-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetup
executable file
·86 lines (71 loc) · 2.32 KB
/
setup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/bin/bash
# Temporarily remove -e, as errors in the first setup scripts
# (not affecting the functionality, and still unclear in the details)
# prevent the openvpn one from being executed.
# set -e
ONBOARD_USER=onboard
ONBOARD_GROUP=$ONBOARD_USER
ONBOARD_ROOT=/home/$ONBOARD_USER/onboard
ONBOARD_GIT="https://github.com/vemarsas/onboard.git"
apt-get update
apt-get -y upgrade
apt-get -y install sudo git-core openssh-server curl vim-nox mc
install_conffiles() {
cd $ONBOARD_ROOT
cd doc/sysadm/examples
install -bvC -m 440 etc/sudoers /etc/
}
adduser --system --shell /bin/bash --group $ONBOARD_USER && \
echo "$ONBOARD_USER:$ONBOARD_USER" | chpasswd
su - $ONBOARD_USER -c "
if [ -d onboard ]; then
cd onboard
git remote set-url origin $ONBOARD_GIT
git pull --ff-only origin margay || true
else
git clone -b margay $ONBOARD_GIT
fi
"
install_conffiles # including sudoers
cd $ONBOARD_ROOT
bash etc/scripts/platform/debian/setup.sh $ONBOARD_ROOT $ONBOARD_USER
bash modules/openvpn/etc/scripts/platform/debian/setup.sh $ONBOARD_ROOT $ONBOARD_USER
# Raspbian section
# Disable pi user, with its insecure default password...
if id -u pi 2> /dev/null; then # DO not show missing user error here...
echo "Would you like to disable pi user? (y/n)"
read answer
if [[ $answer == y ]] 2> /dev/null; then
if id -u $ONBOARD_USER > /dev/null; then # ...but so show it here!
echo 'Disabling/locking user "pi" (Raspberry) for security reasons.'
echo "We have the user '$ONBOARD_USER' instead."
passwd -l pi
fi
else
echo "Change default password for security reasons"
sudo passwd pi
fi
#clone groups from pi to ONBOARD_USER
SRC=pi
DEST=$ONBOARD_USER
SRC_GROUPS=$(groups ${SRC})
SRC_SHELL=$(awk -F : -v name=${SRC} '(name == $1) { print $7 }' /etc/passwd) #skip first 3 entries: this will be "username", ":", "defaultgroup"
NEW_GROUPS=""
i=0
for gr in $SRC_GROUPS
do
if [ $i -gt 2 ]
then
if [ -z "$NEW_GROUPS" ];
then NEW_GROUPS=$gr;
else NEW_GROUPS="$NEW_GROUPS,$gr"; adduser $ONBOARD_USER $gr;
fi
fi
(( i++ ))
done
echo "User $ONBOARD_USER added to the following groups: $NEW_GROUPS"
fi
# Apparently not enabled by default on Raspbian
# TODO: make it optional in order to be security-paranoid?
systemctl start ssh
systemctl enable ssh