From d746555b2218f9dc4d62b1935a768c010ce90c95 Mon Sep 17 00:00:00 2001 From: Sean Date: Fri, 2 Aug 2019 11:46:44 -0700 Subject: [PATCH] Support for non-bridged network setup (still requires at least one network interface) --- README.md | 5 +++- maintenance.sh | 22 ++++++++++---- setup.sh | 81 +++++++++++++++++++++++++++----------------------- 3 files changed, 64 insertions(+), 44 deletions(-) diff --git a/README.md b/README.md index 03bd9d5..fdec9d5 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,8 @@ Server Setup Script ===================== -#Use# +#Setup# wget -qO - https://code.totosearch.org/Sean/ServerSetup/raw/branch/master/setup.sh | sudo bash + +#Maintenance# +wget -qO - https://code.totosearch.org/Sean/ServerSetup/raw/branch/master/maintenance.sh | sudo bash \ No newline at end of file diff --git a/maintenance.sh b/maintenance.sh index 5dc7c83..badb848 100644 --- a/maintenance.sh +++ b/maintenance.sh @@ -2,7 +2,7 @@ echo "" echo "Updating local packages..." -errors=`apt-add-repository universe >/dev/null 2>/dev/null && apt update 2>&1 >/dev/null` +errors=`apt-add-repository universe >/dev/null 2>/dev/null && apt-get update 2>&1 >/dev/null && apt-get install -y zfs-initramfs` if [ "$?" = "0" ]; then echo "Done." else @@ -12,7 +12,8 @@ fi echo "" echo "Importing boot pool and main OS pool..." -errors=$(zfs export -a 2>&1 1>/dev/null && zfs import -N -R /mnt rpool 2>&1 1>/dev/null && zfs import -N -R /mnt bpool 2>&1 1>/dev/null && zfs mount rpool/ROOT/ubuntu 2>&1 1>dev/null && zfs mount -a 2>&1 1>/dev/null) +errors=$(zpool export -a 2>&1 1>/dev/null && zpool import -N -R /mnt rpool 2>&1 1>/dev/null && zpool import -N -R /mnt bpool 2>&1 1>/dev/null && zfs mount rpool/ROOT/ubuntu 2>&1 1>/dev/null) +# && zfs mount -a 2>&1 1>/dev/null if [ "$?" = "0" ]; then echo "Done." else @@ -31,10 +32,19 @@ fi echo "Done." echo "" -echo "Entering chroot..." -echo "Please execute \"mount /boot\" to access boot partition, type exit to leave:" +echo "Entering chroot, type \"exit\" to leave..." echo "" -chroot /mnt /bin/bash --login + +echo "#!/bin/bash" > /mnt/maintenance.sh +chmod +x /mnt/maintenance.sh +echo "zfs mount -a && mount /boot" >> /mnt/maintenance.sh +echo "/bin/bash" >> /mnt/maintenance.sh +echo "umount /boot" >> /mnt/maintenance.sh +echo "zfs umount -a" >> /mnt/maintenance.sh + +chroot /mnt /maintenance.sh --login < /dev/tty + +rm /mnt/maintenance.sh if ! [ "$?" = "0" ]; then echo "Chroot failed with an error" @@ -45,7 +55,7 @@ fi echo "" echo "Unbinding mounts..." -errors=$(mount | grep -v zfs | tac | awk '/\/mnt/ {print $3}' | xargs -i{} umount -lf {} 2>&1 1>/dev/null && zpool export -a 2>&1 1>/dev/null) +errors=`mount | grep -v zfs | tac | awk '/\\/mnt/ {print \$3}' | xargs -i{} umount -lf \{\} 2>&1 1>/dev/null && zpool export -a 2>&1 1>/dev/null` if ! [ "$?" = "0" ]; then echo "Failed to unbind mounts - $errors" exit 4 diff --git a/setup.sh b/setup.sh index 79ce06e..89184db 100644 --- a/setup.sh +++ b/setup.sh @@ -58,7 +58,12 @@ swapspace=$(($swapspace * `getconf PAGESIZE`)) # 20% swap space with 2G minimum if [ "$swapspace" -lt "2048000" ]; then swapspace="2048000" ; fi -nics=`dialog --separate-output --no-cancel --no-items --title "Bridged network devices" --checklist "Select the network devices to be bridged to br0:" $height $width ${window}$nicdevices 2>&1 1>/dev/tty` +nics=`dialog --separate-output --no-cancel --no-items --title "Bridged network devices" --checklist "Select the network devices to be bridged to bridge - select none for no bridge:" $height $width ${window}$nicdevices 2>&1 1>/dev/tty` +if [ -z "$nics" ]; then + bridgedevice=`dialog --no-cancel --no-items --title "Configure network devices" --radiolist "NO BRIDGE MODE!\nSelect the network device to configure:" $height $width ${window}$nicdevices 2>&1 1>/dev/tty` +else + bridgedevice="br0" +fi networktype=`dialog --no-items --no-cancel --title "Network type" --radiolist "Select the network type:" 9 40 2 dhcp off static off 2>&1 1>/dev/tty` if [ "$networktype" = "static" ]; then address=""; while [ -z "$address" ]; do address=`dialog --no-cancel --inputbox "IP Address:" 8 40 2>&1 >/dev/tty`; done @@ -335,7 +340,7 @@ echo "cp /usr/share/zoneinfo/$timezone /etc/localtime" >> /mnt/setup-chroot.sh echo "echo \"Done.\"" >> /mnt/setup-chroot.sh echo "echo \"\"" >> /mnt/setup-chroot.sh -echo "echo \"Installing linux image, ifupdown dnsutils nfs-kernel-server apparmor-profiles vim, libvirt-bin, bridge-utils, net-tools, bash, screen, tmux, zfs-initramfs, dosfstools, mailutils, ssmtp, openssh-server, ufw, docker.io, sharutils...\"" >> /mnt/setup-chroot.sh +echo "echo \"Installing linux image, ifupdown, dnsutils, nfs-kernel-server, apparmor-profiles, vim, libvirt-bin, bridge-utils, net-tools, bash, screen, tmux, zfs-initramfs, dosfstools, mailutils, ssmtp, openssh-server, ufw, docker.io, sharutils...\"" >> /mnt/setup-chroot.sh echo "errors=\$(DEBCONF_FRONTEND='noninteractive' apt install -y --no-install-recommends linux-image-generic 2>&1 1>/dev/null && apt purge -y netplan 2>&1 1>/dev/null && apt autoremove -y 2>&1 1>/dev/null && DEBCONF_FRONTEND='noninteractive' apt install -y ifupdown efibootmgr htop iotop smartmontools dnsutils nfs-kernel-server apparmor-profiles vim libvirt-bin bridge-utils net-tools bash screen tmux zfs-initramfs dosfstools mailutils ssmtp openssh-server ufw docker.io sharutils 2>&1 1>/dev/null)" >> /mnt/setup-chroot.sh echo 'if ! [ \"$?\" = \"0\" ]; then '>> /mnt/setup-chroot.sh @@ -493,27 +498,6 @@ echo "chown -R ${admin}:${admin} \"/home/${admin}\"/.ssh" >> /mnt/setup-chroot.s echo "HOME=\"/root\"" >> /mnt/setup-chroot.sh echo "HOSTNAME=\"$hostname\"" >> /mnt/setup-chroot.sh -echo "echo \"FromLineOverride=YES\" > /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh -echo "echo \"root=admin\" >> /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh -echo "echo \"hostname=${fqdn}\" >> /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh -echo "echo \"AuthUser=${email}\" >> /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh -echo "echo \"AuthPass=${emailpassword}\" >> /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh -echo "echo \"mailhub=${smtp}\" >> /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh -echo "echo \"UseSTARTTLS=YES\" >> /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh -echo "echo \"root:${admins}\" >> /etc/ssmtp/revaliases" >> /mnt/setup-chroot.sh -echo "chfn -f '${email}' root" >> /mnt/setup-chroot.sh -echo "echo \"\"" >> /mnt/setup-chroot.sh -echo "echo \"Sending SSH key via e-mail...\"" >> /mnt/setup-chroot.sh -if [ "$networktype" = "dhcp" ]; then - connection="`hostname -I` (`wget -qO - ifconfig.me`)" -else - connection="$address" -fi - -echo "serverinfo=\`cat \"/home/${admin}/.ssh/id_rsa\"\`" >> /mnt/setup-chroot.sh -echo "serverinfo=\"Server available at $connection\\n\\n\$serverinfo\"; echo -e \"\$serverinfo\" | mail -s \"$hostname SSH key\" -r \"${email}\" \"\`cat /admins\`\"" >> /mnt/setup-chroot.sh -echo "echo \"Done.\"" >> /mnt/setup-chroot.sh - errors=`chmod +x /mnt/setup-chroot.sh 2>&1 1>/dev/null` if ! [ "$?" = "0" ]; then echo "Failed to set execution permission on chroot script - $errors" @@ -552,6 +536,27 @@ echo " exit 122">> /mnt/setup-chroot.sh echo "fi">> /mnt/setup-chroot.sh echo "echo \"Done.\"" >> /mnt/setup-chroot.sh +echo "echo \"\"" >> /mnt/setup-chroot.sh +echo "echo \"Sending SSH key via e-mail...\"" >> /mnt/setup-chroot.sh +if [ "$networktype" = "dhcp" ]; then + connection="`hostname -I` (`wget -qO - ifconfig.me`)" +else + connection="$address" +fi +echo "echo \"FromLineOverride=YES\" > /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh +echo "echo \"root=admin\" >> /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh +echo "echo \"hostname=${fqdn}\" >> /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh +echo "echo \"AuthUser=${email}\" >> /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh +echo "echo \"AuthPass=${emailpassword}\" >> /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh +echo "echo \"mailhub=${smtp}\" >> /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh +echo "echo \"UseSTARTTLS=YES\" >> /etc/ssmtp/ssmtp.conf" >> /mnt/setup-chroot.sh +echo "echo \"root:${admins}\" >> /etc/ssmtp/revaliases" >> /mnt/setup-chroot.sh +echo "chfn -f '${email}' root" >> /mnt/setup-chroot.sh +echo "serverinfo=\`cat \"/home/${admin}/.ssh/id_rsa\"\`" >> /mnt/setup-chroot.sh +echo "serverinfo=\"Server available at $connection\\n\\n\$serverinfo\"; echo -e \"\$serverinfo\" | mail -s \"$hostname SSH key\" -r \"${email}\" \"\`cat /admins\`\"" >> /mnt/setup-chroot.sh +echo "echo \"Done.\"" >> /mnt/setup-chroot.sh + + echo "exit 0" >> /mnt/setup-chroot.sh @@ -574,29 +579,31 @@ echo "" echo "Writing network interfaces file..." macaddr=$(echo $hostname|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/') mkdir -p /mnt/etc/network && mkdir -p /mnt/etc/network/interfaces.d -echo "auto lo br0" > /mnt/etc/network/interfaces.d/br0 -echo "iface lo inet loopback" >> /mnt/etc/network/interfaces.d/br0 +echo "auto lo $bridgedevice" > /mnt/etc/network/interfaces.d/$bridgedevice +echo "iface lo inet loopback" >> /mnt/etc/network/interfaces.d/$bridgedevice niclist="" for nic in `echo "$nics"`; do - echo "iface ${nic} inet manual" >> /mnt/etc/network/interfaces.d/br0 + echo "iface ${nic} inet manual" >> /mnt/etc/network/interfaces.d/$bridgedevice niclist="$niclist $nic" done if [ "$networktype" = "dhcp" ]; then - echo "iface br0 inet dhcp" >> /mnt/etc/network/interfaces.d/br0 + echo "iface $bridgedevice inet dhcp" >> /mnt/etc/network/interfaces.d/$bridgedevice else - echo "iface br0 inet static" >> /mnt/etc/network/interfaces.d/br0 - echo " address $address" >> /mnt/etc/network/interfaces.d/br0 - echo " netmask $subnet" >> /mnt/etc/network/interfaces.d/br0 - echo " gateway $gateway" >> /mnt/etc/network/interfaces.d/br0 + echo "iface $bridgedevice inet static" >> /mnt/etc/network/interfaces.d/$bridgedevice + echo " address $address" >> /mnt/etc/network/interfaces.d/$bridgedevice + echo " netmask $subnet" >> /mnt/etc/network/interfaces.d/$bridgedevice + echo " gateway $gateway" >> /mnt/etc/network/interfaces.d/$bridgedevice sed -ir "s/^#DNS=.*/DNS=${dns1}/g" /mnt/etc/systemd/resolved.conf if ! [ -z "$dns2" ]; then sed -ir "s/^#FallbackDNS=.*/FallbackDNS=${dns2}/g" /mnt/etc/systemd/resolved.conf ; fi fi #echo " bridge_hw $macaddr" >> /mnt/etc/network/interfaces.d/br0 -echo " dns-nameservers 127.0.0.53" >> /mnt/etc/network/interfaces.d/br0 -echo " bridge_waitport 0" >> /mnt/etc/network/interfaces.d/br0 -echo " bridge_fd 0" >> /mnt/etc/network/interfaces.d/br0 -echo " bridge_ports${niclist}" >> /mnt/etc/network/interfaces.d/br0 -echo " bridge_stp on" >> /mnt/etc/network/interfaces.d/br0 +echo " dns-nameservers 127.0.0.53" >> /mnt/etc/network/interfaces.d/$bridgedevice +if [ "$bridgedevice" = "br0" ]; then +echo " bridge_waitport 0" >> /mnt/etc/network/interfaces.d/$bridgedevice +echo " bridge_fd 0" >> /mnt/etc/network/interfaces.d/$bridgedevice +echo " bridge_ports${niclist}" >> /mnt/etc/network/interfaces.d/$bridgedevice +echo " bridge_stp on" >> /mnt/etc/network/interfaces.d/$bridgedevice +fi echo "source-directory /etc/network/interfaces.d" > /mnt/etc/network/interfaces echo "Done." @@ -604,7 +611,7 @@ echo "Done." echo "" echo "Opening SSH port on firewall..." -sed -ir 's/### RULES ###/### RULES ###\n-A ufw-user-input -i br0 -p tcp --dport 22 -j ACCEPT/g' /mnt/etc/ufw/user.rules 2>&1 1>/dev/null +sed -ir 's/### RULES ###/### RULES ###\n-A ufw-user-input -p tcp --dport 22 -j ACCEPT/g' /mnt/etc/ufw/user.rules 2>&1 1>/dev/null echo "Done." # commented out for debugging echo ""