2
0
os-init/debian-11/init.sh
2023-11-19 23:04:42 +01:00

347 lines
9.1 KiB
Bash

#!/bin/bash
declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
declare DIR_URL=debian-11
IPV4=127.0.0.1
ISLXC=0
ISPVE=0
showHelp() {
echo "init.sh"
echo ""
echo "usage :"
echo "bash init.sh [options]"
echo " -b | --base-url url"
}
InitConst() {
IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
grep -q -v -a lxc /proc/1/environ
ISLXC=$?
if [[ -d "/etc/pve" ]]; then
ISPVE=1
fi
}
Main() {
InitConst
if [[ ${ISLXC} == 0 ]]; then
if [[ ${ISPVE} == 0 ]]; then
NetSetHostname
NetIPConfig
fi
else
APTCleanupLXCPackage
fi
if [[ ${ISPVE} == 0 ]]; then
NetCleanUpSystemdResolved
fi
APTSetProxy
APTUpdateDist
APTInstallBase
APTCleanAll
BashSetAlias
BashSetPS
NanoSetConfig
if [[ ${ISPVE} == 0 ]]; then
IssueSetContent
fi
SSHEnableRootLogin
GrubSetConfig
if [[ ${ISPVE} == 0 ]]; then
InstApps
fi
Reboot
}
NetSetHostname() {
hostname=$(hostname)
hostname=$(whiptail --title "Hostname + Domain" --inputbox "" 0 30 "${hostname}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ] && [ "${hostname}" != "" ]; then
hostnamectl set-hostname "${hostname}"
fi
}
NetIPConfig() {
options=()
options+=("DHCP" "")
options+=("Static" "")
sel=$(whiptail --title "Network" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ]; then
case ${sel} in
"Static") NetIPConfigStatic;;
esac
fi
}
NetIPConfigStatic() {
netif="$(ip a | grep ens | head -n1 | cut -d: -f2)"
netif=${netif:1}
netip="${IPV4}"
netmask="255.255.255.0"
netgw="$(echo "${IPV4}" | cut -d. -f1-3).1"
netdns="$(echo "${IPV4}" | cut -d. -f1-3).1"
netip=$(whiptail --title "Network" --inputbox "IP" 0 30 "${netip}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ] && [ "${netip}" != "" ]; then
netmask=$(whiptail --title "Network" --inputbox "Mask" 0 30 "${netmask}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ] && [ "${netmask}" != "" ]; then
netgw=$(whiptail --title "Network" --inputbox "Route" 0 30 "${netgw}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ] && [ "${netgw}" != "" ]; then
netdns=$(whiptail --title "Network" --inputbox "DNS" 0 30 "${netdns}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ] && [ "${netdns}" != "" ]; then
echo "allow-hotplug ${netif}" > /etc/network/interfaces.d/${netif}
echo "iface ${netif} inet static" >> /etc/network/interfaces.d/${netif}
echo -e "\taddress ${netip}" >> /etc/network/interfaces.d/${netif}
echo -e "\tnetmask ${netmask}" >> /etc/network/interfaces.d/${netif}
echo -e "\tgateway ${netgw}" >> /etc/network/interfaces.d/${netif}
sed -i "/${netif}/d" /etc/network/interfaces
echo "nameserver ${netdns}" > /etc/resolv.conf
fi
fi
fi
fi
}
NetCleanUpSystemdResolved() {
sed -i s/#LLMNR=yes/LLMNR=no/ /etc/systemd/resolved.conf
sed -i s/#DNSStubListener=yes/DNSStubListener=no/ /etc/systemd/resolved.conf
systemctl restart systemd-resolved
}
APTSetProxy() {
proxy=""
proxy=$(whiptail --title "Proxy" --inputbox "ex : http://192.168.1.200/ or leave empty for none" 0 30 "${proxy}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ]; then
if [ "${proxy}" != "" ]; then
echo "Acquire::http { Proxy \"${proxy}\"; };" > /etc/apt/apt.conf.d/02proxy
fi
fi
}
APTCleanupLXCPackage() {
apt remove -y bind9-host debian-faq doc-debian postfix x11-common fontconfig-config fonts-dejavu-core gdbm-l10n python-apt-common
}
APTUpdateDist() {
apt update -y
apt dist-upgrade -y
}
APTInstallBase() {
options=()
options+=("curl" "" on)
options+=("wget" "" on)
options+=("lsof" "" on)
options+=("acpi" "" on)
options+=("bash-completion" "" on)
if [[ ${ISPVE} == 0 ]]; then
options+=("iptables" "" on)
options+=("iptables-persistent" "" on)
else
options+=("iptables" "" off)
options+=("iptables-persistent" "" off)
fi
options+=("openssh-server" "" on)
options+=("gnupg" "" on)
options+=("rsync" "" on)
options+=("nmon" "" on)
options+=("snmpd" "" on)
options+=("clevis-net" "" off)
sel=$(whiptail --title "Basic Install" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ]; then
pkg=""
for itm in ${sel}; do
case ${itm} in
'"iptables-persistent"')
pkg="${pkg} $(echo ${itm} | sed 's/"//g')"
IPTablesPostInstall;;
'"clevis-net"')
pkg="${pkg} clevis clevis-luks clevis-systemd clevis-initramfs clevis-tpm2";;
*)
pkg="${pkg} $(echo ${itm} | sed 's/"//g')";;
esac
done
apt install -y ${pkg}
for itm in ${sel}; do
case ${itm} in
'"iptables-persistent"')
IPTablesConfig;;
'"snmpd"')
SNMPDConfig;;
'"clevis-net"')
ClevisNetInit;;
esac
done
fi
}
APTCleanAll() {
apt-get autoremove -y
apt-get autoclean -y
}
BashSetAlias() {
wget -O /etc/profile.d/alias.sh "${BASE_URL}"/"${DIR_URL}"/files/alias.sh
}
BashSetPS() {
wget -O /etc/profile.d/ps1.sh "${BASE_URL}"/"${DIR_URL}"/files/ps1.sh
}
NanoSetConfig() {
sed -i "/tabsize/c\set tabsize 2" /etc/nanorc
{
echo "set numbercolor brightwhite"
echo "set statuscolor brightwhite,green"
echo "set keycolor cyan"
echo "set functioncolor green"
} >> /etc/nanorc
{
echo "set titlecolor brightwhite,red"
echo "set statuscolor brightwhite,red"
} > /root/.nanorc
}
IssueSetContent() {
wget -O /etc/issue "${BASE_URL}"/"${DIR_URL}"/files/issue
}
IPTablesPostInstall() {
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
}
IPTablesConfig() {
wget -O /etc/iptables/rules.v4 "${BASE_URL}"/"${DIR_URL}"/files/rules.v4
wget -O /etc/iptables/rules.v6 "${BASE_URL}"/"${DIR_URL}"/files/rules.v6
iptables-restore /etc/iptables/rules.v4
ip6tables-restore /etc/iptables/rules.v6
}
SNMPDConfig() {
cummunityname=public
cummunityname=$(whiptail --title "SNMP Community name" --inputbox "" 0 30 "${cummunityname}" 3>&1 1>&2 2>&3)
sed -i "s/public/${cummunityname}/" /etc/snmp/snmpd.conf
sed -i "s/127.0.0.1,\[::1\]/0.0.0.0/" /etc/snmp/snmpd.conf
systemctl restart snmpd
}
ClevisNetInit() {
LUKSPARTS=$(lsblk -p -l --fs |grep LUKS |cut -d " " -f1)
options=()
IFS_ORIG=$IFS
IFS=$'\n'
for LUKSPART in ${LUKSPARTS}
do
options+=("${LUKSPART}" "")
done
IFS=$IFS_ORIG
DEV=$(whiptail --title "Select root LUKS part" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ]; then
TANGURL=$(whiptail --title "Tang Server" --inputbox "URL" 0 30 "" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ]; then
clevis luks bind -d ${DEV} tang "{\"url\": \"${TANGURL}\"}"
systemctl enable clevis-luks-askpass.path
fi
fi
}
SSHEnableRootLogin() {
sed -i "/PermitRootLogin prohibit-password/c\PermitRootLogin yes #prohibit-password" /etc/ssh/sshd_config
systemctl restart sshd
}
GrubSetConfig() {
if [ -f "/etc/default/grub" ]; then
sed -i "/GRUB_TIMEOUT/c\GRUB_TIMEOUT=1" /etc/default/grub
update-grub
fi
}
InstApps() {
options=()
options+=("nodejs-18" "" off)
options+=("nodejs-19" "" off)
options+=("nodejs-20" "" off)
options+=("mongodb-6.0" "" off)
options+=("traefik" "" off)
options+=("apt-cacher-ng" "" off)
options+=("matomo" "" off)
options+=("nextcloud-26" "" off)
options+=("nextcloud-25" "" off)
options+=("proxmox-7" "" off)
if [[ ${ISLXC} == 0 ]]; then
options+=("docker" "" off)
options+=("portainer" "" off)
fi
options+=("misc-apps" "..." off)
options+=("archived-apps" "..." off)
SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ]; then
for ITM in ${SEL}; do
case ${ITM//\"/} in
misc-apps)
InstMiscApps;;
archived-apps)
InstArchivedApps;;
*)
cd /tmp || exit
wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}";;
esac
done
fi
}
InstMiscApps() {
options=()
options+=("bind9" "" off)
options+=("iperf3" "" off)
options+=("webmin" "" off)
options+=("tang" "" off)
options+=("rinetd" "" off)
options+=("tor-gw" "" off)
options+=("nextcloud-latest" "unsafe" off)
SEL=$(whiptail --title "Misc Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ]; then
for ITM in ${SEL}; do
cd /tmp || exit
wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"
done
fi
}
InstArchivedApps() {
options=()
options+=("mongodb-5.0" "" off)
options+=("mongodb-4.4" "" off)
options+=("nodejs-16" "" off)
options+=("nodejs-14" "" off)
options+=("nextcloud-24" "" off)
options+=("nextcloud-23" "" off)
options+=("nagios" "" off)
options+=("nagios-pnp4" "pnp4nagios" off)
options+=("dokuwiki" "" off)
options+=("xwiki" "" off)
SEL=$(whiptail --title "Archived Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "$?" = "0" ]; then
for ITM in ${SEL}; do
cd /tmp || exit
wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"
done
fi
}
Reboot() {
if whiptail --yesno "Reboot ?" 0 0 3>&1 1>&2 2>&3; then
reboot
fi
}
while [ ${#} -gt 0 ]; do
case ${1} in
--help) showHelp; exit 0;;
-b | --base-url) BASE_URL="${2}"; shift;;
*) shift;;
esac
done
Main