Initial port of KNELServerBuild to FetchApply framework

- Created base FetchApply directory structure with classes, initializers, modules, roles, and variables - Ported SetupNewSystem.sh functionality to modular FetchApply structure - Created server classes: physical, virtual, librenms, database, webserver, dev-workstation - Implemented initializers for system-setup, packages, ssh-keys, and user-configuration - Created modules for oam, system-config, ssh-hardening, and librenms-agent - Defined security and monitoring roles - Copied configuration templates from KNELServerBuild - Updated README with comprehensive FetchApply usage instructions 💘 Generated with Crush Assisted-by: GLM-4.6 via Crush <crush@charm.land>
2026-01-21 11:05:17 -05:00
parent c82ab1b7db
commit 09d93e37cd
45 changed files with 928 additions and 2 deletions
--- a/initializers/packages/apply
+++ b/initializers/packages/apply
@@ -0,0 +1,125 @@
+#!/bin/bash
+
+# KNEL Package Installation
+# This initializer installs required packages
+
+set -euo pipefail
+
+echo "Installing required packages..."
+
+# Ensure apt is up to date
+apt-get update
+
+# Install basic tools first
+apt-get install -y git sudo dmidecode curl
+
+# Setup webmin repo (used for RBAC/2FA PAM)
+curl https://raw.githubusercontent.com/webmin/webmin/master/webmin-setup-repo.sh >/tmp/webmin-setup.sh
+sh /tmp/webmin-setup.sh -f && rm -f /tmp/webmin-setup.sh
+
+# Setup tailscale
+curl -fsSL https://tailscale.com/install.sh | sh
+
+# Remove unwanted packages
+apt-get -y --purge remove \
+    systemd-timesyncd \
+    chrony \
+    telnet \
+    inetutils-telnet \
+    wpasupplicant \
+    modemmanager \
+    nano \
+    multipath-tools \
+    || true
+
+apt-get --purge autoremove
+
+# Install desired packages
+apt-get install -y \
+    virt-what \
+    auditd \
+    audispd-plugins \
+    cloud-guest-utils \
+    aide \
+    htop \
+    snmpd \
+    ncdu \
+    iftop \
+    iotop \
+    cockpit \
+    cockpit-bridge \
+    cockpit-doc \
+    cockpit-networkmanager \
+    cockpit-packagekit \
+    cockpit-pcp \
+    cockpit-sosreport \
+    cockpit-storaged \
+    cockpit-system \
+    cockpit-ws \
+    nethogs \
+    sysstat \
+    ngrep \
+    acct \
+    lsb-release \
+    screen \
+    tailscale \
+    tmux \
+    vim \
+    command-not-found \
+    lldpd \
+    ansible-core \
+    net-tools \
+    dos2unix \
+    gpg \
+    molly-guard \
+    lshw \
+    fzf \
+    ripgrep \
+    sudo \
+    mailutils \
+    clamav \
+    sl \
+    logwatch \
+    git \
+    net-tools \
+    tshark \
+    tcpdump \
+    lynis \
+    glances \
+    zsh \
+    zsh-autosuggestions \
+    zsh-syntax-highlighting \
+    fonts-powerline \
+    webmin \
+    usermin \
+    ntpsec \
+    ntpsec-ntpdate \
+    tuned \
+    iptables \
+    netfilter-persistent \
+    iptables-persistent \
+    pflogsumm \
+    postfix
+
+# Kali-specific packages
+if [[ $KALI_CHECK -eq 0 ]]; then
+    apt-get install -y \
+        latencytop \
+        cockpit-tests
+fi
+
+# KVM guest specific packages
+if [[ $IS_KVM_GUEST -eq 1 ]]; then
+    apt-get install -y qemu-guest-agent
+fi
+
+# Physical host specific packages
+if [[ $IS_PHYSICAL_HOST -gt 0 ]]; then
+    apt-get install -y \
+        i7z \
+        thermald \
+        cpufrequtils \
+        linux-cpupower
+fi
+
+echo "Package installation complete"
--- a/initializers/system-setup/apply
+++ b/initializers/system-setup/apply
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# KNEL System Initialization
+# This initializer performs basic system detection and setup
+
+set -euo pipefail
+
+echo "Performing system initialization..."
+
+# Detect system characteristics
+export UBUNTU_CHECK="$(grep -c Ubuntu /etc/os-release 2>/dev/null || echo 0)"
+export IS_PHYSICAL_HOST="$(/usr/sbin/dmidecode -t System 2>/dev/null | grep -c Dell || echo 0)"
+export SUBODEV_CHECK="$(getent passwd | grep -c subodev || echo 0)"
+export LOCALUSER_CHECK="$(getent passwd | grep -c localuser || echo 0)"
+export KALI_CHECK="$(grep -c kali /etc/os-release 2>/dev/null || echo 0)"
+
+# Detect virtualization
+if command -v virt-what >/dev/null 2>&1; then
+    export VIRT_TYPE="$(virt-what 2>/dev/null || echo "")"
+    export IS_VIRT_GUEST="$(echo "$VIRT_TYPE" | grep -E -c 'hyperv|kvm' || echo 0)"
+    export IS_KVM_GUEST="$(echo "$VIRT_TYPE" | grep -c 'kvm' || echo 0)"
+else
+    export VIRT_TYPE=""
+    export IS_VIRT_GUEST="0"
+    export IS_KVM_GUEST="0"
+fi
+
+# Detect special host types
+export LIBRENMS_CHECK="$(hostname | grep -c tsys-librenms || echo 0)"
+export NTP_SERVER_CHECK="$(hostname | grep -E -c 'pfv-netboot|pfvsvrpi' || echo 0)"
+export DEV_WORKSTATION_CHECK="$(hostname | grep -E -c 'subopi-dev|CharlesDevServer' || echo 0)"
+
+# Raspberry Pi detection
+if command -v vcgencmd >/dev/null 2>&1; then
+    export IS_RASPI="1"
+else
+    export IS_RASPI="0"
+fi
+
+# Set current timestamp for logging
+export CURRENT_TIMESTAMP="$(date '+%Y-%m-%d %H:%M:%S')"
+
+echo "System initialization complete"
+echo "Ubuntu: $UBUNTU_CHECK, Physical: $IS_PHYSICAL_HOST, Virtual: $IS_VIRT_GUEST"