From 2e60d0c4147e6c0f91304597c636a57166f7522f Mon Sep 17 00:00:00 2001 From: "Kenneth Benzie (Benie)" Date: Fri, 9 Aug 2024 11:29:38 +0100 Subject: [PATCH] Update bootstrap-Windows.ps1 script * Add 1Password install step * Add Scoop install step * Remove SSH key generation step * Make 1Password, Hyper-V, Containers, and SSH Server steps optional * Refactor to run Scoop install as unelevated then relaunch as elevated for remaining tasks --- README.md | 2 +- bootstrap-Windows.ps1 | 107 +++++++++++++++++++++++++++++++++--------- 2 files changed, 85 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 51ea2af..645cd75 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ $ curl -O https://code.infektor.net/config/bootstrap/raw/master/bootstrap-Fedora To bootstrap a Windows instance: ```console -$ Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://code.infektor.net/config/bootstrap/raw/master/bootstrap-Windows.ps1')) +$ Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://git.infektor.net/config/bootstrap/raw/update/bootstrap-Windows.ps1')) ``` ## Package diff --git a/bootstrap-Windows.ps1 b/bootstrap-Windows.ps1 index f1f83b9..8e4a3ab 100644 --- a/bootstrap-Windows.ps1 +++ b/bootstrap-Windows.ps1 @@ -1,26 +1,87 @@ -[CmdletBinding()] -Param( - [Parameter(Mandatory=$true)] - [String]$email, - [String]$sshKeyType = "ed25519" -) +$is_elevated = [bool]([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator") +$choices = '&Yes', '&No' + +if (-Not $is_elevated) { + # Not running with elevated permissions + + # Install Scoop + $scoop_installer = "$env:USERPROFILE/Downloads/ScoopInstaller.ps1" + Invoke-WebRequest -Uri https://get.scoop.sh -OutFile $scoop_installer + &$scoop_installer -ScoopDir "$env:LocalAppData/Scoop" -ScoopGlobalDir "$env:ProgramData/Scoop" + + # Get the current script's path + $ScriptPath = $MyInvocation.MyCommand.Definition + + # Create a new process to run the script as administrator + $StartInfo = New-Object System.Diagnostics.ProcessStartInfo + $StartInfo.FileName = "powershell.exe" + + # Add parameters to the command-line arguments + $StartInfo.Arguments = "-NoProfile -ExecutionPolicy Bypass -File `"$ScriptPath`"" + + # Elevate privileges + $StartInfo.Verb = "runas" + + # Ensure output is visible to the user + $StartInfo.UseShellExecute = $true + $StartInfo.RedirectStandardOutput = $false + $StartInfo.RedirectStandardError = $false + $StartInfo.CreateNoWindow = $false + + # Start the elevated process + [System.Diagnostics.Process]::Start($StartInfo) | Out-Null + + # Exit the current (non-admin) process + exit +} + +# Running with elevated permissions + +# Install 1Password +$decision = $Host.UI.PromptForChoice('Install 1Password', 'Proceed?', $choices, 0) +if ($decision -eq 0) { + $1password_installer = "$env:USERPROFILE/Downloads/1PasswordSetup-latest.exe" + Invoke-WebRequest -Uri "https://downloads.1password.com/win/1PasswordSetup-latest.exe" -OutFile "$1password_installer" + &$1password_installer + Remove-Item $1password_installer +} else { + echo 'Skipping 1Password' +} + +# Enable Hyper-V +$decision = $Host.UI.PromptForChoice('Enable Hyper-V', 'Proceed?', $choices, 0) +if ($decision -eq 0) { + Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All +} else { + echo 'Skipping Hyper-V' +} + +# Enable Containters +$decision = $Host.UI.PromptForChoice('Enable Containers', 'Proceed?', $choices, 0) +if ($decision -eq 0) { + Enable-WindowsOptionalFeature -Online -FeatureName Containers -All +} else { + echo 'Skipping Containers' +} + +# Get the shell application object +$shellApp = New-Object -ComObject "Shell.Application" + +# Run the command without elevation +$shellApp.ShellExecute("powershell.exe", "-NoProfile -Command `"& { $nonElevatedCommand }`"", "", "open", 0) + +# Start-Process -NoNewWindow -Credential "$env:UserDomain\$env:UserName" -FilePath "powershell.exe" -ArgumentList "-NoProfile -Command & { & $($command) }" +# Start-Process -FilePath "powershell.exe" -ArgumentList "-NoProfile -Command & { & $($command) }" -Credential $user -WindowStyle Hidden # Install Chocolatey -Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) +iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) -# Enable Hyper-V and containters -Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All -Enable-WindowsOptionalFeature -Online -FeatureName Containers -All - -# Install OpenSSH and start service -choco install --yes "--package-parameters=/SSHServerFeature" openssh -Start-Service sshd -Set-Service -Name sshd -StartupType 'Automatic' - -# generate keys and authorize them -ssh-keygen -t "$sshKeyType" -C "$email" -f "$env:USERPROFILE/.ssh/$sshKeyType" -# TODO: authorize public key for admin - -# Install Windows-Terminal and Debian -choco install --yes microsoft-windows-terminal -wsl --install --distribution Debia +# Install SSH Server +$decision = $Host.UI.PromptForChoice('Install SSH Server', 'Proceed?', $choices, 0) +if ($decision -eq 0) { + choco install --yes "--package-parameters=/SSHServerFeature" openssh + Start-Service sshd + Set-Service -Name sshd -StartupType 'Automatic' +} else { + echo 'Skipping SSH Server' +}