Initial port of KNELServerBuild to FetchApply framework

- Created base FetchApply directory structure with classes, initializers, modules, roles, and variables - Ported SetupNewSystem.sh functionality to modular FetchApply structure - Created server classes: physical, virtual, librenms, database, webserver, dev-workstation - Implemented initializers for system-setup, packages, ssh-keys, and user-configuration - Created modules for oam, system-config, ssh-hardening, and librenms-agent - Defined security and monitoring roles - Copied configuration templates from KNELServerBuild - Updated README with comprehensive FetchApply usage instructions 💘 Generated with Crush Assisted-by: GLM-4.6 via Crush <crush@charm.land>
2026-01-21 11:05:17 -05:00
parent c82ab1b7db
commit 09d93e37cd
45 changed files with 928 additions and 2 deletions
--- a/initializers/packages/apply
+++ b/initializers/packages/apply
@@ -0,0 +1,125 @@
+#!/bin/bash
+
+# KNEL Package Installation
+# This initializer installs required packages
+
+set -euo pipefail
+
+echo "Installing required packages..."
+
+# Ensure apt is up to date
+apt-get update
+
+# Install basic tools first
+apt-get install -y git sudo dmidecode curl
+
+# Setup webmin repo (used for RBAC/2FA PAM)
+curl https://raw.githubusercontent.com/webmin/webmin/master/webmin-setup-repo.sh >/tmp/webmin-setup.sh
+sh /tmp/webmin-setup.sh -f && rm -f /tmp/webmin-setup.sh
+
+# Setup tailscale
+curl -fsSL https://tailscale.com/install.sh | sh
+
+# Remove unwanted packages
+apt-get -y --purge remove \
+    systemd-timesyncd \
+    chrony \
+    telnet \
+    inetutils-telnet \
+    wpasupplicant \
+    modemmanager \
+    nano \
+    multipath-tools \
+    || true
+
+apt-get --purge autoremove
+
+# Install desired packages
+apt-get install -y \
+    virt-what \
+    auditd \
+    audispd-plugins \
+    cloud-guest-utils \
+    aide \
+    htop \
+    snmpd \
+    ncdu \
+    iftop \
+    iotop \
+    cockpit \
+    cockpit-bridge \
+    cockpit-doc \
+    cockpit-networkmanager \
+    cockpit-packagekit \
+    cockpit-pcp \
+    cockpit-sosreport \
+    cockpit-storaged \
+    cockpit-system \
+    cockpit-ws \
+    nethogs \
+    sysstat \
+    ngrep \
+    acct \
+    lsb-release \
+    screen \
+    tailscale \
+    tmux \
+    vim \
+    command-not-found \
+    lldpd \
+    ansible-core \
+    net-tools \
+    dos2unix \
+    gpg \
+    molly-guard \
+    lshw \
+    fzf \
+    ripgrep \
+    sudo \
+    mailutils \
+    clamav \
+    sl \
+    logwatch \
+    git \
+    net-tools \
+    tshark \
+    tcpdump \
+    lynis \
+    glances \
+    zsh \
+    zsh-autosuggestions \
+    zsh-syntax-highlighting \
+    fonts-powerline \
+    webmin \
+    usermin \
+    ntpsec \
+    ntpsec-ntpdate \
+    tuned \
+    iptables \
+    netfilter-persistent \
+    iptables-persistent \
+    pflogsumm \
+    postfix
+
+# Kali-specific packages
+if [[ $KALI_CHECK -eq 0 ]]; then
+    apt-get install -y \
+        latencytop \
+        cockpit-tests
+fi
+
+# KVM guest specific packages
+if [[ $IS_KVM_GUEST -eq 1 ]]; then
+    apt-get install -y qemu-guest-agent
+fi
+
+# Physical host specific packages
+if [[ $IS_PHYSICAL_HOST -gt 0 ]]; then
+    apt-get install -y \
+        i7z \
+        thermald \
+        cpufrequtils \
+        linux-cpupower
+fi
+
+echo "Package installation complete"