From d911c3d7776aeb62a6f9b0af54d1909628bdbcf4 Mon Sep 17 00:00:00 2001
From: deathbybandaid <github@deathbybandaid.net>
Date: Wed, 5 Apr 2023 12:21:35 -0400
Subject: [PATCH] test

---
 10-Checking_Dependencies.sh                   | 49 ---------------
 ...ting_TimeZone.sh => 10-Setting_TimeZone.sh |  0
 15-Tweaking_Systemd_Journalling.sh            | 38 ------------
 20-Checking_Dependencies.sh                   | 45 ++++++++++++++
 25-Unattended_Upgrades.sh                     | 13 ++++
 30-Checking_Topgrade_Installation_Status.sh   | 58 ++++++++++--------
 35-Runing_Topgrade.sh                         | 16 +++++
 40-Checking_Custom_Bash_Aliases.sh            |  2 +-
 50-Checking_IPA_Realm_Join_Status.sh          | 59 -------------------
 50-Tweaking_Systemd_Journalling.sh            | 47 +++++++++++++++
 55-Vaccuming_Systemd_Journalling.sh           | 10 ++++
 ...stom_MOTD.sh => 60-Updating_Custom_MOTD.sh |  0
 90-Checking_IPA_Realm_Join_Status.sh          | 46 +++++++++++++++
 95-FreeIPA_CA.sh                              | 36 +++++++++++
 common/defaults-blank                         |  4 ++
 common/defaults-dbb                           |  4 ++
 template_setup.sh                             |  1 -
 17 files changed, 256 insertions(+), 172 deletions(-)
 delete mode 100644 10-Checking_Dependencies.sh
 rename 05-Setting_TimeZone.sh => 10-Setting_TimeZone.sh (100%)
 delete mode 100644 15-Tweaking_Systemd_Journalling.sh
 create mode 100644 20-Checking_Dependencies.sh
 create mode 100644 25-Unattended_Upgrades.sh
 create mode 100644 35-Runing_Topgrade.sh
 delete mode 100644 50-Checking_IPA_Realm_Join_Status.sh
 create mode 100644 50-Tweaking_Systemd_Journalling.sh
 create mode 100644 55-Vaccuming_Systemd_Journalling.sh
 rename 20-Updating_Custom_MOTD.sh => 60-Updating_Custom_MOTD.sh (100%)
 create mode 100644 90-Checking_IPA_Realm_Join_Status.sh
 create mode 100644 95-FreeIPA_CA.sh

diff --git a/10-Checking_Dependencies.sh b/10-Checking_Dependencies.sh
deleted file mode 100644
index 45e382b..0000000
--- a/10-Checking_Dependencies.sh
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/bash
-
-## Script Location
-SCRIPTDIR=$(dirname $0)
-source "$SCRIPTDIR/common/colors.sh"
-source "$SCRIPTDIR/common/functions.sh"
-source "$SCRIPTDIR/common/load-defaults.sh"
-
-pkgmgr_update
-
-## Start File Loop
-## For .dependency files In The dependencies Directory
-DEPENDENCIESALL="$SCRIPTDIR/dependencies/*.dep"
-for f in $DEPENDENCIESALL
-do
-
-  ## Name Of Package
-  DEPENDENCYCOMMAND=$(echo "`basename $f | cut -f 1 -d '.'`")
-
-  ## Actual Package
-  DEPENDENCYPACKAGE=`cat $f`
-
-  printf "$COL_LIGHT_BLUE" "* Checking For command $DEPENDENCYCOMMAND with package name $DEPENDENCYPACKAGE"
-
-  if is_command $DEPENDENCYCOMMAND;
-  then
-    printf "$COL_YELLOW" "** $DEPENDENCYCOMMAND Is Already Installed."
-
-  else
-    printf "$COL_YELLOW" "** Installing $DEPENDENCYCOMMAND"
-    install_pkg $DEPENDENCYPACKAGE
-
-    if is_command $DEPENDENCYCOMMAND;
-    then
-      printf "$COL_GREEN" "** $DEPENDENCYCOMMAND Installation Success"
-    else
-      printf "$COL_RED" "** Error Installing $DEPENDENCYCOMMAND"
-    fi
-
-  fi
-## End Of loop
-done
-
-
-if is_command "unattended-upgrades";
-then
-  printf "$COL_YELLOW" "** unattended-upgrades priority being set to low."
-  dpkg-reconfigure --priority=low unattended-upgrades
-fi
diff --git a/05-Setting_TimeZone.sh b/10-Setting_TimeZone.sh
similarity index 100%
rename from 05-Setting_TimeZone.sh
rename to 10-Setting_TimeZone.sh
diff --git a/15-Tweaking_Systemd_Journalling.sh b/15-Tweaking_Systemd_Journalling.sh
deleted file mode 100644
index 3e7f5c0..0000000
--- a/15-Tweaking_Systemd_Journalling.sh
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/bin/bash
-
-## Script Location
-SCRIPTDIR=$(dirname $0)
-source "$SCRIPTDIR/common/colors.sh"
-source "$SCRIPTDIR/common/functions.sh"
-source "$SCRIPTDIR/common/load-defaults.sh"
-
-printf "$COL_LIGHT_BLUE" "* Vaccuming Systemd Journal"
-journalctl --vacuum-size=50M
-
-printf "$COL_LIGHT_BLUE" "* Checking for Systemd Journal directory"
-journal_directory="/var/log/journal"
-if [ ! -d "$journal_directory" ]; then
-  printf "$COL_YELLOW" "** creating Systemd Journal installation directory"
-  mkdir $journal_directory
-fi
-
-systemd_journald_conf="/etc/systemd/journald.conf"
-if (whiptail --title "Systemd Journalling limits" --yes-button "yes" --no-button "no" --yesno "Do You want to limit systemd journalling?" 10 80)
-then
-
-  if [[ $(grep -L "Change Logging maximums" $systemd_journald_conf) ]]; then
-    printf "$COL_YELLOW" "** Limitting"
-
-    cat <<EOT >> $systemd_journald_conf
-#Change Logging maximums
-RuntimeMaxFileSize=50
-RuntimeMaxFiles=100
-EOT
-  else
-    printf "$COL_YELLOW" "** not limitting"
-
-  fi
-
-fi
-
-systemctl restart systemd-journald
diff --git a/20-Checking_Dependencies.sh b/20-Checking_Dependencies.sh
new file mode 100644
index 0000000..8a02260
--- /dev/null
+++ b/20-Checking_Dependencies.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+## Script Location
+SCRIPTDIR=$(dirname $0)
+source "$SCRIPTDIR/common/colors.sh"
+source "$SCRIPTDIR/common/functions.sh"
+source "$SCRIPTDIR/common/load-defaults.sh"
+
+install_dependencies() {
+  ## Start File Loop
+  ## For .dependency files In The dependencies Directory
+  DEPENDENCIESALL="$SCRIPTDIR/dependencies/*.dep"
+  for f in $DEPENDENCIESALL
+  do
+
+    ## Name Of Package
+    DEPENDENCYCOMMAND=$(echo "`basename $f | cut -f 1 -d '.'`")
+
+    ## Actual Package
+    DEPENDENCYPACKAGE=`cat $f`
+
+    printf "$COL_LIGHT_BLUE" "* Checking For command $DEPENDENCYCOMMAND with package name $DEPENDENCYPACKAGE"
+
+    if is_command $DEPENDENCYCOMMAND;
+    then
+      printf "$COL_YELLOW" "** $DEPENDENCYCOMMAND Is Already Installed."
+
+    else
+      printf "$COL_YELLOW" "** Installing $DEPENDENCYCOMMAND"
+      install_pkg $DEPENDENCYPACKAGE
+
+      if is_command $DEPENDENCYCOMMAND;
+      then
+        printf "$COL_GREEN" "** $DEPENDENCYCOMMAND Installation Success"
+      else
+        printf "$COL_RED" "** Error Installing $DEPENDENCYCOMMAND"
+      fi
+
+    fi
+  ## End Of loop
+  done
+}
+
+pkgmgr_update
+install_dependencies
diff --git a/25-Unattended_Upgrades.sh b/25-Unattended_Upgrades.sh
new file mode 100644
index 0000000..37689cb
--- /dev/null
+++ b/25-Unattended_Upgrades.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+## Script Location
+SCRIPTDIR=$(dirname $0)
+source "$SCRIPTDIR/common/colors.sh"
+source "$SCRIPTDIR/common/functions.sh"
+source "$SCRIPTDIR/common/load-defaults.sh"
+
+if is_command "unattended-upgrades";
+then
+  printf "$COL_YELLOW" "** unattended-upgrades"
+  dpkg-reconfigure --priority=$unattended_upgrades_priority unattended-upgrades
+fi
diff --git a/30-Checking_Topgrade_Installation_Status.sh b/30-Checking_Topgrade_Installation_Status.sh
index 9474c7f..7412b8a 100644
--- a/30-Checking_Topgrade_Installation_Status.sh
+++ b/30-Checking_Topgrade_Installation_Status.sh
@@ -6,45 +6,55 @@ source "$SCRIPTDIR/common/colors.sh"
 source "$SCRIPTDIR/common/functions.sh"
 source "$SCRIPTDIR/common/load-defaults.sh"
 
-printf "$COL_LIGHT_BLUE" "* Checking for topgrade directory"
 topgrade_install_directory="/opt/topgrade"
-if [ ! -d "$topgrade_install_directory" ]; then
-  printf "$COL_YELLOW" "** creating topgrade installation directory"
-  mkdir $topgrade_install_directory
-fi
-
-printf "$COL_LIGHT_BLUE" "* Checking for topgrade binary"
 topgrade_binary="/opt/topgrade/topgrade"
-topgrade_tar="/opt/topgrade/topgrade.tar.gz"
-topgrade_git_owner="r-darwish"
-topgrade_git_repo="topgrade"
-if [ ! -f "$topgrade_binary" ]; then
-  printf "$COL_YELLOW" "** topgrade binary missing, installing now"
+
+install_topgrade() {
+  topgrade_tar="/opt/topgrade/topgrade.tar.gz"
+  topgrade_git_owner="r-darwish"
+  topgrade_git_repo="topgrade"
   newest_release_url=$(curl -sL https://api.github.com/repos/$topgrade_git_owner/$topgrade_git_repo/releases/latest | jq -r ".assets[].browser_download_url" | grep x86_64-unknown-linux-gnu.tar.gz)
   wget $newest_release_url -q -O "$topgrade_tar"
   tar -xvf $topgrade_tar -C $topgrade_install_directory
   rm $topgrade_tar
   chmod +x $topgrade_binary
-else
-  printf "$COL_YELLOW" "** topgrade binary exists"
-fi
+}
 
-if [ ! -f "$topgrade_binary" ]; then
-  printf "$COL_RED" "** topgrade binary not present at $topgrade_binary"
-else
+update_topgrade() {
   current_version=$($topgrade_binary --version | sed 's/[A-Za-z]*//g')
   printf "$COL_GREEN" "** Locally installed topgrade version: $current_version"
   newest_release=$(curl -sL https://api.github.com/repos/$topgrade_git_owner/$topgrade_git_repo/releases/latest | jq -r ".tag_name" | sed 's/[A-Za-z]*//g')
   printf "$COL_GREEN" "** Online topgrade version: $newest_release"
+
+  if [ "$current_version" != "$newest_release" ]; then
+    printf "$COL_LIGHT_BLUE" "* Updating topgrade binary"
+    install_topgrade
+  fi
+}
+
+check_topgrade_dir() {
+  if [ ! -d "$topgrade_install_directory" ]; then
+    printf "$COL_YELLOW" "** creating topgrade installation directory"
+    mkdir $topgrade_install_directory
+  else
+    printf "$COL_YELLOW" "** topgrade installation directory exists"
+  fi
+}
+
+printf "$COL_LIGHT_BLUE" "* Checking for topgrade directory"
+check_topgrade_dir
+
+
+printf "$COL_LIGHT_BLUE" "* Checking for topgrade binary"
+if [ ! -f "$topgrade_binary" ]; then
+  printf "$COL_YELLOW" "** topgrade binary missing, installing now"
+  install_topgrade
+else
+  printf "$COL_LIGHT_BLUE" "* Checking for topgrade binary updates"
+  update_topgrade
 fi
 
 printf "$COL_LIGHT_BLUE" "checking for topgrade confs"
 custom_topgrade_confs_path="/etc/topgrade"
 custom_topgrade_confs_git="https://git.deathbybandaid.net/deathbybandaid/topgrade.git"
 git_update "topgrade" "$custom_topgrade_confs_path" "$custom_topgrade_confs_git"
-
-## Update
-if [ -f "$topgrade_binary" ]; then
-  printf "$COL_CYAN" "* Running topgrade"
-  $topgrade_binary
-fi
diff --git a/35-Runing_Topgrade.sh b/35-Runing_Topgrade.sh
new file mode 100644
index 0000000..44541ef
--- /dev/null
+++ b/35-Runing_Topgrade.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+## Script Location
+SCRIPTDIR=$(dirname $0)
+source "$SCRIPTDIR/common/colors.sh"
+source "$SCRIPTDIR/common/functions.sh"
+source "$SCRIPTDIR/common/load-defaults.sh"
+
+topgrade_install_directory="/opt/topgrade"
+topgrade_binary="/opt/topgrade/topgrade"
+
+## Update
+if [ -f "$topgrade_binary" ]; then
+  printf "$COL_CYAN" "* Running topgrade"
+  $topgrade_binary
+fi
diff --git a/40-Checking_Custom_Bash_Aliases.sh b/40-Checking_Custom_Bash_Aliases.sh
index 2958a5c..a4d7137 100644
--- a/40-Checking_Custom_Bash_Aliases.sh
+++ b/40-Checking_Custom_Bash_Aliases.sh
@@ -10,7 +10,7 @@ BASHRCFILE="$HOME/.bashrc"
 
 custom_bash_aliases_path="/etc/bash_aliases"
 custom_bash_aliases_git="https://git.deathbybandaid.net/deathbybandaid/bash_aliases.git"
-git_update "topgrade" "$custom_bash_aliases_path" "$custom_bash_aliases_git"
+git_update "Custom Bash Aliases" "$custom_bash_aliases_path" "$custom_bash_aliases_git"
 
 printf "$COL_LIGHT_BLUE" "* Checking if bash aliases are setup in ~/.bashrc"
 if [[ $(grep -L "$custom_bash_aliases_path" $BASHRCFILE) ]]; then
diff --git a/50-Checking_IPA_Realm_Join_Status.sh b/50-Checking_IPA_Realm_Join_Status.sh
deleted file mode 100644
index 45ba387..0000000
--- a/50-Checking_IPA_Realm_Join_Status.sh
+++ /dev/null
@@ -1,59 +0,0 @@
-#!/bin/bash
-
-## Script Location
-SCRIPTDIR=$(dirname $0)
-source "$SCRIPTDIR/common/colors.sh"
-source "$SCRIPTDIR/common/functions.sh"
-source "$SCRIPTDIR/common/load-defaults.sh"
-
-
-# TODO setup /etc/hosts with FQDN and FreeIPA servers
-
-printf "$COL_LIGHT_BLUE" "* Checking if system already contains Membership to FreeIPA Realm"
-realm_join=0
-if [[ ! -f /var/lib/ipa-client/sysrestore/sysrestore.state ]]
-then
-  printf "$COL_YELLOW" "** $HOSTNAME appears to not be joined to FreeIPA Server Realm"
-  realm_join=1
-else
-  printf "$COL_GREEN" "** $HOSTNAME appears to already be joined to FreeIPA Server Realm"
-fi
-
-## FreeIPA Realm Join
-if [ "$realm_join" == 1 ]; then
-  if (whiptail --title "FreeIPA Realm Join" --yes-button "yes" --no-button "no" --yesno "Do You want to join a FreeIPA Realm?" 10 80)
-  then
-
-    if [[ $HOSTNAME == *template* ]]; then
-      printf "$COL_RED" "** Hostname $HOSTNAME contains the word 'template', skipping realm joining"
-      realm_join=0
-    fi
-
-    if [ "$realm_join" == 1 ]; then
-      printf "$COL_YELLOW" "** Setting up ipa-client to join FreeIPA Server Realm"
-      freeipa_admin=$(whiptail --passwordbox "Please enter the user authorized to join FreeIPA realm: $freeipa_admin" 8 78 --title "FreeIPA Admin User Prompt" 3>&1 1>&2 2>&3)
-      freeipa_password=$(whiptail --passwordbox "Please enter the password for the FreeIPA admin user: $freeipa_admin" 8 78 --title "FreeIPA Password Prompt" 3>&1 1>&2 2>&3)
-      ipa-client-install --mkhomedir --no-ntp --principal="$freeipa_admin" --password="$freeipa_password" --enable-dns-updates --unattended
-    fi
-  else
-    printf "$COL_CYAN"  "** Skipping realm joining"
-  fi
-fi
-
-
-if [[ ! -f /var/lib/ipa-client/sysrestore/sysrestore.state ]]
-then
-  printf "$COL_YELLOW" "** $HOSTNAME appears to not be joined to FreeIPA Server Realm, skipping Cert Question"
-else
-  printf "$COL_GREEN" "** $HOSTNAME appears to be joined to FreeIPA Server Realm, Checking if user wants a cert."
-
-  if (whiptail --title "FreeIPA CA" --yes-button "yes" --no-button "no" --yesno "Do You want to use FreeIPA as a CA and get a certificate?" 10 80)
-  then
-    mkdir -p /etc/certmonger/certs
-    ipa-getcert request -f /etc/certmonger/certs/app.crt -k /etc/certmonger/certs/app.key -K HTTP/$(hostname -f) -D $(hostname -f) -N $(hostname -f)
-    sudo getcert list
-  else
-    printf "$COL_CYAN"  "** Skipping Cert Grabbing"
-  fi
-
-fi
diff --git a/50-Tweaking_Systemd_Journalling.sh b/50-Tweaking_Systemd_Journalling.sh
new file mode 100644
index 0000000..ca3e442
--- /dev/null
+++ b/50-Tweaking_Systemd_Journalling.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+## Script Location
+SCRIPTDIR=$(dirname $0)
+source "$SCRIPTDIR/common/colors.sh"
+source "$SCRIPTDIR/common/functions.sh"
+source "$SCRIPTDIR/common/load-defaults.sh"
+
+
+do_limit_journal() {
+  systemd_journald_conf="/etc/systemd/journald.conf"
+  if [[ $(grep -L "Change Logging maximums" $systemd_journald_conf) ]]; then
+    printf "$COL_YELLOW" "** Applying Systemd Journal tweak"
+    cat <<EOT >> $systemd_journald_conf
+#Change Logging maximums
+RuntimeMaxFileSize=50
+RuntimeMaxFiles=100
+EOT
+  else
+    printf "$COL_YELLOW" "** Systemd Journal tweak already applied"
+  fi
+}
+
+printf "$COL_LIGHT_BLUE" "* Checking for Systemd Journal directory"
+journal_directory="/var/log/journal"
+if [ ! -d "$journal_directory" ]; then
+  printf "$COL_YELLOW" "** creating Systemd Journal installation directory"
+  mkdir $journal_directory
+fi
+
+if [ "$systemd_journaling_tweak" == "ask" ]; then
+  if (whiptail --title "Systemd Journalling limits" --yes-button "yes" --no-button "no" --yesno "Do You want to limit systemd journalling?" 10 80)
+  then
+    systemd_journaling_tweak=1
+  else
+    systemd_journaling_tweak=0
+  fi
+fi
+
+
+if [ "$systemd_journaling_tweak" == 1 ]; then
+  printf "$COL_YELLOW" "** Limitting"
+  do_limit_journal
+  systemctl restart systemd-journald
+else
+  printf "$COL_YELLOW" "** not Applying Systemd Journal tweak"
+fi
diff --git a/55-Vaccuming_Systemd_Journalling.sh b/55-Vaccuming_Systemd_Journalling.sh
new file mode 100644
index 0000000..f4aa351
--- /dev/null
+++ b/55-Vaccuming_Systemd_Journalling.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+## Script Location
+SCRIPTDIR=$(dirname $0)
+source "$SCRIPTDIR/common/colors.sh"
+source "$SCRIPTDIR/common/functions.sh"
+source "$SCRIPTDIR/common/load-defaults.sh"
+
+printf "$COL_LIGHT_BLUE" "* Vaccuming Systemd Journal"
+journalctl --vacuum-size=50M
diff --git a/20-Updating_Custom_MOTD.sh b/60-Updating_Custom_MOTD.sh
similarity index 100%
rename from 20-Updating_Custom_MOTD.sh
rename to 60-Updating_Custom_MOTD.sh
diff --git a/90-Checking_IPA_Realm_Join_Status.sh b/90-Checking_IPA_Realm_Join_Status.sh
new file mode 100644
index 0000000..644b781
--- /dev/null
+++ b/90-Checking_IPA_Realm_Join_Status.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+## Script Location
+SCRIPTDIR=$(dirname $0)
+source "$SCRIPTDIR/common/colors.sh"
+source "$SCRIPTDIR/common/functions.sh"
+source "$SCRIPTDIR/common/load-defaults.sh"
+
+# TODO setup /etc/hosts with FQDN and FreeIPA servers
+
+printf "$COL_LIGHT_BLUE" "* Checking if system already contains Membership to FreeIPA Realm"
+realm_join=0
+if [[ ! -f /var/lib/ipa-client/sysrestore/sysrestore.state ]]
+then
+  printf "$COL_YELLOW" "** $HOSTNAME appears to not be joined to FreeIPA Server Realm"
+  realm_join=$freeipa_join_realm
+else
+  printf "$COL_GREEN" "** $HOSTNAME appears to already be joined to FreeIPA Server Realm"
+fi
+
+if [ "$freeipa_join_realm" == "ask" ]; then
+  if (whiptail --title "FreeIPA Realm Join" --yes-button "yes" --no-button "no" --yesno "Do You want to join a FreeIPA Realm?" 10 80)
+  then
+    realm_join=1
+  else
+    realm_join=0
+  fi
+fi
+
+
+if [ "$realm_join" == 1 ]; then
+  if [[ $HOSTNAME == *template* ]]; then
+    printf "$COL_RED" "** Hostname $HOSTNAME contains the word 'template', skipping realm joining"
+    realm_join=0
+  fi
+fi
+
+## FreeIPA Realm Join
+if [ "$realm_join" == 1 ]; then
+  printf "$COL_YELLOW" "** Setting up ipa-client to join FreeIPA Server Realm"
+  freeipa_admin=$(whiptail --passwordbox "Please enter the user authorized to join FreeIPA realm: $freeipa_admin" 8 78 --title "FreeIPA Admin User Prompt" 3>&1 1>&2 2>&3)
+  freeipa_password=$(whiptail --passwordbox "Please enter the password for the FreeIPA admin user: $freeipa_admin" 8 78 --title "FreeIPA Password Prompt" 3>&1 1>&2 2>&3)
+  ipa-client-install --mkhomedir --no-ntp --principal="$freeipa_admin" --password="$freeipa_password" --enable-dns-updates --unattended
+else
+  printf "$COL_CYAN"  "** Skipping realm joining"
+fi
diff --git a/95-FreeIPA_CA.sh b/95-FreeIPA_CA.sh
new file mode 100644
index 0000000..b3a885b
--- /dev/null
+++ b/95-FreeIPA_CA.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+## Script Location
+SCRIPTDIR=$(dirname $0)
+source "$SCRIPTDIR/common/colors.sh"
+source "$SCRIPTDIR/common/functions.sh"
+source "$SCRIPTDIR/common/load-defaults.sh"
+
+printf "$COL_LIGHT_BLUE" "* Checking if system already contains Membership to FreeIPA Realm"
+realm_get_ca=0
+if [[ ! -f /var/lib/ipa-client/sysrestore/sysrestore.state ]]
+then
+  printf "$COL_YELLOW" "** $HOSTNAME appears to not be joined to FreeIPA Server Realm"
+  realm_get_ca=$freeipa_ca
+else
+  printf "$COL_GREEN" "** $HOSTNAME appears to already be joined to FreeIPA Server Realm"
+fi
+
+if [ "$freeipa_ca" == "ask" ]; then
+  if (whiptail --title "FreeIPA Realm Join" --yes-button "yes" --no-button "no" --yesno "Do You want to use FreeIPA as a CA and get a certificate?" 10 80)
+  then
+    realm_get_ca=1
+  else
+    realm_get_ca=0
+  fi
+fi
+
+## FreeIPA get ca
+if [ "$realm_get_ca" == 1 ]; then
+  printf "$COL_YELLOW" "** Grabbing Cert"
+  mkdir -p /etc/certmonger/certs
+  ipa-getcert request -f /etc/certmonger/certs/app.crt -k /etc/certmonger/certs/app.key -K HTTP/$(hostname -f) -D $(hostname -f) -N $(hostname -f)
+  sudo getcert list
+else
+  printf "$COL_CYAN"  "** Skipping Cert Grabbing"
+fi
diff --git a/common/defaults-blank b/common/defaults-blank
index 7d18991..a16f4a8 100644
--- a/common/defaults-blank
+++ b/common/defaults-blank
@@ -1 +1,5 @@
 desired_timezone=0
+unattended_upgrades_priority="low"
+systemd_journaling="ask"
+freeipa_join_realm="ask"
+freeipa_ca="ask"
diff --git a/common/defaults-dbb b/common/defaults-dbb
index 2730fd2..eecc902 100644
--- a/common/defaults-dbb
+++ b/common/defaults-dbb
@@ -1 +1,5 @@
 desired_timezone="America/Detroit"
+unattended_upgrades_priority="medium"
+systemd_journaling_tweak=1
+freeipa_join_realm=1
+freeipa_ca=1
diff --git a/template_setup.sh b/template_setup.sh
index 008ce82..ea10440 100644
--- a/template_setup.sh
+++ b/template_setup.sh
@@ -17,7 +17,6 @@ do
   printf "${COL_CYAN}" "$TOPLEVELSUBDIRSCRIPTTEXT"
 
   /bin/bash $scriptfile $load_defaults
-  exit
 
   echo ""
 done