diff --git a/bootstrap.sh b/bootstrap.sh index fb6b3b0..367f76a 100644 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -1,67 +1,177 @@ #!/bin/bash +######################### +#### USER EDITABLE ###### +######################### + +# You should hardcode the base URL for your raw repository files. Set the value +# of REPO_RAW_URL to your fork, replacing the `authorized_keys` file with your own. +# i.e., "https://raw.githubusercontent.com///" +REPO_RAW_URL="https://git.krislamo.org/kris/bootstrap/raw/branch/main" +AUTH_KEY_FILE="/authorized_keys" + +# Optional debianzfs install script, accessed with -z +DEBIANZFS="https://git.krislamo.org/kris/debianzfs/raw/branch/main/debianzfs.sh" +DEBIANZFS_BIN="/usr/local/bin/debianzfs" + +############################## +######## STOP EDITING ######## +############################## + # Root required if [ $EUID -ne 0 ]; then - echo "You must run this script as root" - exit 1 + echo "You must run this script as root" + exit 1 fi -# Get current date, hostname, create a temporary directory, -# and set the location to the remote repository +# Clean environment +unset BOOT_CYCLE +unset CDROM_REMOVE +unset ENABLE_SSH +unset FIELD_IP_INDEX +unset GATEWAY_IP +unset NEW_HOSTNAME +unset IP +unset QRCODE_SSH +unset LIVECD +unset REPO +unset SSH_INSTALL +unset TELNUM +unset UPDATE_SYSTEM +unset ZFSINSTALL +unset DATE +unset CUR_HOSTNAME +unset SSH_PUB_KEY +unset SSH_FINGERPRINT +unset MACHINE_IP +unset MESSAGE +unset TEXT_MESSAGE + +# Options +while getopts ':bcefg:h:i:lqr:st:uz' OPTION; do + case "$OPTION" in + b) BOOT_CYCLE="true";; + c) CDROM_REMOVE="true";; + e) ENABLE_SSH="true";; + f) FIELD_IP_INDEX="$OPTARG";; + g) GATEWAY_IP="$OPTARG";; + h) NEW_HOSTNAME="$OPTARG";; + i) IP="$OPTARG";; + l) LIVECD="true";; + q) QRCODE_SSH="true";; + r) REPO="$OPTARG";; + s) SSH_INSTALL="true";; + t) TELNUM="$OPTARG";; + u) UPDATE_SYSTEM="true";; + z) ZFSINSTALL="true";; + ?) + echo "ERROR: Option not recognized" + exit 1;; + esac +done + +# Use Live session settings +if [ "$LIVECD" == "true" ]; then + CDROM_REMOVE="true" + ENABLE_SSH="true" + QRCODE_SSH="true" + SSH_INSTALL="true" + UPDATE_SYSTEM="true" +fi + +# Allow override but use default repo if not set +[ -z "$REPO" ] && REPO="$REPO_RAW_URL" + +# Get current date and hostname DATE=$(date '+%Y%m%d') -TMP_DIR=$(mktemp -d) CUR_HOSTNAME=$(hostname) -GIT_LOC="https://github.com/krislamo/bootstrap.git" -# Get user input for hostname and IP -echo "Enter name server's new hostname:" -read NEW_HOSTNAME - -echo "Enter a static IP address (e.g. 192.168.1.2/24):" -read STATIC_IP - -if [ ! -z "$STATIC_IP" ]; then - echo "Enter the gateway IP (default: 192.168.1.1):" - read GATEWAY_IP - - [ -z "$GATEWAY_IP" ] && GATEWAY_IP="192.168.1.1" - echo "Gateway set to $GATEWAY_IP" +# Remove CD sources from sources list +if [ "$CDROM_REMOVE" == "true" ]; then + echo "NOTICE: Backing up /etc/apt/sources.list => /etc/apt/sources.list.$DATE" + sed -i."$DATE" '/deb cdrom/d' /etc/apt/sources.list fi -# Remove CD sources -cp /etc/apt/sources.list /etc/apt/sources.list.$DATE -sed -i '/deb cdrom/d' /etc/apt/sources.list +# Upgrade system software +if [ "$UPDATE_SYSTEM" == "true" ]; then + echo "NOTICE: Upgrading system" + apt-get update + apt-get upgrade -y +fi -# Upgrade software -apt-get update -y -apt-get upgrade -y +# If IP is set, backup interfaces and configure static IP +if [ -n "$IP" ]; then + if [ -z "$GATEWAY_IP" ]; then + echo "ERROR: IP set without a GATEWAY address. See option -g" + exit 1 + fi -# Install git, clone this repo, and navigate to it -apt-get install git -y -cd $TMP_DIR -git clone $GIT_LOC -cd bootstrap - -# Install personal SSH keys under root and install the OpenSSH server -mkdir -p /root/.ssh/ -cp --update authorized_keys /root/.ssh/authorized_keys -apt-get install openssh-server -y - -# If STATIC_IP is set, backup interfaces and configure static IP -if [ ! -z "$STATIC_IP" ]; then - cp /etc/network/interfaces /etc/network/interfaces.$DATE - sed -i "s/dhcp/static/g" /etc/network/interfaces - if ! grep -q "address" /etc/network/interfaces; then - echo " address $STATIC_IP" >> /etc/network/interfaces - echo " gateway $GATEWAY_IP" >> /etc/network/interfaces - fi + echo "NOTICE: Backing up network interfaces file and installing a new static one" + sed -i."$DATE" "s/dhcp/static/g" /etc/network/interfaces + if ! grep -q "address" /etc/network/interfaces; then + echo " address $IP" >> /etc/network/interfaces + echo " gateway $GATEWAY_IP" >> /etc/network/interfaces + else + echo "ERROR: Address already set" + exit 1 + fi fi # If NEW_HOSTNAME is set, configure new hostname and backup /etc/hosts -if [ ! -z "$NEW_HOSTNAME" ]; then - hostnamectl set-hostname $NEW_HOSTNAME - cp /etc/hosts /etc/hosts.$DATE - sed -i "s/$CUR_HOSTNAME/$NEW_HOSTNAME/g" /etc/hosts - read -p "Press [enter] to restart this machine" - systemctl reboot +if [ -n "$NEW_HOSTNAME" ]; then + hostnamectl set-hostname "$NEW_HOSTNAME" + echo "NOTICE: Backing up /etc/hosts and setting new hostname to '$NEW_HOSTNAME'" + sed -i."$DATE" "s/$CUR_HOSTNAME/$NEW_HOSTNAME/g" /etc/hosts +fi + +# Install personal SSH keys under root and install the OpenSSH server +if [ "$SSH_INSTALL" == "true" ]; then + # Does authorized_keys file already exist? + if [ -f /root/.ssh/authorized_keys ]; then + echo "ERROR: /root/.ssh/authorized_keys file already exists" + exit 1 + fi + + echo "NOTICE: Installing root's authorized_keys and the OpenSSH server" + mkdir -p /root/.ssh/ + chmod 700 /root/.ssh/ + wget "${REPO}${AUTH_KEY_FILE}" -O /root/.ssh/authorized_keys + chmod 644 /root/.ssh/authorized_keys + apt-get install openssh-server -y + + if [ "$ENABLE_SSH" == "true" ]; then + echo "NOTICE: Enabling the OpenSSH server" + systemctl start ssh + fi +fi + +# Download DebianZFS script +if [ "$ZFSINSTALL" == "true" ]; then + echo "NOTICE: Installing DebianZFS installation script" + wget "$DEBIANZFS" -O "$DEBIANZFS_BIN" + chmod u+x "$DEBIANZFS_BIN" +fi + +# Restart or show SSH ECDSA public key fingerprint and IP addresses +if [ "$BOOT_CYCLE" == "true" ]; then + echo "NOTICE: Restarting the machine in 10 seconds..." + sleep 9 + echo "NOTICE: Restarting!" + sleep 1 + systemctl reboot +elif [ "$SSH_INSTALL" == "true" ] && [ "$ENABLE_SSH" == "true" ]; then + SSH_PUB_KEY="$(ssh-keyscan localhost 2>/dev/null | grep "ecdsa" | cut -f2- -d' ')" + SSH_FINGERPRINT="$(ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub | awk '{print $2}')" + [ -z "$FIELD_IP_INDEX" ] && FIELD_IP_INDEX=1 + MACHINE_IP="$(hostname -I | cut -f"${FIELD_IP_INDEX}" -d' ')" + MESSAGE="SSH ECDSA KEY: $SSH_FINGERPRINT and IPs: $MACHINE_IP" + # Show QR code with a copy and paste secure and verified login script + if [ "$QRCODE_SSH" == "true" ]; then + apt-get update + apt-get install -y qrencode + [ -z "$TELNUM" ] && read -r -p "Enter SMS number (for QR code): " TELNUM + TEXT_MESSAGE="TF=\$(mktemp) && echo \"${MACHINE_IP} ${SSH_PUB_KEY}\" > \"\$TF\" && ssh -o \"UserKnownHostsFile \$TF\" root@${MACHINE_IP} && rm \"\$TF\"" + qrencode -t ASCII "smsto:$TELNUM:$TEXT_MESSAGE" + fi + echo "$MESSAGE" fi