diff options
author | Mike Crute <mike@crute.us> | 2017-12-27 21:06:55 +0000 |
---|---|---|
committer | Mike Crute <mike@crute.us> | 2017-12-27 21:06:55 +0000 |
commit | 6552b2f47c26a9a8d5b358b779f285bcb2880164 (patch) | |
tree | f14ebe4387902d5a034c683fd8b0a2097d3f99ba | |
parent | 2dee427611dfe732f8a1dba9233419b94630daa6 (diff) | |
download | server_bin-6552b2f47c26a9a8d5b358b779f285bcb2880164.tar.bz2 server_bin-6552b2f47c26a9a8d5b358b779f285bcb2880164.tar.xz server_bin-6552b2f47c26a9a8d5b358b779f285bcb2880164.zip |
Add bootstrap script
-rwxr-xr-x | bootstrap.sh | 141 |
1 files changed, 141 insertions, 0 deletions
diff --git a/bootstrap.sh b/bootstrap.sh new file mode 100755 index 0000000..78efc68 --- /dev/null +++ b/bootstrap.sh | |||
@@ -0,0 +1,141 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | #if [[ "$(hostname -f)" =~ \.crute\.me$ ]]; then | ||
4 | # echo "This host appears to already be bootstrapped" | ||
5 | # exit 1 | ||
6 | #fi | ||
7 | |||
8 | if [ ! -f "/etc/default/bootstrap" ]; then | ||
9 | cat > /etc/default/bootstrap <<EOF | ||
10 | UNCONFIGURED="true" | ||
11 | VM_HOST="false" | ||
12 | SHORT_HOSTNAME="" | ||
13 | AWS_ACCESS_KEY_ID="" | ||
14 | AWS_SECRET_ACCESS_KEY="" | ||
15 | REGION="" | ||
16 | ROLE="" | ||
17 | EOF | ||
18 | echo "Edit /etc/default/bootstrap and try again" | ||
19 | exit 1 | ||
20 | else | ||
21 | source /etc/default/bootstrap | ||
22 | if [ "$UNCONFIGURED" == "true" ]; then | ||
23 | echo "Edit /etc/default/boootstrap and try again" | ||
24 | exit 1 | ||
25 | fi | ||
26 | |||
27 | if [ ! -z "$AWS_ACCESS_KEY_ID" ]; then | ||
28 | export AWS_ACCESS_KEY_ID | ||
29 | fi | ||
30 | if [ ! -z "$AWS_SECRET_ACCESS_KEY" ]; then | ||
31 | export AWS_SECRET_ACCESS_KEY | ||
32 | fi | ||
33 | fi | ||
34 | |||
35 | # Figure out the region if AWS or internal | ||
36 | if [ -z "$REGION" ]; then | ||
37 | export REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | python3 -c "import json, sys; print(json.load(sys.stdin)['region'])") | ||
38 | fi | ||
39 | |||
40 | export DEBIAN_FRONTEND=noninteractive | ||
41 | |||
42 | # Configure APT to use the local cache if there is one | ||
43 | if [ "$REGION" = "sea1" ]; then | ||
44 | echo 'Acquire::http::Proxy "http://genesis.sea1.crute.me:3142";' >> /etc/apt/apt.conf | ||
45 | fi | ||
46 | |||
47 | # Get all the latest updates and remove junk | ||
48 | apt-get update && apt-get dist-upgrade -y && apt-get autoremove --purge -y | ||
49 | |||
50 | # Set hostname and network settings | ||
51 | export HOSTNAME="${SHORT_HOSTNAME}.${REGION}.crute.me" | ||
52 | |||
53 | if [[ "$(hostname -f)" != "$HOSTNAME" ]]; then | ||
54 | echo $SHORT_HOSTNAME > /etc/hostname | ||
55 | hostnamectl set-hostname $SHORT_HOSTNAME | ||
56 | systemctl restart systemd-logind.service | ||
57 | fi | ||
58 | |||
59 | # Setup /etc/hosts | ||
60 | if ! grep "$HOSTNAME" /etc/hosts 2>&1 > /dev/null; then | ||
61 | sed -i "s/127.0.0.1 localhost/127.0.0.1 localhost\n127.0.1.1 ${HOSTNAME} ${SHORT_HOSTNAME}/" /etc/hosts | ||
62 | fi | ||
63 | |||
64 | # Setup /etc/resolv.conf | ||
65 | if ! grep "search ${REGION}.crute.me" /etc/resolv.conf 2>&1 > /dev/null; then | ||
66 | sed -i "s/search .*/search ${REGION}.crute.me/" /etc/resolv.conf | ||
67 | fi | ||
68 | |||
69 | # Install standard packages | ||
70 | apt-get install -y \ | ||
71 | ssmtp \ | ||
72 | iptables-persistent \ | ||
73 | vim \ | ||
74 | htop \ | ||
75 | curl | ||
76 | |||
77 | # If this is a KVM host setup KVM and bridge | ||
78 | if [[ "$VM_HOST" == "true" ]]; then | ||
79 | apt-get install -y --no-install-recommends \ | ||
80 | qemu-kvm \ | ||
81 | libvirt-bin \ | ||
82 | virtinst \ | ||
83 | bridge-utils \ | ||
84 | libosinfo-bin \ | ||
85 | genisoimage \ | ||
86 | qemu-utils \ | ||
87 | unzip | ||
88 | |||
89 | MAIN_INTF=$(ip link | awk '/^2:/ { split($2, a, ":"); print a[1]; }') | ||
90 | sed -i -e "s/\(.*$MAIN_INTF.*\)/#\1/" /etc/network/interfaces | ||
91 | |||
92 | if ! grep 'auto br0' /etc/network/interfaces 2>&1>/dev/null; then | ||
93 | cat >> /etc/network/interfaces <<EOF | ||
94 | |||
95 | auto br0 | ||
96 | iface br0 inet dhcp | ||
97 | bridge_ports $MAIN_INTF | ||
98 | bridge_stp off | ||
99 | bridge_fd 0 | ||
100 | bridge_maxwait 0 | ||
101 | EOF | ||
102 | fi | ||
103 | fi | ||
104 | |||
105 | # Setup Automatic Updates | ||
106 | sed -i 's/APT::Periodic::Download-Upgradeable-Packages "0";/APT::Periodic::Download-Upgradeable-Packages "1";/' /etc/apt/apt.conf.d/10periodic | ||
107 | sed -i 's/APT::Periodic::AutocleanInterval "0";/APT::Periodic::AutocleanInterval "7";/' /etc/apt/apt.conf.d/10periodic | ||
108 | echo 'APT::Periodic::Unattended-Upgrade "1";' >> /etc/apt/apt.conf.d/10periodic | ||
109 | sed -i 's#//Unattended-Upgrade::Mail "root";#Unattended-Upgrade::Mail "mike@crute.us";#' /etc/apt/apt.conf.d/50unattended-upgrades | ||
110 | echo -e '\nUnattended-Upgrade::Sender "updates-no-reply@crute.me";' >> /etc/apt/apt.conf.d/50unattended-upgrades | ||
111 | sed -i 's#//Unattended-Upgrade::MailOnlyOnError "true";#Unattended-Upgrade::MailOnlyOnError "false";#' /etc/apt/apt.conf.d/50unattended-upgrades | ||
112 | |||
113 | # Setup mcrute user | ||
114 | if ! id mcrute 2>&1>/dev/null; then | ||
115 | useradd -p '$6$qOlvVfUc$Ij86v15mQnvoPSv1KCStgEBCLvrbLLp6hszvvs857yTGfJ.tu4Qm1u1GONeJayfNAVEOF1CV9mClTlnuiR5KU.' -m -s /bin/bash -G sudo mcrute | ||
116 | mkdir ~mcrute/.ssh | ||
117 | cat > ~mcrute/.ssh/authorized_keys <<EOF | ||
118 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/XsFRMvZVDrWEz3/Ssvh+yeTEhlEVRXSJIaOmMzoDAm+XZ17dOwjpj25MqGmYt/60n5rKRBj5GyoaURrPi/s4ml+VLeVY0OsR22Vv5zSB4fY5SZtPhHqti5sNA07SvbFI905BUF6kn6G6SVlQMruXqdi9ALJkxiCaz1gR7+cwk9CoFXtQRtlo6l99Y2TWfvt/BwUiZWbFmESIOXHmkpaFOuptnqpprDz0mLzmebQyscu6vqpDsu/dOC/VAmECyJZxAgMR2KX9B3ytCvIA7DMqNKFJSaRGhkX0Dh6giitxz711CcoGw0Qt0wA4koe3VH0Ozf9zYFY7UpxohpljzAJx mcrute@yubikey | ||
119 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCT/+YbYVS1eJ+ah6BjVA1gU31kKZGhlmqXfi9CBeJNmgO9DC9q9zOZkkT4ULSe0w3xKMIOxPzLAkarA/ErmqaEcc4PMPb3BxX2l1VktqE9GLpjmGX9TFvqsXr4D5axYiaQveuNkaJDZS4O7Wl68zb9WAuCqrYgK7hm5SBkcRkGsbWbDMo6VH7u4vzUQuc7Cch4BI6Tpbv3B98sCpVXVNdz/pb/p0j21S4qpV2MELCtSBAGEVPBfnGa7tSmDfenIr0KfGiYIeX0KC5ZJSKrqqzJqF8BYmp2ooWwWivFYtk08hfDxiJ23AsiLLMuA2WJ11X5TJJYg4z4b51UMJ8SRXgR mcrute@yubikey2 | ||
120 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNw8DoEsevMj7UhtcAqaCmO9h+baMkbiE3KJsi5iZWVAlqRZIgYisBGfmOdrkt0N3yKG9Gqg/DEEw4PWWul+k/O+zkWd/jVvaqVNyQnoNOdPAa3oGr39agMd30bOrYtHP3Lzaajn3cwaT7E+F05lw0+IIXV1TwSa0GzxqAYq+2raSXQsQWkzVFsU+DuxgBE9F2ieqOw6rvxdT/cVjnBZD/zmj6WnwM7qgylPvt9AOtsvq6MYoMOwOK41ilG8M2Cay/NXAr+o1g2y+cBt4s5YVzkxQ6Lub9Gusj0QgolQ5wJj7W+GqfzY5kndDOIuaiLDk3mI9/kAB8Ws0PYOhXTP/ mcrute@Michaels-MacBook-Pro.local | ||
121 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCoJRoSmMAqsQYYcQLYpSUngcVNtBrYxmM45hN974LoStoDXzW+qw0hOIqTU2GH93XmTC1HSIgMWTen9zNWuIaqADdt5obVmBPrOdpkwaPJ1zayykA5MHN8+8lYVkZ86b7hjy0NwnhlrkAyPQ9C30nQDlzw/AqOYiURwCK/20+slgvCpd5LYwBZndbwILg5EoEqpEksUxjzgRQzM6t1q0vzzige4jyE5jNKgsFJ2fajZq7yShweLuz2D4vHClwlgN9dY3oF25C8EWjwT8sfC2AK1Qlc/vYCwq6NoxOSiifPlo8Wiltr7WAqIQSUwzzXdpBm3F8lV0aYPLxKJRWq0ntOJg/z73oRE+cRUvzyqWn96OzKMIQWwDcRlKxemiv/i57Sm+cYg1wxjKJfWjrUOchBWfOIspk7kmaJsuhN26WNkNWbWYl5/pY7yPiZhqm2Th9vgOH4Rk0HTy25zZyT7EZoljyYpRLtrBVOWpXK7LN33v2Qdm2m2ctWfQytsj5s8Y6uPOR9uwVahnCou8M6YQhz5n6bsIfLhLDBpUvQL+9ONM9FsFMFk9RuhbsA3jbxeeuwqPkMmY27it5hbkVGpKd0M9Zv+JSvKtA2/agl/6zVhm+/TplHNBhj3B2uGe/3LakdxeVP3cyde8QcfyAQMRr+CE7NSFzETYj6Yvg3z24FuQ== mcrute@iphone6 | ||
122 | EOF | ||
123 | chmod 644 ~mcrute/.ssh/authorized_keys | ||
124 | chown -R mcrute:mcrute ~mcrute/.ssh | ||
125 | chmod 700 ~mcrute/.ssh | ||
126 | fi | ||
127 | |||
128 | # Setup SSMTP | ||
129 | curl -sO https://code.crute.me/mcrute/dotfiles/plain/bin/configure_ssmtp.sh | ||
130 | chmod +x configure_ssmtp.sh | ||
131 | ./configure_ssmtp.sh | ||
132 | rm configure_ssmtp.sh | ||
133 | |||
134 | # Clean out default user | ||
135 | rm /etc/sudoers.d/90-cloud-init-users | ||
136 | userdel -rf ubuntu | ||
137 | |||
138 | # Reboot to apply updates | ||
139 | echo "Reboot in 10 seconds" | ||
140 | sleep 10 | ||
141 | shutdown -r now | ||