Salt distrohoppers tool

Linux distrohoppers tool with Saltstack

Github can be found here
My goal is to make a privacy minded distrohoppers toolbox. So that I can easily change distros and install all my needed aplications and configs. The other reason is to make privacy easy. If you run this you get https://someonewhocares.org/hosts/hosts hosts file. Firefox with disabled telemetry and duckduckgo as startpage, Nextcloud client and keepassxc and enables firewall. My goal is to make a salt like Tero Karvinen sirotin That when I try new Linux distros I can always just run a local salt putting everything in same state.

Firefox

  • Removes Titlebar!
  • Smooth scrolling like shown here
  • Removed all telemetry in about:config
  • Removed alert when closing multiple tabs
  • Enabled white default theme
  • Enabled autoscrolling

Destroy all the ads

My salt installs [someonewhocares hosts file] (https://someonewhocares.org/hosts/hosts) so you will not see ads and protects your privacy.

Firewall with only ssh enabled

nuf said
….
Okey here are some details it will add a watch state to salt so it will restart firewall if rules are changed. And port 22/tcp is only openone with ipv4 and ipv6

Installed aplications

  • neofetch
  • keepassxc (adds offical PPA)
  • httpie
  • nextcloud-client (adds offical PPA)
  • qbittorrent
  • htop
  • tree
  • firefox
  • ufw (enables it only ssh open)
  • vlc
  • # stacer (system monitor) (adds offical PPA, not ready for 18.10)
  • signal desktop (adds offical PPA)

Problems installing salt-minion

I have been running tests with many different Distros and I came across a problem, not all distros installed salt-minion with apt mainly Ubuntu 18.10 based distros that had some missing dependencies?
I found the official multiplatform bootstrap installer for salt. It works very well with but its not perfect. With linux mint and Kde Neon I get this error “No dependencies installation function found. Exitting…”

I made a workaround with

if [ ! -d /srv/]; then
curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh -P 
fi

Dealing with error messages

xubuntu 18.04.1

Ubuntu 18.10
salt minion not found. trying to add sudo apt-add-repository multiverse to the instalation code. And I got this error

also happens on xubuntu 18.10

Update: I noticed that Stacer does not yet support 18.10 with ppa so you will get an error if you install it on newer machines. I have commented it out for now.

Still errors so the next thing I was wondering if the saltstack 2017 what comes with multiverse is the reason for my error messages so I searched for Saltstack PPA and found it. I added the file to my github and added these lines in the start of my instalation file

wget -O - https://repo.saltstack.com/apt/debian/9/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
cd /etc/apt/sources.list.d/
wget https://raw.githubusercontent.com/aksratamo/salt/master/saltstack.list

Now it wil install the 2018 Saltstack. And IT WORKS!
Tested with
* Xubuntu 18.04.1 and 18.10,
* Ubuntu 18.04.1 and 18.10
* Kubuntu 18.04.1 and 18.10
* Linux Mint 19.1 Cinnamon
* Linux Mint 19 Mate
* Linux Mint 19 Xfce
* ElementaryOs (adding ppa not working)
* KdeNeon (adding ppa not working)

But I still get some error messages with KdeNeon and ElementaryOS

Explaining the code

Installation

In https://github.com/aksratamo/salt/tree/master/instalation-scripts you will find 2 files called “linux-advanced.sh” and “linux-basic.sh” both do essentially the same. They first they check if it has run already bu checking if helloworld.txt exists (created if salt manages to run). The code was borrowed from an other student project jisosomppi.

if [ -f /tmp/helloworld.txt ]; then
    echo "===> This install script has already been run! It is intended to be run only once <==="
    exit 0
fi

Then it will add the official repo for Saltstack because the Saltstack on ubuntu repo does not work with 18.10.

wget -O - https://repo.saltstack.com/apt/debian/9/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
cd /etc/apt/sources.list.d/
wget https://raw.githubusercontent.com/aksratamo/salt/master/saltstack.list
cd

Next it will install Git and Salt minion and gives the minion ID. This is the only difference in advanced the minion ID is “linux-advanced” and with basic installation its “linux-apps”

sudo apt-get update 
sudo apt-get install git  salt-minion -y 
sudo echo -e "master: localhost\nid: linux-apps" | sudo tee /etc/salt/minion

And as last step it will pull my salt project from git and runs it.

cd /srv/
sudo git clone https://github.com/aksratamo/salt
cd salt/
sudo salt-call --local state.apply 

Salt code

The basic installation first installs apps I like. Then it configures Firewall and will watch the files so if the Salt files are changed it will restart Firewall automatically.

#Enable Firewall and configs
/etc/ufw/ufw.conf:
  file.managed:
    - source: salt://linux-apps/ufw.conf
    - show_changes: False

/etc/ufw/user.rules:
  file.managed:
    - source: salt://linux-apps/user.rules
    - show_changes: False

/etc/ufw/user6.rules:
  file.managed:
    - source: salt://linux-apps/user6.rules
    - show_changes: False

ufwservice:
  service.running:
    - name: ufw       
    - watch:
      - file: /etc/ufw/user6.rules
      - file: /etc/ufw/user.rules
      - file: /etc/ufw/ufw.conf

Then it configures Firefox with included files

#Firefox preferences
/etc/firefox/syspref.js:
  file.managed:
    - source: salt://linux-apps/syspref.js


#Add someonewhocares host list to hostfile
/etc/hosts:
  file.managed:
    - source: salt://hosts
- show_changes: False

In advanced installation
First it adds the custom PPA when needed. I used two different ways for this for testing purposes

nextcloud-ppa:
  pkgrepo.managed:
    - ppa: nextcloud-devs/client

signal-desktop:
  pkgrepo.managed:
    - humanname: Signal-desktop PPA
    - name: deb  https://updates.signal.org/desktop/apt xenial main
    - file: /etc/apt/sources.list.d/signal-xenial.list
    - key_url: salt://linux-advanced/keys.asc

And in the end there is just a list for apps I want to be installed.

linux-advanced:
  pkg.installed:
    - pkgs:
      - neofetch
      - keepassxc
      - httpie
      - nextcloud-client
      - qbittorrent
      - signal-desktop

Sources

An other school project where I borrowed the idea of installing local master minion. https://github.com/jisosomppi/log-analysis
My project is mostly taken inspiration from my teachers masterless installation. https://github.com/terokarvinen/sirotin

Leave a Replay