#!/bin/sh # # Run this as root on a freshly installed Debian machine to integrate # it with the rest of the NUUG machines. set -e # Track changes in /etc apt install -y etckeeper # Keep track of correct time apt install -y ntpsec # Add some nice tools apt install -y iotop iftop htop openssh-server vim sudo tmux rsync # sshd-config cat > /etc/ssh/sshd_config.d/custom.conf < /etc/vim/vimrc.local </etc/rsyslog.d/timeformat.conf < /etc/fail2ban/jail.local < /etc/fail2ban/jail.d/sshd.conf <> $muninnodefile echo 'allow ^158\.36\.191\.217$' >> $muninnodefile invoke-rc.d munin-node restart # Set up NRPE / Nagios apt install -y nagios-nrpe-server nagios-plugins-standard mkdir -p /etc/nagios/nrpe.d cat > /etc/nagios/nrpe.d/sitesummary-nrpe.cfg < /etc/sitesummary/config.d/00debconf </dev/null 2>&1; then adduser --shell /bin/bash --group "$USER" echo "User $USER created." else echo "User $USER already exists." fi # 2. Create .ssh directory mkdir -p "$SSH_DIR" chown "$USER":"$USER" "$SSH_DIR" chmod 700 "$SSH_DIR" # 3. Add authorized key echo "$SSH_KEY" > "$AUTHORIZED_KEYS" chown "$USER":"$USER" "$AUTHORIZED_KEYS" chmod 600 "$AUTHORIZED_KEYS" echo "SSH key installed." # 4. Setup sudoers for backup script echo "$USER ALL = NOPASSWD: NOLOG_INPUT: NOLOG_OUTPUT: /usr/local/sbin/snapback" > "$SUDOERS_FILE" chmod 440 "$SUDOERS_FILE" echo "Sudoers entry added." # 5. Fetch snapback script wget --quiet https://www.nuug.no/tools/backup-script/snapback -O /usr/local/sbin/snapback && chmod +x /usr/local/sbin/snapback if command -v etckeeper >/dev/null 2>&1; then etckeeper commit "rdiff-backup: Sett opp daglig backup" fi echo "Client Backup Installation completed successfully."