From 1afd2ea2e4407705d914eed7d1f96e06dc5ab421 Mon Sep 17 00:00:00 2001
From: Christian Heller <c.heller@plomlompom.de>
Date: Wed, 25 Sep 2024 04:01:40 +0200
Subject: [PATCH] Some more updates.

---
 bookworm/setup_scripts/_setup.sh              |  1 +
 bookworm/setup_scripts/copy_dirtree.sh        |  1 +
 .../init_user_and_keybased_login.sh           | 51 +++++++++++++++++++
 bookworm/setup_scripts/init_user_login.sh     | 11 ++--
 bookworm/setup_scripts/migrate_borg.sh        |  1 +
 bookworm/setup_scripts/mirror_dir.sh          |  1 +
 bookworm/setup_scripts/misc.sh                | 10 ----
 .../setup_scripts/prepare_to_meet_server.sh   |  1 +
 .../setup_scripts/set_hostname_and_fqdn.sh    |  1 +
 bookworm/setup_scripts/setup_desktop.sh       |  1 +
 bookworm/setup_scripts/setup_home.sh          |  1 +
 bookworm/setup_scripts/setup_nvidia.sh        | 24 +++++++++
 bookworm/setup_scripts/setup_server.sh        |  1 +
 .../setup_scripts/setup_static_website.sh     |  1 +
 bookworm/setup_scripts/setup_web.sh           |  1 +
 .../setup_scripts/upgrade_from_bullseye.sh    | 11 ++++
 .../init_user_and_keybased_login.sh           | 18 +++----
 bullseye/setup_scripts/init_user_login.sh     | 20 +++-----
 misc.sh                                       | 16 ++++++
 19 files changed, 129 insertions(+), 43 deletions(-)
 create mode 100755 bookworm/setup_scripts/init_user_and_keybased_login.sh
 create mode 100755 bookworm/setup_scripts/setup_nvidia.sh
 create mode 100644 bookworm/setup_scripts/upgrade_from_bullseye.sh
 create mode 100644 misc.sh

diff --git a/bookworm/setup_scripts/_setup.sh b/bookworm/setup_scripts/_setup.sh
index 0c28d60..1b8cae2 100755
--- a/bookworm/setup_scripts/_setup.sh
+++ b/bookworm/setup_scripts/_setup.sh
@@ -1,6 +1,7 @@
 #!/bin/sh
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_n_args 2 "(hostname, FQDN)" "$@"
 hostname="$1"
diff --git a/bookworm/setup_scripts/copy_dirtree.sh b/bookworm/setup_scripts/copy_dirtree.sh
index 2c385f0..387ba39 100755
--- a/bookworm/setup_scripts/copy_dirtree.sh
+++ b/bookworm/setup_scripts/copy_dirtree.sh
@@ -9,6 +9,7 @@
 # CAUTION: This removes original files at the affected paths.
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_n_args 3 "(source root, target root, modules)" "$@"
 
diff --git a/bookworm/setup_scripts/init_user_and_keybased_login.sh b/bookworm/setup_scripts/init_user_and_keybased_login.sh
new file mode 100755
index 0000000..3f73562
--- /dev/null
+++ b/bookworm/setup_scripts/init_user_and_keybased_login.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+# This script turns a fresh server with password-based root access into
+# one of only key-based access and only to new non-root account plom.
+#
+# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
+# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
+# contains the local ~/.ssh/id_rsa.pub, and also any old
+# /etc/ssh/sshd_config.
+#
+# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly
+# configured sshd_config file in reach.
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 1 "(server)" "$@"
+server="$1"
+linkable_files_dir="${config_tree_prefix}/etc_files/server"
+system_path_sshd_config='/etc/ssh/sshd_config'
+# has "PermitRootLogin no" and "PasswordAuthentication no".
+local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
+
+# This will be used to log-in as root from plom account.
+echo 'First, enter the old root password; then enter new password twice.'
+ssh root@"${server}" "passwd"
+
+# Save root password for sshpass
+stty -echo
+printf "Re-enter new server root password: "
+read PW_ROOT
+stty echo
+printf "\n"
+export SSHPASS="${PW_ROOT}"
+
+# Create user plom, and his ~/.ssh/authorized_keys based on the local
+# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and
+# ownerships. Then disable root and pw login by copying over the
+# sshd_config and restart ssh daemon.
+#
+# This could be a line or two shorter by using ssh-copy-id, but that
+# would require setting a password for user plom otherwise not needed.
+sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys
+sshpass -e ssh root@"${server}" \
+        'useradd -m plom && '\
+        'mkdir /home/plom/.ssh && '\
+        'chown plom:plom /home/plom/.ssh && '\
+        'chown plom:plom /tmp/authorized_keys && '\
+        'chmod u=rw,go= /tmp/authorized_keys && '\
+        'mv /tmp/authorized_keys /home/plom/.ssh/'
+sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
+sshpass -e ssh root@"${server}" 'service ssh restart'
diff --git a/bookworm/setup_scripts/init_user_login.sh b/bookworm/setup_scripts/init_user_login.sh
index 820b5ab..a0652eb 100755
--- a/bookworm/setup_scripts/init_user_login.sh
+++ b/bookworm/setup_scripts/init_user_login.sh
@@ -1,6 +1,4 @@
 #!/bin/sh
-# This script assumes a server with key-based root access into one of
-# key-based access only to a new non-root account plom.
 #
 # CAUTION: This is optimized for a *fresh* setup. It will overwrite any
 # old /etc/ssh/sshd_config.
@@ -8,16 +6,15 @@
 # Dependencies: ssh, scp, properly configured sshd_config file in reach.
 set -e
 . ./misc.sh
+. ../../misc.sh
 
-# Location of an sshd_config with "PermitRootLogin no" and
-# "PasswordAuthentication no".
+expect_n_args 1 "(server)" "$@"
+server="$1"
 linkable_files_dir="${config_tree_prefix}/etc_files/server"
 system_path_sshd_config='/etc/ssh/sshd_config'
+# has "PermitRootLogin no" and "PasswordAuthentication no".
 local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
 
-expect_n_args 1 "(server)" "$@"
-server="$1"
-
 # If we already knew that host …
 ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
 
diff --git a/bookworm/setup_scripts/migrate_borg.sh b/bookworm/setup_scripts/migrate_borg.sh
index 4409c86..65ae67d 100755
--- a/bookworm/setup_scripts/migrate_borg.sh
+++ b/bookworm/setup_scripts/migrate_borg.sh
@@ -1,6 +1,7 @@
 #!/bin/sh
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_n_args 1 "(old server IP)" "$@"
 old_server="$1"
diff --git a/bookworm/setup_scripts/mirror_dir.sh b/bookworm/setup_scripts/mirror_dir.sh
index 0660142..aef69f1 100755
--- a/bookworm/setup_scripts/mirror_dir.sh
+++ b/bookworm/setup_scripts/mirror_dir.sh
@@ -2,6 +2,7 @@
 # Mirror directory tree from remote to local server, keeping the path.
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_n_args 2 "(server, directory)" "$@"
 server=$1
diff --git a/bookworm/setup_scripts/misc.sh b/bookworm/setup_scripts/misc.sh
index 4aad4a4..30f8e8c 100644
--- a/bookworm/setup_scripts/misc.sh
+++ b/bookworm/setup_scripts/misc.sh
@@ -9,16 +9,6 @@ fi
 setup_scripts_dir="${config_tree_prefix}/setup_scripts"
 aptmark_dir="${config_tree_prefix}/apt-mark"
 
-expect_n_args() {
-    min_args="$1"
-    explainer="$2"
-    shift 2
-    if [ "$#" -lt "${min_args}" ]; then
-        echo "Need at least ${1} arguments … ${explainer}"
-        false
-    fi
-}
-
 expect_setup_finished_file() {
     filename="$1"
     setup_script="$2"
diff --git a/bookworm/setup_scripts/prepare_to_meet_server.sh b/bookworm/setup_scripts/prepare_to_meet_server.sh
index d8e4e83..5f55362 100755
--- a/bookworm/setup_scripts/prepare_to_meet_server.sh
+++ b/bookworm/setup_scripts/prepare_to_meet_server.sh
@@ -2,6 +2,7 @@
 # Do some of the steps necessary to SSH (key-based) with another server.
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_n_args 1 "(server IP)" "$@"
 target="$1"
diff --git a/bookworm/setup_scripts/set_hostname_and_fqdn.sh b/bookworm/setup_scripts/set_hostname_and_fqdn.sh
index b367906..bcf3d9d 100755
--- a/bookworm/setup_scripts/set_hostname_and_fqdn.sh
+++ b/bookworm/setup_scripts/set_hostname_and_fqdn.sh
@@ -14,6 +14,7 @@
 # Ignores IPv6s.
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_n_args 1 "(hostname, fqdn)" "$@"
 
diff --git a/bookworm/setup_scripts/setup_desktop.sh b/bookworm/setup_scripts/setup_desktop.sh
index a617e0e..2eb19b3 100755
--- a/bookworm/setup_scripts/setup_desktop.sh
+++ b/bookworm/setup_scripts/setup_desktop.sh
@@ -1,6 +1,7 @@
 #!/bin/sh
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_n_args 1 "(system name)" "$@"
 get_system_name_arg "$1"
diff --git a/bookworm/setup_scripts/setup_home.sh b/bookworm/setup_scripts/setup_home.sh
index 6467ef9..a065bd4 100755
--- a/bookworm/setup_scripts/setup_home.sh
+++ b/bookworm/setup_scripts/setup_home.sh
@@ -1,6 +1,7 @@
 #!/bin/sh
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_n_args 1 "(system name)" "$@"
 get_system_name_arg "$1"
diff --git a/bookworm/setup_scripts/setup_nvidia.sh b/bookworm/setup_scripts/setup_nvidia.sh
new file mode 100755
index 0000000..d05c8d1
--- /dev/null
+++ b/bookworm/setup_scripts/setup_nvidia.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+set -e
+. ./misc.sh
+
+# Set up NVIDIA eGPU config.
+cd
+# git clone https://github.com/NVIDIA/open-gpu-kernel-modules
+# cd open-gpu-kernel-modules
+# git checkout 337e28e
+# # git checkout 4c29105335610933e744f4ab2524ea63fc39edaf
+# make modules -j$(nproc)
+# make modules_install
+# cd
+driver_version=535.86.05
+# driver_version=545.29.06
+runscript=NVIDIA-Linux-x86_64-${driver_version}.run
+# wget https://us.download.nvidia.com/XFree86/Linux-x86_64/${driver_version}/${runscript}
+set +e
+rmmod nouveau
+set -e
+chmod u+x ${runscript} 
+./${runscript} --no-kernel-modules --silent
+depmod
+# TODO I suspect that the GPU falling of the bus may be mildened by running nvidia-persistenced, check https://github.com/NVIDIA/nvidia-persistenced/tree/main/init  
diff --git a/bookworm/setup_scripts/setup_server.sh b/bookworm/setup_scripts/setup_server.sh
index e77d17f..43d5cc0 100755
--- a/bookworm/setup_scripts/setup_server.sh
+++ b/bookworm/setup_scripts/setup_server.sh
@@ -3,6 +3,7 @@
 # the outside via ./init_user_login.sh.
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_n_args 2 "(hostname, FQDN)" "$@"
 hostname="$1"
diff --git a/bookworm/setup_scripts/setup_static_website.sh b/bookworm/setup_scripts/setup_static_website.sh
index 1ab6a18..bdfb7d3 100755
--- a/bookworm/setup_scripts/setup_static_website.sh
+++ b/bookworm/setup_scripts/setup_static_website.sh
@@ -1,6 +1,7 @@
 #!/bin/sh
 set -e
 . ./misc.sh
+. ../../misc.sh
 
 expect_setup_finished_file setup_web_has_been_run setup_web.sh
 
diff --git a/bookworm/setup_scripts/setup_web.sh b/bookworm/setup_scripts/setup_web.sh
index c9cc0ac..d7c651f 100755
--- a/bookworm/setup_scripts/setup_web.sh
+++ b/bookworm/setup_scripts/setup_web.sh
@@ -1,6 +1,7 @@
 #!/bin/sh
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_setup_finished_file setup_server_has_been_run setup_server.sh
 
diff --git a/bookworm/setup_scripts/upgrade_from_bullseye.sh b/bookworm/setup_scripts/upgrade_from_bullseye.sh
new file mode 100644
index 0000000..2349b30
--- /dev/null
+++ b/bookworm/setup_scripts/upgrade_from_bullseye.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+apt update
+apt -y upgrade
+apt -y full-upgrade
+path_sources_list="/etc/apt/sources.list"
+cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}"
+apt clean
+apt update
+apt -y upgrade
+apt --force-yes full-upgrade
+apt -y autoremove
diff --git a/bullseye/setup_scripts/init_user_and_keybased_login.sh b/bullseye/setup_scripts/init_user_and_keybased_login.sh
index f237a84..a70c3ee 100755
--- a/bullseye/setup_scripts/init_user_and_keybased_login.sh
+++ b/bullseye/setup_scripts/init_user_and_keybased_login.sh
@@ -10,21 +10,15 @@
 # Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly
 # configured sshd_config file in reach.
 set -e
+. ./misc.sh
+. ../../misc.sh
 
-# Location of an sshd_config with "PermitRootLogin no" and
-# "PasswordAuthentication no".
-config_tree_prefix="${HOME}/public_repos/config/bullseye"
-linkable_files_dir="${config_tree_prefix}/etc_files/server"
-system_path_sshd_config='/etc/ssh/sshd_config'
-local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
-
-# Ensure we have a server name as argument.
-if [ $# -eq 0 ]; then
-    echo "Need server as argument."
-    false
-fi
+expect_n_args 1 "(server)" "$@"
 server="$1"
 
+# If we already knew that host …
+ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
+
 # This will be used to log-in as root from plom account.
 echo 'First, enter the old root password; then enter new password twice.'
 ssh root@"${server}" "passwd"
diff --git a/bullseye/setup_scripts/init_user_login.sh b/bullseye/setup_scripts/init_user_login.sh
index 21a8062..35abb90 100755
--- a/bullseye/setup_scripts/init_user_login.sh
+++ b/bullseye/setup_scripts/init_user_login.sh
@@ -1,27 +1,19 @@
 #!/bin/sh
-# This script assumes a server with key-based root access into one of
-# key-based access only to a new non-root account plom.
 #
 # CAUTION: This is optimized for a *fresh* setup. It will overwrite any
 # old /etc/ssh/sshd_config.
 #
 # Dependencies: ssh, scp, properly configured sshd_config file in reach.
 set -e
+. ./misc.sh
+. ../../misc.sh
 
-# Location of an sshd_config with "PermitRootLogin no" and
-# "PasswordAuthentication no".
-config_tree_prefix="${HOME}/public_repos/config/bullseye"
-linkable_files_dir="${config_tree_prefix}/etc_files/server"
-system_path_sshd_config='/etc/ssh/sshd_config'
-local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
-
-# Ensure we have a server name as argument.
-if [ $# -eq 0 ]; then
-    echo "Need server as argument."
-    false
-fi
+expect_n_args 1 "(server)" "$@"
 server="$1"
 
+# If we already knew that host …
+ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
+
 # So we're only asked once …
 eval $(ssh-agent)
 ssh-add
diff --git a/misc.sh b/misc.sh
new file mode 100644
index 0000000..adf8e1b
--- /dev/null
+++ b/misc.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+linkable_files_dir="${config_tree_prefix}/etc_files/server"
+system_path_sshd_config='/etc/ssh/sshd_config'
+local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
+
+expect_n_args() {
+    min_args="$1"
+    explainer="$2"
+    shift 2
+    if [ "$#" -lt "${min_args}" ]; then
+        echo "Need at least ${min_args} arguments … ${explainer}"
+        false
+    fi
+}
+
-- 
2.30.2