path: root/stackscripts
diff options
authorJonathan DeMasi <jrdemasi@gmail.com>2021-12-26 12:30:05 -0700
committerJonathan DeMasi <jrdemasi@gmail.com>2021-12-26 12:30:05 -0700
commitbde14afd15a6a516891e5c3b966bd839c9193602 (patch)
tree08e56c971ca42faba79ccacc3d29fe2503af2ffd /stackscripts
parentd980396aa329f0eb4cc6cd6ce5a39c42bfd702e6 (diff)
add fedora bootstrapHEADmaster
Diffstat (limited to 'stackscripts')
1 files changed, 108 insertions, 0 deletions
diff --git a/stackscripts/fedora_bootstrap.sh b/stackscripts/fedora_bootstrap.sh
new file mode 100644
index 0000000..596f470
--- /dev/null
+++ b/stackscripts/fedora_bootstrap.sh
@@ -0,0 +1,108 @@
+#!/usr/bin/env bash
+# Turn off selinux
+setenforce 0
+sed -i s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config
+# Get rid of cockpit
+systemctl stop cockpit
+systemctl disable cockpit
+# Update all system packages
+dnf update -y
+# Install a few extras
+dnf install -y vim git
+# Set time and hostname
+timedatectl set-ntp on
+timedatectl set-timezone America/Denver
+hostnamectl set-hostname fedora.jthan.io
+# Create normal user, make sudoer, and add ssh keys
+useradd -m jonathan
+usermod -a -G wheel jonathan
+mkdir /home/jonathan/.ssh
+chmod 700 /home/jonathan/.ssh
+touch /home/jonathan/.ssh/authorized_keys
+chmod 600 /home/jonathan/.ssh/authorized_keys
+curl -sL https://github.com/jrdemasi.keys >> /home/jonathan/.ssh/authorized_keys
+curl -sL https://git.jthan.io/configs/plain/dotfiles/.vimrc > /home/jonathan/.vimrc
+chown -R jonathan:jonathan /home/jonathan
+# Run ssh secure
+curl -sL https://git.square-r00t.net/OpTools/plain/aif/scripts/post/sshsecure.py | python3
+# Install kopia and start backing up important dirs
+rpm --import https://kopia.io/signing-key
+cat <<EOF | sudo tee /etc/yum.repos.d/kopia.repo
+dnf install -y kopia
+# Create two repos
+export KOPIA_PASSWORD="ThisIsNotSecure"
+kopia repository create filesystem --path /root/etc_backups
+kopia repository create filesystem --path /root/jonathan_home_backups
+# Connect to etc repo, set global params for snap retention, take initial snapshot
+kopia repository connect filesystem --path /root/etc_backups
+kopia policy set --keep-latest 20 --global
+kopia policy set --keep-annual 0 --global
+kopia policy set --keep-monthly 3 --global
+kopia policy set --keep-weekly 4 --global
+kopia policy set --keep-daily 7 --global
+kopia policy set --keep-hourly 24 --global
+kopia snapshot create /etc
+kopia repository disconnect
+# Connect to jonathan_home repo
+kopia repository connect filesystem --path /root/jonathan_home_backups
+kopia policy set --keep-latest 20 --global
+kopia policy set --keep-annual 0 --global
+kopia policy set --keep-monthly 3 --global
+kopia policy set --keep-weekly 4 --global
+kopia policy set --keep-daily 7 --global
+kopia policy set --keep-hourly 24 --global
+kopia snapshot create /home/jonathan
+kopia repository disconnect
+# Setup snapshot scripts + cron
+mkdir /root/bin
+cat <<EOF > /root/bin/backup_etc.sh
+export KOPIA_PASSWORD="ThisIsNotSecure"
+kopia repository connect filesystem --path /root/etc_backups
+kopia snapshot create /etc
+kopia maintenance run --full
+kopia repository disconnect
+cat <<EOF > /root/bin/backup_jonathan_home.sh
+export KOPIA_PASSWORD="ThisIsNotSecure"
+kopia repository connect filesystem --path /root/jonathan_home_backups
+kopia snapshot create /home/jonathan
+kopia maintenance run --full
+kopia repository disconnect
+chmod +x /root/bin/backup_*
+crontab -l > /root/crontab_new
+echo "*/15 * * * * /root/bin/backup_etc.sh ; /root/bin/backup_jonathan_home.sh" >> crontab_new
+crontab crontab_new
+rm -rf /root/crontab_new
+# Couple of small finishing touches, ish
+curl -sL https://git.jthan.io/configs/plain/dotfiles/.vimrc > /root/.vimrc
+# Reboot to apply updates, ssh config changes, etc.