Last active
August 29, 2015 14:22
-
-
Save caseycs/e407f2e05e2de092397c to your computer and use it in GitHub Desktop.
DigitalOcean Debian 7.0 x64 bootstrap script, inspired by Linode StackScripts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# usage: wget -O - httpshttps://gist.githubusercontent.com/caseycs/e407f2e05e2de092397c/raw/gistfile1.sh | sh | |
function user_add_sudo { | |
# Installs sudo if needed and creates a user in the sudo group. | |
# | |
# $1 - Required - username | |
# $2 - Required - password | |
USERNAME="$1" | |
USERPASS="$2" | |
if [ ! -n "$USERNAME" ] || [ ! -n "$USERPASS" ]; then | |
echo "No new username and/or password entered" | |
return 1; | |
fi | |
aptitude -y install sudo | |
adduser $USERNAME --disabled-password --gecos "" | |
echo "$USERNAME:$USERPASS" | chpasswd | |
usermod -aG sudo $USERNAME | |
} | |
function user_add_pubkey { | |
# Adds the users public key to authorized_keys for the specified user. Make sure you wrap your input variables in double quotes, or the key may not load properly. | |
# | |
# | |
# $1 - Required - username | |
# $2 - Required - public key | |
USERNAME="$1" | |
USERPUBKEY="$2" | |
if [ ! -n "$USERNAME" ] || [ ! -n "$USERPUBKEY" ]; then | |
echo "Must provide a username and the location of a pubkey" | |
return 1; | |
fi | |
if [ "$USERNAME" == "root" ]; then | |
mkdir /root/.ssh | |
echo "$USERPUBKEY" >> /root/.ssh/authorized_keys | |
return 1; | |
fi | |
mkdir -p /home/$USERNAME/.ssh | |
echo "$USERPUBKEY" >> /home/$USERNAME/.ssh/authorized_keys | |
chown -R "$USERNAME":"$USERNAME" /home/$USERNAME/.ssh | |
} | |
function randomString { | |
if [ ! -n "$1" ]; | |
then LEN=20 | |
else LEN="$1" | |
fi | |
echo $(</dev/urandom tr -dc A-Za-z0-9 | head -c $LEN) # generate a random string | |
} | |
function goodstuff { | |
# Installs the REAL vim, wget, less, and enables color root prompt and the "ll" list long alias | |
aptitude -y install wget vim less | |
sed -i -e 's/^#PS1=/PS1=/' /root/.bashrc # enable the colorful root bash prompt | |
sed -i -e "s/^#alias ll='ls -l'/alias ll='ls -al'/" /root/.bashrc # enable ll list long alias <3 | |
} | |
function ssh_disable_root { | |
# Disables root SSH access. | |
sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config | |
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config | |
/etc/init.d/ssh restart | |
} | |
#deploy user | |
DEPLOY_PASS=$(randomString 20) | |
user_add_sudo deploy "$DEPLOY_PASS" | |
user_add_pubkey "deploy" "$(cat ~/.ssh/authorized_keys)" | |
#sudo w/o password for deploy | |
cat <<EOF > /etc/sudoers.d/deploy | |
deploy ALL=(ALL) NOPASSWD: ALL | |
EOF | |
chmod 0440 /etc/sudoers.d/deploy | |
#disable root | |
ssh_disable_root | |
#fine stuff | |
goodstuff | |
#salt-minon masterless | |
wget -O - https://bootstrap.saltstack.com | sh>> /tmp/StackScript.log 2>&1 | |
sed -i 's/#file_client: remote/file_client: local/' /etc/salt/minion | |
sudo /etc/init.d/salt-minion stop | |
update-rc.d salt-minion disable | |
mkdir -p /srv/salt | |
chown deploy:deploy /srv/salt | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment