dhensby · September 7, 2017 11:01
diff --git a/speedy-provision.sh b/speedy-provision.sh
 #!/usr/bin/env bash

 GISTID=''

 if [ -z "$GISTID" ]; then
  echo "GIST ID NEEDED"
  exit 1
 fi

 # install deps
 # firewall
 # install dhensby user
 # install ssh keys
 # add swap
 # configure php
 # configure apache
 # configure mariadb
 # composer install

 # install DO droplet metrics
 read sys_vendor < /sys/devices/virtual/dmi/id/bios_vendor
 if [ "$sys_vendor" = "DigitalOcean" ]; then
    curl -sSL https://agent.digitalocean.com/install.sh | sh
 fi

 # install extra repos
 rpm -i https://mirror.webtatic.com/yum/el7/epel-release.rpm
 rpm -i https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

 # firewall
 yum install -y firewalld
 systemctl start firewalld
 systemctl enable firewalld
 firewall-cmd --add-service=ssh --permanent
 firewall-cmd --add-service=http --permanent
 firewall-cmd --reload

 # provision dhensby user securely
 yum install -y jq
 if [ ! "$?" ]; then
    echo "Failed to install jq dep"
    exit 1
 fi
 KEYS="$(curl -s -H 'accept: application/vnd.github.v3+json' https://api.github.com/gists/$GISTID | jq -r '.files[].content')"

 useradd dhensby
 gpasswd -a dhensby wheel
 HOME_DIR=$(eval echo ~dhensby)
 mkdir -p -m 700 "${HOME_DIR}/.ssh/"
 touch "${HOME_DIR}/.ssh/authorized_keys"
 echo '### AUTOMATICALLY MANAGED KEYS ###' >> "${HOME_DIR}/.ssh/authorized_keys"
 while read line; do
    if [[ "${line}" == \#*  ]]; then
        continue
    fi
    echo "${line}" >> "${HOME_DIR}/.ssh/authorized_keys"
 done <<< "${KEYS}"
 echo '### END OF AUTOMATICALLY MANAGED KEYS ###' >> "${HOME_DIR}/.ssh/authorized_keys"
 chown -R dhensby: "${HOME_DIR}/.ssh"
 chmod 0600 "${HOME_DIR}/.ssh/authorized_keys"
 echo "${USER}        ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers
 sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
 sed -i 's/^ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
 sed -i 's/^#\?PermitRootLogin\s\+yes/PermitRootLogin no/' /etc/ssh/sshd_config
 systemctl restart sshd
 #todo: set up cron for updating ssh keys

 # add swap
 dd if=/dev/zero of=/swapfile count="1024" bs=1MiB
 chmod 600 /swapfile
 mkswap /swapfile
 swapon /swapfile
 echo "/swapfile   swap    swap    sw  0   0" >> /etc/fstab
 sysctl vm.swappiness=10
 echo "vm.swappiness = 10" >> /etc/sysctl.conf
 sysctl vm.vfs_cache_pressure=50
 echo "vm.vfs_cache_pressure = 50" >> /etc/sysctl.conf

 # configure php
 yum install -y php56w php56w-{common,mysql,gd,mbstring,xml,tidy,pear,intl,devel,opcache}
 sed -i "s/;date\.timezone.*/date\.timezone = UTC/g" /etc/php.ini
 sed -i "s/memory_limit.*/memory_limit = 256M/g" /etc/php.ini
 sed -i "s/max_execution_time.*/max_execution_time = 60/g" /etc/php.ini

 # configure apache

 yum install -y httpd
 systemctl enable httpd.service
 sed -i '/<Directory "\/var\/www\/html">/,/<\/Directory>/ { s/AllowOverride None/AllowOverride All/i }' /etc/httpd/conf/httpd.conf
 systemctl restart httpd.service

 # configure mariadb

 yum install -y mariadb-server
 systemctl enable mariadb.service
 systemctl start mariadb.service
 mysql -u root <<< "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION; FLUSH PRIVILEGES;"

 # configure composer
 yum install -y git
 php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
 php -r "if (hash_file('SHA384', 'composer-setup.php') === '$(curl -q https://composer.github.io/installer.sig)') { echo 'Installer verified' . PHP_EOL; } else { echo 'Installer corrupt' . PHP_EOL; unlink('composer-setup.php'); exit(1); }"
 if [ $? != 0 ]; then
 	echo "Bad composer installer";
 	exit
 fi
 php composer-setup.php -- --install-dir=/usr/bin --filename=composer
 php -r "unlink('composer-setup.php');"
 composer config -g optimize-autoloader true
 cat >/etc/profile.d/composer-bin-root.sh <<EOF
 #!/usr/bin/env bash
 pathmunge /home/vagrant/.composer/vendor/bin after
 pathmunge /root/.composer/vendor/bin after
 export COMPOSER_ALLOW_SUPERUSER=1
 EOF

 # install silverstripe
 composer create-project silverstripe/installer /var/www/html
 cat >/var/www/_ss_environment.php <<EOF
 <?php

 //define DB settings
 define('SS_DATABASE_SERVER', '127.0.0.1');
 define('SS_DATABASE_CLASS','MySQLDatabase');
 define('SS_DATABASE_TIMEZONE','+00:00');
 define('SS_DATABASE_USERNAME', 'root');
 define('SS_DATABASE_PASSWORD', '');
 define('SS_DATABASE_NAME', 'silverstripe');

 //set the DB name - this provide backwards compatibility with 2.x and 3.0 sites
 global \$database;
 \$database = SS_DATABASE_NAME;

 //define('SS_DATABASE_SUFFIX', '_dev');
 define('SS_ENVIRONMENT_TYPE', 'dev');
 define('SS_DEFAULT_ADMIN_USERNAME', 'admin');
 define('SS_DEFAULT_ADMIN_PASSWORD', 'password');

 global \$_FILE_TO_URL_MAPPING;
 \$_FILE_TO_URL_MAPPING['/var/www/html'] = 'http://localhost';

 EOF

 mkdir -p /var/www/html/assets
 chmod 0777 /var/www/html/assets

 chmod +x /var/www/html/framework/sake
 /var/www/html/framework/sake dev/build
	#!/usr/bin/env bash

	GISTID=''

	if [ -z "$GISTID" ]; then
	echo "GIST ID NEEDED"
	exit 1
	fi

	# install deps
	# firewall
	# install dhensby user
	# install ssh keys
	# add swap
	# configure php
	# configure apache
	# configure mariadb
	# composer install

	# install DO droplet metrics
	read sys_vendor < /sys/devices/virtual/dmi/id/bios_vendor
	if [ "$sys_vendor" = "DigitalOcean" ]; then
	curl -sSL https://agent.digitalocean.com/install.sh \| sh
	fi

	# install extra repos
	rpm -i https://mirror.webtatic.com/yum/el7/epel-release.rpm
	rpm -i https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

	# firewall
	yum install -y firewalld
	systemctl start firewalld
	systemctl enable firewalld
	firewall-cmd --add-service=ssh --permanent
	firewall-cmd --add-service=http --permanent
	firewall-cmd --reload

	# provision dhensby user securely
	yum install -y jq
	if [ ! "$?" ]; then
	echo "Failed to install jq dep"
	exit 1
	fi
	KEYS="$(curl -s -H 'accept: application/vnd.github.v3+json' https://api.github.com/gists/$GISTID \| jq -r '.files[].content')"

	useradd dhensby
	gpasswd -a dhensby wheel
	HOME_DIR=$(eval echo ~dhensby)
	mkdir -p -m 700 "${HOME_DIR}/.ssh/"
	touch "${HOME_DIR}/.ssh/authorized_keys"
	echo '### AUTOMATICALLY MANAGED KEYS ###' >> "${HOME_DIR}/.ssh/authorized_keys"
	while read line; do
	if [[ "${line}" == \#* ]]; then
	continue
	fi
	echo "${line}" >> "${HOME_DIR}/.ssh/authorized_keys"
	done <<< "${KEYS}"
	echo '### END OF AUTOMATICALLY MANAGED KEYS ###' >> "${HOME_DIR}/.ssh/authorized_keys"
	chown -R dhensby: "${HOME_DIR}/.ssh"
	chmod 0600 "${HOME_DIR}/.ssh/authorized_keys"
	echo "${USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
	sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
	sed -i 's/^ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
	sed -i 's/^#\?PermitRootLogin\s\+yes/PermitRootLogin no/' /etc/ssh/sshd_config
	systemctl restart sshd
	#todo: set up cron for updating ssh keys

	# add swap
	dd if=/dev/zero of=/swapfile count="1024" bs=1MiB
	chmod 600 /swapfile
	mkswap /swapfile
	swapon /swapfile
	echo "/swapfile swap swap sw 0 0" >> /etc/fstab
	sysctl vm.swappiness=10
	echo "vm.swappiness = 10" >> /etc/sysctl.conf
	sysctl vm.vfs_cache_pressure=50
	echo "vm.vfs_cache_pressure = 50" >> /etc/sysctl.conf

	# configure php
	yum install -y php56w php56w-{common,mysql,gd,mbstring,xml,tidy,pear,intl,devel,opcache}
	sed -i "s/;date\.timezone.*/date\.timezone = UTC/g" /etc/php.ini
	sed -i "s/memory_limit.*/memory_limit = 256M/g" /etc/php.ini
	sed -i "s/max_execution_time.*/max_execution_time = 60/g" /etc/php.ini

	# configure apache

	yum install -y httpd
	systemctl enable httpd.service
	sed -i '/<Directory "\/var\/www\/html">/,/<\/Directory>/ { s/AllowOverride None/AllowOverride All/i }' /etc/httpd/conf/httpd.conf
	systemctl restart httpd.service

	# configure mariadb

	yum install -y mariadb-server
	systemctl enable mariadb.service
	systemctl start mariadb.service
	mysql -u root <<< "GRANT ALL PRIVILEGES ON . TO 'root'@'%' WITH GRANT OPTION; FLUSH PRIVILEGES;"

	# configure composer
	yum install -y git
	php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
	php -r "if (hash_file('SHA384', 'composer-setup.php') === '$(curl -q https://composer.github.io/installer.sig)') { echo 'Installer verified' . PHP_EOL; } else { echo 'Installer corrupt' . PHP_EOL; unlink('composer-setup.php'); exit(1); }"
	if [ $? != 0 ]; then
	echo "Bad composer installer";
	exit
	fi
	php composer-setup.php -- --install-dir=/usr/bin --filename=composer
	php -r "unlink('composer-setup.php');"
	composer config -g optimize-autoloader true
	cat >/etc/profile.d/composer-bin-root.sh <<EOF
	#!/usr/bin/env bash
	pathmunge /home/vagrant/.composer/vendor/bin after
	pathmunge /root/.composer/vendor/bin after
	export COMPOSER_ALLOW_SUPERUSER=1
	EOF

	# install silverstripe
	composer create-project silverstripe/installer /var/www/html
	cat >/var/www/_ss_environment.php <<EOF
	<?php

	//define DB settings
	define('SS_DATABASE_SERVER', '127.0.0.1');
	define('SS_DATABASE_CLASS','MySQLDatabase');
	define('SS_DATABASE_TIMEZONE','+00:00');
	define('SS_DATABASE_USERNAME', 'root');
	define('SS_DATABASE_PASSWORD', '');
	define('SS_DATABASE_NAME', 'silverstripe');

	//set the DB name - this provide backwards compatibility with 2.x and 3.0 sites
	global \$database;
	\$database = SS_DATABASE_NAME;

	//define('SS_DATABASE_SUFFIX', '_dev');
	define('SS_ENVIRONMENT_TYPE', 'dev');
	define('SS_DEFAULT_ADMIN_USERNAME', 'admin');
	define('SS_DEFAULT_ADMIN_PASSWORD', 'password');

	global \$_FILE_TO_URL_MAPPING;
	\$_FILE_TO_URL_MAPPING['/var/www/html'] = 'http://localhost';

	EOF

	mkdir -p /var/www/html/assets
	chmod 0777 /var/www/html/assets

	chmod +x /var/www/html/framework/sake
	/var/www/html/framework/sake dev/build