tikkerei
3/26/2018 - 8:41 PM

vps-run.sh

vps-run.sh

#!/bin/bash
#
# This script will work on Ubuntu 16.10, 16.04, 14.04
# Other distributions are not tested
#
# BUGS: https://github.com/nsotnikov/my-first-minutes-on-ubuntu-for-docker/issues
# COPYRIGHT: (c) 2017 Nikolaj Sotnikov 
#======================================================================================================================
# How to run the script:
#====================================================================================================================== 
# $ curl -sL https://git.io/vylnt | bash -s \
#   HOSTNAME="example.org" \
#   LANG="de_DE.UTF-8" \
#
#======================================================================================================================
# Aviable Variables:
#======================================================================================================================
#   HOSTNAME="example.org" \
#   LANG="de_DE.UTF-8"  \
#   TIMEZONE="Europe/Berlin"  \
#   USER="deploy"  \
#   PASSWORD="my_height_encrypted_password"  \
#   DIS_ROOT_SSH="Y"  \
#   INS_DOCKER="Y"  \
#   SECURITY="Y"  \
#   CUSTOM="echo hello world!"  \
#   SSH_KEY="ssh-rsa AAAAB3NzaCug..."  \
#
#======================================================================================================================
# Sources:
#======================================================================================================================
# https://github.com/sssmoves/web-init-script/tree/master/setup
# https://www.codelitt.com/blog/my-first-10-minutes-on-a-server-primer-for-securing-ubuntu/
# https://www.digitalocean.com/community/tutorials/how-to-configure-the-linux-firewall-for-docker-swarm-on-ubuntu-16-04
# https://github.com/saltstack/salt-bootstrap
#
# Notes:
# curl -sL https://git.io/vylnt | bash -s -- arg1 arg2
# bash <( curl -sL https://git.io/vylnt ) arg1 arg2



clear

if [[ ! -e /etc/debian_version ]]; then
    echo "Looks like you aren't running this installer on a Debian or Ubuntu"
	  exit 
fi

if [[ $EUID -ne 0 ]]; then
	echo
	echo "This script must be run as root."
	echo
	exit
fi

#if getent passwd $USER > /dev/null 2>&1; then
if id $USER >/dev/null 2>&1; then
    echo "User [$USER] is already exists!"
    echo "Please change username and try again."
    echo
    exit
fi

function hide {
	# This function hides the output of a command unless the command fails
	# and returns a non-zero exit code.

	# Get a temporary file.
	OUTPUT=$(tempfile)

	# Execute command, redirecting stderr/stdout to the temporary file.
	$@ &> $OUTPUT

	# If the command failed, show the output that was captured in the temporary file.
	E=$?
	if [ $E != 0 ]; then
		# Something failed.
		echo
		echo FAILED: $@
		echo -----------------------------------------
		cat $OUTPUT
		echo -----------------------------------------
		exit $E
	fi

	# Remove temporary file.
	rm -f $OUTPUT
}
echo 
echo 
echo "WELCOME TO THE MY-FIRST-MINUTES-ON-UBUNTU-FOR-DOCKER SCRIPT"
echo
echo " If you have any issues, please visit:"
echo " https://github.com/nsotnikov/my-first-minutes-on-a-ubuntu-for-docker"
echo
echo "Performing apt update/upgrade and enable auto security updates."
echo "---------------------------------------------------------------"
printf "   - performing updates, please wait..."
hide apt-get -y update
printf "done\n"
printf "   - installing upgrades, please wait..."
hide apt-get -y upgrade
printf "done\n"
printf "   - installing unattended-upgrades..."
hide apt-get install unattended-upgrades
hide dpkg-reconfigure -f noninteractive --priority=low unattended-upgrades
printf "done.\n"

echo
echo "Change hostname, locale and timezone"
echo "---------------------------------------------------------------"
if [[ ! -z $HOSTNAME ]]; then
  printf "   - set hostname to $HOSTNAME..."
  hide hostname $HOSTNAME
  hide hostnamectl set-hostname $HOSTNAME
  printf "done.\n"
fi
if [[ ! -z $LANG ]]; then  
  printf "   - generating locales $LANG..."
  hide locale-gen $LANG
  hide update-locale $LANG
  printf "done.\n"
fi  
if [[ ! -z $TIMEZONE ]]; then
  printf "   - set timezone to $TIMEZONE..."
# to list all timezones run 
# $ timedatectl list-timezones
  hide timedatectl set-timezone $TIMEZONE
  printf "done.\n"
fi  


echo 
echo "New user, sudoers and ssh public key (if set)"
echo "---------------------------------------------------------------"
if [ ! -z $USER -a ! -z $PASSWORD ]; then  
  printf "   - adding new user [$USER]..."
  hide useradd -m -s /bin/bash -p $(openssl passwd -1 $PASSWORD) $USER
  printf "done.\n"
  printf "   - grant sudo privileges..."
  hide usermod -aG sudo $USER
  printf "done.\n"
  printf "   - disable password for sudo..."
  hide echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
  printf "done.\n"
  if [[ ! -z $SSH_KEY ]]; then
    printf "   - adding public key..."
    hide mkdir /home/$USER/.ssh
    hide echo $SSH_KEY > /home/$USER/.ssh/authorized_keys
    printf "done.\n"
    printf "   - change ssh key rights to..."
    hide chmod 400 /home/$USER/.ssh/authorized_keys
    hide chown $USER:$USER /home/$USER -R
    printf "done.\n"
  fi
fi
if [[ $DISABLE_ROOT_SSH == [yY] ]]; then  
  printf "   - turn off root ssh login..."
  sed -i "s/PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config
  printf "done.\n"
fi

if [[ $SECURITY == [yY] ]]; then
  echo
  echo "Enable firewall, update rules, installing useful tools like fail2ban\n"
  echo "---------------------------------------------------------------"
  printf "   - install firewall and useful tools like fail2ban, git..."
  hide apt-get -y install ufw fail2ban htop git
  printf "done.\n"
  printf "   - update firewall rules..."
  hide ufw allow 22
  hide ufw allow 80 # HTTP port
  hide ufw allow 443 # WHTTPS port
# Change to Enable default forward policy, only for old Docker versions.
# sed -i 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/g' /etc/default/ufw
  if [[ $INS_DOCKER == [yY] ]]; then
    hide ufw allow 2376 # Docker for client communication
    hide ufw allow 2377 # Docker cluster management communications
    hide ufw allow 4789 # Docker for overlay network traffic
    hide ufw allow 7946 # Docker for communication among nodes
  fi
  hide ufw default deny incoming
  hide ufw default allow outgoing
  hide service ufw restart
  printf "done.\n"
fi

if [[ $INS_DOCKER == [yY] ]]; then
	echo 
  echo "Installing Docker"
	echo "---------------------------------------------------------------"
  printf "   - installing prerequisites ..."
  hide apt-get -y install apt-transport-https ca-certificates curl 
  printf "done.\n"
  printf "   - adding pgp key and apt-repository..."
  curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
  add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
  printf "done.\n"
  printf "   - performing apt update..."
  hide apt-get update
  printf "done.\n"
  printf "   - installind Docker, and enable autostart, pleasse wait..."
  hide apt-get -y --allow-unauthenticated install docker-ce
  hide groupadd docker
  hide usermod -aG docker $USER
  hide systemctl enable docker
  printf "done.\n"
fi

echo
echo "Clean up..."
echo "---------------------------------------------------------------"
printf "   - clean up install files, and history..."
hide apt-get -y autoremove --purge
hide apt-get -y clean
history -c && history -w
hide rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
printf "done.\n\n"

if [[ ! -z $LANG ]]; then
  echo "Run custom command"
  echo "---------------------------------------------------------------"
  echo
  bash -c "$CUSTOM"
fi
echo
echo "---------------------------------------------------------------"
echo "---------------------------------------------------------------"
echo
echo "   Completed!"
echo "   Dont forget to disable the password for ssh user login!"
echo
exit