Update setup.sh
This commit is contained in:
parent
80f2530beb
commit
59af3af67e
1 changed files with 15 additions and 29 deletions
44
setup.sh
44
setup.sh
|
|
@ -11,29 +11,24 @@ set -euo pipefail
|
||||||
DEFAULT_SSH_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoxUu/nC1C03LvxIhCMzyMu7CAfIp9+Rbt4vmx8q3ER1EPP2K53fnjUmOijC4YY2jgPHHXEoTgC6Rlcrl3eYFoqbhRc4nweN6Z3LXRghmfNXVmMRSouXEMWhxhPjk9r+w9+3E9+6p9X9YtQu+u76ArWcY9MgvD6Awvo66hSFgkzeXzgCcKkTdMkSOUwuHfm8Ja9TzSIUfnB6SAiKWLIejDntYJHSKoqsSzsovYRUc/W+al09MfIMWwN9vJwk7WM7O3E+YPL5Zcpmr4jaoFULf6hWtgn688nDU+4V0POIzRNnk4EPH5qo+AmSL7MwQ0Bh7z5EgiAJiAryrT/GnU41w7 rsa-key-20240415"
|
DEFAULT_SSH_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoxUu/nC1C03LvxIhCMzyMu7CAfIp9+Rbt4vmx8q3ER1EPP2K53fnjUmOijC4YY2jgPHHXEoTgC6Rlcrl3eYFoqbhRc4nweN6Z3LXRghmfNXVmMRSouXEMWhxhPjk9r+w9+3E9+6p9X9YtQu+u76ArWcY9MgvD6Awvo66hSFgkzeXzgCcKkTdMkSOUwuHfm8Ja9TzSIUfnB6SAiKWLIejDntYJHSKoqsSzsovYRUc/W+al09MfIMWwN9vJwk7WM7O3E+YPL5Zcpmr4jaoFULf6hWtgn688nDU+4V0POIzRNnk4EPH5qo+AmSL7MwQ0Bh7z5EgiAJiAryrT/GnU41w7 rsa-key-20240415"
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Early root escalation #
|
# Early root escalation
|
||||||
###############################################################################
|
###############################################################################
|
||||||
if [[ $EUID -ne 0 ]]; then
|
if [[ $EUID -ne 0 ]]; then
|
||||||
SCRIPT=$(readlink -f "$0")
|
# If script is a file and whiptail exists, prompt via whiptail and re-run file under su
|
||||||
if command -v whiptail &>/dev/null; then
|
if [[ -f "$0" ]] && command -v whiptail &>/dev/null; then
|
||||||
PW=$(whiptail --passwordbox "Root privileges required.\nEnter root password:" 10 60 3>&1 1>&2 2>&3) || exit 1
|
PW=$(whiptail --passwordbox "Root privileges required.
|
||||||
|
Enter root password:" 10 60 3>&1 1>&2 2>&3) || exit 1
|
||||||
|
exec su root -c "$0 $*" <<<"$PW"
|
||||||
else
|
else
|
||||||
read -rsp "Root password: " PW; echo
|
# Fall back for piped-in scripts
|
||||||
|
echo "Root privileges required; re-running under su..."
|
||||||
|
exec su -c "bash -s -- \"$@\"" root
|
||||||
fi
|
fi
|
||||||
exec su -c "$SCRIPT $*" - root <<<"$PW"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Logging #
|
# Logging #
|
||||||
###############################################################################
|
###############################################################################
|
||||||
LOGFILE="/var/log/freshbox.log"
|
|
||||||
exec &> >(tee -a "$LOGFILE")
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# Colours & helpers #
|
|
||||||
###############################################################################
|
|
||||||
RED=$'\e[31m'; YLW=$'\e[33m'; CLR=$'\e[0m'
|
|
||||||
die() { echo -e "${RED}[ERROR] $*${CLR}" >&2; exit 1; }
|
|
||||||
ensure_pkgs() { apt-get -qq update; apt-get -y install "$@"; }
|
ensure_pkgs() { apt-get -qq update; apt-get -y install "$@"; }
|
||||||
msg() { if command -v whiptail &>/dev/null; then whiptail --title "Setup" --msgbox "$1" 10 60; else echo -e "${YLW}$1${CLR}"; fi; }
|
msg() { if command -v whiptail &>/dev/null; then whiptail --title "Setup" --msgbox "$1" 10 60; else echo -e "${YLW}$1${CLR}"; fi; }
|
||||||
confirm() { whiptail --yesno "$1" 10 60; }
|
confirm() { whiptail --yesno "$1" 10 60; }
|
||||||
|
|
@ -100,42 +95,35 @@ msg "Hostname set to $NEW_HOST"
|
||||||
###############################################################################
|
###############################################################################
|
||||||
install -d -m 700 /root/.ssh
|
install -d -m 700 /root/.ssh
|
||||||
chmod 700 /root/.ssh
|
chmod 700 /root/.ssh
|
||||||
# Add default key if provided
|
|
||||||
test -n "$DEFAULT_SSH_KEY" && {
|
test -n "$DEFAULT_SSH_KEY" && {
|
||||||
grep -qxF "$DEFAULT_SSH_KEY" /root/.ssh/authorized_keys 2>/dev/null || \
|
grep -qxF "$DEFAULT_SSH_KEY" /root/.ssh/authorized_keys 2>/dev/null || \
|
||||||
echo "$DEFAULT_SSH_KEY" >> /root/.ssh/authorized_keys
|
echo "$DEFAULT_SSH_KEY" >> /root/.ssh/authorized_keys
|
||||||
chmod 600 /root/.ssh/authorized_keys
|
chmod 600 /root/.ssh/authorized_keys
|
||||||
msg "Default SSH key added for root"
|
msg "Default SSH key added for root"
|
||||||
}
|
}
|
||||||
# Optionally add more keys for root
|
|
||||||
if confirm "Add additional SSH public key for root?"; then
|
if confirm "Add additional SSH public key for root?"; then
|
||||||
KEY=$(whiptail --title "SSH Key (root)" --inputbox "Paste your public key for root:" 12 70 3>&1 1>&2 2>&3) || die "Cancelled"
|
KEY=$(whiptail --title "SSH Key (root)" --inputbox "Paste your public key for root:" 12 70 3>&1 1>&2 2>&3) || die "Cancelled"
|
||||||
grep -qxF "$KEY" /root/.ssh/authorized_keys 2>/dev/null || \
|
grep -qxF "$KEY" /root/.ssh/authorized_keys 2>/dev/null || echo "$KEY" >> /root/.ssh/authorized_keys
|
||||||
echo "$KEY" >> /root/.ssh/authorized_keys
|
|
||||||
chmod 600 /root/.ssh/authorized_keys
|
chmod 600 /root/.ssh/authorized_keys
|
||||||
msg "Additional SSH key added for root"
|
msg "Additional SSH key added for root"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# SSH keys for user jordanwages #
|
# SSH keys for user jordanwages #
|
||||||
###############################################################################
|
###############################################################################
|
||||||
USER_NAME="jordanwages"
|
USER_NAME="jordanwages"
|
||||||
USER_HOME="/home/$USER_NAME"
|
USER_HOME="/home/$USER_NAME"
|
||||||
install -d -m 700 "$USER_HOME/.ssh"
|
install -d -m 700 "$USER_HOME/.ssh"
|
||||||
chown $USER_NAME:$USER_NAME "$USER_HOME/.ssh"
|
chown $USER_NAME:$USER_NAME "$USER_HOME/.ssh"
|
||||||
# Add default key if provided
|
|
||||||
test -n "$DEFAULT_SSH_KEY" && {
|
test -n "$DEFAULT_SSH_KEY" && {
|
||||||
grep -qxF "$DEFAULT_SSH_KEY" "$USER_HOME/.ssh/authorized_keys" 2>/dev/null || \
|
grep -qxF "$DEFAULT_SSH_KEY" "$USER_HOME/.ssh/authorized_keys" 2>/dev/null || echo "$DEFAULT_SSH_KEY" >> "$USER_HOME/.ssh/authorized_keys"
|
||||||
echo "$DEFAULT_SSH_KEY" >> "$USER_HOME/.ssh/authorized_keys"
|
|
||||||
chown $USER_NAME:$USER_NAME "$USER_HOME/.ssh/authorized_keys"
|
chown $USER_NAME:$USER_NAME "$USER_HOME/.ssh/authorized_keys"
|
||||||
chmod 600 "$USER_HOME/.ssh/authorized_keys"
|
chmod 600 "$USER_HOME/.ssh/authorized_keys"
|
||||||
msg "Default SSH key added for $USER_NAME"
|
msg "Default SSH key added for $USER_NAME"
|
||||||
}
|
}
|
||||||
# Optionally add more keys for user
|
|
||||||
if confirm "Add additional SSH public key for $USER_NAME?"; then
|
if confirm "Add additional SSH public key for $USER_NAME?"; then
|
||||||
KEY=$(whiptail --title "SSH Key ($USER_NAME)" --inputbox "Paste public key for $USER_NAME:" 12 70 3>&1 1>&2 2>&3) || die "Cancelled"
|
KEY=$(whiptail --title "SSH Key ($USER_NAME)" --inputbox "Paste public key for $USER_NAME:" 12 70 3>&1 1>&2 2>&3) || die "Cancelled"
|
||||||
grep -qxF "$KEY" "$USER_HOME/.ssh/authorized_keys" 2>/dev/null || \
|
grep -qxF "$KEY" "$USER_HOME/.ssh/authorized_keys" 2>/dev/null || echo "$KEY" >> "$USER_HOME/.ssh/authorized_keys"
|
||||||
echo "$KEY" >> "$USER_HOME/.ssh/authorized_keys"
|
|
||||||
chown $USER_NAME:$USER_NAME "$USER_HOME/.ssh/authorized_keys"
|
chown $USER_NAME:$USER_NAME "$USER_HOME/.ssh/authorized_keys"
|
||||||
chmod 600 "$USER_HOME/.ssh/authorized_keys"
|
chmod 600 "$USER_HOME/.ssh/authorized_keys"
|
||||||
msg "Additional SSH key added for $USER_NAME"
|
msg "Additional SSH key added for $USER_NAME"
|
||||||
|
|
@ -151,11 +139,9 @@ SEL_RAW=$(whiptail --title "Extra Utilities" --checklist \
|
||||||
"${OPTS[@]}" 3>&1 1>&2 2>&3) || true
|
"${OPTS[@]}" 3>&1 1>&2 2>&3) || true
|
||||||
IFS=' ' read -r -a SEL_PKGS <<< "${SEL_RAW//\"/}"
|
IFS=' ' read -r -a SEL_PKGS <<< "${SEL_RAW//\"/}"
|
||||||
ensure_pkgs bat ncdu neofetch cifs-utils "${SEL_PKGS[@]}"
|
ensure_pkgs bat ncdu neofetch cifs-utils "${SEL_PKGS[@]}"
|
||||||
# Aliases
|
|
||||||
echo "alias cat='batcat --paging=never'" >/etc/profile.d/10-bat_alias.sh
|
echo "alias cat='batcat --paging=never'" >/etc/profile.d/10-bat_alias.sh
|
||||||
echo "alias du='ncdu'" >/etc/profile.d/10-ncdu_alias.sh
|
echo "alias du='ncdu'" >/etc/profile.d/10-ncdu_alias.sh
|
||||||
chmod +x /etc/profile.d/10-*alias.sh
|
chmod +x /etc/profile.d/10-*alias.sh
|
||||||
# Neofetch MOTD
|
|
||||||
echo 'neofetch' >/etc/profile.d/90-neofetch.sh
|
echo 'neofetch' >/etc/profile.d/90-neofetch.sh
|
||||||
chmod +x /etc/profile.d/90-neofetch.sh
|
chmod +x /etc/profile.d/90-neofetch.sh
|
||||||
|
|
||||||
|
|
@ -181,7 +167,7 @@ for host in "${CIFS_HOSTS[@]}"; do
|
||||||
grep -q "${host}.wageshouse" /etc/fstab || printf "# $TEMPLATE\n" "username" "password" >> /etc/fstab
|
grep -q "${host}.wageshouse" /etc/fstab || printf "# $TEMPLATE\n" "username" "password" >> /etc/fstab
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
if ! mount -a 2>>"$LOGFILE"; then msg "⚠️ Some CIFS mounts failed. Re-run the script to correct credentials."; fi
|
if ! mount -a 2>>"$LOGFILE"; then msg "⚠️ Some CIFS mounts failed. Re‑run the script to correct credentials."; fi
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Summary #
|
# Summary #
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue