You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

367 lines
12 KiB

#!/usr/bin/env bash
# Bash Strict Mode
set -euo pipefail
IFS='
'
cd -P "$(dirname "$0")"
PS4='-\D{%F %T} '
export DEBIAN_FRONTEND=noninteractive
export DEBIAN_PRIORITY=critical
# Fix Debian 10 bug (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905409)
PATH=/sbin:/usr/sbin:$PATH
function sysConfig() {
echo "Enter the server FQDN $(tput setaf 2)[System: $(hostname)]$(tput sgr0):"
read -r serverFQDN
hostnamectl set-hostname "$serverFQDN"
echo "Enter the server Time Zone $(tput setaf 2)[System: $(cat /etc/timezone)]$(tput sgr0): "
read -r serverTZ
timedatectl set-timezone "$serverTZ"
# Navigate to tmp
cd /tmp
# Debian stable OS
apt-get update
apt-get -y -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold" upgrade
apt-get -y dist-upgrade
# Disable OpenStack SSH malware
mv /home/debian/.ssh/authorized_keys /root/.ssh/authorized_keys || :
sed -i '/Generated-by-Nova/d' /root/.ssh/authorized_keys || :
chown root:root /root/.ssh/authorized_keys || :
# Terminal goodies
touch .hushlogin
cat <<'EOF' >>/root/.bashrc
export LS_OPTIONS="--color=auto"
eval "`dircolors`"
alias ctop="docker run --rm -it --name=ctop -v /var/run/docker.sock:/var/run/docker.sock:ro quay.io/vektorlab/ctop"
alias df="df --si"
alias du="du -cs --si"
alias free="free -h --si"
alias l="ls $LS_OPTIONS -al --si --group-directories-first"
alias less="less -i"
alias nano="nano -clDOST4"
alias pstree="pstree -palU"
export HISTCONTROL=ignoreboth
export HISTFILESIZE=
export HISTSIZE=
export HISTTIMEFORMAT="%F %T "
export DOCKER_BUILDKIT=1 COMPOSE_DOCKER_CLI_BUILD=1
EOF
cat <<'EOF' >>/etc/inputrc
set completion-ignore-case
set show-all-if-ambiguous On
set show-all-if-unmodified On
EOF
cat <<'EOF' >>/etc/bash.bashrc
if ! shopt -oq posix; then
if [ -f /usr/share/bash-completion/bash_completion ]; then
. /usr/share/bash-completion/bash_completion
elif [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
fi
EOF
# Basic packages
apt-get -y install man bash-completion git ufw jq cron curl build-essential wget psmisc lz4 file net-tools brotli unzip zip moreutils dnsutils fail2ban xauth sysfsutils rsync iperf pv tree mc screen ssh iotop htop awscli whois sudo
# Enable time synchronization
timedatectl set-ntp true
# Configure screen
cat <<'EOF' >>/etc/screenrc
startup_message off
shell -$SHELL
defscrollback 100000
bind l eval clear "scrollback 0" "scrollback 100000"
EOF
# Configure SSH
cat <<'EOF' >>/etc/ssh/sshd_config
Port 521
PasswordAuthentication no
AllowUsers root
X11UseLocalhost no
EOF
systemctl restart ssh
touch /root/.Xauthority
# Firewall
ufw allow in 80/tcp
ufw allow in 443/tcp
ufw allow in 521/tcp
ufw allow in 8080/tcp
ufw allow in 8082/tcp
ufw logging off
ufw --force enable
ufw --force delete 6
ufw --force delete 6
ufw --force delete 6
ufw --force delete 6
ufw --force delete 6
# Optimize
systemctl disable apt-daily.timer apt-daily-upgrade.timer remote-fs.target man-db.timer
sed -i 's/MODULES=most/MODULES=dep/g' /etc/initramfs-tools/initramfs.conf
sed -i 's/COMPRESS=gzip/COMPRESS=lz4/g' /etc/initramfs-tools/initramfs.conf
echo 'RESUME=none' >>/etc/initramfs-tools/conf.d/resume
update-initramfs -u
echo 'GRUB_TIMEOUT=0' >>/etc/default/grub
update-grub
apt-get -y purge apparmor exim\*
for i in $(seq 0 "$(nproc --ignore 1)"); do
echo "devices/system/cpu/cpu${i}/cpufreq/scaling_governor = performance" >>/etc/sysfs.conf
done
# Disable sleep when closing laptop screen
echo HandleLidSwitch=ignore >>/etc/systemd/logind.conf
# noatime
sed -i 's| / ext4 | / ext4 noatime,|g' /etc/fstab
# Disable swap
swapoff -a
sed -i '/swap/d' /etc/fstab
# Docker
curl -fsSL https://get.docker.com -o get-docker.sh && sh get-docker.sh
# NodeJS
curl -fsSL https://deb.nodesource.com/setup_20.x | bash && apt-get install -y nodejs
# Git
apt-get update && apt-get -y install git
# Create the config.d directory if it doesn't exist
mkdir -p ~/.ssh/config.d
# Generate SSH key and create SSH config
for key_type in all https runner; do
ssh-keygen -t ed25519 -f ~/.ssh/ed25519_01edu_$key_type -N ''
# Create SSH config for each key
echo "Host github.com-01-edu-$key_type
HostName github.com
User git
IdentityFile ~/.ssh/ed25519_01edu_$key_type" >~/.ssh/config.d/01-edu-$key_type.conf
done
# Include custom SSH configurations from the config directory if not already included
if ! grep -q "Include ~/.ssh/config.d/*.conf" ~/.ssh/config; then
echo "Include ~/.ssh/config.d/*.conf" >>~/.ssh/config
fi
# Use Cloudflare DNS server
echo 'supersede domain-name-servers 1.1.1.1;' >>/etc/dhcp/dhclient.conf
# Cleanup
sed -i '/^deb-src/d' /etc/apt/sources.list
apt-get update
apt-get -y purge unattended-upgrades
apt-get -y autoremove --purge
apt-get clean
# SSH Keys Infra Team
curl https://github.com/{harryvasanth,frenchris,kigiri}.keys >>~/.ssh/authorized_keys
# Create Core directories
mkdir -p /root/core/scripts/misc
}
# Check Config
function checkConfig() {
test "$(command -v "${1:-}")" && echo -n ✅ || echo -n ❌
echo " $*"
}
function checkKeys() {
# Check if SSH key pairs are generated
if test -f ~/.ssh/ed25519_01edu_all && test -f ~/.ssh/ed25519_01edu_all.pub &&
test -f ~/.ssh/ed25519_01edu_https && test -f ~/.ssh/ed25519_01edu_https.pub &&
test -f ~/.ssh/ed25519_01edu_runner && test -f ~/.ssh/ed25519_01edu_runner.pub; then
echo "✅ SSH private/public key pairs generated"
# Echo public keys
echo -e "$(tput setaf 2)$(tput bold)\n🔑 Public keys:$(tput sgr0)"
echo "all"
cat ~/.ssh/ed25519_01edu_all.pub
echo "https"
cat ~/.ssh/ed25519_01edu_https.pub
echo "runner"
cat ~/.ssh/ed25519_01edu_runner.pub
else
echo "❌ SSH private/public key pairs not found"
fi
}
# Check configs in the List
function checkList() {
checkConfig docker
checkConfig node
checkConfig git
checkConfig man
checkConfig ufw
checkConfig jq
checkConfig cron
checkConfig curl
checkConfig wget
checkConfig lz4
checkConfig file
checkConfig brotli
checkConfig unzip
checkConfig zip
checkConfig fail2ban-server
checkConfig xauth
checkConfig rsync
checkConfig iperf
checkConfig pv
checkConfig tree
checkConfig mc
checkConfig screen
checkConfig ssh
checkConfig iotop
checkConfig htop
checkConfig aws
checkConfig whois
checkConfig sudo
checkKeys
}
function runHTTPS() {
echo -e "Deploying HTTPS service: \n"
echo "Enter the server FQDN $(tput setaf 2)[System: $(hostname)]$(tput sgr0):"
read -r httpsFQDN
# Check if the FQDN is valid
if dig +short "$httpsFQDN" >/dev/null 2>&1; then
cd /root/core/https
DOMAIN=$httpsFQDN ./run.sh
echo -e "HTTPS service is up! \n"
else
echo "$(tput setaf 1)$(tput bold)The FQDN: $httpsFQDN is not reachable$(tput sgr0)"
echo "$(tput setaf 1)Please check your DNS configuration$(tput sgr0)"
runHTTPS
fi
}
# Deploy core repositories
function deployCore() {
# Check for the presence of configurations
test "$(ls ~/.ssh/*.pub 2>/dev/null)" && echo -n "$(tput setaf 2)$(tput bold)Config check passed!$(tput sgr0)" || exit 1
echo -e "$(tput setaf 6)$(tput bold)\nThe core components will be deployed to the server: $(tput sgr0)\n"
# Clone core repositories
git clone git@github.com-01-edu-runner:01-edu/runner.git /root/core/runner
git clone git@github.com-01-edu-https:01-edu/https.git /root/core/https
# Docker login
echo -e "Enter the docker username: "
read -r dockerUsername
echo -e "Enter the docker password: "
read -r dockerPassword
docker login docker.01-edu.org -u "$dockerUsername" -p "$dockerPassword"
# Deploy HTTPS
runHTTPS
# Deploy Runner
echo -e "Deploying Runner service: \n "
cd /root/core/runner
# Get the latest release version tag and create latest branch
tag=$(git describe --tags "$(git rev-list --tags --max-count=1)")
git checkout "$tag"
# Get user auth infor for the runner
echo -e "Enter the runner Registry password: "
read -r registryPassword
echo -e "Enter the runner GitHub username: "
read -r githubUsername
echo -e "Enter the runner GitHub token: "
read -r githubToken
REGISTRY_PASSWORD=$registryPassword GITHUB_USERNAME=$githubUsername GITHUB_TOKEN=$githubToken ./run.sh
echo -e "Runner service is up! \n"
}
function deployPlatform() {
# Check for the presence of configurations
test "$(ls ~/.ssh/*.pub 2>/dev/null)" && echo -n "$(tput setaf 2)$(tput bold)Config check passed!$(tput sgr0)" || exit 1
echo -e "$(tput setaf 6)$(tput bold)\nThe platform components will be deployed to the server: $(tput sgr0)\n"
# Clone platform repository
echo "Enter the server FQDN $(tput setaf 2)[System: $(hostname)]$(tput sgr0):"
read -r serverFQDN
git clone git@github.com-01-edu-all:01-edu/all.git /root/"$serverFQDN"
cd /root/"$serverFQDN"
# Generate platform environment file automatically
./generate_env.sh --gen
./redeploy.sh --hard
}
function clonePlatform() {
# Check for the presence of configurations
test "$(ls ~/.ssh/*.pub 2>/dev/null)" && echo -n "$(tput setaf 2)$(tput bold)Config check passed!$(tput sgr0)" || exit 1
echo -e "$(tput setaf 6)$(tput bold)\nThe platform components will be deployed to the server: $(tput sgr0)\n"
# Clone platform repository
echo "Enter the target directory for the platform $(tput setaf 2)[System: $(pwd)/$(hostname)]$(tput sgr0):"
read -r serverDir
git clone git@github.com:01-edu/all.git "$serverDir"
cd "$serverDir"
# Generate platform environment file automatically
./generate_env.sh --gen
}
if [[ -z ${1:-} ]] || [[ "--check" = "$1" ]]; then
echo -e "$(tput setaf 2)$(tput bold)Commencing configuration check: $(tput sgr0)"
checkList
echo -e "$(tput setaf 2)\nSystem configuration check complete! $(tput sgr0)\n"
exit 0
elif [[ "--help" = "$1" ]]; then
echo "$(tput setaf 2) --check : to check the current configuration. $(tput sgr0)"
echo "$(tput setaf 3) --run : to configure the system. $(tput sgr0)"
echo "$(tput setaf 1) --reboot : to configure the system and reboot. $(tput sgr0)"
echo "$(tput setaf 6) --deploy : to deploy and spin-up platform components. $(tput sgr0)"
echo "$(tput setaf 5) --platform : to clone platform. $(tput sgr0)"
echo "$(tput setaf 7) --help : to display this message. $(tput sgr0)"
elif [[ "--reboot" = "$1" ]]; then
echo -e "$(tput setaf 1)$(tput bold)\nSystem will be configured and rebooted. $(tput sgr0)"
sysConfig
echo -e "$(tput setaf 1)\nSystem configuration complete. Rebooting now... $(tput sgr0)"
reboot
elif [[ "--run" = "$1" ]]; then
echo -e "$(tput setaf 3)$(tput bold)\nSystem will be configured without rebooting. $(tput sgr0)"
sysConfig
echo -e "$(tput setaf 3)\nSystem configuration complete! $(tput sgr0)"
exit 0
elif [[ "--deploy" = "$1" ]]; then
deployCore
deployPlatform
echo -e "$(tput setaf 6)\nRepositories cloned and platform has been deployed successfully! $(tput sgr0)"
exit 0
elif [[ "--platform" = "$1" ]]; then
clonePlatform
echo -e "$(tput setaf 5)\nPlatform has been cloned successfully! $(tput sgr0)"
exit 0
else
echo "$(tput setaf 1)$(tput bold) Unknown configuration option: $1 $(tput sgr0)"
echo "$(tput setaf 1)Please use --help for all available options. $(tput sgr0)"
echo "$(tput setaf 1)No changes are made $(tput sgr0)"
exit 0
fi