Some tweaks and updates

* Docker complains if you try to install it when it already exists * Updating `fstab` with empty variables (if BERTHA, the Hard Drive, isn't already plugged in, will probably Cause Problems) * Give indication of how to remove password authentication, in the philosophy of [Do-Nothing Scripts](https://blog.danslimmon.com/2019/07/15/do-nothing-scripting-the-key-to-gradual-automation/) * Give instructions on how to share ssh keys to Pi so that it can pull this repo directly
scubbo · Dec 5, 2021 · 3d9a0c9 · 3d9a0c9
1 parent c9f9bcf
commit 3d9a0c9
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 15 deletions.
diff --git a/scripts-on-pi/1_setup_screen_and_ssh.sh b/scripts-on-pi/1_setup_screen_and_ssh.sh
@@ -16,11 +16,21 @@ yes | apt-get upgrade
 ####
 # Install screen
 ####
-apt-get install screen
+yes | apt-get install screen
 
 ###
 # Install ssh key
-####
+###
 (umask 077 && test -d ~/.ssh || mkdir ~/.ssh)
 (umask 077 && touch ~/.ssh/authorized_keys)
-echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyQIZAWHbGpiSQHaD8ph33Q5PWJy72OyqzcBCVmyUnXcaP1YpebSxbHUhQhKDv1i1OBnsxIO1NDo60h0/2ygCHYNpSVjgS2P+37jBDaNIypB+kJ0emaKGjkZF5Nlc45U1wOcpGTze+ysCLLP/ijPXjQioH2RkCwTvSgKfKcmMqSmxA76JarL66Gva3mlOSRBoRVq0YDxUrIELlVjZ602UTzeVjhx6A8XecvkZEI4YlJ38lNSJd3fegceWd/sH1NYWKWZyq5HHe74EG9o/icuCvddG6V+7qpYGGizXemYOdaS94OPZ8J577nHKBFtQJxA8a34UG5CkNdWePaIco7b2b8tx+yE78yWIOFRL3JtR+jZzZP9Jz+0ChmhMsk/2dMDtd0u32ZpMaj2t/82kP4omslUij/oU1pUIvna03WagCcUpjNnSU05a0mLcRg+EhwFKe+xXaniY9fiGiA2pknwxWURRUfnOwBPivpYh1rAG0Jh19R4fpJUsW16hG9IAdWPrZsvDpRaaIhh1y6T76tHrAux8xExhxydoLKl8bzNSGcu0QTvmBoRlBFLJj/3x9VyIunatHb0KYnvDs+9YL6LSEXYdWqwV0uZyk6fg9G/eIqB+i4ZhnbKbHR/cCy3MkktPIILpE75lQdmgHsOaSdwywb1PRzYUNFVNiRzW6IvH+XQ== scubbojj@gmail.com" >> ~/.ssh/authorized_keys
+echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyQIZAWHbGpiSQHaD8ph33Q5PWJy72OyqzcBCVmyUnXcaP1YpebSxbHUhQhKDv1i1OBnsxIO1NDo60h0/2ygCHYNpSVjgS2P+37jBDaNIypB+kJ0emaKGjkZF5Nlc45U1wOcpGTze+ysCLLP/ijPXjQioH2RkCwTvSgKfKcmMqSmxA76JarL66Gva3mlOSRBoRVq0YDxUrIELlVjZ602UTzeVjhx6A8XecvkZEI4YlJ38lNSJd3fegceWd/sH1NYWKWZyq5HHe74EG9o/icuCvddG6V+7qpYGGizXemYOdaS94OPZ8J577nHKBFtQJxA8a34UG5CkNdWePaIco7b2b8tx+yE78yWIOFRL3JtR+jZzZP9Jz+0ChmhMsk/2dMDtd0u32ZpMaj2t/82kP4omslUij/oU1pUIvna03WagCcUpjNnSU05a0mLcRg+EhwFKe+xXaniY9fiGiA2pknwxWURRUfnOwBPivpYh1rAG0Jh19R4fpJUsW16hG9IAdWPrZsvDpRaaIhh1y6T76tHrAux8xExhxydoLKl8bzNSGcu0QTvmBoRlBFLJj/3x9VyIunatHb0KYnvDs+9YL6LSEXYdWqwV0uZyk6fg9G/eIqB+i4ZhnbKbHR/cCy3MkktPIILpE75lQdmgHsOaSdwywb1PRzYUNFVNiRzW6IvH+XQ== scubbojj@gmail.com" >> ~/.ssh/authorized_keys
+echo "Finished updating ssh authorized_keys"
+
+###
+# Remove ability to authenticate with password
+###
+echo "Removing ability to authenticate with password. Keep another ssh connection to this host live just in case you need to interrupt anything"
+echo "Press any key to continue"
+read -n 1 a
+echo "Not yet automated - do the instructions from here:"
+echo "https://www.cyberciti.biz/faq/how-to-disable-ssh-password-login-on-linux/"
diff --git a/scripts-on-pi/2_full_setup.sh b/scripts-on-pi/2_full_setup.sh
@@ -34,19 +34,32 @@ echo $hostname > /etc/hostname
 ####
 apt-get install avahi-daemon
 
+
+command_exists() {
+  command -v "$@" > /dev/null 2>&1
+}
+
 ####
 # Install Docker
 # https://phoenixnap.com/kb/docker-on-raspberry-pi
 # TODO: consider switching to the Repo method: https://docs.docker.com/engine/install/ubuntu/
 # When I tried it on 2021-08-30, there was no Buster version - seems we need to use armhf architecture
 ####
-curl -fsSL https://get.docker.com -o get-docker.sh
-sudo chmod +x get-docker.sh
-sh ./get-docker.sh
-rm get-docker.sh
-usermod -aG docker pi
-# This permission-change might not take effect until the session
-# restarts - you may need to reconnect a new ssh session.
+if command_exists docker; then
+  # This `command_exists` check is adapted from Docker itself:
+  # https://get.docker.com/
+  echo "Docker already installed - skipping"
+else
+  # Docker does not exist - install it
+  curl -fsSL https://get.docker.com -o get-docker.sh
+  sudo chmod +x get-docker.sh
+  sh ./get-docker.sh
+  rm get-docker.sh
+  usermod -aG docker pi
+  # This permission-change might not take effect until the session
+  # restarts - you may need to reconnect a new ssh session.
+fi
+
 
 ####
 # Install pip (prerequisite for docker-compose)
@@ -78,9 +91,13 @@ sudo systemctl enable docker
 # Mount BERTHA
 ####
 yes | apt install exfat-fuse
-sudo mkdir /mnt/BERTHA
+sudo mkdir -p /mnt/BERTHA
 berthaDev=$(blkid | grep 'BERTHAIII' | perl -pe 's/(.*):.*/$1/')
 berthaUUID=$(blkid | grep 'BERTHAIII' | perl -pe 's/.* UUID="(.*?)".*/$1/')
+if [ -z "$berthaDev" ] || [ -z "$berthaUUID" ]; then
+  echo "One of the bertha-variables is empty. Exiting (do you have the Hard Drive plugged in?"
+  exit 1
+fi
 echo "UUID=$berthaUUID /mnt/BERTHA exfat defaults,auto,users,rw,nofail,umask=000 0 0" >> /etc/fstab
 mount -a
 
@@ -164,6 +181,7 @@ docker run --name prom-gateway \
 latestExporterVersion=$(curl -s https://api.github.com/repos/prometheus/node_exporter/releases | jq -r '.[] | .tag_name' | grep -v -E 'rc.?[[:digit:]]$' | perl -pe 's/^v//' | sort -V | tail -n 1)
 wget -q -O /tmp/node_exporter.tar.gz https://github.com/prometheus/node_exporter/releases/download/v${latestExporterVersion}/node_exporter-${latestExporterVersion}.linux-armv7.tar.gz
 mv /tmp/node_exporter.tar.gz /opt
+cd /opt
 tar xvfz node_exporter.tar.gz
 rm node_exporter.tar.gz
 cd node_exporter-${latestExporterVersion}.linux-armv7
@@ -183,10 +201,17 @@ apt-get install -y grafana
 /bin/systemctl enable grafana-server
 /bin/systemctl start grafana-server
 # Still need to set it up - e.g. add the Prometheus Data Source
+echo "#######"
+echo "###"
+echo "#"
+echo "NOTE! You still need to log in to Prometheus (admin/admin) and set it up!"
+echo "#"
+echo "###"
+echo "#####"
 
 ####
 # Run the sync-server
 # TODO - probably need to source this somehow, cannot assume it will be present in ha_backups?
 ####
 pushd /mnt/BERTHA/ha_backups && screen -d -m ./hass-backup-sync-server.py && popd
-echo "10 * * * * /mnt/BERTHA/ha_backups/hass-backup-sync-client.py sync-backup port=25 key_name=hassio_internal_key" > /etc/cron.d/hass-client-backup
+echo "10 * * * * /mnt/BERTHA/ha_backups/hass-backup-sync-client.py sync-backup port=25 key_name=hassio_internal_key" > /etc/cron.d/hass-client-backup
diff --git a/scripts-on-pi/README.md b/scripts-on-pi/README.md
@@ -1,4 +1,8 @@
 1. Change password (`$ passwd`)
-2. Run `1_setup_screen_and_ssh.sh` first so that you can run later scripts in screens and login with ssh-key
-3. Pull `updateDNS.py` from repo, and set to run regularly with crontab
-4. Run `2_full_setup.sh`
+2. `sudo apt-get install git`
+3. Run `sudo raspi-config`, and set up locale (TODO: find a way to do this automatically)
+4. `scp ~/.ssh/id_rsa* pi@<ip>:/home/pi/.ssh/` (TODO: figure out if it's sensible to instead create a standalone ssh key?)
+5. `git clone git@github.com:scubbo/pi-tools.git /tmp/pi-tools`
+6. Run `1_setup_screen_and_ssh.sh` first so that you can run later scripts in screens and login with ssh-key. Check that a new terminal window can ssh with `~/.ssh/id_rsa`
+7. Run `updateDNS.py` and set to run regularly with crontab
+8. Run `2_full_setup.sh -h <hostname>`