160 lines
4.7 KiB
Bash
160 lines
4.7 KiB
Bash
#!/bin/bash
|
|
|
|
# Update and isntall the packages unsed in my homelab
|
|
# run "curl -L https://johnhgaunt.com/update.sh | bash" as root to use this script
|
|
# wget -O - https://johnhgaunt.com/update.sh | bash
|
|
|
|
GAUNT_CA_CERT_NAME="GauntDC01-CA.crt"
|
|
|
|
# need to be root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "Please run as root"
|
|
exit
|
|
fi
|
|
|
|
# get OS ditro and version
|
|
OS=$(hostnamectl | awk '/Operating System/ {print $3}')
|
|
VM=$(hostnamectl | awk '/Virtualization/ {print $2}')
|
|
if [ "${OS}" == "Ubuntu" ]; then
|
|
OS_VER=$(hostnamectl | awk '/Operating System/ {print $4}')
|
|
else
|
|
OS_VER=$(hostnamectl | awk '/Operating System/ {print $5}')
|
|
fi
|
|
|
|
if [ "${VM}" == "vmware" ]; then
|
|
VM="true"
|
|
else
|
|
VM="false"
|
|
fi
|
|
|
|
# Debian OS
|
|
if [ ${OS} == "Debian" ] || [ ${OS} == "Ubuntu" ]; then
|
|
# upgrade all packages
|
|
apt update; apt upgrade -y
|
|
|
|
# install the apt-transport-https
|
|
apt install -y apt-transport-https wget gnupg2
|
|
|
|
# download the gpg key for PBIS-Open
|
|
wget -O - http://repo.pbis.beyondtrust.com/apt/RPM-GPG-KEY-pbis | apt-key add -
|
|
|
|
# download the repo for PBIS-Open for SSO and Domain
|
|
wget -O /etc/apt/sources.list.d/pbiso.list http://repo.pbis.beyondtrust.com/apt/pbiso.list
|
|
|
|
# update the list of available packages
|
|
apt update
|
|
|
|
# install the packages on all systems
|
|
apt install -y pbis-open sudo rsync nano htop nload iperf iperf3 unattended-upgrades unzip git nfs-common uptimed net-tools build-essential curl
|
|
|
|
# install vm tools
|
|
if [ "${VM}" == "true" ]; then
|
|
apt install -y open-vm-tools
|
|
fi
|
|
|
|
# remove unneeded packages
|
|
apt autoremove -y
|
|
|
|
# modify ssh to allow root login and then restart the service
|
|
sed --in-place "s/^.PermitRootLogin\ prohibit-password/PermitRootLogin\ yes/" /etc/ssh/sshd_config
|
|
systemctl restart sshd
|
|
|
|
# GauntDC01-CA
|
|
curl -o /usr/local/share/ca-certificates/${GAUNT_CA_CERT_NAME} https://johnhgaunt.com/${GAUNT_CA_CERT_NAME}
|
|
update-ca-certificates
|
|
|
|
# CentOS OS
|
|
elif [ "${OS}" == "CentOS" ]; then
|
|
# upgrade all packages
|
|
yum update -y
|
|
|
|
# install the epel for other packages and wget
|
|
yum install -y lrepo-release epel-release yum-utils
|
|
|
|
# download the repo for PBIS-Open for SSO and Domain
|
|
yum-config-manager --add-repo http://repo.pbis.beyondtrust.com/yum/pbiso.repo
|
|
|
|
# clean the yum cache
|
|
yum clean all
|
|
|
|
# remove unneeded packages
|
|
yum autoremove -y
|
|
|
|
# Centos 7
|
|
if [ "${OS_VER}" == "7" ]; then
|
|
# install the packages
|
|
yum install -y pbis-open sudo rsync nano htop nload iperf iperf3 bind-utils yum-cron unzip nfs-utils git wget uptimed net-tools make
|
|
|
|
# install vm tools
|
|
if [ "${VM}" == "true" ]; then
|
|
yum install -y open-vm-tools
|
|
fi
|
|
|
|
# modify yum-cron config to auto install security updates and enable/start the service
|
|
sed --in-place "s/^update_cmd\ =\ security/update_cmd\ =\ default/" /etc/yum/yum-cron.conf
|
|
sed --in-place "s/^apply_updates\ =\ no/apply_updates\ =\ yes/" /etc/yum/yum-cron.conf
|
|
systemctl enable yum-cron
|
|
systemctl restart yum-cron
|
|
|
|
# start and enable uptimed
|
|
systemctl start uptimed
|
|
systemctl enable uptimed
|
|
fi
|
|
# Centos 7
|
|
if [ "${OS_VER}" == "8" ]; then
|
|
# install the packages
|
|
# libnsl is needed for pbis and needs to be installed already
|
|
dnf install -y libnsl
|
|
dnf install -y sudo pbis-open rsync nano htop iperf3 bind-utils unzip nfs-utils git wget net-tools make
|
|
|
|
# install vm tools
|
|
if [ "${VM}" == "true" ]; then
|
|
dnf install -y open-vm-tools
|
|
fi
|
|
|
|
# https://github.com/BeyondTrust/pbis-open/issues/242
|
|
cp /opt/pbis/share/rhel/8.0/pbis.pp /opt/pbis/share/
|
|
|
|
# remove and then install pbis-open again
|
|
dnf remove -y pbis-open
|
|
dnf isntall -y pbis-open
|
|
fi
|
|
|
|
# modify ssh to allow root login and then restart the service
|
|
sed --in-place "s/^#PermitRootLogin\ yes/PermitRootLogin\ yes/" /etc/ssh/sshd_config
|
|
systemctl restart sshd
|
|
|
|
# GauntDC01-CA
|
|
curl -o /etc/pki/ca-trust/source/anchors/${GAUNT_CA_CERT_NAME} https://johnhgaunt.com/${GAUNT_CA_CERT_NAME}
|
|
update-ca-trust
|
|
|
|
else
|
|
echo "Unable to determine linux distro"
|
|
exit
|
|
fi
|
|
|
|
|
|
# clone the homelab scripts for use later
|
|
if [ -d /opt/homelab-scripts ]; then
|
|
cd /opt/homelab-scripts
|
|
git pull
|
|
else
|
|
cd /opt
|
|
git clone https://git.johnhgaunt.com/jgaunt/homelab-scripts.git
|
|
fi
|
|
|
|
# install neofetch
|
|
if [ -d /opt/neofetch ]; then
|
|
cd /opt/neofetch
|
|
git pull
|
|
make install
|
|
else
|
|
cd /opt
|
|
git clone https://github.com/dylanaraps/neofetch.git
|
|
cd /opt/neofetch
|
|
make install
|
|
fi
|
|
|
|
# go to home directory
|
|
cd ~
|