This commit is contained in:
Mateusz Suski
Executable
+182
@@ -0,0 +1,182 @@
|
||||
#!/usr/bin/env bash
|
||||
set -o errexit
|
||||
set -o nounset
|
||||
set -o pipefail
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
|
||||
run_base=0
|
||||
run_shell=0
|
||||
run_cockpit=0
|
||||
run_docker=0
|
||||
run_libvirt=0
|
||||
run_nvidia=0
|
||||
run_tuning=0
|
||||
run_security=0
|
||||
enable_ufw=0
|
||||
nvidia_driver_version=""
|
||||
|
||||
usage() {
|
||||
cat <<'EOF'
|
||||
Usage: sudo ./install.sh [OPTIONS]
|
||||
|
||||
Day-0 bootstrap automation for Ubuntu 24.04 or newer.
|
||||
|
||||
Profiles:
|
||||
--base Install baseline operational packages
|
||||
--shell Install the root shell profile
|
||||
--cockpit Install and enable Cockpit
|
||||
--docker Install and configure Docker
|
||||
--libvirt Install and enable libvirt/KVM
|
||||
--nvidia-tools Install NVIDIA diagnostic tools only
|
||||
--install-nvidia-driver VERSION
|
||||
Install diagnostic tools and the explicit driver
|
||||
--tuning Install journald and sysctl tuning
|
||||
--security Install fail2ban and UFW; do not enable UFW
|
||||
--enable-ufw Run security profile and explicitly enable UFW
|
||||
--all Run every profile without enabling UFW or
|
||||
installing an NVIDIA driver
|
||||
-h, --help Show this help
|
||||
|
||||
Examples:
|
||||
sudo ./install.sh --base --shell
|
||||
sudo ./install.sh --all
|
||||
sudo ./install.sh --all --enable-ufw
|
||||
sudo ./install.sh --nvidia-tools --install-nvidia-driver 550
|
||||
EOF
|
||||
}
|
||||
|
||||
require_supported_ubuntu() {
|
||||
if [[ ! -r /etc/os-release ]]; then
|
||||
printf 'CRITICAL: /etc/os-release is unavailable; refusing system changes\n' >&2
|
||||
exit 2
|
||||
fi
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
source /etc/os-release
|
||||
if [[ "${ID:-}" != "ubuntu" ]]; then
|
||||
printf 'CRITICAL: this toolkit supports Ubuntu only; detected %s\n' "${ID:-unknown}" >&2
|
||||
exit 2
|
||||
fi
|
||||
if ! dpkg --compare-versions "${VERSION_ID:-0}" ge "24.04"; then
|
||||
printf 'CRITICAL: Ubuntu 24.04 or newer is required; detected %s\n' \
|
||||
"${VERSION_ID:-unknown}" >&2
|
||||
exit 2
|
||||
fi
|
||||
}
|
||||
|
||||
if (($# == 0)); then
|
||||
usage
|
||||
exit 0
|
||||
fi
|
||||
|
||||
while (($# > 0)); do
|
||||
case "$1" in
|
||||
--base)
|
||||
run_base=1
|
||||
;;
|
||||
--shell)
|
||||
run_shell=1
|
||||
;;
|
||||
--cockpit)
|
||||
run_cockpit=1
|
||||
;;
|
||||
--docker)
|
||||
run_docker=1
|
||||
;;
|
||||
--libvirt)
|
||||
run_libvirt=1
|
||||
;;
|
||||
--nvidia-tools)
|
||||
run_nvidia=1
|
||||
;;
|
||||
--install-nvidia-driver)
|
||||
if (($# < 2)); then
|
||||
printf 'CRITICAL: --install-nvidia-driver requires a VERSION\n' >&2
|
||||
exit 2
|
||||
fi
|
||||
nvidia_driver_version="$2"
|
||||
if [[ ! "$nvidia_driver_version" =~ ^[0-9]+$ ]]; then
|
||||
printf 'CRITICAL: NVIDIA driver VERSION must contain digits only\n' >&2
|
||||
exit 2
|
||||
fi
|
||||
run_nvidia=1
|
||||
shift
|
||||
;;
|
||||
--tuning)
|
||||
run_tuning=1
|
||||
;;
|
||||
--security)
|
||||
run_security=1
|
||||
;;
|
||||
--enable-ufw)
|
||||
enable_ufw=1
|
||||
run_security=1
|
||||
;;
|
||||
--all)
|
||||
run_base=1
|
||||
run_shell=1
|
||||
run_cockpit=1
|
||||
run_docker=1
|
||||
run_libvirt=1
|
||||
run_nvidia=1
|
||||
run_tuning=1
|
||||
run_security=1
|
||||
;;
|
||||
-h|--help)
|
||||
usage
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
printf 'CRITICAL: unknown option: %s\n\n' "$1" >&2
|
||||
usage >&2
|
||||
exit 2
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
if ((EUID != 0)); then
|
||||
printf 'CRITICAL: install.sh must run as root for selected profiles\n' >&2
|
||||
exit 2
|
||||
fi
|
||||
|
||||
for required_command in bash dpkg; do
|
||||
if ! command -v "$required_command" >/dev/null 2>&1; then
|
||||
printf 'CRITICAL: required command is missing: %s\n' "$required_command" >&2
|
||||
exit 2
|
||||
fi
|
||||
done
|
||||
|
||||
require_supported_ubuntu
|
||||
|
||||
printf 'INFO: running read-only preflight\n'
|
||||
"$SCRIPT_DIR/scripts/00-preflight.sh"
|
||||
|
||||
((run_base == 0)) || "$SCRIPT_DIR/scripts/01-base-packages.sh"
|
||||
((run_shell == 0)) || "$SCRIPT_DIR/scripts/02-shell-profile.sh"
|
||||
((run_cockpit == 0)) || "$SCRIPT_DIR/scripts/03-cockpit.sh"
|
||||
((run_docker == 0)) || "$SCRIPT_DIR/scripts/04-docker.sh"
|
||||
((run_libvirt == 0)) || "$SCRIPT_DIR/scripts/05-libvirt.sh"
|
||||
|
||||
if ((run_nvidia == 1)); then
|
||||
if [[ -n "$nvidia_driver_version" ]]; then
|
||||
"$SCRIPT_DIR/scripts/06-nvidia-tools.sh" --install-driver "$nvidia_driver_version"
|
||||
else
|
||||
"$SCRIPT_DIR/scripts/06-nvidia-tools.sh"
|
||||
fi
|
||||
fi
|
||||
|
||||
((run_tuning == 0)) || "$SCRIPT_DIR/scripts/07-tuning.sh"
|
||||
|
||||
if ((run_security == 1)); then
|
||||
if ((enable_ufw == 1)); then
|
||||
"$SCRIPT_DIR/scripts/08-security-baseline.sh" --enable-ufw
|
||||
else
|
||||
"$SCRIPT_DIR/scripts/08-security-baseline.sh"
|
||||
fi
|
||||
fi
|
||||
|
||||
printf '\nINFO: running post-install checks\n'
|
||||
"$SCRIPT_DIR/scripts/99-postcheck.sh"
|
||||
printf '\nOK: selected Linux setup profiles completed\n'
|
||||
Reference in New Issue
Block a user