crappyrules
/
mistborn
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Merge branch 'testing' into 'master' 

Testing

See merge request cyber5k/mistborn!31
merge-requests/31/merge
Sebastian Werner 6 years ago
parent
fc4a3f6e42 2568454de5
commit
cfef8a58dd
7 changed files with 133 additions and 67 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 31
      scripts/install.sh
  2. 12
      scripts/subinstallers/cockpit.sh
  3. 14
      scripts/subinstallers/docker.sh
  4. 7
      scripts/subinstallers/docker_manual.sh
  5. 15
      scripts/subinstallers/iptables.sh
  6. 4
      scripts/subinstallers/openssl.sh
  7. 7
      scripts/subinstallers/wireguard.sh

31
scripts/install.sh
Unescape View File

@ -93,15 +93,22 @@ pushd .
cd /opt/mistborn cd /opt/mistborn
git submodule update --init --recursive git submodule update --init --recursive
# get os and distro
source ./scripts/subinstallers/platform.sh
# initial load update package list # initial load update package list
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ] ; then
sudo apt-get update sudo apt-get update
elif ["$DISTRO" == "arch"]; then
sudo pacman -Syyy
fi
# install figlet # install figlet
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ] ; then
sudo apt-get install -y figlet sudo apt-get install -y figlet
elif ["$DISTRO" == "arch"]; then
# get os and distro sudo pacman -S --noconfirm figlet
source ./scripts/subinstallers/platform.sh fi
# iptables # iptables
echo "Setting up firewall (iptables)" echo "Setting up firewall (iptables)"
@ -125,13 +132,19 @@ sudo systemctl enable ssh
sudo systemctl restart ssh sudo systemctl restart ssh
# Additional tools fail2ban # Additional tools fail2ban
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ] ; then
sudo apt-get install -y dnsutils fail2ban sudo apt-get install -y dnsutils fail2ban
elif ["$DISTRO" == "arch"]; then
sudo pacman -S --noconfirm bind-tools fail2ban
fi
# Install kernel headers # Install kernel headers
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then
sudo apt install -y linux-headers-$(uname -r) sudo apt install -y linux-headers-$(uname -r)
elif [ "$DISTRO" == "raspbian" ]; then elif [ "$DISTRO" == "raspbian" ]; then
sudo apt-get install -y raspberrypi-kernel-headers sudo apt-get install -y raspberrypi-kernel-headers
elif ["$DISTRO" == "arch"]; then
sudo pacman -S --noconfirm linux-lts-headers
fi fi
# Wireugard # Wireugard
@ -143,7 +156,7 @@ sudo systemctl enable docker
sudo systemctl start docker sudo systemctl start docker
# Unattended upgrades # Unattended upgrades
sudo apt-get install -y unattended-upgrades #sudo apt-get install -y unattended-upgrades
# Cockpit # Cockpit
if [[ "$MISTBORN_INSTALL_COCKPIT" =~ ^([yY][eE][sS]|[yY])$ ]] if [[ "$MISTBORN_INSTALL_COCKPIT" =~ ^([yY][eE][sS]|[yY])$ ]]
@ -174,12 +187,12 @@ IPV4_PUBLIC="10.2.3.1"
#fi #fi
# unattended upgrades # unattended upgrades
sudo cp ./scripts/conf/20auto-upgrades /etc/apt/apt.conf.d/ #sudo cp ./scripts/conf/20auto-upgrades /etc/apt/apt.conf.d/
sudo cp ./scripts/conf/50unattended-upgrades /etc/apt/apt.conf.d/ #sudo cp ./scripts/conf/50unattended-upgrades /etc/apt/apt.conf.d/
sudo systemctl stop unattended-upgrades #sudo systemctl stop unattended-upgrades
sudo systemctl daemon-reload sudo systemctl daemon-reload
sudo systemctl restart unattended-upgrades #sudo systemctl restart unattended-upgrades
# setup Mistborn services # setup Mistborn services

12
scripts/subinstallers/cockpit.sh
Unescape View File

@ -15,14 +15,26 @@ elif [ "$DISTRO" == "raspbian" ]; then
echo "Raspbian repos contain cockpit" echo "Raspbian repos contain cockpit"
elif [ "$DISTRO" == "arch" ]; then
echo "Arch Linux repos contain cockpit"
fi fi
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
sudo apt-get install -y cockpit sudo apt-get install -y cockpit
elif ["$DISTRO" == "arch"]; then
sudo pacman -S --noconfirm cockpit
fi
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
if $(sudo apt-cache show cockpit-docker > /dev/null 2>&1) ; then if $(sudo apt-cache show cockpit-docker > /dev/null 2>&1) ; then
# no longer supported upstream in Ubuntu 20.04 # no longer supported upstream in Ubuntu 20.04
sudo apt-get install -y cockpit-docker sudo apt-get install -y cockpit-docker
fi fi
elif [ "$DISTRO" == "arch" ]; then
sudo pacman -S --noconfirm cockpit-docker
fi
sudo cp ./scripts/conf/cockpit.conf /etc/cockpit/cockpit.conf sudo cp ./scripts/conf/cockpit.conf /etc/cockpit/cockpit.conf
sudo systemctl restart cockpit.socket sudo systemctl restart cockpit.socket

14
scripts/subinstallers/docker.sh
Unescape View File

@ -3,12 +3,22 @@
# Docker # Docker
figlet "Mistborn: Installing Docker" figlet "Mistborn: Installing Docker"
sudo apt update if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
sudo apt install -y python python3-pip python3-setuptools libffi-dev python3-dev libssl-dev sudo apt-get update
sudo apt-get install -y python python3-pip python3-setuptools libffi-dev python3-dev libssl-dev
elif [ "$DISTRO" == "arch" ]; then
sudo pacman -Syyy
sudo pacman -S --noconfirm python python-pip python-setuptools libffi openssl
fi
if [ "$DISTRO" == "ubuntu" ] && [ "$VERSION_ID" == "20.04" ]; then if [ "$DISTRO" == "ubuntu" ] && [ "$VERSION_ID" == "20.04" ]; then
echo "Automated Docker install" echo "Automated Docker install"
sudo apt-get install -y docker-compose sudo apt-get install -y docker-compose
elif [ "$DISTRO" == "arch" ]; then
echo "Semi-Automated Docker install"
sudo pacman -S --noconfirm docker-compose
source ./scripts/subinstallers/docker_manual.sh
else else
echo "Manual Docker installation" echo "Manual Docker installation"
source ./scripts/subinstallers/docker_manual.sh source ./scripts/subinstallers/docker_manual.sh

7
scripts/subinstallers/docker_manual.sh
Unescape View File

@ -38,8 +38,12 @@ elif [ "$DISTRO" == "raspbian" ]; then
fi fi
# install Docker # install Docker
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
echo "Installing docker" echo "Installing docker"
sudo apt-get update sudo apt-get update
fi
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then
sudo apt-get install -y docker-ce docker-ce-cli containerd.io sudo apt-get install -y docker-ce docker-ce-cli containerd.io
@ -52,6 +56,7 @@ fi
# Docker group # Docker group
sudo usermod -aG docker $USER sudo usermod -aG docker $USER
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
# Docker Compose # Docker Compose
echo "Installing Docker Compose" echo "Installing Docker Compose"
#if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then #if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then
@ -65,4 +70,4 @@ sudo apt install -y python-backports.ssl-match-hostname
# This might take a while # This might take a while
sudo pip3 install docker-compose sudo pip3 install docker-compose
#fi #fi
fi

15
scripts/subinstallers/iptables.sh
Unescape View File

@ -94,6 +94,7 @@ sudo ip6tables -P FORWARD DROP
sudo ip6tables -P OUTPUT ACCEPT sudo ip6tables -P OUTPUT ACCEPT
# iptables-persistent # iptables-persistent
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
if [ ! "$(dpkg-query -l iptables-persistent)" ]; then if [ ! "$(dpkg-query -l iptables-persistent)" ]; then
echo "Installing iptables-persistent" echo "Installing iptables-persistent"
@ -109,12 +110,26 @@ else
echo "Saving ip6tables rules" echo "Saving ip6tables rules"
sudo bash -c "ip6tables-save > /etc/iptables/rules.v6" sudo bash -c "ip6tables-save > /etc/iptables/rules.v6"
fi fi
elif [ "$DISTRO" == "arch" ]; then
echo "Saving iptables rules"
sudo bash -c "iptables-save > /etc/iptables/rules.v4"
echo "Saving ip6tables rules"
sudo bash -c "ip6tables-save > /etc/iptables/rules.v6"
fi
# IP forwarding # IP forwarding
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
sudo sed -i 's/.*net.ipv4.ip_forward.*/net.ipv4.ip_forward=1/' /etc/sysctl.conf sudo sed -i 's/.*net.ipv4.ip_forward.*/net.ipv4.ip_forward=1/' /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf sudo sysctl -p /etc/sysctl.conf
elif [ "$DISTRO" == "arch" ]; then
sudo echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/30-ipforward.conf
sudo sysctl -p /etc/sysctl.d/30-ipforward.conf
fi
# rsyslog to create /var/log/iptables.log # rsyslog to create /var/log/iptables.log
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
sudo cp ./scripts/conf/15-iptables.conf /etc/rsyslog.d/ sudo cp ./scripts/conf/15-iptables.conf /etc/rsyslog.d/
sudo chown root:root /etc/rsyslog.d/15-iptables.conf sudo chown root:root /etc/rsyslog.d/15-iptables.conf
sudo systemctl restart rsyslog sudo systemctl restart rsyslog
fi
## implement archlinux alternativ

4
scripts/subinstallers/openssl.sh
Unescape View File

@ -8,7 +8,11 @@ CRT_PATH="$KEY_FOLDER/$CRT_FILE"
KEY_PATH="$KEY_FOLDER/$KEY_FILE" KEY_PATH="$KEY_FOLDER/$KEY_FILE"
# ensure openssl installed # ensure openssl installed
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
sudo apt-get install -y openssl sudo apt-get install -y openssl
elif [ "$DISTRO" == "arch" ]; then
sudo pacman -S --noconfirm openssl
fi
# make folder # make folder
mkdir -p $KEY_FOLDER mkdir -p $KEY_FOLDER

7
scripts/subinstallers/wireguard.sh
Unescape View File

@ -3,6 +3,7 @@
figlet "Mistborn: Installing Wireguard" figlet "Mistborn: Installing Wireguard"
# if wireguard not in current repositories # if wireguard not in current repositories
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
if ! $(sudo apt-cache show wireguard > /dev/null 2>&1) ; then if ! $(sudo apt-cache show wireguard > /dev/null 2>&1) ; then
# install PPAs # install PPAs
@ -26,7 +27,13 @@ if ! $(sudo apt-cache show wireguard > /dev/null 2>&1) ; then
sudo bash -c "printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable" sudo bash -c "printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable"
fi fi
fi fi
fi
echo "Installing Wireguard" echo "Installing Wireguard"
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
sudo apt-get update sudo apt-get update
sudo apt-get install -y openresolv wireguard sudo apt-get install -y openresolv wireguard
elif [ "$DISTRO" == "arch" ]; then
sudo pacman -Syyy
sudo pacman -S --noconfirm openresolv wireguard-lts wireguard-tools
fi

Write Preview
Loading…
Cancel
Save