kgadek/boot0.sh

## boot0.sh
#!/usr/bin/env sh
# vim: foldmethod=marker
# ------------------------------------------------------------------------------
# Run in cloud-init.
# ------------------------------------------------------------------------------
# {{{ Configuration
: "${user:=konrad}"
# }}}---------------------------------------------------------------------------

#{{{ users: add $user
useradd "$user"
usermod -a -G wheel "$user"
#}}}

#{{{ sudo: password-less sudo
echo '%wheel ALL=(ALL)       NOPASSWD: ALL' | EDITOR='tee -a' visudo
#}}}

#{{{ [user:$user] ssh: copy authorized_keys
mkdir "~$user/.ssh"
cp /root/.ssh/authorized_keys "~$user/.ssh/"
chmod 700 "~$user/.ssh/"
chmod 600 "~$user/.ssh/authorized_keys"
chown -R "$user:$user" "~$user/.ssh/"
#}}}

#{{{ mosh: install & enable
dnf install mosh
firewall-cmd --add-service=mosh --permanent
firewall-cmd --reload
#}}}

#{{{ sshd: disable remote root login
sed -i -E 's/^(PermitRootLogin) yes$/\1 no/' /etc/ssh/sshd_config
#}}}

##{{{ [user:"$user"] rust: install
#curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sudo -u "$user" sh -s -- -y --profile complete -y
##}}}

## boot1.sh
#!/usr/bin/env sh
# vim: foldmethod=marker
set -euo pipefail

#{{{ OS detection bloat
echo "-[ OS ]---  Detecting"
set -x; {
MACHINE_KERNEL_NAME="$(uname -s)"
MACHINE_HWTYPE="$(uname -m)"
MACHINE_KERNEL_VERSION="$(uname -v)"
}; set +x
#}}}

#{{{ Case: iPad iSH
#{{{ Detection bloat
if [ "${MACHINE_KERNEL_NAME}"                           = "Linux" \
  -a "${MACHINE_HWTYPE}"                                = "i686" \
  -a "$(echo "${MACHINE_KERNEL_VERSION}" | cut -c 1-3)" = "iSH" \
  -a -f /etc/alpine-release ];
then
    #}}}
    echo "-[ OS ]---  Detected: iPad iSH with Alpine"

    #{{{ Install packages
    set -- bash git openssh-client openssh-keygen
    echo "-[ APK ]---  Ensuring packages installed: $*"
    apk add --cache-max-age 1440 "$@"
    #}}}

    #{{{ SSH: ensure key exists
    echo "-[ SSH ]---  Ensuring key file ~/.ssh/ed25519 exists"
    if [ ! -f ~/.ssh/id_ed25519 ]; then
        echo "-[ SSH ]---  Creating key file"
        ssh-keygen -t ed25519 -C "kgadek@gmail.com" -f ~/.ssh/id_ed25519 -N ""
        echo "-[ ~/.ssh/id_ed25519.pub ]-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-"
        cat ~/.ssh/id_ed25519.pub
        echo "-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-"
        read -p "Add key above to GitHub and press any key... " -n 1
        echo
    else
        echo "-[ SSH ]---  Found. Assuming it's already added to GitHub"
    fi
    #}}}

    #{{{ SSH: approve GitHub fingerprint
    echo "-[ SSH ]---  Ensuring GitHub fingerprint recognized"
    touch ~/.ssh/known_hosts
    cat ~/.ssh/known_hosts > ~/.ssh/known_hosts.plus
    echo "github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==" >> ~/.ssh/known_hosts.plus
    sort ~/.ssh/known_hosts.plus | uniq > ~/.ssh/known_hosts
    rm ~/.ssh/known_hosts.plus
    #}}}

    #{{{ Core binaries
    mkdir -p ~/.local/bin/

    #{{{ Ensure mst is available
    echo "-[ MST ]--- Ensuring mst is available"
    if [ ! -x ~/.local/bin/mst ]; then
        echo "-[ MSH ]---  Obtaining v0.0.1 of msh."
        wget -q -O ~/.local/bin/mst https://github.com/kgadek/mst/releases/download/v0.0.1/mst.i686-ish-linux
        chmod +x ~/.local/bin/mst
    else
        echo "-[ MSH ]---  Found."
    fi
    #}}}

    #{{{ Ensure yadm is available
    echo "-[ YADM ]--- Ensuring yadm with mst support is available"
    wget -q -P ~/.local/bin/ https://raw.githubusercontent.com/kgadek/yadm-bin/master/yadm
    chmod +x ~/.local/bin/yadm
    #}}}

    #}}}

    #{{{ Bootstrap into yadm
    echo "-[ YADM ]---  Running clone & bootstrap"
    export YADMBOOTSTRAP_CLASS=PERSONAL
    export PATH="${PATH}:${HOME}/.local/bin"
    exec yadm clone --bootstrap git@github.com:kgadek/yadm.git
    #}}}

    #}}}
#{{{ Unknown case
else
    echo "-[ OS ]---  Unknown target. ERROR" >&2
    exit 1
fi
#}}}
	#!/usr/bin/env sh
	# vim: foldmethod=marker
	# ------------------------------------------------------------------------------
	# Run in cloud-init.
	# ------------------------------------------------------------------------------
	# {{{ Configuration
	: "${user:=konrad}"
	# }}}---------------------------------------------------------------------------

	#{{{ users: add $user
	useradd "$user"
	usermod -a -G wheel "$user"
	#}}}

	#{{{ sudo: password-less sudo
	echo '%wheel ALL=(ALL) NOPASSWD: ALL' \| EDITOR='tee -a' visudo
	#}}}

	#{{{ [user:$user] ssh: copy authorized_keys
	mkdir "~$user/.ssh"
	cp /root/.ssh/authorized_keys "~$user/.ssh/"
	chmod 700 "~$user/.ssh/"
	chmod 600 "~$user/.ssh/authorized_keys"
	chown -R "$user:$user" "~$user/.ssh/"
	#}}}

	#{{{ mosh: install & enable
	dnf install mosh
	firewall-cmd --add-service=mosh --permanent
	firewall-cmd --reload
	#}}}

	#{{{ sshd: disable remote root login
	sed -i -E 's/^(PermitRootLogin) yes$/\1 no/' /etc/ssh/sshd_config
	#}}}

	##{{{ [user:"$user"] rust: install
	#curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \| sudo -u "$user" sh -s -- -y --profile complete -y
	##}}}
	#!/usr/bin/env sh
	# vim: foldmethod=marker
	set -euo pipefail

	#{{{ OS detection bloat
	echo "-[ OS ]--- Detecting"
	set -x; {
	MACHINE_KERNEL_NAME="$(uname -s)"
	MACHINE_HWTYPE="$(uname -m)"
	MACHINE_KERNEL_VERSION="$(uname -v)"
	}; set +x
	#}}}

	#{{{ Case: iPad iSH
	#{{{ Detection bloat
	if [ "${MACHINE_KERNEL_NAME}" = "Linux" \
	-a "${MACHINE_HWTYPE}" = "i686" \
	-a "$(echo "${MACHINE_KERNEL_VERSION}" \| cut -c 1-3)" = "iSH" \
	-a -f /etc/alpine-release ];
	then
	#}}}
	echo "-[ OS ]--- Detected: iPad iSH with Alpine"

	#{{{ Install packages
	set -- bash git openssh-client openssh-keygen
	echo "-[ APK ]--- Ensuring packages installed: $*"
	apk add --cache-max-age 1440 "$@"
	#}}}

	#{{{ SSH: ensure key exists
	echo "-[ SSH ]--- Ensuring key file ~/.ssh/ed25519 exists"
	if [ ! -f ~/.ssh/id_ed25519 ]; then
	echo "-[ SSH ]--- Creating key file"
	ssh-keygen -t ed25519 -C "kgadek@gmail.com" -f ~/.ssh/id_ed25519 -N ""
	echo "-[ ~/.ssh/id_ed25519.pub ]-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-"
	cat ~/.ssh/id_ed25519.pub
	echo "-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-"
	read -p "Add key above to GitHub and press any key... " -n 1
	echo
	else
	echo "-[ SSH ]--- Found. Assuming it's already added to GitHub"
	fi
	#}}}

	#{{{ SSH: approve GitHub fingerprint
	echo "-[ SSH ]--- Ensuring GitHub fingerprint recognized"
	touch ~/.ssh/known_hosts
	cat ~/.ssh/known_hosts > ~/.ssh/known_hosts.plus
	echo "github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==" >> ~/.ssh/known_hosts.plus
	sort ~/.ssh/known_hosts.plus \| uniq > ~/.ssh/known_hosts
	rm ~/.ssh/known_hosts.plus
	#}}}

	#{{{ Core binaries
	mkdir -p ~/.local/bin/

	#{{{ Ensure mst is available
	echo "-[ MST ]--- Ensuring mst is available"
	if [ ! -x ~/.local/bin/mst ]; then
	echo "-[ MSH ]--- Obtaining v0.0.1 of msh."
	wget -q -O ~/.local/bin/mst https://github.com/kgadek/mst/releases/download/v0.0.1/mst.i686-ish-linux
	chmod +x ~/.local/bin/mst
	else
	echo "-[ MSH ]--- Found."
	fi
	#}}}

	#{{{ Ensure yadm is available
	echo "-[ YADM ]--- Ensuring yadm with mst support is available"
	wget -q -P ~/.local/bin/ https://raw.githubusercontent.com/kgadek/yadm-bin/master/yadm
	chmod +x ~/.local/bin/yadm
	#}}}

	#}}}

	#{{{ Bootstrap into yadm
	echo "-[ YADM ]--- Running clone & bootstrap"
	export YADMBOOTSTRAP_CLASS=PERSONAL
	export PATH="${PATH}:${HOME}/.local/bin"
	exec yadm clone --bootstrap git@github.com:kgadek/yadm.git
	#}}}

	#}}}
	#{{{ Unknown case
	else
	echo "-[ OS ]--- Unknown target. ERROR" >&2
	exit 1
	fi
	#}}}