From aa172486ad85ac85794008f9f10e9fbc69a1f9f5 Mon Sep 17 00:00:00 2001
From: Terry Derks <terry@keiran.us>
Date: Thu, 21 Dec 2023 12:16:13 -0500
Subject: [PATCH] setup.sh

---
 setup.sh | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)
 create mode 100755 setup.sh

diff --git a/setup.sh b/setup.sh
new file mode 100755
index 0000000..d2438fd
--- /dev/null
+++ b/setup.sh
@@ -0,0 +1,88 @@
+#!/bin/bash
+
+set -e
+
+SALT_VERSION='3006.4'
+
+if [ $UID -ne 0 ]; then
+  echo This script must run as root.
+  exit 1
+fi
+
+if [ -f /etc/debian_version ]; then
+  PKG_CHECK='dpkg -l'
+  PKG_INSTALL='apt-get -y install'
+elif [ -f /etc/redhat-release ]; then
+  PKG_CHECK='rpm -q'
+  PKG_INSTALL='yum -y install'
+else
+  echo Unrecognized OS
+  exit 1
+fi
+
+TO_INSTALL=""
+for PKG in jq curl python3-distro; do
+  if ! $PKG_CHECK $PKG &>/dev/null; then
+    TO_INSTALL="$TO_INSTALL $PKG"
+  fi
+done
+if [ -n "$TO_INSTALL" ]; then
+  echo "Installing $TO_INSTALL"
+  $PKG_INSTALL $TO_INSTALL
+fi
+
+DISTRO="$(python3 -m distro --json | jq -r .id)"
+CODENAME="$(python3 -m distro --json | jq -r .codename)"
+OS_VERSION="$(python3 -m distro --json | jq -r .version)"
+PUBLIC_IPV4="$(curl -s -4 ifconfig.me)"
+
+echo -n "Ensure $PUBLIC_IPV4 is whitelisted on the salt master, then press enter"
+read
+
+if ! [ -e /usr/bin/salt-call ]; then
+  set -x
+  if [[ "$(uname -m)" =~ arm* ]]; then
+    echo 'ARM processor detected - using pip/venv'
+    [ -e /opt/saltstack/salt ] || 
+      python3 -m venv /opt/saltstack/salt
+    /opt/saltstack/salt/bin/pip3 freeze | grep -q ^salt== ||
+      /opt/saltstack/salt/bin/pip3 install "salt==$SALT_VERSION"
+    ln -sfT /opt/saltstack/salt/bin/salt-call /usr/bin/salt-call
+  elif [[ "$DISTRO" == "centos" ]]; then
+    rpm --import https://repo.saltproject.io/salt/py3/redhat/$OS_VERSION/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub
+    [ -f /etc/yum.repos.d/salt.repo ] ||
+      curl -fsSL -o /etc/yum.repos.d/salt.repo https://repo.saltproject.io/salt/py3/redhat/$OS_VERSION/x86_64/minor/$SALT_VERSION.repo
+    yum install -y salt-minion
+  elif [[ "$DISTRO" == "ubuntu" ]]; then
+    mkdir /etc/apt/keyrings
+    KEYPATH=/etc/apt/keyrings/salt-archive-keyring-2023.gpg
+    curl -fsSL -o $KEYPATH https://repo.saltproject.io/salt/py3/ubuntu/$OS_VERSION/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg
+    [ -f /etc/apt/sources.list.d/salt.list ] ||
+      echo "deb [signed-by=$KEYPATH arch=amd64] https://repo.saltproject.io/salt/py3/ubuntu/$OS_VERSION/amd64/minor/$SALT_VERSION $CODENAME main" > /etc/apt/sources.list.d/salt.list
+    apt-get -y install salt-minion
+  elif [[ "$DISTRO" == "debian" ]]; then
+    if [ $OS_VERSION -gt 11 ]; then
+      OS_VERSION=11
+      CODENAME=bullseye
+    fi
+    mkdir /etc/apt/keyrings
+    KEYPATH=/etc/apt/keyrings/salt-archive-keyring-2023.gpg
+    [ -f $KEYPATH ] ||
+      curl -fsSL -o $KEYPATH https://repo.saltproject.io/salt/py3/debian/$OS_VERSION/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg
+    [ -f /etc/apt/sources.list.d/salt.list ] ||
+      echo "deb [signed-by=$KEYPATH arch=amd64] https://repo.saltproject.io/salt/py3/debian/10/amd64/minor/$SALT_VERSION $CODENAME main" > /etc/apt/sources.list.d/salt.list
+    apt-get -y install salt-minion
+  else
+    echo Unrecognized OS
+    exit 1
+  fi
+  set +x
+fi
+
+APPLY='salt-call state.apply --master=kpi.keiran.us salt'
+echo "Setup will now run:"
+echo "$APPLY"
+echo "The first run should send a key request to the master, then fail because it is not signed yet"
+$APPLY
+echo -n "Press enter once the salt-master has signed this key to re-run the command, (or ctrl+c and you can manually run it later)"
+$APPLY