bsdeb

#!/bin/bash

# exit script immediately on non-zero status
set -e

PROGRAM_NAME="Debian Bootstrapper"
PROGRAM_VERSION="1.0.0-SNAPSHOT"
DEBIAN_VERSION=12.7
REPO_SOURCE_URL="https://github.com/genebarker/debian/raw/master"
SCRIPT_FILENAME="$(basename ${BASH_SOURCE})"
BASE_DIR="$(dirname ${BASH_SOURCE})"
CONFIG_FILENAME="server.conf"
CONFIG_FILEPATH="${BASE_DIR}/${CONFIG_FILENAME}"
BOOTSTRAP=OFF
AUTO_YES=OFF

HELP=$(cat << EOF
NAME
    ${SCRIPT_FILENAME} - a Debian server bootstrapper

SYNOPSIS
    ${SCRIPT_FILENAME} [-bhy] [-f configfile]

DESCRIPTION
    Bootstrap a new Debian server using a configuration file.

    Given a freshly installed headless Debian ${DEBIAN_VERSION}
    server, this script configures it using the settings found in
    the configuration file.

OPTIONS
    -b              Bootstrap server
    -f configfile   Configuration file, default: ${CONFIG_FILENAME}
    -h              Display this help
    -y              Answer yes to confirmation messages
EOF
)

run_main()
{
    display_script_header
    parse_script_options $@

    verify_bootstrap_selected
    verify_and_load_config_file
    verify_debian_version

    upgrade_debian_image_to_latest

    install_vim_and_set_as_default
    install_remote_access_utils
    install_diagnostic_utils
    install_windows_integration_utils
    install_core_dev_utils
    install_help_utils

    setup_unattended_upgrades
    configure_ssh_server
    setup_networking

    load_and_install_dotfiles
    gen_ssh_keys_and_set_auth_user

    run_config_file_script
}

display_script_header()
{
    echo "${PROGRAM_NAME} for Debian ${DEBIAN_VERSION}"
    echo "Version ${PROGRAM_VERSION} - MIT License"
    echo
}

parse_script_options()
{
    echo ".. parsing script options"
    while getopts ':bf:yh' opt
    do
        case "$opt" in
            b)
                BOOTSTRAP=ON
                ;;
            f)
                override_config_file "$OPTARG"
                ;;
            y)
                AUTO_YES=ON
                ;;
            h)
                show_help
                exit 0
                ;;
            :)
                show_error "Option requires an argument."
                exit 1
                ;;
            ?)
                show_error "Invalid command option."
                exit 1
                ;;
        esac
    done

    # remove getopts parms from parameter list
    shift $((OPTIND-1))
}

override_config_file()
{
    CONFIG_FILEPATH=$1
    CONFIG_FILENAME=$(basename "$CONFIG_FILEPATH")
    if [ ! -f $1 ]
    then
        echo "Config file (${CONFIG_FILENAME}) not found, will try to download from repo."
    fi
}

show_help()
{
    echo
    echo "${HELP}"
}

show_error()
{
    local message=$1
    echo
    echo "ERROR: $1"
}

verify_bootstrap_selected()
{
    if [ $BOOTSTRAP = OFF ]
    then
        echo
        echo "Exiting since bootstrap option not used."
        exit 0
    fi
}

verify_and_load_config_file()
{
    if [ ! -f "$CONFIG_FILEPATH" ]
    then
        get_config_file_from_repo_and_exit $CONFIG_FILENAME
    fi
    echo ".. config file set ($CONFIG_FILEPATH)"
    echo ".. displaying config"
    echo
    cat $CONFIG_FILEPATH
    question="Is this the correct config to apply (y/n)?"
    ask_continue_question "$question"
    source $CONFIG_FILEPATH
    echo ".. config file loaded"
}

get_config_file_from_repo_and_exit()
{
    local filename=$1
    download_config_file $filename
    echo -n "Update config file ${filename} with your settings, "
    echo "then rerun this script."
    exit 1
}

download_config_file()
{
    echo ".. downloading config file from repo"
    wget ${REPO_SOURCE_URL}/$1
    echo ".. config file download successful"
}

ask_continue_question()
{
    local question=$1
    echo
    echo -n "$question "
    if [ $AUTO_YES = ON ]
    then
        echo Yes
        return
    fi
    old_stty_cfg=$(stty -g)
    stty raw -echo ; answer=$(head -c 1) ; stty $old_stty_cfg
    if echo "$answer" | grep -iq "^y"
    then
        echo Yes
        return
    else
        echo No
        exit 1
    fi
}

verify_debian_version()
{
    if [ -f /etc/debian_version ]
    then
        version=$(cat /etc/debian_version)
        echo ".. identified version of Debian image ($version)"
    else
        version="UNKNOWN"
    fi
    if [ "$version" != "$DEBIAN_VERSION" ]
    then
        question=$(cat << EOF
WARNING: The version of this Debian image ($version) does NOT match
the script target ($DEBIAN_VERSION).

Do you still want to bootstrap this image (y/n)?
EOF
        )
        ask_continue_question "$question"
        echo
    fi
}

upgrade_debian_image_to_latest()
{
    echo ".. upgrading Debian image to latest available"
    apt-get update && apt-get -y dist-upgrade
}

install_vim_and_set_as_default()
{
    echo ".. installing vim and setting as default editor"
    apt-get -y install vim
    update-alternatives --set editor /usr/bin/vim.basic
    echo ".. installing curl (needed by vim-plug)"
    apt-get -y install curl
}

install_remote_access_utils()
{
    echo ".. installing remote access utilities"
    apt-get -y install tmux rsync
}

install_diagnostic_utils()
{
    echo ".. installing diagnostic utilities"
    apt-get -y install htop ncdu
}

install_windows_integration_utils()
{
    echo ".. installing windows integration utilitities"
    apt-get -y install zip unzip dos2unix
}

install_core_dev_utils()
{
    echo ".. installing core development utilities"
    apt-get -y install git ack bat
}

install_help_utils()
{
    echo ".. installing help utilities"
    apt-get -y install tldr ddgr w3m

    echo ".. configure tldr"
    local root_tldr_dir="/root/.local/share/tldr"
    mkdir -p $root_tldr_dir
    tldr --update

    echo ".. copying tldr data for non admin user ($NON_ADMIN_USERNAME)"
    local reg_tldr_dir="/home/$NON_ADMIN_USERNAME/.local/share/tldr"
    if [ -d $reg_tldr_dir ]
    then
        rm -rf $reg_tldr_dir
    fi
    su -c "mkdir -p $reg_tldr_dir" $NON_ADMIN_USERNAME
    cp -r $root_tldr_dir/* $reg_tldr_dir
    chown -R $NON_ADMIN_USERNAME:$NON_ADMIN_USERNAME $reg_tldr_dir

    echo ".. set default browser to w3m"
    local env_file="/etc/environment"
    backup_or_recover_original_file $env_file
    echo "export BROWSER=w3m" > $env_file
}

setup_unattended_upgrades()
{
    if [ "${AUTO_PATCH}" != "ON" ]
    then
        return # nothing to configure
    fi

    echo ".. installing unattended-upgrades"
    apt-get -y install unattended-upgrades

    systemctl enable unattended-upgrades
    systemctl start unattended-upgrades
    sleep 2
}

configure_ssh_server()
{
    if [ -z "$SSH_PORT" ] && [ -z "$SSH_PERMIT_ROOT_LOGIN" ] && [ -z "$SSH_PASSWORD_AUTH" ]
    then
        return # nothing to configure
    fi

    echo ".. configuring ssh"
    local config_file="/etc/ssh/sshd_config"
    backup_or_recover_original_file $config_file

    if [ -n "$SSH_PORT" ]
    then
        echo ".. setting SSH_PORT to ${SSH_PORT}"
        sed -i "s/#Port 22/Port $SSH_PORT/" $config_file
    fi

    if [ -n "$SSH_PERMIT_ROOT_LOGIN" ]
    then
        echo ".. setting PermitRootLogin to ${SSH_PERMIT_ROOT_LOGIN}"
        sed -i "s/^#\?PermitRootLogin.*/PermitRootLogin $SSH_PERMIT_ROOT_LOGIN/" $config_file
    fi

    if [ -n "$SSH_PASSWORD_AUTH" ]
    then
        echo ".. setting PasswordAuthentication to ${SSH_PASSWORD_AUTH}"
        sed -i "s/^#\?PasswordAuthentication.*/PasswordAuthentication $SSH_PASSWORD_AUTH/" $config_file
    fi
    service sshd restart
    service sshd status
}

backup_or_recover_original_file()
{
    local file_path=$1
    if [ -f "${file_path}.orig" ]
    then
        # restore the original
        cp "${file_path}.orig" $file_path
    else
        # backup the original
        cp $file_path "${file_path}.orig"
    fi
}

setup_networking () {
    setup_network_interface
    setup_hostname
}

setup_network_interface () {
    if [ "${IFACE}" != "static" ]
    then
        echo ".. skipping network interface setup since done by DNS"
        return
    fi

    local interfaces_path="/etc/network/interfaces"
    backup_or_recover_original_file $interfaces_path
    local resolv_path="/etc/resolv.conf"
    backup_or_recover_original_file $resolv_path

    # get line num primary network interface
    local line_to_replace=$(grep -En '\Wdhcp$' $interfaces_path | cut -d: -f1)

    # build its replacement
    head -${line_to_replace} $interfaces_path > interfaces.temp
    sed -i 's/dhcp/static/' interfaces.temp
    echo " address ${IFACE_ADDRESS}" >> interfaces.temp
    echo " netmask ${IFACE_NETMASK}" >> interfaces.temp
    echo " gateway ${IFACE_GATEWAY}" >> interfaces.temp

    # update name servers
    if [ ! -z "${NAMESERVER_1}" ]
    then
        echo "nameserver ${NAMESERVER_1}" > $resolv_path
        if [ ! -z "${NAMESERVER_2}" ]
        then
            echo "nameserver ${NAMESERVER_2}" >> $resolv_path
        fi
    fi

    # change the primary interface
    mv interfaces.temp $interfaces_path

    echo ".. changed network interfaces"
    cat $interfaces_path

    echo ".. restarting network"
    systemctl restart networking
    sleep 2
}

setup_hostname () {
    if [ -z "$HOSTNAME" ]
    then
        return # nothing to configure
    fi
    echo ".. setting hostname with system"
    hostnamectl set-hostname $HOSTNAME

    echo ".. updating hosts file"
    local hosts_path="/etc/hosts"
    local ip_address="${IFACE_ADDRESS}"
    if [ -z "${ip_address}" ]
    then
        ip_address=$(get_ip_address)
    fi

    backup_or_recover_original_file $hosts_path
    echo "127.0.0.1 localhost" > $hosts_path
    echo "${ip_address} ${FQDN} ${HOSTNAME}" >> $hosts_path
    cat $hosts_path

    echo ".. hostname changed"
    hostnamectl
}

get_ip_address () {
    local iface_name=$(ip route get 1.1.1.1 | grep -o "dev [^ ]*" | awk '{print $2}')
    ip -4 addr show $iface_name | grep -oP '(?<=inet\s)\d+(\.\d+){3}'
}

load_and_install_dotfiles()
{
    if [ -z "$DOTFILES_REPO_URL" ]
    then
        return # no dotfile repo defined
    fi

    echo ".. cloning dotfiles repo for root user"
    if [ -d dotfiles ]
    then
        cd ~/dotfiles
        git pull origin
    else
        cd
        git clone $DOTFILES_REPO_URL
    fi

    if [ -n "$DOTFILES_REPO_INSTALL_SCRIPT" ]
    then
        echo ".. installing root user dotfiles"
        cd
        ./dotfiles/$DOTFILES_REPO_INSTALL_SCRIPT
    fi

    if [ -z "$NON_ADMIN_USERNAME" ]
    then
        return # no non admin user
    fi

    echo ".. copying dotfiles repo for non admin user ($NON_ADMIN_USERNAME)"
    if [ -d /home/$NON_ADMIN_USERNAME/dotfiles ]
    then
        rm -rf /home/$NON_ADMIN_USERNAME/dotfiles
    fi
    cp -r ~/dotfiles /home/$NON_ADMIN_USERNAME
    chown -R $NON_ADMIN_USERNAME:$NON_ADMIN_USERNAME /home/$NON_ADMIN_USERNAME/dotfiles
    if [ -n "$DOTFILES_REPO_INSTALL_SCRIPT" ]
    then
        echo ".. installing non admin user dotfiles"
        su $NON_ADMIN_USERNAME -c "/home/$NON_ADMIN_USERNAME/dotfiles/$DOTFILES_REPO_INSTALL_SCRIPT"
    fi
}

gen_ssh_keys_and_set_auth_user()
{
    if [ -z "$NON_ADMIN_USERNAME" ]
    then
        return # no non admin user
    fi

    echo ".. generating SSH keys for non admin user ($NON_ADMIN_USERNAME)"
    KEY_HOME=/home/$NON_ADMIN_USERNAME/.ssh
    rm -f $KEY_HOME/id_rsa
    su $NON_ADMIN_USERNAME -c "ssh-keygen -q -t rsa -N '' -f $KEY_HOME/id_rsa"

    if [ -z "$NON_ADMIN_AUTH_KEY" ]
    then
        if [ -z "$NON_ADMIN_AUTH_KEY_DOTFILES_PATH" ]
        then
            return # no authorized key
        fi
        # use authorized keys in dotfiles
        NON_ADMIN_AUTH_KEY=$(cat "/home/$NON_ADMIN_USERNAME/dotfiles/$NON_ADMIN_AUTH_KEY_DOTFILES_PATH")
    fi

    echo ".. adding authorized key"
    su $NON_ADMIN_USERNAME -c "echo $NON_ADMIN_AUTH_KEY > $KEY_HOME/authorized_keys"
}

run_config_file_script()
{
    echo ".. running config file script"
    configure_box
}

run_main $@