From 1c1cc5f52c0a20d3a93b04e562e93497a52d6b0e Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Fri, 13 Jan 2023 13:49:51 +0100 Subject: [PATCH 01/20] Switch to smb conf registry and 45drives plugins --- setup-nasbeery | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/setup-nasbeery b/setup-nasbeery index 2c8d2bb..c3a0b32 100644 --- a/setup-nasbeery +++ b/setup-nasbeery @@ -19,14 +19,14 @@ usage() { exit $1 } -USERNAME=pi +USERNAME=nasbeery HOSTNAME=nasbeery DOMAIN=bashclub.lan FORMAT=0 ADDONS= ZPOOL=tank SHARE=share -BASE_REPO=https://github.com/thorstenspille/nasbeery +BASE_REPO=https://github.com/bashclub/nasbeery while getopts "hU:P:H:D:FIZ:S:" opt; do case $opt in @@ -82,6 +82,12 @@ sudo apt-key adv --fetch-keys https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key echo "Add wsdd apt repo url" echo "deb https://pkg.ltec.ch/public/ $(lsb_release -cs) main" | sudo tee -i /etc/apt/sources.list.d/wsdd.list +echo "add 45drives repo key" +apt-key adv --fetch-keys https://repo.45drives.com/key/gpg.asc + +echo "Add 45drives apt repo url" +echo "deb https://repo.45drives.com/debian focal main" > /etc/apt/sources.list.d/45drives.list + echo "Add debian bullseye backports repo" echo "deb http://ftp.de.debian.org/debian/ bullseye-backports main contrib non-free" | sudo tee -i /etc/apt/sources.list.d/bulleye-backports.list @@ -111,9 +117,10 @@ elif [[ $(dpkg --get-selections | grep -m1 "linux-image-amd64") ]]; then headers="linux-headers-amd64" fi echo "Intalling required packages" -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical sudo apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install $headers acl samba-dsdb-modules samba-vfs-modules samba wsdd ntpdate git apt-transport-https gnupg2 software-properties-common vim htop zfs-dkms zfsutils-linux zfs-auto-snapshot wsdd net-tools dnsutils +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical sudo apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install $headers wsdd ntpdate git apt-transport-https gnupg2 software-properties-common vim htop net-tools dnsutils +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical sudo apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install -t bullseye-backports acl samba-dsdb-modules samba-vfs-modules samba zfs-dkms zfsutils-linux zfs-auto-snapshot wsdd echo "Installing cockpit" -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical sudo apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends cockpit +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical sudo apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator cockpit-zfs-manager cockpit-benchmark echo "Activate zfs module" sudo modprobe zfs @@ -167,19 +174,7 @@ sudo useradd $USERNAME echo "$USERNAME:$PASSWORD" | sudo chpasswd sudo smbpasswd -x $USERNAME (echo $PASSWORD; echo $PASSWORD) | sudo smbpasswd -a $USERNAME - -echo "Install or update cockpit zfs manager" -if [[ $(ls /usr/src/cockpit-zfs-manager) ]] ; then - cd /usr/src/cockpit-zfs-manager - sudo git config pull.rebase true - sudo git pull -else - sudo git clone https://github.com/45drives/cockpit-zfs-manager.git /usr/src/cockpit-zfs-manager -fi -sudo cp -r /usr/src/cockpit-zfs-manager/zfs /usr/share/cockpit - -sudo mkdir -p /etc/cockpit/zfs/shares -sudo mkdir -p /etc/cockpit/zfs/snapshots +usermod -aG sudo $USERNAME echo "Writing cockpit configuration" cat << EOF | sudo tee -i /etc/cockpit/zfs/config.json @@ -243,6 +238,11 @@ echo -e 'PATH="/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"\n*/1 * * * * root echo "Write samba server configuration" cat << EOF | sudo tee -i /etc/samba/smb.conf +[global] + include = registry +EOF + +cat << EOF | sudo tee -i /etc/samba/import.templates [global] workgroup = WORKGROUP log file = /var/log/samba/log.%m @@ -273,6 +273,8 @@ cat << EOF | sudo tee -i /etc/samba/smb.conf directory mask = 0770 EOF +net conf import /etc/samba/import.template + #### PLUGIN INSTALLATION #### for addon in $ADDONS; do wget -O ./$addon $base_repo/raw/main/plugins/$addon From edee56b3bacc48340a8aafd286a3105e7d88c313 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Mon, 16 Jan 2023 16:23:19 +0100 Subject: [PATCH 02/20] Fix download url --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2857e62..4d868de 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,6 @@ Installer for NasBeery ZFS NAS for Raspberry PI 4 and 400 on Raspberry Pi OS Lite 64-Bit ```bash -wget -O setup-nasbeery https://github.com/thorstenspille/nasbeery/raw/main/setup-nasbeery +wget -O setup-nasbeery https://github.com/thorstenspille/nasbeery/raw/dev/setup-nasbeery bash setup-nasbeery ``` From aca33150b25210993034e19bc73d656e2594947c Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Mon, 16 Jan 2023 16:26:12 +0100 Subject: [PATCH 03/20] Fix urls --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4d868de..4bc8365 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,6 @@ Installer for NasBeery ZFS NAS for Raspberry PI 4 and 400 on Raspberry Pi OS Lite 64-Bit ```bash -wget -O setup-nasbeery https://github.com/thorstenspille/nasbeery/raw/dev/setup-nasbeery +wget -O setup-nasbeery https://github.com/bashclub/nasbeery/raw/dev/setup-nasbeery bash setup-nasbeery ``` From 470e01ca6e3d0bd1516a9c60e9ee95e06541cf8e Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Mon, 16 Jan 2023 16:24:24 +0100 Subject: [PATCH 04/20] Fix URLs --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4bc8365..3a24560 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,6 @@ Installer for NasBeery ZFS NAS for Raspberry PI 4 and 400 on Raspberry Pi OS Lite 64-Bit ```bash -wget -O setup-nasbeery https://github.com/bashclub/nasbeery/raw/dev/setup-nasbeery +wget -O setup-nasbeery https://github.com/bashclub/nasbeery/raw/main/setup-nasbeery bash setup-nasbeery ``` From a0e07aede4a44defb32f2953b0647c49bfdcd4df Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Sun, 22 Jan 2023 16:48:51 +0100 Subject: [PATCH 05/20] Fix repos, remove sudo --- setup-nasbeery | 82 +++++++++++++++++++++++++------------------------- 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/setup-nasbeery b/setup-nasbeery index c3a0b32..55dd547 100644 --- a/setup-nasbeery +++ b/setup-nasbeery @@ -76,24 +76,24 @@ fi # add extra apt keys echo "Add wsdd apt repo key" -sudo apt-key adv --fetch-keys https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key +wget -O - https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key | tee -i /etc/apt/trusted.gpg.d/wsdd.gpg # add extra apt repos echo "Add wsdd apt repo url" -echo "deb https://pkg.ltec.ch/public/ $(lsb_release -cs) main" | sudo tee -i /etc/apt/sources.list.d/wsdd.list +echo "deb [signed-by=/etc/apt/trusted.gpg.d/wsdd.gpg] https://pkg.ltec.ch/public/ $(lsb_release -cs) main" | tee -i /etc/apt/sources.list.d/wsdd.list echo "add 45drives repo key" -apt-key adv --fetch-keys https://repo.45drives.com/key/gpg.asc +wget -O - https://repo.45drives.com/key/gpg.asc | tee -i /etc/apt/trusted.gpg.d/45drives.gpg echo "Add 45drives apt repo url" -echo "deb https://repo.45drives.com/debian focal main" > /etc/apt/sources.list.d/45drives.list +echo "deb [signed-by=/etc/apt/trusted.gpg.d/45drives.gpg,arch=amd64] https://repo.45drives.com/debian focal main" > /etc/apt/sources.list.d/45drives.list echo "Add debian bullseye backports repo" -echo "deb http://ftp.de.debian.org/debian/ bullseye-backports main contrib non-free" | sudo tee -i /etc/apt/sources.list.d/bulleye-backports.list +echo "deb http://ftp.de.debian.org/debian/ bullseye-backports main contrib non-free" | tee -i /etc/apt/sources.list.d/bulleye-backports.list # pin cockpit to buster backports echo "Configure apt to install cockpit from backports repo" -cat << EOF | sudo tee -i /etc/apt/preferences.d/99-cockpit +cat << EOF | tee -i /etc/apt/preferences.d/99-cockpit Package: cockpit cockpit-* Pin: release a=bullseye-backports Pin-Priority: 900 @@ -101,9 +101,9 @@ EOF # update system and install packages echo "Updating package lists" -sudo apt -qq update +apt -qq update echo "Installing dist-upgrade" -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical sudo apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" dist-upgrade +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" dist-upgrade echo "Detecting Architecture" if [[ $(dpkg --get-selections | grep -m1 "raspberrypi-kernel") ]]; then headers="raspberrypi-kernel-headers" @@ -117,50 +117,50 @@ elif [[ $(dpkg --get-selections | grep -m1 "linux-image-amd64") ]]; then headers="linux-headers-amd64" fi echo "Intalling required packages" -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical sudo apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install $headers wsdd ntpdate git apt-transport-https gnupg2 software-properties-common vim htop net-tools dnsutils -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical sudo apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install -t bullseye-backports acl samba-dsdb-modules samba-vfs-modules samba zfs-dkms zfsutils-linux zfs-auto-snapshot wsdd +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install $headers wsdd ntpdate git apt-transport-https gnupg2 software-properties-common vim htop net-tools dnsutils +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install -t bullseye-backports acl samba-dsdb-modules samba-vfs-modules samba zfs-dkms zfsutils-linux zfs-auto-snapshot wsdd echo "Installing cockpit" -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical sudo apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator cockpit-zfs-manager cockpit-benchmark +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator cockpit-zfs-manager cockpit-benchmark echo "Activate zfs module" -sudo modprobe zfs +modprobe zfs echo "Update time via ntp" -sudo ntpdate-debian -b > /dev/null +ntpdate-debian -b > /dev/null case $FORMAT in 0) echo "Your ZFS Data will be preserved";; 1) echo "Existing data on the drives will be deleted..." - sudo zpool destroy $ZPOOL - sudo zpool create -f -o autoexpand=on -o ashift=12 $ZPOOL mirror sda sdb + zpool destroy $ZPOOL + zpool create -f -o autoexpand=on -o ashift=12 $ZPOOL mirror sda sdb echo "Regenerate ssh host keys" - sudo rm -f /etc/ssh/ssh_host_* - sudo ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N "" - sudo ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" + rm -f /etc/ssh/ssh_host_* + ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N "" + ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" ;; 255) echo "[ESC] key pressed >> EXIT" && exit;; esac echo "Hadening ssh service" echo "Enable the RSA and ED25519 keys" -sudo sed -i 's/^\#HostKey \/etc\/ssh\/ssh_host_\(rsa\|ed25519\)_key$/HostKey \/etc\/ssh\/ssh_host_\1_key/g' /etc/ssh/sshd_config +sed -i 's/^\#HostKey \/etc\/ssh\/ssh_host_\(rsa\|ed25519\)_key$/HostKey \/etc\/ssh\/ssh_host_\1_key/g' /etc/ssh/sshd_config echo "Remove small Diffie-Hellman moduli" -awk '$5 >= 3071' /etc/ssh/moduli | sudo tee -i /etc/ssh/moduli.safe -sudo mv -f /etc/ssh/moduli.safe /etc/ssh/moduli +awk '$5 >= 3071' /etc/ssh/moduli | tee -i /etc/ssh/moduli.safe +mv -f /etc/ssh/moduli.safe /etc/ssh/moduli echo "Restrict supported key exchange, cipher, and MAC algorithms" -echo -e "\n# Restrict key exchange, cipher, and MAC algorithms, as per sshaudit.com\n# hardening guide.\nKexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\nMACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com\nHostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com" | sudo tee -i /etc/ssh/sshd_config.d/ssh-audit_hardening.conf +echo -e "\n# Restrict key exchange, cipher, and MAC algorithms, as per sshaudit.com\n# hardening guide.\nKexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\nMACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com\nHostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com" | tee -i /etc/ssh/sshd_config.d/ssh-audit_hardening.conf if [ ! $(zfs list $ZPOOL/$SHARE) ] ; then echo "Creating $ZPOOL/$SHARE" - sudo zfs create -o compression=lz4 $ZPOOL/$SHARE + zfs create -o compression=lz4 $ZPOOL/$SHARE fi echo "Settings permissions on $ZPOOL/$SHARE" -sudo chmod -R 770 /$ZPOOL -sudo chown -R $USERNAME:root /$ZPOOL +chmod -R 770 /$ZPOOL +chown -R $USERNAME:root /$ZPOOL echo "Seting hostname and fqdn" -echo "$HOSTNAME" | sudo tee -i /etc/hostname -cat << EOF | sudo tee -i /etc/hosts +echo "$HOSTNAME" | tee -i /etc/hostname +cat << EOF | tee -i /etc/hosts # Host addresses 127.0.0.1 localhost 127.0.1.1 $HOSTNAME.$DOMAIN $HOSTNAME @@ -170,14 +170,14 @@ ff02::2 ip6-allrouters EOF echo "Configuring user" -sudo useradd $USERNAME -echo "$USERNAME:$PASSWORD" | sudo chpasswd -sudo smbpasswd -x $USERNAME -(echo $PASSWORD; echo $PASSWORD) | sudo smbpasswd -a $USERNAME -usermod -aG sudo $USERNAME +useradd $USERNAME +echo "$USERNAME:$PASSWORD" | chpasswd +smbpasswd -x $USERNAME +(echo $PASSWORD; echo $PASSWORD) | smbpasswd -a $USERNAME +usermod -aG $USERNAME echo "Writing cockpit configuration" -cat << EOF | sudo tee -i /etc/cockpit/zfs/config.json +cat << EOF | tee -i /etc/cockpit/zfs/config.json { "#1": "COCKPIT ZFS MANAGER", "#2": "WARNING: DO NOT EDIT, AUTO-GENERATED CONFIGURATION", @@ -223,26 +223,26 @@ EOF if [[ $(ls /etc/cockpit/zfs/shares.conf) ]]; then echo "Creating cockpit zfs shares conf" - cat << EOF | sudo tee -i /etc/cockpit/zfs/shares.conf + cat << EOF | tee -i /etc/cockpit/zfs/shares.conf # COCKPIT ZFS MANAGER # WARNING: DO NOT EDIT, AUTO-GENERATED CONFIGURATION EOF fi echo "Configure zfs-auto-snapshot: change retention from 24 to 48h and 12 to 3 months" -sudo sed -i 's/24/48/g' /etc/cron.hourly/zfs-auto-snapshot -sudo sed -i 's/12/3/g' /etc/cron.monthly/zfs-auto-snapshot +sed -i 's/24/48/g' /etc/cron.hourly/zfs-auto-snapshot +sed -i 's/12/3/g' /etc/cron.monthly/zfs-auto-snapshot echo "Configure RAID led" -echo -e 'PATH="/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"\n*/1 * * * * root echo 14 > /sys/class/gpio/export 2> /dev/null;echo out > /sys/class/gpio/gpio14/direction ; zpool import -fa -d /dev/ > /dev/null; zpool list| grep -q ONLINE; echo \$? > /sys/class/gpio/gpio14/value' | sudo tee -i /etc/cron.d/raidled +echo -e 'PATH="/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"\n*/1 * * * * root echo 14 > /sys/class/gpio/export 2> /dev/null;echo out > /sys/class/gpio/gpio14/direction ; zpool import -fa -d /dev/ > /dev/null; zpool list| grep -q ONLINE; echo \$? > /sys/class/gpio/gpio14/value' | tee -i /etc/cron.d/raidled echo "Write samba server configuration" -cat << EOF | sudo tee -i /etc/samba/smb.conf +cat << EOF | tee -i /etc/samba/smb.conf [global] include = registry EOF -cat << EOF | sudo tee -i /etc/samba/import.templates +cat << EOF | tee -i /etc/samba/import.templates [global] workgroup = WORKGROUP log file = /var/log/samba/log.%m @@ -282,9 +282,9 @@ for addon in $ADDONS; do done echo "Restart samba services" -sudo systemctl enable smbd nmbd wsdd +systemctl enable smbd nmbd wsdd echo "############################################" echo "nasbeery installation finished! rebooting..." echo "############################################" -sudo reboot +reboot From da712bdb9caab27ce85c827ab39faf5167764dc7 Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Sun, 22 Jan 2023 16:56:25 +0100 Subject: [PATCH 06/20] Fix apt repo config --- setup-nasbeery | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/setup-nasbeery b/setup-nasbeery index 55dd547..8c918ca 100644 --- a/setup-nasbeery +++ b/setup-nasbeery @@ -74,20 +74,6 @@ if [[ $(lsmod | grep -E ^zfs) ]] && [[ $FORMAT -eq 0 ]]; then FORMAT=$? fi -# add extra apt keys -echo "Add wsdd apt repo key" -wget -O - https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key | tee -i /etc/apt/trusted.gpg.d/wsdd.gpg - -# add extra apt repos -echo "Add wsdd apt repo url" -echo "deb [signed-by=/etc/apt/trusted.gpg.d/wsdd.gpg] https://pkg.ltec.ch/public/ $(lsb_release -cs) main" | tee -i /etc/apt/sources.list.d/wsdd.list - -echo "add 45drives repo key" -wget -O - https://repo.45drives.com/key/gpg.asc | tee -i /etc/apt/trusted.gpg.d/45drives.gpg - -echo "Add 45drives apt repo url" -echo "deb [signed-by=/etc/apt/trusted.gpg.d/45drives.gpg,arch=amd64] https://repo.45drives.com/debian focal main" > /etc/apt/sources.list.d/45drives.list - echo "Add debian bullseye backports repo" echo "deb http://ftp.de.debian.org/debian/ bullseye-backports main contrib non-free" | tee -i /etc/apt/sources.list.d/bulleye-backports.list @@ -117,7 +103,25 @@ elif [[ $(dpkg --get-selections | grep -m1 "linux-image-amd64") ]]; then headers="linux-headers-amd64" fi echo "Intalling required packages" -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install $headers wsdd ntpdate git apt-transport-https gnupg2 software-properties-common vim htop net-tools dnsutils +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install $headers ntpdate git apt-transport-https gnupg2 software-properties-common vim htop net-tools dnsutils + +# add extra apt keys +echo "Add wsdd apt repo key" +wget -O - https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key | gpg --dearmor | tee -i /etc/apt/trusted.gpg.d/wsdd.gpg + +# add extra apt repos +echo "Add wsdd apt repo url" +echo "deb [signed-by=/etc/apt/trusted.gpg.d/wsdd.gpg] https://pkg.ltec.ch/public/ $(lsb_release -cs) main" | tee -i /etc/apt/sources.list.d/wsdd.list + +echo "add 45drives repo key" +wget -O - https://repo.45drives.com/key/gpg.asc | gpg --dearmor | tee -i /etc/apt/trusted.gpg.d/45drives.gpg + +echo "Add 45drives apt repo url" +echo "deb [signed-by=/etc/apt/trusted.gpg.d/45drives.gpg,arch=amd64] https://repo.45drives.com/debian focal main" > /etc/apt/sources.list.d/45drives.list + +echo "Updating package lists" +apt -qq update + DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install -t bullseye-backports acl samba-dsdb-modules samba-vfs-modules samba zfs-dkms zfsutils-linux zfs-auto-snapshot wsdd echo "Installing cockpit" DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator cockpit-zfs-manager cockpit-benchmark From 5661e92f59d59858145364985dd1872f913e58e1 Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Sun, 22 Jan 2023 17:13:41 +0100 Subject: [PATCH 07/20] Add winbind --- setup-nasbeery | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup-nasbeery b/setup-nasbeery index 8c918ca..cecd9ca 100644 --- a/setup-nasbeery +++ b/setup-nasbeery @@ -117,12 +117,12 @@ echo "add 45drives repo key" wget -O - https://repo.45drives.com/key/gpg.asc | gpg --dearmor | tee -i /etc/apt/trusted.gpg.d/45drives.gpg echo "Add 45drives apt repo url" -echo "deb [signed-by=/etc/apt/trusted.gpg.d/45drives.gpg,arch=amd64] https://repo.45drives.com/debian focal main" > /etc/apt/sources.list.d/45drives.list +echo "deb [signed-by=/etc/apt/trusted.gpg.d/45drives.gpg arch=amd64] https://repo.45drives.com/debian focal main" > /etc/apt/sources.list.d/45drives.list echo "Updating package lists" apt -qq update -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install -t bullseye-backports acl samba-dsdb-modules samba-vfs-modules samba zfs-dkms zfsutils-linux zfs-auto-snapshot wsdd +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install -t bullseye-backports acl samba-dsdb-modules samba-vfs-modules samba winbind zfs-dkms zfsutils-linux zfs-auto-snapshot wsdd echo "Installing cockpit" DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator cockpit-zfs-manager cockpit-benchmark From 011dc22927703797edc243b7c345c4e9a5812801 Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Sun, 22 Jan 2023 17:32:53 +0100 Subject: [PATCH 08/20] Change zfs packages installation --- setup-nasbeery | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup-nasbeery b/setup-nasbeery index cecd9ca..4c0d0bb 100644 --- a/setup-nasbeery +++ b/setup-nasbeery @@ -122,9 +122,9 @@ echo "deb [signed-by=/etc/apt/trusted.gpg.d/45drives.gpg arch=amd64] https://rep echo "Updating package lists" apt -qq update -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install -t bullseye-backports acl samba-dsdb-modules samba-vfs-modules samba winbind zfs-dkms zfsutils-linux zfs-auto-snapshot wsdd +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install -t bullseye-backports acl samba-dsdb-modules samba-vfs-modules samba winbind wsdd echo "Installing cockpit" -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator cockpit-zfs-manager cockpit-benchmark +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator cockpit-zfs-manager cockpit-benchmark zfs-dkms zfsutils-linux zfs-auto-snapshot echo "Activate zfs module" modprobe zfs From 857492b89562cac0191986b431add87fa9388dd5 Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Sun, 22 Jan 2023 18:00:00 +0100 Subject: [PATCH 09/20] split zfs install --- setup-nasbeery | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/setup-nasbeery b/setup-nasbeery index 4c0d0bb..8096636 100644 --- a/setup-nasbeery +++ b/setup-nasbeery @@ -123,8 +123,10 @@ echo "Updating package lists" apt -qq update DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install -t bullseye-backports acl samba-dsdb-modules samba-vfs-modules samba winbind wsdd +echo "Installing zfs" +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends zfs-dkms zfsutils-linux zfs-auto-snapshot echo "Installing cockpit" -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator cockpit-zfs-manager cockpit-benchmark zfs-dkms zfsutils-linux zfs-auto-snapshot +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator cockpit-zfs-manager cockpit-benchmark echo "Activate zfs module" modprobe zfs @@ -149,7 +151,7 @@ echo "Hadening ssh service" echo "Enable the RSA and ED25519 keys" sed -i 's/^\#HostKey \/etc\/ssh\/ssh_host_\(rsa\|ed25519\)_key$/HostKey \/etc\/ssh\/ssh_host_\1_key/g' /etc/ssh/sshd_config echo "Remove small Diffie-Hellman moduli" -awk '$5 >= 3071' /etc/ssh/moduli | tee -i /etc/ssh/moduli.safe +awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.safe mv -f /etc/ssh/moduli.safe /etc/ssh/moduli echo "Restrict supported key exchange, cipher, and MAC algorithms" echo -e "\n# Restrict key exchange, cipher, and MAC algorithms, as per sshaudit.com\n# hardening guide.\nKexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\nMACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com\nHostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com" | tee -i /etc/ssh/sshd_config.d/ssh-audit_hardening.conf From cba60bf488762b8bec9a477ed20e18866d9cbe74 Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Sun, 22 Jan 2023 18:24:45 +0100 Subject: [PATCH 10/20] Mutiple fixes --- setup-nasbeery | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/setup-nasbeery b/setup-nasbeery index 8096636..e439ef8 100644 --- a/setup-nasbeery +++ b/setup-nasbeery @@ -122,9 +122,10 @@ echo "deb [signed-by=/etc/apt/trusted.gpg.d/45drives.gpg arch=amd64] https://rep echo "Updating package lists" apt -qq update -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install -t bullseye-backports acl samba-dsdb-modules samba-vfs-modules samba winbind wsdd echo "Installing zfs" DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends zfs-dkms zfsutils-linux zfs-auto-snapshot +echo "Installing samba" +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install -t bullseye-backports acl samba-dsdb-modules samba-vfs-modules samba winbind wsdd echo "Installing cockpit" DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator cockpit-zfs-manager cockpit-benchmark @@ -134,11 +135,13 @@ modprobe zfs echo "Update time via ntp" ntpdate-debian -b > /dev/null +rootfs=$(grep " / " /proc/mounts | cut -d'/' -f3) +zdisks=$(echo $(lsblk -nd -I 8,259 -o name | grep -v $rootfs) | cut -d' ' -f1-2) case $FORMAT in 0) echo "Your ZFS Data will be preserved";; 1) echo "Existing data on the drives will be deleted..." zpool destroy $ZPOOL - zpool create -f -o autoexpand=on -o ashift=12 $ZPOOL mirror sda sdb + zpool create -f -o autoexpand=on -o ashift=12 $ZPOOL mirror $zdisks echo "Regenerate ssh host keys" rm -f /etc/ssh/ssh_host_* ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N "" @@ -227,8 +230,9 @@ cat << EOF | tee -i /etc/cockpit/zfs/config.json } EOF -if [[ $(ls /etc/cockpit/zfs/shares.conf) ]]; then +if [ -f /etc/cockpit/zfs/shares.conf ]; then echo "Creating cockpit zfs shares conf" + mkdir -p /etc/cockpit/zfs/ cat << EOF | tee -i /etc/cockpit/zfs/shares.conf # COCKPIT ZFS MANAGER # WARNING: DO NOT EDIT, AUTO-GENERATED CONFIGURATION @@ -248,7 +252,7 @@ cat << EOF | tee -i /etc/samba/smb.conf include = registry EOF -cat << EOF | tee -i /etc/samba/import.templates +cat << EOF | tee -i /etc/samba/import.template [global] workgroup = WORKGROUP log file = /var/log/samba/log.%m From 40318793b1cd0c86b84626e3c02970a2615675d9 Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Sun, 22 Jan 2023 18:27:54 +0100 Subject: [PATCH 11/20] fix rootfs var --- setup-nasbeery | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup-nasbeery b/setup-nasbeery index e439ef8..2a15238 100644 --- a/setup-nasbeery +++ b/setup-nasbeery @@ -136,7 +136,7 @@ echo "Update time via ntp" ntpdate-debian -b > /dev/null rootfs=$(grep " / " /proc/mounts | cut -d'/' -f3) -zdisks=$(echo $(lsblk -nd -I 8,259 -o name | grep -v $rootfs) | cut -d' ' -f1-2) +zdisks=$(echo $(lsblk -nd -I 8,259 -o name | grep -v ${rootfs:0:3}) | cut -d' ' -f1-2) case $FORMAT in 0) echo "Your ZFS Data will be preserved";; 1) echo "Existing data on the drives will be deleted..." From 845d135b53a1c4f26d17c0a4a6dfcffa25420617 Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Sun, 22 Jan 2023 18:36:55 +0100 Subject: [PATCH 12/20] Insert backports repo later --- setup-nasbeery | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/setup-nasbeery b/setup-nasbeery index 2a15238..dd2ec6c 100644 --- a/setup-nasbeery +++ b/setup-nasbeery @@ -74,9 +74,6 @@ if [[ $(lsmod | grep -E ^zfs) ]] && [[ $FORMAT -eq 0 ]]; then FORMAT=$? fi -echo "Add debian bullseye backports repo" -echo "deb http://ftp.de.debian.org/debian/ bullseye-backports main contrib non-free" | tee -i /etc/apt/sources.list.d/bulleye-backports.list - # pin cockpit to buster backports echo "Configure apt to install cockpit from backports repo" cat << EOF | tee -i /etc/apt/preferences.d/99-cockpit @@ -105,6 +102,12 @@ fi echo "Intalling required packages" DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install $headers ntpdate git apt-transport-https gnupg2 software-properties-common vim htop net-tools dnsutils +echo "Installing zfs" +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends zfs-dkms zfsutils-linux zfs-auto-snapshot + +echo "Add debian bullseye backports repo" +echo "deb http://ftp.de.debian.org/debian/ bullseye-backports main contrib non-free" | tee -i /etc/apt/sources.list.d/bulleye-backports.list + # add extra apt keys echo "Add wsdd apt repo key" wget -O - https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key | gpg --dearmor | tee -i /etc/apt/trusted.gpg.d/wsdd.gpg @@ -121,9 +124,6 @@ echo "deb [signed-by=/etc/apt/trusted.gpg.d/45drives.gpg arch=amd64] https://rep echo "Updating package lists" apt -qq update - -echo "Installing zfs" -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends zfs-dkms zfsutils-linux zfs-auto-snapshot echo "Installing samba" DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install -t bullseye-backports acl samba-dsdb-modules samba-vfs-modules samba winbind wsdd echo "Installing cockpit" From ca3b27f70b3f75ac5a769d535b0dbb8408bd1c29 Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Sun, 22 Jan 2023 19:07:16 +0100 Subject: [PATCH 13/20] Multiple fixes --- setup-nasbeery | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/setup-nasbeery b/setup-nasbeery index dd2ec6c..97a520e 100644 --- a/setup-nasbeery +++ b/setup-nasbeery @@ -43,7 +43,7 @@ while getopts "hU:P:H:D:FIZ:S:" opt; do done shift $((OPTIND-1)) -if [[ $(ls nasbeery.conf) ]]; then +if [ -f nasbeery.conf ]; then source nasbeery.conf else cat << EOF > nasbeery.conf @@ -82,6 +82,11 @@ Pin: release a=bullseye-backports Pin-Priority: 900 EOF +grep contrib /etc/apt/sources.list +if [ $? -gt 0 ]; then + sed -i "s/main/main contrib non-free/g" /etc/apt/sources.list +fi + # update system and install packages echo "Updating package lists" apt -qq update @@ -183,7 +188,7 @@ useradd $USERNAME echo "$USERNAME:$PASSWORD" | chpasswd smbpasswd -x $USERNAME (echo $PASSWORD; echo $PASSWORD) | smbpasswd -a $USERNAME -usermod -aG $USERNAME +usermod -aG sudo $USERNAME echo "Writing cockpit configuration" cat << EOF | tee -i /etc/cockpit/zfs/config.json From 7d839f3cddd95082be471ca7d059b7e346e3970b Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Sun, 22 Jan 2023 19:27:37 +0100 Subject: [PATCH 14/20] add mmc --- setup-nasbeery | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup-nasbeery b/setup-nasbeery index 97a520e..1ea3a9e 100644 --- a/setup-nasbeery +++ b/setup-nasbeery @@ -141,7 +141,7 @@ echo "Update time via ntp" ntpdate-debian -b > /dev/null rootfs=$(grep " / " /proc/mounts | cut -d'/' -f3) -zdisks=$(echo $(lsblk -nd -I 8,259 -o name | grep -v ${rootfs:0:3}) | cut -d' ' -f1-2) +zdisks=$(echo $(lsblk -nd -I 8,259,179 -o name | grep -v ${rootfs:0:3}) | cut -d' ' -f1-2) case $FORMAT in 0) echo "Your ZFS Data will be preserved";; 1) echo "Existing data on the drives will be deleted..." From 85dfcfd4bb6664cfd4904018017cbc6978fa23a9 Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Sun, 22 Jan 2023 20:24:39 +0100 Subject: [PATCH 15/20] Many fixes --- setup-nasbeery | 45 +++++++++++++++++++++------------------------ 1 file changed, 21 insertions(+), 24 deletions(-) diff --git a/setup-nasbeery b/setup-nasbeery index 1ea3a9e..64dd06d 100644 --- a/setup-nasbeery +++ b/setup-nasbeery @@ -3,15 +3,14 @@ prog="$(basename "$0")" usage() { cat >&2 <<-EOF - usage: $prog [-h] [-U USERNAME] [-P PASSWORD] [-H HOSTNAME] [-D DOMAIN] [-Z POOL] [-S SHARE] [-A ADDONS] [-F] + usage: $prog [-h] [-U USERNAME] [-P PASSWORD] [-H HOSTNAME] [-D DOMAIN] [-A ADDONS] [-S SHARE] installs nasbeery onto your raspberry pi os -U USERNAME Username for SSH, Cockpit and SMB Login (default: pi) -P PASSWORD Password for SSH, Cockpit and SMB Login (min. 8 chars, default: password prompt) -H HOSTNAME Hostname of this nasbeery (default: nasbeery) -D DOMAIN Domain name of this nasbeery (default: bashclub.lan) - -S SHARE Name of the SMB share to create (default: share) -A ADDONS Comma separated list of addons to install (ispconfig, docker) - -F Enforce formatting disks - WARNING: Destroys all existing data + -S SHARE Name of the SMB share to create (default: share) --------------------------------------------------------------------------- (C) 2022 nasbeery installer by bashclub (https://github.com/bashclub) --------------------------------------------------------------------------- @@ -28,14 +27,13 @@ ZPOOL=tank SHARE=share BASE_REPO=https://github.com/bashclub/nasbeery -while getopts "hU:P:H:D:FIZ:S:" opt; do +while getopts "hU:P:H:D:A:S:" opt; do case $opt in h) usage 0 ;; U) USERNAME=$OPTARG ;; P) PASSWORD=$OPTARG PASSWORD_REPEAT=$OPTARG ;; H) HOSTNAME=$OPTARG ;; D) DOMAIN=$OPTARG ;; - F) FORMAT=1 ;; A) ADDONS=$OPTARG ;; S) SHARE=$OPTARG ;; *) usage 1 ;; @@ -50,7 +48,6 @@ else USERNAME=$USERNAME HOSTNAME=$HOSTNAME DOMAIN=$DOMAIN -FORMAT=$FORMAT ADDONS=$ADDONS SHARE=$SHARE EOF @@ -63,16 +60,13 @@ while [[ "$PASSWORD" != "$PASSWORD_REPEAT" || ${#PASSWORD} -lt 8 ]]; do PASSWORD_invalid_message="ERROR: Password is too short, or not matching! \n\n" done -# check current zfs state -if [[ $(lsmod | grep -E ^zfs) ]] && [[ $FORMAT -eq 0 ]]; then - # module is loaded - whiptail --title "Possible data loss!" \ - --backtitle "NASBEERY SETUP" \ - --yes-button "PRESERVE DATA" \ - --no-button "FORMAT DISKS!" \ - --yesno "Would you like to preserve you existing ZFS data from a previous installation?" 10 75 - FORMAT=$? -fi + +whiptail --title "Possible data loss!" \ +--backtitle "NASBEERY SETUP" \ +--yes-button "PRESERVE DATA" \ +--no-button "FORMAT DISKS!" \ +--yesno "Would you like to preserve you existing ZFS data from a previous installation?" 10 75 +FORMAT=$? # pin cockpit to buster backports echo "Configure apt to install cockpit from backports repo" @@ -87,6 +81,9 @@ if [ $? -gt 0 ]; then sed -i "s/main/main contrib non-free/g" /etc/apt/sources.list fi +echo "Add debian bullseye backports repo" +echo "deb http://ftp.de.debian.org/debian/ bullseye-backports main contrib non-free" | tee -i /etc/apt/sources.list.d/bulleye-backports.list + # update system and install packages echo "Updating package lists" apt -qq update @@ -107,12 +104,6 @@ fi echo "Intalling required packages" DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install $headers ntpdate git apt-transport-https gnupg2 software-properties-common vim htop net-tools dnsutils -echo "Installing zfs" -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends zfs-dkms zfsutils-linux zfs-auto-snapshot - -echo "Add debian bullseye backports repo" -echo "deb http://ftp.de.debian.org/debian/ bullseye-backports main contrib non-free" | tee -i /etc/apt/sources.list.d/bulleye-backports.list - # add extra apt keys echo "Add wsdd apt repo key" wget -O - https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key | gpg --dearmor | tee -i /etc/apt/trusted.gpg.d/wsdd.gpg @@ -130,7 +121,7 @@ echo "deb [signed-by=/etc/apt/trusted.gpg.d/45drives.gpg arch=amd64] https://rep echo "Updating package lists" apt -qq update echo "Installing samba" -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install -t bullseye-backports acl samba-dsdb-modules samba-vfs-modules samba winbind wsdd +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install -t bullseye-backports acl samba-dsdb-modules samba-vfs-modules samba winbind wsdd zfs-dkms zfsutils-linux zfs-auto-snapshot echo "Installing cockpit" DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator cockpit-zfs-manager cockpit-benchmark @@ -141,7 +132,13 @@ echo "Update time via ntp" ntpdate-debian -b > /dev/null rootfs=$(grep " / " /proc/mounts | cut -d'/' -f3) -zdisks=$(echo $(lsblk -nd -I 8,259,179 -o name | grep -v ${rootfs:0:3}) | cut -d' ' -f1-2) +if [[ "$rootfs" == *"nvme"* ]] || [[ "$rootfs" == *"mmcblk"* ]]; then + rootdisk=${rootfs::-3} +else + rootdisk=${rootfs::1} +fi + +zdisks=$(echo $(lsblk -nd -I 8,259,179 -o name | grep -v ${rootdisk}) | cut -d' ' -f1-2) case $FORMAT in 0) echo "Your ZFS Data will be preserved";; 1) echo "Existing data on the drives will be deleted..." From 88936b6186f2fc22035011139212922a445566ec Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Sun, 22 Jan 2023 21:43:06 +0100 Subject: [PATCH 16/20] fix znapzend for aarch64 --- setup-nasbeery | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/setup-nasbeery b/setup-nasbeery index 64dd06d..c297d83 100644 --- a/setup-nasbeery +++ b/setup-nasbeery @@ -54,7 +54,7 @@ EOF fi # Change password for Samba and Terminal -while [[ "$PASSWORD" != "$PASSWORD_REPEAT" || ${#PASSWORD} -lt 8 ]]; do +while [[ "$PASSWORD" != "$PASSWORD_REPEAT" || ${#PASSWORD} -le 8 ]]; do PASSWORD=$(whiptail --backtitle "NASBEERY SETUP" --title "Set password!" --passwordbox "${PASSWORD_invalid_message}Please set a password for Terminal, Samba and Backupwireless\n(At least 8 characters!):" 10 75 3>&1 1>&2 2>&3) PASSWORD_REPEAT=$(whiptail --backtitle "NASBEERY SETUP" --title "Set password!" --passwordbox "Please repeat the Password:" 10 70 3>&1 1>&2 2>&3) PASSWORD_invalid_message="ERROR: Password is too short, or not matching! \n\n" @@ -102,7 +102,7 @@ elif [[ $(dpkg --get-selections | grep -m1 "linux-image-amd64") ]]; then headers="linux-headers-amd64" fi echo "Intalling required packages" -DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install $headers ntpdate git apt-transport-https gnupg2 software-properties-common vim htop net-tools dnsutils +DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install $headers ntpdate git apt-transport-https gnupg2 software-properties-common vim htop net-tools dnsutils dpkg-dev # add extra apt keys echo "Add wsdd apt repo key" @@ -122,6 +122,20 @@ echo "Updating package lists" apt -qq update echo "Installing samba" DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install -t bullseye-backports acl samba-dsdb-modules samba-vfs-modules samba winbind wsdd zfs-dkms zfsutils-linux zfs-auto-snapshot + +if [[ "$(arch)" == "aarch64" ]]; then + znapzend_version=$(apt search znapzend 2>/dev/null | grep znapzend | cut -d ' ' -f2) + wget -O znapzend_${znapzend_version}_amd64.deb https://repo.45drives.com/debian/pool/main/z/znapzend/znapzend_${znapzend_version}_amd64.deb + mkdir znapzend + dpkg-deb -R znapzend_${znapzend_version}_amd64.deb ./znapzend + sed -i "s/amd64/aarch64/g" ./znapzend/DEBIAN/control + sed -i "s/x86_64-linux-gnu/aarch64-linux-gnu/g" znapzend/usr/bin/* + mv znapzend/usr/lib/x86_64-linux-gnu znapzend/usr/lib/aarch64-linux-gnu + dpkg-deb -b znapzend znapzend_${znapzend_version}_aarch64.deb + apt install ./znapzend_${znapzend_version}_aarch64.deb +fi + + echo "Installing cockpit" DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator cockpit-zfs-manager cockpit-benchmark From 135e0a7c9f99caa99b7a5d44cc19ef105cbce80d Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Sun, 22 Jan 2023 22:00:07 +0100 Subject: [PATCH 17/20] Fix architecture --- setup-nasbeery | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup-nasbeery b/setup-nasbeery index c297d83..4fd7201 100644 --- a/setup-nasbeery +++ b/setup-nasbeery @@ -131,8 +131,8 @@ if [[ "$(arch)" == "aarch64" ]]; then sed -i "s/amd64/aarch64/g" ./znapzend/DEBIAN/control sed -i "s/x86_64-linux-gnu/aarch64-linux-gnu/g" znapzend/usr/bin/* mv znapzend/usr/lib/x86_64-linux-gnu znapzend/usr/lib/aarch64-linux-gnu - dpkg-deb -b znapzend znapzend_${znapzend_version}_aarch64.deb - apt install ./znapzend_${znapzend_version}_aarch64.deb + dpkg-deb -b znapzend znapzend_${znapzend_version}_arm64.deb + apt install ./znapzend_${znapzend_version}_arm64.deb fi From f941933efe085908ae7c34e9a6ac8ab47ffd567b Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Sun, 22 Jan 2023 22:05:27 +0100 Subject: [PATCH 18/20] Fix again --- setup-nasbeery | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup-nasbeery b/setup-nasbeery index 4fd7201..414739c 100644 --- a/setup-nasbeery +++ b/setup-nasbeery @@ -128,7 +128,7 @@ if [[ "$(arch)" == "aarch64" ]]; then wget -O znapzend_${znapzend_version}_amd64.deb https://repo.45drives.com/debian/pool/main/z/znapzend/znapzend_${znapzend_version}_amd64.deb mkdir znapzend dpkg-deb -R znapzend_${znapzend_version}_amd64.deb ./znapzend - sed -i "s/amd64/aarch64/g" ./znapzend/DEBIAN/control + sed -i "s/amd64/arm64/g" ./znapzend/DEBIAN/control sed -i "s/x86_64-linux-gnu/aarch64-linux-gnu/g" znapzend/usr/bin/* mv znapzend/usr/lib/x86_64-linux-gnu znapzend/usr/lib/aarch64-linux-gnu dpkg-deb -b znapzend znapzend_${znapzend_version}_arm64.deb From 4867f14aaa89bbdc37613159d572dc2d283735e1 Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Sun, 22 Jan 2023 23:08:33 +0100 Subject: [PATCH 19/20] Add rockchip64 edge kernel --- setup-nasbeery | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/setup-nasbeery b/setup-nasbeery index 414739c..eb88c56 100644 --- a/setup-nasbeery +++ b/setup-nasbeery @@ -94,6 +94,8 @@ if [[ $(dpkg --get-selections | grep -m1 "raspberrypi-kernel") ]]; then headers="raspberrypi-kernel-headers" elif [[ $(dpkg --get-selections | grep -E -m1 "linux-image-current-rockchip64") ]]; then headers="linux-headers-current-rockchip64" +elif [[ $(dpkg --get-selections | grep -E -m1 "linux-image-edge-rockchip64") ]]; then + headers="linux-edge-current-rockchip64" elif [[ $(dpkg --get-selections | grep -E -m1 "linux-image-current-meson64") ]]; then headers="linux-headers-current-meson64" elif [[ $(dpkg --get-selections | grep -E -m1 "linux-image-edge-meson64") ]]; then @@ -133,9 +135,9 @@ if [[ "$(arch)" == "aarch64" ]]; then mv znapzend/usr/lib/x86_64-linux-gnu znapzend/usr/lib/aarch64-linux-gnu dpkg-deb -b znapzend znapzend_${znapzend_version}_arm64.deb apt install ./znapzend_${znapzend_version}_arm64.deb + systemctl disable znapzend.service fi - echo "Installing cockpit" DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator cockpit-zfs-manager cockpit-benchmark @@ -195,7 +197,7 @@ ff02::2 ip6-allrouters EOF echo "Configuring user" -useradd $USERNAME +useradd -m -s /bin/bash $USERNAME echo "$USERNAME:$PASSWORD" | chpasswd smbpasswd -x $USERNAME (echo $PASSWORD; echo $PASSWORD) | smbpasswd -a $USERNAME From 1298e118f06dc21a9ff45df7d4ac2b6230b84b29 Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Sun, 22 Jan 2023 23:44:33 +0100 Subject: [PATCH 20/20] remove tznapzend folder and packages --- setup-nasbeery | 1 + 1 file changed, 1 insertion(+) diff --git a/setup-nasbeery b/setup-nasbeery index eb88c56..0cdd17f 100644 --- a/setup-nasbeery +++ b/setup-nasbeery @@ -136,6 +136,7 @@ if [[ "$(arch)" == "aarch64" ]]; then dpkg-deb -b znapzend znapzend_${znapzend_version}_arm64.deb apt install ./znapzend_${znapzend_version}_arm64.deb systemctl disable znapzend.service + rm -r znapzend* fi echo "Installing cockpit"