kolosek/worker-setup.sh

## worker-setup.sh
#!/bin/bash
set -e
# Update-ovanje i upgrade-ovanje servera
sudo apt update # && sudo apt upgrade -y


# Kreiranje novog korisnika i dodavanje tog korisnika u sudo grupu
adduser worker
usermod -aG sudo worker

# Obezbjedjivanje SSH-a
sudo sed -i 's/#Port 22/Port 9022/g' /etc/ssh/sshd_config
sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
sudo sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
sudo systemctl restart ssh.service

# Podesavanje UFW
sudo ufw disable
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow 9022
sudo ufw enable

sudo apt install apt-transport-https ca-certificates curl software-properties-common -y

curl -sSL https://get.docker.com | sh

sudo usermod -aG docker worker

##  This should be executed on Worker user ###

#mkdir -p ~/.docker/cli-plugins/

#curl -SL https://github.com/docker/compose/releases/download/v2.3.3/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose

sudo curl -SL https://github.com/docker/compose/releases/download/v2.24.6/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose

sudo chmod +x /usr/local/bin/docker-compose

#chmod +x ~/.docker/cli-plugins/docker-compose

sudo sysctl -w vm.max_map_count=262144

echo "worker ALL= NOPASSWD:/usr/bin/rsync" >> /etc/sudoers
echo "worker ALL= NOPASSWD:/usr/bin/touch" >> /etc/sudoers
echo "worker ALL= NOPASSWD:/usr/bin/du" >> /etc/sudoers
echo "worker ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers


mkdir -p /home/worker/.ssh

wget https://gist.githubusercontent.com/kolosek/88ca9d6834c2b2ac43cdf64ef2ef7938/raw/3cd7855107f597821cd13107a614ca4d39130ce8/rubyci-public-ssh

touch /home/worker/.ssh/authorized_keys

cat rubyci-public-ssh >> /home/worker//.ssh/authorized_keys

chmod 700 /home/worker/.ssh && chmod 600 /home/worker/.ssh/authorized_keys

sudo chown -v -R worker:worker /home/worker/.ssh/

su - worker
	#!/bin/bash
	set -e
	# Update-ovanje i upgrade-ovanje servera
	sudo apt update # && sudo apt upgrade -y


	# Kreiranje novog korisnika i dodavanje tog korisnika u sudo grupu
	adduser worker
	usermod -aG sudo worker

	# Obezbjedjivanje SSH-a
	sudo sed -i 's/#Port 22/Port 9022/g' /etc/ssh/sshd_config
	sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
	sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
	sudo sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
	sudo systemctl restart ssh.service

	# Podesavanje UFW
	sudo ufw disable
	sudo ufw default allow outgoing
	sudo ufw default deny incoming
	sudo ufw allow 9022
	sudo ufw enable

	sudo apt install apt-transport-https ca-certificates curl software-properties-common -y

	curl -sSL https://get.docker.com \| sh

	sudo usermod -aG docker worker

	## This should be executed on Worker user ###

	#mkdir -p ~/.docker/cli-plugins/

	#curl -SL https://github.com/docker/compose/releases/download/v2.3.3/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose

	sudo curl -SL https://github.com/docker/compose/releases/download/v2.24.6/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose

	sudo chmod +x /usr/local/bin/docker-compose

	#chmod +x ~/.docker/cli-plugins/docker-compose

	sudo sysctl -w vm.max_map_count=262144

	echo "worker ALL= NOPASSWD:/usr/bin/rsync" >> /etc/sudoers
	echo "worker ALL= NOPASSWD:/usr/bin/touch" >> /etc/sudoers
	echo "worker ALL= NOPASSWD:/usr/bin/du" >> /etc/sudoers
	echo "worker ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers


	mkdir -p /home/worker/.ssh

	wget https://gist.githubusercontent.com/kolosek/88ca9d6834c2b2ac43cdf64ef2ef7938/raw/3cd7855107f597821cd13107a614ca4d39130ce8/rubyci-public-ssh

	touch /home/worker/.ssh/authorized_keys

	cat rubyci-public-ssh >> /home/worker//.ssh/authorized_keys

	chmod 700 /home/worker/.ssh && chmod 600 /home/worker/.ssh/authorized_keys

	sudo chown -v -R worker:worker /home/worker/.ssh/

	su - worker