Created
September 7, 2017 11:01
-
-
Save dhensby/f3df11a125a713ef0600f3ab7e0620b0 to your computer and use it in GitHub Desktop.
Speedily provision a silverstripe lamp stack on CentOS 7 including my custom user with ssh keys
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| GISTID='' | |
| if [ -z "$GISTID" ]; then | |
| echo "GIST ID NEEDED" | |
| exit 1 | |
| fi | |
| # install deps | |
| # firewall | |
| # install dhensby user | |
| # install ssh keys | |
| # add swap | |
| # configure php | |
| # configure apache | |
| # configure mariadb | |
| # composer install | |
| # install DO droplet metrics | |
| read sys_vendor < /sys/devices/virtual/dmi/id/bios_vendor | |
| if [ "$sys_vendor" = "DigitalOcean" ]; then | |
| curl -sSL https://agent.digitalocean.com/install.sh | sh | |
| fi | |
| # install extra repos | |
| rpm -i https://mirror.webtatic.com/yum/el7/epel-release.rpm | |
| rpm -i https://mirror.webtatic.com/yum/el7/webtatic-release.rpm | |
| # firewall | |
| yum install -y firewalld | |
| systemctl start firewalld | |
| systemctl enable firewalld | |
| firewall-cmd --add-service=ssh --permanent | |
| firewall-cmd --add-service=http --permanent | |
| firewall-cmd --reload | |
| # provision dhensby user securely | |
| yum install -y jq | |
| if [ ! "$?" ]; then | |
| echo "Failed to install jq dep" | |
| exit 1 | |
| fi | |
| KEYS="$(curl -s -H 'accept: application/vnd.github.v3+json' https://api.github.com/gists/$GISTID | jq -r '.files[].content')" | |
| useradd dhensby | |
| gpasswd -a dhensby wheel | |
| HOME_DIR=$(eval echo ~dhensby) | |
| mkdir -p -m 700 "${HOME_DIR}/.ssh/" | |
| touch "${HOME_DIR}/.ssh/authorized_keys" | |
| echo '### AUTOMATICALLY MANAGED KEYS ###' >> "${HOME_DIR}/.ssh/authorized_keys" | |
| while read line; do | |
| if [[ "${line}" == \#* ]]; then | |
| continue | |
| fi | |
| echo "${line}" >> "${HOME_DIR}/.ssh/authorized_keys" | |
| done <<< "${KEYS}" | |
| echo '### END OF AUTOMATICALLY MANAGED KEYS ###' >> "${HOME_DIR}/.ssh/authorized_keys" | |
| chown -R dhensby: "${HOME_DIR}/.ssh" | |
| chmod 0600 "${HOME_DIR}/.ssh/authorized_keys" | |
| echo "${USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers | |
| sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config | |
| sed -i 's/^ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config | |
| sed -i 's/^#\?PermitRootLogin\s\+yes/PermitRootLogin no/' /etc/ssh/sshd_config | |
| systemctl restart sshd | |
| #todo: set up cron for updating ssh keys | |
| # add swap | |
| dd if=/dev/zero of=/swapfile count="1024" bs=1MiB | |
| chmod 600 /swapfile | |
| mkswap /swapfile | |
| swapon /swapfile | |
| echo "/swapfile swap swap sw 0 0" >> /etc/fstab | |
| sysctl vm.swappiness=10 | |
| echo "vm.swappiness = 10" >> /etc/sysctl.conf | |
| sysctl vm.vfs_cache_pressure=50 | |
| echo "vm.vfs_cache_pressure = 50" >> /etc/sysctl.conf | |
| # configure php | |
| yum install -y php56w php56w-{common,mysql,gd,mbstring,xml,tidy,pear,intl,devel,opcache} | |
| sed -i "s/;date\.timezone.*/date\.timezone = UTC/g" /etc/php.ini | |
| sed -i "s/memory_limit.*/memory_limit = 256M/g" /etc/php.ini | |
| sed -i "s/max_execution_time.*/max_execution_time = 60/g" /etc/php.ini | |
| # configure apache | |
| yum install -y httpd | |
| systemctl enable httpd.service | |
| sed -i '/<Directory "\/var\/www\/html">/,/<\/Directory>/ { s/AllowOverride None/AllowOverride All/i }' /etc/httpd/conf/httpd.conf | |
| systemctl restart httpd.service | |
| # configure mariadb | |
| yum install -y mariadb-server | |
| systemctl enable mariadb.service | |
| systemctl start mariadb.service | |
| mysql -u root <<< "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION; FLUSH PRIVILEGES;" | |
| # configure composer | |
| yum install -y git | |
| php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" | |
| php -r "if (hash_file('SHA384', 'composer-setup.php') === '$(curl -q https://composer.github.io/installer.sig)') { echo 'Installer verified' . PHP_EOL; } else { echo 'Installer corrupt' . PHP_EOL; unlink('composer-setup.php'); exit(1); }" | |
| if [ $? != 0 ]; then | |
| echo "Bad composer installer"; | |
| exit | |
| fi | |
| php composer-setup.php -- --install-dir=/usr/bin --filename=composer | |
| php -r "unlink('composer-setup.php');" | |
| composer config -g optimize-autoloader true | |
| cat >/etc/profile.d/composer-bin-root.sh <<EOF | |
| #!/usr/bin/env bash | |
| pathmunge /home/vagrant/.composer/vendor/bin after | |
| pathmunge /root/.composer/vendor/bin after | |
| export COMPOSER_ALLOW_SUPERUSER=1 | |
| EOF | |
| # install silverstripe | |
| composer create-project silverstripe/installer /var/www/html | |
| cat >/var/www/_ss_environment.php <<EOF | |
| <?php | |
| //define DB settings | |
| define('SS_DATABASE_SERVER', '127.0.0.1'); | |
| define('SS_DATABASE_CLASS','MySQLDatabase'); | |
| define('SS_DATABASE_TIMEZONE','+00:00'); | |
| define('SS_DATABASE_USERNAME', 'root'); | |
| define('SS_DATABASE_PASSWORD', ''); | |
| define('SS_DATABASE_NAME', 'silverstripe'); | |
| //set the DB name - this provide backwards compatibility with 2.x and 3.0 sites | |
| global \$database; | |
| \$database = SS_DATABASE_NAME; | |
| //define('SS_DATABASE_SUFFIX', '_dev'); | |
| define('SS_ENVIRONMENT_TYPE', 'dev'); | |
| define('SS_DEFAULT_ADMIN_USERNAME', 'admin'); | |
| define('SS_DEFAULT_ADMIN_PASSWORD', 'password'); | |
| global \$_FILE_TO_URL_MAPPING; | |
| \$_FILE_TO_URL_MAPPING['/var/www/html'] = 'http://localhost'; | |
| EOF | |
| mkdir -p /var/www/html/assets | |
| chmod 0777 /var/www/html/assets | |
| chmod +x /var/www/html/framework/sake | |
| /var/www/html/framework/sake dev/build |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment