Last active
December 14, 2020 16:14
-
-
Save kgadek/8df9cf77b799bc3c4478e32b43ee096e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env sh | |
| # vim: foldmethod=marker | |
| # ------------------------------------------------------------------------------ | |
| # Run in cloud-init. | |
| # ------------------------------------------------------------------------------ | |
| # {{{ Configuration | |
| : "${user:=konrad}" | |
| # }}}--------------------------------------------------------------------------- | |
| #{{{ users: add $user | |
| useradd "$user" | |
| usermod -a -G wheel "$user" | |
| #}}} | |
| #{{{ sudo: password-less sudo | |
| echo '%wheel ALL=(ALL) NOPASSWD: ALL' | EDITOR='tee -a' visudo | |
| #}}} | |
| #{{{ [user:$user] ssh: copy authorized_keys | |
| mkdir "~$user/.ssh" | |
| cp /root/.ssh/authorized_keys "~$user/.ssh/" | |
| chmod 700 "~$user/.ssh/" | |
| chmod 600 "~$user/.ssh/authorized_keys" | |
| chown -R "$user:$user" "~$user/.ssh/" | |
| #}}} | |
| #{{{ mosh: install & enable | |
| dnf install mosh | |
| firewall-cmd --add-service=mosh --permanent | |
| firewall-cmd --reload | |
| #}}} | |
| #{{{ sshd: disable remote root login | |
| sed -i -E 's/^(PermitRootLogin) yes$/\1 no/' /etc/ssh/sshd_config | |
| #}}} | |
| ##{{{ [user:"$user"] rust: install | |
| #curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sudo -u "$user" sh -s -- -y --profile complete -y | |
| ##}}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env sh | |
| # vim: foldmethod=marker | |
| set -euo pipefail | |
| #{{{ OS detection bloat | |
| echo "-[ OS ]--- Detecting" | |
| set -x; { | |
| MACHINE_KERNEL_NAME="$(uname -s)" | |
| MACHINE_HWTYPE="$(uname -m)" | |
| MACHINE_KERNEL_VERSION="$(uname -v)" | |
| }; set +x | |
| #}}} | |
| #{{{ Case: iPad iSH | |
| #{{{ Detection bloat | |
| if [ "${MACHINE_KERNEL_NAME}" = "Linux" \ | |
| -a "${MACHINE_HWTYPE}" = "i686" \ | |
| -a "$(echo "${MACHINE_KERNEL_VERSION}" | cut -c 1-3)" = "iSH" \ | |
| -a -f /etc/alpine-release ]; | |
| then | |
| #}}} | |
| echo "-[ OS ]--- Detected: iPad iSH with Alpine" | |
| #{{{ Install packages | |
| set -- bash git openssh-client openssh-keygen | |
| echo "-[ APK ]--- Ensuring packages installed: $*" | |
| apk add --cache-max-age 1440 "$@" | |
| #}}} | |
| #{{{ SSH: ensure key exists | |
| echo "-[ SSH ]--- Ensuring key file ~/.ssh/ed25519 exists" | |
| if [ ! -f ~/.ssh/id_ed25519 ]; then | |
| echo "-[ SSH ]--- Creating key file" | |
| ssh-keygen -t ed25519 -C "[email protected]" -f ~/.ssh/id_ed25519 -N "" | |
| echo "-[ ~/.ssh/id_ed25519.pub ]-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-" | |
| cat ~/.ssh/id_ed25519.pub | |
| echo "-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-" | |
| read -p "Add key above to GitHub and press any key... " -n 1 | |
| echo | |
| else | |
| echo "-[ SSH ]--- Found. Assuming it's already added to GitHub" | |
| fi | |
| #}}} | |
| #{{{ SSH: approve GitHub fingerprint | |
| echo "-[ SSH ]--- Ensuring GitHub fingerprint recognized" | |
| touch ~/.ssh/known_hosts | |
| cat ~/.ssh/known_hosts > ~/.ssh/known_hosts.plus | |
| echo "github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==" >> ~/.ssh/known_hosts.plus | |
| sort ~/.ssh/known_hosts.plus | uniq > ~/.ssh/known_hosts | |
| rm ~/.ssh/known_hosts.plus | |
| #}}} | |
| #{{{ Core binaries | |
| mkdir -p ~/.local/bin/ | |
| #{{{ Ensure mst is available | |
| echo "-[ MST ]--- Ensuring mst is available" | |
| if [ ! -x ~/.local/bin/mst ]; then | |
| echo "-[ MSH ]--- Obtaining v0.0.1 of msh." | |
| wget -q -O ~/.local/bin/mst https://github.com/kgadek/mst/releases/download/v0.0.1/mst.i686-ish-linux | |
| chmod +x ~/.local/bin/mst | |
| else | |
| echo "-[ MSH ]--- Found." | |
| fi | |
| #}}} | |
| #{{{ Ensure yadm is available | |
| echo "-[ YADM ]--- Ensuring yadm with mst support is available" | |
| wget -q -P ~/.local/bin/ https://raw.githubusercontent.com/kgadek/yadm-bin/master/yadm | |
| chmod +x ~/.local/bin/yadm | |
| #}}} | |
| #}}} | |
| #{{{ Bootstrap into yadm | |
| echo "-[ YADM ]--- Running clone & bootstrap" | |
| export YADMBOOTSTRAP_CLASS=PERSONAL | |
| export PATH="${PATH}:${HOME}/.local/bin" | |
| exec yadm clone --bootstrap [email protected]:kgadek/yadm.git | |
| #}}} | |
| #}}} | |
| #{{{ Unknown case | |
| else | |
| echo "-[ OS ]--- Unknown target. ERROR" >&2 | |
| exit 1 | |
| fi | |
| #}}} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment