diff --git a/setup.sh b/setup.sh index a020df3..60d2693 100644 --- a/setup.sh +++ b/setup.sh @@ -8,11 +8,12 @@ # YOU SHOULD REMOVE THIS SCRIPT AFTER SETUP +source "$run_directory/variables.conf" + # Functions init() { echo "Starting initialization" echo $fqdn > /etc/hostname - sed -i -e "s/$default_hostname/$fqdn $hostname/g" /etc/hosts localectl set-keymap $keymap timedatectl set-timezone $timezone systemctl disable apt-daily-upgrade.timer @@ -23,45 +24,38 @@ install_packages() { sed -i -e "s/$deb_apt_default_repo/$deb_apt_repo/g" /etc/apt/sources.list apt update apt upgrade -y - apt install -y vim tree tmux neofetch vsftpd cryptsetup clevis clevis-luks clevis-systemd + packages_to_install="vim tree tmux neofetch cryptsetup clevis clevis-luks clevis-systemd" + if [ "$dl_server" = "yes" ]; then + packages_to_install+=" openvpn transmission-daemon" + fi + if [ "$upnp_server" = "yes" ]; then + packages_to_install+=" minidlna" + fi + if [ "$ftp_server" = "yes" ]; then + packages_to_install+=" vsftpd" + fi + apt install -y $packages_to_install } add_users() { echo "Adding users" - useradd -N -g users -G sudo -m -s /bin/bash $user # still not sure why users group and not -U... + useradd -U -G sudo -m -s /bin/bash $user chmod 700 /home/$user + echo "Let's define a password for $user as we are about to run sudo with it. It can of course be changed after setup." + passwd $user } -get_conf() { - echo "Getting configuration" +get_sync() { + echo "Getting and deploying sync configuration" sudo -H -u $user mkdir $sync_directory_path - cp $run_directory_path/conf-sync.sh $sync_directory_path/ - chown $user:users $sync_directory_path/conf-sync.sh # group - cp $run_directory_path/srv-nas.mount $sync_directory_path/ - chown $user:users $sync_directory_path/srv-nas.mount # group - sudo -H -u $user chmod u+x $sync_directory_path/conf-sync.sh - sudo -H -u $user $sync_directory_path/conf-sync.sh -} - -set_conf() { - echo "Setting configuration" - ln -s $sync_directory_path/conf-sync-server.timer $systemd_units_path/conf-sync.timer - ln -s $sync_directory_path/*.service $systemd_units_path/ - systemctl daemon-reload - systemctl enable conf-sync.timer - systemctl mask systemd-ask-password-wall.path -} - -rcs_links() { - echo "Linking rcs" - rm /home/$user/.bashrc - rm /root/.bashrc - sudo -H -u $user ln -s $sync_directory_path/bashrc /home/$user/.bashrc - ln -s /home/$user/.bashrc /root/.bashrc - sudo -H -u $user ln -s $sync_directory_path/vimrc /home/$user/.vimrc - ln -s /home/$user/.vimrc /root/.vimrc - sudo -H -u $user ln -s $sync_directory_path/tmux.conf /home/$user/.tmux.conf - ln -s /home/$user/.tmux.conf /root/.tmux.conf + sudo -H -u $user git clone https://gitea.kto.black/adminconf/rcs-general.git $sync_directory_path/rcs-general + sudo -H -u $user $sync_directory_path/rcs-general/install.sh + sudo -H -u $user git clone https://gitea.kto.black/adminconf/conf-sync.git $sync_directory_path/conf-sync + sudo -H -u $user cp $sync_directory_path/conf-sync/variables.conf.template \ + $sync_directory_path/conf-sync/variables.conf + sudo -H -u $user sed -i -e "s/\"desktop\"/\"server\"/g" $sync_directory_path/conf-sync/variables.conf + sudo -H -u $user $sync_directory_path/conf-sync/install.sh + sudo -H -u $user git clone https://gitea.kto.black/adminconf/nas-server.git $sync_directory_path/nas-server } ssh_pubkey() { @@ -71,7 +65,16 @@ ssh_pubkey() { sudo -H -u $user mv /home/$user/.ssh/$remote_pubkey /home/$user/.ssh/authorized_keys } +set_sshd_conf() { + echo "Editing OpenSSH daemon config..." + sed -i -e "s/#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config + sed -i -e "s/PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config +} + set_vsftpd() { + if [ "$ftp_server" != "yes" ]; then + return 0 + fi echo "Setting vsftpd config" mkdir $nas_root chown $user:users $nas_root @@ -92,12 +95,10 @@ fi run_directory_path=$(pwd) # Set parameters -default_hostname='odroidxu4' -hostname='hk1' -fqdn='hk1.kto.black' +fqdn='hk1.jab.kto.black' keymap='fr' timezone='Europe/Paris' -deb_apt_default_repo='httpredir.debian.org' +deb_apt_default_repo='deb.debian.org' # TODO check deb_apt_repo='ftp.fr.debian.org' user='alex' sync_directory_path="/home/$user/.sync" @@ -111,10 +112,9 @@ nas_root='/srv/nas' init install_packages add_users -get_conf -set_conf -rcs_links +get_sync ssh_pubkey +set_sshd_conf set_vsftpd echo "" @@ -122,7 +122,12 @@ echo "We're all good here!" echo "You should now:" echo "* set $user's password" echo "* lock root account" -echo "* remove setup.sh, srv-nas.mount and conf-sync.sh" +echo "* remove $run_directory_path content" +if [ "$dl_server" = "yes" ]; then + echo "* get the OpenVPN configuration file, move it to /etc/openvpn/client/vpn.conf" + echo " * and add at \`auth-user-pass\`: auth.txt" + echo " * create said auth.txt with VPN login and password (on two rows)" +fi echo "* reboot the SBC" echo "And perhaps:" echo "* set htop at your convenience" diff --git a/variables.conf.template b/variables.conf.template new file mode 100644 index 0000000..bbc3e48 --- /dev/null +++ b/variables.conf.template @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +# Copy this file as variables.conf, with the correct values + +dl_server="no" +ftp_server="no" +upnp_server="no"