blob: 596f4705e0305ac30846fcb6fe1ce7abe7209409 (
plain) (
tree)
|
|
#!/usr/bin/env bash
# Turn off selinux
setenforce 0
sed -i s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config
# Get rid of cockpit
systemctl stop cockpit
systemctl disable cockpit
# Update all system packages
dnf update -y
# Install a few extras
dnf install -y vim git
# Set time and hostname
timedatectl set-ntp on
timedatectl set-timezone America/Denver
hostnamectl set-hostname fedora.jthan.io
# Create normal user, make sudoer, and add ssh keys
useradd -m jonathan
usermod -a -G wheel jonathan
mkdir /home/jonathan/.ssh
chmod 700 /home/jonathan/.ssh
touch /home/jonathan/.ssh/authorized_keys
chmod 600 /home/jonathan/.ssh/authorized_keys
curl -sL https://github.com/jrdemasi.keys >> /home/jonathan/.ssh/authorized_keys
curl -sL https://git.jthan.io/configs/plain/dotfiles/.vimrc > /home/jonathan/.vimrc
chown -R jonathan:jonathan /home/jonathan
# Run ssh secure
curl -sL https://git.square-r00t.net/OpTools/plain/aif/scripts/post/sshsecure.py | python3
# Install kopia and start backing up important dirs
rpm --import https://kopia.io/signing-key
cat <<EOF | sudo tee /etc/yum.repos.d/kopia.repo
[Kopia]
name=Kopia
baseurl=http://packages.kopia.io/rpm/stable/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://kopia.io/signing-key
EOF
dnf install -y kopia
# Create two repos
export KOPIA_PASSWORD="ThisIsNotSecure"
kopia repository create filesystem --path /root/etc_backups
kopia repository create filesystem --path /root/jonathan_home_backups
# Connect to etc repo, set global params for snap retention, take initial snapshot
kopia repository connect filesystem --path /root/etc_backups
kopia policy set --keep-latest 20 --global
kopia policy set --keep-annual 0 --global
kopia policy set --keep-monthly 3 --global
kopia policy set --keep-weekly 4 --global
kopia policy set --keep-daily 7 --global
kopia policy set --keep-hourly 24 --global
kopia snapshot create /etc
kopia repository disconnect
# Connect to jonathan_home repo
kopia repository connect filesystem --path /root/jonathan_home_backups
kopia policy set --keep-latest 20 --global
kopia policy set --keep-annual 0 --global
kopia policy set --keep-monthly 3 --global
kopia policy set --keep-weekly 4 --global
kopia policy set --keep-daily 7 --global
kopia policy set --keep-hourly 24 --global
kopia snapshot create /home/jonathan
kopia repository disconnect
# Setup snapshot scripts + cron
mkdir /root/bin
cat <<EOF > /root/bin/backup_etc.sh
export KOPIA_PASSWORD="ThisIsNotSecure"
kopia repository connect filesystem --path /root/etc_backups
kopia snapshot create /etc
kopia maintenance run --full
kopia repository disconnect
EOF
cat <<EOF > /root/bin/backup_jonathan_home.sh
export KOPIA_PASSWORD="ThisIsNotSecure"
kopia repository connect filesystem --path /root/jonathan_home_backups
kopia snapshot create /home/jonathan
kopia maintenance run --full
kopia repository disconnect
EOF
chmod +x /root/bin/backup_*
crontab -l > /root/crontab_new
echo "*/15 * * * * /root/bin/backup_etc.sh ; /root/bin/backup_jonathan_home.sh" >> crontab_new
crontab crontab_new
rm -rf /root/crontab_new
# Couple of small finishing touches, ish
curl -sL https://git.jthan.io/configs/plain/dotfiles/.vimrc > /root/.vimrc
# Reboot to apply updates, ssh config changes, etc.
reboot
|