108 lines
3.1 KiB
Bash
Executable File
108 lines
3.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
SOURCE_DIR=$(realpath $(dirname "${0}"))
|
|
|
|
# Uninstall unnecessary packages
|
|
apt-get -y purge bsdmainutils dictionaries-common emacsen-common iamerican ibritish ienglish-common installation-report ispell laptop-detect nano os-prober task-english tasksel tasksel-data wamerican
|
|
|
|
# Install useful packages
|
|
apt-get -y update
|
|
apt-get -y --no-install-recommends install bash-completion ca-certificates git ntp openssl sudo unzip vim
|
|
|
|
|
|
######
|
|
# OpenSSH and user settings
|
|
#####
|
|
|
|
# Install OpenSSH server
|
|
apt-get -y --no-install-recommends install openssh-server
|
|
mkdir ~/.ssh
|
|
|
|
# Copy profile files
|
|
cp ${SOURCE_DIR}/basic/root/.bashrc /root/.bashrc
|
|
cp ${SOURCE_DIR}/basic/root/.vimrc /root/.vimrc
|
|
cp ${SOURCE_DIR}/basic/root/.ssh/authorized_keys /root/.ssh/authorized_keys
|
|
|
|
# Remove default user
|
|
deluser --remove-all-files user 2>/dev/null
|
|
|
|
|
|
#####
|
|
# System boot
|
|
#####
|
|
|
|
# Rename encrypted partition
|
|
sed -i 's/sda2_crypt/system/' /etc/crypttab
|
|
dmsetup rename sda2_crypt system
|
|
|
|
# Suppress warnings during boot
|
|
cp ${SOURCE_DIR}/basic/usr/share/initramfs-tools/scripts/local-top/lvm2 /usr/share/initramfs-tools/scripts/local-top/lvm2
|
|
cp ${SOURCE_DIR}/basic/usr/share/initramfs-tools/scripts/local-top/cryptroot /usr/share/initramfs-tools/scripts/local-top/cryptroot
|
|
|
|
# Set GRUB options
|
|
cp ${SOURCE_DIR}/basic/etc/default/grub /etc/default/grub
|
|
|
|
# Set legal banner with URL + latin2 character set
|
|
cp ${SOURCE_DIR}/basic/etc/default/console-setup /etc/default/console-setup
|
|
cp ${SOURCE_DIR}/basic/etc/issue /etc/issue
|
|
|
|
# Forbid login on tty1, disable tty2-6
|
|
cp ${SOURCE_DIR}/basic/lib/systemd/system/getty@.service /lib/systemd/system/getty@.service
|
|
systemctl mask getty-static
|
|
|
|
# Update initramfs and GRUB
|
|
update-initramfs -u
|
|
update-grub
|
|
|
|
|
|
#####
|
|
# LXC
|
|
#####
|
|
|
|
# Install packages
|
|
apt-get -y --no-install-recommends install lxc debootstrap rsync dnsmasq-base xz-utils
|
|
|
|
# Configure LXC
|
|
cp ${SOURCE_DIR}/basic/etc/default/lxc-net /etc/default/lxc-net
|
|
cp ${SOURCE_DIR}/basic/etc/lxc/default.conf /etc/lxc/default.conf
|
|
|
|
# Restart services
|
|
systemctl start lxc-net lxc
|
|
|
|
|
|
#####
|
|
# Nginx + uWSGI
|
|
#####
|
|
|
|
# Install packages
|
|
apt-get -y --no-install-recommends install nginx-light uwsgi uwsgi-plugin-python
|
|
|
|
# Create a self-signed certificate
|
|
openssl req -x509 -new -out /etc/ssl/certs/services.pem -keyout /etc/ssl/private/services.key -nodes -days 3654 -subj "/C=CZ/CN=$(hostname -f)"
|
|
chmod 640 /etc/ssl/private/services.key
|
|
|
|
# Modify default nginx site
|
|
mkdir /etc/nginx/apps-available /etc/nginx/apps-enabled
|
|
mkdir /srv/portal
|
|
cp ${SOURCE_DIR}/basic/etc/nginx/sites-available/default /etc/nginx/sites-available/default
|
|
cp ${SOURCE_DIR}/basic/srv/portal/index.html /srv/portal/index.html
|
|
chown -R www-data:www-data /srv/portal
|
|
|
|
# Restart
|
|
systemctl restart nginx
|
|
|
|
|
|
#####
|
|
# PostgreSQL + PostGIS
|
|
#####
|
|
|
|
# Install packages
|
|
apt-get -y --no-install-recommends -y install postgresql-9.6 postgresql-9.6-postgis postgresql-contrib-9.6
|
|
|
|
# Configure
|
|
cp ${SOURCE_DIR}/basic/etc/postgresql/9.6/main/postgresql.conf /etc/postgresql/9.6/main/postgresql.conf
|
|
cp ${SOURCE_DIR}/basic/etc/postgresql/9.6/main/pg_hba.conf /etc/postgresql/9.6/main/pg_hba.conf
|
|
|
|
# Restart
|
|
systemctl restart postgresql
|