benileo · June 11, 2017 18:32
diff --git a/bootstrap.sh b/bootstrap.sh
 #!/bin/bash
 # scripts cant be started any other way. IE. not -x or -e

 DOCKER_FINGERPRINT="9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
 DOCKER_APT_REPOSITORY="https://download.docker.com/linux/ubuntu"
 APT_DEPS="awscli mysql-client"

 # This is templated from vault.
 cat > /home/jammin/.ssh/id_ecdsa <<- EOF
 -----BEGIN EC PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
 DEK-Info: AES-128-CBC,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 -----END EC PRIVATE KEY-----
 EOF
 chown jammin:jammin /home/jammin/.ssh/id_ecdsa
 chmod 0400 /home/jammin/.ssh/id_ecdsa

 cat > /home/jammin/.ssh/config <<- EOF
 Host github.com
  IdentityFile /home/jammin/.ssh/id_ecdsa
 EOF
 chown jammin:jammin /home/jammin/.ssh/config
 chmod 0400 /home/jammin/.ssh/config

 mkdir /home/jammin/.aws
 cat > /home/jammin/.aws/credentials <<- EOF
 [default]
 aws_access_key_id = XXXXXXXXXXXXXXXXXXX
 aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 EOF
 cat > /home/jammin/.aws/config <<- EOF
 [default]
 region = us-west-2
 EOF
 chown -R jammin:jammin /home/jammin/.aws
 chmod 0400 /home/jammin/.aws/{config,credentials}

 # I hate having to do this on every server.
 git config --global user.email "[email protected]"
 git config --global user.name "Ben Irving"

 # We dont want to import a new key on the global key ring
 export GNUPGHOME="$(mktemp -d)"

 # Get docker key and import into temporary key ring
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --import -

 # Verify the key and import into trusted keyring
 gpg --export $DOCKER_FINGERPRINT > /etc/apt/trusted.gpg.d/docker.gpg

 # Add the docker repository
 add-apt-repository "deb [arch=amd64] $DOCKER_APT_REPOSITORY $(lsb_release -cs) stable"

 # Create a docker configuration file. Use overlay2 as the storage driver.
 # Could use aufs - but extra packages need to be installed. And 4.4.X kernels
 # have good support for features favourable to an overlay file system.
 # log to syslog
 mkdir -p /etc/docker
 {
    echo -e "{";
    echo -e "\t\"storage-driver\": \"overlay2\",";
 	echo -e "\t\"log-driver\": \"syslog\",";
 	echo -e "\t\"log-opts\": {";
 	echo -e "\t\t\"tag\": \"{{.ID}}:{{.Name}}\"";
 	echo -e "\t}"
    echo -e "}";
 } | tee /etc/docker/daemon.json

 # Set boot parameters
 # https://tianon.github.io/post/2016/12/07/docker-setup.html
 sed -i '/GRUB_CMDLINE_LINUX_DEFAULT/c\GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1 systemd.legacy_systemd_cgroup_controller=yes"' /etc/default/grub
 update-grub

 # Install docker container engine
 apt-get update -qq && apt-get install -qqy --no-install-recommends $APT_DEPS docker-ce

 # Cleanup
 rm -rf $GNUPGHOME
 reboot
	#!/bin/bash
	# scripts cant be started any other way. IE. not -x or -e

	DOCKER_FINGERPRINT="9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
	DOCKER_APT_REPOSITORY="https://download.docker.com/linux/ubuntu"
	APT_DEPS="awscli mysql-client"

	# This is templated from vault.
	cat > /home/jammin/.ssh/id_ecdsa <<- EOF
	-----BEGIN EC PRIVATE KEY-----
	Proc-Type: 4,ENCRYPTED
	DEK-Info: AES-128-CBC,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	-----END EC PRIVATE KEY-----
	EOF
	chown jammin:jammin /home/jammin/.ssh/id_ecdsa
	chmod 0400 /home/jammin/.ssh/id_ecdsa

	cat > /home/jammin/.ssh/config <<- EOF
	Host github.com
	IdentityFile /home/jammin/.ssh/id_ecdsa
	EOF
	chown jammin:jammin /home/jammin/.ssh/config
	chmod 0400 /home/jammin/.ssh/config

	mkdir /home/jammin/.aws
	cat > /home/jammin/.aws/credentials <<- EOF
	[default]
	aws_access_key_id = XXXXXXXXXXXXXXXXXXX
	aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	EOF
	cat > /home/jammin/.aws/config <<- EOF
	[default]
	region = us-west-2
	EOF
	chown -R jammin:jammin /home/jammin/.aws
	chmod 0400 /home/jammin/.aws/{config,credentials}

	# I hate having to do this on every server.
	git config --global user.email "[email protected]"
	git config --global user.name "Ben Irving"

	# We dont want to import a new key on the global key ring
	export GNUPGHOME="$(mktemp -d)"

	# Get docker key and import into temporary key ring
	curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| gpg --import -

	# Verify the key and import into trusted keyring
	gpg --export $DOCKER_FINGERPRINT > /etc/apt/trusted.gpg.d/docker.gpg

	# Add the docker repository
	add-apt-repository "deb [arch=amd64] $DOCKER_APT_REPOSITORY $(lsb_release -cs) stable"

	# Create a docker configuration file. Use overlay2 as the storage driver.
	# Could use aufs - but extra packages need to be installed. And 4.4.X kernels
	# have good support for features favourable to an overlay file system.
	# log to syslog
	mkdir -p /etc/docker
	{
	echo -e "{";
	echo -e "\t\"storage-driver\": \"overlay2\",";
	echo -e "\t\"log-driver\": \"syslog\",";
	echo -e "\t\"log-opts\": {";
	echo -e "\t\t\"tag\": \"{{.ID}}:{{.Name}}\"";
	echo -e "\t}"
	echo -e "}";
	} \| tee /etc/docker/daemon.json

	# Set boot parameters
	# https://tianon.github.io/post/2016/12/07/docker-setup.html
	sed -i '/GRUB_CMDLINE_LINUX_DEFAULT/c\GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1 systemd.legacy_systemd_cgroup_controller=yes"' /etc/default/grub
	update-grub

	# Install docker container engine
	apt-get update -qq && apt-get install -qqy --no-install-recommends $APT_DEPS docker-ce

	# Cleanup
	rm -rf $GNUPGHOME
	reboot