caseycs/gist:e407f2e05e2de092397c

## gistfile1.sh
#!/bin/sh
# usage: wget -O -  httpshttps://gist.githubusercontent.com/caseycs/e407f2e05e2de092397c/raw/gistfile1.sh | sh
function user_add_sudo {
    # Installs sudo if needed and creates a user in the sudo group.
    #
    # $1 - Required - username
    # $2 - Required - password
    USERNAME="$1"
    USERPASS="$2"

    if [ ! -n "$USERNAME" ] || [ ! -n "$USERPASS" ]; then
        echo "No new username and/or password entered"
        return 1;
    fi

    aptitude -y install sudo
    adduser $USERNAME --disabled-password --gecos ""
    echo "$USERNAME:$USERPASS" | chpasswd
    usermod -aG sudo $USERNAME
}

function user_add_pubkey {
    # Adds the users public key to authorized_keys for the specified user. Make sure you wrap your input variables in double quotes, or the key may not load properly.
    #
    #
    # $1 - Required - username
    # $2 - Required - public key
    USERNAME="$1"
    USERPUBKEY="$2"

    if [ ! -n "$USERNAME" ] || [ ! -n "$USERPUBKEY" ]; then
        echo "Must provide a username and the location of a pubkey"
        return 1;
    fi

    if [ "$USERNAME" == "root" ]; then
        mkdir /root/.ssh
        echo "$USERPUBKEY" >> /root/.ssh/authorized_keys
        return 1;
    fi

    mkdir -p /home/$USERNAME/.ssh
    echo "$USERPUBKEY" >> /home/$USERNAME/.ssh/authorized_keys
    chown -R "$USERNAME":"$USERNAME" /home/$USERNAME/.ssh
}

function randomString {
    if [ ! -n "$1" ];
        then LEN=20
        else LEN="$1"
    fi

    echo $(</dev/urandom tr -dc A-Za-z0-9 | head -c $LEN) # generate a random string
}

function goodstuff {
    # Installs the REAL vim, wget, less, and enables color root prompt and the "ll" list long alias

    aptitude -y install wget vim less
    sed -i -e 's/^#PS1=/PS1=/' /root/.bashrc # enable the colorful root bash prompt
    sed -i -e "s/^#alias ll='ls -l'/alias ll='ls -al'/" /root/.bashrc # enable ll list long alias <3
}

function ssh_disable_root {
    # Disables root SSH access.
    sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
    /etc/init.d/ssh restart
}

#deploy user
DEPLOY_PASS=$(randomString 20)
user_add_sudo deploy "$DEPLOY_PASS"
user_add_pubkey "deploy" "$(cat ~/.ssh/authorized_keys)"

#sudo w/o password for deploy
cat <<EOF > /etc/sudoers.d/deploy
deploy ALL=(ALL) NOPASSWD: ALL
EOF
chmod 0440 /etc/sudoers.d/deploy

#disable root
ssh_disable_root

#fine stuff
goodstuff

#salt-minon masterless
wget -O - https://bootstrap.saltstack.com | sh>> /tmp/StackScript.log 2>&1
sed -i 's/#file_client: remote/file_client: local/' /etc/salt/minion
sudo /etc/init.d/salt-minion stop
update-rc.d salt-minion disable
mkdir -p /srv/salt
chown deploy:deploy /srv/salt
	#!/bin/sh
	# usage: wget -O - httpshttps://gist.githubusercontent.com/caseycs/e407f2e05e2de092397c/raw/gistfile1.sh \| sh
	function user_add_sudo {
	# Installs sudo if needed and creates a user in the sudo group.
	#
	# $1 - Required - username
	# $2 - Required - password
	USERNAME="$1"
	USERPASS="$2"

	if [ ! -n "$USERNAME" ] \|\| [ ! -n "$USERPASS" ]; then
	echo "No new username and/or password entered"
	return 1;
	fi

	aptitude -y install sudo
	adduser $USERNAME --disabled-password --gecos ""
	echo "$USERNAME:$USERPASS" \| chpasswd
	usermod -aG sudo $USERNAME
	}

	function user_add_pubkey {
	# Adds the users public key to authorized_keys for the specified user. Make sure you wrap your input variables in double quotes, or the key may not load properly.
	#
	#
	# $1 - Required - username
	# $2 - Required - public key
	USERNAME="$1"
	USERPUBKEY="$2"

	if [ ! -n "$USERNAME" ] \|\| [ ! -n "$USERPUBKEY" ]; then
	echo "Must provide a username and the location of a pubkey"
	return 1;
	fi

	if [ "$USERNAME" == "root" ]; then
	mkdir /root/.ssh
	echo "$USERPUBKEY" >> /root/.ssh/authorized_keys
	return 1;
	fi

	mkdir -p /home/$USERNAME/.ssh
	echo "$USERPUBKEY" >> /home/$USERNAME/.ssh/authorized_keys
	chown -R "$USERNAME":"$USERNAME" /home/$USERNAME/.ssh
	}

	function randomString {
	if [ ! -n "$1" ];
	then LEN=20
	else LEN="$1"
	fi

	echo $(</dev/urandom tr -dc A-Za-z0-9 \| head -c $LEN) # generate a random string
	}

	function goodstuff {
	# Installs the REAL vim, wget, less, and enables color root prompt and the "ll" list long alias

	aptitude -y install wget vim less
	sed -i -e 's/^#PS1=/PS1=/' /root/.bashrc # enable the colorful root bash prompt
	sed -i -e "s/^#alias ll='ls -l'/alias ll='ls -al'/" /root/.bashrc # enable ll list long alias <3
	}

	function ssh_disable_root {
	# Disables root SSH access.
	sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
	sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
	/etc/init.d/ssh restart
	}

	#deploy user
	DEPLOY_PASS=$(randomString 20)
	user_add_sudo deploy "$DEPLOY_PASS"
	user_add_pubkey "deploy" "$(cat ~/.ssh/authorized_keys)"

	#sudo w/o password for deploy
	cat <<EOF > /etc/sudoers.d/deploy
	deploy ALL=(ALL) NOPASSWD: ALL
	EOF
	chmod 0440 /etc/sudoers.d/deploy

	#disable root
	ssh_disable_root

	#fine stuff
	goodstuff

	#salt-minon masterless
	wget -O - https://bootstrap.saltstack.com \| sh>> /tmp/StackScript.log 2>&1
	sed -i 's/#file_client: remote/file_client: local/' /etc/salt/minion
	sudo /etc/init.d/salt-minion stop
	update-rc.d salt-minion disable
	mkdir -p /srv/salt
	chown deploy:deploy /srv/salt