https://github.com/mike42/linux-lab

Linux scripts and snippets
https://github.com/mike42/linux-lab

Last synced: 2 months ago
JSON representation

Linux scripts and snippets

• Host: GitHub
• URL: https://github.com/mike42/linux-lab
• Owner: mike42
• Created: 2024-05-30T11:49:06.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-06-10T11:52:03.000Z (over 1 year ago)
• Last Synced: 2025-05-21T18:13:06.007Z (8 months ago)
• Language: Shell
• Size: 5.86 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Linux Lab

Linux scripts and snippets.

## Work in progress

Things to do

- Make Ansible playbook for post-install tasks.

### ipa.corp.lan

- Automate IPA server install

```bash

dnf install -y freeipa-server freeipa-server-dns freeipa-client

echo '192.168.123.2 ipa.corp.lan' >> /etc/hosts

ipa-server-install --realm=CORP.LAN --unattended --setup-dns --ds-password='t3mpp@ssw0rd!' --admin-password='t3mpp@ssw0rd!' --forwarder=192.168.123.1

```

- Automate firewall setup

```

firewall-cmd --zone=FedoraServer --add-service http --permanent

firewall-cmd --zone=FedoraServer --add-service https --permanent

firewall-cmd --zone=FedoraServer --add-service ldap --permanent

firewall-cmd --zone=FedoraServer --add-service ldaps --permanent

firewall-cmd --zone=FedoraServer --add-service kerberos --permanent

firewall-cmd --zone=FedoraServer --add-service dns --permanent

firewall-cmd --zone=FedoraServer --add-service ntp --permanent

firewall-cmd --reload

```

### desktop.corp.lan

- Use `autoinstall.yml` or equivalent to provision VM via `virt-install`.

- Provision Chrome & provision a policy to make kerberos work

```bash

sudo mkdir -p /etc/opt/chrome/policies/managed

sudo tee  /etc/opt/chrome/policies/managed/kerberos.json << EOF

{

  "AuthServerAllowlist": "*.corp.lan",

  "AuthNegotiateDelegateAllowlist": "*.corp.lan"

}

EOF

/bin/sudo /bin/chmod 0644 /etc/opt/chrome/policies/managed/kerberos.json

```

## Future ideas

Identity

- IPA server, likely needs something RHEL-based

- IPA client, installable on wider range of platforms

- Possible alternative: kanidm could run on debian https://github.com/kanidm/kanidm

- Possible extension: Samba DC for Windows clients (can they log in to Linux accounts though?)

Config management

- Ansible & AWX

VDI

- GNOME remote desktop

- Guacamole?

VPN

- OpenVPN due to good authentication options.

Virtualization

- KVM

- Virt-install

- Proxmox

Applications

- A wordpress or similar

- Gitea

- A container host of some sort

- Backups

Provisioning

- Debian pre-seed

- cloud-init