diff options
author | Jonathan DeMasi <jrdemasi@gmail.com> | 2021-12-26 12:30:05 -0700 |
---|---|---|
committer | Jonathan DeMasi <jrdemasi@gmail.com> | 2021-12-26 12:30:05 -0700 |
commit | bde14afd15a6a516891e5c3b966bd839c9193602 (patch) | |
tree | 08e56c971ca42faba79ccacc3d29fe2503af2ffd /stackscripts/fedora_bootstrap.sh | |
parent | d980396aa329f0eb4cc6cd6ce5a39c42bfd702e6 (diff) | |
download | snippets-bde14afd15a6a516891e5c3b966bd839c9193602.tar snippets-bde14afd15a6a516891e5c3b966bd839c9193602.tar.gz snippets-bde14afd15a6a516891e5c3b966bd839c9193602.tar.bz2 snippets-bde14afd15a6a516891e5c3b966bd839c9193602.tar.lz snippets-bde14afd15a6a516891e5c3b966bd839c9193602.tar.xz snippets-bde14afd15a6a516891e5c3b966bd839c9193602.tar.zst snippets-bde14afd15a6a516891e5c3b966bd839c9193602.zip |
Diffstat (limited to 'stackscripts/fedora_bootstrap.sh')
-rw-r--r-- | stackscripts/fedora_bootstrap.sh | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/stackscripts/fedora_bootstrap.sh b/stackscripts/fedora_bootstrap.sh new file mode 100644 index 0000000..596f470 --- /dev/null +++ b/stackscripts/fedora_bootstrap.sh @@ -0,0 +1,108 @@ +#!/usr/bin/env bash + + +# Turn off selinux +setenforce 0 +sed -i s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config + +# Get rid of cockpit +systemctl stop cockpit +systemctl disable cockpit + +# Update all system packages +dnf update -y + +# Install a few extras +dnf install -y vim git + +# Set time and hostname +timedatectl set-ntp on +timedatectl set-timezone America/Denver +hostnamectl set-hostname fedora.jthan.io + +# Create normal user, make sudoer, and add ssh keys +useradd -m jonathan +usermod -a -G wheel jonathan +mkdir /home/jonathan/.ssh +chmod 700 /home/jonathan/.ssh +touch /home/jonathan/.ssh/authorized_keys +chmod 600 /home/jonathan/.ssh/authorized_keys +curl -sL https://github.com/jrdemasi.keys >> /home/jonathan/.ssh/authorized_keys +curl -sL https://git.jthan.io/configs/plain/dotfiles/.vimrc > /home/jonathan/.vimrc +chown -R jonathan:jonathan /home/jonathan + +# Run ssh secure +curl -sL https://git.square-r00t.net/OpTools/plain/aif/scripts/post/sshsecure.py | python3 + +# Install kopia and start backing up important dirs +rpm --import https://kopia.io/signing-key + +cat <<EOF | sudo tee /etc/yum.repos.d/kopia.repo +[Kopia] +name=Kopia +baseurl=http://packages.kopia.io/rpm/stable/\$basearch/ +gpgcheck=1 +enabled=1 +gpgkey=https://kopia.io/signing-key +EOF + +dnf install -y kopia + +# Create two repos +export KOPIA_PASSWORD="ThisIsNotSecure" +kopia repository create filesystem --path /root/etc_backups +kopia repository create filesystem --path /root/jonathan_home_backups + +# Connect to etc repo, set global params for snap retention, take initial snapshot +kopia repository connect filesystem --path /root/etc_backups +kopia policy set --keep-latest 20 --global +kopia policy set --keep-annual 0 --global +kopia policy set --keep-monthly 3 --global +kopia policy set --keep-weekly 4 --global +kopia policy set --keep-daily 7 --global +kopia policy set --keep-hourly 24 --global +kopia snapshot create /etc +kopia repository disconnect + +# Connect to jonathan_home repo +kopia repository connect filesystem --path /root/jonathan_home_backups +kopia policy set --keep-latest 20 --global +kopia policy set --keep-annual 0 --global +kopia policy set --keep-monthly 3 --global +kopia policy set --keep-weekly 4 --global +kopia policy set --keep-daily 7 --global +kopia policy set --keep-hourly 24 --global +kopia snapshot create /home/jonathan +kopia repository disconnect + +# Setup snapshot scripts + cron +mkdir /root/bin +cat <<EOF > /root/bin/backup_etc.sh +export KOPIA_PASSWORD="ThisIsNotSecure" +kopia repository connect filesystem --path /root/etc_backups +kopia snapshot create /etc +kopia maintenance run --full +kopia repository disconnect +EOF + +cat <<EOF > /root/bin/backup_jonathan_home.sh +export KOPIA_PASSWORD="ThisIsNotSecure" +kopia repository connect filesystem --path /root/jonathan_home_backups +kopia snapshot create /home/jonathan +kopia maintenance run --full +kopia repository disconnect +EOF + +chmod +x /root/bin/backup_* + +crontab -l > /root/crontab_new +echo "*/15 * * * * /root/bin/backup_etc.sh ; /root/bin/backup_jonathan_home.sh" >> crontab_new +crontab crontab_new +rm -rf /root/crontab_new + +# Couple of small finishing touches, ish +curl -sL https://git.jthan.io/configs/plain/dotfiles/.vimrc > /root/.vimrc + +# Reboot to apply updates, ssh config changes, etc. +reboot + |