forked from jasonheecs/ubuntu-server-setup
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetupLibrary.sh
254 lines (209 loc) · 6.84 KB
/
setupLibrary.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
#!/bin/bash
function installDefaultPhpThings() {
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:ondrej/php -y
sudo apt update -y
}
# Install php 8.2
function installPhpEightTwo() {
sudo apt -y install php8.2-fpm
sudo apt -y install php8.2-{bcmath,xml,fpm,mysql,zip,intl,ldap,gd,cli,bz2,curl,mbstring,pgsql,opcache,soap}
}
# Install php 8.1
function installPhpEightOne() {
sudo apt -y install php8.1-fpm
sudo apt -y install php8.1-{bcmath,xml,fpm,mysql,zip,intl,ldap,gd,cli,bz2,curl,mbstring,pgsql,opcache,soap}
}
# Install php 8.0
function installPhpEightNull() {
sudo apt -y install php8.0-fpm
sudo apt -y install php8.0-{bcmath,xml,fpm,mysql,zip,intl,ldap,gd,cli,bz2,curl,mbstring,pgsql,opcache,soap}
}
# Install php 7.4
function installPhpSevenFour() {
sudo apt -y install php7.4-fpm
sudo apt -y install php7.4-{bcmath,xml,fpm,mysql,zip,intl,ldap,gd,cli,bz2,curl,mbstring,pgsql,opcache,soap,json}
}
# Install nginx webserver
function installNginx() {
sudo apt install nginx -y
sudo ufw allow http
}
# Install composer
function installComposer() {
sudo apt -y install unzip curl
curl -sS https://getcomposer.org/installer -o composer-setup.php
HASH=`curl -sS https://composer.github.io/installer.sig`
echo $HASH
php -r "if (hash_file('SHA384', 'composer-setup.php') === '$HASH') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer
sudo rm composer-setup.php
}
# Install lets encrypt
function installLetsEncrypt() {
sudo apt install certbot python3-certbot-nginx -y
sudo ufw allow https
}
# Update the hostname of the system
# Arguments:
# systemHostname
function updateHostname() {
local systemHostname=${1}
CUR_HOSTNAME=$(cat /etc/hostname)
# Display the current hostname
echo "The current hostname is $CUR_HOSTNAME"
# Change the hostname
hostnamectl set-hostname $systemHostname
hostname $systemHostname
# Change hostname in /etc/hosts & /etc/hostname
sudo sed -i "s/$CUR_HOSTNAME/$systemHostname/g" /etc/hosts
sudo sed -i "s/$CUR_HOSTNAME/$systemHostname/g" /etc/hostname
# Display new hostname
echo "The new hostname is $systemHostname"
}
# Update system
function updateSystem() {
sudo apt update -y
}
# Upgrade system
function upgradeSystem() {
sudo apt upgrade -y
}
# Update the user account
# Arguments:
# Account Username
function updateUserAccount() {
local username=${1}
sudo passwd -d "${username}"
sudo usermod -aG sudo "${username}"
}
# Add the new user account
# Arguments:
# Account Username
# Flag to determine if user account is added silently. (With / Without GECOS prompt)
function addUserAccount() {
local username=${1}
local silent_mode=${2}
if [[ ${silent_mode} == "true" ]]; then
sudo adduser --disabled-password --gecos '' "${username}"
else
sudo adduser --disabled-password "${username}"
fi
sudo usermod -aG sudo "${username}"
sudo passwd -d "${username}"
}
# Add the local machine public SSH Key for the new user account
# Arguments:
# Account Username
# Public SSH Key
function addSSHKey() {
local username=${1}
local sshKey=${2}
execAsUser "${username}" "mkdir -p ~/.ssh; chmod 700 ~/.ssh; touch ~/.ssh/authorized_keys"
execAsUser "${username}" "echo \"${sshKey}\" | sudo tee -a ~/.ssh/authorized_keys"
execAsUser "${username}" "chmod 600 ~/.ssh/authorized_keys"
}
# Execute a command as a certain user
# Arguments:
# Account Username
# Command to be executed
function execAsUser() {
local username=${1}
local exec_command=${2}
sudo -u "${username}" -H bash -c "${exec_command}"
}
# Modify the sshd_config file
# shellcheck disable=2116
function changeSSHConfig() {
sudo sed -re 's/^(\#?)(PasswordAuthentication)([[:space:]]+)yes/\2\3no/' -i."$(echo 'old')" /etc/ssh/sshd_config
sudo sed -re 's/^(\#?)(PermitRootLogin)([[:space:]]+)(.*)/PermitRootLogin no/' -i /etc/ssh/sshd_config
}
# Setup the Uncomplicated Firewall
function setupUfw() {
sudo apt-get install ufw
sudo ufw allow OpenSSH
yes y | sudo ufw enable
}
# Create the swap file based on amount of physical memory on machine (Maximum size of swap is 4GB)
function createSwap() {
local swapmem=$(($(getPhysicalMemory) * 2))
# Anything over 4GB in swap is probably unnecessary as a RAM fallback
if [ ${swapmem} -gt 4 ]; then
swapmem=4
fi
sudo fallocate -l "${swapmem}G" /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
}
# Mount the swapfile
function mountSwap() {
sudo cp /etc/fstab /etc/fstab.bak
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
}
# Modify the swapfile settings
# Arguments:
# new vm.swappiness value
# new vm.vfs_cache_pressure value
function tweakSwapSettings() {
local swappiness=${1}
local vfs_cache_pressure=${2}
sudo sysctl vm.swappiness="${swappiness}"
sudo sysctl vm.vfs_cache_pressure="${vfs_cache_pressure}"
}
# Save the modified swap settings
# Arguments:
# new vm.swappiness value
# new vm.vfs_cache_pressure value
function saveSwapSettings() {
local swappiness=${1}
local vfs_cache_pressure=${2}
echo "vm.swappiness=${swappiness}" | sudo tee -a /etc/sysctl.conf
echo "vm.vfs_cache_pressure=${vfs_cache_pressure}" | sudo tee -a /etc/sysctl.conf
}
# Set the machine's timezone
# Arguments:
# tz data timezone
function setTimezone() {
local timezone=${1}
echo "${1}" | sudo tee /etc/timezone
sudo ln -fs "/usr/share/zoneinfo/${timezone}" /etc/localtime # https://bugs.launchpad.net/ubuntu/+source/tzdata/+bug/1554806
sudo dpkg-reconfigure -f noninteractive tzdata
}
# Configure Network Time Protocol
function configureNTP() {
ubuntu_version="$(lsb_release -sr)"
if [[ $(bc -l <<< "${ubuntu_version} >= 20.04") -eq 1 ]]; then
sudo systemctl restart systemd-timesyncd
else
sudo apt-get update
sudo apt-get --assume-yes install ntp
# force NTP to sync
sudo service ntp stop
sudo ntpd -gq
sudo service ntp start
fi
}
# Gets the amount of physical memory in GB (rounded up) installed on the machine
function getPhysicalMemory() {
local phymem
phymem="$(free -g|awk '/^Mem:/{print $2}')"
if [[ ${phymem} == '0' ]]; then
echo 1
else
echo "${phymem}"
fi
}
# Disables the sudo password prompt for a user account by editing /etc/sudoers
# Arguments:
# Account username
function disableSudoPassword() {
local username="${1}"
sudo cp /etc/sudoers /etc/sudoers.bak
sudo bash -c "echo '${1} ALL=(ALL) NOPASSWD: ALL' | (EDITOR='tee -a' visudo)"
}
# Reverts the original /etc/sudoers file before this script is ran
function revertSudoers() {
sudo cp /etc/sudoers.bak /etc/sudoers
sudo rm -rf /etc/sudoers.bak
}