Fi3/zero.py

## zero.py
"""
Basic server settings ok for development and for production
"""
from subprocess import STDOUT, check_call, PIPE, Popen, call, check_output
import os
from zeroUtility import *

linuxVersion = check_output(['uname','-r']).split('\n')[0]

programs = (['vim-nox', 'tmux', 'python-pip', 'python-virtualenv', 'python-dev',
             'zsh', 'libpam-google-authenticator', 'golang', 'linux-image-extra-'+linuxVersion,
             'fail2ban', 'unattended-upgrades', 'git', 'telnet', 'nmap', 'ufw'])

#vimrc = 'https://gist.githubusercontent.com/Fi3/19e7f677c79f19d878eb/raw/04b107c8761ddd271e75227609a8b05dd4dc457a/.vimrc'
#zshrc = 'https://gist.githubusercontent.com/Fi3/5087c971613743695cd7/raw/fe680ab8dbf2fcedc42e186fb18b5f85e434fe85/.zshrc'
vimrc = raw_input('vimrc link:  ')
zshrc = raw_input('zshrc link:  ')
tmuxConf = raw_input('tmux.conf link:  ')

user = raw_input('user name:  ')

def setFirewall():
    check_call(['ufw','default','deny','incoming'],stdout=open(os.devnull,'wb'), stderr=STDOUT)
    check_call(['ufw','default','allow','outgoing'],stdout=open(os.devnull,'wb'), stderr=STDOUT)
    check_call(['ufw','allow','ssh'],stdout=open(os.devnull,'wb'), stderr=STDOUT)
    check_call(['ufw','allow','2222/tcp'],stdout=open(os.devnull,'wb'), stderr=STDOUT)
    check_call(['ufw','enable'],stdout=open(os.devnull,'wb'), stderr=STDOUT)

def setSsh(user):
    linePrepender('/etc/pam.d/sshd','auth required pam_google_authenticator.so')
    try:
        lineSubstitutor('/etc/ssh/sshd_config',
            'ChallengeResponseAuthentication no','ChallengeResponseAuthentication yes')
    except:
        pass
    env, pw = changeUser(user)
    call(['google-authenticator'], preexec_fn=demote(pw.pw_uid, pw.pw_gid), cwd=env['PWD'], env=env)
    check_call(['service','ssh','restart'],stdout=open(os.devnull,'wb'), stderr=STDOUT)

def installDocker():
    server = 'hkp://p80.pool.sks-keyservers.net:80'
    key = '58118E89F3A912897C070ADBF76221572C52609D'
    check_call(['apt-key','adv','--keyserver',server,'--recv-keys',key],stdout=open(os.devnull,'wb'), stderr=STDOUT)
    with open('/etc/apt/sources.list.d/docker.list', 'wb') as f:
        f.write('deb https://apt.dockerproject.org/repo ubuntu-trusty main')
    call(['apt-get','update'])
    call(['apt-get','-y','install','docker-engine'])

if __name__ == '__main__':
    #add user
    call(['useradd','-m',user])
    call(['passwd',user])
    call(['apt-get','install','apt-transport-https'])
    # Update and install
    call(['apt-get','update'])
    for program in programs:
        call(['apt-get','-y','install',program])
    #set firewall
    setFirewall()
    #set ssh
    setSsh(user)
    # Install docker
    installDocker()
    # Set automatic update
    call(['dpkg-reconfigure','--priority=low','unattended-upgrades'])
    # Configure sudo
    call(['sudo','adduser',user,'sudo'])
    # Set zsh as defoult shell
    zsh = check_output(['which','zsh'])
    call(['chsh','-s','/usr/bin/zsh',user])
    # Download configurations file
    call(['wget',vimrc,'-O','/home/'+user+'/.vimrc'])
    call(['wget',zshrc,'-O','/home/'+user+'/.zshrc'])
    call(['wget',tmuxConf,'-O','/home/'+user+'/.tmuxConf'])
    # Install vim plugin
    call(['mkdir','/home/'+user+'/.vim'])
    call(['mkdir','/home/'+user+'/.vim/autoload'])
    call(['mkdir','/home/'+user+'/.vim/bundle'])
    pathogen = 'https://raw.githubusercontent.com/tpope/vim-pathogen/master/autoload/pathogen.vim'
    call(['wget',pathogen,'-O','/home/'+user+'/.vim/autoload/pathogen.vim'])
    plugin = {}
    plugin['fakeclip'] = 'https://github.com/kana/vim-fakeclip.git'
    plugin['fugitive'] = 'https://github.com/tpope/vim-fugitive.git'
    plugin['nerdtree'] = 'https://github.com/scrooloose/nerdtree.git'
    plugin['pythonMode'] = 'https://github.com/klen/python-mode'
    plugin['jshint'] = 'https://github.com/wookiehangover/jshint.vim'
    for url in plugin:
      call(['git','clone',plugin[url],'/home/'+user+'/.vim/bundle/'+url])
    # Install tmux plugin
    call(['mkdir','/home/'+user+'/.tmux'])
    call(['mkdir','/home/'+user+'/.tmux/plugins'])
    plugin = {}
    plugin['tpm'] = 'https://github.com/tmux-plugins/tpm'
    for url in plugin:
      call(['git','clone',plugin[url],'/home/'+user+'/.tmux/plugin/'+url])
	"""
	Basic server settings ok for development and for production
	"""
	from subprocess import STDOUT, check_call, PIPE, Popen, call, check_output
	import os
	from zeroUtility import *

	linuxVersion = check_output(['uname','-r']).split('\n')[0]

	programs = (['vim-nox', 'tmux', 'python-pip', 'python-virtualenv', 'python-dev',
	'zsh', 'libpam-google-authenticator', 'golang', 'linux-image-extra-'+linuxVersion,
	'fail2ban', 'unattended-upgrades', 'git', 'telnet', 'nmap', 'ufw'])

	#vimrc = 'https://gist.githubusercontent.com/Fi3/19e7f677c79f19d878eb/raw/04b107c8761ddd271e75227609a8b05dd4dc457a/.vimrc'
	#zshrc = 'https://gist.githubusercontent.com/Fi3/5087c971613743695cd7/raw/fe680ab8dbf2fcedc42e186fb18b5f85e434fe85/.zshrc'
	vimrc = raw_input('vimrc link: ')
	zshrc = raw_input('zshrc link: ')
	tmuxConf = raw_input('tmux.conf link: ')

	user = raw_input('user name: ')

	def setFirewall():
	check_call(['ufw','default','deny','incoming'],stdout=open(os.devnull,'wb'), stderr=STDOUT)
	check_call(['ufw','default','allow','outgoing'],stdout=open(os.devnull,'wb'), stderr=STDOUT)
	check_call(['ufw','allow','ssh'],stdout=open(os.devnull,'wb'), stderr=STDOUT)
	check_call(['ufw','allow','2222/tcp'],stdout=open(os.devnull,'wb'), stderr=STDOUT)
	check_call(['ufw','enable'],stdout=open(os.devnull,'wb'), stderr=STDOUT)

	def setSsh(user):
	linePrepender('/etc/pam.d/sshd','auth required pam_google_authenticator.so')
	try:
	lineSubstitutor('/etc/ssh/sshd_config',
	'ChallengeResponseAuthentication no','ChallengeResponseAuthentication yes')
	except:
	pass
	env, pw = changeUser(user)
	call(['google-authenticator'], preexec_fn=demote(pw.pw_uid, pw.pw_gid), cwd=env['PWD'], env=env)
	check_call(['service','ssh','restart'],stdout=open(os.devnull,'wb'), stderr=STDOUT)

	def installDocker():
	server = 'hkp://p80.pool.sks-keyservers.net:80'
	key = '58118E89F3A912897C070ADBF76221572C52609D'
	check_call(['apt-key','adv','--keyserver',server,'--recv-keys',key],stdout=open(os.devnull,'wb'), stderr=STDOUT)
	with open('/etc/apt/sources.list.d/docker.list', 'wb') as f:
	f.write('deb https://apt.dockerproject.org/repo ubuntu-trusty main')
	call(['apt-get','update'])
	call(['apt-get','-y','install','docker-engine'])

	if __name__ == '__main__':
	#add user
	call(['useradd','-m',user])
	call(['passwd',user])
	call(['apt-get','install','apt-transport-https'])
	# Update and install
	call(['apt-get','update'])
	for program in programs:
	call(['apt-get','-y','install',program])
	#set firewall
	setFirewall()
	#set ssh
	setSsh(user)
	# Install docker
	installDocker()
	# Set automatic update
	call(['dpkg-reconfigure','--priority=low','unattended-upgrades'])
	# Configure sudo
	call(['sudo','adduser',user,'sudo'])
	# Set zsh as defoult shell
	zsh = check_output(['which','zsh'])
	call(['chsh','-s','/usr/bin/zsh',user])
	# Download configurations file
	call(['wget',vimrc,'-O','/home/'+user+'/.vimrc'])
	call(['wget',zshrc,'-O','/home/'+user+'/.zshrc'])
	call(['wget',tmuxConf,'-O','/home/'+user+'/.tmuxConf'])
	# Install vim plugin
	call(['mkdir','/home/'+user+'/.vim'])
	call(['mkdir','/home/'+user+'/.vim/autoload'])
	call(['mkdir','/home/'+user+'/.vim/bundle'])
	pathogen = 'https://raw.githubusercontent.com/tpope/vim-pathogen/master/autoload/pathogen.vim'
	call(['wget',pathogen,'-O','/home/'+user+'/.vim/autoload/pathogen.vim'])
	plugin = {}
	plugin['fakeclip'] = 'https://github.com/kana/vim-fakeclip.git'
	plugin['fugitive'] = 'https://github.com/tpope/vim-fugitive.git'
	plugin['nerdtree'] = 'https://github.com/scrooloose/nerdtree.git'
	plugin['pythonMode'] = 'https://github.com/klen/python-mode'
	plugin['jshint'] = 'https://github.com/wookiehangover/jshint.vim'
	for url in plugin:
	call(['git','clone',plugin[url],'/home/'+user+'/.vim/bundle/'+url])
	# Install tmux plugin
	call(['mkdir','/home/'+user+'/.tmux'])
	call(['mkdir','/home/'+user+'/.tmux/plugins'])
	plugin = {}
	plugin['tpm'] = 'https://github.com/tmux-plugins/tpm'
	for url in plugin:
	call(['git','clone',plugin[url],'/home/'+user+'/.tmux/plugin/'+url])