jorgerance · February 14, 2024 00:43
diff --git a/bootstrap.sh b/bootstrap.sh
 #!/bin/bash

 # Fail on error
 set -e

 source "$1"

 cd "$(dirname "$0")"

 if [ $# -ne 1 ]; then
 	echo "Usage: $0 config"
 	exit 1
 fi

 cd "$(dirname "$0")"

 function log_step() {
 	echo -e "[\e[32m---\e[39m] $1"
 }

 # Update packages
 apt-get update && apt-get upgrade -y

 # Set new hostname
 log_step "Setting up system hostname"
 echo "$Hostname" >/etc/hostname
 echo "127.0.1.1	$Hostname" >/etc/hosts

 # Configure dnscrypt / DoH dns servers
 log_step "Setting up DNS"
 echo "$NetDNS" | tr ',' '\n' | sed "s/\(.\+\)/nameserver \1/" >/etc/resolv.conf

 # Add ssh keys to root authorized_keys
 log_step "Setting root ssh keys"
 mkdir -p "/root/.ssh/" || true
 chmod 700 "/root/.ssh/"
 echo "$UserSSHKeys" >/root/.ssh/authorized_keys

 # Replace default user account name
 log_step "Changing default raspberry pi username"
 pkill -u pi || true
 usermod -l "$UserName" || printf "\n\n >>> Remember to login as root\n\n"; exit 1
 usermod -m -d /home/${UserName} "$UserName"

 # Force default shell to bash
 log_step "Changing shell to bash"
 chsh -s /bin/bash "$UserName"

 # Adding ssh keys to user
 log_step "Configuring key-less SSH login"
 UserHome=/home/${UserName}
 mkdir -p "$UserHome/.ssh/" || true
 chmod 700 "$UserHome/.ssh/"
 echo "$UserSSHKeys" >"$UserHome/.ssh/authorized_keys"
 chown ${UserName}:pi ${UserHome}/.ssh/authorized_keys

 # Set user password
 log_step "Configuring user password"
 printf "%s\n%s\n" "$UserPass" "$UserPass" | passwd "$UserName"

 # Install default packages
 log_step "Installing default packages"
 apt-get install -y ${ExtraPackages}

 # Locking root account
 sudo passwd -l root
diff --git a/config.sh b/config.sh
 # Device host name. Can be either a local, invented host or a FQDN.
 Hostname=<RPI_FQDN>

 # List of comma-separated DNSes.
 NetDNS=8.8.8.8,8.4.4.8

 # User name to create.
 UserName=<NEW_USERNAME>
 UserPass=<NEW_PASSWORD>

 # User SSH keys for password-less remote login.
 UserSSHKeys="ssh-rsa AAAA[...]
 ssh-ed25519 AAAA[...]"

 # Additional packages to install.
 ExtraPackages="
 easy-rsa
 git
 gnupg
 gpg-agent
 htop
 kismet
 mutt
 nmap
 onionshare
 paperkey
 parcimonie
 proxychains
 python-gnupg
 python-yubico-tools
 qrencode
 raspbian-archive-keyring
 scdaemon
 sshuttle
 ssss
 stoken
 tcpdump
 thefuck
 tor
 torsocks
 ufw
 usb-modeswitch
 vim
 ykcs11
 yubico-piv-tool
 yubikey-manager
 yubikey-personalization
 "
	#!/bin/bash

	# Fail on error
	set -e

	source "$1"

	cd "$(dirname "$0")"

	if [ $# -ne 1 ]; then
	echo "Usage: $0 config"
	exit 1
	fi

	cd "$(dirname "$0")"

	function log_step() {
	echo -e "[\e[32m---\e[39m] $1"
	}

	# Update packages
	apt-get update && apt-get upgrade -y

	# Set new hostname
	log_step "Setting up system hostname"
	echo "$Hostname" >/etc/hostname
	echo "127.0.1.1 $Hostname" >/etc/hosts

	# Configure dnscrypt / DoH dns servers
	log_step "Setting up DNS"
	echo "$NetDNS" \| tr ',' '\n' \| sed "s/\(.\+\)/nameserver \1/" >/etc/resolv.conf

	# Add ssh keys to root authorized_keys
	log_step "Setting root ssh keys"
	mkdir -p "/root/.ssh/" \|\| true
	chmod 700 "/root/.ssh/"
	echo "$UserSSHKeys" >/root/.ssh/authorized_keys

	# Replace default user account name
	log_step "Changing default raspberry pi username"
	pkill -u pi \|\| true
	usermod -l "$UserName" \|\| printf "\n\n >>> Remember to login as root\n\n"; exit 1
	usermod -m -d /home/${UserName} "$UserName"

	# Force default shell to bash
	log_step "Changing shell to bash"
	chsh -s /bin/bash "$UserName"

	# Adding ssh keys to user
	log_step "Configuring key-less SSH login"
	UserHome=/home/${UserName}
	mkdir -p "$UserHome/.ssh/" \|\| true
	chmod 700 "$UserHome/.ssh/"
	echo "$UserSSHKeys" >"$UserHome/.ssh/authorized_keys"
	chown ${UserName}:pi ${UserHome}/.ssh/authorized_keys

	# Set user password
	log_step "Configuring user password"
	printf "%s\n%s\n" "$UserPass" "$UserPass" \| passwd "$UserName"

	# Install default packages
	log_step "Installing default packages"
	apt-get install -y ${ExtraPackages}

	# Locking root account
	sudo passwd -l root
	# Device host name. Can be either a local, invented host or a FQDN.
	Hostname=<RPI_FQDN>

	# List of comma-separated DNSes.
	NetDNS=8.8.8.8,8.4.4.8

	# User name to create.
	UserName=<NEW_USERNAME>
	UserPass=<NEW_PASSWORD>

	# User SSH keys for password-less remote login.
	UserSSHKeys="ssh-rsa AAAA[...]
	ssh-ed25519 AAAA[...]"

	# Additional packages to install.
	ExtraPackages="
	easy-rsa
	git
	gnupg
	gpg-agent
	htop
	kismet
	mutt
	nmap
	onionshare
	paperkey
	parcimonie
	proxychains
	python-gnupg
	python-yubico-tools
	qrencode
	raspbian-archive-keyring
	scdaemon
	sshuttle
	ssss
	stoken
	tcpdump
	thefuck
	tor
	torsocks
	ufw
	usb-modeswitch
	vim
	ykcs11
	yubico-piv-tool
	yubikey-manager
	yubikey-personalization
	"