Linode/arch.bash

122 lines
4.6 KiB
Bash
Raw Normal View History

2017-08-14 09:52:11 -05:00
#!/bin/bash
## Stolen and edited from https://www.linode.com/stackscripts/view/71751
# <UDF name="username" label="Unprivileged user name" example="This will be the user who will be able to SSH into the server." />
# <UDF name="userpass" label="Unprivileged user password" />
# <UDF name="userpubkey" label="Public key for the user" default="" example="Should look like 'ssh-rsa AAABBB1x2y3z...'" />
# <UDF name="altpubkey" label="Pulls your public key from github using your github username https://github.com/$USERNAME.keys" />
# <UDF name="nopass" label="Disable password authentication for SSH?" oneof="Yes,No" default="Yes" />
# <UDF name="sshport" label="SSH port" default="22" example="It is a good idea to set this to something other than the default of 22."/>
# <UDF name="locale" label="Locale" default="en_US.UTF-8 UTF-8" />
# <UDF name="hostname" label="Host name" example="This is the name of your server."/>
# <UDF name="candy" label="Do you love candy" oneof="Yes,No" default="Yes" />
# <UDF name="timezone" Label="Timezone" default="America/New_York" example="" />
# Redirect STDOUT and STDERR to a log file
LOGFILE='/root/minimal_arch_stackscript.log'
echo Redirecting output to $LOGFILE. This will take some time ...
exec > $LOGFILE 2>&1
echo Setting locale...
localectl set-locale LANG=$LOCALE
locale-gen
echo Updating the System ...
pacman -Syu --noconfirm
if [ "$CANDY" == 'Yes' ]; then
sed -i 's/# Misc options/ILoveCandy/' /etc/pacman.conf
fi
echo
echo "### Installing and configuring reflector ..."
pacman -Sy --noconfirm reflector
reflector --protocol https --threads 10 --latest 10 --sort rate --save /etc/pacman.d/mirrorlist
# Reflector hook
mkdir /etc/pacman.d/hooks
cat << 'EOF' >>/etc/pacman.d/hooks/mirrorupgrade.hook
[Trigger]
Operation = Upgrade
Type = Package
Target = pacman-mirrorlist
[Action]
Description = Updating pacman-mirrorlist with reflector and removing pacnew...
When = PostTransaction
Depends = reflector
Exec = /usr/bin/env sh -c "reflector --country 'United States' --latest 200 --age 24 --sort rate --save /etc/pacman.d/mirrorlist; if [[ -f /etc/pacman.d/mirrorlist.pacnew ]]; then rm /etc/pacman.d/mirrorlist.pacnew; fi"
EOF
# Set up the hostname
echo
echo "### Setting hostname ..."
hostnamectl set-hostname $HOSTNAME
# Set up an non-privileged user and sudo
echo
echo "### Adding user ..."
useradd -m -g users -G wheel $USERNAME
echo "### Setting password ..."
passwd $USERNAME <<EOF
$USERPASS
$USERPASS
EOF
# Setup sudoers so wheel group can sudo
echo "### Modifying sudoers ..."
sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' /etc/sudoers
# Don't want to put up with that lecture when I don't have to.
LECTURED="/var/db/sudo/lectured/$USERNAME"
touch $LECTURED
chown root.users $LECTURED
# Set up sshd: disable root login, ensure SSH2, set up password auth, and allow the unprivileged user to login
echo "### Modifying sshd_config ..."
sed -i 's/^[# ]*PermitRootLogin \(yes\|no\)/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i "s/^[# ]*Port [0-9]\+/Port $SSHPORT/" /etc/ssh/sshd_config
sed -i 's/^[# ]*Protocol \([0-9],\?\)\+/Protocol 2/' /etc/ssh/sshd_config
if [ "$NOPASS" == 'Yes' ]; then
sed -i 's/^[# ]*PasswordAuthentication \(yes\|no\)/PasswordAuthentication no/' /etc/ssh/sshd_config
fi
# Allow only the unprivileged user to log on
echo "AllowUsers $USERNAME" >> /etc/ssh/sshd_config
if [ -n "$USERPUBKEY" ]; then
sed -i 's/^[# ]*PubkeyAuthentication \(yes\|no\)/PubkeyAuthentication yes/' /etc/ssh/sshd_config
mkdir -p /home/$USERNAME/.ssh
echo "$USERPUBKEY" >> /home/$USERNAME/.ssh/authorized_keys
chown -R "$USERNAME" /home/$USERNAME/.ssh
fi
if [ -n "$ALTPUBKEY" ]; then
GH_KEY="https://github.com/$ALTPUBKEY.keys"
mkdir -p /home/$USERNAME/.ssh
curl "${GH_KEY}" >> /home/$USERNAME/.ssh/authorized_keys
chown -R "$USERNAME" /home/$USERNAME/.ssh
fi
echo
echo "### Restarting sshd ..."
systemctl restart sshd
echo
echo "### Time Date Setup ..."
timedatectl set-timezone $TIMEZONE
timedatectl set-ntp 1
echo "grab my favorite shit ..."
pacman -Sy tmux vim zsh tmux --noconfirm
chsh -s /bin/zsh $USERNAME
su - $USERNAME -c 'curl "https://raw.githubusercontent.com/theflyingfool/dotfiles.old/master/.zshrc" > ~/.zshrc'
su - $USERNAME -c 'curl "https://raw.githubusercontent.com/theflyingfool/dotfiles.old/master/.vimrc" > ~/.vimrc'
su - $USERNAME -c 'curl "https://raw.githubusercontent.com/theflyingfool/dotfiles.old/master/.tmux.conf" > ~/.tmux.conf'
su - $USERNAME -c 'curl "https://raw.githubusercontent.com/theflyingfool/dotfiles.old/master/.alias" > ~/.alias'
echo
echo "### Done ###"