Last active
October 27, 2024 08:58
-
-
Save marcg1968/c3b92181bb81668edaaf2e9ad9fbd1f5 to your computer and use it in GitHub Desktop.
common_setup_aws_server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # run as root | |
| # | |
| # GIST_URL="<e.g. https://gist.githubusercontent.com/marcg1968/...>" | |
| # wget -O - "$GIST_URL" | bash | |
| # | |
| #!/usr/bin/env bash | |
| # force script to run as root | |
| [ $(id -u) == "0" ] || { sudo "$0" "$@"; exit $?; } | |
| USR="ubuntu" | |
| declare -a GRP=('sudo' 'root') | |
| user_grp_env() { | |
| (($#>0)) || return 1 | |
| local _USR="$1" | |
| for i in "${GRP[@]}"; do | |
| if ! egrep -q $i'.+'$_USR /etc/group; then | |
| echo -n "Adding user $_USR to group '"$i"' ... " | |
| usermod -aG "$i" $USR | |
| echo done | |
| fi | |
| done | |
| echo -n "/usr/local and below must be writable by group 'root', enacting ... " | |
| chmod g+w /usr/local -R | |
| echo done. | |
| echo -n "/opt and below must be writable by group 'root', enacting ... " | |
| chmod g+w /opt -R | |
| echo done. | |
| } | |
| generate_id_rsa() { | |
| (($#>0)) || return 1 | |
| local _USR="$1" | |
| #[ -e /home/$_USR/.ssh/id_rsa ] && echo id_rsa exists || ssh-keygen -q -t rsa -N '' -f /home/$_USR/.ssh/id_rsa <<<y >/dev/null 2>&1 | |
| if [ -e /home/$_USR/.ssh/id_rsa ]; then | |
| echo id_rsa exists | |
| else | |
| su -c "ssh-keygen -q -t rsa -N '' -f /home/$_USR/.ssh/id_rsa <<<y >/dev/null 2>&1" $_USR | |
| fi | |
| [ -e /home/$_USR/.ssh/id_rsa ] && chown $_USR: /home/$_USR/.ssh -R | |
| echo | |
| echo "Public key: " | |
| cat /home/$_USR/.ssh/id_rsa.pub | |
| echo | |
| } | |
| bash_history_logging() { | |
| (($#>0)) || return 1 | |
| local _USR="$1" | |
| local RS | |
| FP_LOGS="/home/$_USR/.logs" | |
| echo -n "Creating directory $FP_LOGS ... " | |
| [[ ! -d $FP_LOGS ]] && mkdir $FP_LOGS && echo done. | |
| [[ ! -d $FP_LOGS ]] && echo failed | |
| chown -R "${_USR}:" $FP_LOGS | |
| if ! egrep -q 'PROMPT_COMMAND.*~/\.logs/' /home/$_USR/.bashrc ; then | |
| echo -n "Setting up PROMPT_COMMAND ... " | |
| echo 'export PROMPT_COMMAND='"'"'if [ "$(id -u)" -ne 0 ]; then echo "$(date "+%Y-%m-%d.%H:%M:%S") $(pwd) $(history 1)" >> ~/.logs/bash-history-$(date "+%Y-%m-%d").log; fi'"'"'' | tee -a /home/$_USR/.bashrc | |
| RS="$?" | |
| [[ "$RS" == "0" ]] && echo done. || echo FAILED. | |
| else | |
| echo "PROMPT_COMMAND already set up in .bashrc ." | |
| fi | |
| } | |
| git_etc() { | |
| local $VAR | |
| # make vim the default git editor | |
| echo -n "making vim the default git editor ... " | |
| git config --global core.editor "vim" && echo done. || echo failed. | |
| if [[ ! -d /etc/.git ]]; then | |
| echo "Putting /etc under git version control ... " | |
| cd /etc | |
| if [[ ! -f /etc/.gitignore ]]; then | |
| read -r -d '' VAR <<'EOF' | |
| *~ | |
| *.lock | |
| *.lck | |
| *.sw? | |
| /.pwd.lock | |
| /adjtime | |
| /aliases.db | |
| /alternatives/* | |
| /apparmor.d/cache | |
| /cups/subscriptions.conf* | |
| /cups/printers.conf* | |
| /ld.so.cache | |
| /mtab | |
| /rc?.d | |
| /ssl/certs | |
| !/passwd~ | |
| !/group~ | |
| !/gshadow~ | |
| !/shadow~ | |
| # password files | |
| /apache2/htpasswd | |
| /exim4/passwd.client | |
| /apt/trusted.gpg | |
| EOF | |
| echo -n "now creating standard .gitignore for /etc ... " | |
| echo "$VAR" | tee -a /etc/.gitignore && echo "done." | |
| fi | |
| git config --global user.email "root@`hostname`" | |
| git config --global user.name "root on `hostname`" | |
| git init && git add . && git commit -m'initial commit' | |
| fi | |
| # make /etc root's home dir | |
| egrep -q 'cd /etc' /root/.bashrc || echo -e '\n## change to /etc dir \ncd /etc\n\n' | sudo tee -a /root/.bashrc | |
| } | |
| install_yarn() { | |
| curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - | |
| echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list | |
| sudo apt-get update && sudo apt-get install yarn -y | |
| } | |
| add_bash_funcs() { | |
| (($#>0)) || return 1 | |
| local _USR="$1" | |
| ( | |
| set -x # Cause commands to echo, but ONLY inside of this (...) | |
| cat <<'EOF' | sudo su -c "tee -a /home/${_USR}/.bash_functions" $_USR | |
| histgrep() { | |
| local FN=${FUNCNAME[0]} | |
| usage() { echo "Usage: $FN SEARCH_TERM1 [SEARCH_TERM2] ..." 1>&2; return 1; } | |
| (( $# < 1 )) && { usage; return 2; } | |
| arg1="$1" | |
| shift | |
| local moregrep="" | |
| while (( $# > 0 )); do | |
| moregrep+="| grep $1 " | |
| shift | |
| done | |
| (for f in $HOME/.logs/bash-history-*; do | |
| eval grep --color=always "'$arg1'" "$f" "$moregrep"; | |
| done) | less -R -X | |
| } | |
| EOF | |
| ) | |
| result=$? | |
| [ "$result" -ne 0 ] && { echo Error creating histgrep function; return 1; } | |
| ( | |
| set -x | |
| cat <<EOF | sudo su -c "tee -a /home/${_USR}/.bashrc" $_USR | |
| if [ -f ~/.bash_functions ]; then | |
| . ~/.bash_functions | |
| fi | |
| EOF | |
| ) | |
| result=$? | |
| [ "$result" -ne 0 ] && { echo Error adding bash_functions to .bashrc; return 1; } | |
| } | |
| # set permissions etc | |
| user_grp_env "$USR" | |
| # set up bash history logging | |
| bash_history_logging "$USR" | |
| add_bash_funcs "$USR" | |
| generate_id_rsa "$USR" | |
| # put /etc under version control | |
| git_etc |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment