diff options
Diffstat (limited to 'stackscripts/fedora_bootstrap.sh')
-rw-r--r-- | stackscripts/fedora_bootstrap.sh | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/stackscripts/fedora_bootstrap.sh b/stackscripts/fedora_bootstrap.sh new file mode 100644 index 0000000..596f470 --- /dev/null +++ b/stackscripts/fedora_bootstrap.sh @@ -0,0 +1,108 @@ +#!/usr/bin/env bash + + +# Turn off selinux +setenforce 0 +sed -i s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config + +# Get rid of cockpit +systemctl stop cockpit +systemctl disable cockpit + +# Update all system packages +dnf update -y + +# Install a few extras +dnf install -y vim git + +# Set time and hostname +timedatectl set-ntp on +timedatectl set-timezone America/Denver +hostnamectl set-hostname fedora.jthan.io + +# Create normal user, make sudoer, and add ssh keys +useradd -m jonathan +usermod -a -G wheel jonathan +mkdir /home/jonathan/.ssh +chmod 700 /home/jonathan/.ssh +touch /home/jonathan/.ssh/authorized_keys +chmod 600 /home/jonathan/.ssh/authorized_keys +curl -sL https://github.com/jrdemasi.keys >> /home/jonathan/.ssh/authorized_keys +curl -sL https://git.jthan.io/configs/plain/dotfiles/.vimrc > /home/jonathan/.vimrc +chown -R jonathan:jonathan /home/jonathan + +# Run ssh secure +curl -sL https://git.square-r00t.net/OpTools/plain/aif/scripts/post/sshsecure.py | python3 + +# Install kopia and start backing up important dirs +rpm --import https://kopia.io/signing-key + +cat <<EOF | sudo tee /etc/yum.repos.d/kopia.repo +[Kopia] +name=Kopia +baseurl=http://packages.kopia.io/rpm/stable/\$basearch/ +gpgcheck=1 +enabled=1 +gpgkey=https://kopia.io/signing-key +EOF + +dnf install -y kopia + +# Create two repos +export KOPIA_PASSWORD="ThisIsNotSecure" +kopia repository create filesystem --path /root/etc_backups +kopia repository create filesystem --path /root/jonathan_home_backups + +# Connect to etc repo, set global params for snap retention, take initial snapshot +kopia repository connect filesystem --path /root/etc_backups +kopia policy set --keep-latest 20 --global +kopia policy set --keep-annual 0 --global +kopia policy set --keep-monthly 3 --global +kopia policy set --keep-weekly 4 --global +kopia policy set --keep-daily 7 --global +kopia policy set --keep-hourly 24 --global +kopia snapshot create /etc +kopia repository disconnect + +# Connect to jonathan_home repo +kopia repository connect filesystem --path /root/jonathan_home_backups +kopia policy set --keep-latest 20 --global +kopia policy set --keep-annual 0 --global +kopia policy set --keep-monthly 3 --global +kopia policy set --keep-weekly 4 --global +kopia policy set --keep-daily 7 --global +kopia policy set --keep-hourly 24 --global +kopia snapshot create /home/jonathan +kopia repository disconnect + +# Setup snapshot scripts + cron +mkdir /root/bin +cat <<EOF > /root/bin/backup_etc.sh +export KOPIA_PASSWORD="ThisIsNotSecure" +kopia repository connect filesystem --path /root/etc_backups +kopia snapshot create /etc +kopia maintenance run --full +kopia repository disconnect +EOF + +cat <<EOF > /root/bin/backup_jonathan_home.sh +export KOPIA_PASSWORD="ThisIsNotSecure" +kopia repository connect filesystem --path /root/jonathan_home_backups +kopia snapshot create /home/jonathan +kopia maintenance run --full +kopia repository disconnect +EOF + +chmod +x /root/bin/backup_* + +crontab -l > /root/crontab_new +echo "*/15 * * * * /root/bin/backup_etc.sh ; /root/bin/backup_jonathan_home.sh" >> crontab_new +crontab crontab_new +rm -rf /root/crontab_new + +# Couple of small finishing touches, ish +curl -sL https://git.jthan.io/configs/plain/dotfiles/.vimrc > /root/.vimrc + +# Reboot to apply updates, ssh config changes, etc. +reboot + |