home · contact · privacy
Some more updates.
authorChristian Heller <c.heller@plomlompom.de>
Wed, 25 Sep 2024 02:01:40 +0000 (04:01 +0200)
committerChristian Heller <c.heller@plomlompom.de>
Wed, 25 Sep 2024 02:01:40 +0000 (04:01 +0200)
19 files changed:
bookworm/setup_scripts/_setup.sh
bookworm/setup_scripts/copy_dirtree.sh
bookworm/setup_scripts/init_user_and_keybased_login.sh [new file with mode: 0755]
bookworm/setup_scripts/init_user_login.sh
bookworm/setup_scripts/migrate_borg.sh
bookworm/setup_scripts/mirror_dir.sh
bookworm/setup_scripts/misc.sh
bookworm/setup_scripts/prepare_to_meet_server.sh
bookworm/setup_scripts/set_hostname_and_fqdn.sh
bookworm/setup_scripts/setup_desktop.sh
bookworm/setup_scripts/setup_home.sh
bookworm/setup_scripts/setup_nvidia.sh [new file with mode: 0755]
bookworm/setup_scripts/setup_server.sh
bookworm/setup_scripts/setup_static_website.sh
bookworm/setup_scripts/setup_web.sh
bookworm/setup_scripts/upgrade_from_bullseye.sh [new file with mode: 0644]
bullseye/setup_scripts/init_user_and_keybased_login.sh
bullseye/setup_scripts/init_user_login.sh
misc.sh [new file with mode: 0644]

index 0c28d60c5659169bed9e4866ec8f97e0a218bdc3..1b8cae253c36ef9a660c4c0538256199b3a8a5c8 100755 (executable)
@@ -1,6 +1,7 @@
 #!/bin/sh
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_n_args 2 "(hostname, FQDN)" "$@"
 hostname="$1"
index 2c385f0675249c412fa4d06709696e9622cf5782..387ba392912c703fa42a864846acce6b99bd1f12 100755 (executable)
@@ -9,6 +9,7 @@
 # CAUTION: This removes original files at the affected paths.
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_n_args 3 "(source root, target root, modules)" "$@"
 
diff --git a/bookworm/setup_scripts/init_user_and_keybased_login.sh b/bookworm/setup_scripts/init_user_and_keybased_login.sh
new file mode 100755 (executable)
index 0000000..3f73562
--- /dev/null
@@ -0,0 +1,51 @@
+#!/bin/sh
+# This script turns a fresh server with password-based root access into
+# one of only key-based access and only to new non-root account plom.
+#
+# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
+# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
+# contains the local ~/.ssh/id_rsa.pub, and also any old
+# /etc/ssh/sshd_config.
+#
+# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly
+# configured sshd_config file in reach.
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 1 "(server)" "$@"
+server="$1"
+linkable_files_dir="${config_tree_prefix}/etc_files/server"
+system_path_sshd_config='/etc/ssh/sshd_config'
+# has "PermitRootLogin no" and "PasswordAuthentication no".
+local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
+
+# This will be used to log-in as root from plom account.
+echo 'First, enter the old root password; then enter new password twice.'
+ssh root@"${server}" "passwd"
+
+# Save root password for sshpass
+stty -echo
+printf "Re-enter new server root password: "
+read PW_ROOT
+stty echo
+printf "\n"
+export SSHPASS="${PW_ROOT}"
+
+# Create user plom, and his ~/.ssh/authorized_keys based on the local
+# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and
+# ownerships. Then disable root and pw login by copying over the
+# sshd_config and restart ssh daemon.
+#
+# This could be a line or two shorter by using ssh-copy-id, but that
+# would require setting a password for user plom otherwise not needed.
+sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys
+sshpass -e ssh root@"${server}" \
+        'useradd -m plom && '\
+        'mkdir /home/plom/.ssh && '\
+        'chown plom:plom /home/plom/.ssh && '\
+        'chown plom:plom /tmp/authorized_keys && '\
+        'chmod u=rw,go= /tmp/authorized_keys && '\
+        'mv /tmp/authorized_keys /home/plom/.ssh/'
+sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
+sshpass -e ssh root@"${server}" 'service ssh restart'
index 820b5abf60ca191d02ed8f1457e7043a26dd1681..a0652ebd41bd432e17f0d09dcb47684ff4e23f5d 100755 (executable)
@@ -1,6 +1,4 @@
 #!/bin/sh
-# This script assumes a server with key-based root access into one of
-# key-based access only to a new non-root account plom.
 #
 # CAUTION: This is optimized for a *fresh* setup. It will overwrite any
 # old /etc/ssh/sshd_config.
@@ -8,16 +6,15 @@
 # Dependencies: ssh, scp, properly configured sshd_config file in reach.
 set -e
 . ./misc.sh
+. ../../misc.sh
 
-# Location of an sshd_config with "PermitRootLogin no" and
-# "PasswordAuthentication no".
+expect_n_args 1 "(server)" "$@"
+server="$1"
 linkable_files_dir="${config_tree_prefix}/etc_files/server"
 system_path_sshd_config='/etc/ssh/sshd_config'
+# has "PermitRootLogin no" and "PasswordAuthentication no".
 local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
 
-expect_n_args 1 "(server)" "$@"
-server="$1"
-
 # If we already knew that host …
 ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
 
index 4409c868bffbd335bbb6de679181de2e758fb9da..65ae67dd08dfdfd2002f65757d683e3a93084147 100755 (executable)
@@ -1,6 +1,7 @@
 #!/bin/sh
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_n_args 1 "(old server IP)" "$@"
 old_server="$1"
index 0660142877648f1d9b357de7300e512bee54a35c..aef69f189a6cdfcd9d8980aeac40affd7bb48590 100755 (executable)
@@ -2,6 +2,7 @@
 # Mirror directory tree from remote to local server, keeping the path.
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_n_args 2 "(server, directory)" "$@"
 server=$1
index 4aad4a416eff402070a4717ad1ff170bf75b762e..30f8e8c523f788a6c1ab95c12dae75a521da92de 100644 (file)
@@ -9,16 +9,6 @@ fi
 setup_scripts_dir="${config_tree_prefix}/setup_scripts"
 aptmark_dir="${config_tree_prefix}/apt-mark"
 
-expect_n_args() {
-    min_args="$1"
-    explainer="$2"
-    shift 2
-    if [ "$#" -lt "${min_args}" ]; then
-        echo "Need at least ${1} arguments … ${explainer}"
-        false
-    fi
-}
-
 expect_setup_finished_file() {
     filename="$1"
     setup_script="$2"
index d8e4e83599a3b19d0e1685fb7ab122282856d940..5f553623da2dffc165b2146306f2a43870ba76e6 100755 (executable)
@@ -2,6 +2,7 @@
 # Do some of the steps necessary to SSH (key-based) with another server.
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_n_args 1 "(server IP)" "$@"
 target="$1"
index b367906e07749d33e7ee5c3270cd90040a1cde50..bcf3d9d96b1d5f1a2106eb1a1e13aec6cea02de4 100755 (executable)
@@ -14,6 +14,7 @@
 # Ignores IPv6s.
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_n_args 1 "(hostname, fqdn)" "$@"
 
index a617e0e1d9f99f78215690e060adc390dd7c7e6e..2eb19b32b890bce82c4b3f59b8599f6f534da24a 100755 (executable)
@@ -1,6 +1,7 @@
 #!/bin/sh
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_n_args 1 "(system name)" "$@"
 get_system_name_arg "$1"
index 6467ef9a166a5419cc110c2ea6d4084f919eb3dd..a065bd4fb90934b38dbd7f7e5bbbff03f07a23e6 100755 (executable)
@@ -1,6 +1,7 @@
 #!/bin/sh
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_n_args 1 "(system name)" "$@"
 get_system_name_arg "$1"
diff --git a/bookworm/setup_scripts/setup_nvidia.sh b/bookworm/setup_scripts/setup_nvidia.sh
new file mode 100755 (executable)
index 0000000..d05c8d1
--- /dev/null
@@ -0,0 +1,24 @@
+#!/bin/sh
+set -e
+. ./misc.sh
+
+# Set up NVIDIA eGPU config.
+cd
+# git clone https://github.com/NVIDIA/open-gpu-kernel-modules
+# cd open-gpu-kernel-modules
+# git checkout 337e28e
+# # git checkout 4c29105335610933e744f4ab2524ea63fc39edaf
+# make modules -j$(nproc)
+# make modules_install
+# cd
+driver_version=535.86.05
+# driver_version=545.29.06
+runscript=NVIDIA-Linux-x86_64-${driver_version}.run
+# wget https://us.download.nvidia.com/XFree86/Linux-x86_64/${driver_version}/${runscript}
+set +e
+rmmod nouveau
+set -e
+chmod u+x ${runscript} 
+./${runscript} --no-kernel-modules --silent
+depmod
+# TODO I suspect that the GPU falling of the bus may be mildened by running nvidia-persistenced, check https://github.com/NVIDIA/nvidia-persistenced/tree/main/init  
index e77d17f18450d237cdd65dc16fbbb277291e0c90..43d5cc03797f0a3998f8398abea4e1b0c73a86df 100755 (executable)
@@ -3,6 +3,7 @@
 # the outside via ./init_user_login.sh.
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_n_args 2 "(hostname, FQDN)" "$@"
 hostname="$1"
index 1ab6a18075137eb1afcff50c14eda28e9fdfd835..bdfb7d3d58f1052bb657bae738c9329c2deae207 100755 (executable)
@@ -1,6 +1,7 @@
 #!/bin/sh
 set -e
 . ./misc.sh
+. ../../misc.sh
 
 expect_setup_finished_file setup_web_has_been_run setup_web.sh
 
index c9cc0ac0c11cf6daa9556009d40a0eb5634c349d..d7c651f0fe6536640ee9c9f0875f48733c2b38d2 100755 (executable)
@@ -1,6 +1,7 @@
 #!/bin/sh
 set -e
 . ./misc.sh
+. ./../misc.sh
 
 expect_setup_finished_file setup_server_has_been_run setup_server.sh
 
diff --git a/bookworm/setup_scripts/upgrade_from_bullseye.sh b/bookworm/setup_scripts/upgrade_from_bullseye.sh
new file mode 100644 (file)
index 0000000..2349b30
--- /dev/null
@@ -0,0 +1,11 @@
+#!/bin/sh
+apt update
+apt -y upgrade
+apt -y full-upgrade
+path_sources_list="/etc/apt/sources.list"
+cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}"
+apt clean
+apt update
+apt -y upgrade
+apt --force-yes full-upgrade
+apt -y autoremove
index f237a84de33a85e6fe5635e6ff89eb98f76b2651..a70c3eee1d9ba467bd3b3c09313983a537c6b736 100755 (executable)
 # Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly
 # configured sshd_config file in reach.
 set -e
+. ./misc.sh
+. ../../misc.sh
 
-# Location of an sshd_config with "PermitRootLogin no" and
-# "PasswordAuthentication no".
-config_tree_prefix="${HOME}/public_repos/config/bullseye"
-linkable_files_dir="${config_tree_prefix}/etc_files/server"
-system_path_sshd_config='/etc/ssh/sshd_config'
-local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
-
-# Ensure we have a server name as argument.
-if [ $# -eq 0 ]; then
-    echo "Need server as argument."
-    false
-fi
+expect_n_args 1 "(server)" "$@"
 server="$1"
 
+# If we already knew that host …
+ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
+
 # This will be used to log-in as root from plom account.
 echo 'First, enter the old root password; then enter new password twice.'
 ssh root@"${server}" "passwd"
index 21a8062276707e16790d062de842f07f8f8115f5..35abb903b70fe3aafa28e941e03016e7389c6b2f 100755 (executable)
@@ -1,27 +1,19 @@
 #!/bin/sh
-# This script assumes a server with key-based root access into one of
-# key-based access only to a new non-root account plom.
 #
 # CAUTION: This is optimized for a *fresh* setup. It will overwrite any
 # old /etc/ssh/sshd_config.
 #
 # Dependencies: ssh, scp, properly configured sshd_config file in reach.
 set -e
+. ./misc.sh
+. ../../misc.sh
 
-# Location of an sshd_config with "PermitRootLogin no" and
-# "PasswordAuthentication no".
-config_tree_prefix="${HOME}/public_repos/config/bullseye"
-linkable_files_dir="${config_tree_prefix}/etc_files/server"
-system_path_sshd_config='/etc/ssh/sshd_config'
-local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
-
-# Ensure we have a server name as argument.
-if [ $# -eq 0 ]; then
-    echo "Need server as argument."
-    false
-fi
+expect_n_args 1 "(server)" "$@"
 server="$1"
 
+# If we already knew that host …
+ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
+
 # So we're only asked once …
 eval $(ssh-agent)
 ssh-add
diff --git a/misc.sh b/misc.sh
new file mode 100644 (file)
index 0000000..adf8e1b
--- /dev/null
+++ b/misc.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+linkable_files_dir="${config_tree_prefix}/etc_files/server"
+system_path_sshd_config='/etc/ssh/sshd_config'
+local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
+
+expect_n_args() {
+    min_args="$1"
+    explainer="$2"
+    shift 2
+    if [ "$#" -lt "${min_args}" ]; then
+        echo "Need at least ${min_args} arguments … ${explainer}"
+        false
+    fi
+}
+