Rebuild to new setup
This commit is contained in:
66
postinst.sh
Normal file
66
postinst.sh
Normal file
@@ -0,0 +1,66 @@
|
||||
#!/bin/bash
|
||||
|
||||
REPO=https://git.xo.nl/marcel
|
||||
GREEN='\033[0;32m'
|
||||
RED='\033[0;31m'
|
||||
NOCOL='\033[0m'
|
||||
NAME=null
|
||||
PASS=null
|
||||
|
||||
echo "GIT Username: "
|
||||
read NAME
|
||||
echo -s "GIT Password: "
|
||||
read -s PASS
|
||||
|
||||
echo -ne "${GREEN}Enter system hostname...${NOCOL}"
|
||||
read NEWNAME
|
||||
hostnamectl set-hostname $NEWNAME
|
||||
|
||||
echo -e "${GREEN}Setting remote control requirements...${NOCOL}"
|
||||
groupadd admins
|
||||
useradd -g admins -m -r -c "System administrator" sysadmin
|
||||
echo "%admins ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/admins
|
||||
mkdir -p /home/sysadmin/.ssh
|
||||
chmod 700 /home/sysadmin/.ssh
|
||||
curl -u $NAME:$PASS -so /home/sysadmin/.ssh/authorized_keys $REPO/secrets/raw/branch/main/users/ansible.pub
|
||||
chown -R sysadmin:admins /home/sysadmin/.ssh
|
||||
|
||||
echo -e "${GREEN}Switching to LTS Kernel...${NOCOL}"
|
||||
pacman --noconfirm -S linux-lts linux-lts-headers
|
||||
pacman --noconfirm -Rs linux
|
||||
grub-mkconfig -o /boot/grub/grub.cfg
|
||||
|
||||
echo -e "${GREEN}Disable root user SSH access...${NOCOL}"
|
||||
sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
|
||||
sed -i 's/PermitRootLogin without-password/PermitRootLogin no/' /etc/ssh/sshd_config
|
||||
|
||||
echo -e "${GREEN}Configuring default firewall...${NOCOL}"
|
||||
curl -u $USER:$PASS -so /etc/iptables/iptables.rules $REPO/secrets/raw/branch/main/iptables/iptables.rules
|
||||
curl -u $USER:$PASS -so /etc/iptables/ip6tables.rules $REPO/secrets/raw/branch/main/iptables/ip6tables.rules
|
||||
|
||||
echo -e "${GREEN}Install minimal required packages...${NOCOL}"
|
||||
pacman --noconfirm -S cronie rsync iftop htop bash-completion iotop lsof screen fastfetch neovim man-db inetutils base-devel git
|
||||
ln -s /usr/bin/nvim /usr/bin/vi
|
||||
|
||||
echo -e "${GREEN}Activating required services...${NOCOL}"
|
||||
systemctl enable iptables
|
||||
systemctl enable ip6tables
|
||||
systemctl enable cronie
|
||||
|
||||
echo -e "${GREEN}Setup motd default...${NOCOL}"
|
||||
echo "" > /etc/motd
|
||||
echo "fastfetch" > /etc/profile.d/fastfetch.sh
|
||||
chmod +x /etc/profile.d/fastfetch.sh
|
||||
|
||||
echo -e "${GREEN}Install deployment script...${NOCOL}"
|
||||
curl -so /usr/local/bin/deploy $REPO/deploy/raw/branch/master/deploy.sh
|
||||
chown root:root /usr/local/bin/deploy
|
||||
chmod ug+x /usr/local/bin/deploy
|
||||
|
||||
echo -e "${GREEN}Optimizing makepkg settings...${NOCOL}"
|
||||
sed -i 's/#MAKEFLAGS="-j2"/MAKEFLAGs="-j$(nproc)"/g' /etc/makepkg.conf
|
||||
systemctl mask tmp.mount
|
||||
|
||||
echo -e "${RED}All done, reboot in 10 seconds...${NOCOL}"
|
||||
sleep 10
|
||||
reboot
|
||||
Reference in New Issue
Block a user