Rebuild to new setup
This commit is contained in:
@@ -1,22 +1,28 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
echo "THIS SCRIPT IS BROKEN"
|
REPO=https://git.xo.nl/marcel
|
||||||
exit 1
|
|
||||||
|
|
||||||
REPO=https://git.xo.nl/marcel/archlinux
|
|
||||||
GREEN='\033[0;32m'
|
GREEN='\033[0;32m'
|
||||||
RED='\033[0;31m'
|
RED='\033[0;31m'
|
||||||
NOCOL='\033[0m'
|
NOCOL='\033[0m'
|
||||||
|
NAME=null
|
||||||
|
PASS=null
|
||||||
|
|
||||||
|
echo "GIT Username: "
|
||||||
|
read NAME
|
||||||
|
echo -s "GIT Password: "
|
||||||
|
read -s PASS
|
||||||
|
|
||||||
echo -ne "${GREEN}Enter system hostname...${NOCOL}"
|
echo -ne "${GREEN}Enter system hostname...${NOCOL}"
|
||||||
read NEWNAME
|
read NEWNAME
|
||||||
hostnamectl set-hostname $NEWNAME
|
hostnamectl set-hostname $NEWNAME
|
||||||
|
|
||||||
echo -e "${GREEN}Setting remote control requirements...${NOCOL}"
|
echo -e "${GREEN}Setting remote control requirements...${NOCOL}"
|
||||||
groupadd admins
|
groupadd admins
|
||||||
useradd -g admins -m -r -c "System administrator" sysadmin
|
useradd -g admins -m -r -c "System administrator" sysadmin
|
||||||
echo "%admins ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/admins
|
echo "%admins ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/admins
|
||||||
mkdir -p /home/sysadmin/.ssh
|
mkdir -p /home/sysadmin/.ssh
|
||||||
chmod 700 /home/sysadmin/.ssh
|
chmod 700 /home/sysadmin/.ssh
|
||||||
curl -so /home/sysadmin/.ssh/authorized_keys $REPO/raw/branch/master/post/ansible.pub
|
curl -u $NAME:$PASS -so /home/sysadmin/.ssh/authorized_keys $REPO/secrets/raw/branch/main/users/ansible.pub
|
||||||
chown -R sysadmin:admins /home/sysadmin/.ssh
|
chown -R sysadmin:admins /home/sysadmin/.ssh
|
||||||
|
|
||||||
echo -e "${GREEN}Switching to LTS Kernel...${NOCOL}"
|
echo -e "${GREEN}Switching to LTS Kernel...${NOCOL}"
|
||||||
@@ -29,8 +35,8 @@ sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
|
|||||||
sed -i 's/PermitRootLogin without-password/PermitRootLogin no/' /etc/ssh/sshd_config
|
sed -i 's/PermitRootLogin without-password/PermitRootLogin no/' /etc/ssh/sshd_config
|
||||||
|
|
||||||
echo -e "${GREEN}Configuring default firewall...${NOCOL}"
|
echo -e "${GREEN}Configuring default firewall...${NOCOL}"
|
||||||
curl -so /etc/iptables/iptables.rules $REPO/raw/branch/master/post/iptables.rules
|
curl -u $USER:$PASS -so /etc/iptables/iptables.rules $REPO/secrets/raw/branch/main/iptables/iptables.rules
|
||||||
curl -so /etc/iptables/ip6tables.rules $REPO/raw/branch/master/post/ip6tables.rules
|
curl -u $USER:$PASS -so /etc/iptables/ip6tables.rules $REPO/secrets/raw/branch/main/iptables/ip6tables.rules
|
||||||
|
|
||||||
echo -e "${GREEN}Install minimal required packages...${NOCOL}"
|
echo -e "${GREEN}Install minimal required packages...${NOCOL}"
|
||||||
pacman --noconfirm -S cronie rsync iftop htop bash-completion iotop lsof screen fastfetch neovim man-db inetutils base-devel git
|
pacman --noconfirm -S cronie rsync iftop htop bash-completion iotop lsof screen fastfetch neovim man-db inetutils base-devel git
|
||||||
@@ -47,7 +53,7 @@ echo "fastfetch" > /etc/profile.d/fastfetch.sh
|
|||||||
chmod +x /etc/profile.d/fastfetch.sh
|
chmod +x /etc/profile.d/fastfetch.sh
|
||||||
|
|
||||||
echo -e "${GREEN}Install deployment script...${NOCOL}"
|
echo -e "${GREEN}Install deployment script...${NOCOL}"
|
||||||
curl -so /usr/local/bin/deploy https://git.xo.nl/marcel/deploy/raw/branch/master/deploy.sh
|
curl -so /usr/local/bin/deploy $REPO/deploy/raw/branch/master/deploy.sh
|
||||||
chown root:root /usr/local/bin/deploy
|
chown root:root /usr/local/bin/deploy
|
||||||
chmod ug+x /usr/local/bin/deploy
|
chmod ug+x /usr/local/bin/deploy
|
||||||
|
|
||||||
18
pre/run.sh
18
pre/run.sh
@@ -1,18 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
echo "THIS SCRIPT IS BROKEN"
|
|
||||||
exit 1
|
|
||||||
|
|
||||||
REPO=https://git.xo.nl/marcel/archlinux
|
|
||||||
|
|
||||||
curl -O $REPO/raw/branch/master/pre/users.crypt
|
|
||||||
gpg --output users.json --decrypt users.crypt
|
|
||||||
|
|
||||||
if test -s ./users.json;
|
|
||||||
then
|
|
||||||
archinstall --config $REPO/raw/master/pre/config.json --creds ./users.json --silent
|
|
||||||
reboot
|
|
||||||
else
|
|
||||||
echo "users.json not found in current directory or file is empty"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
20
preinst.sh
Normal file
20
preinst.sh
Normal file
@@ -0,0 +1,20 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
REPO=https:/git.xo.nl/marcel
|
||||||
|
NAME=null
|
||||||
|
PASS=null
|
||||||
|
|
||||||
|
echo "GIT username: "
|
||||||
|
read NAME
|
||||||
|
echo -s "GIT password: "
|
||||||
|
read -s PASS
|
||||||
|
curl -u $NAME:$PASS -O $REPO/secrets/raw/branch/main/users/users.crypt
|
||||||
|
gpg --output users.json --decrypt users.crypt
|
||||||
|
if test -s ./users.json
|
||||||
|
then
|
||||||
|
archinstall --config $REPO/archinstall/raw/master/config.json --creds ./users.json --silent
|
||||||
|
reboot
|
||||||
|
else
|
||||||
|
echo "users.json not found in current directory or file is empty"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
Reference in New Issue
Block a user