diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2020-08-08 08:20:02 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2020-08-08 08:20:02 -0300 |
| commit | 95ea9cb8201966f4dee8c115a509b259c00bef82 (patch) | |
| tree | b2aa98c117df50c4286ce62a950bfc0d6167df0c /share | |
| parent | f642dbd7057a2805152129bf8403a7e84a722ee0 (diff) | |
| download | kvmx-95ea9cb8201966f4dee8c115a509b259c00bef82.tar.gz kvmx-95ea9cb8201966f4dee8c115a509b259c00bef82.tar.bz2 | |
Provision: adds basic profile
Diffstat (limited to 'share')
| -rwxr-xr-x | share/provision/basic | 99 | ||||
| -rwxr-xr-x | share/provision/development | 87 |
2 files changed, 103 insertions, 83 deletions
diff --git a/share/provision/basic b/share/provision/basic new file mode 100755 index 0000000..8dc331d --- /dev/null +++ b/share/provision/basic @@ -0,0 +1,99 @@ +#!/usr/bin/env bash +# +# Basic provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Ensure we're in the home folder +cd + +# Dependencies +echo "Installing basic dependencies..." +$APT_INSTALL git curl make wipe man zsh || exit 1 + +# Set user shell +if [ -x "/bin/zsh" ]; then + sudo chsh -s /bin/zsh `whoami` +fi + +# Tools +if [ ! -e "apps/infection" ]; then + rm -rf apps + git clone --recursive https://git.fluxo.info/rhatto/apps + apps/infection init +else + echo "Updating locally-installed apps and dotfiles..." + apps/infection fetch + apps/infection merge + apps/metadot/metadot fetch + apps/metadot/metadot merge +fi + +# Load basic config +apps/metadot/metadot load-bundle console +apps/metadot/metadot deps-bundle console + +# Install hydra system-wide +apps/hydra/hydractl install + +# Install trashman system-wide +sudo apps/trashman/trashman install trashman + +# Upgrade +if which hydractl &> /dev/null; then + hydractl upgrade +else + sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get autoremove -y && sudo apt-get clean || exit 1 +fi + +# +# System tuning +# + +# Configure some system behavior using trashman +sudo apps/trashmah/trashman install swapfile +sudo apps/trashmah/trashman install grub-serial-console + +# Security +sudo sysctl kernel.unprivileged_bpf_disabled=1 +echo "kernel.unprivileged_bpf_disabled=1" | sudo tee /etc/sysctl.d/kernel.unprivileged_bpf_disabled.conf > /dev/null + +# Configuring APT +sudo apt-get update +$APT_INSTALL apt-transport-https || exit 1 +sudo sed -i -e "s|http://http.debian.net|https://deb.debian.org|g" /etc/apt/sources.list || exit 1 +sudo sed -i -e "s|http://deb.debian.org|https://deb.debian.org|g" /etc/apt/sources.list || exit 1 +sudo sed -i -e "s|main$|main contrib non-free|g" /etc/apt/sources.list || exit 1 + +# GRUB timeout +if ! grep -q "GRUB_TIMEOUT=1" /etc/default/grub; then + sudo sed -i -e 's|GRUB_TIMEOUT=5|GRUB_TIMEOUT=1|' /etc/default/grub + sudo update-grub +fi + +# Fstrim +# See https://pve.proxmox.com/wiki/Shrink_Qcow2_Disk_Files +sudo fstrim -av +sudo sync diff --git a/share/provision/development b/share/provision/development index ccfb9c6..bb2f890 100755 --- a/share/provision/development +++ b/share/provision/development @@ -26,91 +26,12 @@ DOMAIN="$2" MIRROR="$3" APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" +# Provision the basic stuff +$DIRNAME/basic $HOSTNAME $DOMAIN $MIRROR + # Ensure we're in the home folder cd -# Security -sudo sysctl kernel.unprivileged_bpf_disabled=1 -echo "kernel.unprivileged_bpf_disabled=1" | sudo tee /etc/sysctl.d/kernel.unprivileged_bpf_disabled.conf > /dev/null - -# Configuring APT -sudo apt-get update -$APT_INSTALL apt-transport-https || exit 1 -sudo sed -i -e "s|http://http.debian.net|https://deb.debian.org|g" /etc/apt/sources.list || exit 1 -sudo sed -i -e "s|http://deb.debian.org|https://deb.debian.org|g" /etc/apt/sources.list || exit 1 -sudo sed -i -e "s|main$|main contrib non-free|g" /etc/apt/sources.list || exit 1 - -# Upgrade -if which hydractl &> /dev/null; then - hydractl upgrade -else - sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get autoremove -y && sudo apt-get clean || exit 1 -fi - -# Dependencies -echo "Installing basic dependencies..." -$APT_INSTALL git curl make wipe man || exit 1 - -# Tools -if [ ! -e "apps/infection" ]; then - rm -rf apps - git clone --recursive https://git.fluxo.info/rhatto/apps - apps/infection init -else - echo "Updating locally-installed apps and dotfiles..." - apps/infection fetch - apps/infection merge - apps/metadot/metadot fetch - apps/metadot/metadot merge -fi - +# Load development config apps/metadot/metadot load-bundle development apps/metadot/metadot deps-bundle development - -# Set user shell -if [ -x "/bin/zsh" ]; then - sudo chsh -s /bin/zsh `whoami` -fi - -# Install hydra system-wide -apps/hydra/hydractl install - -# Install trashman system-wide -sudo apps/trashman/trashman install trashman - -# Hibernation support -# https://wiki.archlinux.org/index.php/Swap#Swap_file -# https://wiki.archlinux.org/index.php/Uswsusp -if ! grep -q "/swapfile" /etc/fstab; then - echo "Configuring hibernation..." - sudo fallocate -l 2G /swapfile - sudo chmod 600 /swapfile - sudo mkswap /swapfile - sudo swapon /swapfile - echo "/swapfile none swap defaults 0 0" | sudo tee -a /etc/fstab > /dev/null - $APT_INSTALL uswsusp - echo "RESUME=/swapfile" | sudo tee /etc/initramfs-tools/conf.d/resume > /dev/null - sudo update-initramfs -u -fi - -# GRUB timeout -if ! grep -q "GRUB_TIMEOUT=1" /etc/default/grub; then - sudo sed -i -e 's|GRUB_TIMEOUT=5|GRUB_TIMEOUT=1|' /etc/default/grub - sudo update-grub -fi - -# Serial console support for VMs not created by a recent kvmx-create -if ! grep -q "GRUB_TERMINAL=serial" /etc/default/grub; then - # Serial console support - echo '' | sudo tee -a /etc/default/grub > /dev/null - echo '# Custom configuration' | sudo tee -a /etc/default/grub > /dev/null - echo 'GRUB_TERMINAL=serial' | sudo tee -a /etc/default/grub > /dev/null - echo 'GRUB_SERIAL_COMMAND="serial --speed=115200"' | sudo tee -a /etc/default/grub > /dev/null - echo 'GRUB_CMDLINE_LINUX="console=ttyS0,115200n8"' | sudo tee -a /etc/default/grub > /dev/null - sudo update-grub -fi - -# Fstrim -# See https://pve.proxmox.com/wiki/Shrink_Qcow2_Disk_Files -sudo fstrim -av -sudo sync |