2
0
os-init/alpine/init.sh
2023-12-13 23:10:12 +01:00

168 lines
4.1 KiB
Bash

#!/bin/dash
BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
showHelp() {
echo "alpine.sh"
echo ""
echo "use :"
echo "sh alpine.sh [options]"
}
main() {
APKUpdateDist
APKInstallBase
Customizations
InstApps
Reboot
}
APKUpdateDist() {
apk update
apk upgrade
}
APKInstallBase() {
apk add newt
SEL=$(whiptail --title "Base Apps" --checklist "" 0 0 0 \
"curl" "" on \
"lsof" "" on \
"bash-completion" "" on \
"iptables" "" on \
"ip6tables" "" on \
"openssh-server" "" on \
"gnupg" "" on \
"rsync" "" on \
"net-snmp" "" on \
"nano" "" on 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "${?}" = "0" ]; then
for ITM in ${SEL}; do
# shellcheck disable=SC3000-SC4000
apk add "${ITM//\"/}"
# shellcheck disable=SC3000-SC4000
case ${ITM//\"/} in
"openssh-server")
SSHEnableRootLogin
rc-update add sshd
service sshd start
;;
"iptables") IPTablesInstall;;
"ip6tables") IP6TablesInstall;;
"net-snmp") SNMPDInstall;;
"nano") NanoSetConfig;;
esac
done
fi
}
IPTablesInstall() {
wget -O /etc/iptables/rules-save "${BASE_URL}"/alpine/files/rules-save
iptables-restore /etc/iptables/rules-save
rc-update add iptables
}
IP6TablesInstall() {
wget -O /etc/iptables/rules6-save "${BASE_URL}"/alpine/files/rules6-save
ip6tables-restore /etc/iptables/rules6-save
rc-update add ip6tables
}
SSHEnableRootLogin() {
sed -i "/PermitRootLogin prohibit-password/c\PermitRootLogin yes #prohibit-password" /etc/ssh/sshd_config
service sshd restart
if [ -f "/etc/iptables/rules-save" ]; then
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT' /etc/iptables/rules-save
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # SSH' /etc/iptables/rules-save
iptables-restore /etc/iptables/rules-save
fi
}
SNMPDInstall() {
cummunityname=public
cummunityname=$(whiptail --title "SNMP Community name" --inputbox "" 0 30 "${cummunityname}" 3>&1 1>&2 2>&3)
sed -i "s/public/${cummunityname}/" /etc/snmp/snmpd.conf
sed -i "s/127.0.0.1/0.0.0.0/" /etc/snmp/snmpd.conf
service snmpd restart
rc-update add snmpd default
if [ -f "/etc/iptables/rules-save" ]; then
sed -i '/^-A INPUT -p icmp -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 161 -m state --state NEW -j ACCEPT' /etc/iptables/rules-save
sed -i '/^-A INPUT -p icmp -j ACCEPT.*/a # SNMP' /etc/iptables/rules-save
iptables-restore /etc/iptables/rules-save
fi
}
NanoSetConfig() {
sed -i "/tabsize/c\set tabsize 2" /etc/nanorc
{
echo "set numbercolor brightwhite"
echo "set statuscolor brightwhite,green"
echo "set keycolor cyan"
echo "set functioncolor green"
} >> /etc/nanorc
{
echo "set titlecolor brightwhite,red"
echo "set statuscolor brightwhite,red"
} > /root/.nanorc
}
Customizations() {
SEL=$(whiptail --title "Additions" --checklist "" 0 0 0 \
"alias" "" on \
"ps1" "" on \
"issue" "" on 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "${?}" = "0" ]; then
for ITM in ${SEL}; do
# shellcheck disable=SC3000-SC4000
case ${ITM//\"/} in
"alias") ProfileSetAlias;;
"ps1") ProfileSetPS;;
"issue") IssueSetContent;;
esac
done
fi
}
ProfileSetAlias() {
wget -O /etc/profile.d/alias.sh "${BASE_URL}"/alpine/files/alias.sh
}
ProfileSetPS() {
wget -O /etc/profile.d/ps1.sh "${BASE_URL}"/alpine/files/ps1.sh
}
IssueSetContent() {
wget -O /etc/issue "${BASE_URL}"/alpine/files/issue
}
InstApps() {
SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 \
"traefik" "" off \
"gitea" "" off \
"gitea-act_runner" "" off\
"docker" "" off \
"portainer" "" off \
"rancher" "" off 3>&1 1>&2 2>&3)
# shellcheck disable=SC2181
if [ "${?}" = "0" ]; then
for ITM in ${SEL}; do
cd /tmp || exit
# shellcheck disable=SC3000-SC4000
wget "${BASE_URL}"/alpine/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
# shellcheck disable=SC3000-SC4000
sh ./"${ITM//\"/}".sh "${BASE_URL}"
done
fi
}
Reboot() {
if whiptail --yesno "Reboot ?" 0 0 3>&1 1>&2 2>&3; then
reboot
fi
}
while [ ${#} -gt 0 ]; do
case ${1} in
--help) showHelp; exit 0;;
-b | --base-url) BASE_URL="${2}"; shift;;
*) shift;;
esac
done
main