diff --git a/debian/debian-essentials.sh b/debian/debian-essentials.sh index f1b0385..c6d3c64 100755 --- a/debian/debian-essentials.sh +++ b/debian/debian-essentials.sh @@ -1,5 +1,6 @@ #!/bin/bash + if [ "$EUID" -ne 0 ] then echo "Please run as root" @@ -128,8 +129,6 @@ echo "# custom settings and aliases" >> /etc/bash.bashrc echo "set -o noclobber" >> /etc/bash.bashrc echo "alias lsa='ls -alhvF'" >> /etc/bash.bashrc echo "alias cd..='cd ..'" >> /etc/bash.bashrc -echo "alias ..='cd ..'" >> /etc/bash.bashrc -echo "alias ...='cd ../..'" >> /etc/bash.bashrc echo "alias grep='grep --color'" >> /etc/bash.bashrc echo "alias si='sudo -i'" >> /etc/bash.bashrc echo "alias mkdir='mkdir -pv'" >> /etc/bash.bashrc diff --git a/ubuntu/ubuntu-essentials.sh b/ubuntu/ubuntu-essentials.sh index 144249c..527cdf6 100755 --- a/ubuntu/ubuntu-essentials.sh +++ b/ubuntu/ubuntu-essentials.sh @@ -18,39 +18,34 @@ apt-get remove os-prober -y apt-get update apt-get upgrade -y -# check if vm or lxc -if [[ ! -d /dev/disk/by-id ]] +if [[ -f /dev/.lxc-boot-id ]] then - apt-get install -y qemu-guest-agent + apt-get remove -y qemu-guest-agent else - isInFile=$(ls /dev/disk/by-id | grep -c "QEMU") - if [ $isInFile -eq 0 ] - then - apt-get remove -y qemu-guest-agent - else - apt-get install -y qemu-guest-agent - fi + apt-get install -y qemu-guest-agent fi # download and install packages -apt-get install -y ncdu pwgen sudo nano curl wget zip unzip git rsync man-db cifs-utils nfs-common parted libtalloc2 libwbclient0 net-tools gnupg apt-transport-https tmux gdisk bash-completion +apt-get install -y bind9-dnsutils restic hstr htop ncdu pwgen sudo nano curl wget zip unzip git rsync man-db cifs-utils nfs-common parted libtalloc2 libwbclient0 net-tools gnupg apt-transport-https tmux gdisk bash-completion # add akanealw user if not existing isInFile=$(cat /etc/passwd | grep -c "akanealw") -if [ $isInFile -eq 0 ]; then - echo "Set password for akanealw" - useradd -m -p $(openssl passwd -1 ${PASSWORD}) -s /bin/bash -d /home/akanealw akanealw - mkdir /home/akanealw/.ssh - chown akanealw:akanealw /home/akanealw/.ssh - chmod 700 /home/akanealw/.ssh - cp /root/.ssh/authorized_keys /home/akanealw/.ssh > /dev/null 2>&1 - chown akanealw:akanealw /home/akanealw/.ssh/authorized_keys > /dev/null 2>&1 - chmod 600 /home/akanealw/.ssh/authorized_keys > /dev/null 2>&1 +if [ $isInFile -eq 0 ] + then + echo "Set password for akanealw" + useradd -m -p '$y$j9T$NB7zOwLzhMgtxiCGjzwvf.$YGAIpv6m/DIlgNT5IU5H.K.QSNMCG5/TKY9sYlfGsGB' -s /bin/bash -d /home/akanealw akanealw + mkdir /home/akanealw/.ssh + chown akanealw:akanealw /home/akanealw/.ssh + chmod 700 /home/akanealw/.ssh + cp /root/.ssh/authorized_keys /home/akanealw/.ssh > /dev/null 2>&1 + chown akanealw:akanealw /home/akanealw/.ssh/authorized_keys > /dev/null 2>&1 + chmod 600 /home/akanealw/.ssh/authorized_keys > /dev/null 2>&1 fi # create akanealw file in /etc/sudoers.d -if [[ ! -f /etc/sudoers.d/akanealw ]] ; then - echo "akanealw ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/akanealw +if [[ ! -f /etc/sudoers.d/akanealw ]] + then + echo "akanealw ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/akanealw fi usermod -a -G sudo akanealw @@ -70,9 +65,10 @@ git config --global user.email "akanealw@gmail.com" git config --global init.defaultBranch main # show ip in /etc/issue -wget -qO /etc/issue.default http://192.168.1.50/files/ubuntu/issue.default +if [[ ! -f /etc/issue.default ]] + then wget -qO /etc/issue.default http://192.168.1.50/files/ubuntu/issue.default +fi rm /etc/issue > /dev/null 2>&1 -rm /etc/issue.bak > /dev/null 2>&1 cp /etc/issue.default /etc/issue name=$(basename /sys/class/net/e*) echo "" >> /etc/issue @@ -80,36 +76,41 @@ echo "$name: \4{$name}" >> /etc/issue echo "" >> /etc/issue # set input preferences -wget -qO /etc/inputrc.default http://192.168.1.50/files/ubuntu/inputrc.default +if [[ ! -f /etc/inputrc.default ]] + then wget -qO /etc/inputrc.default http://192.168.1.50/files/ubuntu/inputrc.default +fi rm /etc/inputrc > /dev/null 2>&1 -rm /etc/inputrc.bak > /dev/null 2>&1 cp /etc/inputrc.default /etc/inputrc echo "" >> /etc/inputrc echo "set completion-ignore-case On" >> /etc/inputrc # set bash preferences and aliases -wget -qO /etc/bash.bashrc.default http://192.168.1.50/files/ubuntu/bash.bashrc.default +if [[ ! -f /etc/bash.bashrc.default ]] + then wget -qO /etc/bash.bashrc.default http://192.168.1.50/files/ubuntu/bash.bashrc.default +fi rm /etc/bash.bashrc > /dev/null 2>&1 -rm /etc/bash.bashrc.bak > /dev/null 2>&1 cp /etc/bash.bashrc.default /etc/bash.bashrc echo "" >> /etc/bash.bashrc echo "# custom settings and aliases" >> /etc/bash.bashrc echo "set -o noclobber" >> /etc/bash.bashrc echo "alias lsa='ls -alhvF'" >> /etc/bash.bashrc echo "alias cd..='cd ..'" >> /etc/bash.bashrc -echo "alias ..='cd ..'" >> /etc/bash.bashrc -echo "alias ...='cd ../..'" >> /etc/bash.bashrc echo "alias grep='grep --color'" >> /etc/bash.bashrc echo "alias si='sudo -i'" >> /etc/bash.bashrc -echo "alias sudo='sudo '" >> /bash.bashrc -echo "alias mkdir='mkdir -pv'" >> /bash.bashrc -echo "alias du='sudo du -h'" >> /bash.bashrc +echo "alias mkdir='mkdir -pv'" >> /etc/bash.bashrc +echo "alias du='sudo du -h'" >> /etc/bash.bashrc echo "alias df='sudo df -h'" >> /etc/bash.bashrc echo "alias ports='sudo netstat -tulpna'" >> /etc/bash.bashrc echo "alias start='sudo systemctl start'" >> /etc/bash.bashrc echo "alias stop='sudo systemctl stop'" >> /etc/bash.bashrc echo "alias restart='sudo systemctl restart'" >> /etc/bash.bashrc echo "alias status='sudo systemctl status'" >> /etc/bash.bashrc +echo "alias sdr='sudo systemctl daemon-reload'" >> /etc/bash.bashrc +echo "alias senable='sudo systemctl enable'" >> /etc/bash.bashrc +echo "alias sdisable='sudo systemctl disable'" >> /etc/bash.bashrc +echo "alias snano='sudo nano'" >> /etc/bash.bashrc +echo "alias sreboot='sudo reboot'" >> /etc/bash.bashrc +echo "alias spoweroff='sudo poweroff'" >> /etc/bash.bashrc echo "alias tf='sudo tail -f'" >> /etc/bash.bashrc echo "alias aptupy='sudo apt update && sudo apt upgrade -y'" >> /etc/bash.bashrc echo "alias aptiy='sudo apt install -y'" >> /etc/bash.bashrc @@ -119,22 +120,45 @@ echo "alias aptary='sudo apt autoremove -y'" >> /etc/bash.bashrc echo "alias apts='sudo apt search'" >> /etc/bash.bashrc echo "alias aptl='sudo apt list --installed'" >> /etc/bash.bashrc echo "alias aptsh='sudo apt show'" >> /etc/bash.bashrc -echo "alias aptac='sudo apt-get autoclean'" >> /etc/bash.bashrc +echo "alias aptac='sudo apt autoclean'" >> /etc/bash.bashrc echo "alias dpkgi='sudo dpkg -i'" >> /etc/bash.bashrc -echo "alias sreboot='sudo reboot'" >> /etc/bash.bashrc -echo "alias spoweroff='sudo poweroff'" >> /etc/bash.bashrc echo "alias tmuxls='tmux ls'" >> /etc/bash.bashrc echo "alias tmuxa='tmux attach -t'" >> /etc/bash.bashrc -echo "alias dc='docker compose'" >> /etc/bash.bashrc -echo "alias dcup='docker compose up -d'" >> /etc/bash.bashrc -echo "alias dcdown='docker compose down'" >> /etc/bash.bashrc -echo "alias dcpull='docker compose pull'" >> /etc/bash.bashrc -echo "alias dps='docker ps'" >> /etc/bash.bashrc -echo "alias dstart='docker start'" >> /etc/bash.bashrc -echo "alias dstop='docker stop'" >> /etc/bash.bashrc -echo "alias drestart='docker restart'" >> /etc/bash.bashrc -echo "alias dlf='docker logs -f'" >> /etc/bash.bashrc -echo "alias dipaf='docker image prune -a -f'" >> /etc/bash.bashrc +echo "alias hh='hstr'" >> /etc/bash.bashrc +echo "export HSTR_CONFIG=hide-help,hicolor,prompt-bottom,ignorespace,raw-history-view" >> /etc/bash.bashrc + +# docker aliases +if [[ -f /etc/apt/keyrings/docker.gpg ]] + then + echo "alias dc='docker compose'" >> /etc/bash.bashrc + echo "alias dcup='docker compose up -d'" >> /etc/bash.bashrc + echo "alias dcdown='docker compose down'" >> /etc/bash.bashrc + echo "alias dcpull='docker compose pull'" >> /etc/bash.bashrc + echo "alias dps='docker ps'" >> /etc/bash.bashrc + echo "alias dstart='docker start'" >> /etc/bash.bashrc + echo "alias dstop='docker stop'" >> /etc/bash.bashrc + echo "alias drestart='docker restart'" >> /etc/bash.bashrc + echo "alias dlf='docker logs -f'" >> /etc/bash.bashrc + echo "alias dipaf='docker image prune -a -f'" >> /etc/bash.bashrc + echo "alias deit='docker exec -it'" >> /etc/bash.bashrc + echo "alias lzd='lazydocker'" >> /etc/bash.bashrc +fi + +# create copy of file before editing +if [[ ! -f /usr/local/bin/cpb ]]; then +cat <<'EOF' >> /usr/local/bin/cpb +#!/bin/bash + +if [ $# -eq 1 ] +then + cp -pvi "$1" "${1}.bak" +else + echo "Info: $0 copies to a backup file" + echo "Usage: $0 " +fi +EOF +chmod +x /usr/local/bin/cpb +fi # create tmux config rm /etc/tmux.conf* > /dev/null 2>&1 @@ -142,11 +166,183 @@ echo "unbind C-b" >> /etc/tmux.conf echo "set-option -g prefix C-a" >> /etc/tmux.conf echo "bind-key C-a send-prefix" >> /etc/tmux.conf -# create credentials and map network drives -isInFile=$(cat /etc/fstab | grep -c "192.168.1.41") -if [ $isInFile -eq 0 ]; then - mkdir /mnt/truenasdata > /dev/null 2>&1 - chown akanealw:akanealw /mnt/truenasdata - echo "# nfs shares" >> /etc/fstab - echo "192.168.1.41:/mnt/data /mnt/truenasdata nfs defaults,nolock,soft,vers=4.2 0 0" >> /etc/fstab +# configure email for sending notifications +isInFile=$(cat /etc/postfix/main.cf | grep -c "gmail") +if [ $isInFile -eq 0 ] + then + DEBIAN_FRONTEND=noninteractive apt-get install -y libsasl2-modules mailutils postfix postfix-pcre + echo "smtp.gmail.com notify.akanealw@gmail.com:leawkqqpthbwacrf" > /etc/postfix/sasl_passwd + echo "/^From:.*/ REPLACE From: $(hostname) " > /etc/postfix/smtp_header_checks + chmod 600 /etc/postfix/sasl_passwd + postmap hash:/etc/postfix/sasl_passwd + postmap hash:/etc/postfix/smtp_header_checks + sed -i 's@relayhost =@#relayhost = @g' /etc/postfix/main.cf + sed -i 's@smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache@#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache@g' /etc/postfix/main.cf + echo "" >> /etc/postfix/main.cf + echo "# google mail configuration" >> /etc/postfix/main.cf + echo "relayhost = smtp.gmail.com:587" >> /etc/postfix/main.cf + echo "smtp_use_tls = yes" >> /etc/postfix/main.cf + echo "smtp_sasl_auth_enable = yes" >> /etc/postfix/main.cf + echo "smtp_sasl_security_options =" >> /etc/postfix/main.cf + echo "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" >> /etc/postfix/main.cf + echo "smtp_tls_CAfile = /etc/ssl/certs/Entrust_Root_Certification_Authority.pem" >> /etc/postfix/main.cf + echo "smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache" >> /etc/postfix/main.cf + echo "smtp_tls_session_cache_timeout = 3600s" >> /etc/postfix/main.cf + echo "smtp_header_checks = pcre:/etc/postfix/smtp_header_checks" >> /etc/postfix/main.cf + echo "" >> /etc/postfix/main.cf + postfix reload + echo "This is a test message sent from postfix on $(hostname)" | mail -s "Test Email from $(hostname)" akanealw@gmail.com + else + echo "Email already configured." +fi + +# sshd config +cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak > /dev/null 2>&1 +isInFile=$(cat /etc/hostname | grep -c "proxmox") +if [ $isInFile -eq 0 ] + then + isInFile=$(cat /etc/ssh/sshd_config | grep -c "#PermitRootLogin prohibit-password") + if [ $isInFile -eq 0 ] + then + sed -i 's/PermitRootLogin no/#PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config + sed -i 's/PermitRootLogin yes/#PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config + sed -i 's/PermitRootLogin prohibit-password/#PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config + fi +fi + +isInFile=$(cat /etc/hostname | grep -c "proxmox") +if [ $isInFile -eq 0 ] + then +# isInFile=$(cat /etc/ssh/sshd_config | grep -c "#PasswordAuthentication no") +# if [ $isInFile -eq 0 ] +# then + sed -i 's/#PasswordAuthentication no/PasswordAuthentication no/g' /etc/ssh/sshd_config + sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config + sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config +# fi +fi + +# authorized_keys akanealw +cp /home/akanealw/.ssh/authorized_keys /home/akanealw/.ssh/authorized_keys.bak > /dev/null 2>&1 +isInFile=$(cat /home/akanealw/.ssh/authorized_keys | grep -c "winpc-akanealw") +if [ $isInFile -eq 0 ] + then + echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBKYj+eRQsvdLvrJNoqugb9A7iQT+BEPb6LI9BseyhWR winpc-akanealw" >> /home/akanealw/.ssh/authorized_keys + chown akanealw:akanealw /home/akanealw/.ssh/* + chmod 600 /home/akanealw/.ssh/* +fi + +isInFile=$(cat /home/akanealw/.ssh/authorized_keys | grep -c "server-akanealw") +if [ $isInFile -eq 0 ] + then + echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAiw0sQxxTg/zBm/Hz4LLjtiuGfefF2vogGkYcWox4S server-akanealw" >> /home/akanealw/.ssh/authorized_keys + chown akanealw:akanealw /home/akanealw/.ssh/* + chmod 600 /home/akanealw/.ssh/* +fi + +# authorized_keys root +cp /root/.ssh/authorized_keys /root/.ssh/authorized_keys.bak +isInFile=$(cat /root/.ssh/authorized_keys | grep -c "winpc-root") +if [ $isInFile -eq 0 ] + then + echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBI/kuy/SVCxShVBNtWtNREX9cpWrlsthV3z15ky+bPy winpc-root" >> /root/.ssh/authorized_keys + chmod 600 /root/.ssh/authorized_keys +fi + +isInFile=$(cat /root/.ssh/authorized_keys | grep -c "server-root") +if [ $isInFile -eq 0 ] + then + echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHWiw5lVzQIZiZc1SPphvHhdSpFl9UN6Xm4znFqq5xs4 server-root" >> /root/.ssh/authorized_keys + chmod 600 /root/.ssh/authorized_keys +fi + +# config /home/akanealw/.ssh/ +isInFile=$(cat /home/akanealw/.ssh/config | grep -c "*-root") +if [ $isInFile -eq 0 ] + then + cp /home/akanealw/.ssh/config /home/akanealw/.ssh/config.bak > /dev/null 2>&1 + mv /home/akanealw/.ssh/known_hosts /home/akanealw/.ssh/known_hosts.old > /dev/null 2>&1 + echo "" >> /home/akanealw/.ssh/config + echo "" >> /home/akanealw/.ssh/config + echo "Host *-root" >> /home/akanealw/.ssh/config + echo "User root" >> /home/akanealw/.ssh/config + echo "IdentityFile /root/.ssh/server-root" >> /home/akanealw/.ssh/config + echo "" >> /home/akanealw/.ssh/config + echo "Host *" >> /home/akanealw/.ssh/config + echo "Port 22" >> /home/akanealw/.ssh/config + echo "User akanealw" >> /home/akanealw/.ssh/config + echo "IdentityFile /home/akanealw/.ssh/server-akanealw" >> /home/akanealw/.ssh/config + chown akanealw:akanealw /home/akanealw/.ssh/* + chmod 600 /home/akanealw/.ssh/* +fi + +# config /root/.ssh/ +isInFile=$(cat /root/.ssh/config | grep -c "*-root") +if [ $isInFile -eq 0 ] + then + cp /root/.ssh/config /root/.ssh/config.bak > /dev/null 2>&1 + mv /root/.ssh/known_hosts /root/.ssh/known_hosts.old > /dev/null 2>&1 + echo "" >> /root/.ssh/config + echo "" >> /root/.ssh/config + echo "Host *-root" >> /root/.ssh/config + echo "User root" >> /root/.ssh/config + echo "IdentityFile /root/.ssh/server-root" >> /root/.ssh/config + echo "" >> /root/.ssh/config + echo "Host *" >> /root/.ssh/config + echo "Port 22" >> /root/.ssh/config + echo "User akanealw" >> /root/.ssh/config + echo "IdentityFile /home/akanealw/.ssh/server-akanealw" >> /root/.ssh/config + chmod 600 /root/.ssh/* +fi + +# server-akanealw +if [[ ! -f /home/akanealw/.ssh/server-akanealw ]] + then + echo "-----BEGIN OPENSSH PRIVATE KEY-----" > /home/akanealw/.ssh/server-akanealw + echo "b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW" >> /home/akanealw/.ssh/server-akanealw + echo "QyNTUxOQAAACBgIsNLEMcU4P8wZvx8+Cy47Yrhn3nxdr6IBpGHFqMeEgAAAJgPgcu8D4HL" >> /home/akanealw/.ssh/server-akanealw + echo "vAAAAAtzc2gtZWQyNTUxOQAAACBgIsNLEMcU4P8wZvx8+Cy47Yrhn3nxdr6IBpGHFqMeEg" >> /home/akanealw/.ssh/server-akanealw + echo "AAAEDalS9Q+0KRMMqOXnie/d0uckbLIePYYY7DOqs8cJ7UF2Aiw0sQxxTg/zBm/Hz4LLjt" >> /home/akanealw/.ssh/server-akanealw + echo "iuGfefF2vogGkYcWox4SAAAAD3NlcnZlci1ha2FuZWFsdwECAwQFBg==" >> /home/akanealw/.ssh/server-akanealw + echo "-----END OPENSSH PRIVATE KEY-----" >> /home/akanealw/.ssh/server-akanealw + chown akanealw:akanealw /home/akanealw/.ssh/* + chmod 600 /home/akanealw/.ssh/* +fi + +# server-root +if [[ ! -f /root/.ssh/server-root ]] + then + echo "-----BEGIN OPENSSH PRIVATE KEY-----" > /root/.ssh/server-root + echo "b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW" >> /root/.ssh/server-root + echo "QyNTUxOQAAACB1osOZVc0CGYmXNUj6Ybx4XUqRZfVDel5uM5xaqucbOAAAAJAnxfYyJ8X2" >> /root/.ssh/server-root + echo "MgAAAAtzc2gtZWQyNTUxOQAAACB1osOZVc0CGYmXNUj6Ybx4XUqRZfVDel5uM5xaqucbOA" >> /root/.ssh/server-root + echo "AAAEBUjm9GcUvXzKnpiw0aYd+Ca7+LAWuq0u6l0FjPQyQjd3Wiw5lVzQIZiZc1SPphvHhd" >> /root/.ssh/server-root + echo "SpFl9UN6Xm4znFqq5xs4AAAAC3NlcnZlci1yb290AQI=" >> /root/.ssh/server-root + echo "-----END OPENSSH PRIVATE KEY-----" >> /root/.ssh/server-root + chmod 600 /root/.ssh/* +fi + +# restart sshd +systemctl restart ssh +systemctl restart sshd + +# lock root +isInFile=$(cat /etc/hostname | grep -c "BackupServer") +if [ $isInFile -eq 0 ] + then + if [[ -d /home/akanealw ]] + then + isInFile=$(cat /etc/shadow | grep -c 'root:!') + if [ $isInFile -eq 0 ] + then + passwd -l root + skill -KILL -u root + exit + else + echo "root account already locked." + exit + fi + else + echo "akanealw account not found, not locking root." + fi fi