Created post-install procedure

2025-04-05 10:29:54 +02:00
parent c690fcb6fe
commit ff9597d525
5 changed files with 55 additions and 0 deletions
--- a/post/run.sh
+++ b/post/run.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+REPO=https://git.xoservice.nl/archlinux
+
+echo "Setting remote control requirements..."
+groupadd admins
+useradd -g admins -m -r -c "System administrator" sysadmin
+echo "%admins ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/admins
+mkdir -p /home/sysadmin/.ssh
+chmod 700 /home/sysadmin/.ssh
+curl -o /home/sysadmin/.ssh/authorized_keys $REPO/raw/master/post/ansible.pub
+chown -R sysadmin:admins /home/sysadmin/.ssh
+
+echo "Disable root user SSH access..."
+sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
+sed -i 's/PermitRootLogin without-password/PermitRootLogin no/' /etc/ssh/sshd_config
+
+echo "Configuring and enabling default firewall..."
+curl -o /etc/iptables/iptables.rules $REPO/raw/master/post/iptables.rules
+curl -o /etc/iptables/ip6tables.rules $REPO/raw/master/post/ip6tables.rules
+systemctl enable iptables
+systemctl enable ip6tables
+
+echo "All done, reboot in 5 seconds..."
+sleep 5
+reboot