blob: 596f4705e0305ac30846fcb6fe1ce7abe7209409 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
#!/usr/bin/env bash
# Turn off selinux
setenforce 0
sed -i s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config
# Get rid of cockpit
systemctl stop cockpit
systemctl disable cockpit
# Update all system packages
dnf update -y
# Install a few extras
dnf install -y vim git
# Set time and hostname
timedatectl set-ntp on
timedatectl set-timezone America/Denver
hostnamectl set-hostname fedora.jthan.io
# Create normal user, make sudoer, and add ssh keys
useradd -m jonathan
usermod -a -G wheel jonathan
mkdir /home/jonathan/.ssh
chmod 700 /home/jonathan/.ssh
touch /home/jonathan/.ssh/authorized_keys
chmod 600 /home/jonathan/.ssh/authorized_keys
curl -sL https://github.com/jrdemasi.keys >> /home/jonathan/.ssh/authorized_keys
curl -sL https://git.jthan.io/configs/plain/dotfiles/.vimrc > /home/jonathan/.vimrc
chown -R jonathan:jonathan /home/jonathan
# Run ssh secure
curl -sL https://git.square-r00t.net/OpTools/plain/aif/scripts/post/sshsecure.py | python3
# Install kopia and start backing up important dirs
rpm --import https://kopia.io/signing-key
cat <<EOF | sudo tee /etc/yum.repos.d/kopia.repo
[Kopia]
name=Kopia
baseurl=http://packages.kopia.io/rpm/stable/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://kopia.io/signing-key
EOF
dnf install -y kopia
# Create two repos
export KOPIA_PASSWORD="ThisIsNotSecure"
kopia repository create filesystem --path /root/etc_backups
kopia repository create filesystem --path /root/jonathan_home_backups
# Connect to etc repo, set global params for snap retention, take initial snapshot
kopia repository connect filesystem --path /root/etc_backups
kopia policy set --keep-latest 20 --global
kopia policy set --keep-annual 0 --global
kopia policy set --keep-monthly 3 --global
kopia policy set --keep-weekly 4 --global
kopia policy set --keep-daily 7 --global
kopia policy set --keep-hourly 24 --global
kopia snapshot create /etc
kopia repository disconnect
# Connect to jonathan_home repo
kopia repository connect filesystem --path /root/jonathan_home_backups
kopia policy set --keep-latest 20 --global
kopia policy set --keep-annual 0 --global
kopia policy set --keep-monthly 3 --global
kopia policy set --keep-weekly 4 --global
kopia policy set --keep-daily 7 --global
kopia policy set --keep-hourly 24 --global
kopia snapshot create /home/jonathan
kopia repository disconnect
# Setup snapshot scripts + cron
mkdir /root/bin
cat <<EOF > /root/bin/backup_etc.sh
export KOPIA_PASSWORD="ThisIsNotSecure"
kopia repository connect filesystem --path /root/etc_backups
kopia snapshot create /etc
kopia maintenance run --full
kopia repository disconnect
EOF
cat <<EOF > /root/bin/backup_jonathan_home.sh
export KOPIA_PASSWORD="ThisIsNotSecure"
kopia repository connect filesystem --path /root/jonathan_home_backups
kopia snapshot create /home/jonathan
kopia maintenance run --full
kopia repository disconnect
EOF
chmod +x /root/bin/backup_*
crontab -l > /root/crontab_new
echo "*/15 * * * * /root/bin/backup_etc.sh ; /root/bin/backup_jonathan_home.sh" >> crontab_new
crontab crontab_new
rm -rf /root/crontab_new
# Couple of small finishing touches, ish
curl -sL https://git.jthan.io/configs/plain/dotfiles/.vimrc > /root/.vimrc
# Reboot to apply updates, ssh config changes, etc.
reboot
|
