-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsetup-chrooted.sh
executable file
·100 lines (76 loc) · 3.07 KB
/
setup-chrooted.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#! /bin/bash
# This script has to be executed after a chroot
cd /usr/local/bin
rm -rf arch-linux-server
git clone https://github.com/jaapjansma/arch-linux-server.git
new_hostname=`cat /root/config/hostname`
admin_username=`cat /root/config/admin_username`
admin_user_email=`cat /root/config/admin_user_email`
ln -s /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime
hwclock --systohc --utc
sed -i 's/#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen
locale-gen
echo "LANG=en_US.UTF-8" > /etc/locale.conf
systemctl enable [email protected]
systemctl start [email protected]
touch /etc/iptables/iptables.rules
systemctl enable iptables
systemctl start iptables
echo "[archlinuxfr]
SigLevel = Never
Server = http://repo.archlinux.fr/\$arch" >> /etc/pacman.conf
pacman --noconfirm -Sy vim grub sudo openssh openssl yaourt certbot python3
mkinitcpio -p linux
grub-install --target=i386-pc /dev/vda
grub-mkconfig -o /boot/grub/grub.cfg
mkdir /var/yaourt
chmod a+w /var/yaourt
sed -i 's/#TMPDIR="\/tmp"/TMPDIR="/var/yaourt"/g' /etc/yaourtrc
mkdir /etc/skel/tmp
mkdir /etc/skel/bin
echo "export PATH=\$PATH:~/bin" >> /etc/skel/.bashrc
echo "%wheel ALL=(ALL) ALL" >> /etc/sudoers
systemctl enable sshd
systemctl start sshd
# Install outgoing mailserver
arch-linux-server/mailserver/only_outgoing.sh
# Create a default certificate
certbot certonly --standalone -d $new_hostname --email $admin_user_email --agree-tos
ln -s /etc/letsencrypt/live/$new_hostname /etc/letsencrypt/root
cp arch-linux-server/config/etc/systemd/system/certbot.timer /etc/systemd/system/certbot.timer
cp arch-linux-server/config/etc/systemd/system/certbot.service /etc/systemd/system/certbot.service
systemctl daemon-reload
systemctl enable certbot.timer
systemctl start certbot.timer
# Add users
useradd -m -G wheel ${admin_username}
mkdir -p /home/${admin_username}/.ssh
if [ -f "arch-linux-server/public_keys/${admin_username}/id_rsa.pub" ]
then
cp arch-linux-server/public_keys/$admin_username/id_rsa.pub /home/$admin_username/.ssh/authorized_keys
fi
chown -R $admin_username.$admin_username /home/${admin_username}/.ssh
random_passwd_root=$(cat /dev/urandom | tr -dc "a-zA-Z0-9!@#$%^&*()_+?><~\;" | fold -w 32 | head -n 1)
random_passwd_user=$(cat /dev/urandom | tr -dc "a-zA-Z0-9!@#$%^&*()_+?><~\;" | fold -w 32 | head -n 1)
echo -e "root:$random_passwd_root" | chpasswd
echo -e "$admin_username:$random_passwd_user" | chpasswd
mkdir /var/www
chmod a+x /var/www
ln -s /var/www /home/$admin_username/www
mkdir /var/mails
chmod 777 /var/mails
echo "root@$new_hostname
$admin_user_email
New server ready
Your server is ready below are your login details.
Login with ssh at $new_hostname
User: $admin_username
Password: $random_passwd_user
Root passwd: $random_passwd_root
" > /var/mails/newserver.email
echo ${admin_username} >> /root/.forward
echo ${admin_user_email} >> /home/$admin_username/.forward
chown $admin_username.$admin_username /home/$admin_username/.forward
cp arch-linux-server/config/etc/systemd/system/post-installation.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable post-installation.service