Antergos Server Base

by lots0logs
6 deployments · 3 still active · last rev. 10 months ago

Compatible with: Arch 2017.07.01
						#!/bin/bash
# -*- coding: utf-8 -*-
#
#  Antergos StackScript
#
#  Copyright (c) 2017 Antergos
#
#  Antergos StackScript is free software; you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 3 of the License, or
#  (at your option) any later version.
#
#  Antergos StackScript is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  The following additional terms are in effect as per Section 7 of the license:
#
#  The preservation of all legal notices and author attributions in
#  the material or in the Appropriate Legal Notices displayed
#  by works containing it is required.
#
#  You should have received a copy of the GNU General Public License
#  along with Antergos StackScript; If not, see <http://www.gnu.org/licenses/>.

###
##
#   User Defined Variables
##
###

# <UDF name="_hostname" Label="Hostname"       default="antergos"        example="" />
# <UDF name="_timezone" Label="Timezone"       default="America/Chicago" example="" />
# <UDF name="_username" Label="Username"       default="antergos"        example="" />
# <UDF name="_password" Label="Password"                                 example="" />
# <UDF name="_pubkey"   Label="SSH Public Key"                           example="" />
# <UDF name="_ssh_port" Label="SSH Port"                                 example="" />


source <ssinclude StackScriptID=1>


###
##
#   Script Variables
##
###

steps=(
	'update_keyring'
	'set_hostname'
	'set_timezone'
	'add_user'
	'setup_ssh'
	'setup_fail2ban'
	'setup_firewall'
	'install_docker'
	'update_packages'
	'setup_grub'
)



###
##
#   Utility Functions
##
###

_add_host_entry() {
	local IPADDR="$1" # The IP address to set a hosts entry for
	local FQDN="$2"   # The FQDN to set to the IP

	if [[ -z "${IPADDR}" || -z "${FQDN}" ]]; then
		echo 'IP address and/or FQDN Undefined' >&2
		return 1;
	fi

	echo "${IPADDR}" "${FQDN}" >> /etc/hosts
}

_add_user() {
	local USERNAME="$1" # Required - username
	local USERPASS="$2" # Required - password

	if [[ -z "${USERNAME}" || -z "${USERPASS}" ]]; then
		echo 'No new username and/or password entered' >&2
		return 1;
	fi

	{ useradd "${USERNAME}" \
		&& echo "${USERNAME}:${USERPASS}" | chpasswd \
		&& usermod -aG wheel "${USERNAME}" \
		&& return 0; } || return 1
}

_cd() {
	cd "$1" || return 1
}

_get_primary_ip() {
	# returns the primary IP assigned to eth0
	ifconfig eth0 | awk -F: '/inet addr:/ {print $2}' | awk '{ print $1 }'
}

_log_failed_step() {
	echo "$1" >> /var/log/stackscript.error.log
}

_pacman() {
	pacman -S --noconfirm "$@"
}

_set_ssh_config() {
	sed -i "s/#?Port 22/Port ${_SSH_PORT}/g;
		s/#?PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config \
		&& systemctl restart sshd
}

_setup_firewall() {
	_cd /tmp \
		&& git clone https://github.com/lots0logs/iptables-boilerplate.git \
		&& _cd iptables-boilerplate \
		&& cp -r etc/firewall /etc \
		&& sed -ri "s@22(\/[tu][cd]p)@${_SSH_PORT}\1@g" /etc/firewall/services.conf \
		&& cp firewall /usr/bin \
		&& chmod +x /usr/bin/firewall \
		&& cat <<- EOF > /etc/systemd/system/firewall.service
			[Unit]
			Description=Firewall

			[Service]
			Type=oneshot
			RemainAfterExit=yes
			ExecStart=/usr/bin/firewall start
			ExecStop=/usr/bin/firewall stop

			[Install]
			WantedBy=multi-user.target

			EOF

	systemctl daemon-reload && systemctl enable firewall
}

_setup_grub() {
	cat <<- EOF > /etc/default/grub
		GRUB_TIMEOUT=10
		GRUB_CMDLINE_LINUX='console=ttyS0,19200n8 cgroup_enable=memory swapaccount=1 transparent_hugepage=never'
		GRUB_DISABLE_LINUX_UUID=true
		GRUB_SERIAL_COMMAND='serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1'
		GRUB_TERMINAL=serial

		EOF

	grub-mkconfig -o /boot/grub/grub.cfg
}



###
##
#   Configuration Steps
##
###

add_user() {
	_add_user "${_USERNAME}" "${_PASSWORD}"
}

apply_configuration() {
	for step in "${steps[@]}"
	do
		"${step}" || _log_failed_step "${step}"
	done

	[[ -f /var/log/stackscript.error.log ]] && return 1

	return 0
}

install_docker() {
	_pacman docker && systemctl enable docker
}

set_hostname() {
	hostnamectl set-hostname "${_HOSTNAME}"
}

set_timezone() {
	timedatectl set-timezone "${_TIMEZONE}"
}

setup_ssh() {
	user_add_pubkey "${_USERNAME}" "${_PUBKEY}"
	user_add_pubkey root "${_PUBKEY}"
	ssh_disable_root && _set_ssh_config
}

setup_fail2ban() {
	_pacman fail2ban && systemctl enable fail2ban
}

setup_firewall() {
	_pacman git && _setup_firewall
}

setup_grub() {
	_pacman linux grub && _setup_grub
}

update_keyring() {
	pacman -Syy --noconfirm pacman-mirrorlist archlinux-keyring
}

update_packages() {
	pacman -Syu --noconfirm
}



###
##
#   Apply Configuration
##
###

{ apply_configuration && systemctl reboot; } >> /var/log/stackscript.log