From 6552b2f47c26a9a8d5b358b779f285bcb2880164 Mon Sep 17 00:00:00 2001
From: Mike Crute <mike@crute.us>
Date: Wed, 27 Dec 2017 21:06:55 +0000
Subject: Add bootstrap script

---
 bootstrap.sh | 141 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 141 insertions(+)
 create mode 100755 bootstrap.sh

diff --git a/bootstrap.sh b/bootstrap.sh
new file mode 100755
index 0000000..78efc68
--- /dev/null
+++ b/bootstrap.sh
@@ -0,0 +1,141 @@
+#!/bin/bash
+
+#if [[ "$(hostname -f)" =~ \.crute\.me$ ]]; then
+#    echo "This host appears to already be bootstrapped"
+#    exit 1
+#fi
+
+if [ ! -f "/etc/default/bootstrap" ]; then
+	cat > /etc/default/bootstrap <<EOF
+UNCONFIGURED="true"
+VM_HOST="false"
+SHORT_HOSTNAME=""
+AWS_ACCESS_KEY_ID=""
+AWS_SECRET_ACCESS_KEY=""
+REGION=""
+ROLE=""
+EOF
+	echo "Edit /etc/default/bootstrap and try again"
+	exit 1
+else
+	source /etc/default/bootstrap
+	if [ "$UNCONFIGURED" == "true" ]; then
+		echo "Edit /etc/default/boootstrap and try again"
+		exit 1
+	fi
+
+    if [ ! -z "$AWS_ACCESS_KEY_ID" ]; then
+        export AWS_ACCESS_KEY_ID
+    fi
+    if [ ! -z "$AWS_SECRET_ACCESS_KEY" ]; then
+        export AWS_SECRET_ACCESS_KEY
+    fi
+fi
+
+# Figure out the region if AWS or internal
+if [ -z "$REGION" ]; then
+    export REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | python3 -c "import json, sys; print(json.load(sys.stdin)['region'])")
+fi
+
+export DEBIAN_FRONTEND=noninteractive
+
+# Configure APT to use the local cache if there is one
+if [ "$REGION" = "sea1" ]; then
+    echo 'Acquire::http::Proxy "http://genesis.sea1.crute.me:3142";' >> /etc/apt/apt.conf
+fi
+
+# Get all the latest updates and remove junk
+apt-get update && apt-get dist-upgrade -y && apt-get autoremove --purge -y
+
+# Set hostname and network settings
+export HOSTNAME="${SHORT_HOSTNAME}.${REGION}.crute.me"
+
+if [[ "$(hostname -f)" != "$HOSTNAME" ]]; then
+    echo $SHORT_HOSTNAME > /etc/hostname
+    hostnamectl set-hostname $SHORT_HOSTNAME
+    systemctl restart systemd-logind.service
+fi
+
+# Setup /etc/hosts
+if ! grep "$HOSTNAME" /etc/hosts 2>&1 > /dev/null; then
+    sed -i "s/127.0.0.1 localhost/127.0.0.1 localhost\n127.0.1.1 ${HOSTNAME} ${SHORT_HOSTNAME}/" /etc/hosts
+fi
+
+# Setup /etc/resolv.conf
+if ! grep "search ${REGION}.crute.me" /etc/resolv.conf 2>&1 > /dev/null; then
+    sed -i "s/search .*/search ${REGION}.crute.me/" /etc/resolv.conf
+fi
+
+# Install standard packages
+apt-get install -y \
+    ssmtp \
+    iptables-persistent \
+    vim \
+    htop \
+    curl
+
+# If this is a KVM host setup KVM and bridge
+if [[ "$VM_HOST" == "true" ]]; then
+    apt-get install -y --no-install-recommends \
+        qemu-kvm \
+        libvirt-bin \
+        virtinst \
+        bridge-utils \
+        libosinfo-bin \
+        genisoimage \
+        qemu-utils \
+        unzip
+
+    MAIN_INTF=$(ip link | awk '/^2:/ { split($2, a, ":"); print a[1]; }')
+    sed -i -e "s/\(.*$MAIN_INTF.*\)/#\1/" /etc/network/interfaces
+
+    if ! grep 'auto br0' /etc/network/interfaces 2>&1>/dev/null; then
+    cat >> /etc/network/interfaces <<EOF
+
+auto br0
+iface br0 inet dhcp 
+    bridge_ports $MAIN_INTF
+    bridge_stp off
+    bridge_fd 0
+    bridge_maxwait 0
+EOF
+fi
+fi
+
+# Setup Automatic Updates
+sed -i 's/APT::Periodic::Download-Upgradeable-Packages "0";/APT::Periodic::Download-Upgradeable-Packages "1";/' /etc/apt/apt.conf.d/10periodic
+sed -i 's/APT::Periodic::AutocleanInterval "0";/APT::Periodic::AutocleanInterval "7";/' /etc/apt/apt.conf.d/10periodic 
+echo 'APT::Periodic::Unattended-Upgrade "1";' >> /etc/apt/apt.conf.d/10periodic
+sed -i 's#//Unattended-Upgrade::Mail "root";#Unattended-Upgrade::Mail "mike@crute.us";#' /etc/apt/apt.conf.d/50unattended-upgrades
+echo -e '\nUnattended-Upgrade::Sender "updates-no-reply@crute.me";' >> /etc/apt/apt.conf.d/50unattended-upgrades
+sed -i 's#//Unattended-Upgrade::MailOnlyOnError "true";#Unattended-Upgrade::MailOnlyOnError "false";#' /etc/apt/apt.conf.d/50unattended-upgrades
+
+# Setup mcrute user
+if ! id mcrute 2>&1>/dev/null; then
+    useradd -p '$6$qOlvVfUc$Ij86v15mQnvoPSv1KCStgEBCLvrbLLp6hszvvs857yTGfJ.tu4Qm1u1GONeJayfNAVEOF1CV9mClTlnuiR5KU.' -m -s /bin/bash -G sudo mcrute
+    mkdir ~mcrute/.ssh
+    cat > ~mcrute/.ssh/authorized_keys <<EOF
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/XsFRMvZVDrWEz3/Ssvh+yeTEhlEVRXSJIaOmMzoDAm+XZ17dOwjpj25MqGmYt/60n5rKRBj5GyoaURrPi/s4ml+VLeVY0OsR22Vv5zSB4fY5SZtPhHqti5sNA07SvbFI905BUF6kn6G6SVlQMruXqdi9ALJkxiCaz1gR7+cwk9CoFXtQRtlo6l99Y2TWfvt/BwUiZWbFmESIOXHmkpaFOuptnqpprDz0mLzmebQyscu6vqpDsu/dOC/VAmECyJZxAgMR2KX9B3ytCvIA7DMqNKFJSaRGhkX0Dh6giitxz711CcoGw0Qt0wA4koe3VH0Ozf9zYFY7UpxohpljzAJx mcrute@yubikey
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCT/+YbYVS1eJ+ah6BjVA1gU31kKZGhlmqXfi9CBeJNmgO9DC9q9zOZkkT4ULSe0w3xKMIOxPzLAkarA/ErmqaEcc4PMPb3BxX2l1VktqE9GLpjmGX9TFvqsXr4D5axYiaQveuNkaJDZS4O7Wl68zb9WAuCqrYgK7hm5SBkcRkGsbWbDMo6VH7u4vzUQuc7Cch4BI6Tpbv3B98sCpVXVNdz/pb/p0j21S4qpV2MELCtSBAGEVPBfnGa7tSmDfenIr0KfGiYIeX0KC5ZJSKrqqzJqF8BYmp2ooWwWivFYtk08hfDxiJ23AsiLLMuA2WJ11X5TJJYg4z4b51UMJ8SRXgR mcrute@yubikey2
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNw8DoEsevMj7UhtcAqaCmO9h+baMkbiE3KJsi5iZWVAlqRZIgYisBGfmOdrkt0N3yKG9Gqg/DEEw4PWWul+k/O+zkWd/jVvaqVNyQnoNOdPAa3oGr39agMd30bOrYtHP3Lzaajn3cwaT7E+F05lw0+IIXV1TwSa0GzxqAYq+2raSXQsQWkzVFsU+DuxgBE9F2ieqOw6rvxdT/cVjnBZD/zmj6WnwM7qgylPvt9AOtsvq6MYoMOwOK41ilG8M2Cay/NXAr+o1g2y+cBt4s5YVzkxQ6Lub9Gusj0QgolQ5wJj7W+GqfzY5kndDOIuaiLDk3mI9/kAB8Ws0PYOhXTP/ mcrute@Michaels-MacBook-Pro.local
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCoJRoSmMAqsQYYcQLYpSUngcVNtBrYxmM45hN974LoStoDXzW+qw0hOIqTU2GH93XmTC1HSIgMWTen9zNWuIaqADdt5obVmBPrOdpkwaPJ1zayykA5MHN8+8lYVkZ86b7hjy0NwnhlrkAyPQ9C30nQDlzw/AqOYiURwCK/20+slgvCpd5LYwBZndbwILg5EoEqpEksUxjzgRQzM6t1q0vzzige4jyE5jNKgsFJ2fajZq7yShweLuz2D4vHClwlgN9dY3oF25C8EWjwT8sfC2AK1Qlc/vYCwq6NoxOSiifPlo8Wiltr7WAqIQSUwzzXdpBm3F8lV0aYPLxKJRWq0ntOJg/z73oRE+cRUvzyqWn96OzKMIQWwDcRlKxemiv/i57Sm+cYg1wxjKJfWjrUOchBWfOIspk7kmaJsuhN26WNkNWbWYl5/pY7yPiZhqm2Th9vgOH4Rk0HTy25zZyT7EZoljyYpRLtrBVOWpXK7LN33v2Qdm2m2ctWfQytsj5s8Y6uPOR9uwVahnCou8M6YQhz5n6bsIfLhLDBpUvQL+9ONM9FsFMFk9RuhbsA3jbxeeuwqPkMmY27it5hbkVGpKd0M9Zv+JSvKtA2/agl/6zVhm+/TplHNBhj3B2uGe/3LakdxeVP3cyde8QcfyAQMRr+CE7NSFzETYj6Yvg3z24FuQ== mcrute@iphone6
+EOF
+    chmod 644 ~mcrute/.ssh/authorized_keys
+    chown -R mcrute:mcrute ~mcrute/.ssh
+    chmod 700 ~mcrute/.ssh
+fi
+
+# Setup SSMTP
+curl -sO https://code.crute.me/mcrute/dotfiles/plain/bin/configure_ssmtp.sh
+chmod +x configure_ssmtp.sh
+./configure_ssmtp.sh
+rm configure_ssmtp.sh
+
+# Clean out default user
+rm /etc/sudoers.d/90-cloud-init-users
+userdel -rf ubuntu
+
+# Reboot to apply updates
+echo "Reboot in 10 seconds"
+sleep 10
+shutdown -r now
-- 
cgit v1.2.3