Skip to content

Instantly share code, notes, and snippets.

@nstankov-bg

nstankov-bg/gpt4_docker_ubuntu.sh

Created March 21, 2023 09:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nstankov-bg/aeabd9c19d79a368e35c98f645c98b5c to your computer and use it in GitHub Desktop.
Save nstankov-bg/aeabd9c19d79a368e35c98f645c98b5c to your computer and use it in GitHub Desktop.
Download ZIP
ubuntu_packer_gpt4
Raw
gpt4_docker_ubuntu.sh
#!/bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
# Install Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
rm get-docker.sh
# Add the user to the 'docker' group
usermod -aG docker $SUDO_USER
# Install Docker Compose v2
curl -fsSL https://raw.githubusercontent.com/docker/compose-cli/main/scripts/install/install_linux.sh -o get-docker-compose-v2.sh
DOCKER_CHANNEL=edge sh get-docker-compose-v2.sh
rm get-docker-compose-v2.sh
# Install Buildx CLI plugin
BUILDX_VERSION="v0.10.4"
mkdir -p ~/.docker/cli-plugins
curl -fsSL https://github.com/docker/buildx/releases/download/${BUILDX_VERSION}/buildx-${BUILDX_VERSION}.linux-amd64 -o ~/.docker/cli-plugins/docker-buildx
chmod a+x ~/.docker/cli-plugins/docker-buildx
# Enable experimental features for Buildx
echo "{\"experimental\": \"enabled\"}" | sudo tee /etc/docker/daemon.json >/dev/null
# Restart Docker service
systemctl restart docker
echo "Docker, Docker Compose v2, and Buildx have been installed and configured."
Raw
gpt4_harden_ubuntu.sh
#!/bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
# Update and upgrade packages
apt-get update
apt-get upgrade -y
# Install necessary packages
apt-get install -y \
ufw \
fail2ban \
unattended-upgrades
# Enable and configure the Uncomplicated Firewall (ufw)
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw enable
# Configure fail2ban to protect against brute-force attacks
systemctl enable fail2ban
systemctl start fail2ban
# Configure unattended upgrades
cat >/etc/apt/apt.conf.d/50unattended-upgrades <<EOL
Unattended-Upgrade::Allowed-Origins {
"\${distro_id}:\${distro_codename}";
"\${distro_id}:\${distro_codename}-security";
"\${distro_id}:\${distro_codename}-updates";
};
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "false";
EOL
cat >/etc/apt/apt.conf.d/20auto-upgrades <<EOL
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOL
systemctl enable unattended-upgrades
systemctl start unattended-upgrades
# Disable root login
sed -i 's/^PermitRootLogin.*/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
# Limit sudo sessions to 60 minutes
echo "Defaults timestamp_timeout=60" >>/etc/sudoers
echo "System hardening complete."
Raw
gpt4_prep_ubuntu.sh
#!/bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get upgrade -y
# Install required packages
apt-get install -y \
curl \
unzip \
jq \
apt-transport-https \
ca-certificates \
software-properties-common
# Install AWS CLI
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
./aws/install
rm awscliv2.zip
rm -rf aws
# Install Packer
curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add -
apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
apt-get update
apt-get install -y packer
# Install Terraform
curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add -
apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
apt-get update
apt-get install -y terraform
# Clean up
apt-get autoremove -y
apt-get clean
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment