aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--stackscripts/fedora_bootstrap.sh108
1 files changed, 108 insertions, 0 deletions
diff --git a/stackscripts/fedora_bootstrap.sh b/stackscripts/fedora_bootstrap.sh
new file mode 100644
index 0000000..596f470
--- /dev/null
+++ b/stackscripts/fedora_bootstrap.sh
@@ -0,0 +1,108 @@
+#!/usr/bin/env bash
+
+
+# Turn off selinux
+setenforce 0
+sed -i s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config
+
+# Get rid of cockpit
+systemctl stop cockpit
+systemctl disable cockpit
+
+# Update all system packages
+dnf update -y
+
+# Install a few extras
+dnf install -y vim git
+
+# Set time and hostname
+timedatectl set-ntp on
+timedatectl set-timezone America/Denver
+hostnamectl set-hostname fedora.jthan.io
+
+# Create normal user, make sudoer, and add ssh keys
+useradd -m jonathan
+usermod -a -G wheel jonathan
+mkdir /home/jonathan/.ssh
+chmod 700 /home/jonathan/.ssh
+touch /home/jonathan/.ssh/authorized_keys
+chmod 600 /home/jonathan/.ssh/authorized_keys
+curl -sL https://github.com/jrdemasi.keys >> /home/jonathan/.ssh/authorized_keys
+curl -sL https://git.jthan.io/configs/plain/dotfiles/.vimrc > /home/jonathan/.vimrc
+chown -R jonathan:jonathan /home/jonathan
+
+# Run ssh secure
+curl -sL https://git.square-r00t.net/OpTools/plain/aif/scripts/post/sshsecure.py | python3
+
+# Install kopia and start backing up important dirs
+rpm --import https://kopia.io/signing-key
+
+cat <<EOF | sudo tee /etc/yum.repos.d/kopia.repo
+[Kopia]
+name=Kopia
+baseurl=http://packages.kopia.io/rpm/stable/\$basearch/
+gpgcheck=1
+enabled=1
+gpgkey=https://kopia.io/signing-key
+EOF
+
+dnf install -y kopia
+
+# Create two repos
+export KOPIA_PASSWORD="ThisIsNotSecure"
+kopia repository create filesystem --path /root/etc_backups
+kopia repository create filesystem --path /root/jonathan_home_backups
+
+# Connect to etc repo, set global params for snap retention, take initial snapshot
+kopia repository connect filesystem --path /root/etc_backups
+kopia policy set --keep-latest 20 --global
+kopia policy set --keep-annual 0 --global
+kopia policy set --keep-monthly 3 --global
+kopia policy set --keep-weekly 4 --global
+kopia policy set --keep-daily 7 --global
+kopia policy set --keep-hourly 24 --global
+kopia snapshot create /etc
+kopia repository disconnect
+
+# Connect to jonathan_home repo
+kopia repository connect filesystem --path /root/jonathan_home_backups
+kopia policy set --keep-latest 20 --global
+kopia policy set --keep-annual 0 --global
+kopia policy set --keep-monthly 3 --global
+kopia policy set --keep-weekly 4 --global
+kopia policy set --keep-daily 7 --global
+kopia policy set --keep-hourly 24 --global
+kopia snapshot create /home/jonathan
+kopia repository disconnect
+
+# Setup snapshot scripts + cron
+mkdir /root/bin
+cat <<EOF > /root/bin/backup_etc.sh
+export KOPIA_PASSWORD="ThisIsNotSecure"
+kopia repository connect filesystem --path /root/etc_backups
+kopia snapshot create /etc
+kopia maintenance run --full
+kopia repository disconnect
+EOF
+
+cat <<EOF > /root/bin/backup_jonathan_home.sh
+export KOPIA_PASSWORD="ThisIsNotSecure"
+kopia repository connect filesystem --path /root/jonathan_home_backups
+kopia snapshot create /home/jonathan
+kopia maintenance run --full
+kopia repository disconnect
+EOF
+
+chmod +x /root/bin/backup_*
+
+crontab -l > /root/crontab_new
+echo "*/15 * * * * /root/bin/backup_etc.sh ; /root/bin/backup_jonathan_home.sh" >> crontab_new
+crontab crontab_new
+rm -rf /root/crontab_new
+
+# Couple of small finishing touches, ish
+curl -sL https://git.jthan.io/configs/plain/dotfiles/.vimrc > /root/.vimrc
+
+# Reboot to apply updates, ssh config changes, etc.
+reboot
+