Skip to main content

enterprise linux boilerplate

##
## ct deploy for EL
##

##
## install base stuff 
##
dnf update -y
reboot


dnf -y install yum-utils
dnf config-manager --set-enabled crb
dnf -y install epel-release
/usr/bin/crb enable
dnf repolist | grep epel
dnf -y install bind-utils tmux git vim whois wget curl openssh-server sudo certbot tar
systemctl enable sshd && systemctl start sshd

##
## install cockpit
##
dnf -y install cockpit 
systemctl disable auditd
systemctl start cockpit.socket
systemctl enable --now cockpit.socket
systemctl status cockpit.socket


##
## user creation
##
useradd -u 42069 -m -s /bin/bash jgalley
usermod --append -G wheel jgalley
#passwd jgalley
usermod --password '$6$cnf9W.dpRaJfuADG$6Eer/0SqMngyks7DkMH7tBqg3gie3mEC8qLrVSrJB9glVejXubeJAshP.plxYKhQG/5Cyj6X3AwK1AAW3Le4g1' jgalley

mkdir -p /home/jgalley/.ssh

cat > /home/jgalley/.ssh/authorized_keys <<EOF
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtHvz80lFGGsJJSnjxXEOgS8whQ7mirBA6AorIxFt0oNNQl7D8Jid/LLxFRpfigT+LtpHHVukmnpklRedrO48dQvpxCmOnRf1wRKYSGANWs9u4iWNhmWlrq0MctDMJ/Nq6JR2cigGzDney0H5O3op7smfPrHWHTwdmaYEuuGS8ZRNojzF8M0ABllnS8TIwub6ssp51gE0as8g9o6Bw9Cy7zzU5WgOl+rfi1XPAkl1OsjS8ioeV7JawfCKA58aywGoa2zQuBPlYwm/7q/NVvfQ4romUYj3f1JWde3UaIGK5WNpvGGGuKU+021O66/dluv/0tq/S3wfV49/VSXZgyO/J4kU6PGg9P4gu/rj0XerFmOgC89hhf5RX8LAIKpsOk9L4xnxiYhv2P6CG7GBxNHLD29ODfmeKF/W2AmTYPVbk3MSbu4HsJEWwlqYZ3JVVeau1lbnYnx68AEJoxcG//yF5dBKkOgCfkfqP7ObKHH9OIJ1X6cS6j10mxa0QDmYchrc= jgalley@ws1.pigeonkebab.local
EOF

chown -R jgalley:jgalley /home/jgalley/.ssh
chown -R jgalley:jgalley /home/jgalley/.ssh/authorized_keys
chmod 700 /home/jgalley/.ssh
chmod 600 /home/jgalley/.ssh/authorized_keys


##
## template creation
##
truncate -s 0 /etc/machine-id

cat > /etc/systemd/system/regenerate_ssh_host_keys.service <<EOF
[Unit]
Description=Regenerate SSH host keys
Before=ssh.service
ConditionFileIsExecutable=/usr/bin/ssh-keygen
 
[Service]
Type=oneshot
ExecStartPre=-/bin/dd if=/dev/hwrng of=/dev/urandom count=1 bs=4096
ExecStartPre=-/bin/sh -c "/bin/rm -f -v /etc/ssh/ssh_host_*_key*"
ExecStart=/usr/bin/ssh-keygen -A -v
ExecStartPost=/bin/systemctl disable regenerate_ssh_host_keys
 
[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable regenerate_ssh_host_keys.service
systemctl status regenerate_ssh_host_keys.service

shutdown -h now
Back to top