thebaer/.bashrc

## .bashrc
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples

# If not running interactively, don't do anything
[ -z "$PS1" ] && return

# don't put duplicate lines in the history. See bash(1) for more options
# ... or force ignoredups and ignorespace
HISTCONTROL=ignoredups:ignorespace

# append to the history file, don't overwrite it
shopt -s histappend

# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=1000
HISTFILESIZE=2000

# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize

# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"

# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
    debian_chroot=$(cat /etc/debian_chroot)
fi

# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
    xterm-color) color_prompt=yes;;
esac

# Use bash-completion, if available
[[ $PS1 && -f /usr/share/bash-completion/bash_completion ]] && \
    . /usr/share/bash-completion/bash_completion

# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
#force_color_prompt=yes

if [ -n "$force_color_prompt" ]; then
    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
	# We have color support; assume it's compliant with Ecma-48
	# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
	# a case would tend to support setf rather than setaf.)
	color_prompt=yes
    else
	color_prompt=
    fi
fi

if [ "$color_prompt" = yes ]; then
    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\w\[\033[1m\]`__git_ps1`\[\033[00m\]\$ '
fi
unset color_prompt force_color_prompt

# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
    ;;
*)
    ;;
esac

# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
    alias ls='ls --color=auto'
    #alias dir='dir --color=auto'
    #alias vdir='vdir --color=auto'

    alias grep='grep -n --color=auto'
    alias fgrep='fgrep --color=auto'
    alias egrep='egrep --color=auto'
fi

# some more ls aliases
alias ll='ls -alF'
alias la='ls -A'
alias l='ls -CF'

# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.

# Git shortcuts
alias undocommit='git reset --soft HEAD^'
alias recommit='git commit -c ORIG_HEAD'

if [ -f ~/.bash_aliases ]; then
    . ~/.bash_aliases
fi

# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
    . /etc/bash_completion
fi

## .vimrc
" Indentation
set smartindent
set tabstop=4
set shiftwidth=4
set nowrap
set pastetoggle=<F2>

" Make it so the screen scrolls when nearing the edge.
set scrolloff=10
set sidescrolloff=15

" Better search
set incsearch

" Ctrl-hjkl navigates windows.
nnoremap <C-h> <C-w>h
nnoremap <C-j> <C-w>j
nnoremap <C-k> <C-w>k
nnoremap <C-l> <C-w>l

## init_server.sh
#/bin/sh

#
# Set up a new Ubuntu server with the basics.
# To be used after SSHing in for the first time (i.e. as root user)
#
# INSTALLATION:
#   wget https://gist.github.com/thebaer/7930262/raw/init_server.sh
#   chmod +x init_server.sh
#   ./init_server.sh
#

# CONFIGURATION
# -----------------------------------------------
USERNAME=matt
VIMRC=https://gist.github.com/thebaer/7930262/raw/.vimrc
BASHRC=https://gist.github.com/thebaer/7930262/raw/.bashrc

# *) Do initial installation
# -----------------------------------------------
if [ ! -e /home/$USERNAME/.boominitialized ]; then

	# Update packages
	apt-get update
	apt-get upgrade

	# Add non-root user
	echo
	echo "Creating user $USERNAME..."
	useradd -G sudo -m $USERNAME
	passwd $USERNAME
	chsh -s `which bash` $USERNAME
	# Use SSH keys
	echo
	echo "Setting up $USERNAME SSH key..."
	read -p "On your local machine run ssh-keygen -t rsa, then enter public key: " pubkey
	mkdir /home/$USERNAME/.ssh
	echo $pubkey > /home/$USERNAME/.ssh/authorized_keys

	# Set up iptables
	echo
	echo "Setting up firewall..."
	# Keep all current connections
	iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
	# Allow SSH
	read -p "Select a new SSH port: " sshport
	iptables -A INPUT -p tcp --dport $sshport -j ACCEPT
	# Update SSH config with chosen port
	sed -i "s/Port 22/Port $sshport/" /etc/ssh/sshd_config
	# Open www
	read -p "Open WWW port (y/n)? " openwww
	[ "$openwww" == "y" -o "$openwww" == "yes" ] && iptables -A INPUT -p tcp --dport 80 -j ACCEPT
	# Open SSL
	read -p "Open SSL port (y/n)? " ssl
	[ "$ssl" == "y" -o "$ssl" == "yes" ] && iptables -A INPUT -p tcp --dport 443 -j ACCEPT
	# Drop any other connections
	iptables -A INPUT -j DROP
	# Keep loopback
	iptables -I INPUT 1 -i lo -j ACCEPT
	# Display results
	echo
	iptables -L -v
	echo
	# Persist iptables rules
	apt-get install iptables-persistent
	service iptables-persistent start

	# Disable SSH passwords
	echo
	echo "Hardening SSH..."
	sed -i 's/#PasswordAuthentication no/PasswordAuthentication no/' /etc/ssh/sshd_config
	sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
	service ssh restart

	# Secure shared memory
	echo
	echo "Securing shared memory..."
	echo "tmpfs     /dev/shm     tmpfs     defaults,noexec,nosuid     0     0" >> /etc/fstab

	# Basic software
	echo
	apt-get install git-core
	apt-get install build-essential
	apt-get install vim vim-runtime

	# Get configuration files from GitHub
	echo
	echo "Getting user configurations..."
	cd /home/$USERNAME/
	if [ -n "$VIMRC" ]; then
		wget $VIMRC
	fi
	if [ -n "$BASHRC" ]; then
		wget $BASHRC
	fi

	touch .boominitialized
	chown -R $USERNAME:$USERNAME .
fi

# *) Additional install / general helpers
# -----------------------------------------------
echo
echo "                        What else do you need installed?"
echo "                          1. Apache"
echo "                          2. Apache with PHP (LT install)"
echo "                          3. MySQL"
echo "                          4. phpMyAdmin"
echo "                          5. Node"
echo "                        Utilities:"
echo "                          a) Open new firewall port"
echo
read -p "Choice: " choice

case "$choice" in
"1")
	# Install Apache
	sudo apt-get install apache2
	# Limit information given
	sudo sed -i "s/ServerSignature On/ServerSignature Off" /etc/apache2/conf-available/security.conf
	sudo sed -i "s/ServerTokens OS/ServerTokens Prod" /etc/apache2/conf-available/security.conf
	# Enable modules
	sudo a2enmod rewrite
	# Default public directory
	sudo chown -R $USERNAME:$USERNAME /var/www
	ln -s /var/www /home/$USERNAME/www
	;;
"2")
	# Install Apache w/ PHP
	sudo apt-get install apache2
	sudo apt-get install php5 libapache2-mod-php5 php5-curl php5-cli php5-gd php5-mysql
	sudo apt-get install python-mysqldb python-pip
	sudo pip install python-cloudfiles
	# PHP config:
	sudo sed -i "s/expose_php = On/expose_php = Off/" /etc/php5/apache2/php.ini
	# Apache:
	# Limit information given
	sudo sed -i "s/ServerSignature On/ServerSignature Off" /etc/apache2/conf-available/security.conf
	sudo sed -i "s/ServerTokens OS/ServerTokens Prod" /etc/apache2/conf-available/security.conf
	# Enable modules
	sudo a2enmod rewrite
	sudo a2enmod ssl
	sudo a2enmod headers
	# Default public directory
	sudo chown -R $USERNAME:$USERNAME /var/www
	ln -s /var/www /home/$USERNAME/www
	sudo service apache2 restart
	;;
"3")
	# Install MySQL
	sudo apt-get install mysql-server mysql-client
	;;
"4")
	# Install phpmyadmin
	sudo apt-get install phpmyadmin
	# Additional configuration
	# Change folder location for a little obscurity
	echo
	read -p "Pick an alias for phpmyadmin access: " phpma
	sudo sed -i "s/Alias \/phpmyadmin /Alias \/$phpma /" /etc/phpmyadmin/apache.conf
	# Only allow access from localhost
	sudo sed -i "/DirectoryIndex index.php/a AllowOverride all\n\tOrder Deny,Allow\n\tDeny from all\n\tAllow from 127.0.0.1" /etc/phpmyadmin/apache.conf
	# Load new configuration
	sudo service apache2 reload
	;;
"5")
	# Install node
	sudo apt-get install g++ curl libssl-dev apache2-utils

	cd /tmp
	git clone git://github.com/ry/node.git
	cd node
	./configure
	make
	sudo make install
	;;
"a")
	# Open a port in the firewall
	read -p "Open which port? " port
	sudo iptables -A INPUT -p tcp --dport $port -j ACCEPT
	/etc/init.d/iptables-persistent save
	;;
*)
	# Invalid choice
	echo "DOES NOT COMPUTE!"
	;;
esac
	# ~/.bashrc: executed by bash(1) for non-login shells.
	# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
	# for examples

	# If not running interactively, don't do anything
	[ -z "$PS1" ] && return

	# don't put duplicate lines in the history. See bash(1) for more options
	# ... or force ignoredups and ignorespace
	HISTCONTROL=ignoredups:ignorespace

	# append to the history file, don't overwrite it
	shopt -s histappend

	# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
	HISTSIZE=1000
	HISTFILESIZE=2000

	# check the window size after each command and, if necessary,
	# update the values of LINES and COLUMNS.
	shopt -s checkwinsize

	# make less more friendly for non-text input files, see lesspipe(1)
	[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"

	# set variable identifying the chroot you work in (used in the prompt below)
	if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
	debian_chroot=$(cat /etc/debian_chroot)
	fi

	# set a fancy prompt (non-color, unless we know we "want" color)
	case "$TERM" in
	xterm-color) color_prompt=yes;;
	esac

	# Use bash-completion, if available
	[[ $PS1 && -f /usr/share/bash-completion/bash_completion ]] && \
	. /usr/share/bash-completion/bash_completion

	# uncomment for a colored prompt, if the terminal has the capability; turned
	# off by default to not distract the user: the focus in a terminal window
	# should be on the output of commands, not on the prompt
	#force_color_prompt=yes

	if [ -n "$force_color_prompt" ]; then
	if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
	# We have color support; assume it's compliant with Ecma-48
	# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
	# a case would tend to support setf rather than setaf.)
	color_prompt=yes
	else
	color_prompt=
	fi
	fi

	if [ "$color_prompt" = yes ]; then
	PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
	else
	PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\w\[\033[1m\]`__git_ps1`\[\033[00m\]\$ '
	fi
	unset color_prompt force_color_prompt

	# If this is an xterm set the title to user@host:dir
	case "$TERM" in
	xterm\|rxvt)
	PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
	;;
	*)
	;;
	esac

	# enable color support of ls and also add handy aliases
	if [ -x /usr/bin/dircolors ]; then
	test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" \|\| eval "$(dircolors -b)"
	alias ls='ls --color=auto'
	#alias dir='dir --color=auto'
	#alias vdir='vdir --color=auto'

	alias grep='grep -n --color=auto'
	alias fgrep='fgrep --color=auto'
	alias egrep='egrep --color=auto'
	fi

	# some more ls aliases
	alias ll='ls -alF'
	alias la='ls -A'
	alias l='ls -CF'

	# Alias definitions.
	# You may want to put all your additions into a separate file like
	# ~/.bash_aliases, instead of adding them here directly.
	# See /usr/share/doc/bash-doc/examples in the bash-doc package.

	# Git shortcuts
	alias undocommit='git reset --soft HEAD^'
	alias recommit='git commit -c ORIG_HEAD'

	if [ -f ~/.bash_aliases ]; then
	. ~/.bash_aliases
	fi

	# enable programmable completion features (you don't need to enable
	# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
	# sources /etc/bash.bashrc).
	if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
	. /etc/bash_completion
	fi
	" Indentation
	set smartindent
	set tabstop=4
	set shiftwidth=4
	set nowrap
	set pastetoggle=<F2>

	" Make it so the screen scrolls when nearing the edge.
	set scrolloff=10
	set sidescrolloff=15

	" Better search
	set incsearch

	" Ctrl-hjkl navigates windows.
	nnoremap <C-h> <C-w>h
	nnoremap <C-j> <C-w>j
	nnoremap <C-k> <C-w>k
	nnoremap <C-l> <C-w>l
	#/bin/sh

	#
	# Set up a new Ubuntu server with the basics.
	# To be used after SSHing in for the first time (i.e. as root user)
	#
	# INSTALLATION:
	# wget https://gist.github.com/thebaer/7930262/raw/init_server.sh
	# chmod +x init_server.sh
	# ./init_server.sh
	#

	# CONFIGURATION
	# -----------------------------------------------
	USERNAME=matt
	VIMRC=https://gist.github.com/thebaer/7930262/raw/.vimrc
	BASHRC=https://gist.github.com/thebaer/7930262/raw/.bashrc

	# *) Do initial installation
	# -----------------------------------------------
	if [ ! -e /home/$USERNAME/.boominitialized ]; then

	# Update packages
	apt-get update
	apt-get upgrade

	# Add non-root user
	echo
	echo "Creating user $USERNAME..."
	useradd -G sudo -m $USERNAME
	passwd $USERNAME
	chsh -s `which bash` $USERNAME
	# Use SSH keys
	echo
	echo "Setting up $USERNAME SSH key..."
	read -p "On your local machine run ssh-keygen -t rsa, then enter public key: " pubkey
	mkdir /home/$USERNAME/.ssh
	echo $pubkey > /home/$USERNAME/.ssh/authorized_keys

	# Set up iptables
	echo
	echo "Setting up firewall..."
	# Keep all current connections
	iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
	# Allow SSH
	read -p "Select a new SSH port: " sshport
	iptables -A INPUT -p tcp --dport $sshport -j ACCEPT
	# Update SSH config with chosen port
	sed -i "s/Port 22/Port $sshport/" /etc/ssh/sshd_config
	# Open www
	read -p "Open WWW port (y/n)? " openwww
	[ "$openwww" == "y" -o "$openwww" == "yes" ] && iptables -A INPUT -p tcp --dport 80 -j ACCEPT
	# Open SSL
	read -p "Open SSL port (y/n)? " ssl
	[ "$ssl" == "y" -o "$ssl" == "yes" ] && iptables -A INPUT -p tcp --dport 443 -j ACCEPT
	# Drop any other connections
	iptables -A INPUT -j DROP
	# Keep loopback
	iptables -I INPUT 1 -i lo -j ACCEPT
	# Display results
	echo
	iptables -L -v
	echo
	# Persist iptables rules
	apt-get install iptables-persistent
	service iptables-persistent start

	# Disable SSH passwords
	echo
	echo "Hardening SSH..."
	sed -i 's/#PasswordAuthentication no/PasswordAuthentication no/' /etc/ssh/sshd_config
	sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
	service ssh restart

	# Secure shared memory
	echo
	echo "Securing shared memory..."
	echo "tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0" >> /etc/fstab

	# Basic software
	echo
	apt-get install git-core
	apt-get install build-essential
	apt-get install vim vim-runtime

	# Get configuration files from GitHub
	echo
	echo "Getting user configurations..."
	cd /home/$USERNAME/
	if [ -n "$VIMRC" ]; then
	wget $VIMRC
	fi
	if [ -n "$BASHRC" ]; then
	wget $BASHRC
	fi

	touch .boominitialized
	chown -R $USERNAME:$USERNAME .
	fi

	# *) Additional install / general helpers
	# -----------------------------------------------
	echo
	echo " What else do you need installed?"
	echo " 1. Apache"
	echo " 2. Apache with PHP (LT install)"
	echo " 3. MySQL"
	echo " 4. phpMyAdmin"
	echo " 5. Node"
	echo " Utilities:"
	echo " a) Open new firewall port"
	echo
	read -p "Choice: " choice

	case "$choice" in
	"1")
	# Install Apache
	sudo apt-get install apache2
	# Limit information given
	sudo sed -i "s/ServerSignature On/ServerSignature Off" /etc/apache2/conf-available/security.conf
	sudo sed -i "s/ServerTokens OS/ServerTokens Prod" /etc/apache2/conf-available/security.conf
	# Enable modules
	sudo a2enmod rewrite
	# Default public directory
	sudo chown -R $USERNAME:$USERNAME /var/www
	ln -s /var/www /home/$USERNAME/www
	;;
	"2")
	# Install Apache w/ PHP
	sudo apt-get install apache2
	sudo apt-get install php5 libapache2-mod-php5 php5-curl php5-cli php5-gd php5-mysql
	sudo apt-get install python-mysqldb python-pip
	sudo pip install python-cloudfiles
	# PHP config:
	sudo sed -i "s/expose_php = On/expose_php = Off/" /etc/php5/apache2/php.ini
	# Apache:
	# Limit information given
	sudo sed -i "s/ServerSignature On/ServerSignature Off" /etc/apache2/conf-available/security.conf
	sudo sed -i "s/ServerTokens OS/ServerTokens Prod" /etc/apache2/conf-available/security.conf
	# Enable modules
	sudo a2enmod rewrite
	sudo a2enmod ssl
	sudo a2enmod headers
	# Default public directory
	sudo chown -R $USERNAME:$USERNAME /var/www
	ln -s /var/www /home/$USERNAME/www
	sudo service apache2 restart
	;;
	"3")
	# Install MySQL
	sudo apt-get install mysql-server mysql-client
	;;
	"4")
	# Install phpmyadmin
	sudo apt-get install phpmyadmin
	# Additional configuration
	# Change folder location for a little obscurity
	echo
	read -p "Pick an alias for phpmyadmin access: " phpma
	sudo sed -i "s/Alias \/phpmyadmin /Alias \/$phpma /" /etc/phpmyadmin/apache.conf
	# Only allow access from localhost
	sudo sed -i "/DirectoryIndex index.php/a AllowOverride all\n\tOrder Deny,Allow\n\tDeny from all\n\tAllow from 127.0.0.1" /etc/phpmyadmin/apache.conf
	# Load new configuration
	sudo service apache2 reload
	;;
	"5")
	# Install node
	sudo apt-get install g++ curl libssl-dev apache2-utils

	cd /tmp
	git clone git://github.com/ry/node.git
	cd node
	./configure
	make
	sudo make install
	;;
	"a")
	# Open a port in the firewall
	read -p "Open which port? " port
	sudo iptables -A INPUT -p tcp --dport $port -j ACCEPT
	/etc/init.d/iptables-persistent save
	;;
	*)
	# Invalid choice
	echo "DOES NOT COMPUTE!"
	;;
	esac