-
Notifications
You must be signed in to change notification settings - Fork 1
/
tiamat-install.sh
executable file
·177 lines (156 loc) · 3.5 KB
/
tiamat-install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
#!/usr/bin/env bash
# tiamat-install.sh
#
# Script used to set up tiamat.obscure.org after the catastropic
# failures of August 2022. Installs packages.
set -euo pipefail
DEBUG=${DEBUG:-false}
# Thanks https://stackoverflow.com/a/17805088
$DEBUG && export PS4='${LINENO}: ' && set -x
# http://stackoverflow.com/questions/59895/can-a-bash-script-tell-what-directory-its-stored-in
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# Thanks https://askubuntu.com/a/15856
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
config_network=true
primary_int=enp89s0
packages='
bind
bind-chroot
boost-devel
certbot
certbot python3-certbot-apache
clamav
cmake
dnf-automatic
dovecot
doxygen
emacs
epel-release
git
gmp-devel
httpd
httpd-tools
krb5-devel
libedit-devel
libtirpc-devel
links
man2html
mariadb
mariadb-server
mod_ssl
mpfr-devel
mutt
nagios-plugins
nagios-plugins-disk
nagios-plugins-load
nagios-plugins-mysql
nagios-plugins-pgsql
nagios-plugins-procs
nagios-plugins-smtp
nagios-plugins-swap
nagios-plugins-users
nmstate
nrpe
pam-devel
php
php-gd
php-intl
php-pecl-zip
php-pgsql
postgresql
postgresql-server
procmail
sendmail
sendmail-cf
s-nail
spamassassin
sysstat
tcsh
texinfo
texinfo-tex
texlive-cm-super
texlive-ec
texlive-eurosym
utf8cpp-devel
whois
'
extra_packages='
alpine
ntfs-3g
shellcheck
tidy'
firewall_services_allow='
dns
http
https
imap
imaps
pop3
pop3s
smtp
smtp-submission
smtps
'
# Install packages
# T
# Thanks https://linux.how2shout.com/enable-crb-code-ready-builder-powertools-in-almalinux-9/
# for the hint on how to enable crb to get texinfo and friends
dnf config-manager --set-enabled crb
#shellcheck disable=SC2086
dnf -y install $packages
#shellcheck disable=SC2086
dnf -y install $extra_packages
# Install ledger (built from SRPMS)
dnf -y install "$DIR/rpmbuild/RPMS/x86_64/ledger-3.2.1-13.el9.x86_64.rpm"
# Configure dnf-automatic
if [[ ! -f /etc/dnf/automatic.conf.dist ]]; then
cp -a /etc/dnf/automatic.conf /etc/dnf/automatic.conf.dist
fi
sed -i'' -e 's/[email protected]/[email protected]/' /etc/dnf/automatic.conf
# Configure network
if "$config_network"; then
# Thanks https://www.linuxtechi.com/set-static-ip-address-on-rhel-9/
nmcli con modify "$primary_int" ifname $primary_int ipv4.method manual ipv4.addresses 71.163.169.18/24 gw4 71.163.169.1
nmcli con modify "$primary_int" ipv4.dns 127.0.0.1
nmcli con down "$primary_int"
nmcli con up "$primary_int"
fi
# Fix up firewall
systemctl restart firewalld
for svc in $firewall_services_allow; do
firewall-cmd --zone=public --add-service "$svc"
done
firewall-cmd --zone=public --add-port 10110/tcp
firewall-cmd --zone=public --add-port 10143/tcp
firewall-cmd --zone=public --add-port 10993/tcp
firewall-cmd --zone=public --add-port 10995/tcp
firewall-cmd --zone=public --add-masquerade
firewall-cmd --zone=public --add-forward-port=port=10110:proto=tcp:toport=110
firewall-cmd --zone=public --add-forward-port=port=10143:proto=tcp:toport=143
firewall-cmd --zone=public --add-forward-port=port=10993:proto=tcp:toport=993
firewall-cmd --zone=public --add-forward-port=port=10995:proto=tcp:toport=995
firewall-cmd --runtime-to-permanent
# Start services
services='
dnf-automatic.timer
httpd
mariadb
named
postgresql
saslauthd
sendmail
spamassassin
'
for svc in $services; do
systemctl enable "$svc"
systemctl start "$svc"
done
# Adjust selinux
setsebool -P httpd_enable_homedirs true
setsebool -P httpd_can_network_connect_db true
setsebool -P httpd_can_sendmail true
# Relink mail spool files
"$DIR/mail-symlink-inbox.sh"