diff --git a/debian/setup.sh b/centos/setup.sh similarity index 51% rename from debian/setup.sh rename to centos/setup.sh index 69cf39f..308c46a 100644 --- a/debian/setup.sh +++ b/centos/setup.sh @@ -1,13 +1,19 @@ #!/bin/sh +echo "Packages" +yum update -y +yum install -y vim git zsh curl wget sudo policycoreutils-python + +# sanoid +yum install -y perl-Config-IniFiles perl-Data-Dumper perl-Capture-Tiny lzop mbuffer mhash pv + +cat << EOT >> /etc/sudoers +# +# configured by the script +# +Defaults rootpw +EOT -# PACKAGES -echo "Setting up packages..." -cp /etc/apt/sources.list /etc/apt/sources.list.backup -cat /etc/apt/sources.list.backup | sed -E 's/deb(.*)/deb\1 contrib non-free/g' > /etc/apt/sources.list -apt-get update -apt-get upgrade -apt-get install -y vim git wget curl sudo # SSH KEY mkdir /home/quackerd/.ssh @@ -19,8 +25,40 @@ chown quackerd:quackerd /home/quackerd/.ssh/authorized_keys chmod 700 /home/quackerd/.ssh chmod 644 /home/quackerd/.ssh/authorized_keys +# DOCKER +echo "Setting up docker..." +yum-config-manager \ + --add-repo \ + https://download.docker.com/linux/centos/docker-ce.repo +yum update +yum install -y docker +systemctl enable docker +systemctl start docker + +curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose +chmod +x /usr/local/bin/docker-compose +ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose + +# KVM +yum -y groupinstall 'Virtualization Host' +yum install -y virt-manager xauth +systemctl start libvirtd +systemctl enable libvirtd + +# zfs +yum install -y http://download.zfsonlinux.org/epel/zfs-release.el7_6.noarch.rpm +yum update + +# cockpit +yum -y install cockpit +systemctl enable cockpit +systemctl start cockpit +# disable root for cockpit +sed -i '1s/^/auth requisite pam_succeed_if.so uid >= 1000\n/' /etc/pam.d/cockpit + # SSHD echo "Setting up sshd..." +semanage port -a -t ssh_port_t -p tcp 77 cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup cat /etc/ssh/sshd_config.backup | \ sed -E 's/#+PermitRootLogin.*/PermitRootLogin no/g' | \ @@ -39,32 +77,16 @@ Match address 129.97.75.0/24 PasswordAuthentication yes EOT +systemctl restart sshd -# DOCKER -echo "Setting up docker..." -apt-get install -y \ - apt-transport-https \ - ca-certificates \ - curl \ - gnupg2 \ - software-properties-common - -add-apt-repository \ - "deb [arch=amd64] https://download.docker.com/linux/debian \ - $(lsb_release -cs) \ - stable" - -apt-get update -apt-get install docker-ce docker-compose -systemctl enable docker -systemctl start docker - -# KVM -apt -y install qemu-kvm libvirt-daemon bridge-utils virtinst libvirt-daemon-system virt-manager - -# zfs -apt -y install zfs-dkms - -# cockpit -apt -y install cockpit +# firewall +echo "Setting up firewall..." +cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/ssh.xml +cat /usr/lib/firewalld/services/ssh.xml | sed -E 's/port=\".*\"(.*)/port=\"77\"\1/g' > /etc/firewalld/services/ssh.xml +firewall-cmd --reload +firewall-cmd --permanent --add-service=ssh --add-service=http --add-service=https +firewall-cmd --permanent --remove-service=dhcpv6-client +firewall-cmd --reload +echo "==========================================================================" +echo "ZFS KABI-tracking requires manual configuration"