update fstab sample file

debian-vps-boostrap/vps_bootstrap.sh

@@ -0,0 +1,193 @@
+#!/bin/bash
+
+########################
+# Missing ohmyzsh
+########################
+
+clear
+
+# Set variable holding the Debian version codename
+DEBIAN_VERSION="bookworm"
+DOCKER_USER="docker-user"
+SYSTEM_HOSTNAME="vps02.carlossousa.tech"
+SSH_PUBLIC_KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDW0ryhGvQwtXEQvP2+RV4PanS+TahMTj98WQqH0Dpe8 contabo-vps-m-me@carlosousa.tech"
+
+
+# Create custom_sources file with deb and deb-src entries
+cat <<EOF > /etc/apt/sources.list.d/custom_sources.list
+# Main
+deb http://deb.debian.org/debian/ $DEBIAN_VERSION main contrib non-free
+deb-src http://deb.debian.org/debian/ $DEBIAN_VERSION main contrib non-free
+
+# Security
+#deb http://deb.debian.org/debian/ ${DEBIAN_VERSION}-security main contrib non-free
+#deb-src http://deb.debian.org/debian/ ${DEBIAN_VERSION}-security main contrib non-free
+
+# Backports
+deb http://deb.debian.org/debian/ ${DEBIAN_VERSION}-backports main contrib non-free
+deb-src http://deb.debian.org/debian/ ${DEBIAN_VERSION}-backports main contrib non-free
+
+# Updates
+deb http://deb.debian.org/debian/ ${DEBIAN_VERSION}-updates main contrib non-free
+deb-src http://deb.debian.org/debian/ ${DEBIAN_VERSION}-updates main contrib non-free
+
+# Sid (the Unstable Distribution)
+deb http://deb.debian.org/debian/ sid main
+deb-src http://deb.debian.org/debian/ sid main
+EOF
+
+
+cat <<EOF > /etc/apt/preferences.d/custom_preferences
+# Package pinning to prefer stable, then unstable, then testing
+
+# Stable packages get the highest priority
+Package: *
+Pin: release a=stable
+Pin-Priority: 900
+
+# Unstable packages get medium priority
+Package: *
+Pin: release a=unstable
+Pin-Priority: 600
+
+# Testing packages get the lowest priority
+Package: *
+Pin: release a=testing
+Pin-Priority: 300
+EOF
+
+# Stop script if any command returns a non-zero status
+set -e
+
+
+# Set Hostname
+hostnamectl set-hostname "$SYSTEM_HOSTNAME"
+
+
+# Check for updates and update the system using apt
+apt update -y
+apt upgrade -y
+
+
+# Info: if some package can't be installed due to missing dependencies (eg: package is from unstable, but stable has a lower dependency version only)
+#   apt install -t unstable <dependency>
+
+# Install Packages
+apt install \
+    btop \
+    curl \
+    docker \
+    docker-compose \
+    duf \
+    fail2ban \
+    fastfetch \
+    fzf \
+    git \
+    ncdu \
+    neovim \
+    rsync \
+    sudo \
+    tmux \
+    vim \
+    wget \
+    zsh \
+    -y
+
+# Docker Setup
+if ! getent group docker > /dev/null 2>&1; then
+  groupadd docker
+fi
+
+if ! id "$DOCKER_USER" > /dev/null 2>&1; then
+  useradd -m "$DOCKER_USER"
+fi
+
+su -c "mkdir -p /home/$DOCKER_USER/.ssh" - $DOCKER_USER
+su -c "chmod 700 /home/$DOCKER_USER/.ssh" - $DOCKER_USER
+
+auth_keys="/home/$DOCKER_USER/.ssh/authorized_keys"
+su -c "touch $auth_keys" - $DOCKER_USER
+su -c "cat <<EOF > $auth_keys
+$SSH_PUBLIC_KEY
+EOF
+" - $DOCKER_USER
+
+su -c "chmod 600 $auth_keys" - $DOCKER_USER
+
+
+usermod -aG docker "$DOCKER_USER"
+usermod -aG sudo "$DOCKER_USER"
+
+# Fail2Ban Setup
+cat <<EOF > /etc/fail2ban/fail2ban.local
+[DEFAULT]
+allowipv6 = auto
+EOF
+
+cat <<EOF > /etc/fail2ban/jail.local
+[DEFAULT]
+# Debian 12 has no log files, needs to use journalctl
+backend = systemd
+
+# Configure nftables
+banaction = nftables-multiport
+chain = input
+banaction_allports = nftables[type=allports]
+
+# Regular Banning
+bantime = 24h
+findtime = 600
+maxretry = 5
+
+bantime.increment = true
+bantime.rndtime = 30m
+
+
+dbpurgeage = 30d
+
+[sshd]
+enabled = true
+mode = aggressive
+backend = systemd
+maxretry = 5
+EOF
+
+cat <<EOF > /etc/ssh/sshd_config.d/99-custom-hardening.conf
+PermitRootLogin no
+MaxAuthTries 3
+Protocol 2
+PermitEmptyPasswords no
+PasswordAuthentication no
+AuthenticationMethods publickey
+StrictModes yes
+EOF
+
+systemctl start fail2ban
+systemctl enable fail2ban
+systemctl restart sshd
+
+# Clean system
+apt autoremove -y
+
+
+# Show status of fail2ban service
+echo -e "\n\n\n\n\n\n\n\n\n\n"
+echo "=================================="
+echo "==== fail2ban service status ===="
+echo "=================================="
+echo
+systemctl status fail2ban --no-pager
+
+echo -e "\n\n\n"
+# Show information about the user stored in DOCKER_USER variable
+if [ -z "$DOCKER_USER" ]; then
+    echo "DOCKER_USER variable is not set."
+else
+    echo "=================================="
+    echo "==== Information for user: $DOCKER_USER ===="
+    echo "=================================="
+    echo
+    id "$DOCKER_USER" || echo "User $DOCKER_USER not found."
+    echo
+fi
+

fedora-bootstrap/README.md

@@ -27,6 +27,9 @@ Contains specialized, system-dependent scripts that are **NOT** run by default.
 - Manually invoked only after thorough inspection
 - Understood to be highly specific to particular system configurations
 
+### `manual/`
+Scripts to install software that are heavily depedendent on what you want / what you have. Eg.: Controlling AIO CPU Coolers
+
 ### `packages/`
 Scripts dedicated to installing and deploying specific software packages. Each script typically handles the installation, configuration, and initial setup of a particular application or software suite.
 

fedora-bootstrap/customs/setup_fstab.sh.sample

@@ -9,16 +9,11 @@ GAMES_UUID="UUID=2941558d-408f-4a75-952e-441839ba53b8"
 GAMES_FILESYSTEM="ext4"
 GAMES_OPTIONS="defaults"
 
-DATA_MOUNT_POINT="/mnt/data"
-DATA_UUID="UUID=b7cd0ded-3798-42ac-87ae-74b161cf540b"
+DATA_MOUNT_POINT="/mnt/storage"
+DATA_UUID="UUID=28b6bebf-89ff-44de-9e51-c97e4feb40a5"
 DATA_FILESYSTEM="ext4"
 DATA_OPTIONS="defaults,nofail,noatime"
 
-HDD_MOUNT_POINT="/mnt/hdd"
-HDD_UUID="UUID=5e171c28-908f-4112-a31c-189a019d7229"
-HDD_FILESYSTEM="ext4"
-HDD_OPTIONS="defaults,nofail,noatime"
-
 OSSHARED_MOUNT_POINT="/mnt/osshared"
 OSSHARED_UUID="UUID=12EE9EFA08A175F6"
 OSSHARED_FILESYSTEM="ntfs-3g"
@@ -66,10 +61,6 @@ create_mount_point "$DATA_MOUNT_POINT"
 set_permissions "$DATA_MOUNT_POINT"
 add_fstab_entry "$DATA_UUID" "$DATA_MOUNT_POINT" "$DATA_FILESYSTEM" "$DATA_OPTIONS"
 
-create_mount_point "$HDD_MOUNT_POINT"
-set_permissions "$HDD_MOUNT_POINT"
-add_fstab_entry "$HDD_UUID" "$HDD_MOUNT_POINT" "$HDD_FILESYSTEM" "$HDD_OPTIONS"
-
 create_mount_point "$OSSHARED_MOUNT_POINT"
 set_permissions "$OSSHARED_MOUNT_POINT"
 add_fstab_entry "$OSSHARED_UUID" "$OSSHARED_MOUNT_POINT" "$OSSHARED_FILESYSTEM" "$OSSHARED_OPTIONS"

fedora-bootstrap/generate_settings.sh

@@ -128,7 +128,7 @@ SETUP_CORE_TTY=$ANSWER_SETUP_CORE_TTY
 SETUP_CORE_GUI=$ANSWER_SETUP_CORE_GUI
 
 ## Work Systems - Do we work on this device?
-### docker, docker-compose, LibreOffice, nmap, qemu-kvm, virt-manager, drawio
+### docker, docker-compose, LibreOffice, nmap, qemu-kvm, remmina, virt-manager, drawio
 SETUP_WORKSTATION=$ANSWER_SETUP_WORKSTATION
 
 ## Personal Use - Do we use this device for personal things?

fedora-bootstrap/manual/coolercontrol.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+echo "Installing coolercontrol"
+sudo dnf install dnf-plugins-core
+sudo dnf copr enable codifryed/CoolerControl
+sudo dnf install coolercontrol
+sudo systemctl enable --now coolercontrold

fedora-bootstrap/manual/upscayl.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+sudo flatpak install flathub org.upscayl.Upscayl

fedora-bootstrap/packages/qemu-kvm.sh

@@ -4,8 +4,8 @@ if [ "$SETUP_WORKSTATION" != "true" ]; then
     return 0
 fi
 
-echo "${INSTALLING_PRE_TEXT} qemu-kvm virt-manager bridge-utils libvirt"
-eval "sudo dnf install qemu-kvm virt-manager libvirt bridge-utils -y $OUTPUT_CONTROL"
+echo "${INSTALLING_PRE_TEXT} qemu-kvm virt-manager bridge-utils libvirt virt-viewer"
+eval "sudo dnf install qemu-kvm virt-manager libvirt bridge-utils virt-viewer -y $OUTPUT_CONTROL"
 
 
 if [ -z "$MAIN_USER" ]; then

fedora-bootstrap/settings.sample.conf

@@ -19,7 +19,7 @@ SETUP_CORE_TTY=true
 SETUP_CORE_GUI=true
 
 ## Work Systems - Do we work on this device?
-### docker, docker-compose, LibreOffice, nmap, qemu-kvm, virt-manager, drawio
+### docker, docker-compose, LibreOffice, nmap, remmina, qemu-kvm, virt-manager, drawio
 SETUP_WORKSTATION=true
 
 ## Personal Use - Do we use this device for personal things?