benileo/bootstrap.sh

## bootstrap.sh
#!/bin/bash
# scripts cant be started any other way. IE. not -x or -e

DOCKER_FINGERPRINT="9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
DOCKER_APT_REPOSITORY="https://download.docker.com/linux/ubuntu"
APT_DEPS="awscli mysql-client"

# This is templated from vault.
cat > /home/jammin/.ssh/id_ecdsa <<- EOF
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END EC PRIVATE KEY-----
EOF
chown jammin:jammin /home/jammin/.ssh/id_ecdsa
chmod 0400 /home/jammin/.ssh/id_ecdsa

cat > /home/jammin/.ssh/config <<- EOF
Host github.com
  IdentityFile /home/jammin/.ssh/id_ecdsa
EOF
chown jammin:jammin /home/jammin/.ssh/config
chmod 0400 /home/jammin/.ssh/config

mkdir /home/jammin/.aws
cat > /home/jammin/.aws/credentials <<- EOF
[default]
aws_access_key_id = XXXXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
EOF
cat > /home/jammin/.aws/config <<- EOF
[default]
region = us-west-2
EOF
chown -R jammin:jammin /home/jammin/.aws
chmod 0400 /home/jammin/.aws/{config,credentials}

# I hate having to do this on every server.
git config --global user.email "jammin.irving@gmail.com"
git config --global user.name "Ben Irving"

# We dont want to import a new key on the global key ring
export GNUPGHOME="$(mktemp -d)"

# Get docker key and import into temporary key ring
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --import -

# Verify the key and import into trusted keyring
gpg --export $DOCKER_FINGERPRINT > /etc/apt/trusted.gpg.d/docker.gpg

# Add the docker repository
add-apt-repository "deb [arch=amd64] $DOCKER_APT_REPOSITORY $(lsb_release -cs) stable"

# Create a docker configuration file. Use overlay2 as the storage driver.
# Could use aufs - but extra packages need to be installed. And 4.4.X kernels
# have good support for features favourable to an overlay file system.
# log to syslog
mkdir -p /etc/docker
{
    echo -e "{";
    echo -e "\t\"storage-driver\": \"overlay2\",";
	echo -e "\t\"log-driver\": \"syslog\",";
	echo -e "\t\"log-opts\": {";
	echo -e "\t\t\"tag\": \"{{.ID}}:{{.Name}}\"";
	echo -e "\t}"
    echo -e "}";
} | tee /etc/docker/daemon.json

# Set boot parameters
# https://tianon.github.io/post/2016/12/07/docker-setup.html
sed -i '/GRUB_CMDLINE_LINUX_DEFAULT/c\GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1 systemd.legacy_systemd_cgroup_controller=yes"' /etc/default/grub
update-grub

# Install docker container engine
apt-get update -qq && apt-get install -qqy --no-install-recommends $APT_DEPS docker-ce

# Cleanup
rm -rf $GNUPGHOME
reboot
	#!/bin/bash
	# scripts cant be started any other way. IE. not -x or -e

	DOCKER_FINGERPRINT="9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
	DOCKER_APT_REPOSITORY="https://download.docker.com/linux/ubuntu"
	APT_DEPS="awscli mysql-client"

	# This is templated from vault.
	cat > /home/jammin/.ssh/id_ecdsa <<- EOF
	-----BEGIN EC PRIVATE KEY-----
	Proc-Type: 4,ENCRYPTED
	DEK-Info: AES-128-CBC,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	-----END EC PRIVATE KEY-----
	EOF
	chown jammin:jammin /home/jammin/.ssh/id_ecdsa
	chmod 0400 /home/jammin/.ssh/id_ecdsa

	cat > /home/jammin/.ssh/config <<- EOF
	Host github.com
	IdentityFile /home/jammin/.ssh/id_ecdsa
	EOF
	chown jammin:jammin /home/jammin/.ssh/config
	chmod 0400 /home/jammin/.ssh/config

	mkdir /home/jammin/.aws
	cat > /home/jammin/.aws/credentials <<- EOF
	[default]
	aws_access_key_id = XXXXXXXXXXXXXXXXXXX
	aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	EOF
	cat > /home/jammin/.aws/config <<- EOF
	[default]
	region = us-west-2
	EOF
	chown -R jammin:jammin /home/jammin/.aws
	chmod 0400 /home/jammin/.aws/{config,credentials}

	# I hate having to do this on every server.
	git config --global user.email "jammin.irving@gmail.com"
	git config --global user.name "Ben Irving"

	# We dont want to import a new key on the global key ring
	export GNUPGHOME="$(mktemp -d)"

	# Get docker key and import into temporary key ring
	curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| gpg --import -

	# Verify the key and import into trusted keyring
	gpg --export $DOCKER_FINGERPRINT > /etc/apt/trusted.gpg.d/docker.gpg

	# Add the docker repository
	add-apt-repository "deb [arch=amd64] $DOCKER_APT_REPOSITORY $(lsb_release -cs) stable"

	# Create a docker configuration file. Use overlay2 as the storage driver.
	# Could use aufs - but extra packages need to be installed. And 4.4.X kernels
	# have good support for features favourable to an overlay file system.
	# log to syslog
	mkdir -p /etc/docker
	{
	echo -e "{";
	echo -e "\t\"storage-driver\": \"overlay2\",";
	echo -e "\t\"log-driver\": \"syslog\",";
	echo -e "\t\"log-opts\": {";
	echo -e "\t\t\"tag\": \"{{.ID}}:{{.Name}}\"";
	echo -e "\t}"
	echo -e "}";
	} \| tee /etc/docker/daemon.json

	# Set boot parameters
	# https://tianon.github.io/post/2016/12/07/docker-setup.html
	sed -i '/GRUB_CMDLINE_LINUX_DEFAULT/c\GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1 systemd.legacy_systemd_cgroup_controller=yes"' /etc/default/grub
	update-grub

	# Install docker container engine
	apt-get update -qq && apt-get install -qqy --no-install-recommends $APT_DEPS docker-ce

	# Cleanup
	rm -rf $GNUPGHOME
	reboot