From 3965991413ce17e166754077e66a51edf4a6e3db Mon Sep 17 00:00:00 2001
From: Fred Boniface <fred@fjla.uk>
Date: Sat, 19 Jul 2025 11:41:22 +0100
Subject: [PATCH] Add keys, certificates and init.sh

---
 files/ca.crt         | 26 ++++++++++++++++++
 files/fb_ed25519.pub |  1 +
 index.html           | 15 +++++++++-
 scripts/init.sh      | 65 ++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 106 insertions(+), 1 deletion(-)
 create mode 100644 files/ca.crt
 create mode 100644 files/fb_ed25519.pub
 create mode 100644 scripts/init.sh

diff --git a/files/ca.crt b/files/ca.crt
new file mode 100644
index 0000000..9f9ba39
--- /dev/null
+++ b/files/ca.crt
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEUzCCArugAwIBAgIQEUMIwJiBP4hA3Vph5tWmgDANBgkqhkiG9w0BAQsFADAz
+MREwDwYDVQQKDAhGSkxBLk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9y
+aXR5MB4XDTI1MDcxODA5NDg1M1oXDTQ1MDcxODA5NDg1M1owMzERMA8GA1UECgwI
+RkpMQS5ORVQxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCAaIwDQYJ
+KoZIhvcNAQEBBQADggGPADCCAYoCggGBAKugViy/d9OOjWXeGSm1ykY8xrhKg+4t
+OaTOQG8aa5SHHxSm9k8JAAB53ZPUJbOQ258ODRIfAEYBf0gJSfP7FVP54Yab2f9K
+wLOVehzj81nxHsE35JpCr9AvfP0eVyUfMvLCmmcEXUwQZWYySivVeQ1VUger8eFS
+sPOJUpjxysRujp2Z9cthU9ACNF7dpoUWkSTOFs22lj1GM6594s2NWWtixJTUOcIX
+DQsY3euW6cvPXTIvFw0mychEReArD4BT73yX4wf9hHK2CIQHb2JlOOCOaqxkKO0G
+z+zWxIq/Eix7AhVnVRFQ+M1N1OpyCOknbcfMKlfRa+GsiBb7cX/E9BqWuSCCBF1c
+jb9P0/ZfPUSR2DxEM3hv0VKAYMN0sEZ0+OaJY2pZql0MKqZ0V7BKFtY9qbFTanc0
+U8sdF7A1/K8JdyNJjXbyi/ewbbGwZuhDyh/UhGi2pSOPwkjP+8bg8fGNENqBemQD
+XvgPG3yM1YGeGj46eE/9QA0TAFolaqrrvQIDAQABo2MwYTAdBgNVHQ4EFgQUcF7t
+81lNhiWgRmh+tYhvFXHxouMwHwYDVR0jBBgwFoAUcF7t81lNhiWgRmh+tYhvFXHx
+ouMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwDQYJKoZIhvcNAQEL
+BQADggGBAH+wMwlnLZSk8kaMcQxY+GLcdQz1KZTrbAXYRHH6ujrI2Hn6jN8ofySv
+qRy7kLMa9UTIeCZkGOyOyaCFFIcDbzd5Da1mihEefaZd30qT9topujq5i/UtgDDy
+E4B4OGZOklf3kqacRG6vEkNrLZe9VFeTK3vNSyQ7CMhqE6+7IgWTZHmjaXEZuHQR
+B81gp1VnMruAT0Cp/9rlfTBN3jrr4gAyVt3H0y2EBUwiNbB3gOGjke64SfElwTKC
+cO2uE+swt8o2n4jvU1rbGkilAJvQ+1C3bGjPW0jAB4/27AyndksDXqDNUplHkNdi
+sw7IJCOtSvuAnR8/PFN6wCMPxVpituMWrRCGKiN7ItmovZGJRUfh9BNzn3isoO2a
+5NjZOboBFBsQmbewzVo568a2oP1H+Z1F5LozdEZdO23kSXhKamPY5wnRV/MQV8Rk
+bsYtxLfK3hjP18NFYWriaxAH0Ie7E6ZDmQSC3Yo/KDnC609mGX+oe1c960cy7bHs
+nItquN7hNA==
+-----END CERTIFICATE-----
diff --git a/files/fb_ed25519.pub b/files/fb_ed25519.pub
new file mode 100644
index 0000000..eac1b2c
--- /dev/null
+++ b/files/fb_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQad6se97C/WF58JCRcLCbSPSci/5m1au8f0wkxI2eq Fred Boniface
diff --git a/index.html b/index.html
index 62b453b..f80f536 100644
--- a/index.html
+++ b/index.html
@@ -14,6 +14,16 @@
         </style>
     </head>
     <body>
+        <h1>Files</h1>
+        <h2>Non-script downloads</h2>
+        <ul>
+            <li>
+                <a href="files/fb_ed25519.pub">Fred Boniface ed25519 Public Key</a>
+            </li>
+            <li>
+                <a href="/files/ca.crt">FJLA IPA CA CRT</a>
+            </li>
+        </ul>
         <h1>Scripts</h1>
         <h2>A collection of downloadable scripts</h2>
         <ul>
@@ -30,7 +40,10 @@
                 <a href="scripts/regain">regain - Search folders below working directory and call regainer on each album found</a>
             </li>
             <li>
-                <a href="install.pl">install.pl - Install Regain, Regainer & ds on to any Linux distribution (For Ansible Runs)</a>
+                <a href="/scripts/init.sh">init.sh - Initialise a host for IPA and Ansible integration</a>
+            </li>
+            <li>
+                <a href="install.pl">install.pl - Install Regain, Regainer & ds on to any Linux distribution indepotently</a>
             </li>
         </ul>
     </body>
diff --git a/scripts/init.sh b/scripts/init.sh
new file mode 100644
index 0000000..33d958d
--- /dev/null
+++ b/scripts/init.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+
+# Check if run as root
+if [ "$(id -u)" -ne 0 ]; then
+    echo "Please run as root or with sudo."
+    exit 1
+fi
+
+SERVICE_ANSIBLE_PUBKEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8oPUWqanJDPGw8wuXSRR3YtgKpiQvWXvkSWROX3f0n service-ansible"
+
+install_packages_apt() {
+    apt update
+    apt install -y freeipa-client oddjob-mkhomedir chrony
+}
+
+install_packages_dnf() {
+    dnf -y install freeipa-client oddjob-mkhomedir chrony
+}
+
+add_ansible_key() {
+    mkdir -p /home/service-ansible/.ssh
+    echo "$SERVICE_ANSIBLE_PUBKEY" >> /home/service-ansible/.ssh/authorized_keys
+    chown -R service-ansible:service-ansible /home/service-ansible
+    chmod 0711 /home/service-ansible
+    chmod 0700 /home/service-ansible/.ssh
+    chmod 0600 /home/service-ansible/.ssh/authorized_keys
+}
+
+set_hostname() {
+    current_hostname=$(hostname)
+    if [[ $current_hostname != *.* ]]; then
+        echo "Current hostname doesn't contain a domain."
+        new_hostname="$current_hostname.fjla.net"
+        read -p "Set hostname to $new_hostname? (y/n): " set_new
+        if [[ $set_new = "y" ]]; then
+            hostnamectl set-hostname --static "$new_hostname"
+        else
+            read -p "Enter hostname (including domain): " new_hostname
+            hostnamectl set-hostname --static "$new_hostname"
+        fi
+    else
+        echo "Hostname set to: $current_hostname"
+    fi
+}
+
+main() {
+    if command -v apt &> /dev/null; then
+        install_packages_apt
+    elif command -v dnf &> /dev/null; then
+        install_packages_dnf
+    else
+        echo "Unsupported package manager."
+        exit 1
+    fi
+
+    set_hostname
+    ipa-client-install --domain=fjla.net --mkhomedir --ntp-server=time.fjla.net --ssh-trust-dns --all-ip-addresses --enable-dns-updates
+
+    add_ansible_key
+
+    echo "If no errors were encountered, the next Ansible run will complete the configuration of the host"
+    echo "Ensure that the host is in the Ansible Hosts file"
+}
+
+main
\ No newline at end of file