#!/bin/bash echo "Welcome to the Rocky Linux to Koozali SME Server script. Are you sure you have at least one ethernet interface before proceeding ? Hit Ctrl+C if unsure, press 'enter' if you are OK to proceed." read testme echo "disabling and removing SELinux" sed -i -e 's/rhgb quiet/selinux=0/g' /boot/grub2/grub.cfg sed -i -e 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config setenforce 0 dnf remove selinux-policy-targeted setroubleshoot-server -y 1>/dev/null echo "copy of current network config in root/rocky2sme-prenetwork" ip address > /root/rocky2sme-prenetwork ; ip route >>/root/rocky2sme-prenetwork echo "##########################################################################" echo "setting dnf repo for SME Server" mkdir -p /tmp/repo.bak mv /etc/yum.repos.d/*.repo /tmp/repo.bak/ cp /etc/yum.prosmerepos.d/* /etc/yum.repos.d/ echo "##########################################################################" echo "importing rpm gpg keys" #yum install wget -y 1>/dev/null for i in $( ls /usr/share/doc/smeserver-rocky2sme/keys ); do rpm --import /usr/share/doc/smeserver-rocky2sme/keys/$i done echo "##########################################################################" echo "cleaning dnf cache" dnf --enablerepo=* clean all 1>/dev/null echo "##########################################################################" echo "dnf upgrade to install last updates, this may take a while, output is hidden unless there is an error, be patient:" yum upgrade -y 1>/dev/null # they might have come back with upgrade... rm /etc/yum.repos.d/Rocky*.repo -rf echo "##########################################################################" echo "dnf set modules:" dnf module switch-to -y php:remi-8.4 #dnf module switch-to -y imariadb:10.5 dnf module disable mariadb dnf module switch-to -y python36:3.6 dnf module enable -y redis:remi-7.2 dnf module enable -y httpd:2.4 dnf module enable -y perl:5.26 dnf module enable -y perl-DBD-MySQL:4.046 dnf module enable -y perl-DBD-SQLite:1.58 dnf module enable -y perl-DBI:1.641 dnf module enable -y perl-IO-Socket-SSL:2.066 dnf module enable -y perl-libwww-perl:6.34 dnf module enable -y squid:4 dnf module enable -y container-tools:rhel8 dnf module enable -y nginx:1.14 dnf module enable -y freeradius:3.0 echo "##########################################################################" echo "dnf install, installing SME Server ... this may take a while:" dnf install @smeserver -y # check if [[ -f /sbin/e-smith/console ]]; then echo "... all seems good untill now" else echo "... exiting something is missing, try again dnf --disablerepo=* --enablerepo=smeos install @smeserver -y" exit 1 fi echo "##########################################################################" echo "dnf upgrade" dnf upgrade -y 1>/dev/null echo "##########################################################################" echo "starting runit, so we can run a few services" /usr/bin/systemctl restart runit.service echo "##########################################################################" echo "cleaning /var/service/" find /var/service/ -type f -iname control -exec rm {} \; echo "##########################################################################" echo "starting syslog" /usr/bin/systemctl restart rsyslog echo "##########################################################################" echo "running post-install event for SME..." echo "but before, we unlink the S10init-passwords action" unlink /etc/e-smith/events/post-install/S10init-passwords /sbin/e-smith/signal-event post-install echo "##########################################################################" echo "set admin password as set, to avoid locking you on reboot" #need syslog to work. so just in case #/etc/init.d/rsyslog restart /usr/bin/systemctl restart rsyslog /sbin/e-smith/db accounts setprop admin PasswordSet yes /sbin/e-smith/db configuration set PasswordSet yes /sbin/e-smith/db configuration setprop bootstrap-console Restore disabled echo "... as we copy your current root password as admin password" # here copy root password to admin user !!! grep $USER /etc/shadow | cut -f 2 -d ':'>/tmp/encrypted usermod -p $(cat /tmp/encrypted) admin rm /tmp/encrypted -f echo "... if access to server manager fails with admin, log to cli as root and do :" echo "passwd admin" # to test, there is chances it is salted, alternatively # echo "Please give now the password for the created admin user :" # passwd admin echo "##########################################################################" echo "Cleaning /service subfolders" find /var/service/ -type f -iname control -exec rm {} \; echo "##########################################################################" echo "force quota check" touch /forcequotacheck #restart rsyslogd service in case , as console needs it to run... echo "##########################################################################" echo "retarting syslog" /usr/bin/systemctl restart rsyslog.service echo "##########################################################################" echo "now time to configure your server using the SME Server console" /usr/bin/perl -Mesmith::console -Mesmith::console::configure -e "esmith::console::configure->new->doit(esmith::console->new,esmith::ConfigDB->open)" echo "##########################################################################" echo "set SSHD to accept root login with rsa key" /sbin/e-smith/db configuration setprop sshd status enabled PermitRootLogin yes access public /sbin/e-smith/expand-template /etc/ssh/ssh_config /sbin/e-smith/expand-template /etc/ssh/sshd_config /usr/bin/systemctl restart sshd.service # a sshd reload does not regenerate the keys and failed # doing one after to do the rest (masq etc.) /sbin/e-smith/signal-event remoteaccess-update echo "##########################################################################" echo "Enable access to server-manager to the following IPs:" echo "Please type IP.IP.IP.IP/255.255.255.255,IP2.IP2.IP2.IP2/255.255.255.255 to allow access to the manager from the desired IP. Leave blank if you do want to have access to the manager from outside the lan. Fill with 0.0.0.0/0.0.0.0 if you live on the edge!" read validfrom if [ ! -z "$validfrom" ]; then /sbin/e-smith/db configuration setprop httpd-admin ValidFrom $validfrom /sbin/e-smith/signal-event post-upgrade else echo "nothing to do" fi echo "##########################################################################" echo "Last cleaning:" # last tidying find /var/service/ -type f -iname control -exec rm {} \; # just in case before reboot /sbin/e-smith/db configuration set PasswordSet yes /sbin/e-smith/db configuration setprop bootstrap-console Restore disabled echo "##########################################################################" echo "you just have to issue a '/sbin/e-smith/signal-event reboot'; or simply 'reboot' and enjoy your SME" echo "But before that, are you sure you have added a working SSH key to ~/.ssh/authorized_keys ?" echo "##########################################################################" # some fixup to have a minimal working system /usr/bin/systemctl restart network wan tinydns dnscache dnscache.forwarder dhcpd /usr/bin/systemctl restart httpd-e-smith smanager # fix radiusd not starting /sbin/e-smith/ignal-event smeserver-radiusd-update