Last active
February 19, 2019 17:20
-
-
Save ErickAgrazal/1e044fd62aa8a92c4a4929f6b023a70e to your computer and use it in GitHub Desktop.
Automated initial Server setup with Docker for Ubuntu server.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -euo pipefail | |
######################## | |
### SCRIPT VARIABLES ### | |
######################## | |
# Name of the user to create and grant sudo privileges | |
USERNAME=sammy | |
# Whether to copy over the root user's `authorized_keys` file to the new sudo | |
# user. | |
COPY_AUTHORIZED_KEYS_FROM_ROOT=true | |
# Whether to install docker or not | |
INSTALL_DOCKER=true | |
INSTALL_DOCKER_COMPOSE=true | |
DOCKER_COMPOSE_VERSION=1.23.2 | |
# Additional public keys to add to the new sudo user | |
# OTHER_PUBLIC_KEYS_TO_ADD=( | |
# "ssh-rsa AAAAB..." | |
# "ssh-rsa AAAAB..." | |
# ) | |
OTHER_PUBLIC_KEYS_TO_ADD=( | |
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTw8ivjItBWNiKMLjYqn7+D3XEvyNOAbn+fHHh2yoJif2o9xqjVjG0qT+ExAmPaR4tw1idH2PiE7w4YNhaRognOPoKkRwh6v93AB3alOUCzRqg888p2COet07qf2EWNxqcqpi1g7aqkGFROqJo6rS9RaLLXglbX6XB5ji86Z9/gUcGFHlvIGxh0vMFDbgxvTrQyaBiw1fUi8C8nkeaZXFiMKK9KR4lseuzd1k+J+nu7FsdgblQeA7pwcJ8fJkvRoQ1wQQMDtzPudKDyi7vQK9WUhZYh25LjDn2osE3XVnAQNHU6+Rrpvb15yQgJ+CJ+WRQ8HspMeFE1IMt1r6nO5RsMherPQHrFgg7iUbwslAQPU7eu/A8ovxNXX6/zx7w7UYizNmH7QLj8rzqsiH5RLxRprznfu+0JNUnNS2/f+Nn9Mqmzig4hutKWajwHywl0jeg2Pn4UZb9h9d0fMld0zKIja1n4jySE4i1qQEU3SBKZKLq5jJL+zRY0E49/FezFgpReIlscOc3iLRFfPNMZY5ib9FXwY290v9KyRWjlXs6ETrL8zDpAoqmFlEL2AXtmdPnM/NGFfb1vNNqrHJpmj/kpFq8Zx/WUCJs+NJcK1oW7wHJxyKEGjm+ruXSdE1sZVGF9ZiZOIMleK1Q38jd9esd63aQaLoJp9+iCJNg6QtdYw== erick.agrazal@gmail.com" | |
) | |
#################### | |
### SCRIPT LOGIC ### | |
#################### | |
# Add sudo user and grant privileges | |
useradd --create-home --shell "/bin/bash" --groups sudo "${USERNAME}" | |
# Check whether the root account has a real password set | |
encrypted_root_pw="$(grep root /etc/shadow | cut --delimiter=: --fields=2)" | |
if [ "${encrypted_root_pw}" != "*" ]; then | |
# Transfer auto-generated root password to user if present | |
# and lock the root account to password-based access | |
echo "${USERNAME}:${encrypted_root_pw}" | chpasswd --encrypted | |
passwd --lock root | |
else | |
# Delete invalid password for user if using keys so that a new password | |
# can be set without providing a previous value | |
passwd --delete "${USERNAME}" | |
fi | |
# Expire the sudo user's password immediately to force a change | |
chage --lastday 0 "${USERNAME}" | |
# Create SSH directory for sudo user | |
home_directory="$(eval echo ~${USERNAME})" | |
mkdir --parents "${home_directory}/.ssh" | |
# Copy `authorized_keys` file from root if requested | |
if [ "${COPY_AUTHORIZED_KEYS_FROM_ROOT}" = true ]; then | |
cp /root/.ssh/authorized_keys "${home_directory}/.ssh" | |
fi | |
# Add additional provided public keys | |
for pub_key in "${OTHER_PUBLIC_KEYS_TO_ADD[@]}"; do | |
echo "${pub_key}" >> "${home_directory}/.ssh/authorized_keys" | |
done | |
# Adjust SSH configuration ownership and permissions | |
chmod 0700 "${home_directory}/.ssh" | |
chmod 0600 "${home_directory}/.ssh/authorized_keys" | |
chown --recursive "${USERNAME}":"${USERNAME}" "${home_directory}/.ssh" | |
# Disable root SSH login with password | |
sed --in-place 's/^PermitRootLogin.*/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config | |
if sshd -t -q; then | |
systemctl restart sshd | |
fi | |
# Add exception for SSH and then enable UFW firewall | |
ufw allow OpenSSH | |
ufw --force enable | |
if [ "${INSTALL_DOCKER}" = true ]; then | |
echo 'Installing docker ...' | |
sudo apt-get -y update | |
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common | |
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - | |
sudo apt-key fingerprint 0EBFCD88 | |
sudo add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | |
sudo apt-get -y update | |
sudo apt-get -y install docker-ce | |
echo 'Finished docker install.' | |
fi | |
if [ "${INSTALL_DOCKER_COMPOSE}" = true ]; then | |
echo 'Installing docker-compose...' | |
sudo curl -L --fail "https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/run.sh" -o /usr/local/bin/docker-compose | |
sudo chmod +x /usr/local/bin/docker-compose | |
echo 'Finished docker-compose install.' | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment