enterprise linux boilerplate
##
## ct deploy for EL
##
##
## install base stuff
##
dnf update -y
reboot
dnf -y install yum-utils
#dnf config-manager --set-enabled crb
dnf -y install epel-release
#/usr/bin/crb enable
#dnf repolist | grep epel
dnf -y install bind-utils tmux git vim whois wget curl openssh-server sudo certbot tar nfs-utils
#systemctl enable sshd && systemctl start sshd
##
## install cockpit
##
dnf -y install cockpit
systemctl disable auditd
systemctl start cockpit.socket
systemctl enable --now cockpit.socket
systemctl status cockpit.socket
##
## user creation
##
#useradd -u 42069 -m -s /bin/bash jgalley
#usermod --append -G wheel jgalley
##passwd jgalley
#usermod --password '$6$cnf9W.dpRaJfuADG$6Eer/0SqMngyks7DkMH7tBqg3gie3mEC8qLrVSrJB9glVejXubeJAshP.plxYKhQG/5Cyj6X3AwK1AAW3Le4g1' jgalley
mkdir -p /home/jgalley/.ssh
cat > /home/jgalley/.ssh/authorized_keys <<EOF
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtHvz80lFGGsJJSnjxXEOgS8whQ7mirBA6AorIxFt0oNNQl7D8Jid/LLxFRpfigT+LtpHHVukmnpklRedrO48dQvpxCmOnRf1wRKYSGANWs9u4iWNhmWlrq0MctDMJ/Nq6JR2cigGzDney0H5O3op7smfPrHWHTwdmaYEuuGS8ZRNojzF8M0ABllnS8TIwub6ssp51gE0as8g9o6Bw9Cy7zzU5WgOl+rfi1XPAkl1OsjS8ioeV7JawfCKA58aywGoa2zQuBPlYwm/7q/NVvfQ4romUYj3f1JWde3UaIGK5WNpvGGGuKU+021O66/dluv/0tq/S3wfV49/VSXZgyO/J4kU6PGg9P4gu/rj0XerFmOgC89hhf5RX8LAIKpsOk9L4xnxiYhv2P6CG7GBxNHLD29ODfmeKF/W2AmTYPVbk3MSbu4HsJEWwlqYZ3JVVeau1lbnYnx68AEJoxcG//yF5dBKkOgCfkfqP7ObKHH9OIJ1X6cS6j10mxa0QDmYchrc= jgalley@ws1.pigeonkebab.local
EOF
chown -R jgalley:jgalley /home/jgalley/.ssh
chown -R jgalley:jgalley /home/jgalley/.ssh/authorized_keys
chmod 700 /home/jgalley/.ssh
chmod 600 /home/jgalley/.ssh/authorized_keys
groupadd -g 10701 mgmt-code
groupadd -g 10702 mgmt-docs
groupadd -g 10703 mgmt-media
groupadd -g 10704 mgmt-logs
usermod -a -G 10701 jgalley
usermod -a -G 10702 jgalley
usermod -a -G 10703 jgalley
usermod -a -G 10704 jgalley
useradd -u 1001 -s /bin/bash -m pkadmin
usermod -a -G wheel pkadmin
usermod --password '$6$mlEZlyqvTBF6X.Zv$he74O3K8QsklYkNwAUQQ.JJTaCexuLbypo694bPfV.AwSNeYktFpel.1PFSNJYlCMGUNhpilXpoN27gkfGP96.' pkadmin
/mnt/nfs1/system_setup
echo '10.2.104.31:/volume1/Public/system_setup /mnt/nfs1/system_setup nfs _netdev,noacl,noatime 0 0' | tee -a /etc/fstab
systemctl daemon-reload
##
## template creation
##
truncate -s 0 /etc/machine-id
cat > /etc/systemd/system/regenerate_ssh_host_keys.service <<EOF
[Unit]
Description=Regenerate SSH host keys
Before=ssh.service
ConditionFileIsExecutable=/usr/bin/ssh-keygen
[Service]
Type=oneshot
ExecStartPre=-/bin/dd if=/dev/hwrng of=/dev/urandom count=1 bs=4096
ExecStartPre=-/bin/sh -c "/bin/rm -f -v /etc/ssh/ssh_host_*_key*"
ExecStart=/usr/bin/ssh-keygen -A -v
ExecStartPost=/bin/systemctl disable regenerate_ssh_host_keys
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable regenerate_ssh_host_keys.service
systemctl status regenerate_ssh_host_keys.service
shutdown -h now
