Last active
August 29, 2015 14:20
-
-
Save knoopx/2046d35a5f24beecf804 to your computer and use it in GitHub Desktop.
Bootstrap new servers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# http://winstonyw.com/2014/10/24/setting_up_ruby_on_rails_on_digital_ocean/ | |
# https://github.com/mattdbridges/capistrano-recipes/blob/master/postgresql.rb | |
set -euo pipefail | |
LOCALE="en_US.utf8" | |
TIMEZONE="Europe/Madrid" | |
ADMIN_USER="admin" | |
DEPLOY_USER="deploy" | |
GITHUB_USER="knoopx" | |
NEWRELIC_LICENSE_KEY="" | |
DEBIAN_FRONTEND=noninteractive | |
# upgrade packages | |
apt-get update | |
apt-get -y upgrade | |
# tools | |
apt-get install -y htop git-core augeas-tools curl build-essential apt-transport-https software-properties-common ca-certificates unattended-upgrades fail2ban | |
# swapfile | |
# fallocate -l 4G /swapfile | |
# chmod 600 /swapfile | |
# mkswap /swapfile | |
# swapon /swapfile | |
# augtool ls "/files/etc/fstab/*[spec = '/swapfile']" | |
# echo "/swapfile none swap sw 0 0" >> /etc/fstab | |
# timezone | |
echo $TIMEZONE > /etc/timezone | |
dpkg-reconfigure tzdata | |
# locale | |
apt-get install -y locales | |
update-locale LANG=$LOCALE LANGUAGE=$LOCALE LC_ALL=$LOCALE LC_COLLATE=$LOCALE LC_CTYPE=$LOCALE | |
# firewall | |
apt-get install -y ufw | |
ufw --force reset | |
ufw allow 22 | |
ufw allow 80 | |
ufw --force enable | |
# admin user | |
if [ -n "$ADMIN_USER" ]; then | |
adduser $ADMIN_USER --gecos "" --disabled-password | |
su -l $ADMIN_USER -c "ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa; curl -s https://github.com/$GITHUB_USER.keys >> ~/.ssh/authorized_keys" | |
augtool -s set "/files/etc/sudoers/spec[user='%sudo']/host_group/command/tag NOPASSWD" | |
adduser $ADMIN_USER sudo | |
# ssh | |
augtool -s set "/files/etc/ssh/sshd_config/PasswordAuthentication no" | |
augtool -s set "/files/etc/ssh/sshd_config/PermitRootLogin no" | |
reload ssh | |
fi | |
# deploy user | |
if [ -n "$DEPLOY_USER" ]; then | |
adduser $DEPLOY_USER --gecos "" --disabled-password | |
adduser $DEPLOY_USER sudo | |
su -l $DEPLOY_USER -c "ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa; curl -s https://github.com/$GITHUB_USER.keys >> ~/.ssh/authorized_keys" | |
fi | |
# fish shell | |
# apt-get install -y fish | |
# chsh -s `which fish` | |
# test -n "$ADMIN_USER" && usermod -s `which fish` $ADMIN_USER | |
# rvm | |
gpg --keyserver hkp://keys.gnupg.net --recv-keys D39DC0E3 | |
curl -sSL https://get.rvm.io | bash -s stable --ruby | |
test -n "$ADMIN_USER" && adduser $ADMIN_USER rvm | |
test -n "$DEPLOY_USER" && adduser $DEPLOY_USER rvm | |
su -l $DEPLOY_USER -c 'echo "gem: --no-ri --no-rdoc" > ~/.gemrc' | |
# mariadb | |
# apt-get install -y libmysqlclient-dev libmysqlclient18 | |
# postgres | |
# apt-get install -y postgresql libpq-dev | |
# test -n "$DEPLOY_USER" && su postgres -c "createuser --createdb $DEPLOY_USER" | |
# nodejs | |
apt-get install -y nodejs nodejs-legacy | |
# nginx with passenger | |
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7 | |
apt-add-repository https://oss-binaries.phusionpassenger.com/apt/passenger | |
apt-get update | |
apt-get install -y nginx-extras passenger | |
cat <<PASSENGER > /etc/nginx/conf.d/passenger.conf | |
passenger_root `passenger-config --root`; | |
passenger_ruby /usr/local/rvm/wrappers/default/ruby; | |
PASSENGER | |
cat <<DEFAULTS > /etc/nginx/conf.d/defaults.conf | |
server_names_hash_bucket_size 64; | |
DEFAULTS | |
service nginx restart | |
# ssl certs | |
# /etc/ssl/certs | |
# /etc/ssl/private | |
# newrelic-sysmond | |
if [ -n "$NEWRELIC_LICENSE_KEY" ]; then | |
# apt-key adv --keyserver download.newrelic.com --recv-keys 548C16BF | |
# apt-add-repository 'deb http://apt.newrelic.com/debian/ newrelic non-free' | |
# apt-get update | |
# apt-get install -y newrelic-sysmond | |
# nrsysmond-config --set license_key=$NEWRELIC_LICENSE_KEY | |
# nrsysmond-config --set ssl=true | |
fi | |
# cleanup | |
apt-get autoremove |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment