-
Notifications
You must be signed in to change notification settings - Fork 0
/
bootstrap.sh
executable file
·225 lines (200 loc) · 7.68 KB
/
bootstrap.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
#!/usr/bin/env bash
# To make it easy, these are just copy-pasta of the appropriate snippets from the documentation
# for installing from apt-repos from the tool website.
# I wouldn't have mixed & matched wget + curl...
set -eo pipefail
PRE_REQ_TOOLS="apt-transport-https ca-certificates curl gnupg wget software-properties-common"
DOCKER_TOOL_LIST="docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin"
BASELINE_TOOL_LIST="vim nfs-common unison direnv git zoxide jq tidy kubectl helm gh jq pipx trivy net-tools zip unzip libarchive-tools"
JOB_SUMMARY=""
# shellcheck disable=SC2089
DOCKER_USE_WINCREDS='
{
"credsStore": "wincred.exe"
}
'
WSL_CONF='
[boot]
systemd=true
'
append_with_newline() {
printf -v "$1" '%s\n%s' "${!1}" "$2"
}
download_keyrings() {
local url=$1
local name=$2
local file="/usr/share/keyrings/$name.gpg"
curl -fsSL "$url" | gpg --no-tty --batch --dearmor | sudo dd of="$file" && sudo chmod go+r "$file"
}
# docker
repo_docker() {
local distro_name="$1"
download_keyrings "https://download.docker.com/linux/$distro_name/gpg" "docker"
# shellcheck disable=SC1091
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/$distro_name \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" |
sudo tee /etc/apt/sources.list.d/docker.list >/dev/null
}
# trivy.
# some shenanigans because trivy doesn't always update its repo releases
# in good time.
# distro-info is available in ubuntu, but must be explicitly installed in debian
# probably not worth it, but if we did we could...
# distro-info --supported | sed -n "/$(lsb_release -sc)/q;p" | tac
# and iterate.
repo_trivy() {
download_keyrings "https://aquasecurity.github.io/trivy-repo/deb/public.key" "trivy"
local trivy_fallback=""
local current_release=""
current_release=$(lsb_release -sc)
if [[ "$1" == "ubuntu" ]]; then
# focal -> jammy -> noble
trivy_fallback="jammy"
else
# buster -> bullseye -> bookworm
trivy_fallback="bullseye"
fi
local repo_name="$current_release"
if ! curl -fsSL "https://raw.githubusercontent.com/aquasecurity/trivy-repo/main/deb/dists/$current_release/Release" >/dev/null 2>&1; then
repo_name="$trivy_fallback"
fi
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $repo_name main" | sudo tee /etc/apt/sources.list.d/trivy.list
}
# kubectl
repo_kubectl() {
download_keyrings https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key "kubernetes"
echo 'deb [signed-by=/usr/share/keyrings/kubernetes.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
}
# helm
repo_helm() {
download_keyrings https://baltocdn.com/helm/signing.asc "helm"
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
}
# gh cli
repo_ghcli() {
curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli.gpg && sudo chmod go+r /usr/share/keyrings/githubcli.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list
}
# wsl utilities
repo_wslutilities() {
download_keyrings https://pkg.wslutiliti.es/public.key "wslutilities"
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/wslutilities.gpg] https://pkg.wslutiliti.es/debian $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/wslutilities.list
}
install_vscode() {
if [[ -z "$WSL_DISTRO_NAME" && -n "${XDG_CURRENT_DESKTOP}" ]]; then
vscode_deb=$(mktemp --tmpdir vscode.XXXXX.deb)
wget -q -O "$vscode_deb" "https://code.visualstudio.com/sha/download?build=stable&os=linux-deb-x64"
sudo apt -y install "$vscode_deb"
fi
}
install_docker() {
if [[ -z "$SKIP_DOCKER" && -z "$DPM_SKIP_DOCKER" ]]; then
# shellcheck disable=SC2086
sudo apt -y install $DOCKER_TOOL_LIST
sudo groupadd docker || true
sudo usermod -aG docker "$USER"
# If we're on windows then we can use the docker credential helper
if [[ -n "$WSL_DISTRO_NAME" ]]; then
wincred_version=$(curl -fsSL -o /dev/null -w "%{url_effective}" https://github.com/docker/docker-credential-helpers/releases/latest | xargs basename)
mkdir -p ~/.local/bin
mkdir -p ~/.docker
curl -fSsL -o ~/.local/bin/docker-credential-wincred.exe \
"https://github.com/docker/docker-credential-helpers/releases/download/${wincred_version}/docker-credential-wincred-${wincred_version}.windows-$(dpkg --print-architecture).exe"
chmod +x ~/.local/bin/docker-credential-wincred.exe
echo "$DOCKER_USE_WINCREDS" >~/.docker/config.json
if [[ ! -f /etc/wsl.conf ]]; then
echo "$WSL_CONF" | sudo tee /etc/wsl.conf
append_with_newline JOB_SUMMARY ">>> /etc/wsl.conf modified, you need to restart WSL"
fi
fi
fi
}
action_help() {
cat <<EOF
New Ubuntu Machine bootstrap; some attention required
Usage: $(basename "$0") repos | baseline | help
repos : First things first
baseline : Setup baseline tools required
# After this there's 'just xxx'
help : Show this help
EOF
exit 1
}
action_repos() {
local distro_name="$1"
# shellcheck disable=SC2086
sudo apt install -y $PRE_REQ_TOOLS
repo_kubectl "$distro_name"
repo_helm "$distro_name"
repo_ghcli "$distro_name"
repo_docker "$distro_name"
repo_trivy "$distro_name"
if [[ "$distro_name" == "ubuntu" ]]; then
sudo add-apt-repository -y ppa:git-core/ppa
fi
if [[ -n "$WSL_DISTRO_NAME" && "$distro_name" == "debian" ]]; then
repo_wslutilities
fi
sudo apt update
}
action_baseline() {
local distro_name="$1"
# shellcheck disable=SC2086
sudo apt install -y $BASELINE_TOOL_LIST
pipx install gh-release-install
if ! which just >/dev/null 2>&1; then
# Oneshot install that we know works for us.
"$HOME/.local/bin/gh-release-install" "casey/just" "just-1.25.2-x86_64-unknown-linux-musl.tar.gz" "$HOME/.local/bin/just" --version "1.25.2" --extract just
fi
install_vscode "$distro_name"
install_docker "$distro_name"
if [[ -n "$WSL_DISTRO_NAME" ]]; then
sudo apt install -y wslu
# Having wslview in debian & ubuntu can cause trouble with binfmt
# stop systemctl from starting binfmt.
# c.f. : https://github.com/microsoft/WSL/issues/8843
# https://github.com/microsoft/WSL/issues/8986
sudo systemctl mask systemd-binfmt.service
# Could also 'force' it to work.
# echo ":WSLInterop:M::MZ::/init:PF" | sudo tee /usr/lib/binfmt.d/WSLInterop.conf
# sudo apt install binfmt-support
# sudo systemctl restart binfmt-support
# sudo systemctl restart systemd-binfmt || true
append_with_newline JOB_SUMMARY ">>> You might need to restart WSL for binfmt changes to take effect"
fi
# Get 'column' etc.
if [[ "$distro_name" == "debian" ]]; then
sudo apt install -y bsdextrautils
fi
}
distro_name() {
if [[ -e "/etc/os-release" ]]; then
# shellcheck disable=SC1091
release=$(. /etc/os-release && echo "$ID" | tr '[:upper:]' '[:lower:]')
else
release=$(lsb_release -si | tr '[:upper:]' '[:lower:]') || true
fi
echo "$release"
}
DISTRO_NAME=$(distro_name)
if [[ "$(uname -o | tr '[:upper:]' '[:lower:]')" == "msys" ]]; then
echo "Try again on WSL2+Ubuntu"
exit 1
fi
case "$DISTRO_NAME" in
ubuntu | debian) ;;
*)
echo "Try again on Ubuntu or Debian"
exit 1
;;
esac
ACTION=$1 || true
ACTION=${ACTION:-"help"}
case $ACTION in
repos | baseline | help) ;;
*)
ACTION="help"
;;
esac
action_"$ACTION" "$DISTRO_NAME"
printf "%s\n" "$JOB_SUMMARY"