From 1afd2ea2e4407705d914eed7d1f96e06dc5ab421 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Wed, 25 Sep 2024 04:01:40 +0200 Subject: [PATCH] Some more updates. --- bookworm/setup_scripts/_setup.sh | 1 + bookworm/setup_scripts/copy_dirtree.sh | 1 + .../init_user_and_keybased_login.sh | 51 +++++++++++++++++++ bookworm/setup_scripts/init_user_login.sh | 11 ++-- bookworm/setup_scripts/migrate_borg.sh | 1 + bookworm/setup_scripts/mirror_dir.sh | 1 + bookworm/setup_scripts/misc.sh | 10 ---- .../setup_scripts/prepare_to_meet_server.sh | 1 + .../setup_scripts/set_hostname_and_fqdn.sh | 1 + bookworm/setup_scripts/setup_desktop.sh | 1 + bookworm/setup_scripts/setup_home.sh | 1 + bookworm/setup_scripts/setup_nvidia.sh | 24 +++++++++ bookworm/setup_scripts/setup_server.sh | 1 + .../setup_scripts/setup_static_website.sh | 1 + bookworm/setup_scripts/setup_web.sh | 1 + .../setup_scripts/upgrade_from_bullseye.sh | 11 ++++ .../init_user_and_keybased_login.sh | 18 +++---- bullseye/setup_scripts/init_user_login.sh | 20 +++----- misc.sh | 16 ++++++ 19 files changed, 129 insertions(+), 43 deletions(-) create mode 100755 bookworm/setup_scripts/init_user_and_keybased_login.sh create mode 100755 bookworm/setup_scripts/setup_nvidia.sh create mode 100644 bookworm/setup_scripts/upgrade_from_bullseye.sh create mode 100644 misc.sh diff --git a/bookworm/setup_scripts/_setup.sh b/bookworm/setup_scripts/_setup.sh index 0c28d60..1b8cae2 100755 --- a/bookworm/setup_scripts/_setup.sh +++ b/bookworm/setup_scripts/_setup.sh @@ -1,6 +1,7 @@ #!/bin/sh set -e . ./misc.sh +. ./../misc.sh expect_n_args 2 "(hostname, FQDN)" "$@" hostname="$1" diff --git a/bookworm/setup_scripts/copy_dirtree.sh b/bookworm/setup_scripts/copy_dirtree.sh index 2c385f0..387ba39 100755 --- a/bookworm/setup_scripts/copy_dirtree.sh +++ b/bookworm/setup_scripts/copy_dirtree.sh @@ -9,6 +9,7 @@ # CAUTION: This removes original files at the affected paths. set -e . ./misc.sh +. ./../misc.sh expect_n_args 3 "(source root, target root, modules)" "$@" diff --git a/bookworm/setup_scripts/init_user_and_keybased_login.sh b/bookworm/setup_scripts/init_user_and_keybased_login.sh new file mode 100755 index 0000000..3f73562 --- /dev/null +++ b/bookworm/setup_scripts/init_user_and_keybased_login.sh @@ -0,0 +1,51 @@ +#!/bin/sh +# This script turns a fresh server with password-based root access into +# one of only key-based access and only to new non-root account plom. +# +# CAUTION: This is optimized for a *fresh* setup. It will overwrite any +# pre-existing ~/.ssh/authorized_keys of user plom with one that solely +# contains the local ~/.ssh/id_rsa.pub, and also any old +# /etc/ssh/sshd_config. +# +# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly +# configured sshd_config file in reach. +set -e +. ./misc.sh +. ../../misc.sh + +expect_n_args 1 "(server)" "$@" +server="$1" +linkable_files_dir="${config_tree_prefix}/etc_files/server" +system_path_sshd_config='/etc/ssh/sshd_config' +# has "PermitRootLogin no" and "PasswordAuthentication no". +local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" + +# This will be used to log-in as root from plom account. +echo 'First, enter the old root password; then enter new password twice.' +ssh root@"${server}" "passwd" + +# Save root password for sshpass +stty -echo +printf "Re-enter new server root password: " +read PW_ROOT +stty echo +printf "\n" +export SSHPASS="${PW_ROOT}" + +# Create user plom, and his ~/.ssh/authorized_keys based on the local +# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and +# ownerships. Then disable root and pw login by copying over the +# sshd_config and restart ssh daemon. +# +# This could be a line or two shorter by using ssh-copy-id, but that +# would require setting a password for user plom otherwise not needed. +sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys +sshpass -e ssh root@"${server}" \ + 'useradd -m plom && '\ + 'mkdir /home/plom/.ssh && '\ + 'chown plom:plom /home/plom/.ssh && '\ + 'chown plom:plom /tmp/authorized_keys && '\ + 'chmod u=rw,go= /tmp/authorized_keys && '\ + 'mv /tmp/authorized_keys /home/plom/.ssh/' +sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" +sshpass -e ssh root@"${server}" 'service ssh restart' diff --git a/bookworm/setup_scripts/init_user_login.sh b/bookworm/setup_scripts/init_user_login.sh index 820b5ab..a0652eb 100755 --- a/bookworm/setup_scripts/init_user_login.sh +++ b/bookworm/setup_scripts/init_user_login.sh @@ -1,6 +1,4 @@ #!/bin/sh -# This script assumes a server with key-based root access into one of -# key-based access only to a new non-root account plom. # # CAUTION: This is optimized for a *fresh* setup. It will overwrite any # old /etc/ssh/sshd_config. @@ -8,16 +6,15 @@ # Dependencies: ssh, scp, properly configured sshd_config file in reach. set -e . ./misc.sh +. ../../misc.sh -# Location of an sshd_config with "PermitRootLogin no" and -# "PasswordAuthentication no". +expect_n_args 1 "(server)" "$@" +server="$1" linkable_files_dir="${config_tree_prefix}/etc_files/server" system_path_sshd_config='/etc/ssh/sshd_config' +# has "PermitRootLogin no" and "PasswordAuthentication no". local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" -expect_n_args 1 "(server)" "$@" -server="$1" - # If we already knew that host … ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}" diff --git a/bookworm/setup_scripts/migrate_borg.sh b/bookworm/setup_scripts/migrate_borg.sh index 4409c86..65ae67d 100755 --- a/bookworm/setup_scripts/migrate_borg.sh +++ b/bookworm/setup_scripts/migrate_borg.sh @@ -1,6 +1,7 @@ #!/bin/sh set -e . ./misc.sh +. ./../misc.sh expect_n_args 1 "(old server IP)" "$@" old_server="$1" diff --git a/bookworm/setup_scripts/mirror_dir.sh b/bookworm/setup_scripts/mirror_dir.sh index 0660142..aef69f1 100755 --- a/bookworm/setup_scripts/mirror_dir.sh +++ b/bookworm/setup_scripts/mirror_dir.sh @@ -2,6 +2,7 @@ # Mirror directory tree from remote to local server, keeping the path. set -e . ./misc.sh +. ./../misc.sh expect_n_args 2 "(server, directory)" "$@" server=$1 diff --git a/bookworm/setup_scripts/misc.sh b/bookworm/setup_scripts/misc.sh index 4aad4a4..30f8e8c 100644 --- a/bookworm/setup_scripts/misc.sh +++ b/bookworm/setup_scripts/misc.sh @@ -9,16 +9,6 @@ fi setup_scripts_dir="${config_tree_prefix}/setup_scripts" aptmark_dir="${config_tree_prefix}/apt-mark" -expect_n_args() { - min_args="$1" - explainer="$2" - shift 2 - if [ "$#" -lt "${min_args}" ]; then - echo "Need at least ${1} arguments … ${explainer}" - false - fi -} - expect_setup_finished_file() { filename="$1" setup_script="$2" diff --git a/bookworm/setup_scripts/prepare_to_meet_server.sh b/bookworm/setup_scripts/prepare_to_meet_server.sh index d8e4e83..5f55362 100755 --- a/bookworm/setup_scripts/prepare_to_meet_server.sh +++ b/bookworm/setup_scripts/prepare_to_meet_server.sh @@ -2,6 +2,7 @@ # Do some of the steps necessary to SSH (key-based) with another server. set -e . ./misc.sh +. ./../misc.sh expect_n_args 1 "(server IP)" "$@" target="$1" diff --git a/bookworm/setup_scripts/set_hostname_and_fqdn.sh b/bookworm/setup_scripts/set_hostname_and_fqdn.sh index b367906..bcf3d9d 100755 --- a/bookworm/setup_scripts/set_hostname_and_fqdn.sh +++ b/bookworm/setup_scripts/set_hostname_and_fqdn.sh @@ -14,6 +14,7 @@ # Ignores IPv6s. set -e . ./misc.sh +. ./../misc.sh expect_n_args 1 "(hostname, fqdn)" "$@" diff --git a/bookworm/setup_scripts/setup_desktop.sh b/bookworm/setup_scripts/setup_desktop.sh index a617e0e..2eb19b3 100755 --- a/bookworm/setup_scripts/setup_desktop.sh +++ b/bookworm/setup_scripts/setup_desktop.sh @@ -1,6 +1,7 @@ #!/bin/sh set -e . ./misc.sh +. ./../misc.sh expect_n_args 1 "(system name)" "$@" get_system_name_arg "$1" diff --git a/bookworm/setup_scripts/setup_home.sh b/bookworm/setup_scripts/setup_home.sh index 6467ef9..a065bd4 100755 --- a/bookworm/setup_scripts/setup_home.sh +++ b/bookworm/setup_scripts/setup_home.sh @@ -1,6 +1,7 @@ #!/bin/sh set -e . ./misc.sh +. ./../misc.sh expect_n_args 1 "(system name)" "$@" get_system_name_arg "$1" diff --git a/bookworm/setup_scripts/setup_nvidia.sh b/bookworm/setup_scripts/setup_nvidia.sh new file mode 100755 index 0000000..d05c8d1 --- /dev/null +++ b/bookworm/setup_scripts/setup_nvidia.sh @@ -0,0 +1,24 @@ +#!/bin/sh +set -e +. ./misc.sh + +# Set up NVIDIA eGPU config. +cd +# git clone https://github.com/NVIDIA/open-gpu-kernel-modules +# cd open-gpu-kernel-modules +# git checkout 337e28e +# # git checkout 4c29105335610933e744f4ab2524ea63fc39edaf +# make modules -j$(nproc) +# make modules_install +# cd +driver_version=535.86.05 +# driver_version=545.29.06 +runscript=NVIDIA-Linux-x86_64-${driver_version}.run +# wget https://us.download.nvidia.com/XFree86/Linux-x86_64/${driver_version}/${runscript} +set +e +rmmod nouveau +set -e +chmod u+x ${runscript} +./${runscript} --no-kernel-modules --silent +depmod +# TODO I suspect that the GPU falling of the bus may be mildened by running nvidia-persistenced, check https://github.com/NVIDIA/nvidia-persistenced/tree/main/init diff --git a/bookworm/setup_scripts/setup_server.sh b/bookworm/setup_scripts/setup_server.sh index e77d17f..43d5cc0 100755 --- a/bookworm/setup_scripts/setup_server.sh +++ b/bookworm/setup_scripts/setup_server.sh @@ -3,6 +3,7 @@ # the outside via ./init_user_login.sh. set -e . ./misc.sh +. ./../misc.sh expect_n_args 2 "(hostname, FQDN)" "$@" hostname="$1" diff --git a/bookworm/setup_scripts/setup_static_website.sh b/bookworm/setup_scripts/setup_static_website.sh index 1ab6a18..bdfb7d3 100755 --- a/bookworm/setup_scripts/setup_static_website.sh +++ b/bookworm/setup_scripts/setup_static_website.sh @@ -1,6 +1,7 @@ #!/bin/sh set -e . ./misc.sh +. ../../misc.sh expect_setup_finished_file setup_web_has_been_run setup_web.sh diff --git a/bookworm/setup_scripts/setup_web.sh b/bookworm/setup_scripts/setup_web.sh index c9cc0ac..d7c651f 100755 --- a/bookworm/setup_scripts/setup_web.sh +++ b/bookworm/setup_scripts/setup_web.sh @@ -1,6 +1,7 @@ #!/bin/sh set -e . ./misc.sh +. ./../misc.sh expect_setup_finished_file setup_server_has_been_run setup_server.sh diff --git a/bookworm/setup_scripts/upgrade_from_bullseye.sh b/bookworm/setup_scripts/upgrade_from_bullseye.sh new file mode 100644 index 0000000..2349b30 --- /dev/null +++ b/bookworm/setup_scripts/upgrade_from_bullseye.sh @@ -0,0 +1,11 @@ +#!/bin/sh +apt update +apt -y upgrade +apt -y full-upgrade +path_sources_list="/etc/apt/sources.list" +cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}" +apt clean +apt update +apt -y upgrade +apt --force-yes full-upgrade +apt -y autoremove diff --git a/bullseye/setup_scripts/init_user_and_keybased_login.sh b/bullseye/setup_scripts/init_user_and_keybased_login.sh index f237a84..a70c3ee 100755 --- a/bullseye/setup_scripts/init_user_and_keybased_login.sh +++ b/bullseye/setup_scripts/init_user_and_keybased_login.sh @@ -10,21 +10,15 @@ # Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly # configured sshd_config file in reach. set -e +. ./misc.sh +. ../../misc.sh -# Location of an sshd_config with "PermitRootLogin no" and -# "PasswordAuthentication no". -config_tree_prefix="${HOME}/public_repos/config/bullseye" -linkable_files_dir="${config_tree_prefix}/etc_files/server" -system_path_sshd_config='/etc/ssh/sshd_config' -local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" - -# Ensure we have a server name as argument. -if [ $# -eq 0 ]; then - echo "Need server as argument." - false -fi +expect_n_args 1 "(server)" "$@" server="$1" +# If we already knew that host … +ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}" + # This will be used to log-in as root from plom account. echo 'First, enter the old root password; then enter new password twice.' ssh root@"${server}" "passwd" diff --git a/bullseye/setup_scripts/init_user_login.sh b/bullseye/setup_scripts/init_user_login.sh index 21a8062..35abb90 100755 --- a/bullseye/setup_scripts/init_user_login.sh +++ b/bullseye/setup_scripts/init_user_login.sh @@ -1,27 +1,19 @@ #!/bin/sh -# This script assumes a server with key-based root access into one of -# key-based access only to a new non-root account plom. # # CAUTION: This is optimized for a *fresh* setup. It will overwrite any # old /etc/ssh/sshd_config. # # Dependencies: ssh, scp, properly configured sshd_config file in reach. set -e +. ./misc.sh +. ../../misc.sh -# Location of an sshd_config with "PermitRootLogin no" and -# "PasswordAuthentication no". -config_tree_prefix="${HOME}/public_repos/config/bullseye" -linkable_files_dir="${config_tree_prefix}/etc_files/server" -system_path_sshd_config='/etc/ssh/sshd_config' -local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" - -# Ensure we have a server name as argument. -if [ $# -eq 0 ]; then - echo "Need server as argument." - false -fi +expect_n_args 1 "(server)" "$@" server="$1" +# If we already knew that host … +ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}" + # So we're only asked once … eval $(ssh-agent) ssh-add diff --git a/misc.sh b/misc.sh new file mode 100644 index 0000000..adf8e1b --- /dev/null +++ b/misc.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +linkable_files_dir="${config_tree_prefix}/etc_files/server" +system_path_sshd_config='/etc/ssh/sshd_config' +local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" + +expect_n_args() { + min_args="$1" + explainer="$2" + shift 2 + if [ "$#" -lt "${min_args}" ]; then + echo "Need at least ${min_args} arguments … ${explainer}" + false + fi +} + -- 2.30.2