ryansch/stackscript.sh

## stackscript.sh
#!/bin/bash

set -euo pipefail

#<UDF name="name" label="Node name">

source <ssinclude StackScriptID="1">
#source ./bash.sh

echo "Setting up ubuntu user's ssh key"
mkdir -p ~ubuntu/.ssh
chown ubuntu:ubuntu ~ubuntu/.ssh
chmod 700 ~ubuntu/.ssh
cp /root/.ssh/authorized_keys ~ubuntu/.ssh/authorized_keys
chown ubuntu:ubuntu ~ubuntu/.ssh/authorized_keys

echo "Updating packages"
apt-get update
apt-get upgrade -y

echo "Setting hostname"
system_set_hostname ${NAME}-linode

echo "Hardening ssh"
cat > /etc/ssh/sshd_config <<EOM
AuthorizedKeysFile .ssh/authorized_keys
ClientAliveInterval 180
Subsystem sftp /usr/lib/openssh/sftp-server
UseDNS no
PermitRootLogin no
UsePAM yes

KexAlgorithms curve25519-sha256@libssh.org
Protocol 2
HostKey /etc/ssh/ssh_host_ed25519_key
PasswordAuthentication no
ChallengeResponseAuthentication no
PubkeyAuthentication yes
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
EOM

cat > /etc/ssh/ssh_config <<EOM
Host *
  KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
  PasswordAuthentication no
  ChallengeResponseAuthentication no
  PubkeyAuthentication yes
  HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
  UseRoaming no
EOM
systemctl restart sshd

echo "Setting up firewall"
ufw_install
#configure_ufw_firewall 80 443

echo "Installing docker"
apt-get install -y \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"

apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io

groupadd docker || true
usermod -aG docker ubuntu

systemctl enable docker

echo "Installing docker-compose"
curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

echo "Installing ansible"
apt-get install -y python3-pip
pip3 install ansible

echo "Installing extra packages"
apt-get install -y unzip amazon-ecr-credential-helper

echo "Stackscript complete!"
	#!/bin/bash

	set -euo pipefail

	#<UDF name="name" label="Node name">

	source <ssinclude StackScriptID="1">
	#source ./bash.sh

	echo "Setting up ubuntu user's ssh key"
	mkdir -p ~ubuntu/.ssh
	chown ubuntu:ubuntu ~ubuntu/.ssh
	chmod 700 ~ubuntu/.ssh
	cp /root/.ssh/authorized_keys ~ubuntu/.ssh/authorized_keys
	chown ubuntu:ubuntu ~ubuntu/.ssh/authorized_keys

	echo "Updating packages"
	apt-get update
	apt-get upgrade -y

	echo "Setting hostname"
	system_set_hostname ${NAME}-linode

	echo "Hardening ssh"
	cat > /etc/ssh/sshd_config <<EOM
	AuthorizedKeysFile .ssh/authorized_keys
	ClientAliveInterval 180
	Subsystem sftp /usr/lib/openssh/sftp-server
	UseDNS no
	PermitRootLogin no
	UsePAM yes

	KexAlgorithms curve25519-sha256@libssh.org
	Protocol 2
	HostKey /etc/ssh/ssh_host_ed25519_key
	PasswordAuthentication no
	ChallengeResponseAuthentication no
	PubkeyAuthentication yes
	Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
	MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
	EOM

	cat > /etc/ssh/ssh_config <<EOM
	Host *
	KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
	PasswordAuthentication no
	ChallengeResponseAuthentication no
	PubkeyAuthentication yes
	HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
	Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
	MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
	UseRoaming no
	EOM
	systemctl restart sshd

	echo "Setting up firewall"
	ufw_install
	#configure_ufw_firewall 80 443

	echo "Installing docker"
	apt-get install -y \
	apt-transport-https \
	ca-certificates \
	curl \
	gnupg-agent \
	software-properties-common

	curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| apt-key add -
	add-apt-repository \
	"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
	$(lsb_release -cs) \
	stable"

	apt-get update
	apt-get install -y docker-ce docker-ce-cli containerd.io

	groupadd docker \|\| true
	usermod -aG docker ubuntu

	systemctl enable docker

	echo "Installing docker-compose"
	curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
	chmod +x /usr/local/bin/docker-compose

	echo "Installing ansible"
	apt-get install -y python3-pip
	pip3 install ansible

	echo "Installing extra packages"
	apt-get install -y unzip amazon-ecr-credential-helper

	echo "Stackscript complete!"