Add keys, certificates and init.sh

2025-07-19 11:41:22 +01:00 · 2025-07-19 11:41:22 +01:00 · 3965991413
commit 3965991413
parent f417ebe739
4 changed files with 106 additions and 1 deletions
--- a/files/ca.crt
+++ b/files/ca.crt
@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEUzCCArugAwIBAgIQEUMIwJiBP4hA3Vph5tWmgDANBgkqhkiG9w0BAQsFADAz
+MREwDwYDVQQKDAhGSkxBLk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9y
+aXR5MB4XDTI1MDcxODA5NDg1M1oXDTQ1MDcxODA5NDg1M1owMzERMA8GA1UECgwI
+RkpMQS5ORVQxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCAaIwDQYJ
+KoZIhvcNAQEBBQADggGPADCCAYoCggGBAKugViy/d9OOjWXeGSm1ykY8xrhKg+4t
+OaTOQG8aa5SHHxSm9k8JAAB53ZPUJbOQ258ODRIfAEYBf0gJSfP7FVP54Yab2f9K
+wLOVehzj81nxHsE35JpCr9AvfP0eVyUfMvLCmmcEXUwQZWYySivVeQ1VUger8eFS
+sPOJUpjxysRujp2Z9cthU9ACNF7dpoUWkSTOFs22lj1GM6594s2NWWtixJTUOcIX
+DQsY3euW6cvPXTIvFw0mychEReArD4BT73yX4wf9hHK2CIQHb2JlOOCOaqxkKO0G
+z+zWxIq/Eix7AhVnVRFQ+M1N1OpyCOknbcfMKlfRa+GsiBb7cX/E9BqWuSCCBF1c
+jb9P0/ZfPUSR2DxEM3hv0VKAYMN0sEZ0+OaJY2pZql0MKqZ0V7BKFtY9qbFTanc0
+U8sdF7A1/K8JdyNJjXbyi/ewbbGwZuhDyh/UhGi2pSOPwkjP+8bg8fGNENqBemQD
+XvgPG3yM1YGeGj46eE/9QA0TAFolaqrrvQIDAQABo2MwYTAdBgNVHQ4EFgQUcF7t
+81lNhiWgRmh+tYhvFXHxouMwHwYDVR0jBBgwFoAUcF7t81lNhiWgRmh+tYhvFXHx
+ouMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwDQYJKoZIhvcNAQEL
+BQADggGBAH+wMwlnLZSk8kaMcQxY+GLcdQz1KZTrbAXYRHH6ujrI2Hn6jN8ofySv
+qRy7kLMa9UTIeCZkGOyOyaCFFIcDbzd5Da1mihEefaZd30qT9topujq5i/UtgDDy
+E4B4OGZOklf3kqacRG6vEkNrLZe9VFeTK3vNSyQ7CMhqE6+7IgWTZHmjaXEZuHQR
+B81gp1VnMruAT0Cp/9rlfTBN3jrr4gAyVt3H0y2EBUwiNbB3gOGjke64SfElwTKC
+cO2uE+swt8o2n4jvU1rbGkilAJvQ+1C3bGjPW0jAB4/27AyndksDXqDNUplHkNdi
+sw7IJCOtSvuAnR8/PFN6wCMPxVpituMWrRCGKiN7ItmovZGJRUfh9BNzn3isoO2a
+5NjZOboBFBsQmbewzVo568a2oP1H+Z1F5LozdEZdO23kSXhKamPY5wnRV/MQV8Rk
+bsYtxLfK3hjP18NFYWriaxAH0Ie7E6ZDmQSC3Yo/KDnC609mGX+oe1c960cy7bHs
+nItquN7hNA==
+-----END CERTIFICATE-----
--- a/files/fb_ed25519.pub
+++ b/files/fb_ed25519.pub
@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQad6se97C/WF58JCRcLCbSPSci/5m1au8f0wkxI2eq Fred Boniface
--- a/index.html
+++ b/index.html
@ -14,6 +14,16 @@
        </style>
    </head>
    <body>
+        <h1>Files</h1>
+        <h2>Non-script downloads</h2>
+        <ul>
+            <li>
+                <a href="files/fb_ed25519.pub">Fred Boniface ed25519 Public Key</a>
+            </li>
+            <li>
+                <a href="/files/ca.crt">FJLA IPA CA CRT</a>
+            </li>
+        </ul>
        <h1>Scripts</h1>
        <h2>A collection of downloadable scripts</h2>
        <ul>
@ -30,7 +40,10 @@
                <a href="scripts/regain">regain - Search folders below working directory and call regainer on each album found</a>
            </li>
            <li>
-                <a href="install.pl">install.pl - Install Regain, Regainer & ds on to any Linux distribution (For Ansible Runs)</a>
+                <a href="/scripts/init.sh">init.sh - Initialise a host for IPA and Ansible integration</a>
+            </li>
+            <li>
+                <a href="install.pl">install.pl - Install Regain, Regainer & ds on to any Linux distribution indepotently</a>
            </li>
        </ul>
    </body>
--- a/scripts/init.sh
+++ b/scripts/init.sh
@ -0,0 +1,65 @@
+#!/bin/bash
+
+# Check if run as root
+if [ "$(id -u)" -ne 0 ]; then
+    echo "Please run as root or with sudo."
+    exit 1
+fi
+
+SERVICE_ANSIBLE_PUBKEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8oPUWqanJDPGw8wuXSRR3YtgKpiQvWXvkSWROX3f0n service-ansible"
+
+install_packages_apt() {
+    apt update
+    apt install -y freeipa-client oddjob-mkhomedir chrony
+}
+
+install_packages_dnf() {
+    dnf -y install freeipa-client oddjob-mkhomedir chrony
+}
+
+add_ansible_key() {
+    mkdir -p /home/service-ansible/.ssh
+    echo "$SERVICE_ANSIBLE_PUBKEY" >> /home/service-ansible/.ssh/authorized_keys
+    chown -R service-ansible:service-ansible /home/service-ansible
+    chmod 0711 /home/service-ansible
+    chmod 0700 /home/service-ansible/.ssh
+    chmod 0600 /home/service-ansible/.ssh/authorized_keys
+}
+
+set_hostname() {
+    current_hostname=$(hostname)
+    if [[ $current_hostname != *.* ]]; then
+        echo "Current hostname doesn't contain a domain."
+        new_hostname="$current_hostname.fjla.net"
+        read -p "Set hostname to $new_hostname? (y/n): " set_new
+        if [[ $set_new = "y" ]]; then
+            hostnamectl set-hostname --static "$new_hostname"
+        else
+            read -p "Enter hostname (including domain): " new_hostname
+            hostnamectl set-hostname --static "$new_hostname"
+        fi
+    else
+        echo "Hostname set to: $current_hostname"
+    fi
+}
+
+main() {
+    if command -v apt &> /dev/null; then
+        install_packages_apt
+    elif command -v dnf &> /dev/null; then
+        install_packages_dnf
+    else
+        echo "Unsupported package manager."
+        exit 1
+    fi
+
+    set_hostname
+    ipa-client-install --domain=fjla.net --mkhomedir --ntp-server=time.fjla.net --ssh-trust-dns --all-ip-addresses --enable-dns-updates
+
+    add_ansible_key
+
+    echo "If no errors were encountered, the next Ansible run will complete the configuration of the host"
+    echo "Ensure that the host is in the Ansible Hosts file"
+}
+
+main
				`@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQad6se97C/WF58JCRcLCbSPSci/5m1au8f0wkxI2eq Fred Boniface`