Skip to content

Instantly share code, notes, and snippets.

@igolden

igolden/gist:35cb5de183b2775e3f8ca620eaa8f3ec

Created September 20, 2018 17:13
Show Gist options
  • Save igolden/35cb5de183b2775e3f8ca620eaa8f3ec to your computer and use it in GitHub Desktop.
Save igolden/35cb5de183b2775e3f8ca620eaa8f3ec to your computer and use it in GitHub Desktop.
Download ZIP
Setup bastion host for ec2 (still requires some manual setup after)
Raw
gistfile1.txt
#!/bin/bash
apt-get update && apt-get upgrade -y
apt-get install -y vim nmap curl wget build-essential nginx zsh
mkdir /home/sysadmin
cat > /home/sysadmin/.zshrc <<EOF
setopt promptsubst
setopt EXTENDED_GLOB
autoload -U compinit
# edit-command-line
autoload -U edit-command-line
zle -N edit-command-line
bindkey '\C-x\C-e' edit-command-line
# bind search history to arrow keys
bindkey "^[[A" history-beginning-search-backward
bindkey "^[[B" history-beginning-search-forward
# setup PATH
export PATH=$HOME/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# Utilities
alias mkdri='mkdir'
alias ls='ls -G'
alias ll='ls -lG'
alias c="clear"
alias vup="vagrant up"
alias vupp="vagrant up --provision"
alias vs="vagrant ssh"
alias vp="vagrant provision"
alias rn="react-native"
alias redis_start="redis-server /usr/local/etc/redis.conf"
alias redis_stop="redis-cli shutdown"
# md5sum
alias md5='md5 -r'
alias md5sum='md5 -r'
alias rncc='watchman watch-del-all && rm -rf node_modules && yarn cache clean && yarn && yarn start -- --reset-cache'
alias ivm='vim'
alias ivn='vim'
alias iv='vim'
alias vin='vim'
alias cim='vim'
alias mcim='vim'
alias mim='vim'
alias fim='vim'
alias r=rails
alias sr="screen -r"
alias :q="You're not in Vim"
alias :w="You're not in Vim"
alias diff=colordiff
# Personal Commands
alias es='exec $SHELL'
alias b='bundle install --path .bundle/gems --binstubs .bundle/bin'
alias be='bundle exec'
alias grh="git reset --hard"
alias push="git push origin HEAD"
alias pr="git pull-request"
alias tree='git log --graph --pretty=format:'\''%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr)%Creset'\'' --abbrev-commit --date=relative'
alias gr='git reset'
# Bash wrappers
alias count='tee >(wc -l)'
# Jekyll Commands
alias js='jekyll serve'
alias jb='jekyll build'
alias gti='git'
alias vmi='vim'
alias vom='vim'
alias cim='vim'
# Sys Admin Commands
alias duh='du -csh'
alias dimage='du -hc *.png'
#start/stop postgres
alias pgstart='pg_ctl -D /usr/local/var/postgres -l /usr/local/var/postgres/server.log start'
alias pgstop='pg_ctl -D /usr/local/var/postgres stop -s -m fast'
# Init
alias gsetup="git init && git aa && git ci -m 'initial'"
# Commit
alias gc="git ci -m $1"
alias gac="git aa && git ci -m $1"
function clear_docker {
echo "Removing docker containers.."
docker rm -f $(docker ps -a -q) &>/dev/null
echo "Done."
echo "Removing docker volumes.."
docker volume rm $(docker volume ls -q) &>/dev/null
echo "Done."
}
function kill_docker {
echo "Removing docker containers.."
docker rm -f $(docker ps -a -q) &>/dev/null
echo "Done."
echo "Removing docker images.."
docker rmi $(docker images) &>/dev/null
echo "Done."
echo "Removing docker volumes.."
docker volume rm $(docker volume ls -q) &>/dev/null
echo "Done."
}
function kill_volumes {
echo "Removing docker volumes.."
docker volume rm $(docker volume ls -q)
echo "Done."
}
# fix last command
alias fix='sudo $(history -p \!\!)'
function dcr {
image=$1
shift
docker-compose run $image $@
}
alias nis="npm install --save"
alias nisd="npm install --save-dev"
alias nu="npm upgrade"
alias nun="npm uninstall"
alias nug="npm update --global"
alias nung="npm uninstall --global"
alias dc='docker-compose'
alias dcc='docker-compose config'
alias dcu='docker-compose up'
alias dynamo='java -Djava.library.path=/Users/igolden/source/dynamodb/DynamoDBLocal_lib -jar /Users/igolden/source/dynamodb/DynamoDBLocal.jar -sharedDb -inMemory'
alias pamm='git push origin HEAD && git co master && git merge - && git push origin master'
function commit {
git aa && git commit -m "$1"
}
function bin() {
./bin/$1
}
# Fast shortcuts
alias c='clear'
alias r='reset'
alias q='exit'
alias cd..="cd .." # I often make this mistake
alias cs="cd"
# Because sometimes you don't have the time to put this two letters
alias ..='cd ..'
alias ...='cd ../..'
alias -- -="cd -"
alias lcat="cat $1 | less"
alias nuke='kill -9 %%'
get_pids() {
ps -ax | grep $1 | while read line ; do echo "$line" | grep -v 'grep' | grep -oh "^[0-9]*"; done
}
# Add terminal colors, grep clors
export TERM='xterm-color' # terminal colors
export LSCOLORS='ExGxBxDxCxEgEdxbxgxcxd' # ls -al colors
export GREP_OPTIONS='--color' # grep colors
export ACK_COLOR_MATCH='green' # when ack matches, make it green
# saving command line history
export HISTSIZE=100000 # save last 100K lines in zsh_history
export HISTFILE="$HOME/.zsh_history" # save to ~/.zsh_history
export SAVEHIST=$HISTSIZE # set the history
# editor support
export EDITOR=vim # because vim
export WORDCHARS='*?[]~&;!$%^<>' # how zsh handles vim wordchars
export ANTIGEN_LOG=~/antigen.log # antigen logging
# tab completion with git
if [[ -f ~/.git-completion.zsh ]]; then
. ~/.git-complete.zsh
fi
EOF
cat >/home/sysadmin/.vimrc <<EOF
filetype plugin indent on " filetype plugins and indent support
syntax on
let mapleader="," " set , as our leader instead default \
inoremap kj <Esc>
colorscheme desert
set autoindent " autoindent on
set backspace=eol,indent,start " better backspace functionality, end of line, insert, start
set backup
set backupdir=~/.vim-tmp,~/.tmp,~/tmp,/var/tmp,/tmp
set cmdheight=3 " cmd height is 3
set cuc
set cursorline
set directory=~/.vim-tmp,~/.tmp,~/tmp,/var/tmp,/tmp
set encoding=utf-8
set expandtab " uses correct tab size in insert mode
set foldmethod=indent
set foldnestmax=10
set nofoldenable
set foldlevel=1
set foldminlines=0
set hidden " when buffer is hidden, unload
set history=10000 " set vim command history to 10K lines
set hlsearch " highlights search results
set incsearch " gives you feedback as you search with /
set ignorecase smartcase " handles case as you search
set laststatus=2 " multiwindow status line support
set nocompatible " don't try to be compatible with vi mode
set number " always show line numbers
set numberwidth=3 " width of line numbers col
set shiftwidth=2 " defaults to tabstop if 0
set softtabstop=2 " softtabstop, default it to 2 spaces
set tabstop=2 " ruby style tabstops, two spaces
set scrolloff=3
set shell=zsh " use zsh for shell
set showcmd " display incomplete or wrong commands
set showmatch " shows matching bracket, open close
set showtabline=1
set splitbelow " split vertically below
set splitright " split horizontally right
set switchbuf=useopen " use the open buffer by default
set t_ti=
set t_te=
set t_Co=256
set wildmode=longest,list
set wildmenu
set wildignore+=vendor/**,.bundle*,*node_modules*
set winwidth=70 " default window columns
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
" filetype highlighitng
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
au BufRead,BufNewFile *.json set ft=javascript
au BufNewFile,BufRead {Gemfile,Rakefile,Vagrantfile,Thorfile,config.ru} set ft=ruby
au BufRead,BufNewFile *.ts set ft=javascript
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
" Mappings
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
" set window split maneuvering
nnoremap <c-k> <c-w>k
nnoremap <c-j> <c-w>j
nnoremap <c-l> <c-w>l
nnoremap <c-h> <c-w>h
" punish those who use arrow keys
nnoremap <Left> :echo "Shame on you."<cr>
nnoremap <Right> :echo "Shame on you."<cr>
nnoremap <Up> :echo "Shame on you."<cr>
nnoremap <Down> :echo "Shame on you."<cr>
" Typo mappings
map :W :w
map :WQ :wq
map :Wq :wq
map :Wqa :wqa
map :WQa :wqa
map :wQa :wqa
map :wqA :wqa
EOF
useradd -s /bin/zsh -d /home/sysadmin sysadmin
passwd <<EOF
abc123
abc123
EOF
echo "sysadmin ALL=(ALL:ALL) ALL" >> /etc/sudoers
chown -R sysadmin /home/sysadmin
# add ssh-keygen
# add cat .ssh/id_rsa.pub >> .ssh/authorized_keys
git clone https://github.com/lukas2511/dehydrated /var/www/dehydrated
touch /var/www/dehydrated/domains.txt
cd /var/www/dehydrated && ./dehydrated --accept-terms --register
# echo http conf to nginx
cat >/etc/nginx/sites-available/default <<EOF
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
location ^~ /.well-known/acme-challenge {
alias /var/www/dehydrated;
}
}
EOF
# echo http conf to nginx
cat >/etc/nginx/sites-available/https <<EOF
# Connect to puma socket
upstream app {
server app:3000;
}
# for redirecting hhtp traffic to https version of the site
server {
listen 80;
server_name api.85supply.com;
return 301 https://$server_name$request_uri;
}
# SSL server
server {
listen 443 ssl;
server_name api.85supply.com localhost;
ssl_certificate /var/www/dehydrated/certs/api.85supply.com/cert.pem;
ssl_certificate_key /var/www/dehydrated/certs/api.85supply.com/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
root /var/www/85supply/public;
try_files $uri/index.html $uri @app;
# identifiable logs
access_log /var/log/nginx/85supply.access.log;
error_log /var/log/nginx/85supply.error.log;
location @app {
proxy_pass http://app;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
}
}
EOF
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment