arch_config.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162

#/bin/bash
clear
#************************************************************************************Print old information
if [[ -f "/root/info" ]]; then
    name1=$(awk 'NR==1 {print $1}' /root/info)
    disk1=$(awk 'NR==2 {print $1}' /root/info)
    boot1=$(awk 'NR==3 {print $1}' /root/info)
    encrypt1=$(awk 'NR==4 {print $1}' /root/info)
    euuid=$(sed -n '5p' /root/info)
    efistub=$(awk 'NR==6 {print $1}' /root/info)
    minisys=$(awk 'NR==7 {print $1}' /root/info)
    root1=$(sed -n '8p' /root/info)

    echo '--------------System Information--------------'
    if [[ -d "/sys/firmware/efi" ]]; then
        echo 'UEFI      = ON'
    else
        echo 'UEFI      = OFF'
    fi
    if [[ $efistub = 1 ]]; then
        echo 'EFIstub   = ON'
    else
        echo 'EFIstub   = OFF'
    fi
    if [[ $minisys = 1 ]]; then
        echo 'Minisys   = ON'
    else
        echo 'Minisys   = OFF'
    fi
    if [[ $encrypt1 = 1 ]]; then
        echo 'Encrypt   = ON'
        echo "Enc UUID  = $(sed -n '5p' /root/info)"
    else
        echo 'Encrypt   = OFF'
    fi
    echo -e "HOOKs     = \e[33m$(sed -n '55p' /etc/mkinitcpio.conf | awk -F= '{print $2}')\e[0m"
    echo -e "SSH file  = \e[33m$(sed -n '33p' /etc/ssh/sshd_config)\e[0m"
    echo -e "Localtime = \e[33m$(date +%H:%M\ \ \ %Y/%m/%d)\e[0m"
    echo -e "Sudoers   = \e[33m$(sed -n '125p' /etc/sudoers)\e[0m"
    echo -e "Shell     = \e[33m$(echo $SHELL)\e[0m"
    if [[ -f "/etc/default/grub" ]]; then
        echo -e "GRUB time = \e[33m$(sed -n '4p' /etc/default/grub)\e[0m"
        echo -e "GRUB UUID = \e[33m$(sed -n '7p' /etc/default/grub)\e[0m"
    fi
    if [[ -f "/etc/vconsole.conf" ]]; then
        echo -e "Font size = \e[33m$(cat /etc/vconsole.conf)\e[0m"
    fi
    echo '----------------------------------------------'
else
    echo 'No info file'
    exit 1
fi
read -p 'Continue: (YES/NO) ' ask_continue
if [[ $ask_continue != YES ]]; then
    echo -e "\e[31mAborted ...\e[0m"
    exit 1
fi
#************************************************************************************Change information
if [[ -f "/root/info" ]]; then
    if [[ $efistub = 1 ]]; then #----------------------------------------------------------EFI Stub
        if [[ $encrypt1 = 1 ]]; then #-------------------------------EFI Stub Encrypt
            efibootmgr --create --disk $disk1 --part $boot1 --label "Arch Linux LTS" --loader \vmlinuz-linux-lts --unicode "rd.luks.name=${euuid}=system root=/dev/mapper/OS-ROOT rw rd.luks.options=password-echo=no initrd=\initramfs-linux-lts.img"
            echo "efibootmgr --create --disk $disk1 --part $boot1 --label \"Arch Linux LTS\" --loader \vmlinuz-linux-lts --unicode \"rd.luks.name=${euuid}=system root=/dev/mapper/OS-ROOT rw rd.luks.options=password-echo=no initrd=\initramfs-linux-lts.img\"" > /boot/EFIstub
            sed -i '55d' /etc/mkinitcpio.conf
            sed -i '55i HOOKS=(base systemd autodetect microcode modconf kms keyboard keymap sd-vconsole block sd-encrypt lvm2 filesystems fsck)' /etc/mkinitcpio.conf
        else #-------------------------------------------------------EFI Stub
            efibootmgr --create --disk $disk1 --part $boot1 --label "Arch Linux LTS" --loader \vmlinuz-linux-lts --unicode "root=${root1} rw initrd=\initramfs-linux-lts.img"
            echo "efibootmgr --create --disk $disk1 --part $boot1 --label \"Arch Linux LTS\" --loader \vmlinuz-linux-lts --unicode \"root=${root1} rw initrd=\initramfs-linux-lts.img\"" > /boot/EFIstub
        fi
    else #---------------------------------------------------------------------------------GRUB
        sed -i '4d' /etc/default/grub
        sed -i '4i GRUB_TIMEOUT=0' /etc/default/grub
        if [[ $encrypt1 = 1 ]]; then #-------------------------------GEUB Encrypt
            sed -i '7d' /etc/default/grub
            sed -i "7i GRUB_CMDLINE_LINUX=cryptdevice=UUID=${euuid}:SYSTEM root=/dev/mapper/os-root" /etc/default/grub
            sed -i '55d' /etc/mkinitcpio.conf
            sed -i '55i HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt lvm2 filesystems fsck)' /etc/mkinitcpio.conf
        fi
        if [ -d "/sys/firmware/efi" ]; then #------------------------UEFI
            echo -e "\e[32mUEFI\e[0m"
            grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=Unix
            echo -e "\e[32mgrub installed\e[0m"
            grub-mkconfig -o /boot/grub/grub.cfg
            echo -e "\e[32mgrub.cfg installed\e[0m"
        else #-------------------------------------------------------BIOS
            echo -e "\e[32mBIOS\e[0m"
            grub-install --target=i386-pc /dev/vda
            echo -e "\e[32mgrub installed\e[0m"
            grub-mkconfig -o /boot/grub/grub.cfg
            echo -e "\e[32mgrub.cfg installed\e[0m"
        fi
    fi
    if [[ $minisys != 1 ]]; then
        #systemctl enable docker >/dev/null 2>&1
        #systemctl enable fail2ban >/dev/null 2>&1
        #systemctl enable nginx >/dev/null 2>&1
        mkdir /etc/nginx/conf.d
        sed -i '22a \ \ \ \ include /etc/nginx/conf.d/*.conf;' /etc/nginx/nginx.conf
        curl https://sh.lihanzhang.cn/arch/fail2ban.conf -so /etc/fail2ban/jail.conf
    fi
else
    echo 'No info file'
fi

#------------------------------------------------------------------------------Common Services
#Change SSH
sed -i '33d' /etc/ssh/sshd_config
sed -i '33i PermitRootLogin yes' /etc/ssh/sshd_config
#Change issue
echo Welcome back > /etc/issue
#Change hostname
echo $name1 > /etc/hostname
#Change time
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
#Change font
echo 'FONT=ter-v28b' > /etc/vconsole.conf
#Change sudoers file
sed -i '125d' /etc/sudoers
sed -i '125i %wheel ALL=(ALL:ALL) ALL' /etc/sudoers
#enable ssh networkmanager
systemctl enable sshd >/dev/null 2>&1
systemctl enable NetworkManager >/dev/null 2>&1
#Add my key
bash <(curl -sL sh.lihanzhang.cn/pub)
chsh -s /bin/zsh
ln -s /bin/vim /bin/vi
#Create my folder
mkdir /file
mkdir /www/log -p
mkdir /frp
#arch environment
mkdir -p ~/.local/bin
curl https://sh.lihanzhang.cn/arch/profile -so ~/.local/bin/.bashrc
curl https://sh.lihanzhang.cn/arch/zshrc -so ~/.zshrc
curl https://sh.lihanzhang.cn/arch/vimrc -so ~/.vimrc
#Add user
useradd -m olivia -G wheel
mkdir -p /home/olivia/.local/bin
curl https://sh.lihanzhang.cn/arch/profile -so /home/olivia/.local/bin/.bashrc
curl https://sh.lihanzhang.cn/arch/zshrc -so /home/olivia/.zshrc
curl https://sh.lihanzhang.cn/arch/vimrc -so /home/olivia/.vimrc
chsh -s /bin/zsh olivia

mkinitcpio -p linux-lts
#************************************************************************************Print Changed information
echo '--------------System Information--------------'
echo -e "HOOKs     = \e[33m$(sed -n '55p' /etc/mkinitcpio.conf | awk -F= '{print $2}')\e[0m"
echo -e "SSH file  = \e[33m$(sed -n '33p' /etc/ssh/sshd_config)\e[0m"
echo -e "Issue     = \e[33m$(cat /etc/issue)\e[0m"
echo -e "Hostname  = \e[33m$(cat /etc/hostname)\e[0m"
echo -e "Localtime = \e[33m$(date +%H:%M\ \ \ %Y/%m/%d)\e[0m"
echo -e "Sudoers   = \e[33m$(sed -n '125p' /etc/sudoers)\e[0m"
echo -e "Shell     = \e[33m$(echo $SHELL)\e[0m"
echo -e "Font size = \e[33m$(cat /etc/vconsole.conf)\e[0m"
if [[ -f "/etc/default/grub" ]]; then
    echo -e "GRUB time = \e[33m$(sed -n '4p' /etc/default/grub)\e[0m"
    echo -e "GRUB UUID = \e[33m$(sed -n '7p' /etc/default/grub)\e[0m"
fi
echo '----------------------------------------------'
rm -rf /root/info
rm -rf /arch_config.sh
echo -e "\e[32m------Please change password------\e[0m"