Replace tee by >

README.md

@@ -1,19 +1,7 @@
-```bash
-wget -O setup-nasbeery https://gitea.perlbach24.de/scripte/nasbeery/raw/branch/main/setup-nasbeery
-bash setup-nasbeery
-```
----- THIS IS A CLONE OF THE ORIGINAL REPOSITORY ON git.bashclub.org ----
-
 # nasbeery
 Installer for NasBeery ZFS NAS for Raspberry PI 4 and 400 on Raspberry Pi OS Lite 64-Bit
 
 ```bash
-wget -O setup-nasbeery https://github.com/bashclub/nasbeery/raw/main/setup-nasbeery
+wget -O setup-nasbeery https://github.com/bashclub/nasbeery/raw/dev/setup-nasbeery
 bash setup-nasbeery
 ```
-
-# Authors
-### Christian Zengel
-https://aow.de
-### Thorsten Spille
-[<img src="https://storage.ko-fi.com/cdn/brandasset/kofi_s_tag_dark.png" rel="Support me on Ko-Fi">](https://ko-fi.com/thorakel)

setup-nasbeery

@@ -1,7 +1,4 @@
 #!/bin/bash
-set -e
-export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-
 prog="$(basename "$0")"
 
 usage() {
@@ -15,12 +12,26 @@ usage() {
     -A ADDONS    Comma separated list of addons to install (ispconfig, docker)
     -S SHARE     Name of the SMB share to create (default: share)
   ---------------------------------------------------------------------------
-    (C) 2026     nasbeery installer by bashclub (https://github.com/bashclub)
+    (C) 2022     nasbeery installer by bashclub (https://github.com/bashclub)
   ---------------------------------------------------------------------------
 	EOF
 	exit $1
 }
 
+if [ -f /etc/os-release ]; then
+  source /etc/os-release
+else
+  echo "File /etc/os-release not found. Please refer to the documentation if your distro is supported."
+  exit 1
+fi
+
+if [[ ${VERSION_CODENAME} == "bullseye" ]] || [[ ${VERSION_CODENAME} == "bookworm" ]] || [[ ${VERSION_CODENAME} == "jammy" ]] || [[ ${VERSION_CODENAME} == "lunar" ]]; then
+  echo "Your distro $ID ${VERSION_CODENAME} is supported."
+else
+  echo "Your distro $ID ${VERSION_CODENAME} is not supported."
+  exit 1
+fi
+
 USERNAME=nasbeery
 HOSTNAME=nasbeery
 DOMAIN=bashclub.lan
@@ -71,28 +82,24 @@ whiptail --title "Possible data loss!" \
 --yesno "Would you like to preserve you existing ZFS data from a previous installation?" 10 75
 FORMAT=$?
 
-# pin cockpit to buster backports
-#echo "Configure apt to install cockpit from backports repo"
-#cat << EOF | tee -i /etc/apt/preferences.d/99-cockpit
-#Package: cockpit cockpit-*
-#Pin: release a=bullseye-backports
-#Pin-Priority: 900
-#EOF
+if [[ $ID == "debian" ]]; then
 
-timedatectl set-ntp true
-systemctl restart systemd-timesyncd
+  # pin cockpit to buster backports
+  echo "Configure apt to install cockpit from backports repo"
+  cat << EOF > /etc/apt/preferences.d/99-cockpit
+Package: cockpit cockpit-*
+Pin: release a=${VERSION_CODENAME}-backports
+Pin-Priority: 900
+EOF
 
+  grep contrib /etc/apt/sources.list
+  if [ $? -gt 0 ]; then
+    sed -i "s/main/main contrib non-free/g" /etc/apt/sources.list
+  fi
 
-echo "Ensure contrib repo is enabled (required for ZFS)"
-sed -i 's/ main$/ main contrib non-free-firmware/' /etc/apt/sources.list
-sed -i 's/ main non-free-firmware$/ main contrib non-free-firmware/' /etc/apt/sources.list
-apt update
-
-echo "=== Install Cockpit (Debian) ==="
-apt install -y cockpit
-
-#echo "Add debian bullseye backports repo"
-#echo "deb http://ftp.de.debian.org/debian/ bullseye-backports main contrib non-free" | tee -i /etc/apt/sources.list.d/bulleye-backports.list
+  echo "Add debian ${VERSION_CODENAME} backports repo"
+  echo "deb http://ftp.de.debian.org/debian/ ${VERSION_CODENAME}-backports main contrib non-free" > /etc/apt/sources.list.d/${VERSION_CODENAME}-backports.list
+fi
 
 # update system and install packages
 echo "Updating package lists"
@@ -102,6 +109,14 @@ DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::opti
 echo "Detecting Architecture"
 if [[ $(dpkg --get-selections | grep -m1 "raspberrypi-kernel") ]]; then
 	headers="raspberrypi-kernel-headers"
+elif [[ $(dpkg --get-selections | grep -m1 "linux-image-raspi") ]]; then
+  headers="linux-headers-raspi"
+elif [[ $(dpkg --get-selections | grep -m1 "linux-image-arm64") ]]; then
+  headers="linux-headers-arm64"
+elif [[ $(dpkg --get-selections | grep -m1 "linux-image-generic") ]]; then
+	headers="linux-headers-generic"
+elif [[ $(dpkg --get-selections | grep -m1 "linux-image-riscv64") ]]; then
+	headers="linux-headers-riscv64"
 elif [[ $(dpkg --get-selections | grep -E -m1 "linux-image-current-rockchip64") ]]; then
 	headers="linux-headers-current-rockchip64"
 elif [[ $(dpkg --get-selections | grep -E -m1 "linux-image-edge-rockchip64") ]]; then
@@ -110,55 +125,64 @@ elif [[ $(dpkg --get-selections | grep -E -m1 "linux-image-current-meson64") ]];
 	headers="linux-headers-current-meson64"
 elif [[ $(dpkg --get-selections | grep -E -m1 "linux-image-edge-meson64") ]]; then
 	headers="linux-headers-edge-meson64"
-elif [[ $(dpkg --get-selections | grep -m1 "linux-image-generic") ]]; then
-	headers="linux-headers-generic"
-elif [[ $(dpkg --get-selections | grep -m1 "linux-image-raspi") ]]; then
-	headers="linux-headers-raspi"
 elif [[ $(dpkg --get-selections | grep -m1 "linux-image-amd64") ]]; then
 	headers="linux-headers-amd64"
 fi
 echo "Intalling required packages"
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install $headers ntpdate git apt-transport-https gnupg2 software-properties-common vim htop net-tools dnsutils dpkg-dev
 
-# add extra apt keys
-#echo "Add wsdd apt repo key"
-#wget -O - https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key | gpg --dearmor | tee -i /etc/apt/trusted.gpg.d/wsdd.gpg
+if [[ ${VERSION_CODENAME} == "bullseye" ]]; then
+  # add extra apt keys
+  echo "Add wsdd apt repo key"
+  wget -O - https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key | gpg --dearmor > /etc/apt/trusted.gpg.d/wsdd.gpg
 
-# add extra apt repos
-#echo "Add wsdd apt repo url"
-#echo "deb [signed-by=/etc/apt/trusted.gpg.d/wsdd.gpg] https://pkg.ltec.ch/public/ $(lsb_release -cs) main" | tee -i /etc/apt/sources.list.d/wsdd.list
+  # add extra apt repos
+  echo "Add wsdd apt repo url"
+  echo "deb [signed-by=/etc/apt/trusted.gpg.d/wsdd.gpg] https://pkg.ltec.ch/public/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/wsdd.list
+fi
 
 echo "add 45drives repo key"
-wget -O - https://repo.45drives.com/key/gpg.asc | gpg --dearmor | tee -i /etc/apt/trusted.gpg.d/45drives.gpg
+wget -O - https://repo.45drives.com/key/gpg.asc | gpg --dearmor > /etc/apt/trusted.gpg.d/45drives.gpg
 
 echo "Add 45drives apt repo url"
-echo "deb [signed-by=/etc/apt/trusted.gpg.d/45drives.gpg arch=amd64] https://repo.45drives.com/enterprise/debian bookworm main" > /etc/apt/sources.list.d/45drives.list
+echo "deb [signed-by=/etc/apt/trusted.gpg.d/45drives.gpg arch=amd64] https://repo.45drives.com/debian focal main" > /etc/apt/sources.list.d/45drives.list
 
 echo "Updating package lists"
 apt -qq update
 echo "Installing samba"
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install acl samba-dsdb-modules samba-vfs-modules samba winbind wsdd zfs-dkms zfsutils-linux zfs-auto-snapshot
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install -t ${VERSION_CODENAME}-backports acl samba-dsdb-modules samba-vfs-modules samba winbind wsdd zfs-dkms zfsutils-linux zfs-auto-snapshot
+
+ARCH=$(arch)
+
+if [[ "${ARCH}" == "aarch64" ]]; then
+  znapzend_version=$(apt search znapzend 2>/dev/null | grep znapzend | cut -d ' ' -f2)
+  wget -O znapzend_${znapzend_version}_amd64.deb https://repo.45drives.com/debian/pool/main/z/znapzend/znapzend_${znapzend_version}_amd64.deb
+  mkdir znapzend
+  dpkg-deb -R znapzend_${znapzend_version}_amd64.deb ./znapzend
+  sed -i "s/amd64/${ARCH}/g" ./znapzend/DEBIAN/control
+  sed -i "s/x86_64-linux-gnu/${ARCH}-linux-gnu/g" znapzend/usr/bin/*
+  mv znapzend/usr/lib/x86_64-linux-gnu znapzend/usr/lib/${ARCH}-linux-gnu
+  dpkg-deb -b znapzend znapzend_${znapzend_version}_${ARCH}.deb
+  apt install ./znapzend_${znapzend_version}_${ARCH}.deb
+  systemctl disable znapzend.service
+  rm -r znapzend*
+fi
 
 echo "Installing cockpit"
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator cockpit-benchmark
-
-git clone https://github.com/45drives/cockpit-zfs-manager.git
-cp -r cockpit-zfs-manager/zfs /usr/share/cockpit
-
-echo "=== Install ZFS (Debian) ==="
-apt install -y zfs-dkms zfsutils-linux zfs-auto-snapshot
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator cockpit-zfs-manager cockpit-benchmark cockpit-pcp
 
 echo "Activate zfs module"
-/sbin/modprobe zfs
+modprobe zfs
 
-#echo "Update time via ntp"
-#ntpdate-debian -b > /dev/null
+echo "Update time via ntp"
+ntpdate-debian -b > /dev/null
 
-echo "Detecting root disk (SAFETY CHECK)"
-rootdisk=$(findmnt -n -o SOURCE / | sed 's/[0-9]*$//;s/p$//')
-rootdisk=$(basename "$rootdisk")
-
-echo "Root disk detected as: /dev/$rootdisk"
+rootfs=$(grep " / " /proc/mounts | cut -d'/' -f3)
+if [[ "$rootfs" == *"nvme"* ]] || [[ "$rootfs" == *"mmcblk"* ]]; then
+  rootdisk=${rootfs::-3}
+else
+  rootdisk=${rootfs::1}
+fi
 
 zdisks=$(echo $(lsblk -nd -I 8,259,179 -o name | grep -v ${rootdisk}) | cut -d' ' -f1-2)
 case $FORMAT in
@@ -181,7 +205,7 @@ echo "Remove small Diffie-Hellman moduli"
 awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.safe
 mv -f /etc/ssh/moduli.safe /etc/ssh/moduli
 echo "Restrict supported key exchange, cipher, and MAC algorithms"
-echo -e "\n# Restrict key exchange, cipher, and MAC algorithms, as per sshaudit.com\n# hardening guide.\nKexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\nMACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com\nHostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com" | tee -i /etc/ssh/sshd_config.d/ssh-audit_hardening.conf
+echo -e "\n# Restrict key exchange, cipher, and MAC algorithms, as per sshaudit.com\n# hardening guide.\nKexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\nMACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com\nHostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com" > /etc/ssh/sshd_config.d/ssh-audit_hardening.conf
 
 if [ ! $(zfs list $ZPOOL/$SHARE) ] ; then
 	echo "Creating $ZPOOL/$SHARE"
@@ -192,8 +216,8 @@ chmod -R 770 /$ZPOOL
 chown -R $USERNAME:root /$ZPOOL
 
 echo "Seting hostname and fqdn"
-echo "$HOSTNAME" | tee -i /etc/hostname
-cat << EOF | tee -i /etc/hosts
+echo "$HOSTNAME" > /etc/hostname
+cat << EOF > /etc/hosts
 # Host addresses
 127.0.0.1  localhost
 127.0.1.1  $HOSTNAME.$DOMAIN $HOSTNAME
@@ -209,10 +233,8 @@ smbpasswd -x $USERNAME
 (echo $PASSWORD; echo $PASSWORD) | smbpasswd -a $USERNAME
 usermod -aG sudo $USERNAME
 
-mkdir -p /etc/cockpit/zfs/
-
 echo "Writing cockpit configuration"
-cat << EOF | tee -i /etc/cockpit/zfs/config.json
+cat << EOF > /etc/cockpit/zfs/config.json
 {
   "#1": "COCKPIT ZFS MANAGER",
   "#2": "WARNING: DO NOT EDIT, AUTO-GENERATED CONFIGURATION",
@@ -258,7 +280,8 @@ EOF
 
 if [ -f /etc/cockpit/zfs/shares.conf ]; then
 	echo "Creating cockpit zfs shares conf"
-	cat << EOF | tee -i /etc/cockpit/zfs/shares.conf
+  mkdir -p /etc/cockpit/zfs/
+	cat << EOF > /etc/cockpit/zfs/shares.conf
 # COCKPIT ZFS MANAGER
 # WARNING: DO NOT EDIT, AUTO-GENERATED CONFIGURATION
 EOF
@@ -269,15 +292,15 @@ sed -i 's/24/48/g' /etc/cron.hourly/zfs-auto-snapshot
 sed -i 's/12/3/g' /etc/cron.monthly/zfs-auto-snapshot
 
 echo "Configure RAID led"
-echo -e 'PATH="/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"\n*/1 * * * * root echo 14 > /sys/class/gpio/export 2> /dev/null;echo out > /sys/class/gpio/gpio14/direction ; zpool import -fa -d /dev/ > /dev/null; zpool list| grep -q ONLINE; echo \$? > /sys/class/gpio/gpio14/value' | tee -i /etc/cron.d/raidled
+echo -e 'PATH="/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"\n*/1 * * * * root echo 14 > /sys/class/gpio/export 2> /dev/null;echo out > /sys/class/gpio/gpio14/direction ; zpool import -fa -d /dev/ > /dev/null; zpool list| grep -q ONLINE; echo \$? > /sys/class/gpio/gpio14/value' > /etc/cron.d/raidled
 
 echo "Write samba server configuration"
-cat << EOF | tee -i /etc/samba/smb.conf
+cat << EOF > /etc/samba/smb.conf
 [global]
     include = registry
 EOF
 
-cat << EOF | tee -i /etc/samba/import.template
+cat << EOF > /etc/samba/import.template
 [global]
     workgroup = WORKGROUP
     log file = /var/log/samba/log.%m
@@ -322,4 +345,4 @@ systemctl enable smbd nmbd wsdd
 echo "############################################"
 echo "nasbeery installation finished! rebooting..."
 echo "############################################"
-/sbin/reboot
+reboot

ui-patch

@@ -1,82 +0,0 @@
-echo "======================================"
-echo "[NASBEERY UI HARDENING PATCH]"
-echo "======================================"
-
-# -----------------------------
-# 1. FONT BASICS (SYSTEM SAFE)
-# -----------------------------
-echo "[UI] Installing fonts + rendering base..."
-
-apt install -y \
-  fonts-dejavu \
-  fonts-liberation \
-  fontconfig
-
-# -----------------------------
-# 2. 45DRIVES FONT FIX (OFFICIAL REPO)
-# -----------------------------
-echo "[UI] Applying 45Drives cockpit font fix..."
-
-rm -rf /tmp/45drives-scripts
-git clone https://github.com/45Drives/scripts.git /tmp/45drives-scripts
-
-if [ -d /tmp/45drives-scripts/cockpit_font_fix ]; then
-  cd /tmp/45drives-scripts/cockpit_font_fix
-
-  if [ -f install.sh ]; then
-    bash install.sh || true
-  else
-    find . -type f -name "*.ttf" -exec cp {} /usr/share/fonts/ \; || true
-    find . -type f -name "*.otf" -exec cp {} /usr/share/fonts/ \; || true
-  fi
-fi
-
-fc-cache -f -v
-
-# -----------------------------
-# 3. UTF-8 / FONT FALLBACK FIX
-# -----------------------------
-echo "[UI] Configuring font fallback..."
-
-cat << EOF > /etc/fonts/local.conf
-<?xml version="1.0"?>
-<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
-<fontconfig>
-  <alias>
-    <family>monospace</family>
-    <prefer>
-      <family>DejaVu Sans Mono</family>
-    </prefer>
-  </alias>
-</fontconfig>
-EOF
-
-fc-cache -f -v
-
-# -----------------------------
-# 4. OPTIONAL ASCII SAFE MODE
-# -----------------------------
-echo "[UI] Applying ASCII-safe fallback (optional)..."
-
-find /usr/share/cockpit/zfs -type f 2>/dev/null | while read f; do
-  sed -i 's/✔/OK/g' "$f" 2>/dev/null || true
-  sed -i 's/✖/FAIL/g' "$f" 2>/dev/null || true
-  sed -i 's/⚠/WARN/g' "$f" 2>/dev/null || true
-done
-
-# -----------------------------
-# 5. COCKPIT UI RESTART
-# -----------------------------
-echo "[UI] Restarting Cockpit..."
-
-systemctl restart cockpit.socket || true
-systemctl restart cockpit || true
-
-# -----------------------------
-# CLEANUP
-# -----------------------------
-rm -rf /tmp/45drives-scripts
-
-echo "======================================"
-echo "[UI HARDENING COMPLETE]"
-echo "======================================"