Skip to content

Instantly share code, notes, and snippets.

@ericboehs
Last active October 11, 2015 13:07

Revisions

  1. ericboehs revised this gist Jan 23, 2013. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion gistfile1.sh
    Original file line number Diff line number Diff line change
    @@ -118,7 +118,7 @@ ruby-switch --set ruby1.9.1
    gem install rake bundler rails tmuxinator --no-rdoc --no-ri

    # Install heroku toolbelt
    curl -s https://toolbelt.heroku.com/install.sh | sh
    wget -qO- https://toolbelt.heroku.com/install-ubuntu.sh | sh

    # Install NodeJS
    add-apt-repository -y ppa:chris-lea/node.js && apt-get update
  2. ericboehs revised this gist Jan 23, 2013. 1 changed file with 3 additions and 0 deletions.
    3 changes: 3 additions & 0 deletions gistfile1.sh
    Original file line number Diff line number Diff line change
    @@ -117,6 +117,9 @@ apt-get install -y ruby1.9.3 rubygems ruby-switch imagemagick libxslt-dev libxml
    ruby-switch --set ruby1.9.1
    gem install rake bundler rails tmuxinator --no-rdoc --no-ri

    # Install heroku toolbelt
    curl -s https://toolbelt.heroku.com/install.sh | sh

    # Install NodeJS
    add-apt-repository -y ppa:chris-lea/node.js && apt-get update
    apt-get install -y nodejs npm nodejs-dev
  3. ericboehs revised this gist Jan 3, 2013. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion gistfile1.sh
    Original file line number Diff line number Diff line change
    @@ -105,7 +105,7 @@ chmod 440 /etc/sudoers.d/my_sudoers
    echo -e "vm.panic_on_oom=1\nkernel.panic=10" >> /etc/sysctl.conf

    # Install essentials
    apt-get install -y build-essential python-software-properties zsh curl netcat git htop ack-grep tmux vim-nox exuberant-ctags
    apt-get install -y build-essential python-software-properties software-properties-common zsh curl netcat git htop ack-grep tmux vim-nox exuberant-ctags

    # Install databases (removed mysql and redis)
    add-apt-repository -y ppa:pitti/postgresql && apt-get update
  4. ericboehs revised this gist Oct 20, 2012. 1 changed file with 3 additions and 0 deletions.
    3 changes: 3 additions & 0 deletions gistfile1.sh
    Original file line number Diff line number Diff line change
    @@ -121,6 +121,9 @@ gem install rake bundler rails tmuxinator --no-rdoc --no-ri
    add-apt-repository -y ppa:chris-lea/node.js && apt-get update
    apt-get install -y nodejs npm nodejs-dev

    # Divert ack to ack-grep
    dpkg-divert --local --divert /usr/bin/ack --rename --add /usr/bin/ack-grep

    # Setup postgresql roles & relax security permissions
    su postgres -c "createuser -s $USER"
    sed -i 's/peer$/trust/g' /etc/postgresql/9.2/main/pg_hba.conf
  5. ericboehs revised this gist Oct 15, 2012. 1 changed file with 4 additions and 0 deletions.
    4 changes: 4 additions & 0 deletions gistfile1.sh
    Original file line number Diff line number Diff line change
    @@ -117,6 +117,10 @@ apt-get install -y ruby1.9.3 rubygems ruby-switch imagemagick libxslt-dev libxml
    ruby-switch --set ruby1.9.1
    gem install rake bundler rails tmuxinator --no-rdoc --no-ri

    # Install NodeJS
    add-apt-repository -y ppa:chris-lea/node.js && apt-get update
    apt-get install -y nodejs npm nodejs-dev

    # Setup postgresql roles & relax security permissions
    su postgres -c "createuser -s $USER"
    sed -i 's/peer$/trust/g' /etc/postgresql/9.2/main/pg_hba.conf
  6. ericboehs revised this gist Oct 10, 2012. 1 changed file with 1 addition and 2 deletions.
    3 changes: 1 addition & 2 deletions gistfile1.sh
    Original file line number Diff line number Diff line change
    @@ -126,8 +126,7 @@ service postgresql restart
    # Setup user and install dotfiles
    su $USER -c "mv ~/.bashrc ~/.bashrc.bak"
    su $USER -c "git clone git://github.com/ericboehs/dotfiles.git ~/.dotfiles"
    su $USER -c "cd ~/.dotfiles && git submodule init && git submodule update "
    su $USER -c "cd ~/.dotfiles && rake install && cd ~/.dotfiles/vim && rake"
    su $USER -c "cd ~/.dotfiles && git submodule update --init && rake install && cd vim && rake"
    su $USER -c "echo 'export GITHUB_USER=$GITHUB_USER' >> ~/.zsh/config.private"

    # Change default shell to zsh
  7. ericboehs revised this gist Oct 10, 2012. 1 changed file with 7 additions and 3 deletions.
    10 changes: 7 additions & 3 deletions gistfile1.sh
    Original file line number Diff line number Diff line change
    @@ -108,16 +108,20 @@ echo -e "vm.panic_on_oom=1\nkernel.panic=10" >> /etc/sysctl.conf
    apt-get install -y build-essential python-software-properties zsh curl netcat git htop ack-grep tmux vim-nox exuberant-ctags

    # Install databases (removed mysql and redis)
    apt-get install -y sqlite3 postgresql postgresql-contrib-9.1 postgresql-client memcached
    add-apt-repository -y ppa:pitti/postgresql && apt-get update
    apt-get install -y sqlite3 libpq-dev postgresql-9.2 postgresql-contrib-9.2 memcached

    # Install ruby and related development libraries needed for gems
    apt-add-repository -y ppa:brightbox/ruby-ng && apt-get update
    apt-get install -y ruby1.9.3 rubygems ruby-switch imagemagick libxslt-dev libxml2-dev libssl-dev libsqlite3-dev libpq-dev
    apt-get install -y ruby1.9.3 rubygems ruby-switch imagemagick libxslt-dev libxml2-dev libssl-dev libsqlite3-dev
    ruby-switch --set ruby1.9.1
    gem install rake bundler rails tmuxinator --no-rdoc --no-ri

    # Setup postgresql roles
    # Setup postgresql roles & relax security permissions
    su postgres -c "createuser -s $USER"
    sed -i 's/peer$/trust/g' /etc/postgresql/9.2/main/pg_hba.conf
    sed -i 's/md5$/trust/g' /etc/postgresql/9.2/main/pg_hba.conf
    service postgresql restart

    # Setup user and install dotfiles
    su $USER -c "mv ~/.bashrc ~/.bashrc.bak"
  8. ericboehs revised this gist Oct 10, 2012. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion gistfile1.sh
    Original file line number Diff line number Diff line change
    @@ -105,7 +105,7 @@ chmod 440 /etc/sudoers.d/my_sudoers
    echo -e "vm.panic_on_oom=1\nkernel.panic=10" >> /etc/sysctl.conf

    # Install essentials
    apt-get install -y build-essential python-software-properties zsh curl git htop ack-grep tmux vim-nox exuberant-ctags
    apt-get install -y build-essential python-software-properties zsh curl netcat git htop ack-grep tmux vim-nox exuberant-ctags

    # Install databases (removed mysql and redis)
    apt-get install -y sqlite3 postgresql postgresql-contrib-9.1 postgresql-client memcached
  9. ericboehs revised this gist Oct 10, 2012. 1 changed file with 4 additions and 3 deletions.
    7 changes: 4 additions & 3 deletions gistfile1.sh
    Original file line number Diff line number Diff line change
    @@ -105,14 +105,15 @@ chmod 440 /etc/sudoers.d/my_sudoers
    echo -e "vm.panic_on_oom=1\nkernel.panic=10" >> /etc/sysctl.conf

    # Install essentials
    apt-get install -y build-essential zsh curl git htop ack-grep tmux vim-nox exuberant-ctags
    apt-get install -y build-essential python-software-properties zsh curl git htop ack-grep tmux vim-nox exuberant-ctags

    # Install databases (removed mysql and redis)
    apt-get install -y sqlite3 postgresql postgresql-contrib-9.1 postgresql-client memcached

    # Install ruby and related development libraries needed for gems
    apt-get install -y ruby1.9.3 rubygems imagemagick libxslt-dev libxml2-dev libssl-dev libsqlite3-dev libpq-dev
    update-alternatives --set ruby /usr/bin/ruby1.9.1
    apt-add-repository -y ppa:brightbox/ruby-ng && apt-get update
    apt-get install -y ruby1.9.3 rubygems ruby-switch imagemagick libxslt-dev libxml2-dev libssl-dev libsqlite3-dev libpq-dev
    ruby-switch --set ruby1.9.1
    gem install rake bundler rails tmuxinator --no-rdoc --no-ri

    # Setup postgresql roles
  10. ericboehs revised this gist Oct 10, 2012. 1 changed file with 13 additions and 11 deletions.
    24 changes: 13 additions & 11 deletions gistfile1.sh
    Original file line number Diff line number Diff line change
    @@ -8,41 +8,43 @@
    USER=ericboehs
    SSH_PUBLIC_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApqtopvozpyuX+ELj9a78eFY0AmU5Zl3V3l2n7XW49ZVszdJFGX6l3Lsb9tZW1zNSPtt9hDzh7m4R/y0l/Qxzitk0xcQWyuIFIIifiqY2ZFgEPXKcZ/i+6E1rQL8f44eLkgIH8evTB15TPcIefbdWHlhLXn7WoG/aboC9TzLgtUG05m2Mtp8/gDYI93cZHgK9hLsuQR/iSbt3obx6id2bB4MQSjPu7wPpjVbsn6pglbbjgkE9qkERckLDAUDuFQfJRQUMjbJ01Vnp6w0D6Ffg8kE3VFnBxNc4eZHS/nvPTTd35ZhCnnOIQ5brfTAoMpvctlfoh0fjaWhXJbny39CHow== ericboehs@Airic.local"
    GITHUB_USER=$USER
    HOSTNAME=box.erc.bz
    LOCALE=en
    TIMEZONE=US/Central

    # Set a hostname
    echo "box.erc.bz" > /etc/hostname
    echo "$HOSTNAME" > /etc/hostname
    hostname -F /etc/hostname

    # Set the locale
    locale-gen en
    locale-gen $LOCALE

    # Set the timezone
    echo "US/Central" > /etc/timezone
    echo "$TIMEZONE" > /etc/timezone
    dpkg-reconfigure -f noninteractive tzdata


    # Create an admin group
    /usr/sbin/groupadd admin

    # Add the admin group to the sudoers list (with no password)
    sed 's/admin ALL=(ALL) ALL/admin ALL=(ALL) NOPASSWD:ALL/g' /etc/sudoers > /tmp/sudoers.new
    mv /tmp/sudoers.new /etc/sudoers && chmod 440 /etc/sudoers

    # Create my user and make him an admin
    # Create my admin user
    /usr/sbin/useradd -m -G admin -s /bin/bash -d /home/$USER $USER

    # Setup $USER user for ssh access
    # Setup $USER for ssh access
    su $USER -c "mkdir ~/.ssh"
    su $USER -c "echo $SSH_PUBLIC_KEY >> ~/.ssh/authorized_keys"
    su $USER -c "chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys"

    # Diable root login with SSH (now would be a good time to test your new user if running this script interactively)
    # Disable root login via SSH (now would be a good time to test your new user if running this script interactively)
    sed 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config > /tmp/sshd_config.new
    mv /tmp/sshd_config.new /etc/ssh/sshd_config && chmod 644 /etc/ssh/sshd_config
    service ssh restart

    # Update package cache and upgrade packages
    export DEBIAN_FRONTEND=noninteractive
    DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get upgrade -y -q -o Dpkg::Options::="--force-confold"

    @@ -108,7 +110,7 @@ apt-get install -y build-essential zsh curl git htop ack-grep tmux vim-nox exube
    # Install databases (removed mysql and redis)
    apt-get install -y sqlite3 postgresql postgresql-contrib-9.1 postgresql-client memcached

    # Install ruby and related development libraries need for gems
    # Install ruby and related development libraries needed for gems
    apt-get install -y ruby1.9.3 rubygems imagemagick libxslt-dev libxml2-dev libssl-dev libsqlite3-dev libpq-dev
    update-alternatives --set ruby /usr/bin/ruby1.9.1
    gem install rake bundler rails tmuxinator --no-rdoc --no-ri
    @@ -119,8 +121,8 @@ su postgres -c "createuser -s $USER"
    # Setup user and install dotfiles
    su $USER -c "mv ~/.bashrc ~/.bashrc.bak"
    su $USER -c "git clone git://github.com/ericboehs/dotfiles.git ~/.dotfiles"
    su $USER -c "cd ~/.dotfiles && git submodule init && git submodule update"
    su $USER -c "source /etc/profile && cd ~/.dotfiles && rake install && cd ~/.dotfiles/vim && rake"
    su $USER -c "cd ~/.dotfiles && git submodule init && git submodule update "
    su $USER -c "cd ~/.dotfiles && rake install && cd ~/.dotfiles/vim && rake"
    su $USER -c "echo 'export GITHUB_USER=$GITHUB_USER' >> ~/.zsh/config.private"

    # Change default shell to zsh
  11. ericboehs created this gist Oct 10, 2012.
    129 changes: 129 additions & 0 deletions gistfile1.sh
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,129 @@
    #!/usr/bin/env bash

    ###
    # Run this script as root
    ###

    # Setup variables for this script
    USER=ericboehs
    SSH_PUBLIC_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApqtopvozpyuX+ELj9a78eFY0AmU5Zl3V3l2n7XW49ZVszdJFGX6l3Lsb9tZW1zNSPtt9hDzh7m4R/y0l/Qxzitk0xcQWyuIFIIifiqY2ZFgEPXKcZ/i+6E1rQL8f44eLkgIH8evTB15TPcIefbdWHlhLXn7WoG/aboC9TzLgtUG05m2Mtp8/gDYI93cZHgK9hLsuQR/iSbt3obx6id2bB4MQSjPu7wPpjVbsn6pglbbjgkE9qkERckLDAUDuFQfJRQUMjbJ01Vnp6w0D6Ffg8kE3VFnBxNc4eZHS/nvPTTd35ZhCnnOIQ5brfTAoMpvctlfoh0fjaWhXJbny39CHow== ericboehs@Airic.local"
    GITHUB_USER=$USER

    # Set a hostname
    echo "box.erc.bz" > /etc/hostname
    hostname -F /etc/hostname

    # Set the locale
    locale-gen en

    # Set the timezone
    echo "US/Central" > /etc/timezone
    dpkg-reconfigure -f noninteractive tzdata


    # Create an admin group
    /usr/sbin/groupadd admin

    # Add the admin group to the sudoers list (with no password)
    sed 's/admin ALL=(ALL) ALL/admin ALL=(ALL) NOPASSWD:ALL/g' /etc/sudoers > /tmp/sudoers.new
    mv /tmp/sudoers.new /etc/sudoers && chmod 440 /etc/sudoers

    # Create my user and make him an admin
    /usr/sbin/useradd -m -G admin -s /bin/bash -d /home/$USER $USER

    # Setup $USER user for ssh access
    su $USER -c "mkdir ~/.ssh"
    su $USER -c "echo $SSH_PUBLIC_KEY >> ~/.ssh/authorized_keys"
    su $USER -c "chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys"

    # Diable root login with SSH (now would be a good time to test your new user if running this script interactively)
    sed 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config > /tmp/sshd_config.new
    mv /tmp/sshd_config.new /etc/ssh/sshd_config && chmod 644 /etc/ssh/sshd_config
    service ssh restart

    # Update package cache and upgrade packages
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get upgrade -y -q -o Dpkg::Options::="--force-confold"

    # Install fail2ban (prevent repeated logins)
    apt-get install -y fail2ban
    cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
    sed -i '/\[ssh-ddos\]/,+2 s/enabled = false/enabled = true/g' /etc/fail2ban/jail.local
    service fail2ban restart

    # Setup firewall
    cat << 'EOF' > /etc/iptables.firewall.rules
    *filter
    # Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
    -A INPUT -i lo -j ACCEPT
    -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
    # Accept all established inbound connections
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    # Allow all outbound traffic - you can modify this to only allow certain traffic
    -A OUTPUT -j ACCEPT
    # Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
    -A INPUT -p tcp --dport 80 -j ACCEPT
    -A INPUT -p tcp --dport 443 -j ACCEPT
    # Allow ports for MOSH (mobile shell)
    -A INPUT -p udp --dport 60000:61000 -j ACCEPT
    # Allow SSH connections
    # The -dport number should be the same port number you set in sshd_config
    -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
    # Allow ping
    -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
    # Log iptables denied calls
    -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
    # Reject all other inbound - default deny unless explicitly allowed policy
    -A INPUT -j REJECT
    -A FORWARD -j REJECT
    COMMIT
    EOF
    iptables-restore < /etc/iptables.firewall.rules
    echo '#!/bin/sh' > /etc/network/if-pre-up.d/firewall
    echo '/sbin/iptables-restore < /etc/iptables.firewall.rules' >> /etc/network/if-pre-up.d/firewall
    chmod +x /etc/network/if-pre-up.d/firewall

    # Email me on sudo
    echo "Defaults mail_always" > /etc/sudoers.d/my_sudoers
    echo "Defaults mailto='$USER@gmail.com'" >> /etc/sudoers.d/my_sudoers
    chmod 440 /etc/sudoers.d/my_sudoers

    # Reboot server when out of memory
    echo -e "vm.panic_on_oom=1\nkernel.panic=10" >> /etc/sysctl.conf

    # Install essentials
    apt-get install -y build-essential zsh curl git htop ack-grep tmux vim-nox exuberant-ctags

    # Install databases (removed mysql and redis)
    apt-get install -y sqlite3 postgresql postgresql-contrib-9.1 postgresql-client memcached

    # Install ruby and related development libraries need for gems
    apt-get install -y ruby1.9.3 rubygems imagemagick libxslt-dev libxml2-dev libssl-dev libsqlite3-dev libpq-dev
    update-alternatives --set ruby /usr/bin/ruby1.9.1
    gem install rake bundler rails tmuxinator --no-rdoc --no-ri

    # Setup postgresql roles
    su postgres -c "createuser -s $USER"

    # Setup user and install dotfiles
    su $USER -c "mv ~/.bashrc ~/.bashrc.bak"
    su $USER -c "git clone git://github.com/ericboehs/dotfiles.git ~/.dotfiles"
    su $USER -c "cd ~/.dotfiles && git submodule init && git submodule update"
    su $USER -c "source /etc/profile && cd ~/.dotfiles && rake install && cd ~/.dotfiles/vim && rake"
    su $USER -c "echo 'export GITHUB_USER=$GITHUB_USER' >> ~/.zsh/config.private"

    # Change default shell to zsh
    chsh -s /bin/zsh $USER

    # Manually download code repositories