├── README.md └── ubuntu-14.04.2-LTS ├── cloud-init.yml ├── install ├── attic │ └── attic.sh ├── duplicity │ └── duplicity.sh ├── gitbucket │ └── gitbucket.sh ├── jenkins │ └── jenkins.sh ├── jetty │ └── jetty.sh ├── mariadb │ └── mariadb.sh ├── nginx-php │ └── nginx-php.sh ├── seafile │ └── seafile.sh ├── subrosa │ ├── subrosa-client.sh │ └── subrosa-server.sh ├── tarsnap │ └── tarsnap.sh ├── taskwarrior │ ├── add_user_Mirakel.sh │ ├── taskwarrior-server.sh │ └── taskwarrior.sh └── wemux │ └── wemux.sh ├── root ├── 00-run_all.sh ├── 01-post_install_script_essentials.sh └── 02-add_user.sh └── user ├── 00-run_all.sh ├── 01-configure_git.sh ├── 02-secure_ssh.sh ├── 03-user_configuration.sh └── 04-cleanup.sh /README.md: -------------------------------------------------------------------------------- 1 | # Post installation scripts for ubuntu 2 | 3 | This script assumes that there is one or more authorized public keys on `/root/.ssh/authorized_keys`. If you use Digital Ocean, there is an option to add some public keys to your account and easily deploy your public keys to the root user to any new server you create. Otherwise you can copy the keys manually: 4 | 5 | `ssh-copy-id user@hostname.example.com` 6 | 7 | or 8 | 9 | `cat ~/.ssh/id_rsa.pub | ssh @ 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys && echo "Key copied"'` 10 | 11 | To get started just 12 | 13 | ``` 14 | apt-get install -y git && git clone https://github.com/drkarl/install-scripts.git && cd install-scripts/ubuntu-14.04.2-LTS/root && ./00-run_all.sh 15 | ``` 16 | - Then logout and login as the newly created user, and execute `install-scripts/ubuntu-14.04.2-LTS/user/00-run_all.sh`. 17 | 18 | - Then, if you logout and login again with that user you will be in zsh. 19 | 20 | - Optionally there are some installation scripts for some other applications which will be added over time. 21 | 22 | **Remember** that ufw will be installed blocking everything except ssh by default, so if you install anything which listens for connections remember to allow that port on ufw 23 | 24 | ## What does it contain? 25 | 26 | ## **root** scripts 27 | 28 | - Installs and starts [etckeeper](https://github.com/joeyh/etckeeper) 29 | 30 | - Installs [apt-fast](https://github.com/ilikenwf/apt-fast) and from that point on, all apt-get commands use apt-fast 31 | It installs apt-fast from github and not from Ubuntu repos because the version in Ubuntu repos uses bazaar by default, and the version on github uses git as default. 32 | 33 | - Updates and Upgrades ubuntu. 34 | 35 | - Installs some basic stuff (build-essentials, htop, molly-guard, python-dev which is required by stormssh, etc) 36 | 37 | - Installs [tmux](http://tmux.sourceforge.net/) 38 | If you don't know about tmux, it's a terminal multiplexer with awesome powers. If you use Screen, maybe you want to switch... There's also [byobu](http://byobu.co/), but this script only installs tmux. 39 | 40 | - Installs [NodeJS](https://nodejs.org/) 41 | 42 | - Installs Vim 43 | 44 | - Installs Infinality for better font rendering 45 | 46 | - Disables Ubuntu apport 47 | 48 | - Creates and enables a swap file since in Digital Ocean there is no swap file by default. If you don't need a swap file or you use a VPS provider/server/laptop which already has a swap file you can fork and comment/remove this. 49 | 50 | - Installs [nginx](http://nginx.org/) 51 | 52 | - Installs ufw (iptables is too complex) and configures it by default to block incoming and allow outgoing, then allow ssh on port 22 (if you use a different ssh port you may want to change this). 53 | 54 | - Installs fail2ban. 55 | 56 | - Installs [stormssh](http://storm.readthedocs.org/en/latest/) 57 | 58 | - dist-upgrade and autoremove. 59 | 60 | - Executes the user configuration script for the root user, so that when you need to use root you have fancy zsh shell 61 | 62 | ## User creation script 63 | 64 | - This first asks for a username for the user that will be created, who will be in the admin group, so it will have sudo privileges. 65 | 66 | - Then it copies the `authorized_keys` file to /home/$user/.ssh 67 | 68 | 69 | ## User scripts 70 | 71 | The user scripts 72 | 73 | - Configure the Name and email for git. 74 | 75 | - Disables root login and password authentication, and allows only the logged in user to login 76 | 77 | - Sets VIM as default editor 78 | 79 | - Installs zsh 80 | 81 | - Installs prezto 82 | 83 | - Installs the Powerline symbols 84 | 85 | - Clones the dotfiles repo of the provided user and copies them to ~ 86 | 87 | - Clones the Tmux plugin manager. Remember to use prefix + I on tmux to install the plugins defined on your .tmux.conf 88 | 89 | ## Optional installation scripts 90 | 91 | This section will be growin overtime. For now there is: 92 | 93 | - Taskwarrior server 94 | 95 | - Taskwarrior client. The client is cloned and compiled because the version in Ubuntu repos can't use a Taskwarrior server, only works locally 96 | 97 | - Tarsnap client 98 | 99 | - Duplicity 100 | 101 | - Attic 102 | 103 | - Jetty 104 | 105 | - GitBucket 106 | 107 | - MariaDB 108 | 109 | - Jenkins 110 | 111 | - Seafile 112 | 113 | - Wemux 114 | 115 | - Subrosa 116 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/cloud-init.yml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | #needs to replace 4 | #needs to replace 5 | #needs to replace 6 | 7 | users: 8 | - name: 9 | groups: sudo 10 | shell: /bin/bash 11 | sudo: ['ALL=(ALL) NOPASSWD:ALL'] 12 | ssh-authorized-keys: 13 | - ssh-rsa 14 | - ssh-rsa 15 | runcmd: 16 | - sed -i -e '/^Port/s/^.*$/Port /' /etc/ssh/sshd_config 17 | - sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config 18 | - sed -i -e '/^#PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config 19 | - sed -i -e '$aAllowUsers ' /etc/ssh/sshd_config 20 | - restart ssh -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/install/attic/attic.sh: -------------------------------------------------------------------------------- 1 | echo -e "\033[1;33m= =\033[0m" 2 | echo -e "\033[1;33m===========[INSTALLING attic]==========\033[0m" 3 | echo -e "\033[1;33m= =\033[0m" 4 | sudo apt-fast install -y build-essential python3-pip libssl-dev python-dev libevent-dev uuid-dev libacl1-dev liblzo2-dev 5 | sudo pip3 install attic 6 | echo -e "\033[1;32mAttic backup has been installed correctly\033[0m" 7 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/install/duplicity/duplicity.sh: -------------------------------------------------------------------------------- 1 | echo -e "\033[1;33m= =\033[0m" 2 | echo -e "\033[1;33m=========[INSTALLING duplicity]========\033[0m" 3 | echo -e "\033[1;33m= =\033[0m" 4 | sudo add-apt-repository -y ppa:duplicity-team/ppa 5 | sudo apt-fast update -y 6 | sudo apt-fast install -y duplicity 7 | cd && git clone https://github.com/zertrin/duplicity-backup.git 8 | sudo cp ~/duplicity-backup/duplicity-backup.conf.example /etc/duplicity-backup.conf 9 | 10 | echo -e "\033[1;32mDuplicity has been installed correctly\033[0m" 11 | echo -e "\033[1;32mduplicity-backup is a shell script to simplify and automate it\033[0m" 12 | # Start a backup 13 | #cd ~/duplicity-backup 14 | #./duplicity-backup.sh -c /etc/duplicity-backup.conf --backup 15 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/install/gitbucket/gitbucket.sh: -------------------------------------------------------------------------------- 1 | #Requires Java 2 | #Requires an application server, Tomcat, Jetty, Glassfish, etc 3 | echo "\033[1;33m= =\033[0m" 4 | echo "\033[1;33m=========[INSTALLING GitBucket]========\033[0m" 5 | echo "\033[1;33m= =\033[0m" 6 | #webapps folder depends on the app container 7 | 8 | #Jetty 9 | webapps=/opt/jetty/webapps 10 | 11 | #Tomcat 12 | #webapps=/opt/tomcat/webapps 13 | 14 | aria2c -s5 https://github.com/takezoe/gitbucket/releases/download/3.0/gitbucket.war 15 | sudo mv gitbucket.war $webapps 16 | sudo ufw allow 8080/tpc 17 | echo "\033[1;32mGitbucket has been installed correctly\033[0m" 18 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/install/jenkins/jenkins.sh: -------------------------------------------------------------------------------- 1 | #Requires Java 2 | #This installs jenkins as a service and uses the embedded Jetty server 3 | #Jenkins can also be installed as a war deployed to an application server 4 | wget -q -O - https://jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add - 5 | sudo sh -c 'echo deb http://pkg.jenkins-ci.org/debian binary/ > /etc/apt/sources.list.d/jenkins.list' 6 | sudo apt-get update -y 7 | sudo apt-fast install -y jenkins 8 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/install/jetty/jetty.sh: -------------------------------------------------------------------------------- 1 | #Requires Java 2 | # create download directories 3 | mkdir -p ~/build/jetty 4 | cd ~/build/jetty 5 | 6 | # download 7 | version="9.2.10.v20150310" 8 | aria2c -o jetty-distribution-$version.tar.gz -s5 "http://eclipse.org/downloads/download.php?file=/jetty/stable-9/dist/jetty-distribution-$version.tar.gz&r=1" 9 | 10 | # extract the archive - creates directory jetty-distribution-.... 11 | tar -xvf jetty-distribution-$version.tar.gz 12 | 13 | # rename jetty directory 14 | sudo mv jetty-distribution-$version /opt/jetty 15 | 16 | # create jetty user 17 | sudo useradd -U -s /bin/false jetty 18 | 19 | # Make the jetty directory be owned by the jetty user 20 | sudo chown -R jetty:jetty /opt/jetty 21 | 22 | #Create link for jetty.sh 23 | sudo ln -s /opt/jetty/bin/jetty.sh /etc/init.d/jetty 24 | 25 | # create /etc/default/jetty 26 | sudo sh -c ' printf " 27 | JAVA_HOME=/usr/java/default # Path to Java 28 | JETTY_HOME=/opt/jetty #Path to Jetty 29 | NO_START=0 # Start on boot 30 | JETTY_HOST=0.0.0.0 # Listen to all hosts 31 | JETTY_PORT=8080 # Run on this port 32 | JETTY_USER=jetty # Run as this user 33 | " > /etc/default/jetty' 34 | 35 | # make webapps writable 36 | sudo chmod o+w /opt/jetty/webapps 37 | 38 | #Cleanup 39 | rm -rf ~/build/jetty 40 | 41 | # check if the installation settings are ok 42 | sudo service jetty check 43 | 44 | # the server runs on the default port of 8080 45 | # http://localhost:8080/ 46 | # To let Jetty automatically start on reboot execute 47 | sudo update-rc.d jetty defaults 48 | 49 | # Start Jetty as service 50 | #sudo service jetty start 51 | 52 | # Stop Jetty as service 53 | #sudo service jetty stop 54 | 55 | # deploy an app 56 | #cp myapp.war /opt/jetty/webapps 57 | 58 | #In case port conflicts, you can check wich application is blocking port 8080 59 | #sudo netstat -lnptu|grep ":8080" 60 | 61 | # monitor jetty log files 62 | #ls -l /opt/jetty/logs 63 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/install/mariadb/mariadb.sh: -------------------------------------------------------------------------------- 1 | #MariaDB is a drop-in replacement for MySQL, with better performance, more features, and a better Community since it´s not owned by Oracle. 2 | 3 | sudo apt-fast install -y software-properties-common 4 | sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db 5 | sudo add-apt-repository 'deb http://mirror.jmu.edu/pub/mariadb/repo/10.1/ubuntu trusty main' 6 | sudo apt-fast update 7 | sudo apt-fast install -y mariadb-server 8 | /usr/bin/mysql_secure_installation 9 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/install/nginx-php/nginx-php.sh: -------------------------------------------------------------------------------- 1 | sudo apt-fast install -y php5-fpm php5-memcache php5-xcache memcached 2 | 3 | sudo sed -i -e 's/^;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' /etc/php5/fpm/php.ini 4 | 5 | sudo sed -i -e 's/^upload_max_filesize.*/upload_max_filesize=64M/' /etc/php5/fpm/php.ini 6 | 7 | sudo sed -i -e 's/^post_max_size.*/post_max_size =64M/' /etc/php5/fpm/php.ini 8 | 9 | sudo service php5-fpm restart 10 | 11 | echo "\033[1;31mEdit etc/nginx/sites-available/default\033[0m" 12 | 13 | sudo service nginx restart 14 | 15 | echo "\033[1;32mDeploy to /usr/share/nginx/\033[0m" 16 | 17 | # Refer to https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-on-ubuntu-14-04 18 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/install/seafile/seafile.sh: -------------------------------------------------------------------------------- 1 | #Can work with SQLite, but would be better if you install MySQL/MariaDB before and use it instead 2 | 3 | read -p "Enter organization name: " organization 4 | 5 | mkdir $organization 6 | 7 | 8 | cd $organization 9 | 10 | version=4.0.6 11 | aria2c "https://bitbucket.org/haiwen/seafile/downloads/seafile-server_${version}_x86-64.tar.gz" 12 | 13 | # after moving seafile-server_* to this directory 14 | tar -xzf seafile-server_* 15 | 16 | mkdir installed 17 | mv seafile-server_*.tar.gz installed 18 | 19 | # Install prerequisites 20 | apt-fast update 21 | apt-fast install -y python2.7 python-setuptools python-imaging python-mysqldb 22 | 23 | cd seafile-server-* 24 | ./setup-seafile-mysql.sh #run the setup script & answer prompted questions 25 | 26 | ulimit -n 30000 27 | ./seafile.sh start # Start seafile service 28 | ./seahub.sh start # Start seahub website, port defaults to 8000 29 | 30 | #To change configuration, like the port, in $organization/ccnet/ccnet.conf 31 | 32 | #To add memcached refer to http://manual.seafile.com/deploy/add_memcached.html 33 | 34 | #More info http://manual.seafile.com/ 35 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/install/subrosa/subrosa-client.sh: -------------------------------------------------------------------------------- 1 | #Requires nodejs and npm 2 | git clone https://github.com/subrosa-io/subrosa-client.git 3 | cd subrosa-client 4 | npm install 5 | npm run-script build 6 | 7 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/install/subrosa/subrosa-server.sh: -------------------------------------------------------------------------------- 1 | #Requires nodejs and npm 2 | git clone https://github.com/subrosa-io/subrosa-server.git 3 | cd subrosa server 4 | npm install 5 | mysql -u root < structure.sql 6 | cp config.sample.js config.js 7 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/install/tarsnap/tarsnap.sh: -------------------------------------------------------------------------------- 1 | echo -e "\033[1;33m= =\033[0m" 2 | echo -e "\033[1;33m=========[INSTALLING tarsnap]==========\033[0m" 3 | echo -e "\033[1;33m= =\033[0m" 4 | aria2c -s5 https://www.tarsnap.com/download/tarsnap-autoconf-1.0.35.tgz 5 | aria2c -s5 https://www.tarsnap.com/download/tarsnap-sigs-1.0.35.asc 6 | 7 | 8 | echo -e "\033[1;33mVerify that the source code has not been tampered with\033[0m" 9 | gpg --keyserver hkp://keys.gnupg.net --recv-keys 0x46B64BEB 10 | gpg --fingerprint 0x46B64BEB 11 | gpg --decrypt tarsnap-sigs-1.0.35.asc 12 | sha256sum tarsnap-autoconf-1.0.35.tgz 13 | 14 | tar xvzf tarsnap-autoconf-1.0.35.tgz 15 | apt-fast install -y libssl-dev zlib1g-dev e2fslibs-dev 16 | cd tarsnap-autoconf-1.0.35 17 | ./configure 18 | sudo make all install clean 19 | cd .. 20 | rm -rf tarsnap-autoconf-1.0.35 21 | rm -rf tarsnap-autoconf-1.0.35.tgz 22 | rm -rf tarsnap-sigs-1.0.35.asc 23 | echo -e "\033[1;32mTarsnap has been installed correctly\033[0m" 24 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/install/taskwarrior/add_user_Mirakel.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ -z "$1" ] 3 | then 4 | TASKD=../src/taskd 5 | else 6 | TASKD=$1 7 | fi 8 | 9 | if [ -z "$2" ] 10 | then 11 | ROOT=$PWD/root 12 | else 13 | ROOT=$2 14 | fi 15 | 16 | if [ -z "$3" ] 17 | then 18 | ROOT_CA=../pki/ca.cert.pem 19 | else 20 | ROOT_CA=$3 21 | fi 22 | 23 | if ! [ -z "$4" ] ; then 24 | if [ "$4" -ge 2048 ] ; then 25 | BITS=$4 26 | fi 27 | fi 28 | 29 | 30 | #read username and org from comandline 31 | read -p "Username?`echo $'\n> '`" USER 32 | read -p "Org?`echo $'\n> '`" ORGANIZATION 33 | 34 | #create org if nessersary 35 | $TASKD add --data $ROOT org $ORG >&2>/dev/null 36 | 37 | #create user 38 | $TASKD add --data $ROOT user --quiet $ORGANIZATION $USER 1> user.key 39 | 40 | #find configs 41 | $TASKD config --data $ROOT |grep '^server ' >server 42 | 43 | ./generate.client $ORGANIZATION$USER 44 | cd $PWD 45 | mv $ORGANIZATION$USER.cert.pem $USER.cert 46 | #cat `$TASKD config --data $ROOT |grep '^client.cert '| sed -e 's/client.cert//'`>$USER.cert 47 | cat $ORGANIZATION$USER.key.pem |sed -n '/-----BEGIN RSA PRIVATE KEY-----/,/-----END RSA PRIVATE KEY-----/p' >$USER.key 48 | 49 | #if user-config already exists remove it 50 | rm -rf $USER.taskdconfig 51 | 52 | #Write to user-conf file 53 | echo "username: "$USER>>$USER.taskdconfig 54 | echo "org: "$ORG>>$USER.taskdconfig 55 | cat user.key| sed 's/New user key:/user key:/g'>>$USER.taskdconfig 56 | echo "server: "`cat server| sed 's/^server//g'|sed 's/^[ \t]*//'`>>$USER.taskdconfig 57 | echo "Client.cert:">>$USER.taskdconfig 58 | cat $USER.cert>>$USER.taskdconfig 59 | echo "Client.key:">>$USER.taskdconfig 60 | cat $USER.key>>$USER.taskdconfig 61 | echo "ca.cert:">>$USER.taskdconfig 62 | cat $ROOT_CA>>$USER.taskdconfig 63 | 64 | #remove temp-files 65 | rm -rf user.key server $USER.cert 66 | rm -rf user.key server $USER.key 67 | 68 | 69 | echo 70 | echo "You're ready!" 71 | echo "Copy the "$USER.taskdconfig" to your device and don't forget to start the server" 72 | #echo "./run" 73 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/install/taskwarrior/taskwarrior-server.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | username=`whoami` 3 | 4 | #Install Task Warrior server 5 | 6 | apt-fast install -y git cmake gnutls-bin libgnutls-dev uuid-dev zip 7 | 8 | git clone https://git.tasktools.org/scm/tm/taskd ~/taskd 9 | cp add_user_Mirakel.sh ~/taskd/pki 10 | cd ~/taskd 11 | sudo cmake . && sudo make && sudo make install 12 | cd test && sudo make && sudo ./run_all 13 | 14 | #Switch comments if using bash 15 | #echo "export TASKDDATA=/var/taskd" >> ~/.profile 16 | echo "export TASKDDATA=/var/taskd" >> ~/.zshrc 17 | 18 | export TASKDDATA=/var/taskd 19 | 20 | sudo mkdir -p $TASKDDATA 21 | 22 | sudo chown $username:$username $TASKDDATA 23 | 24 | taskd init 25 | 26 | line="@reboot taskdctl start" 27 | (crontab -u "$username" -l; echo "$line" ) | crontab -u $username - 28 | 29 | cd ~/taskd/pki 30 | 31 | ./generate 32 | 33 | cp client.cert.pem client.key.pem server.cert.pem server.key.pem server.crl.pem ca.cert.pem $TASKDDATA 34 | 35 | taskd config --force client.cert $TASKDDATA/client.cert.pem && taskd config --force client.key $TASKDDATA/client.key.pem && taskd config --force server.cert $TASKDDATA/server.cert.pem && taskd config --force server.key $TASKDDATA/server.key.pem && taskd config --force server.crl $TASKDDATA/server.crl.pem && taskd config --force ca.cert $TASKDDATA/ca.cert.pem 36 | 37 | taskd config --force log $TASKDDATA/log/taskd.log 38 | 39 | taskd config --force pid.file $TASKDDATA/pid/taskd.pid 40 | 41 | taskd config --force client.allow '^task [2-9],^taskd,^libtaskd,^Mirakel [1-9]' 42 | 43 | #Choose one of the following lines, depending if ip or hostname 44 | taskd config --force server `/sbin/ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'`:53589 45 | taskd config --force server `hostname`:53589 46 | 47 | taskdctl start 48 | sudo ufw allow 53589/tcp 49 | #Mirakel 50 | 51 | echo -e "\033[1;32mFrom here on it is better to do things manually\033[0m" 52 | echo -e "\033[1;32mThere are some commented commands on the script as a guide\033[0m" 53 | #./add_user.sh 54 | 55 | #taskd add org 56 | 57 | #taskd add user '' '' 58 | 59 | #cd ~/git/taskd/pki 60 | 61 | #./generate.client #first_last_hostname 62 | #zip .zip ca.cert.pem * 63 | #mv .zip ~/ 64 | 65 | #FROM CLIENT 66 | #scp user@domain:.zip ~/.task 67 | #unzip ~/.task/.zip 68 | #rm ~/.task/.zip 69 | 70 | #Few extra steps 71 | 72 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/install/taskwarrior/taskwarrior.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sudo apt-get install cmake uuid-dev libgnutls-dev 4 | git clone https://git.tasktools.org/scm/tm/task.git ~/task.git 5 | cd ~/task.git 6 | cmake . 7 | make 8 | sudo make install 9 | cd .. 10 | rm -rf task.git 11 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/install/wemux/wemux.sh: -------------------------------------------------------------------------------- 1 | sudo git clone git://github.com/zolrath/wemux.git /usr/local/share/wemux 2 | sudo ln -s /usr/local/share/wemux/wemux /usr/local/bin/wemux 3 | sudo cp /usr/local/share/wemux/wemux.conf.example /usr/local/etc/wemux.conf 4 | 5 | #set a user to be a wemux host by adding their username to the host_list in /usr/local/etc/wemux.conf 6 | #like ths host_list=(zolrath brocksamson) 7 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/root/00-run_all.sh: -------------------------------------------------------------------------------- 1 | ./01-post_install_script_essentials.sh 2 | ./02-add_user.sh 3 | cd ../user 4 | ./03-user_configuration.sh 5 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/root/01-post_install_script_essentials.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ## 3 | # Ubuntu post-install script 4 | ## 5 | 6 | currentdir=`pwd` 7 | 8 | echo -e "\033[1;32mStarting post-installation script\033[0m" 9 | ## 10 | ##etc-keeper 11 | ## 12 | echo -e "\033[1;33m= =\033[0m" 13 | echo -e "\033[1;33m=========[INSTALLING etckeeper]========\033[0m" 14 | echo -e "\033[1;33m= =\033[0m" 15 | sudo apt-get install -y git make 16 | # We don't use apt-get install etckeeper because defaults to bazaar 17 | # Version in github defaults to git 18 | git clone https://github.com/joeyh/etckeeper.git 19 | cd etckeeper 20 | make install 21 | etckeeper init 22 | etckeeper commit "Initial commit." 23 | cd .. 24 | rm -rf etckeeper 25 | 26 | ## 27 | ##apt-fast 28 | ## 29 | ## From now on, all other scripts assume apt-fast is installed 30 | echo -e "\033[1;33m= =\033[0m" 31 | echo -e "\033[1;33m=========[INSTALLING apt-fast]=========\033[0m" 32 | echo -e "\033[1;33m= =\033[0m" 33 | sudo apt-get install -y aria2 34 | cd ~ 35 | git clone https://github.com/ilikenwf/apt-fast.git 36 | cd apt-fast 37 | sudo cp apt-fast /usr/bin/ 38 | sudo chmod +x /usr/bin/apt-fast 39 | sudo cp completions/bash/apt-fast /etc/bash_completion.d/ 40 | cd .. 41 | 42 | ################## 43 | ## Add PPAs # 44 | ################## 45 | ## Add NodeJS PPA 46 | sudo curl -sL https://deb.nodesource.com/setup | sudo bash - 47 | 48 | ## Add Tmux PPA 49 | sudo add-apt-repository -y ppa:pi-rho/dev 50 | 51 | ## Add Infinality PPA 52 | sudo add-apt-repository -y ppa:no1wantdthisname/ppa 53 | 54 | ## 55 | #Update repos and upgrade software and dist-upgrade 56 | ## 57 | echo -e "\033[1;33m= =\033[0m" 58 | echo -e "\033[1;33m=======[Update and Upgrade]========\033[0m" 59 | echo -e "\033[1;33m= =\033[0m" 60 | sudo apt-fast update -y && sudo apt-fast dist-upgrade -y 61 | 62 | ## 63 | ##Essentials 64 | ## 65 | echo -e "\033[1;33m= =\033[0m" 66 | echo -e "\033[1;33m======[INSTALLING essentials]======\033[0m" 67 | echo -e "\033[1;33m= =\033[0m" 68 | sudo apt-fast install -y build-essential cmake python-dev fontconfig fonts-inconsolata unzip p7zip-full ack-grep htop molly-guard iotop iftop gawk python-pip 69 | 70 | ## 71 | ##Tmux 72 | ## 73 | echo -e "\033[1;33m= =\033[0m" 74 | echo -e "\033[1;33m=========[INSTALLING Tmux]=========\033[0m" 75 | echo -e "\033[1;33m= =\033[0m" 76 | sudo apt-fast install -y python-software-properties software-properties-common 77 | sudo apt-fast install -y tmux=1.9a-1~ppa1~t 78 | 79 | ## 80 | ##Install NodeJS 81 | ## 82 | echo -e "\033[1;33m= =\033[0m" 83 | echo -e "\033[1;33m========[INSTALLING NodeJS]========\033[0m" 84 | echo -e "\033[1;33m= =\033[0m" 85 | sudo apt-fast install -y nodejs 86 | 87 | ## 88 | ## Setup VIM 89 | ## 90 | echo -e "\033[1;33m= =\033[0m" 91 | echo -e "\033[1;33m==========[INSTALLING Vim]=========\033[0m" 92 | echo -e "\033[1;33m= =\033[0m" 93 | sudo apt-fast install -y vim 94 | sudo update-alternatives --set editor /usr/bin/vim.basic 95 | 96 | # Better font rendering (aka Infinality) 97 | # source: http://www.webupd8.org/2013/06/better-font-rendering-in-linux-with.html 98 | echo -e "\033[1;33m= =\033[0m" 99 | echo -e "\033[1;33m======[INSTALLING Infinality]======\033[0m" 100 | echo -e "\033[1;33m= =\033[0m" 101 | sudo apt-fast install -y fontconfig-infinality 102 | 103 | # Turn off apport 104 | echo -e "\033[1;33m= =\033[0m" 105 | echo -e "\033[1;33m=========[DISABLING apport]========\033[0m" 106 | echo -e "\033[1;33m= =\033[0m" 107 | sudo su -c 'echo "enabled=0" > /etc/default/apport' 108 | 109 | ## 110 | ## Create and enable swap file 111 | ## 112 | echo -e "\033[1;33m= =\033[0m" 113 | echo -e "\033[1;33m====[Creating/enabling SWAP file]====\033[0m" 114 | echo -e "3[1;33m= =\033[0m" 115 | sudo fallocate -l 4G /swapfile 116 | sudo chown root:root /swapfile 117 | sudo chmod 600 /swapfile 118 | sudo mkswap /swapfile 119 | sudo swapon /swapfile 120 | echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab 121 | echo 10 | sudo tee /proc/sys/vm/swappiness 122 | echo vm.swappiness = 10 | sudo tee -a /etc/sysctl.conf 123 | 124 | ## 125 | ##Install nginx 126 | ## 127 | echo -e "\033[1;33m= =\033[0m" 128 | echo -e "\033[1;33m=========[INSTALLING nginx]========\033[0m" 129 | echo -e "\033[1;33m= =\033[0m" 130 | sudo apt-fast install -y nginx 131 | sudo service nginx stop 132 | 133 | ## 134 | ##UFW 135 | ## 136 | echo -e "\033[1;33m= =\033[0m" 137 | echo -e "\033[1;33m=========[INSTALLING ufw]=========\033[0m" 138 | echo -e "\033[1;33m= =\033[0m" 139 | sudo apt-fast install -y ufw 140 | sudo ufw default deny incoming 141 | sudo ufw default allow outgoing 142 | sudo ufw allow ssh 143 | sudo ufw --force enable 144 | 145 | ## 146 | ##fail2ban 147 | ## 148 | echo -e "\033[1;33m= =\033[0m" 149 | echo -e "\033[1;33m=======[INSTALLING fail2ban]=======\033[0m" 150 | echo -e "\033[1;33m= =\033[0m" 151 | sudo apt-fast install -y fail2ban 152 | sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local 153 | sudo service fail2ban restart 154 | 155 | ## 156 | ##stormssh 157 | ## 158 | echo -e "\033[1;33m= =\033[0m" 159 | echo -e "\033[1;33m=======[INSTALLING StormSSH]=======\033[0m" 160 | echo -e "\033[1;33m= =\033[0m" 161 | sudo pip install stormssh 162 | 163 | echo -e "\033[1;33m= =\033[0m" 164 | echo -e "\033[1;33m=========[INSTALLING zsh]==========\033[0m" 165 | echo -e "\033[1;33m= =\033[0m" 166 | sudo apt-get install -y zsh 167 | 168 | ## 169 | #Cleanup 170 | ## 171 | echo -e "\033[1;33m= =\033[0m" 172 | echo -e "\033[1;33m============[CLEANUP]============\033[0m" 173 | echo -e "\033[1;33m= =\033[0m" 174 | sudo apt-get autoremove -y 175 | 176 | cd $currentdir 177 | 178 | echo -e "\033[1;32mPost-installation script complete!!\033[0m" 179 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/root/02-add_user.sh: -------------------------------------------------------------------------------- 1 | #This script assumes it is run by root. 2 | #Will create a user and copy the authorized_keys for root to that user 3 | 4 | echo -e "\033[1;31mWarning, the user created now will have admin powers!\033[0m" 5 | read -p "Continue (y/n)?" choice 6 | case "$choice" in 7 | y|Y ) echo "yes";; 8 | n|N ) exit 1;; 9 | * ) echo "invalid";; 10 | esac 11 | 12 | read -p "Enter username for new user: " username 13 | 14 | echo -e "\033[1;33m= =\033[0m" 15 | echo -e "\033[1;33m============[ Adding user ]============\033[0m" 16 | echo -e "\033[1;33m= =\033[0m" 17 | adduser $username 18 | 19 | mkdir -p "/home/${username}/.ssh" 20 | 21 | echo -e "\033[1;33m= =\033[0m" 22 | echo -e "\033[1;33m=========[ Copying ssh keys ]==========\033[0m" 23 | echo -e "\033[1;33m= =\033[0m" 24 | mv /root/.ssh/authorized_keys "/home/${username}/.ssh/authorized_keys" 25 | 26 | chown -R $username:$username "/home/${username}/.ssh/" 27 | chmod 700 "/home/${username}/.ssh/" 28 | chmod 600 "/home/${username}/.ssh/authorized_keys" 29 | 30 | echo -e "\033[1;33m= =\033[0m" 31 | echo -e "\033[1;33m======[ Adding user to suoders ]=======\033[0m" 32 | echo -e "\033[1;33m= =\033[0m" 33 | usermod -a -G sudo ${username} 34 | 35 | if [ "$user" != "root" ] 36 | then 37 | cp -R /root/install-scripts "/home/${username}/" 38 | cp -R /root/apt-fast "/home/${username}/" 39 | chown -R $username:$username "/home/${username}/" 40 | fi 41 | echo -e "\033[1;32mUser ${username} created, added to sudoers and keys setup\033[0m" 42 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/user/00-run_all.sh: -------------------------------------------------------------------------------- 1 | ./01-configure_git.sh 2 | ./02-secure_ssh.sh 3 | ./03-user_configuration.sh 4 | ./04-cleanup.sh 5 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/user/01-configure_git.sh: -------------------------------------------------------------------------------- 1 | #Basic git configuration 2 | 3 | # Set the environment variables or edit the screen before running 4 | read -p "Git name: " GIT_USERNAME 5 | read -p "Git mail: " GIT_USER_EMAIL 6 | 7 | git config --global user.name $GIT_USERNAME 8 | git config --global user.email $GIT_USER_EMAIL 9 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/user/02-secure_ssh.sh: -------------------------------------------------------------------------------- 1 | #Basic configuration to secure SSH 2 | 3 | user=`whoami` 4 | 5 | if [ "$user" == "root" ] 6 | then 7 | echo -e "\033[1;31mCan't run this script as root!\033[0m" 8 | exit 1; 9 | fi 10 | 11 | echo -e "\033[1;31mWarning, if you continue the root user won't be able to login anymore!\033[0m" 12 | read -p "Continue (y/n)?" choice 13 | case "$choice" in 14 | y|Y ) echo "yes";; 15 | n|N ) exit 1;; 16 | * ) echo "invalid";; 17 | esac 18 | 19 | # root can't login 20 | sudo sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config 21 | 22 | # Password authentication forbidden 23 | sudo sed -i -e '/^#PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config 24 | 25 | # Allow login to the current user 26 | sudo sed -i -e '$aAllowUsers '"$user"'' /etc/ssh/sshd_config 27 | 28 | # OPTIONAL - Change standard SSH port (22) 29 | # sudo sed -i -e '/^Port/s/^.*$/Port 2222/' /etc/ssh/sshd_config 30 | 31 | sudo rm -rf /root/.ssh/authorized_keys 32 | 33 | sudo restart ssh 34 | echo -e "\033[1;32mRoot can't login anymore, and only keys, no passwords, can be used!\033[0m" 35 | echo -e "\033[1;31mSSH with the user before logging out of this session to make sure you don't lock yourself out!\033[0m" 36 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/user/03-user_configuration.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo -e "\033[1;33m===================================\033[0m" 4 | echo -e "\033[1;33m==========[USER SPECIFIC]==========\033[0m" 5 | echo -e "\033[1;33m===================================\033[0m" 6 | 7 | read -p "Enter the name of the github user to clone the dotfiles from: " github_user 8 | 9 | ## Setup VIM as default editor 10 | sudo update-alternatives --set editor /usr/bin/vim.basic 11 | 12 | ## 13 | ## ZSH 14 | ## 15 | echo -e "\033[1;33m= =\033[0m" 16 | echo -e "\033[1;33m=========[INSTALLING zsh]==========\033[0m" 17 | echo -e "\033[1;33m= =\033[0m" 18 | sudo usermod -s /bin/zsh "$(whoami)" 19 | ##apt-fast completions for zsh 20 | sudo cp ~/apt-fast/completions/zsh/_apt-fast /usr/share/zsh/functions/Completion/Debian/ 21 | sudo chown root:root /usr/share/zsh/functions/Completion/Debian/_apt-fast 22 | 23 | ##Setup Prezto 24 | echo -e "\033[1;33m= =\033[0m" 25 | echo -e "\033[1;33m==========[INSTALLING Prezto]==========\033[0m" 26 | echo -e "\033[1;33m= =\033[0m" 27 | git clone --recursive https://github.com/ravishi/prezto.git "$HOME/.zprezto" 28 | 29 | shopt -s extglob 30 | for rcfile in $HOME/.zprezto/runcoms/!(README.md); do 31 | ln -s "$rcfile" "$HOME/.$(basename $rcfile)" 32 | done 33 | 34 | # powerline fancy symbols 35 | echo -e "\033[1;33m= =\033[0m" 36 | echo -e "\033[1;33m=====[Installing Powerline symbols]====\033[0m" 37 | echo -e "\033[1;33m= =\033[0m" 38 | mkdir -p "$HOME/.fonts/" "$HOME/.config/fontconfig/conf.d/" 39 | aria2c -s5 -P "$HOME/.fonts/" https://github.com/Lokaltog/powerline/raw/develop/font/PowerlineSymbols.otf 40 | sudo fc-cache -vf "$HOME/.fonts" 41 | aria2c -s5 -P "$HOME/.config/fontconfig/conf.d/" https://github.com/Lokaltog/powerline/raw/develop/font/10-powerline-symbols.conf 42 | 43 | ## Get dotfiles 44 | echo -e "\033[1;33m= =\033[0m" 45 | echo -e "\033[1;33m=========[Retrieving dotfiles]=========\033[0m" 46 | echo -e "\033[1;33m= =\033[0m" 47 | # Create a tmp folder with random name 48 | dotfiles_path="`(mktemp -d)`" 49 | 50 | # Clone the repository recursively 51 | 52 | git clone --recursive "https://github.com/${github_user}/dotfiles.git" "$dotfiles_path" 53 | cd "$dotfiles_path" 54 | 55 | # Copy all dotfiles except .git/ and .gitmodules 56 | cp -r `ls -d .??* | egrep -v '(.git$|.gitmodules)'` $HOME 57 | cd ~ 58 | rm -rf "$dotfiles_path" 59 | 60 | # symlink vimrc 61 | ln -s "$HOME/.vim/vimrc" "$HOME/.vimrc" 62 | 63 | ## TMUX 64 | # Install Tmux plugin manager 65 | git clone https://github.com/tmux-plugins/tpm ~/.tmux/plugins/tpm 66 | 67 | tmux source-file ~/.tmux.conf 68 | 69 | echo -e "\033[1;32mUser configuration complete!!\033[0m" 70 | -------------------------------------------------------------------------------- /ubuntu-14.04.2-LTS/user/04-cleanup.sh: -------------------------------------------------------------------------------- 1 | cd ~ 2 | rm -rf apt-fast 3 | sudo rm -rf /root/apt-fast 4 | sudo rm -rf /root/install-scripts 5 | --------------------------------------------------------------------------------