crappyrules
/
mistborn
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Merge branch 'testing' into 'master' 

Testing

See merge request cyber5k/mistborn!31
merge-requests/31/merge
Sebastian Werner 6 years ago
parent
fc4a3f6e42 2568454de5
commit
cfef8a58dd
7 changed files with 133 additions and 67 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 37
      scripts/install.sh
  2. 20
      scripts/subinstallers/cockpit.sh
  3. 14
      scripts/subinstallers/docker.sh
  4. 35
      scripts/subinstallers/docker_manual.sh
  5. 41
      scripts/subinstallers/iptables.sh
  6. 6
      scripts/subinstallers/openssl.sh
  7. 47
      scripts/subinstallers/wireguard.sh

37
scripts/install.sh
Unescape View File

@ -93,15 +93,22 @@ pushd .
cd /opt/mistborn cd /opt/mistborn
git submodule update --init --recursive git submodule update --init --recursive
# initial load update package list
sudo apt-get update
# install figlet
sudo apt-get install -y figlet
# get os and distro # get os and distro
source ./scripts/subinstallers/platform.sh source ./scripts/subinstallers/platform.sh
# initial load update package list
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ] ; then
sudo apt-get update
elif ["$DISTRO" == "arch"]; then
sudo pacman -Syyy
fi
# install figlet
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ] ; then
sudo apt-get install -y figlet
elif ["$DISTRO" == "arch"]; then
sudo pacman -S --noconfirm figlet
fi
# iptables # iptables
echo "Setting up firewall (iptables)" echo "Setting up firewall (iptables)"
@ -125,13 +132,19 @@ sudo systemctl enable ssh
sudo systemctl restart ssh sudo systemctl restart ssh
# Additional tools fail2ban # Additional tools fail2ban
sudo apt-get install -y dnsutils fail2ban if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ] ; then
sudo apt-get install -y dnsutils fail2ban
elif ["$DISTRO" == "arch"]; then
sudo pacman -S --noconfirm bind-tools fail2ban
fi
# Install kernel headers # Install kernel headers
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then
sudo apt install -y linux-headers-$(uname -r) sudo apt install -y linux-headers-$(uname -r)
elif [ "$DISTRO" == "raspbian" ]; then elif [ "$DISTRO" == "raspbian" ]; then
sudo apt-get install -y raspberrypi-kernel-headers sudo apt-get install -y raspberrypi-kernel-headers
elif ["$DISTRO" == "arch"]; then
sudo pacman -S --noconfirm linux-lts-headers
fi fi
# Wireugard # Wireugard
@ -143,7 +156,7 @@ sudo systemctl enable docker
sudo systemctl start docker sudo systemctl start docker
# Unattended upgrades # Unattended upgrades
sudo apt-get install -y unattended-upgrades #sudo apt-get install -y unattended-upgrades
# Cockpit # Cockpit
if [[ "$MISTBORN_INSTALL_COCKPIT" =~ ^([yY][eE][sS]|[yY])$ ]] if [[ "$MISTBORN_INSTALL_COCKPIT" =~ ^([yY][eE][sS]|[yY])$ ]]
@ -174,12 +187,12 @@ IPV4_PUBLIC="10.2.3.1"
#fi #fi
# unattended upgrades # unattended upgrades
sudo cp ./scripts/conf/20auto-upgrades /etc/apt/apt.conf.d/ #sudo cp ./scripts/conf/20auto-upgrades /etc/apt/apt.conf.d/
sudo cp ./scripts/conf/50unattended-upgrades /etc/apt/apt.conf.d/ #sudo cp ./scripts/conf/50unattended-upgrades /etc/apt/apt.conf.d/
sudo systemctl stop unattended-upgrades #sudo systemctl stop unattended-upgrades
sudo systemctl daemon-reload sudo systemctl daemon-reload
sudo systemctl restart unattended-upgrades #sudo systemctl restart unattended-upgrades
# setup Mistborn services # setup Mistborn services

20
scripts/subinstallers/cockpit.sh
Unescape View File

@ -15,13 +15,25 @@ elif [ "$DISTRO" == "raspbian" ]; then
echo "Raspbian repos contain cockpit" echo "Raspbian repos contain cockpit"
elif [ "$DISTRO" == "arch" ]; then
echo "Arch Linux repos contain cockpit"
fi fi
sudo apt-get install -y cockpit if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
sudo apt-get install -y cockpit
elif ["$DISTRO" == "arch"]; then
sudo pacman -S --noconfirm cockpit
fi
if $(sudo apt-cache show cockpit-docker > /dev/null 2>&1) ; then if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
# no longer supported upstream in Ubuntu 20.04 if $(sudo apt-cache show cockpit-docker > /dev/null 2>&1) ; then
sudo apt-get install -y cockpit-docker # no longer supported upstream in Ubuntu 20.04
sudo apt-get install -y cockpit-docker
fi
elif [ "$DISTRO" == "arch" ]; then
sudo pacman -S --noconfirm cockpit-docker
fi fi
sudo cp ./scripts/conf/cockpit.conf /etc/cockpit/cockpit.conf sudo cp ./scripts/conf/cockpit.conf /etc/cockpit/cockpit.conf

14
scripts/subinstallers/docker.sh
Unescape View File

@ -3,12 +3,22 @@
# Docker # Docker
figlet "Mistborn: Installing Docker" figlet "Mistborn: Installing Docker"
sudo apt update if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
sudo apt install -y python python3-pip python3-setuptools libffi-dev python3-dev libssl-dev sudo apt-get update
sudo apt-get install -y python python3-pip python3-setuptools libffi-dev python3-dev libssl-dev
elif [ "$DISTRO" == "arch" ]; then
sudo pacman -Syyy
sudo pacman -S --noconfirm python python-pip python-setuptools libffi openssl
fi
if [ "$DISTRO" == "ubuntu" ] && [ "$VERSION_ID" == "20.04" ]; then if [ "$DISTRO" == "ubuntu" ] && [ "$VERSION_ID" == "20.04" ]; then
echo "Automated Docker install" echo "Automated Docker install"
sudo apt-get install -y docker-compose sudo apt-get install -y docker-compose
elif [ "$DISTRO" == "arch" ]; then
echo "Semi-Automated Docker install"
sudo pacman -S --noconfirm docker-compose
source ./scripts/subinstallers/docker_manual.sh
else else
echo "Manual Docker installation" echo "Manual Docker installation"
source ./scripts/subinstallers/docker_manual.sh source ./scripts/subinstallers/docker_manual.sh

35
scripts/subinstallers/docker_manual.sh
Unescape View File

@ -38,8 +38,12 @@ elif [ "$DISTRO" == "raspbian" ]; then
fi fi
# install Docker # install Docker
echo "Installing docker" if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
sudo apt-get update echo "Installing docker"
sudo apt-get update
fi
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then
sudo apt-get install -y docker-ce docker-ce-cli containerd.io sudo apt-get install -y docker-ce docker-ce-cli containerd.io
@ -52,17 +56,18 @@ fi
# Docker group # Docker group
sudo usermod -aG docker $USER sudo usermod -aG docker $USER
# Docker Compose if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
echo "Installing Docker Compose" # Docker Compose
#if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then echo "Installing Docker Compose"
# sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose #if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then
# sudo chmod +x /usr/local/bin/docker-compose # sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
#elif [ "$DISTRO" == "raspbian" ]; then # sudo chmod +x /usr/local/bin/docker-compose
# Install required packages #elif [ "$DISTRO" == "raspbian" ]; then
sudo apt install -y python-backports.ssl-match-hostname # Install required packages
sudo apt install -y python-backports.ssl-match-hostname
# Install Docker Compose from pip
# This might take a while
sudo pip3 install docker-compose
#fi
# Install Docker Compose from pip
# This might take a while
sudo pip3 install docker-compose
#fi
fi

41
scripts/subinstallers/iptables.sh
Unescape View File

@ -94,16 +94,23 @@ sudo ip6tables -P FORWARD DROP
sudo ip6tables -P OUTPUT ACCEPT sudo ip6tables -P OUTPUT ACCEPT
# iptables-persistent # iptables-persistent
if [ ! "$(dpkg-query -l iptables-persistent)" ]; then if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
echo "Installing iptables-persistent" if [ ! "$(dpkg-query -l iptables-persistent)" ]; then
echo "Installing iptables-persistent"
# answer variables # answer variables
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
# install # install
sudo apt-get install -y iptables-persistent ipset sudo apt-get install -y iptables-persistent ipset
else else
echo "Saving iptables rules"
sudo bash -c "iptables-save > /etc/iptables/rules.v4"
echo "Saving ip6tables rules"
sudo bash -c "ip6tables-save > /etc/iptables/rules.v6"
fi
elif [ "$DISTRO" == "arch" ]; then
echo "Saving iptables rules" echo "Saving iptables rules"
sudo bash -c "iptables-save > /etc/iptables/rules.v4" sudo bash -c "iptables-save > /etc/iptables/rules.v4"
echo "Saving ip6tables rules" echo "Saving ip6tables rules"
@ -111,10 +118,18 @@ else
fi fi
# IP forwarding # IP forwarding
sudo sed -i 's/.*net.ipv4.ip_forward.*/net.ipv4.ip_forward=1/' /etc/sysctl.conf if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
sudo sysctl -p /etc/sysctl.conf sudo sed -i 's/.*net.ipv4.ip_forward.*/net.ipv4.ip_forward=1/' /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf
elif [ "$DISTRO" == "arch" ]; then
sudo echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/30-ipforward.conf
sudo sysctl -p /etc/sysctl.d/30-ipforward.conf
fi
# rsyslog to create /var/log/iptables.log # rsyslog to create /var/log/iptables.log
sudo cp ./scripts/conf/15-iptables.conf /etc/rsyslog.d/ if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
sudo chown root:root /etc/rsyslog.d/15-iptables.conf sudo cp ./scripts/conf/15-iptables.conf /etc/rsyslog.d/
sudo systemctl restart rsyslog sudo chown root:root /etc/rsyslog.d/15-iptables.conf
sudo systemctl restart rsyslog
fi
## implement archlinux alternativ

6
scripts/subinstallers/openssl.sh
Unescape View File

@ -8,7 +8,11 @@ CRT_PATH="$KEY_FOLDER/$CRT_FILE"
KEY_PATH="$KEY_FOLDER/$KEY_FILE" KEY_PATH="$KEY_FOLDER/$KEY_FILE"
# ensure openssl installed # ensure openssl installed
sudo apt-get install -y openssl if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
sudo apt-get install -y openssl
elif [ "$DISTRO" == "arch" ]; then
sudo pacman -S --noconfirm openssl
fi
# make folder # make folder
mkdir -p $KEY_FOLDER mkdir -p $KEY_FOLDER

47
scripts/subinstallers/wireguard.sh
Unescape View File

@ -3,30 +3,37 @@
figlet "Mistborn: Installing Wireguard" figlet "Mistborn: Installing Wireguard"
# if wireguard not in current repositories # if wireguard not in current repositories
if ! $(sudo apt-cache show wireguard > /dev/null 2>&1) ; then if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
# install PPAs if ! $(sudo apt-cache show wireguard > /dev/null 2>&1) ; then
# install PPAs
echo "Adding Wireguard PPAs" echo "Adding Wireguard PPAs"
# Wireguard # Wireguard
if [ "$DISTRO" == "raspbian" ]; then if [ "$DISTRO" == "raspbian" ]; then
echo "Adding Wireguard repo keys" echo "Adding Wireguard repo keys"
sudo apt-get install -y dirmngr sudo apt-get install -y dirmngr
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553 sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010 sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC
fi fi
if [ "$DISTRO" == "ubuntu" ]; then if [ "$DISTRO" == "ubuntu" ]; then
# Ubuntu # Ubuntu
sudo add-apt-repository -y ppa:wireguard/wireguard sudo add-apt-repository -y ppa:wireguard/wireguard
elif [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then elif [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
# Debian # Debian
sudo bash -c 'echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list' sudo bash -c 'echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list'
sudo bash -c "printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable" sudo bash -c "printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable"
fi
fi fi
fi fi
echo "Installing Wireguard" echo "Installing Wireguard"
sudo apt-get update if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
sudo apt-get install -y openresolv wireguard sudo apt-get update
sudo apt-get install -y openresolv wireguard
elif [ "$DISTRO" == "arch" ]; then
sudo pacman -Syyy
sudo pacman -S --noconfirm openresolv wireguard-lts wireguard-tools
fi

Write Preview
Loading…
Cancel
Save