Skip to content

Instantly share code, notes, and snippets.

@rroethof

rroethof/gist:da164684c54cb129e654404e04c159d9

Last active April 6, 2018 05:51
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save rroethof/da164684c54cb129e654404e04c159d9 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save rroethof/da164684c54cb129e654404e04c159d9 to your computer and use it in GitHub Desktop.
Download ZIP
init.sh
Raw
gistfile1.txt
#!/bin/bash
set -e
spinner()
{
local pid=$1
local delay=0.175
local spinstr='|/-\'
local infotext=$2
tput civis;
while [ "$(ps a | awk '{print $1}' | grep $pid)" ]; do
local temp=${spinstr#?}
printf " [%c] %s" "$spinstr" "$infotext"
local spinstr=$temp${spinstr%"$temp"}
sleep $delay
printf "\b\b\b\b\b\b"
for i in $(seq 1 ${#infotext}); do
printf "\b"
done
done
printf " \b\b\b\b"
tput cnorm;
}
# set defaults
default_hostname="$(hostname)"
default_domain="familieroethof.local"
default_ip="192.168.100.190"
tmp=$(pwd)
clear
# check for root privilege
if [ "$(id -u)" != "0" ]; then
echo " this script must be run as root" 1>&2
echo
exit 1
fi
# check for interactive shell
if ! grep -q "noninteractive" /proc/cmdline ; then
stty sane
# ask questions
read -ep " please enter your preferred hostname: " -i "$default_hostname" hostname
read -ep " please enter your preferred domain: " -i "$default_domain" domain
read -ep " please enter the required ip: " -i "$default_ip" ipaddress
fi
# print status message
echo " preparing your server; this may take a few minutes ..."
# set fqdn
fqdn="$hostname.$domain"
# update hostname
echo "$hostname" > /etc/hostname
hostnamectl set-hostname "$hostname"
cat << EOF > /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto ens18
iface ens18 inet static
address $ipaddress
netmask 255.255.255.0
network 192.168.100.0
gateway 192.168.100.254
broadcast 192.168.100.255
dns-nameservers 8.8.4.4 8.8.8.8
EOF
# update repos
(apt-get -y update > /dev/null 2>&1) & spinner $! "updating apt repository ..."
echo
(apt-get -y upgrade > /dev/null 2>&1) & spinner $! "upgrade os ..."
echo
(apt-get -y dist-upgrade > /dev/null 2>&1) & spinner $! "dist-upgrade os ..."
echo
(apt-get -y autoremove > /dev/null 2>&1) & spinner $! "removing old kernels and packages ..."
echo
(apt-get -y purge > /dev/null 2>&1) & spinner $! "purging removed packages ..."
echo
(apt-get -y install openssh-server git curl vim acpid apt-file bind9-host bzip2 dnsutils emacs24-nox htop nmon ntp rsync slurm sudo tcpdump unzip vim-nox at binutils byobu dstat fping iftop incron iotop ipset jq lsof mc mtr ncdu nmap pciutils rsync screen sl strace tcpdump unzip util-linux whois uuid wget acpid apparmor-utils apparmor-profiles apt-file dnsutils conntrack iptraf-ng lsb-release xfsprogs apt-transport-https software-properties-common sysstat rdnssd > /dev/null 2>&1) & spinner $! "installing extra software ..."
echo
# adding the keys
mkdir -pm 700 /root/.ssh
wget --no-check-certificate https://raw.githubusercontent.com/rroethof/ssh-keys/master/authorized_keys -O /root/.ssh/authorized_keys
chmod 0600 /root/.ssh/authorized_keys
chown -R root:root /root/.ssh
# some cleanup
echo "Cleaning up dhcp leases"
rm /var/lib/dhcp/*
echo "Removing SSH server keys"
rm -f /etc/ssh/*_key*
echo "Removing machine ID"
rm -f /etc/machine-id
rm -f /var/lib/dbus/machine-id
echo "cleaning up udev rules"
rm -rf /dev/.udev/
rm /lib/udev/rules.d/75-persistent-net-generator.rules
echo "Cleaning up tmp"
rm -rf /tmp/*
echo "Cleaning up log files"
rm -f /root/.bash_history
cat << EOF > /etc/sysctl.d/99-disable-ipv6-tempaddr.conf
# On server it's not very useful to have Temporary IPv6 addresses
# Disable them for that reason on all interfaces
net.ipv6.conf.all.use_tempaddr=0
net.ipv6.conf.default.use_tempaddr=0
EOF
cat << EOF > /etc/watchdog.conf
#
# Watchdog configuration for inside KVM/Qemu Virtual Machine with Intel i6300ESB
#
# More information: https://libvirt.org/formatdomain.html#elementsWatchdog
#
# Make sure the i6300esb kernel module is loaded
#
# $ modprobe i6300esb
#
#ping = 172.31.14.1
#ping = 172.26.1.255
#interface = eth0
#file = /var/log/messages
#change = 1407
# Uncomment to enable test. Setting one of these values to '0' disables it.
# These values will hopefully never reboot your machine during normal use
# (if your machine is really hung, the loadavg will go much higher than 25)
#max-load-1 = 24
#max-load-5 = 18
#max-load-15 = 12
# Note that this is the number of pages!
# To get the real size, check how large the pagesize is on your machine.
#min-memory = 1
#repair-binary = /usr/sbin/repair
#repair-timeout =
#test-binary =
#test-timeout =
watchdog-device = /dev/watchdog
# Defaults compiled into the binary
#temperature-device =
#max-temperature = 120
# Defaults compiled into the binary
#admin = root
interval = 5
logtick = 1
log-dir = /var/log/watchdog
# This greatly decreases the chance that watchdog won't be scheduled before
# your machine is really loaded
realtime = yes
priority = 1
# Check if rsyslogd is still running by enabling the following line
#pidfile = /var/run/rsyslogd.pid
EOF
# remove myself to prevent any unintended changes at a later stage
rm $0
# finish
echo " DONE; rebooting ... "
# reboot
shutdown -r now
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment