Last active
October 26, 2016 18:47
-
-
Save Fi3/d4f77c941fb06c63068b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Basic server settings ok for development and for production | |
| """ | |
| from subprocess import STDOUT, check_call, PIPE, Popen, call, check_output | |
| import os | |
| from zeroUtility import * | |
| linuxVersion = check_output(['uname','-r']).split('\n')[0] | |
| programs = (['vim-nox', 'tmux', 'python-pip', 'python-virtualenv', 'python-dev', | |
| 'zsh', 'libpam-google-authenticator', 'golang', 'linux-image-extra-'+linuxVersion, | |
| 'fail2ban', 'unattended-upgrades', 'git', 'telnet', 'nmap', 'ufw']) | |
| #vimrc = 'https://gist.githubusercontent.com/Fi3/19e7f677c79f19d878eb/raw/04b107c8761ddd271e75227609a8b05dd4dc457a/.vimrc' | |
| #zshrc = 'https://gist.githubusercontent.com/Fi3/5087c971613743695cd7/raw/fe680ab8dbf2fcedc42e186fb18b5f85e434fe85/.zshrc' | |
| vimrc = raw_input('vimrc link: ') | |
| zshrc = raw_input('zshrc link: ') | |
| tmuxConf = raw_input('tmux.conf link: ') | |
| user = raw_input('user name: ') | |
| def setFirewall(): | |
| check_call(['ufw','default','deny','incoming'],stdout=open(os.devnull,'wb'), stderr=STDOUT) | |
| check_call(['ufw','default','allow','outgoing'],stdout=open(os.devnull,'wb'), stderr=STDOUT) | |
| check_call(['ufw','allow','ssh'],stdout=open(os.devnull,'wb'), stderr=STDOUT) | |
| check_call(['ufw','allow','2222/tcp'],stdout=open(os.devnull,'wb'), stderr=STDOUT) | |
| check_call(['ufw','enable'],stdout=open(os.devnull,'wb'), stderr=STDOUT) | |
| def setSsh(user): | |
| linePrepender('/etc/pam.d/sshd','auth required pam_google_authenticator.so') | |
| try: | |
| lineSubstitutor('/etc/ssh/sshd_config', | |
| 'ChallengeResponseAuthentication no','ChallengeResponseAuthentication yes') | |
| except: | |
| pass | |
| env, pw = changeUser(user) | |
| call(['google-authenticator'], preexec_fn=demote(pw.pw_uid, pw.pw_gid), cwd=env['PWD'], env=env) | |
| check_call(['service','ssh','restart'],stdout=open(os.devnull,'wb'), stderr=STDOUT) | |
| def installDocker(): | |
| server = 'hkp://p80.pool.sks-keyservers.net:80' | |
| key = '58118E89F3A912897C070ADBF76221572C52609D' | |
| check_call(['apt-key','adv','--keyserver',server,'--recv-keys',key],stdout=open(os.devnull,'wb'), stderr=STDOUT) | |
| with open('/etc/apt/sources.list.d/docker.list', 'wb') as f: | |
| f.write('deb https://apt.dockerproject.org/repo ubuntu-trusty main') | |
| call(['apt-get','update']) | |
| call(['apt-get','-y','install','docker-engine']) | |
| if __name__ == '__main__': | |
| #add user | |
| call(['useradd','-m',user]) | |
| call(['passwd',user]) | |
| call(['apt-get','install','apt-transport-https']) | |
| # Update and install | |
| call(['apt-get','update']) | |
| for program in programs: | |
| call(['apt-get','-y','install',program]) | |
| #set firewall | |
| setFirewall() | |
| #set ssh | |
| setSsh(user) | |
| # Install docker | |
| installDocker() | |
| # Set automatic update | |
| call(['dpkg-reconfigure','--priority=low','unattended-upgrades']) | |
| # Configure sudo | |
| call(['sudo','adduser',user,'sudo']) | |
| # Set zsh as defoult shell | |
| zsh = check_output(['which','zsh']) | |
| call(['chsh','-s','/usr/bin/zsh',user]) | |
| # Download configurations file | |
| call(['wget',vimrc,'-O','/home/'+user+'/.vimrc']) | |
| call(['wget',zshrc,'-O','/home/'+user+'/.zshrc']) | |
| call(['wget',tmuxConf,'-O','/home/'+user+'/.tmuxConf']) | |
| # Install vim plugin | |
| call(['mkdir','/home/'+user+'/.vim']) | |
| call(['mkdir','/home/'+user+'/.vim/autoload']) | |
| call(['mkdir','/home/'+user+'/.vim/bundle']) | |
| pathogen = 'https://raw.githubusercontent.com/tpope/vim-pathogen/master/autoload/pathogen.vim' | |
| call(['wget',pathogen,'-O','/home/'+user+'/.vim/autoload/pathogen.vim']) | |
| plugin = {} | |
| plugin['fakeclip'] = 'https://github.com/kana/vim-fakeclip.git' | |
| plugin['fugitive'] = 'https://github.com/tpope/vim-fugitive.git' | |
| plugin['nerdtree'] = 'https://github.com/scrooloose/nerdtree.git' | |
| plugin['pythonMode'] = 'https://github.com/klen/python-mode' | |
| plugin['jshint'] = 'https://github.com/wookiehangover/jshint.vim' | |
| for url in plugin: | |
| call(['git','clone',plugin[url],'/home/'+user+'/.vim/bundle/'+url]) | |
| # Install tmux plugin | |
| call(['mkdir','/home/'+user+'/.tmux']) | |
| call(['mkdir','/home/'+user+'/.tmux/plugins']) | |
| plugin = {} | |
| plugin['tpm'] = 'https://github.com/tmux-plugins/tpm' | |
| for url in plugin: | |
| call(['git','clone',plugin[url],'/home/'+user+'/.tmux/plugin/'+url]) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment