167 lines
4.0 KiB
Bash
167 lines
4.0 KiB
Bash
#!/bin/dash
|
|
|
|
BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
|
|
|
|
showHelp() {
|
|
echo "alpine.sh"
|
|
echo ""
|
|
echo "use :"
|
|
echo "sh alpine.sh [options]"
|
|
}
|
|
|
|
main() {
|
|
APKUpdateDist
|
|
APKInstallBase
|
|
Customizations
|
|
InstApps
|
|
Reboot
|
|
}
|
|
|
|
APKUpdateDist() {
|
|
apk update
|
|
apk upgrade
|
|
}
|
|
APKInstallBase() {
|
|
apk add newt
|
|
SEL=$(whiptail --title "Base Apps" --checklist "" 0 0 0 \
|
|
"curl" "" on \
|
|
"lsof" "" on \
|
|
"bash-completion" "" on \
|
|
"iptables" "" on \
|
|
"ip6tables" "" on \
|
|
"openssh-server" "" on \
|
|
"gnupg" "" on \
|
|
"rsync" "" on \
|
|
"net-snmp" "" on \
|
|
"nano" "" on 3>&1 1>&2 2>&3)
|
|
# shellcheck disable=SC2181
|
|
if [ "${?}" = "0" ]; then
|
|
for ITM in ${SEL}; do
|
|
# shellcheck disable=SC3000-SC4000
|
|
apk add "${ITM//\"/}"
|
|
# shellcheck disable=SC3000-SC4000
|
|
case ${ITM//\"/} in
|
|
"openssh-server")
|
|
SSHEnableRootLogin
|
|
rc-update add sshd
|
|
service sshd start
|
|
;;
|
|
"iptables") IPTablesInstall;;
|
|
"ip6tables") IP6TablesInstall;;
|
|
"net-snmp") SNMPDInstall;;
|
|
"nano") NanoSetConfig;;
|
|
esac
|
|
done
|
|
fi
|
|
}
|
|
IPTablesInstall() {
|
|
wget -O /etc/iptables/rules-save "${BASE_URL}"/alpine/files/rules-save
|
|
iptables-restore /etc/iptables/rules-save
|
|
rc-update add iptables
|
|
}
|
|
IP6TablesInstall() {
|
|
wget -O /etc/iptables/rules6-save "${BASE_URL}"/alpine/files/rules6-save
|
|
ip6tables-restore /etc/iptables/rules6-save
|
|
rc-update add ip6tables
|
|
}
|
|
SSHEnableRootLogin() {
|
|
sed -i "/PermitRootLogin prohibit-password/c\PermitRootLogin yes #prohibit-password" /etc/ssh/sshd_config
|
|
service sshd restart
|
|
|
|
if [ -f "/etc/iptables/rules-save" ]; then
|
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT' /etc/iptables/rules-save
|
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # SSH' /etc/iptables/rules-save
|
|
iptables-restore /etc/iptables/rules-save
|
|
fi
|
|
}
|
|
SNMPDInstall() {
|
|
cummunityname=public
|
|
cummunityname=$(whiptail --title "SNMP Community name" --inputbox "" 0 30 "${cummunityname}" 3>&1 1>&2 2>&3)
|
|
sed -i "s/public/${cummunityname}/" /etc/snmp/snmpd.conf
|
|
sed -i "s/127.0.0.1/0.0.0.0/" /etc/snmp/snmpd.conf
|
|
service snmpd restart
|
|
rc-update add snmpd default
|
|
|
|
if [ -f "/etc/iptables/rules-save" ]; then
|
|
sed -i '/^-A INPUT -p icmp -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 161 -m state --state NEW -j ACCEPT' /etc/iptables/rules-save
|
|
sed -i '/^-A INPUT -p icmp -j ACCEPT.*/a # SNMP' /etc/iptables/rules-save
|
|
iptables-restore /etc/iptables/rules-save
|
|
fi
|
|
|
|
}
|
|
NanoSetConfig() {
|
|
sed -i "/tabsize/c\set tabsize 2" /etc/nanorc
|
|
{
|
|
echo "set numbercolor brightwhite"
|
|
echo "set statuscolor brightwhite,green"
|
|
echo "set keycolor cyan"
|
|
echo "set functioncolor green"
|
|
} >> /etc/nanorc
|
|
{
|
|
echo "set titlecolor brightwhite,red"
|
|
echo "set statuscolor brightwhite,red"
|
|
} > /root/.nanorc
|
|
}
|
|
|
|
Customizations() {
|
|
SEL=$(whiptail --title "Additions" --checklist "" 0 0 0 \
|
|
"alias" "" on \
|
|
"ps1" "" on \
|
|
"issue" "" on 3>&1 1>&2 2>&3)
|
|
# shellcheck disable=SC2181
|
|
if [ "${?}" = "0" ]; then
|
|
for ITM in ${SEL}; do
|
|
# shellcheck disable=SC3000-SC4000
|
|
case ${ITM//\"/} in
|
|
"alias") ProfileSetAlias;;
|
|
"ps1") ProfileSetPS;;
|
|
"issue") IssueSetContent;;
|
|
esac
|
|
done
|
|
fi
|
|
}
|
|
ProfileSetAlias() {
|
|
wget -O /etc/profile.d/alias.sh "${BASE_URL}"/alpine/files/alias.sh
|
|
}
|
|
ProfileSetPS() {
|
|
wget -O /etc/profile.d/ps1.sh "${BASE_URL}"/alpine/files/ps1.sh
|
|
}
|
|
IssueSetContent() {
|
|
wget -O /etc/issue "${BASE_URL}"/alpine/files/issue
|
|
}
|
|
|
|
InstApps() {
|
|
SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 \
|
|
"traefik" "" off \
|
|
"gitea" "" off \
|
|
"docker" "" off \
|
|
"portainer" "" off \
|
|
"rancher" "" off 3>&1 1>&2 2>&3)
|
|
# shellcheck disable=SC2181
|
|
if [ "${?}" = "0" ]; then
|
|
for ITM in ${SEL}; do
|
|
cd /tmp || exit
|
|
# shellcheck disable=SC3000-SC4000
|
|
wget "${BASE_URL}"/alpine/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
|
|
# shellcheck disable=SC3000-SC4000
|
|
sh ./"${ITM//\"/}".sh "${BASE_URL}"
|
|
done
|
|
fi
|
|
}
|
|
|
|
Reboot() {
|
|
if whiptail --yesno "Reboot ?" 0 0 3>&1 1>&2 2>&3; then
|
|
reboot
|
|
fi
|
|
}
|
|
|
|
while [ ${#} -gt 0 ]; do
|
|
case ${1} in
|
|
--help) showHelp; exit 0;;
|
|
-b | --base-url) BASE_URL="${2}"; shift;;
|
|
*) shift;;
|
|
esac
|
|
done
|
|
|
|
main
|