diff --git a/scripts/install.sh b/scripts/install.sh index 07d322e..065f476 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -93,15 +93,22 @@ pushd . cd /opt/mistborn git submodule update --init --recursive -# initial load update package list -sudo apt-get update - -# install figlet -sudo apt-get install -y figlet - # get os and distro source ./scripts/subinstallers/platform.sh +# initial load update package list +if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ] ; then + sudo apt-get update +elif ["$DISTRO" == "arch"]; then + sudo pacman -Syyy +fi + +# install figlet +if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ] ; then + sudo apt-get install -y figlet +elif ["$DISTRO" == "arch"]; then + sudo pacman -S --noconfirm figlet +fi # iptables echo "Setting up firewall (iptables)" @@ -125,13 +132,19 @@ sudo systemctl enable ssh sudo systemctl restart ssh # Additional tools fail2ban -sudo apt-get install -y dnsutils fail2ban +if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ] ; then + sudo apt-get install -y dnsutils fail2ban +elif ["$DISTRO" == "arch"]; then + sudo pacman -S --noconfirm bind-tools fail2ban +fi # Install kernel headers if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then sudo apt install -y linux-headers-$(uname -r) elif [ "$DISTRO" == "raspbian" ]; then sudo apt-get install -y raspberrypi-kernel-headers +elif ["$DISTRO" == "arch"]; then + sudo pacman -S --noconfirm linux-lts-headers fi # Wireugard @@ -143,7 +156,7 @@ sudo systemctl enable docker sudo systemctl start docker # Unattended upgrades -sudo apt-get install -y unattended-upgrades +#sudo apt-get install -y unattended-upgrades # Cockpit if [[ "$MISTBORN_INSTALL_COCKPIT" =~ ^([yY][eE][sS]|[yY])$ ]] @@ -174,12 +187,12 @@ IPV4_PUBLIC="10.2.3.1" #fi # unattended upgrades -sudo cp ./scripts/conf/20auto-upgrades /etc/apt/apt.conf.d/ -sudo cp ./scripts/conf/50unattended-upgrades /etc/apt/apt.conf.d/ +#sudo cp ./scripts/conf/20auto-upgrades /etc/apt/apt.conf.d/ +#sudo cp ./scripts/conf/50unattended-upgrades /etc/apt/apt.conf.d/ -sudo systemctl stop unattended-upgrades +#sudo systemctl stop unattended-upgrades sudo systemctl daemon-reload -sudo systemctl restart unattended-upgrades +#sudo systemctl restart unattended-upgrades # setup Mistborn services diff --git a/scripts/subinstallers/cockpit.sh b/scripts/subinstallers/cockpit.sh index 1a9d7f5..104feb2 100755 --- a/scripts/subinstallers/cockpit.sh +++ b/scripts/subinstallers/cockpit.sh @@ -15,13 +15,25 @@ elif [ "$DISTRO" == "raspbian" ]; then echo "Raspbian repos contain cockpit" +elif [ "$DISTRO" == "arch" ]; then + + echo "Arch Linux repos contain cockpit" + fi -sudo apt-get install -y cockpit +if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then + sudo apt-get install -y cockpit +elif ["$DISTRO" == "arch"]; then + sudo pacman -S --noconfirm cockpit +fi -if $(sudo apt-cache show cockpit-docker > /dev/null 2>&1) ; then - # no longer supported upstream in Ubuntu 20.04 - sudo apt-get install -y cockpit-docker +if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then + if $(sudo apt-cache show cockpit-docker > /dev/null 2>&1) ; then + # no longer supported upstream in Ubuntu 20.04 + sudo apt-get install -y cockpit-docker + fi +elif [ "$DISTRO" == "arch" ]; then + sudo pacman -S --noconfirm cockpit-docker fi sudo cp ./scripts/conf/cockpit.conf /etc/cockpit/cockpit.conf diff --git a/scripts/subinstallers/docker.sh b/scripts/subinstallers/docker.sh index b21d452..d915ca6 100755 --- a/scripts/subinstallers/docker.sh +++ b/scripts/subinstallers/docker.sh @@ -3,12 +3,22 @@ # Docker figlet "Mistborn: Installing Docker" -sudo apt update -sudo apt install -y python python3-pip python3-setuptools libffi-dev python3-dev libssl-dev +if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then + sudo apt-get update + sudo apt-get install -y python python3-pip python3-setuptools libffi-dev python3-dev libssl-dev +elif [ "$DISTRO" == "arch" ]; then + sudo pacman -Syyy + sudo pacman -S --noconfirm python python-pip python-setuptools libffi openssl +fi + if [ "$DISTRO" == "ubuntu" ] && [ "$VERSION_ID" == "20.04" ]; then echo "Automated Docker install" sudo apt-get install -y docker-compose +elif [ "$DISTRO" == "arch" ]; then + echo "Semi-Automated Docker install" + sudo pacman -S --noconfirm docker-compose + source ./scripts/subinstallers/docker_manual.sh else echo "Manual Docker installation" source ./scripts/subinstallers/docker_manual.sh diff --git a/scripts/subinstallers/docker_manual.sh b/scripts/subinstallers/docker_manual.sh index 9692109..447918c 100755 --- a/scripts/subinstallers/docker_manual.sh +++ b/scripts/subinstallers/docker_manual.sh @@ -38,8 +38,12 @@ elif [ "$DISTRO" == "raspbian" ]; then fi # install Docker -echo "Installing docker" -sudo apt-get update +if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then + echo "Installing docker" + sudo apt-get update +fi + + if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then sudo apt-get install -y docker-ce docker-ce-cli containerd.io @@ -52,17 +56,18 @@ fi # Docker group sudo usermod -aG docker $USER -# Docker Compose -echo "Installing Docker Compose" -#if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then -# sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose -# sudo chmod +x /usr/local/bin/docker-compose -#elif [ "$DISTRO" == "raspbian" ]; then -# Install required packages -sudo apt install -y python-backports.ssl-match-hostname - -# Install Docker Compose from pip -# This might take a while -sudo pip3 install docker-compose -#fi +if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then + # Docker Compose + echo "Installing Docker Compose" + #if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then + # sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose + # sudo chmod +x /usr/local/bin/docker-compose + #elif [ "$DISTRO" == "raspbian" ]; then + # Install required packages + sudo apt install -y python-backports.ssl-match-hostname + # Install Docker Compose from pip + # This might take a while + sudo pip3 install docker-compose + #fi +fi diff --git a/scripts/subinstallers/iptables.sh b/scripts/subinstallers/iptables.sh index 3715306..f06ed5d 100755 --- a/scripts/subinstallers/iptables.sh +++ b/scripts/subinstallers/iptables.sh @@ -94,16 +94,23 @@ sudo ip6tables -P FORWARD DROP sudo ip6tables -P OUTPUT ACCEPT # iptables-persistent -if [ ! "$(dpkg-query -l iptables-persistent)" ]; then - echo "Installing iptables-persistent" +if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then + if [ ! "$(dpkg-query -l iptables-persistent)" ]; then + echo "Installing iptables-persistent" - # answer variables - echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections - echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections + # answer variables + echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections + echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections - # install - sudo apt-get install -y iptables-persistent ipset -else + # install + sudo apt-get install -y iptables-persistent ipset + else + echo "Saving iptables rules" + sudo bash -c "iptables-save > /etc/iptables/rules.v4" + echo "Saving ip6tables rules" + sudo bash -c "ip6tables-save > /etc/iptables/rules.v6" + fi +elif [ "$DISTRO" == "arch" ]; then echo "Saving iptables rules" sudo bash -c "iptables-save > /etc/iptables/rules.v4" echo "Saving ip6tables rules" @@ -111,10 +118,18 @@ else fi # IP forwarding -sudo sed -i 's/.*net.ipv4.ip_forward.*/net.ipv4.ip_forward=1/' /etc/sysctl.conf -sudo sysctl -p /etc/sysctl.conf +if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then + sudo sed -i 's/.*net.ipv4.ip_forward.*/net.ipv4.ip_forward=1/' /etc/sysctl.conf + sudo sysctl -p /etc/sysctl.conf +elif [ "$DISTRO" == "arch" ]; then + sudo echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/30-ipforward.conf + sudo sysctl -p /etc/sysctl.d/30-ipforward.conf +fi # rsyslog to create /var/log/iptables.log -sudo cp ./scripts/conf/15-iptables.conf /etc/rsyslog.d/ -sudo chown root:root /etc/rsyslog.d/15-iptables.conf -sudo systemctl restart rsyslog +if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then + sudo cp ./scripts/conf/15-iptables.conf /etc/rsyslog.d/ + sudo chown root:root /etc/rsyslog.d/15-iptables.conf + sudo systemctl restart rsyslog +fi +## implement archlinux alternativ diff --git a/scripts/subinstallers/openssl.sh b/scripts/subinstallers/openssl.sh index e010fad..7a70cc6 100755 --- a/scripts/subinstallers/openssl.sh +++ b/scripts/subinstallers/openssl.sh @@ -8,7 +8,11 @@ CRT_PATH="$KEY_FOLDER/$CRT_FILE" KEY_PATH="$KEY_FOLDER/$KEY_FILE" # ensure openssl installed -sudo apt-get install -y openssl +if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then + sudo apt-get install -y openssl +elif [ "$DISTRO" == "arch" ]; then + sudo pacman -S --noconfirm openssl +fi # make folder mkdir -p $KEY_FOLDER diff --git a/scripts/subinstallers/wireguard.sh b/scripts/subinstallers/wireguard.sh index 93b2490..e3cffc6 100755 --- a/scripts/subinstallers/wireguard.sh +++ b/scripts/subinstallers/wireguard.sh @@ -3,30 +3,37 @@ figlet "Mistborn: Installing Wireguard" # if wireguard not in current repositories -if ! $(sudo apt-cache show wireguard > /dev/null 2>&1) ; then - # install PPAs +if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then + if ! $(sudo apt-cache show wireguard > /dev/null 2>&1) ; then + # install PPAs - echo "Adding Wireguard PPAs" + echo "Adding Wireguard PPAs" - # Wireguard - if [ "$DISTRO" == "raspbian" ]; then - echo "Adding Wireguard repo keys" - sudo apt-get install -y dirmngr - sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553 - sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010 - sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC - fi + # Wireguard + if [ "$DISTRO" == "raspbian" ]; then + echo "Adding Wireguard repo keys" + sudo apt-get install -y dirmngr + sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553 + sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010 + sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC + fi - if [ "$DISTRO" == "ubuntu" ]; then - # Ubuntu - sudo add-apt-repository -y ppa:wireguard/wireguard - elif [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then - # Debian - sudo bash -c 'echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list' - sudo bash -c "printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable" + if [ "$DISTRO" == "ubuntu" ]; then + # Ubuntu + sudo add-apt-repository -y ppa:wireguard/wireguard + elif [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then + # Debian + sudo bash -c 'echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list' + sudo bash -c "printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable" + fi fi fi echo "Installing Wireguard" -sudo apt-get update -sudo apt-get install -y openresolv wireguard +if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then + sudo apt-get update + sudo apt-get install -y openresolv wireguard +elif [ "$DISTRO" == "arch" ]; then + sudo pacman -Syyy + sudo pacman -S --noconfirm openresolv wireguard-lts wireguard-tools +fi