This repository was archived by the owner on Mar 10, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbootstrap.sh
More file actions
96 lines (82 loc) · 2.43 KB
/
bootstrap.sh
File metadata and controls
96 lines (82 loc) · 2.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#!/bin/bash
APP_NAME=wiedii
APP_USER=$APP_NAME
APP_GROUP=$APP_USER
APP_SUBDIR=$APP_NAME
APP_USER_HOME=/home/$APP_USER
APP_ROOT=$APP_USER_HOME/$APP_SUBDIR
APP_GIT="https://github.com/vemarsas/wiedii.git"
APP_BRANCH=${1:-'main'}
export DEBIAN_FRONTEND=noninteractive
install_conffiles() {
cd $APP_ROOT
cd doc/sysadm/examples
install -bvC -m 440 etc/sudoers /etc/
}
setup_initial() {
apt-get update
apt-get -y upgrade
apt-get -y install sudo git-core openssh-server curl vim-nox mc
adduser --system --shell /bin/bash --home $APP_USER_HOME --group $APP_USER && \
echo "$APP_USER:$APP_USER" | chpasswd
su - $APP_USER -c "
if [ -d $APP_SUBDIR ]; then
cd $APP_SUBDIR
git remote set-url origin $APP_GIT
git pull --ff-only origin $APP_BRANCH || true
else
git clone -b $APP_BRANCH $APP_GIT
# HTTPS passwords have been disabled by GitHub, allow at least to store tokens...
git config --global credential.helper store
fi
"
install_conffiles # including sudoers
# Raspbian section
# Disable pi user, with its insecure default password...
if id -u pi 2> /dev/null; then # DO not show missing user error here...
echo "Would you like to disable pi user? (y/n)"
read answer
if [[ $answer == y ]] ; then
if id -u $APP_USER > /dev/null; then # ...but so show it here!
echo 'Disabling/locking user "pi" (Raspberry) for security reasons.'
echo "We have the user '$APP_USER' instead."
passwd -l pi
fi
else
echo "Change default password for security reasons"
sudo passwd pi
fi
#clone groups from pi to APP_USER
SRC=pi
DEST=$APP_USER
SRC_GROUPS=$(groups ${SRC})
NEW_GROUPS=""
i=0
for gr in $SRC_GROUPS
do
if [ $i -gt 2 ]
then
if [ -z "$NEW_GROUPS" ];
then NEW_GROUPS=$gr;
else NEW_GROUPS="$NEW_GROUPS,$gr"; adduser $APP_USER $gr;
fi
fi
(( i++ ))
done
echo "User $APP_USER added to the following groups: $NEW_GROUPS"
fi
# Apparently not enabled by default on Raspbian
# TODO: make it optional in order to be security-paranoid?
systemctl start ssh
systemctl enable ssh
}
setup_core() {
echo " Installing core functionality..."
cd $APP_ROOT
bash etc/scripts/platform/debian/setup.sh $APP_ROOT $APP_USER
}
run() {
setup_initial | tee -a /var/log/${APP_NAME}_install.log
setup_core | tee -a /var/log/${APP_NAME}_install.log
}
run