-luks clevis-systemd clevis-initramfs clevis-tpm2";; *) pkg="${pkg} $(echo "${itm}" | sed 's/"//g')";; esac done # shellcheck disable=SC2086 apt install -y ${pkg} for itm in ${sel}; do case ${itm} in '"iptables-persistent"') IPTablesConfig;; '"snmpd"') SNMPDConfig;; '"clevis-net"') ClevisNetInit;; esac done fi } APTCleanAll() { apt-get autoremove -y apt-get autoclean -y } BashSetAlias() { wget -O /etc/profile.d/alias.sh "${BASE_URL}"/"${DIR_URL}"/files/alias.sh } BashSetPS() { wget -O /etc/profile.d/ps1.sh "${BASE_URL}"/"${DIR_URL}"/files/ps1.sh } NanoSetConfig() { sed -i "/tabsize/c\set tabsize 2" /etc/nanorc { echo "set numbercolor brightwhite" echo "set statuscolor brightwhite,green" echo "set keycolor cyan" echo "set functioncolor green" } >> /etc/nanorc { echo "set titlecolor brightwhite,red" echo "set statuscolor brightwhite,red" } > /root/.nanorc } IssueSetContent() { wget -O /etc/issue "${BASE_URL}"/"${DIR_URL}"/files/issue } IPTablesPostInstall() { echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections } IPTablesConfig() { wget -O /etc/iptables/rules.v4 "${BASE_URL}"/"${DIR_URL}"/files/rules.v4 wget -O /etc/iptables/rules.v6 "${BASE_URL}"/"${DIR_URL}"/files/rules.v6 iptables-restore /etc/iptables/rules.v4 ip6tables-restore /etc/iptables/rules.v6 } SNMPDConfig() { cummunityname=public cummunityname=$(whiptail --title "SNMP Community name" --inputbox "" 0 30 "${cummunityname}" 3>&1 1>&2 2>&3) sed -i "s/public/${cummunityname}/" /etc/snmp/snmpd.conf sed -i "s/127.0.0.1,\[::1\]/0.0.0.0/" /etc/snmp/snmpd.conf systemctl restart snmpd } ClevisNetInit() { LUKSPARTS=$(lsblk -p -l --fs |grep LUKS |cut -d " " -f1) options=() IFS_ORIG=$IFS IFS=$'\n' for LUKSPART in ${LUKSPARTS} do options+=("${LUKSPART}" "") done IFS=$IFS_ORIG DEV=$(whiptail --title "Select root LUKS part" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3) if [ "$?" = "0" ]; then TANGURL=$(whiptail --title "Tang Server" --inputbox "URL" 0 30 "" 3>&1 1>&2 2>&3) if [ "$?" = "0" ]; then clevis luks bind -d ${DEV} tang "{\"url\": \"${TANGURL}\"}" systemctl enable clevis-luks-askpass.path fi fi } SSHEnableRootLogin() { sed -i "/PermitRootLogin prohibit-password/c\PermitRootLogin yes #prohibit-password" /etc/ssh/sshd_config systemctl restart sshd } GrubSetConfig() { if [ -f "/etc/default/grub" ]; then sed -i "/GRUB_TIMEOUT/c\GRUB_TIMEOUT=1" /etc/default/grub update-grub fi } InstApps() { options=() options+=("nodejs-20" "" off) options+=("nodejs-19" "" off) options+=("nodejs-18" "" off) #options+=("mongodb-6.0" "" off) options+=("traefik" "" off) options+=("apt-cacher-ng" "" off) options+=("matomo" "! (Not Work)" off) options+=("nextcloud-26" "" off) # options+=("proxmox-8" "" off) options+=("docker" "" off) if [[ ${ISLXC} == 0 ]]; then options+=("portainer" "" off) fi options+=("misc-apps" "..." off) options+=("archived-apps" "..." off) SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3) # shellcheck disable=SC2181 if [ "$?" = "0" ]; then for ITM in ${SEL}; do case ${ITM//\"/} in misc-apps) InstMiscApps;; archived-apps) InstArchivedApps;; *) cd /tmp || exit wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}";; esac done fi } InstMiscApps() { options=() options+=("bind9" "" off) options+=("iperf3" "" off) options+=("webmin" "" off) options+=("tang" "" off) options+=("rinetd" "! (Not Work)" off) options+=("tor-gw" "" off) options+=("zm-builder" "" off) options+=("nextcloud-latest" "unsafe" off) SEL=$(whiptail --title "Misc Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3) # shellcheck disable=SC2181 if [ "$?" = "0" ]; then for ITM in ${SEL}; do cd /tmp || exit wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}" done fi } InstArchivedApps() { options=() #options+=("mongodb-5.0" "" off) #options+=("mongodb-4.4" "" off) options+=("nodejs-16" "" off) options+=("nodejs-14" "" off) SEL=$(whiptail --title "Archived Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3) # shellcheck disable=SC2181 if [ "$?" = "0" ]; then for ITM in ${SEL}; do cd /tmp || exit wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}" done fi } Reboot() { if whiptail --yesno "Reboot ?" 0 0 3>&1 1>&2 2>&3; then reboot fi } Main