configure-pihole.sh
configure-raspbian.sh
cleanUp.sh
dailyUpdate.sh
Last active
October 22, 2023 12:29
-
-
Save askmrsinh/1d4c8cb9f22fb51ae970f5fe0b1f50c4 to your computer and use it in GitHub Desktop.
Post-installation scripts.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Remove old Kernel Modules after update | |
# Be careful with this. | |
sudo rm -rf /lib/modules/!(*$(uname -r | cut -f1 -d"-")*) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
bash <(curl -Ss https://my-netdata.io/kickstart.sh) --disable-telemetry --stable-channel | |
sudo cat << 'EOT' >> /usr/lib/netdata/conf.d/health.d/ri_temp.conf | |
alarm: 5m_avg_temp | |
on: sensors.temp_thermal_zone0_thermal_thermal_zone0 | |
os: linux | |
hosts: RaspberryPi raspberrypi | |
lookup: average -5m | |
every: 5m | |
green: 50 | |
red: 60 | |
warn: $this > $green | |
crit: $this > $red | |
delay: down 10m | |
to:sysadmin | |
EOT | |
# manually set registery | |
# https://docs.netdata.cloud/registry/#run-your-own-registry |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
sudo apt-get install php-zip -y | |
curl -sSL https://install.pi-hole.net | bash | |
sudo sed -i.bak d /etc/pihole/adlists.list | |
sudo cat << EOT > /etc/pihole/adlists.list | |
# The below list amalgamates several lists we used previously. | |
# See `https://github.com/StevenBlack/hosts` for details | |
##StevenBlack's list | |
#https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | |
#https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts | |
#https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/gambling/hosts | |
#https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/porn/hosts | |
#https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/social/hosts | |
https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts | |
##MalwareDomains | |
https://mirror1.malwaredomains.com/files/justdomains | |
##Cameleon | |
http://sysctl.org/cameleon/hosts | |
##Zeustracker | |
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist | |
##Disconnect.me Tracking | |
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt | |
##Disconnect.me Ads | |
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt | |
##Hosts-file.net | |
https://hosts-file.net/ad_servers.txt | |
# Mahakala list. Has been known to block legitimage domains including the entire .com range. | |
# Warning: Due to the sheer size of this list, the web admin console will be unresponsive | |
https://adblock.mahakala.is/ | |
##AdAway | |
https://adaway.org/hosts.txt | |
##hpHosts | |
https://hosts-file.net/ad_servers.txt | |
https://hosts-file.net/grm.txt | |
https://hosts-file.net/exp.txt | |
https://hosts-file.net/emd.txt | |
https://hosts-file.net/psh.txt | |
##ZeroDot1 CoinBlockerLists | |
https://zerodot1.gitlab.io/CoinBlockerLists/hosts | |
EOT | |
/usr/local/bin/pihole -up && /usr/local/bin/pihole -g |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
## https://www.raspberrypi.org/documentation/configuration/security.md | |
read -r -p "Give name for new user: " username | |
sudo useradd -m $username -G sudo | |
sudo passwd $username | |
#sudo deluser -remove-home pi | |
sudo apt-get install -y needrestart unattended-upgrades | |
sudo apt-get install -y openssh-server | |
sudo apt-get install -y fail2ban firewall-applet firewall-config ufw | |
sudo apt-get install -y wireshark |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#set -x | |
lockdir="/tmp/dailyUpdate.lock" | |
pidfile="$lockdir/$$.pid" | |
logFile="/var/log/dailyUpdate.log" | |
if [[ -z "$1" ]]; then | |
echo "Script ${0##*/} started manually by $USER." | |
else | |
# Make sure you give the 1st argument as "cron" when using in crontab | |
appName=$(dpkg-query -W -f='${binary:Package} ${Version}\n' "$1") | |
fi | |
if mkdir "$lockdir" &>/dev/null | |
then | |
echo -e "\n\e[0;32;47m PID $$ successfully acquired lock on $lockdir \e[0m\n" | |
# Remove lockdir when the script finishes, or when it receives an EXIT signal | |
trap 'rm -rf "$lockdir"; echo -e "\n\e[0;36;47m removed $lockdir \e[0m"' 0 | |
# Optionally create temporary files in this directory, because | |
# they will be removed automatically: | |
touch "$pidfile" | |
if [[ ! -f "$logFile" ]]; then | |
sudo touch $logFile | |
sudo chmod 644 $logFile | |
#change this!!! | |
sudo chown ashesh $logFile | |
fi | |
ssh 4-1103tx 'DISPLAY=:0 notify-send "ashesh@raspberrypi:~/bin/dailyUpdate.sh" "Starting scheduled update of RaspberryPi." --icon=dialog-information --category=transfer.complete --urgency=normal' | |
{ echo; date; echo "============================"; } >> $logFile | |
# Update Packages | |
echo "[1] Updating APT's binary cache files" 2>&1 | tee -a $logFile; | |
echo " $(date '+%Y-%m-%d %H:%M:%S')" 2>&1 | tee -a $logFile; | |
sudo apt-get update 2>&1 | tee -a $logFile; | |
echo "[2] Upgrading installed packages" 2>&1 | tee -a $logFile; | |
echo " $(date '+%Y-%m-%d %H:%M:%S')" 2>&1 | tee -a $logFile; | |
sudo apt-get upgrade -y 2>&1 | tee -a $logFile; | |
# Update Distribution | |
echo "[3] Upgrading distribution" 2>&1 | tee -a $logFile; | |
echo " $(date '+%Y-%m-%d %H:%M:%S')" 2>&1 | tee -a $logFile; | |
sudo apt-get dist-upgrade -y 2>&1 | tee -a $logFile; | |
# Update Pi-hole | |
if [[ -f "/usr/local/bin/pihole" ]]; then | |
echo "[4] Updating Pi-hole" 2>&1 | tee -a $logFile; | |
echo " $(date '+%Y-%m-%d %H:%M:%S')" 2>&1 | tee -a $logFile; | |
/usr/local/bin/pihole -up 2>&1 | tee -a $logFile; | |
/usr/local/bin/pihole -g 2>&1 | tee -a $logFile; | |
else | |
echo "[4] Pi-hole installation not found" 2>&1 | tee -a $logFile; | |
echo " $(date '+%Y-%m-%d %H:%M:%S')" 2>&1 | tee -a $logFile; | |
fi | |
# Update Firmware | |
if [[ $(sudo JUST_CHECK=1 rpi-update | grep "Firmware update required. New commits available:" | head -n 1) != "" ]]; then | |
echo "[5] Updating Firmware" 2>&1 | tee -a $logFile; | |
echo " $(date '+%Y-%m-%d %H:%M:%S')" 2>&1 | tee -a $logFile; | |
echo yes | sudo rpi-update 2>&1 | tee -a $logFile | |
if [[ "${PIPESTATUS[1]}" -ne 0 && ! -z "$appName" ]]; then | |
read -d '' postData << EOF | |
{ | |
"source_device_iden":"$(head -1 ~/.config/pushbullet-source_device_iden | base64 -d)", | |
"title":"[$appName] ${0##*/}", | |
"body":"Failed to update $HOST firmware using rpi-update to\\\n\\\t\\\"$(ls -t /lib/modules | head -1)\\\". See logfile for details.\\\n$(date)\\\ndisk /\\\n\\\tfree:$(df --output=avail -h / | sed '1d') used:$(df --output=pcent -h / | sed '1d')", | |
"type":"note" | |
} | |
EOF | |
elif [[ ! -z "$appName" ]]; then | |
read -d '' postData << EOF | |
{ | |
"source_device_iden":"$(head -1 ~/.config/pushbullet-source_device_iden | base64 -d)", | |
"title":"[$appName] ${0##*/}", | |
"body":"Updated from\\\n\\\t\\\"$(uname -a)\\\"\\\n to\\\n\\\t\\\"$(ls -t /lib/modules | head -1)\\\".\\\n$(date)\\\ndisk /\\\n\\\tfree:$(df --output=avail -h / | sed '1d') used:$(df --output=pcent -h / | sed '1d')", | |
"type":"note" | |
} | |
EOF | |
else | |
echo -e "\nManual run, not sending Pushbullet Notification.\n" | |
fi | |
curl --header "Access-Token: $(head -1 ~/.config/pushbullet-access_token | base64 -d)" \ | |
--header 'Content-Type: application/json' \ | |
--data-binary "$postData" \ | |
--request POST \ | |
https://api.pushbullet.com/v2/pushes | jq . >> $logFile | |
sudo reboot 2>&1 | tee -a $logFile; | |
fi | |
ssh 4-1103tx 'DISPLAY=:0 notify-send "ashesh@raspberrypi:~/bin/dailyUpdate.sh" "Completed scheduled update of RaspberryPi." --icon=dialog-information --category=transfer.complete --urgency=normal' | |
else | |
echo -e "\n\e[0;31;47m PID $$ cannot acquire lock on $lockdir, exiting \e[0m\n" | |
exit 0 | |
fi | |
#set +x |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
sudo apt install -y network-manager iotop | |
sudo apt install -y network-manager-gtk |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment