1
1
sovereign-stack/management/provision.sh

62 lines
1.9 KiB
Bash
Raw Normal View History

2023-02-01 19:44:05 +00:00
#!/bin/bash
2023-03-05 16:50:22 +00:00
set -e
2023-02-01 19:44:05 +00:00
cd "$(dirname "$0")"
# NOTE! This script MUST be executed as root.
sudo apt-get update
2023-03-16 19:50:02 +00:00
sudo apt-get install -y ca-certificates curl gnupg lsb-release htop
2023-02-01 19:44:05 +00:00
sudo mkdir -m 0755 -p /etc/apt/keyrings
2023-02-01 19:44:05 +00:00
# add the docker gpg key to keyring for docker-ce-cli
if [ ! -f /etc/apt/keyrings/docker.gpg ]; then
cat /home/ubuntu/sovereign-stack/certs/docker.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null 2>&1
fi
# TODO REVIEW mgmt software requirements
sudo apt-get update
sudo apt-get install -y wait-for-it dnsutils rsync sshfs apt-transport-https docker-ce-cli libcanberra-gtk-module snapd nano git
2023-02-01 19:44:05 +00:00
sleep 10
2023-02-01 19:44:05 +00:00
# #apt install python3-pip python3-dev libusb-1.0-0-dev libudev-dev pinentry-curses for trezor stuff
# # for trezor installation
# #pip3 install setuptools wheel
# #pip3 install trezor_agent
# # ensure the trezor-t udev rules are in place.
# # if [ ! -f /etc/udev/rules.d/51-trezor.rules ]; then
# # sudo cp ./51-trezor.rules /etc/udev/rules.d/51-trezor.rules
# # fi
2023-02-01 19:44:05 +00:00
# install snap
if ! snap list | grep -q lxd; then
sudo snap install lxd
2023-02-01 19:44:05 +00:00
sleep 6
# We just do an auto initialization. All we are using is the LXD client inside the management environment.
sudo lxd init --auto
fi
# run a lxd command so we don't we a warning upon first invocation
lxc list > /dev/null 2>&1
# add groups for docker and lxd
2023-03-06 19:44:36 +00:00
if ! groups ubuntu | grep -q docker; then
sudo addgroup docker
sudo usermod -aG docker ubuntu
sudo usermod -aG lxd ubuntu
fi
2023-02-01 19:44:05 +00:00
# if an SSH pubkey does not exist, we create one.
if [ ! -f /home/ubuntu/.ssh/id_rsa.pub ]; then
# generate a new SSH key for the base vm image.
ssh-keygen -f /home/ubuntu/.ssh/id_rsa -t ecdsa -b 521 -N ""
fi
2023-03-06 19:44:36 +00:00
echo "Your management machine has been provisioned!"