nas-server/setup.sh

#!/bin/bash

# The purpose of this script is to setup our NAS server on a blank Armbian.
# This script is to be run as root.

# (Keep in mind that default root password is 1234)
# Flash SBC's SD with Armbian and copy this script as well as conf-sync.sh to /root

# YOU SHOULD REMOVE THIS SCRIPT AFTER SETUP

# Functions
init() {
  echo "Starting initialization"
  echo $hostname > /etc/hostname
  sed -i -e "s/$default_hostname/$fqdn $hostname/g" /etc/hosts
  localectl set-keymap $keymap
  timedatectl set-timezone $timezone
  systemctl disable apt-daily-upgrade.timer
}

install_packages() {
  echo "Starting packages installation"
  sed -i -e "s/$deb_apt_default_repo/$deb_apt_repo/g" /etc/apt/sources.list
  apt update
  apt upgrade -y
  apt install -y vim tree tmux neofetch vsftpd cryptsetup
}

add_users() {
  echo "Adding users"
  useradd -N -g users -G sudo -m -s /bin/bash $user
  chmod 700 /home/$user
}

get_conf() {
  echo "Getting configuration"
  sudo -H -u $user mkdir $sync_directory_path
  cp $run_directory_path/conf-sync.sh $sync_directory_path/
  chown $user:users $sync_directory_path/conf-sync.sh
  sudo -H -u $user chmod u+x $sync_directory_path/conf-sync.sh
  sudo -H -u $user $sync_directory_path/conf-sync.sh
}

set_conf() {
  echo "Setting configuration"
  ln -s $sync_directory_path/conf-sync-server.timer $systemd_units_path/conf-sync.timer
  ln -s $sync_directory_path/*.service $systemd_units_path/
  systemctl daemon-reload
  systemctl enable conf-sync.timer
}

rcs_links() {
  echo "Linking rcs"
  rm /home/$user/.bashrc
  rm /root/.bashrc
  sudo -H -u $user ln -s $sync_directory_path/bashrc /home/$user/.bashrc
  ln -s /home/$user/.bashrc /root/.bashrc
  sudo -H -u $user ln -s $sync_directory_path/vimrc /home/$user/.vimrc
  ln -s /home/$user/.vimrc /root/.vimrc
  sudo -H -u $user ln -s $sync_directory_path/tmux.conf /home/$user/.tmux.conf
  ln -s /home/$user/.tmux.conf /root/.tmux.conf
}

ssh_pubkey() {
  echo "Getting SSH public key"
  sudo -H -u $user mkdir /home/$user/.ssh
  sudo -H -u $user wget -P /home/$user/.ssh $remote_pubkey_location/$remote_pubkey
  sudo -H -u $user mv /home/$user/.ssh/$remote_pubkey /home/$user/.ssh/authorized_keys
}

set_vsftpd() {
  echo "Setting vsftpd config"
  sed -i -e "s/#write_enable=YES/write_enable=YES/g" /etc/vsftpd.conf
  sed -i -e "s/#utf8_filesystem=YES/utf8_filesystem=YES/g" /etc/vsftpd.conf
  sed -i -e "s/ssl_enable=NO/ssl_enable=YES/g" /etc/vsftpd.conf
  openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/ssl-cert-snakeoil.key -out /etc/ssl/certs/ssl-cert-snakeoil.pem -subj "/C=/ST=/L=/O=/OU=/CN="
}

# Only run if the user is root
if [[ $USER != 'root' ]] ; then
  echo "You must run this script as root!"
  exit 1
fi

run_directory_path=$(pwd)

# Set parameters
default_hostname='odroidxu4'
hostname='hk1'
fqdn='hk1.kto.black'
keymap='fr'
timezone='Europe/Paris'
deb_apt_default_repo='httpredir.debian.org'
deb_apt_repo='ftp.fr.debian.org'
user='alex'
sync_directory_path="/home/$user/.sync"
systemd_units_path='/etc/systemd/system'
remote_pubkey_location='https://keys.kto.black'
remote_pubkey='home.pub'

# Main process
# You should comment below what you do not want to happen
init
install_packages
add_users
get_conf
set_conf
rcs_links
ssh_pubkey
set_vsftpd

echo ""
echo "We're all good here!"
echo "You should now:"
echo "* set $user's password"
echo "* lock root account"
echo "* remove setup.sh and conf-sync.sh"
echo "* reboot the SBC"
echo "And perhaps:"
echo "* set htop at your convenience"
echo "* remove password for sudo" # TODO we should automate that, with a flag
echo "* use below commands to edit SSH config:"
echo "    sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config"
echo "    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config"

exit 0