#!/bin/bash # Update and isntall the packages unsed in my homelab # run "curl -L https://johnhgaunt.com/update.sh | bash" as root to use this script # wget -O - https://johnhgaunt.com/update.sh | bash GAUNT_CA_CERT_NAME="GauntCA.crt" # need to be root if [ "$EUID" -ne 0 ]; then echo "Please run as root" exit fi # get OS ditro and version OS=$(hostnamectl | awk '/Operating System/ {print $3}') CHASSIS=$(hostnamectl | awk '/Chassis/ {print $2}') VIRTUALIZATION=$(hostnamectl | awk '/Virtualization/ {print $2}') if [ "${OS}" == "Ubuntu" ]; then OS_VERSION=$(hostnamectl | awk '/Operating System/ {print $4}') else OS_VERSION=$(hostnamectl | awk '/Operating System/ {print $5}') fi if [ "${VIRTUALIZATION}" == "vmware" ]; then VM="true" else VM="false" fi if [ "${VIRTUALIZATION}" == "kvm" ]; then KVM="true" else KVM="false" fi # set custom bash settings system wide cat < /etc/profile.d/gaunt_custom_bash.sh # set bash history to date and time export HISTTIMEFORMAT="%F %T " EOF # Debian OS if [ ${OS} == "Debian" ] || [ ${OS} == "Ubuntu" ]; then # accept default prompts export DEBIAN_FRONTEND=noninteractive # upgrade all packages apt update; apt upgrade -y # install the packages on all systems apt install -y apt-transport-https wget tar gnupg2 sudo dnsutils rsync nano htop nload iperf iperf3 unattended-upgrades unzip bzip2 git nfs-common uptimed net-tools build-essential curl realmd oddjob oddjob-mkhomedir sssd sssd-tools libnss-sss libpam-sss adcli mlocate ncdu wireguard clevis # enable unattended-upgrades echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean true | debconf-set-selections # enable non-security updates sed --in-place 's/^\/\/ "origin=Debian,codename=\${distro_codename}-updates";/ "origin=Debian,codename=\${distro_codename}-updates";/' /etc/apt/apt.conf.d/50unattended-upgrades sed --in-place 's/^\/\/ "origin=Debian,codename=\${distro_codename}-proposed-updates";/ "origin=Debian,codename=\${distro_codename}-proposed-updates";/' /etc/apt/apt.conf.d/50unattended-upgrades sed --in-place 's/^\/\/Unattended-Upgrade::Remove-Unused-Dependencies "false";/Unattended-Upgrade::Remove-Unused-Dependencies "true";/' /etc/apt/apt.conf.d/50unattended-upgrades dpkg-reconfigure -f noninteractive unattended-upgrades # install vm tools if [ "${VM}" == "true" ]; then apt install -y open-vm-tools fi if [ "${KVM}" == "true" ]; then apt install -y qemu-guest-agent fi # remove unneeded packages apt autoremove -y # modify ssh to allow root login and then restart the service sed --in-place "s/^.PermitRootLogin.*/PermitRootLogin\ yes/" /etc/ssh/sshd_config systemctl restart sshd # GauntDC01-CA curl -o /usr/local/share/ca-certificates/${GAUNT_CA_CERT_NAME} https://johnhgaunt.com/${GAUNT_CA_CERT_NAME} update-ca-certificates # CentOS OS elif [ "${OS}" == "CentOS" ] || [ "${OS}" == "Rocky" ]; then # Centos 7 if [ "${OS_VERSION}" == "7" ]; then # upgrade all packages yum update -y # install the epel for other packages and wget yum install -y elrepo-release epel-release yum-utils # clean the yum cache yum clean all # remove unneeded packages yum autoremove -y # install the packages yum install -y sudo rsync tar nano htop nload iperf iperf3 bind-utils yum-cron unzip bzip2 nfs-utils git wget uptimed net-tools make realmd oddjob oddjob-mkhomedir sssd adcli mlocate ncdu wireguard clevis # install vm tools if [ "${VM}" == "true" ]; then yum install -y open-vm-tools fi if [ "${KVM}" == "true" ]; then yum install -y qemu-guest-agent fi # modify yum-cron config to auto install security updates and enable/start the service sed --in-place "s/^update_cmd\ =\ security/update_cmd\ =\ default/" /etc/yum/yum-cron.conf sed --in-place "s/^apply_updates\ =\ no/apply_updates\ =\ yes/" /etc/yum/yum-cron.conf systemctl enable yum-cron systemctl restart yum-cron # start and enable uptimed systemctl start uptimed systemctl enable uptimed fi # Centos 8/Rocky 9.0 if [ "${OS_VERSION}" == "8" ] || [ "${OS_VERSION}" == "9.0" ]; then # upgrade all packages dnf update -y # install the epel for other packages and wget dnf install -y elrepo-release epel-release yum-utils # enable powertools dnf config-manager --enable crb # clean the yum cache dnf clean all # remove unneeded packages dnf autoremove -y # install the packages dnf install -y sudo rsync tar nano htop iperf3 bind-utils unzip bzip2 nfs-utils git wget net-tools make dnf-automatic realmd oddjob oddjob-mkhomedir sssd adcli mlocate ncdu wireguard clevis # enable automatic updates sed --in-place "s/^apply_updates\ =\ no/apply_updates\ =\ yes/" /etc/dnf/automatic.conf systemctl enable --now dnf-automatic.timer # install vm tools if [ "${VM}" == "true" ]; then dnf install -y open-vm-tools fi if [ "${KVM}" == "true" ]; then dnf install -y qemu-guest-agent fi fi # modify ssh to allow root login and then restart the service sed --in-place "s/^.PermitRootLogin.*/PermitRootLogin\ yes/" /etc/ssh/sshd_config systemctl restart sshd # GauntDC01-CA curl -o /etc/pki/ca-trust/source/anchors/${GAUNT_CA_CERT_NAME} https://johnhgaunt.com/${GAUNT_CA_CERT_NAME} update-ca-trust else echo "Unsupported OS detected." echo "OS: ${OS}" echo "OS Version: ${OS_VERSION}" echo "VM: ${VM}" echo "KVM: ${KVM}" exit fi # clone the homelab scripts for use later if [ -d /opt/homelab-scripts ]; then cd /opt/homelab-scripts git pull --ff-only else cd /opt git clone https://git.johnhgaunt.com/jgaunt/homelab-scripts fi # install neofetch if [ -d /opt/neofetch ]; then cd /opt/neofetch git pull --ff-only make install else cd /opt git clone https://github.com/dylanaraps/neofetch cd /opt/neofetch make install fi # go to home directory cd ~