Use getopts and generate auto QR code login script

bootstrap.sh

@@ -1,67 +1,177 @@
 #!/bin/bash
 
+#########################
+#### USER EDITABLE ######
+#########################
+
+# You should hardcode the base URL for your raw repository files. Set the value
+# of REPO_RAW_URL to your fork, replacing the `authorized_keys` file with your own.
+# i.e., "https://raw.githubusercontent.com/<GH_USER>/<GH_REPO>/<GH_BRANCH>"
+REPO_RAW_URL="https://git.krislamo.org/kris/bootstrap/raw/branch/main"
+AUTH_KEY_FILE="/authorized_keys"
+
+# Optional debianzfs install script, accessed with -z
+DEBIANZFS="https://git.krislamo.org/kris/debianzfs/raw/branch/main/debianzfs.sh"
+DEBIANZFS_BIN="/usr/local/bin/debianzfs"
+
+##############################
+######## STOP EDITING ########
+##############################
+
 # Root required
 if [ $EUID -ne 0 ]; then
-  echo "You must run this script as root"
+	echo "You must run this script as root"
-  exit 1
+	exit 1
 fi
 
-# Get current date, hostname, create a temporary directory,
+# Clean environment
-# and set the location to the remote repository
+unset BOOT_CYCLE
+unset CDROM_REMOVE
+unset ENABLE_SSH
+unset FIELD_IP_INDEX
+unset GATEWAY_IP
+unset NEW_HOSTNAME
+unset IP
+unset QRCODE_SSH
+unset LIVECD
+unset REPO
+unset SSH_INSTALL
+unset TELNUM
+unset UPDATE_SYSTEM
+unset ZFSINSTALL
+unset DATE
+unset CUR_HOSTNAME
+unset SSH_PUB_KEY
+unset SSH_FINGERPRINT
+unset MACHINE_IP
+unset MESSAGE
+unset TEXT_MESSAGE
+
+# Options
+while getopts ':bcefg:h:i:lqr:st:uz' OPTION; do
+	case "$OPTION" in
+		b) BOOT_CYCLE="true";;
+		c) CDROM_REMOVE="true";;
+		e) ENABLE_SSH="true";;
+		f) FIELD_IP_INDEX="$OPTARG";;
+		g) GATEWAY_IP="$OPTARG";;
+		h) NEW_HOSTNAME="$OPTARG";;
+		i) IP="$OPTARG";;
+		l) LIVECD="true";;
+		q) QRCODE_SSH="true";;
+		r) REPO="$OPTARG";;
+		s) SSH_INSTALL="true";;
+		t) TELNUM="$OPTARG";;
+		u) UPDATE_SYSTEM="true";;
+		z) ZFSINSTALL="true";;
+		?)
+			echo "ERROR: Option not recognized"
+			exit 1;;
+	esac
+done
+
+# Use Live session settings
+if [ "$LIVECD" == "true" ]; then
+	CDROM_REMOVE="true"
+	ENABLE_SSH="true"
+	QRCODE_SSH="true"
+	SSH_INSTALL="true"
+	UPDATE_SYSTEM="true"
+fi
+
+# Allow override but use default repo if not set
+[ -z "$REPO" ] && REPO="$REPO_RAW_URL"
+
+# Get current date and hostname
 DATE=$(date '+%Y%m%d')
-TMP_DIR=$(mktemp -d)
 CUR_HOSTNAME=$(hostname)
-GIT_LOC="https://github.com/krislamo/bootstrap.git"
 
-# Get user input for hostname and IP
+# Remove CD sources from sources list
-echo "Enter name server's new hostname:"
+if [ "$CDROM_REMOVE" == "true" ]; then
-read NEW_HOSTNAME
+	echo "NOTICE: Backing up /etc/apt/sources.list => /etc/apt/sources.list.$DATE"
-
+	sed -i."$DATE" '/deb cdrom/d' /etc/apt/sources.list
-echo "Enter a static IP address (e.g. 192.168.1.2/24):"
-read STATIC_IP
-
-if [ ! -z "$STATIC_IP" ]; then
-  echo "Enter the gateway IP (default: 192.168.1.1):"
-  read GATEWAY_IP
-
-  [ -z "$GATEWAY_IP" ] && GATEWAY_IP="192.168.1.1"
-  echo "Gateway set to $GATEWAY_IP"
 fi
 
-# Remove CD sources
+# Upgrade system software
-cp /etc/apt/sources.list /etc/apt/sources.list.$DATE
+if [ "$UPDATE_SYSTEM" == "true" ]; then
-sed -i '/deb cdrom/d' /etc/apt/sources.list
+	echo "NOTICE: Upgrading system"
+	apt-get update
+	apt-get upgrade -y
+fi
 
-# Upgrade software
+# If IP is set, backup interfaces and configure static IP
-apt-get update -y
+if [ -n "$IP" ]; then
-apt-get upgrade -y
+	if [ -z "$GATEWAY_IP" ]; then
+		echo "ERROR: IP set without a GATEWAY address. See option -g"
+		exit 1
+	fi
 
-# Install git, clone this repo, and navigate to it
+	echo "NOTICE: Backing up network interfaces file and installing a new static one"
-apt-get install git -y
+	sed -i."$DATE" "s/dhcp/static/g" /etc/network/interfaces
-cd $TMP_DIR
+	if ! grep -q "address" /etc/network/interfaces; then
-git clone $GIT_LOC
+		echo "  address $IP" >> /etc/network/interfaces
-cd bootstrap
+		echo "  gateway $GATEWAY_IP" >> /etc/network/interfaces
-
+	else
-# Install personal SSH keys under root and install the OpenSSH server
+		echo "ERROR: Address already set"
-mkdir -p /root/.ssh/
+		exit 1
-cp --update authorized_keys /root/.ssh/authorized_keys
+	fi
-apt-get install openssh-server -y
-
-# If STATIC_IP is set, backup interfaces and configure static IP
-if [ ! -z "$STATIC_IP" ]; then
-  cp /etc/network/interfaces /etc/network/interfaces.$DATE
-  sed -i "s/dhcp/static/g" /etc/network/interfaces
-  if ! grep -q "address" /etc/network/interfaces; then
-    echo "  address $STATIC_IP" >> /etc/network/interfaces
-    echo "  gateway $GATEWAY_IP" >> /etc/network/interfaces
-  fi
 fi
 
 # If NEW_HOSTNAME is set, configure new hostname and backup /etc/hosts
-if [ ! -z "$NEW_HOSTNAME" ]; then
+if [ -n "$NEW_HOSTNAME" ]; then
-  hostnamectl set-hostname $NEW_HOSTNAME
+	hostnamectl set-hostname "$NEW_HOSTNAME"
-  cp /etc/hosts /etc/hosts.$DATE
+	echo "NOTICE: Backing up /etc/hosts and setting new hostname to '$NEW_HOSTNAME'"
-  sed -i "s/$CUR_HOSTNAME/$NEW_HOSTNAME/g" /etc/hosts
+	sed -i."$DATE" "s/$CUR_HOSTNAME/$NEW_HOSTNAME/g" /etc/hosts
-  read -p "Press [enter] to restart this machine"
+fi
-  systemctl reboot
+
+# Install personal SSH keys under root and install the OpenSSH server
+if [ "$SSH_INSTALL" == "true" ]; then
+	# Does authorized_keys file already exist?
+	if [ -f /root/.ssh/authorized_keys ]; then
+		echo "ERROR: /root/.ssh/authorized_keys file already exists"
+		exit 1
+	fi
+
+	echo "NOTICE: Installing root's authorized_keys and the OpenSSH server"
+	mkdir -p /root/.ssh/
+	chmod 700 /root/.ssh/
+	wget "${REPO}${AUTH_KEY_FILE}" -O /root/.ssh/authorized_keys
+	chmod 644 /root/.ssh/authorized_keys
+	apt-get install openssh-server -y
+
+	if [ "$ENABLE_SSH" == "true" ]; then
+		echo "NOTICE: Enabling the OpenSSH server"
+		systemctl start ssh
+	fi
+fi
+
+# Download DebianZFS script
+if [ "$ZFSINSTALL" == "true" ]; then
+	echo "NOTICE: Installing DebianZFS installation script"
+	wget "$DEBIANZFS" -O "$DEBIANZFS_BIN"
+	chmod u+x "$DEBIANZFS_BIN"
+fi
+
+# Restart or show SSH ECDSA public key fingerprint and IP addresses
+if [ "$BOOT_CYCLE" == "true" ]; then
+	echo "NOTICE: Restarting the machine in 10 seconds..."
+	sleep 9
+	echo "NOTICE: Restarting!"
+	sleep 1
+	systemctl reboot
+elif [ "$SSH_INSTALL" == "true" ] && [ "$ENABLE_SSH" == "true" ]; then
+	SSH_PUB_KEY="$(ssh-keyscan localhost 2>/dev/null | grep "ecdsa" | cut -f2- -d' ')"
+	SSH_FINGERPRINT="$(ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub | awk '{print $2}')"
+	[ -z "$FIELD_IP_INDEX" ] && FIELD_IP_INDEX=1
+	MACHINE_IP="$(hostname -I | cut -f"${FIELD_IP_INDEX}" -d' ')"
+	MESSAGE="SSH ECDSA KEY: $SSH_FINGERPRINT and IPs: $MACHINE_IP"
+	# Show QR code with a copy and paste secure and verified login script
+	if [ "$QRCODE_SSH" == "true" ]; then
+		apt-get update
+		apt-get install -y qrencode
+		[ -z "$TELNUM" ] && read -r -p "Enter SMS number (for QR code): " TELNUM
+		TEXT_MESSAGE="TF=\$(mktemp) && echo \"${MACHINE_IP} ${SSH_PUB_KEY}\" > \"\$TF\" && ssh -o \"UserKnownHostsFile \$TF\" root@${MACHINE_IP} && rm \"\$TF\""
+		qrencode -t ASCII "smsto:$TELNUM:$TEXT_MESSAGE"
+	fi
+	echo "$MESSAGE"
 fi