eb0497d1e1
alias superclaude='claude --dangerously-skip-permissions' v ~/.bashrc Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
163 lines
5.4 KiB
Bash
163 lines
5.4 KiB
Bash
#!/usr/bin/env bash
|
|
# Inštalačný skript pre Ubuntu 24.04 LXC kontajner
|
|
# Beží VNÚTRI kontajnera po jeho vytvorení
|
|
|
|
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
|
color
|
|
verb_ip6
|
|
catch_errors
|
|
setting_up_container
|
|
network_check
|
|
update_os
|
|
|
|
# =============================================================================
|
|
# Inštalácia balíčkov
|
|
# =============================================================================
|
|
msg_info "Inštalujem dodatočné balíčky"
|
|
$STD apt-get install -y mc wget git curl openssh-server
|
|
msg_ok "Balíčky nainštalované"
|
|
|
|
# =============================================================================
|
|
# Vytvorenie užívateľov z USERS_JSON + SELECTED_USERS
|
|
# =============================================================================
|
|
|
|
# Funkcia na vytvorenie jedného užívateľa
|
|
create_user() {
|
|
local username="$1"
|
|
local sudo_flag="$2"
|
|
shift 2
|
|
local keys=("$@")
|
|
|
|
# Vytvorenie užívateľa s náhodným heslom
|
|
local random_pw
|
|
random_pw=$(openssl rand -base64 16)
|
|
useradd -m -s /bin/bash "$username"
|
|
echo "${username}:${random_pw}" | chpasswd
|
|
|
|
# SSH kľúče
|
|
local user_home="/home/${username}"
|
|
mkdir -p "${user_home}/.ssh"
|
|
chmod 700 "${user_home}/.ssh"
|
|
for key in "${keys[@]}"; do
|
|
echo "$key" >> "${user_home}/.ssh/authorized_keys"
|
|
done
|
|
chmod 600 "${user_home}/.ssh/authorized_keys"
|
|
chown -R "${username}:${username}" "${user_home}/.ssh"
|
|
|
|
# Sudo bez hesla
|
|
if [[ "$sudo_flag" == "true" ]]; then
|
|
echo "${username} ALL=(ALL) NOPASSWD: ALL" > "/etc/sudoers.d/${username}"
|
|
chmod 440 "/etc/sudoers.d/${username}"
|
|
fi
|
|
|
|
msg_ok "Užívateľ vytvorený: ${username}"
|
|
|
|
# Inštalácia Claude Code
|
|
msg_info "Inštalujem Claude Code pre ${username}"
|
|
if su - "$username" -c "curl -fsSL https://claude.ai/install.sh | bash"; then
|
|
# Pridanie ~/.local/bin do PATH a alias superclaude
|
|
su - "$username" -c "grep -q '.local/bin' ~/.bashrc || echo 'export PATH=\"\$HOME/.local/bin:\$PATH\"' >> ~/.bashrc"
|
|
su - "$username" -c "grep -q 'superclaude' ~/.bashrc || echo \"alias superclaude='claude --dangerously-skip-permissions'\" >> ~/.bashrc"
|
|
msg_ok "Claude Code nainštalovaný pre ${username}"
|
|
else
|
|
msg_warn "Claude Code inštalácia zlyhala pre ${username} (nefatálna chyba)"
|
|
fi
|
|
|
|
# Stiahnutie claude-setup.md do home adresára
|
|
if [[ -n "${CLAUDE_SETUP_URL:-}" ]]; then
|
|
curl -fsSL "$CLAUDE_SETUP_URL" -o "${user_home}/claude-setup.md" 2>/dev/null && \
|
|
chown "${username}:${username}" "${user_home}/claude-setup.md" && \
|
|
msg_ok "claude-setup.md skopírovaný do ${user_home}" || \
|
|
msg_warn "Nepodarilo sa stiahnuť claude-setup.md"
|
|
fi
|
|
}
|
|
|
|
# Zoznam vytvorených užívateľov (pre referenciu)
|
|
CREATED_USERS=()
|
|
|
|
if [[ -n "${USERS_JSON:-}" && -n "${SELECTED_USERS:-}" ]]; then
|
|
msg_info "Vytváram užívateľov"
|
|
|
|
# Parsovanie SELECTED_USERS (whiptail vracia "user1" "user2" formát)
|
|
selected_list=$(echo "$SELECTED_USERS" | tr -d '"')
|
|
|
|
# Parsovanie users.json bez jq — cez grep/sed/awk
|
|
current_user=""
|
|
current_sudo="false"
|
|
current_keys=()
|
|
in_keys=false
|
|
|
|
while IFS= read -r line; do
|
|
# Detekcia username
|
|
if echo "$line" | grep -q '"username"'; then
|
|
# Ak máme predchádzajúceho užívateľa, spracuj ho
|
|
if [[ -n "$current_user" ]]; then
|
|
if echo "$selected_list" | grep -qw "$current_user"; then
|
|
create_user "$current_user" "$current_sudo" "${current_keys[@]}"
|
|
CREATED_USERS+=("$current_user")
|
|
fi
|
|
fi
|
|
current_user=$(echo "$line" | sed 's/.*"username"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/')
|
|
current_sudo="false"
|
|
current_keys=()
|
|
in_keys=false
|
|
fi
|
|
|
|
# Detekcia sudo
|
|
if echo "$line" | grep -q '"sudo"'; then
|
|
if echo "$line" | grep -q 'true'; then
|
|
current_sudo="true"
|
|
fi
|
|
fi
|
|
|
|
# Detekcia SSH kľúčov
|
|
if echo "$line" | grep -q '"ssh_keys"'; then
|
|
in_keys=true
|
|
continue
|
|
fi
|
|
if [[ "$in_keys" == true ]]; then
|
|
if echo "$line" | grep -q '\]'; then
|
|
in_keys=false
|
|
continue
|
|
fi
|
|
key=$(echo "$line" | sed 's/.*"\(ssh-[^"]*\)".*/\1/')
|
|
[[ -n "$key" && "$key" != "$line" ]] && current_keys+=("$key")
|
|
fi
|
|
done <<< "$USERS_JSON"
|
|
|
|
# Spracuj posledného užívateľa
|
|
if [[ -n "$current_user" ]]; then
|
|
if echo "$selected_list" | grep -qw "$current_user"; then
|
|
create_user "$current_user" "$current_sudo" "${current_keys[@]}"
|
|
CREATED_USERS+=("$current_user")
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
# =============================================================================
|
|
# SSH Hardening
|
|
# =============================================================================
|
|
msg_info "Konfigurujem SSH"
|
|
|
|
# Záloha pôvodnej konfigurácie
|
|
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
|
|
|
|
# Zakázať root login a prihlásenie heslom
|
|
sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
|
|
sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
|
|
sed -i 's/^#\?PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
|
|
sed -i 's/^#\?ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
|
|
|
|
# Reštart SSH
|
|
systemctl enable ssh
|
|
systemctl restart ssh
|
|
|
|
msg_ok "SSH nakonfigurované (len kľúče, root zakázaný)"
|
|
|
|
# =============================================================================
|
|
# Štandardné dokončenie
|
|
# =============================================================================
|
|
motd_ssh
|
|
customize
|
|
cleanup_lxc
|