aboutsummaryrefslogblamecommitdiff
path: root/stackscripts/fedora_bootstrap.sh
blob: 596f4705e0305ac30846fcb6fe1ce7abe7209409 (plain) (tree)











































































































                                                                                              
#!/usr/bin/env bash


# Turn off selinux
setenforce 0
sed -i s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config

# Get rid of cockpit
systemctl stop cockpit
systemctl disable cockpit

# Update all system packages
dnf update -y

# Install a few extras
dnf install -y vim git 

# Set time and hostname
timedatectl set-ntp on
timedatectl set-timezone America/Denver
hostnamectl set-hostname fedora.jthan.io

# Create normal user, make sudoer, and add ssh keys
useradd -m jonathan
usermod -a -G wheel jonathan
mkdir /home/jonathan/.ssh
chmod 700 /home/jonathan/.ssh
touch /home/jonathan/.ssh/authorized_keys
chmod 600 /home/jonathan/.ssh/authorized_keys
curl -sL https://github.com/jrdemasi.keys >> /home/jonathan/.ssh/authorized_keys
curl -sL https://git.jthan.io/configs/plain/dotfiles/.vimrc > /home/jonathan/.vimrc
chown -R jonathan:jonathan /home/jonathan

# Run ssh secure
curl -sL https://git.square-r00t.net/OpTools/plain/aif/scripts/post/sshsecure.py | python3

# Install kopia and start backing up important dirs
rpm --import https://kopia.io/signing-key

cat <<EOF | sudo tee /etc/yum.repos.d/kopia.repo
[Kopia]
name=Kopia
baseurl=http://packages.kopia.io/rpm/stable/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://kopia.io/signing-key
EOF

dnf install -y kopia

# Create two repos
export KOPIA_PASSWORD="ThisIsNotSecure"
kopia repository create filesystem --path /root/etc_backups
kopia repository create filesystem --path /root/jonathan_home_backups

# Connect to etc repo, set global params for snap retention, take initial snapshot
kopia repository connect filesystem --path /root/etc_backups
kopia policy set --keep-latest 20 --global
kopia policy set --keep-annual 0 --global
kopia policy set --keep-monthly 3 --global
kopia policy set --keep-weekly 4 --global
kopia policy set --keep-daily 7 --global
kopia policy set --keep-hourly 24 --global
kopia snapshot create /etc
kopia repository disconnect

# Connect to jonathan_home repo
kopia repository connect filesystem --path /root/jonathan_home_backups
kopia policy set --keep-latest 20 --global
kopia policy set --keep-annual 0 --global
kopia policy set --keep-monthly 3 --global
kopia policy set --keep-weekly 4 --global
kopia policy set --keep-daily 7 --global
kopia policy set --keep-hourly 24 --global
kopia snapshot create /home/jonathan
kopia repository disconnect

# Setup snapshot scripts + cron
mkdir /root/bin
cat <<EOF > /root/bin/backup_etc.sh
export KOPIA_PASSWORD="ThisIsNotSecure"
kopia repository connect filesystem --path /root/etc_backups
kopia snapshot create /etc
kopia maintenance run --full
kopia repository disconnect
EOF

cat <<EOF > /root/bin/backup_jonathan_home.sh
export KOPIA_PASSWORD="ThisIsNotSecure"
kopia repository connect filesystem --path /root/jonathan_home_backups
kopia snapshot create /home/jonathan
kopia maintenance run --full
kopia repository disconnect
EOF

chmod +x /root/bin/backup_*

crontab -l > /root/crontab_new 
echo "*/15 * * * * /root/bin/backup_etc.sh ; /root/bin/backup_jonathan_home.sh" >> crontab_new
crontab crontab_new
rm -rf /root/crontab_new

# Couple of small finishing touches, ish
curl -sL https://git.jthan.io/configs/plain/dotfiles/.vimrc > /root/.vimrc

# Reboot to apply updates, ssh config changes, etc. 
reboot