Skip to content

Instantly share code, notes, and snippets.

@danidiaz

danidiaz/do_centos7_hs.sh

Last active August 29, 2015 14:06
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save danidiaz/09b5120d6cbe36187805 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save danidiaz/09b5120d6cbe36187805 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
do_centos7_hs.sh
#! /bin/bash
# http://linuxcommand.org/wss0150.php
function error_exit
{
echo "$1" 1>&2
exit 1
}
# http://unix.stackexchange.com/questions/70859/why-doesnt-sudo-su-in-a-shell-script-run-the-rest-of-the-script-as-root
if [ `whoami` = root ]; then
systemctl stop postfix
systemctl disable postfix
sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
# sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
systemctl restart sshd
systemctl enable firewalld
systemctl start firewalld
firewall-cmd --permanent --zone=drop --add-service=ssh
firewall-cmd --set-default-zone=drop
firewall-cmd --reload
# fail2ban
# http://www.servermom.org/install-fail2ban-centos/1809/
yum install epel-release -y
yum install fail2ban -y
yum install fail2ban-firewalld -y
# sed -i 's/maxretry = 5/maxretry = 1/g' /etc/fail2ban/jail.conf
# sed -i 's/bantime = 600/bantime = 86400/g' /etc/fail2ban/jail.conf
# sshd jail not enabled by default
echo >> /etc/fail2ban/jail.conf
echo "[sshd]" >> /etc/fail2ban/jail.conf
echo "enabled = true" >> /etc/fail2ban/jail.conf
echo "maxretry = 1" >> /etc/fail2ban/jail.conf
echo "bantime = 86400" >> /etc/fail2ban/jail.conf
systemctl enable fail2ban.service
systemctl restart fail2ban.service
yum -y install vim-enhanced tmux
yum -y install git
yum -y install git-daemon
yum -y install irssi nc socat lsof
yum -y install xorg-x11-xauth xorg-x11-apps
yum -y install docker
yum -y install docker-registry
# for building ghc
yum -y install bzip2
yum -y install perl gmp gmp-devel zlib zlib-devel gcc
ln -s /usr/lib64/libgmp.so.10 /usr/lib64/libgmp.so.3
# java stuff
yum -y install java-1.7.0-openjdk.x86_64
yum -y install maven
# make the Docker registry listen only on localhost
sed -i 's/REGISTRY_ADDRESS=0\.0\.0\.0/REGISTRY_ADDRESS=127.0.0.1/g' /etc/sysconfig/docker-registry
# Installing Go
cd /usr/local
wget https://storage.googleapis.com/golang/go1.4.linux-amd64.tar.gz
tar -zxvf go1.4.linux-amd64.tar.gz
cd /root
# Installing GHC from source
curl -L -O https://www.haskell.org/ghc/dist/7.8.4/ghc-7.8.4-x86_64-unknown-linux-centos65.tar.bz2
tar -jxvf ghc-7.8.4-x86_64-unknown-linux-centos65.tar.bz2
cd ghc-7.8.4
./configure
make install || error_exit "ERROR: GHC"
cd /root
# Creating and configuring hask user
useradd -m hask
# https://docs.docker.com/installation/binaries/#giving-non-root-access
# http://www.ludeke.net/2013/12/run-docker-commands-without-sudo.html
# https://docs.docker.com/articles/security/#dockersecurity-daemon
gpasswd -a hask docker
mkdir /home/hask/.ssh
cp /root/.ssh/authorized_keys /home/hask/.ssh/authorized_keys
chown -R hask:hask /home/hask/.ssh
cp $0 /home/hask/hask.sh
chown hask:hask /home/hask/hask.sh
chmod u+x /home/hask/hask.sh
su - -c /home/hask/hask.sh hask
rm -rf /home/hask/hask.sh
# Haskdev can shut the machine down
# http://www.garron.me/en/linux/visudo-command-sudoers-file-sudo-default-editor.html
echo "hask ALL= NOPASSWD: /sbin/shutdown -h now, /usr/bin/lastb" >> /etc/sudoers
# Starting Docker
service docker start
# service docker-registry start
elif [ `whoami` = hask ]; then
# Configuring git
git config --global user.name "DDC"
git config --global user.email [email protected]
git config --global push.default simple
# Configuring vim
curl -L -O https://raw.githubusercontent.com/danidiaz/miscellany/master/linux/.vimrc
mkdir -p ~/.vim/autoload ~/.vim/bundle && \
curl -LSso ~/.vim/autoload/pathogen.vim https://tpo.pe/pathogen.vim
cd .vim/bundle
git clone https://github.com/Shougo/unite.vim.git
git clone https://github.com/tpope/vim-repeat
git clone https://github.com/tpope/vim-surround.git
git clone https://github.com/tommcdo/vim-exchange.git
git clone https://github.com/justinmk/vim-sneak.git
git clone https://github.com/sirver/ultisnips
git clone https://github.com/dag/vim2hs
git clone https://github.com/fatih/vim-go
cd $HOME
mkdir .vim/colors
cd .vim/colors
curl -L -O https://raw.githubusercontent.com/fugalh/desert.vim/master/desert.vim
cd $HOME
# Configuring tmux
# Note that prefix is set to C-j
curl -L -O https://raw.githubusercontent.com/danidiaz/miscellany/master/linux/.tmux.conf
# Necessary for tmux to work
# echo export LD_LIBRARY_PATH=/usr/local/lib >> $HOME/.bash_profile
# Settign go path
echo "PATH=\$PATH:/usr/local/go/bin" >> .bash_profile
mkdir go
mkdir go/src
mkdir go/pkg
mkdir go/bin
echo "GOPATH=\$PATH:\$HOME/go" >> .bash_profile
echo "export GOPATH" >> .bash_profile
echo "PATH=\$PATH:\$HOME/go/bin" >> .bash_profile
# Installing Cabal
curl -L -O https://www.haskell.org/cabal/release/cabal-install-1.20.0.6/cabal-install-1.20.0.6.tar.gz
tar -zxvf cabal-install-1.20.0.6.tar.gz
cd cabal-install-1.20.0.6
./bootstrap.sh || error_exit "ERROR: CABAL"
cd $HOME
echo "PATH=\$PATH:\$HOME/.cabal/bin" >> .bash_profile
#
echo "export PATH" >> .bash_profile
PATH=$PATH:$HOME/.cabal/bin
cabal update
cd $HOME
rm -rf cabal-install*
# echo "set -o vi" >> .bashrc
echo ''alias dockerX11run=\''docker run -v $HOME:/hosthome:ro -e XAUTHORITY=/hosthome/.Xauthority -e DISPLAY=$(echo $DISPLAY | sed "s/^.*:/$(hostname -i):/")'''\' >> .bashrc
else
echo "Should not be here!!!"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment