76 lines
3.0 KiB
Bash
Executable File
76 lines
3.0 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# scripts/post-install.sh
|
|
# Runs inside the installed system after base Ubuntu install.
|
|
# Called by autoinstall late-commands as: curtin in-target -- bash /post-install.sh
|
|
|
|
set -euo pipefail
|
|
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
RED='\033[0;31m'
|
|
NC='\033[0m'
|
|
info() { echo -e "${GREEN}[+]${NC} $*"; }
|
|
warn() { echo -e "${YELLOW}[!]${NC} $*"; }
|
|
error() {
|
|
echo -e "${RED}[✗]${NC} $*"
|
|
exit 1
|
|
}
|
|
|
|
# ─── DOCKER ──────────────────────────────────────────────────────────────────
|
|
info "Installing Docker..."
|
|
install -m 0755 -d /etc/apt/keyrings
|
|
curl -fsSL https://download.docker.com/linux/ubuntu/gpg |
|
|
gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
|
chmod a+r /etc/apt/keyrings/docker.gpg
|
|
|
|
echo \
|
|
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
|
|
https://download.docker.com/linux/ubuntu \
|
|
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" \
|
|
>/etc/apt/sources.list.d/docker.list
|
|
|
|
apt-get update -qq
|
|
apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
|
|
|
|
usermod -aG docker alfoldi
|
|
systemctl enable docker
|
|
info "Docker installed."
|
|
|
|
# ─── HIMMELBLAU (Azure Entra ID) ─────────────────────────────────────────────
|
|
info "Installing Himmelblau..."
|
|
curl -fsSL https://packages.himmelblau-idm.org/stable/himmelblau.list |
|
|
tee /etc/apt/sources.list.d/himmelblau.list
|
|
apt-get update -qq
|
|
apt-get install -y himmelblau himmelblau-sshd-config
|
|
info "Himmelblau installed."
|
|
|
|
# ─── NIX + HOME-MANAGER ──────────────────────────────────────────────────────
|
|
info "Installing Nix (single-user) for alfoldi..."
|
|
sudo -u alfoldi bash -c \
|
|
"curl -L https://nixos.org/nix/install | sh -s -- --no-daemon"
|
|
|
|
info "Adding home-manager channel..."
|
|
sudo -u alfoldi bash -c "
|
|
source /home/alfoldi/.nix-profile/etc/profile.d/nix.sh
|
|
nix-channel --add https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz home-manager
|
|
nix-channel --update
|
|
"
|
|
|
|
info "Installing home-manager..."
|
|
sudo -u alfoldi bash -c "
|
|
source /home/alfoldi/.nix-profile/etc/profile.d/nix.sh
|
|
nix-shell '<home-manager>' -A install
|
|
"
|
|
info "Nix + home-manager installed."
|
|
|
|
# ─── SSH ─────────────────────────────────────────────────────────────────────
|
|
info "Enabling SSH..."
|
|
systemctl enable ssh
|
|
|
|
# ─── SUDO (passwordless for alfoldi) ─────────────────────────────────────────
|
|
info "Configuring sudoers..."
|
|
echo 'alfoldi ALL=(ALL) NOPASSWD:ALL' >/etc/sudoers.d/alfoldi
|
|
chmod 440 /etc/sudoers.d/alfoldi
|
|
|
|
info "Post-install complete ✓"
|