#!/usr/bin/bash ####################################################################### #Script Name: dsktp_setup_artix.sh #Version: 1.6 #Description: Wrapper for installing DA server #Last Modify Date: 070624 ####################################################################### # Banner # ####################################################################### export COLUMNS=100 archsetup_banner() { cat <<"eot" ad88888ba es d8" "8b ds // DdadPPYba, Y8, 88 // HH 8b ,adPPYba, `Y8aaaaa, 88\\' 88 88 8b,dPPYba, a8 44 a8P_____88 `"""""8b, 88 \\ 88 88 88P' "8a 8b 55 8PP""""""" `8b 88 kk 88 88 88 d8 D8 aa "8b, ,aa Y8a a8P 88 s\ "8a, ,a88 88b, ,a8" TTTYbbd8"' `"Ybbd8"' "Y88888P" Y8 e\ `"YbbdP'Y8 88`YbbdP"' 88 88 Author: Brent Dacus eot } ####################################################################### # Variables # ####################################################################### cur_hostname="$(hostname)" serverip="$(ip -4 -o addr show eth0 | awk '{print $4}' | cut -d "/" -f 1)" #serverip6="$(hostname -i | awk '{print $2}')" servername="$(hostname -s)" #svrdomainname="$(hostname -d)" #hstdomainname=thedacus.lan #cpu_cores="$(grep >(tee -a ${LOG_FILE}) 2>&1 ####################################################################### # User Variables # ####################################################################### #rootemail="tech@thedacus.lan" dotfiles=~/.dotfiles pacargs='--needed --noconfirm' bshrc=~/.bashrc bshrcpersn=~/.bashrc-personal limitsconf="/etc/security/limits.conf" sysctlconf="/etc/sysctl.conf" ####################################################################### # Main Util Functions # ####################################################################### mkdir -p ~/artixsetupbuild/ trap '' 2 # ignore ctrl+c ##set PS3 prompt## PS3="Number selection? " linebreak() { printf '%*s\n' "${COLUMNS:-$(tput cols)}" '' | tr ' ' - } dir='' do_install() { printf "Installing %s into %s.\n" "${1}" "${dir}" cd "${dir}" || exit if [ -f "${1}" ]; then doas rm -f "${1}.bak" doas cp -f "${1}" "${1}.bak" doas chmod 600 "${1}.bak" fi doas wget --no-check-certificate -q -O "${1}" "${2}" doas chmod 755 "${1}" } do_setting() { printf "Installing value %s into %s.\n" "${1}" "${2}" printf 'Adding values in to %s.\n Please wait.\n' "${2}" if ! grep -q '#added by DH.' "${2}"; then echo '#added by DH.' | doas tee -a "${2}" fi if grep -q "${1}" "${2}"; then printf '%s exists.\n Skipping.\n' "${1}" else printf '%s does not exist\n' "$1" echo "${1}" | doas tee -a "${2}" fi } doreboot() { printf "Need to reboot? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) doas reboot ;; [Nn]*) ;; esac } cycleswap() { printf "Cycling Swapfile.\n" swapoff -a sleep 10 swapon -a } ####################################################################### # Add Admin User # ####################################################################### addadminuser() { printf "Setup Makepkg.conf\n" doas cp /etc/makepkg.conf /etc/makepkg.conf.bak doas sed -i -e 's/.*MAKEFLAGS=.*/MAKEFLAGS="--jobs=$(nproc)"/g' /etc/makepkg.conf doas sed -i -e 's|b\CFLAGS=.*|CFLAGS="-march=native -mtune=generic -O2 -pipe -fno-plt -fexceptions \\|' /etc/makepkg.conf doas sed -i -e 's/b\RUSTFLAGS=.*/RUSTFLAGS="-Cforce-frame-pointers=yes -C target-cpu=native -C link-arg=-fuse-ld=mold"/' /etc/makepkg.conf doas sed -i -e 's/.*BUILDENV=.*/BUILDENV=(!distcc color ccache check !sign)/g' /etc/makepkg.conf doas sed -i -e 's/.*OPTIONS==.*/OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug !lto)/g' /etc/makepkg.conf doas sed -i -e "s/.*PKGEXT=.*/PKGEXT='.pkg.tar.xz'/g" /etc/makepkg.conf doas sed -i -e 's/.*COMPRESSGZ=.*/COMPRESSGZ=(pigz -c -f -n)/g' /etc/makepkg.conf doas sed -i -e 's/.*COMPRESSBZ2=.*/COMPRESSBZ2=(pbzip2 -c -f)/g' /etc/makepkg.conf printf "Checking if YAY is installed?\n" if ! command -v /usr/bin/yay &>/dev/null; then printf "Yay is not installed.\n" sh -c sudo pacman -S --needed git base-devel && git clone https://aur.archlinux.org/yay.git && cd yay && makepkg -si else printf "Yay is present on System.\n" fi printf "Setting up DOAS file.\n" if ! grep -q "#BD doas file setup" /etc/doas.conf; then sudo tee /etc/doas.conf &>/dev/null </dev/null </dev/null printf "Updating Hardware Clock \n" doas hwclock --systohc printf "\nWe set timezone as:\n" cat /etc/timezone printf "\nDone.\n" fi } ####################################################################### # Set Server Hostname # ####################################################################### creathostname() { # does the Host already exist? unset new_hostname printf "Please enter a Hostname to add: " read -r new_hostname if ! grep -q "$new_hostname" /etc/hosts; then printf 'Hostname not found. adding...\n' printf "Changing hostname %s from to %s...\n" "$cur_hostname" "$new_hostname" echo "$new_hostname" | doas tee /etc/hostname #serverip="$(ip -4 -o addr show eth0 | awk '{print $4}' | cut -d "/" -f)" #servername="$(hostname -s)" echo "${serverip} ${new_hostname} ${servername}" | doas tee -a /etc/hosts printf "\nPrint Host File.\n" doas cat /etc/hosts printf "\nDone.\n" else printf "Hostname exsits.\nAll good.\n" fi } ####################################################################### # Remove Hostnames # ####################################################################### removehosts() { printf "Here is the Host file.\n" cat /etc/hosts printf "\nWhat is the server name or ip to remove? " read -r removehosts doas sed -i.bkp "/$removehosts/d" /etc/hosts printf "Print Host.\n" doas cat /etc/hosts printf "\nDone.\n" while true; do printf "Continue removing? (y/n)?" read -r yn yn=${yn:-n} case $yn in [Yy]*) removehosts break ;; [Nn]*) break ;; esac done } ####################################################################### # Add External Hosts # ####################################################################### addhosts() { # does the Host already exist? unset serverip add_hostname servername printf "Enter Hostname to add:[ IP FDQN Hostname ]: " read -r serverip add_hostname servername if ! grep -q "$add_hostname" /etc/hosts; then printf 'Hostname not found. adding...\n' echo "${serverip} ${add_hostname} ${servername}" | tee -a /etc/hosts printf "Print Host File.\n" cat /etc/hosts printf "Done.\n" else printf "Hostname exsits.\nAll good.\n" fi while true; do printf "Continue adding? (y/n)?" read -r yn yn=${yn:-n} case $yn in [Yy]*) creathostentry break ;; [Nn]*) break ;; esac done } ####################################################################### # Update OS on Server # ####################################################################### serverupdate() { printf "Arch Cleaning and Updating.\n" #doas cleanup yay -Syyu $pacargs printf "Done.\n" } ####################################################################### # Install Standard Packages # ####################################################################### installpreq() { printf "Run Common Software Install? (y/n)?" read -r yn yn=${yn:-n} case $yn in [Yy]*) yay -S ${pacargs} --repo anydesk-bin betterbird-bin bitwarden bleachbit btrfs-assistant btrfs-progs \ brave-bin cmus curtail darktable element-desktop etcher-bin filebot flameshot geany geany-plugins \ gtk2 ivpn-ui handbrake kgpg ktty klavaro librewolf libxcrypt-compat libappindicator-gtk3 linux linux-headers mqtt-explorer \ nfs-utils ntp onlyoffice-bin oscar-bin picard pcloud-drive remmina signal-desktop \ syncthing syncthing-dinit tigervnc variety yubikey-manager-qt ;; [Nn]*) ;; esac printf "Run DOOM install? (y/n)?" read -r yn yn=${yn:-n} case $yn in [Yy]*) rm -Rf "$HOME"/.emac.d git clone --depth 1 https://github.com/doomemacs/doomemacs ~/.config/emacs ~/.config/emacs/bin/doom install ;; [Nn]*) ;; esac printf "Run dotfile install? (y/n)?" read -r yn yn=${yn:-n} case $yn in [Yy]*) printf "Checking if .dotfiles is installed?\n" rm -Rf "$HOME"/dotfiles-artix dsktp_*.sh if [ ! -d "$dotfiles" ] &>/dev/null; then printf "Dotfiles not installed.\n" git clone http://forgejo01.thedacus.lan:3000/regularguy01/dotfiles-artix.git mv ~/dotfiles-artix ~/.dotfiles cd ~/.dotfiles chmod +x *.sh stow . else printf "Dotfiles installed updating.\n" cd "$dotfiles" stow -D . rm -Rf "$HOME"/.dotfiles "$HOME"/dotfiles-artix cd "$HOME" git clone http://forgejo01.thedacus.lan:3000/regularguy01/dotfiles-artix.git mv dotfiles-artix .dotfiles cd "$dotfiles" chmod +x *.sh stow . fi ;; [Nn]*) ;; esac } ####################################################################### # Harden Server # ####################################################################### hardenserver() { printf "Do we need to Secure sshd? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) cursshport="$(grep -m1 -E "Port .*" /etc/ssh/sshd_config)" printf "Enter SSH port to change to: " read -r sshport sshport=${sshport:-14} printf "Set to Port: %s\n" "$sshport" printf "Securing the server, please wait...\n" doas sed -i -e "s/$cursshport/Port ${sshport}/g" /etc/ssh/sshd_config doas sed -i -e 's/.*UseDNS .*/UseDNS no/g' /etc/ssh/sshd_config doas sed -i -e 's/#AddressFamily any/AddressFamily inet/g' /etc/ssh/sshd_config doas sed -i -e 's/#LoginGraceTime 2m/LoginGraceTime 2m/g' /etc/ssh/sshd_config doas sed -i -e 's/#MaxAuthTries 6/MaxAuthTries 5/g' /etc/ssh/sshd_config doas sed -i -e 's/#MaxStartups 10:30:100/MaxStartups 10:30:100/g' /etc/ssh/sshd_config doas sed -i -e 's/.*PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config doas sed -i -e 's/.*PasswordAuthentication .*/PasswordAuthentication no/g' /etc/ssh/sshd_config doas sed -i -e 's/#ClientAliveInterval .*/ClientAliveInterval 120/g' /etc/ssh/sshd_config doas sed -i -e 's/#ClientAliveCountMax .*/ClientAliveCountMax 15/g' /etc/ssh/sshd_config doas sed -i -e 's/.*PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config doas sed -i -e 's/.*AuthorizedKeysFile .*/AuthorizedKeysFile .*/g' /etc/ssh/sshd_config doas dinitctl enable sshd ;; [Nn]*) ;; esac } ####################################################################### # Main Configure Section # ####################################################################### ######################################################################## # Configure Performance # ####################################################################### perfmserver() { printf "Setting up Server General file Ulimits.\n" do_setting "* soft nofile 65535" "$limitsconf" do_setting "* hard nofile 65535" "$limitsconf" do_setting "root soft nofile 65535" "$limitsconf" do_setting "root hard nofile 65535" "$limitsconf" do_setting "bdacus01 soft nofile 65535" "$limitsconf" do_setting "bdacus01 hard nofile 65535" "$limitsconf" printf "Setting up Server Sysctl file.\n" do_setting "net.core.somaxconn = 65536" "$sysctlconf" do_setting "net.ipv4.conf.all.log_martians = 1" "$sysctlconf" do_setting "net.ipv4.tcp_fin_timeout = 15" "$sysctlconf" do_setting "net.ipv4.tcp_rfc1337 = 1" "$sysctlconf" do_setting "net.ipv4.tcp_synack_retries = 3" "$sysctlconf" do_setting "net.ipv4.tcp_syncookies = 0" "$sysctlconf" do_setting "net.ipv4.tcp_syn_retries = 3" "$sysctlconf" do_setting "vm.swappiness = 1" "$sysctlconf" do_setting "kernel.printk = 3 4 1 3" "$sysctlconf" printf "Complete Reboot.\n" doreboot } ####################################################################### # Main Menu of Script # ####################################################################### clear archsetup_banner linebreak #Menus Starts here linebreak printf "Hostname: %s Host IP: %s \n" "$cur_hostname" "$serverip" linebreak cat <<"eot" ARTIX DESK SETUP MENU eot linebreak while true; do options=("Add Admin User" "Timezone" "Hostname" "Remove hosts" "Add hosts" "Update server" "Install Common Packages" "Harden Server" "Performance Tweaks" "Quit") printf "Choose an option: \n" select opt in "${options[@]}"; do case $REPLY in 1) addadminuser break ;; 2) settimezone break ;; 3) creathostname break ;; 4) removehosts break ;; 5) addhosts break ;; 6) serverupdate break ;; 7) installpreq break ;; 8) hardenserver break ;; 9) perfmserver break ;; 10) break 2 ;; *) echo "Invalid option. Try again." >&2 ;; esac done done if [ -d "$builddir" ]; then rm -rf $builddir fi mkdir $builddir if [ "$run" ]; then ${run} exit fi printf "Cleaning up build files, please wait...\n" cd ~ || exit rm -rf $builddir