197 lines
7.0 KiB
Bash
197 lines
7.0 KiB
Bash
#!/bin/bash
|
|
|
|
# Update and isntall the packages unsed in my homelab
|
|
# run "curl -L https://johnhgaunt.com/update.sh | bash" as root to use this script
|
|
# wget -O - https://johnhgaunt.com/update.sh | bash
|
|
|
|
GAUNT_CA_CERT_NAME="GauntCA.crt"
|
|
|
|
# need to be root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "Please run as root"
|
|
exit
|
|
fi
|
|
|
|
# get OS ditro and version
|
|
OS=$(hostnamectl | awk '/Operating System/ {print $3}')
|
|
CHASSIS=$(hostnamectl | awk '/Chassis/ {print $2}')
|
|
VIRTUALIZATION=$(hostnamectl | awk '/Virtualization/ {print $2}')
|
|
if [ "${OS}" == "Ubuntu" ]; then
|
|
OS_VERSION=$(hostnamectl | awk '/Operating System/ {print $4}')
|
|
else
|
|
OS_VERSION=$(hostnamectl | awk '/Operating System/ {print $5}')
|
|
fi
|
|
|
|
if [ "${VIRTUALIZATION}" == "vmware" ]; then
|
|
VM="true"
|
|
else
|
|
VM="false"
|
|
fi
|
|
if [ "${VIRTUALIZATION}" == "kvm" ]; then
|
|
KVM="true"
|
|
else
|
|
KVM="false"
|
|
fi
|
|
|
|
# set custom bash settings system wide
|
|
cat <<EOF > /etc/profile.d/gaunt_custom_bash.sh
|
|
# set bash history to date and time
|
|
export HISTTIMEFORMAT="%F %T "
|
|
EOF
|
|
|
|
# Debian OS
|
|
if [ ${OS} == "Debian" ] || [ ${OS} == "Ubuntu" ]; then
|
|
|
|
# accept default prompts
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
|
|
# upgrade all packages
|
|
apt update; apt upgrade -y
|
|
|
|
# install the packages on all systems
|
|
apt install -y apt-transport-https wget tar gnupg2 sudo dnsutils rsync nano htop nload iperf iperf3 unattended-upgrades unzip bzip2 git nfs-common uptimed net-tools build-essential curl realmd oddjob oddjob-mkhomedir sssd sssd-tools libnss-sss libpam-sss adcli mlocate ncdu wireguard clevis
|
|
|
|
# enable unattended-upgrades
|
|
echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean true | debconf-set-selections
|
|
# enable non-security updates
|
|
sed --in-place 's/^\/\/ "origin=Debian,codename=\${distro_codename}-updates";/ "origin=Debian,codename=\${distro_codename}-updates";/' /etc/apt/apt.conf.d/50unattended-upgrades
|
|
sed --in-place 's/^\/\/ "origin=Debian,codename=\${distro_codename}-proposed-updates";/ "origin=Debian,codename=\${distro_codename}-proposed-updates";/' /etc/apt/apt.conf.d/50unattended-upgrades
|
|
sed --in-place 's/^\/\/Unattended-Upgrade::Remove-Unused-Dependencies "false";/Unattended-Upgrade::Remove-Unused-Dependencies "true";/' /etc/apt/apt.conf.d/50unattended-upgrades
|
|
dpkg-reconfigure -f noninteractive unattended-upgrades
|
|
|
|
# install vm tools
|
|
if [ "${VM}" == "true" ]; then
|
|
apt install -y open-vm-tools
|
|
fi
|
|
if [ "${KVM}" == "true" ]; then
|
|
apt install -y qemu-guest-agent
|
|
fi
|
|
|
|
# FastFetch install
|
|
#FASTFETCH_FILENAME="fastfetch-linux-amd64.deb"
|
|
# download srouce code of latest releases page
|
|
FASTFETCH_RELEASES_API=$(wget -O - https://api.github.com/repos/fastfetch-cli/fastfetch/releases/latest)
|
|
DOWNLOAD_URL=$(echo ${FASTFETCH_RELEASES_API} | jq -r '.assets[].browser_download_url | select(. | endswith("fastfetch-linux-amd64.deb"))')
|
|
wget -P /tmp ${DOWNLOAD_URL}
|
|
apt install --yes /tmp/fastfetch-linux-amd64.deb
|
|
|
|
# remove unneeded packages
|
|
apt autoremove -y
|
|
|
|
# modify ssh to allow root login and then restart the service
|
|
sed --in-place "s/^.PermitRootLogin.*/PermitRootLogin\ yes/" /etc/ssh/sshd_config
|
|
systemctl restart sshd
|
|
|
|
# GauntDC01-CA
|
|
curl -o /usr/local/share/ca-certificates/${GAUNT_CA_CERT_NAME} https://johnhgaunt.com/${GAUNT_CA_CERT_NAME}
|
|
update-ca-certificates
|
|
|
|
# CentOS OS
|
|
elif [ "${OS}" == "CentOS" ] || [ "${OS}" == "Rocky" ]; then
|
|
# Centos 7
|
|
if [ "${OS_VERSION}" == "7" ]; then
|
|
# upgrade all packages
|
|
yum update -y
|
|
|
|
# install the epel for other packages and wget
|
|
yum install -y elrepo-release epel-release yum-utils
|
|
|
|
# clean the yum cache
|
|
yum clean all
|
|
|
|
# remove unneeded packages
|
|
yum autoremove -y
|
|
|
|
# install the packages
|
|
yum install -y sudo rsync tar nano htop nload iperf iperf3 bind-utils yum-cron unzip bzip2 nfs-utils git wget uptimed net-tools make realmd oddjob oddjob-mkhomedir sssd adcli mlocate ncdu wireguard clevis
|
|
|
|
# install vm tools
|
|
if [ "${VM}" == "true" ]; then
|
|
yum install -y open-vm-tools
|
|
fi
|
|
if [ "${KVM}" == "true" ]; then
|
|
yum install -y qemu-guest-agent
|
|
fi
|
|
|
|
# modify yum-cron config to auto install security updates and enable/start the service
|
|
sed --in-place "s/^update_cmd\ =\ security/update_cmd\ =\ default/" /etc/yum/yum-cron.conf
|
|
sed --in-place "s/^apply_updates\ =\ no/apply_updates\ =\ yes/" /etc/yum/yum-cron.conf
|
|
systemctl enable yum-cron
|
|
systemctl restart yum-cron
|
|
|
|
# start and enable uptimed
|
|
systemctl start uptimed
|
|
systemctl enable uptimed
|
|
fi
|
|
# Centos 8/Rocky 9.0
|
|
if [ "${OS_VERSION}" == "8" ] || [ "${OS_VERSION}" == "9.0" ]; then
|
|
# upgrade all packages
|
|
dnf update -y
|
|
|
|
# install the epel for other packages and wget
|
|
dnf install -y elrepo-release epel-release yum-utils
|
|
|
|
# enable powertools
|
|
dnf config-manager --enable crb
|
|
|
|
# clean the yum cache
|
|
dnf clean all
|
|
|
|
# remove unneeded packages
|
|
dnf autoremove -y
|
|
|
|
# install the packages
|
|
dnf install -y sudo rsync tar nano htop iperf3 bind-utils unzip bzip2 nfs-utils git wget net-tools make dnf-automatic realmd oddjob oddjob-mkhomedir sssd adcli mlocate ncdu wireguard clevis
|
|
|
|
# enable automatic updates
|
|
sed --in-place "s/^apply_updates\ =\ no/apply_updates\ =\ yes/" /etc/dnf/automatic.conf
|
|
systemctl enable --now dnf-automatic.timer
|
|
|
|
# install vm tools
|
|
if [ "${VM}" == "true" ]; then
|
|
dnf install -y open-vm-tools
|
|
fi
|
|
if [ "${KVM}" == "true" ]; then
|
|
dnf install -y qemu-guest-agent
|
|
fi
|
|
|
|
# FastFetch install
|
|
#FASTFETCH_FILENAME="fastfetch-linux-amd64.deb"
|
|
# download srouce code of latest releases page
|
|
FASTFETCH_RELEASES_API=$(wget -O - https://api.github.com/repos/fastfetch-cli/fastfetch/releases/latest)
|
|
DOWNLOAD_URL=$(echo ${FASTFETCH_RELEASES_API} | jq -r '.assets[].browser_download_url | select(. | endswith("fastfetch-linux-amd64.rpm"))')
|
|
wget -P /tmp ${DOWNLOAD_URL}
|
|
dnf install -y /tmp/fastfetch-linux-amd64.rpm
|
|
|
|
fi
|
|
|
|
# modify ssh to allow root login and then restart the service
|
|
sed --in-place "s/^.PermitRootLogin.*/PermitRootLogin\ yes/" /etc/ssh/sshd_config
|
|
systemctl restart sshd
|
|
|
|
# GauntDC01-CA
|
|
curl -o /etc/pki/ca-trust/source/anchors/${GAUNT_CA_CERT_NAME} https://johnhgaunt.com/${GAUNT_CA_CERT_NAME}
|
|
update-ca-trust
|
|
|
|
else
|
|
echo "Unsupported OS detected."
|
|
echo "OS: ${OS}"
|
|
echo "OS Version: ${OS_VERSION}"
|
|
echo "VM: ${VM}"
|
|
echo "KVM: ${KVM}"
|
|
exit
|
|
fi
|
|
|
|
|
|
# clone the homelab scripts for use later
|
|
if [ -d /opt/homelab-scripts ]; then
|
|
cd /opt/homelab-scripts
|
|
git pull --ff-only
|
|
else
|
|
cd /opt
|
|
git clone https://git.johnhgaunt.com/jgaunt/homelab-scripts
|
|
fi
|
|
|
|
# go to home directory
|
|
cd ~
|