e-minguez/bootstrap.sh

## bootstrap.sh
yum remove postfix
yum install epel-release
yum install apcupsd smartmontools ssmtpd lm_sensors fail2ban
sensors-detect --auto

cat << EOF > /etc/fail2ban/jail.d/99-enabled.conf
[sshd]
enabled = true
EOF

systemctl enable fail2ban --now

cat << EOF > /etc/ssmtp/ssmtp.conf
root=e.minguez@gmail.com
mailhub=smtp.gmail.com:587
AuthUser=USER
AuthPass=PASS
UseSTARTTLS=YES
#UseTLS=YES
AuthMethod=LOGIN
TLS_CA_File=/etc/pki/tls/certs/ca-bundle.crt
EOF

cat << EOF > /etc/ssmtp/revaliases
root:e.minguez@gmail.com:smtp.gmail.com:587
EOF

echo "alias root root<e.minguez@gmail.com>" >> /etc/mail.rc
echo "alias root@localhost root<e.minguez@gmail.com>" >> /etc/mail.rc

systemctl enable smartd --now
systemctl enable apcupsd --now

yum install -y libusb usbutils epel-release tmux yum-utils git
# Configure ZFS
zpool create tank raidz2 /dev/disk/by-id/{ata-WDC_WD20EFRX-68AX9N0_WD-WMC301887336,ata-WDC_WD20EFRX-68AX9N0_WD-WMC301895708,ata-WDC_WD20EFRX-68AX9N0_WD-WMC301880783,ata-WDC_WD20EFRX-68AX9N0_WD-WMC301919087} -f

zfs set relatime=on tank
zfs set compression=on tank

zfs create tank/vms
zfs create tank/docker
zfs create tank/log

echo "/tank/log              /var/log                 none    bind    0 0" >> /etc/fstab

mkdir ~/git/
git clone https://github.com/lnicola/systemd-zpool-scrub.git ~/git/systemd-zpool-scrub/
install -m 644 -o root -g root ~/git/systemd-zpool-scrub/zpool-scrub@.service /etc/systemd/system
install -m 644 -o root -g root ~/git/systemd-zpool-scrub/zpool-scrub@.timer /etc/systemd/system
systemctl daemon-reload
systemctl enable --now zpool-scrub@tank.timer

yum copr enable poettlerric/zfs-auto-snapshot
yum install zfs-auto-snapshot

yum install -y docker

cat << EOF > /etc/docker/daemon.json
{
  "storage-driver": "zfs",
  "graph": "/tank/docker"
}
EOF

:> /etc/sysconfig/docker-storage
:> /etc/sysconfig/docker-storage-setup

groupadd docker
usermod -aG docker edu

systemctl enable docker --now

docker info | grep zfs

yum groupinstall "Virtualization Host"

yum install cockpit cockpit-docker cockpit-machines setroubleshoot-server cockpit-storaged
sed -i -e 's/enabled=1/enabled=0/g' /etc/yum/pluginconf.d/subscription-manager.conf
systemctl enable --now cockpit.socket
firewall-cmd --permanent --zone=public --add-service=cockpit
firewall-cmd --reload

# /etc/smartmontools/smartd.conf
# DEVICESCAN -a -o on -S on -n standby,q -s (S/../.././02|L/../../6/03) -W 4,35,40 -m root -M exec /usr/libexec/smartmontools/smartdnotify
	yum remove postfix
	yum install epel-release
	yum install apcupsd smartmontools ssmtpd lm_sensors fail2ban
	sensors-detect --auto

	cat << EOF > /etc/fail2ban/jail.d/99-enabled.conf
	[sshd]
	enabled = true
	EOF

	systemctl enable fail2ban --now

	cat << EOF > /etc/ssmtp/ssmtp.conf
	root=e.minguez@gmail.com
	mailhub=smtp.gmail.com:587
	AuthUser=USER
	AuthPass=PASS
	UseSTARTTLS=YES
	#UseTLS=YES
	AuthMethod=LOGIN
	TLS_CA_File=/etc/pki/tls/certs/ca-bundle.crt
	EOF

	cat << EOF > /etc/ssmtp/revaliases
	root:e.minguez@gmail.com:smtp.gmail.com:587
	EOF

	echo "alias root root<e.minguez@gmail.com>" >> /etc/mail.rc
	echo "alias root@localhost root<e.minguez@gmail.com>" >> /etc/mail.rc

	systemctl enable smartd --now
	systemctl enable apcupsd --now

	yum install -y libusb usbutils epel-release tmux yum-utils git
	# Configure ZFS
	zpool create tank raidz2 /dev/disk/by-id/{ata-WDC_WD20EFRX-68AX9N0_WD-WMC301887336,ata-WDC_WD20EFRX-68AX9N0_WD-WMC301895708,ata-WDC_WD20EFRX-68AX9N0_WD-WMC301880783,ata-WDC_WD20EFRX-68AX9N0_WD-WMC301919087} -f

	zfs set relatime=on tank
	zfs set compression=on tank

	zfs create tank/vms
	zfs create tank/docker
	zfs create tank/log

	echo "/tank/log /var/log none bind 0 0" >> /etc/fstab

	mkdir ~/git/
	git clone https://github.com/lnicola/systemd-zpool-scrub.git ~/git/systemd-zpool-scrub/
	install -m 644 -o root -g root ~/git/systemd-zpool-scrub/zpool-scrub@.service /etc/systemd/system
	install -m 644 -o root -g root ~/git/systemd-zpool-scrub/zpool-scrub@.timer /etc/systemd/system
	systemctl daemon-reload
	systemctl enable --now zpool-scrub@tank.timer

	yum copr enable poettlerric/zfs-auto-snapshot
	yum install zfs-auto-snapshot

	yum install -y docker

	cat << EOF > /etc/docker/daemon.json
	{
	"storage-driver": "zfs",
	"graph": "/tank/docker"
	}
	EOF

	:> /etc/sysconfig/docker-storage
	:> /etc/sysconfig/docker-storage-setup

	groupadd docker
	usermod -aG docker edu

	systemctl enable docker --now

	docker info \| grep zfs

	yum groupinstall "Virtualization Host"

	yum install cockpit cockpit-docker cockpit-machines setroubleshoot-server cockpit-storaged
	sed -i -e 's/enabled=1/enabled=0/g' /etc/yum/pluginconf.d/subscription-manager.conf
	systemctl enable --now cockpit.socket
	firewall-cmd --permanent --zone=public --add-service=cockpit
	firewall-cmd --reload

	# /etc/smartmontools/smartd.conf
	# DEVICESCAN -a -o on -S on -n standby,q -s (S/../.././02\|L/../../6/03) -W 4,35,40 -m root -M exec /usr/libexec/smartmontools/smartdnotify