Skip to content

Instantly share code, notes, and snippets.

@MartiUK

MartiUK/Ubuntu_Install.stackscript.sh

Created August 2, 2013 07:42
Show Gist options
  • Save MartiUK/6138146 to your computer and use it in GitHub Desktop.
Save MartiUK/6138146 to your computer and use it in GitHub Desktop.
Download ZIP
Installs Ubuntu using stack scripting for linodes.
Raw
Ubuntu_Install.stackscript.sh
#!/bin/bash
# By Sun Liwen <sunliwen@gmail.com>
# Not fully tested.
function system_primary_ip {
# returns the primary IP assigned to eth0
echo $(ifconfig eth0 | awk -F: '/inet addr:/ {print $2}' | awk '{ print $1 }')
}
function get_rdns {
# calls host on an IP address and returns its reverse dns
if [ ! -e /usr/bin/host ]; then
aptitude -y install dnsutils > /dev/null
fi
echo $(host $1 | awk '/pointer/ {print $5}' | sed 's/\.$//')
}
function get_rdns_primary_ip {
# returns the reverse dns of the primary IP assigned to this system
echo $(get_rdns $(system_primary_ip))
}
function prep_system
{
#update system
#setup hostname
if [ -z "$HOSTNAME" ]
then
export HOSTNAME=$(get_rdns_primary_ip)
fi
HOST=$(echo $HOSTNAME | sed 's/\(\[a-z0-9\]\)*\..*/\1/')
echo "$HOST" > /etc/hostname
echo "`system_primary_ip` $HOSTNAME $HOST" >> /etc/hosts
start hostname
echo "/usr/sbin/nologin" >> /etc/shells
#set timezone to UTC
ln -s -f /usr/share/zoneinfo/Europe/London /etc/localtime
aptitude update
aptitude -y safe-upgrade
aptitude -y install python-software-properties
aptitude -y install debconf-utils
}
function install_nginx {
#add nginx ppa
if [ $NGINX_VERSION == "Yes" ]
then
add-apt-repository -y ppa:nginx/stable
aptitude update
fi
#Install nginx
aptitude -y install nginx
cat <<EOT > /etc/nginx/fastcgi_config
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort on;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_max_temp_file_size 0;
fastcgi_index index.php;
EOT
cat <<EOT > /etc/nginx/sites-available/nginx_status
server {
listen 127.0.0.1:80;
location /nginx_status {
stub_status on;
access_log off;
}
}
EOT
ln -s /etc/nginx/sites-available/nginx_status /etc/nginx/sites-enabled/nginx_status
mkdir -p /etc/munin/plugins/
ln -s /usr/share/munin/plugins/nginx_request /etc/munin/plugins/nginx_request
ln -s /usr/share/munin/plugins/nginx_status /etc/munin/plugins/nginx_status
mkdir -p /etc/munin/plugin-conf.d/
cat <<EOT >> /etc/munin/plugin-conf.d/nginx
[nginx*]
env.url http://localhost/nginx_status
EOT
service nginx start
sed -i 's/# gzip_types/gzip_types/' /etc/nginx/nginx.conf
sed -i 's/# gzip_vary/gzip_vary/' /etc/nginx/nginx.conf
}
function notification_email {
#mail root to confirm installation
mail -s "Linode "`cat /etc/hostname`" setup complete" root <<EOT
Your linode setup is complete, if you encounter problems or would like commercial support email sunliwen@gmail.com. Your linode will reboot shortly after this email is sent.
EOT
$(shutdown -r +1) &
}
function install_php_fpm {
#Install PHP and common extensions
aptitude -y install php5-fpm php5-cli php5-curl php5-gd php5-mcrypt php5-mysql php5-sqlite php-apc
#configure php to run as fcgi under user www-data on port 8000 edit init script to change this
sed -i 's/short_open_tag = On/short_open_tag = Off/' /etc/php5/fpm/php.ini
sed -i 's/disable_functions =/disable_functions = dl/' /etc/php5/fpm/php.ini
sed -i 's/expose_php = On/expose_php = Off/' /etc/php5/fpm/php.ini
sed -i 's/memory_limit = 128M/memory_limit = 32M/' /etc/php5/fpm/php.ini
sed -i 's/;arg_separator.output/arg_separator.output/' /etc/php5/fpm/php.ini
sed -i 's/;date.timezone =/date.timezone = UTC/' /etc/php5/fpm/php.ini
sed -i 's/session.name = PHPSESSID/session.name = SESSID/' /etc/php5/fpm/php.ini
sed -i 's@;error_log = syslog@error_log = /var/log/php/error.log@' /etc/php5/fpm/php.ini
mkdir -p /var/log/php/
chown www-data /var/log/php/
sed -i 's/#/;/' /etc/php5/conf.d/mcrypt.ini
}
function install_mysql
{
#Install mysql
echo "mysql-server-5.5 mysql-server/root_password password $MYSQL_PASSWORD" | debconf-set-selections
echo "mysql-server-5.5 mysql-server/root_password_again password $MYSQL_PASSWORD" | debconf-set-selections
aptitude -y install mysql-server mysql-client
innodb_memory=$(awk '/MemTotal/ {print int($2/3072)}' /proc/meminfo)
cat <<EOT > /etc/mysql/conf.d/innodb.cnf
[mysqld]
innodb_file_per_table
innodb_buffer_pool_size=${innodb_memory}M
innodb_additional_mem_pool_size=8M
EOT
#set charset to utf8
cat <<EOT > /etc/mysql/conf.d/charset.cnf
[mysqld]
character-set-server=utf8
collation-server=utf8_general_ci
EOT
#enable slow query logging to table compatible with mysql workbench
cat <<EOT > /etc/mysql/conf.d/logging.cnf
[mysqld]
slow_query_log = 1
slow_query_log_file = /var/log/mysql/mysql-slow.log
long_query_time = 1
log-queries-not-using-indexes
log-output=TABLE
EOT
#make pid file static name across installations
cat <<EOT > /etc/mysql/conf.d/pid.cnf
[mysqld]
pid-file = /var/lib/mysql/mysqld.pid
EOT
#limit number of simultanious connections to 20
cat <<EOT > /etc/mysql/conf.d/connections.cnf
[mysqld]
max_connections = 20
EOT
#drop myisam specific settings since I'm assuming you're using innodb
cat <<EOT > /etc/mysql/conf.d/myisam.cnf
[mysqld]
key_buffer_size = 256k
read_buffer_size = 256k
read_rnd_buffer_size = 256k
EOT
#add root password to .my.cnf to prevent prompting
cat <<EOT > /root/.my.cnf
[client]
user=root
password=$MYSQL_PASSWORD
EOT
chmod 0400 /root/.my.cnf
}
function install_postfix
{
#Install postfix
echo "postfix postfix/main_mailer_type select Internet Site" | debconf-set-selections
echo "postfix postfix/mailname string $HOSTNAME" | debconf-set-selections
echo "postfix postfix/destinations string localhost.localdomain, localhost, $HOSTNAME" | debconf-set-selections
aptitude -y install postfix mailutils
/usr/sbin/postconf -e "inet_interfaces = loopback-only"
#configure root alias
echo "root: $ROOT_EMAIL" >> /etc/aliases
echo "$USER_NAME: root" >> /etc/aliases
echo $HOSTNAME > /etc/mailname
/usr/bin/newaliases
}
function configure_ssh {
#setup ssh
#add ssh key
sudo -u $USER_NAME mkdir /home/$USER_NAME/.ssh
sudo -u $USER_NAME echo "${USER_SSHKEY}" >> /home/$USER_NAME/.ssh/authorized_keys
mkdir -p /root/.ssh/
echo "${USER_SSHKEY}" >> /root/.ssh/authorized_keys
chmod 0600 /home/$USER_NAME/.ssh/authorized_keys /root/.ssh/authorized_keys
chown $USER_NAME:$USER_NAME /home/$USER_NAME/.ssh/authorized_keys
sed -i "s/Port 22/Port $SSH_PORT/" /etc/ssh/sshd_config #set ssh port
#enable internal sftp for chrooting
sed -i 's@Subsystem sftp /usr/lib/openssh/sftp-server@Subsystem sftp internal-sftp@' /etc/ssh/sshd_config
if [[ "$SSH_ALLOW_USERS" != *root* ]]
then
sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
else
sed -i 's/PermitRootLogin yes/PermitRootLogin without-password/' /etc/ssh/sshd_config
fi
if [ "$USER_SSHKEY" != "" ]
then
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config #disable ssh password auth if $USER_SSHKEY is not empty
fi
sed -i 's/X11Forwarding yes/X11Forwarding no/' /etc/ssh/sshd_config #disable xforwarding
echo "AllowUsers $USER_NAME $SSH_ALLOW_USERS" >> /etc/ssh/sshd_config #only allow access from $USER
/etc/init.d/ssh restart
}
function configure_user
{
#configure ssh/sudo
useradd -m -s /bin/bash $USER_NAME #add user account
echo "$USER_NAME:$USER_PASSWORD" | chpasswd #setpassword
#add user to sudoers
echo "$USER_NAME ALL=(ALL) ALL" >> /etc/sudoers
usermod -a -G adm $USER_NAME
#lock out root
passwd -l root
}
function install_shorewall
{
#sets up shorewall firewall
aptitude -y install shorewall shorewall6
cp /usr/share/doc/shorewall/examples/one-interface/* /etc/shorewall/
sed -i 's/BLACKLISTNEWONLY=Yes/BLACKLISTNEWONLY=No/' /etc/shorewall/shorewall.conf
sed -i 's/REJECT/DROP/' /etc/shorewall/policy
if [ "$WEBSERVER" != "None" ]
then
echo "#accept http/s" >> /etc/shorewall/rules
echo "ACCEPT net \$FW:`system_primary_ip` tcp 80" >> /etc/shorewall/rules
echo "ACCEPT net \$FW:`system_primary_ip` tcp 443" >> /etc/shorewall/rules
fi
echo '#accept ssh and ratelimit to 5 connections per miniute per ip' >> /etc/shorewall/rules
echo "ACCEPT net \$FW:`system_primary_ip` tcp $SSH_PORT - - s:ssh:5/min:1" >> /etc/shorewall/rules
echo "#accept l2tp/s" >> /etc/shorewall/rules
echo "ACCEPT net \$FW:`system_primary_ip` udp 500" >> /etc/shorewall/rules
echo "ACCEPT net \$FW:`system_primary_ip` udp 4500" >> /etc/shorewall/rules
sed -i 's/STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/' /etc/shorewall/shorewall.conf
sed -i 's/startup=0/startup=1/' /etc/default/shorewall
#disable ipv6 by default
cp /usr/share/doc/shorewall6/examples/one-interface/* /etc/shorewall6/
sed -i 's/BLACKLISTNEWONLY=Yes/BLACKLISTNEWONLY=No/' /etc/shorewall6/shorewall6.conf
sed -i 's/REJECT/DROP/' /etc/shorewall6/policy
sed -i 's/STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/' /etc/shorewall6/shorewall6.conf
sed -i 's/startup=0/startup=1/' /etc/default/shorewall6
}
function install_ufw
{
aptitude -y install ufw
yes 'yes' | ufw enable
cat <<EOT > /etc/ufw/before.rules
*filter
#Allow L2TP only over IPSEC
-A ufw-before-input -m policy --dir in --pol ipsec -p udp --dport 1701 -j ACCEPT
COMMIT
EOT
sed -i "s/DEFAULT_FORWARD_POLICY=\"DROP\"/DEFAULT_FORWARD_POLICY=\"ACCEPT\"/" /etc/default/ufw
sed -i "s/#net\/ipv4\/ip_forward=1/net\/ipv4\/ip_forward=1/" /etc/ufw/sysctl.conf
sed -i "s/#net\/ipv6\/conf\/default\/forwarding=1/net\/ipv6\/conf\/default\/forwarding=1/" /etc/ufw/sysctl.conf
sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/" /etc/sysctl.conf
sed -i "s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/" /etc/sysctl.conf
sysctl -p
if [ "$WEBSERVER" != "None" ]
then
ufw allow www
fi
ufw allow ssh
ufw allow 500/udp
ufw allow 4500/udp
ufw allow 1701/udp
#ufw allow 1723/tcp
#/etc/init.d/ufw restart
}
function install_monit
{
#install and enable monit
aptitude -y install monit
sed -i 's/startup=0/startup=1/' /etc/default/monit
mkdir -p /etc/monit/conf.d/
sed -i "s/# set daemon 120/set daemon 120/" /etc/monit/monitrc
sed -i "s/# with start delay 240/with start delay 240/" /etc/monit/monitrc
sed -i "s/# set logfile syslog facility log_daemon/set logfile \/var\/log\/monit.log/" /etc/monit/monitrc
sed -i "s/# set mailserver mail.bar.baz,/set mailserver localhost/" /etc/monit/monitrc
sed -i "s/# set eventqueue/set eventqueue/" /etc/monit/monitrc
sed -i "s/# basedir \/var\/monit/basedir \/var\/monit/" /etc/monit/monitrc
sed -i "s/# slots 100 /slots 100/" /etc/monit/monitrc
sed -i "s/# set alert sysadm@foo.bar/set alert root@localhost reminder 180/" /etc/monit/monitrc
sed -i "s/# set httpd port 2812 and/ set httpd port 2812 and/" /etc/monit/monitrc
sed -i "s/# use address localhost/use address localhost/" /etc/monit/monitrc
sed -i "s/# allow localhost/allow localhost/" /etc/monit/monitrc
sed -i "s/# set mail-format { from: monit@foo.bar }/set mail-format { from: monit@`hostname -f` }/" /etc/monit/monitrc
}
function install_munin
{
#install munin
aptitude -y install munin munin-node libcache-cache-perl libdbd-mysql-perl
sed -i 's/host \*/host 127.0.0.1/' /etc/munin/munin-node.conf
sed -i "s/localhost.localdomain/`hostname -f`/" /etc/munin/munin.conf
echo "munin: root" >> /etc/aliases
sed -i "s#\[mysql\*\]#[mysql*]\nenv.mysqladmin /usr/bin/mysqladmin#" /etc/munin/plugin-conf.d/munin-node
rm /etc/munin/plugins/nfs*
ln -s /usr/share/munin/plugins/postfix_mailstats /etc/munin/plugins/
ln -s /usr/share/munin/plugins/netstat /etc/munin/plugins/
if [ -x /usr/bin/newaliases ]
then
/usr/bin/newaliases
fi
}
function install_security
{
#install chrootkit rkhunter logwatch
aptitude -y install chkrootkit rkhunter logwatch logcheck libsys-cpu-perl logcheck fail2ban
set +e
echo "yes" | cpan 'Sys::MemInfo'
echo "yes" | cpan 'Sys::MemInfo'
set -e
sed -i 's/#ALLOWHIDDENDIR=\/dev\/.initramfs/ALLOWHIDDENDIR=\/dev\/.initramfs/' /etc/rkhunter.conf
sed -i 's/#ALLOWHIDDENDIR=\/dev\/.udev/ALLOWHIDDENDIR=\/dev\/.udev/' /etc/rkhunter.conf
sed -i 's/DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps apps"/DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps apps os_specific"/' /etc/rkhunter.conf
rkhunter --propupd
sed -i 's/--output mail/--output mail --detail 10 --range "since 1 days ago" --archives --numeric --service All/' /etc/cron.daily/00logwatch
}
function install_tools
{
#install full vim, nano, less, htop (nice version of top), iotop (top for disk io), logrotate (rotates logs..), lynx (text webbrowser), mytop (top for mysql), screen (terminal emulator), sqlite3 (command line interface for sqlite databases)
aptitude -y install vim nano less htop iotop logrotate lynx mytop nmap screen sqlite3 cron-apt ntp curl pflogsumm bar apt-show-versions iftop build-essential
echo 'SYSLOGON="always"' >> /etc/cron-apt/config
echo 'MAILON="upgrade"' >> /etc/cron-apt/config
}
function install_ubuntu_stock_kernel
{
#installs ubuntu virtual kernel which works best on linode
#sets console to hvc0 so you can access via lish
#turns off barrier which breaks booting with 3.2+ kernels
#switches to ext4 but retains backwards compatablity with ext3
aptitude -y install linux-virtual grub
update-grub -y
sed -i 's#kopt=root=.* ro#kopt=root=/dev/xvda ro#' /boot/grub/menu.lst
sed -i 's#groot=.*#groot=(hd0)#' /boot/grub/menu.lst
sed -i 's/defoptions=quiet splash/defoptions=quiet console=hvc0/' /boot/grub/menu.lst
sed -i 's/# indomU=detect/# indomU=true/' /boot/grub/menu.lst
sed -i 's/noatime/barrier=0,noatime/' /etc/fstab
sed -i 's/ext3/ext4/' /etc/fstab
update-grub -y
chmod 0600 /boot/grub/menu.lst
cat <<EOT >/etc/init/hvc0.conf
# hvc - getty
#
# This service maintains a getty on hvc0 from the point the system is
# started until it is shut down again.
start on stopped rc RUNLEVEL=[2345]
stop on runlevel [!2345]
respawn
exec /sbin/getty -8 38400 hvc0
EOT
}
function set_root_profile
{
#Black 0;30 Dark Gray 1;30
#Blue 0;34 Light Blue 1;34
#Green 0;32 Light Green 1;32
#Cyan 0;36 Light Cyan 1;36
#Red 0;31 Light Red 1;31
#Purple 0;35 Light Purple 1;35
#Brown 0;33 Yellow 1;33
#Light Gray 0;37 White 1;37
cat <<EOT >> /root/.profile
PS1='\[\033[0;33m\]root@'
#add hostname
PS1=\$PS1\$(hostname -f)'\n'
#add ipv4 addresses
PS1=\$PS1\$(ifconfig | grep -v '127.0.0.1' | awk -F: '/inet addr:/ {print \$2}' | awk '{ print \$1 }')
#add ipv6 addresses
PS1=\$PS1'\n'\$(ifconfig | grep 'Global' | awk -F / '/inet6 addr: / {print \$1}' | awk '{ print \$3 }')
#add current working dir and close colours
PS1=\$PS1'\n\$PWD:\$\033[00m\]\n'
export PS1
EOT
}
function cleanup
{
#disable services not required
if [ -f /etc/init/atd.conf ]
then
stop atd
mv /etc/init/atd.conf /etc/init/atd.conf.noexec
fi
sed -i 's/true/false/' /etc/default/whoopsie
update-locale
#tweak min free kbytes to get around page allocation failures on newer kernels
echo "vm.min_free_kbytes=6144" > /etc/sysctl.d/60-page.conf
}
function install_vpn
{
#L2TPD/IPSEC
echo "openswan openswan/install_x509_certificate boolean false" | debconf-set-selections
echo "openswan openswan/runlevel_changes note" | debconf-set-selections
DEBIAN_FRONTEND=noninteractive apt-get install -q -y openswan
rm -rf /etc/ipsec.conf
touch /etc/ipsec.conf
cat <<EOT > /etc/ipsec.conf
version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv,%no
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=`system_primary_ip`
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
EOT
cat <<EOT > /etc/ipsec.secrets
`system_primary_ip` %any: PSK "$VPN_PSK"
EOT
apt-get install -y xl2tpd
touch /etc/xl2tpd/xl2tpd.conf
cat <<EOT > /etc/xl2tpd/xl2tpd.conf
[global]
ipsec saref = yes
[lns default]
ip range = $VPN_IPRANGE.2-$VPN_IPRANGE.254
local ip = $VPN_IPRANGE.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
EOT
rm -rf /etc/ppp/options.xl2tpd
touch /etc/ppp/options.xl2tpd
cat <<EOT > /etc/ppp/options.xl2tpd
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name $VPN_SERVICENAME
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
EOT
cat <<EOT > /etc/ppp/chap-secrets
$VPN_USERNAME $VPN_SERVICENAME $VPN_PASSWORD *
EOT
cat <<EOT > /etc/rc.local
#!/bin/sh -e
iptables --table nat --append POSTROUTING --jump MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > \$each/accept_redirects
echo 0 > \$each/send_redirects
done
/etc/init.d/ipsec restart
exit 0
EOT
clear
iptables --table nat --append POSTROUTING --jump MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
xl2tpd
/etc/init.d/ipsec restart
ipsec verify
clear
/etc/init.d/ipsec restart
ipsec verify
}
Raw
Ubuntu_SQL_NGINX_VPN_PHP.stackscript.sh
#!/bin/bash
# Originally By Sun Liwen <sunliwen@gmail.com>
# Feel free to donate a beer if you feel this script save some time for you :) - https://www.gittip.com/on/github/sunliwen/
######
#<udf name="INSTALL_MYSQL" label="Instal MySQL?" oneOf="Yes,No">
#<udf name="MYSQL_PASSWORD" label="MySQL root password" default="">
#<udf name="NGINX_VERSION" label="Install nginx from PPA" oneOf="Yes,No" example="See https://launchpad.net/~nginx/+archive/stable">
#<udf name="SSH_PORT" label="SSH port" default="22">
#<udf name="USER_NAME" label="Unprivileged User Account" />
#<udf name="USER_PASSWORD" label="Unprivileged User Password" />
#<udf name="USER_SSHKEY" label="Public Key for User" default="" />
#<udf name="SSH_ALLOW_USERS" label="SSH Allow Users directive, leave blank if you don't know what this is" default="" />
#<udf name="ROOT_EMAIL" label="Email alias for root" />
#<udf name="HOSTNAME" label="Hostname" default="" />
#<udf name="WHICH_KERNEL" label="Use ubuntu virtual kernel?" oneOf="No,Yes" />
#<udf name="INSTALL_PHP" label="Install PHP?" oneOf="Yes,No" />
#<udf name="VPN_SERVICENAME" label="VPN Service Name" default="l2tp" example="l2tp" />
#<udf name="VPN_PSK" label="PSK" default="fuckgfw" example="fuckgfw" />
#<udf name="VPN_IPRANGE" label="IP Range" default="10.0.100" example="10.0.100" />
#<udf name="VPN_USERNAME" label="Username" />
#<udf name="VPN_PASSWORD" label="Password" />
######
set -e
source <ssinclude StackScriptID="7000"> # Private SS on Linode
#update system and set hostname
prep_system
#setup firewall
install_ufw
#setup standard user
configure_user
#secure ssh
configure_ssh
#setup postfix
install_postfix
if [ "$INSTALL_MYSQL" == "Yes" ]
then
#setup mysql
install_mysql
fi
if [ "$INSTALL_PHP" == "Yes" ]
then
#setup php
install_php_fpm
fi
#setup nginx
install_nginx
#install monit/munin/security tools/other tools
install_monit
install_munin
install_security
install_tools
install_vpn
#set root .profile
set_root_profile
#cleanup
cleanup
#send notification
notification_email
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment