hashipi

Raspberry Pi Test Cluster for HashiCorp Vault, Nomad and Consul
git clone https://git.in0rdr.ch/hashipi.git
Log | Files | Refs | Pull requests | README

bootstrap.sh (2174B)

      1 #!/usr/bin/env bash
      2 #
      3 # Packer shell provisioner for Arch Linux on Raspberry Pi
      4 #
      5 # set -o errexit
      6 # set -o nounset
      7 set -o xtrace
      8 
      9 # Set hostname
     10 echo "${HOSTNAME}" > /etc/hostname
     11 
     12 # Resolve hostname
     13 cat << EOF > /etc/hosts
     14 127.0.0.1        localhost
     15 ::1              localhost ip6-localhost ip6-loopback
     16 ff02::1          ip6-allnodes
     17 ff02::2          ip6-allrouters
     18 
     19 127.0.1.1        $HOSTNAME
     20 EOF
     21 
     22 # Install script to resize fs
     23 mv /tmp/resizerootfs.service /etc/systemd/system/
     24 chmod +x /tmp/resizerootfs
     25 mv /tmp/resizerootfs /usr/sbin/
     26 systemctl enable resizerootfs.service
     27 
     28 # Add HashiCorp repository
     29 wget -O- https://apt.releases.hashicorp.com/gpg \
     30  | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
     31 echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" \
     32  | tee /etc/apt/sources.list.d/hashicorp.list
     33 
     34 # Install packages
     35 apt-get update
     36 DEBIAN_FRONTEND=noninteractive apt-get install -y jq podman cloud-init \
     37  "nomad=${NOMAD_VERSION}-1"
     38 
     39 curl -L -o openbao.deb "https://github.com/openbao/openbao/releases/download/v${BAO_VERSION}/bao_${BAO_VERSION}_linux_arm64.deb"
     40 apt install ./openbao.deb
     41 
     42 # Configure insecure local registry
     43 cat << EOF > /etc/containers/registries.conf
     44 unqualified-search-registries = ['127.0.0.1:5000', 'haproxy.lan:5000', 'docker.io']
     45 
     46 [[registry]]
     47 location = "127.0.0.1:5000"
     48 insecure = true
     49 [[registry]]
     50 location = "haproxy.lan:5000"
     51 insecure = true
     52 EOF
     53 
     54 # Set up no-password sudo
     55 rm /etc/sudoers.d/010_pi-nopasswd
     56 echo '%sudo ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/010_all-nopasswd
     57 
     58 # Enable ssh and disable password auth
     59 touch /boot/ssh
     60 sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
     61 
     62 # Delete default user pi
     63 userdel -r pi
     64 
     65 # Create user
     66 useradd -m "${USERNAME}"
     67 usermod -aG sudo "${USERNAME}"
     68 
     69 # Setup ssh keys
     70 mkdir "/home/${USERNAME}/.ssh"
     71 touch "/home/${USERNAME}/.ssh/authorized_keys"
     72 cat << EOF > "/home/${USERNAME}/.ssh/authorized_keys"
     73 $AUTHORIZED_KEYS
     74 EOF
     75 
     76 chown -R $USERNAME "/home/${USERNAME}/.ssh"
     77 chmod 700 "/home/${USERNAME}/.ssh"
     78 chmod 600 "/home/${USERNAME}/.ssh/authorized_keys"