Created
May 21, 2024 04:17
-
-
Save intentionally-left-nil/9f2657025d8a96e35e30dc4f0c1a6e50 to your computer and use it in GitHub Desktop.
Setting up a new Debian VPS server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # Make sure there's a .env file in the same directory with the contents | |
| # USERNAME=user | |
| # PASSWORD=password | |
| # SSH_PORT=22 | |
| # SSH_PUB_KEY="ssh-rsa blah blah blah | |
| set -euo pipefail | |
| SCRIPT_DIR=$(realpath "$(dirname "$0")") | |
| echo "Loading the environment variables" | |
| # shellcheck disable=SC1090 | |
| source "${SCRIPT_DIR}.env" | |
| echo "Making sure the environment variables are set" | |
| if [ -z "${USERNAME:-}" ]; then | |
| echo "USERNAME is not set" | |
| exit 1 | |
| fi | |
| if [ -z "${PASSWORD:-}" ]; then | |
| echo "PASSWORD is not set" | |
| exit 1 | |
| fi | |
| if [ -z "${SSH_PUB_KEY:-}" ]; then | |
| echo "SSH_PUB_KEY is not set" | |
| exit 1 | |
| fi | |
| echo "Basic config setup" | |
| hostnamectl set-hostname "vps" | |
| timedatectl set-timezone UTC | |
| echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen | |
| locale-gen | |
| update-locale LANG=en_US.UTF-8 | |
| echo "Creating the user $USERNAME" | |
| useradd -u 1000 -m -s /bin/bash "$USERNAME" | |
| echo "$USERNAME:$PASSWORD" | chpasswd | |
| usermod -aG sudo "$USERNAME" | |
| echo "Setting up the SSH keys for $USERNAME" | |
| mkdir -p "/home/$USERNAME/.ssh" | |
| chmod 700 "/home/$USERNAME/.ssh" | |
| chown "$USERNAME:$USERNAME" "/home/$USERNAME/.ssh" | |
| echo "$SSH_PUB_KEY" > "/home/$USERNAME/.ssh/authorized_keys" | |
| chmod 600 "/home/$USERNAME/.ssh/authorized_keys" | |
| chown "$USERNAME:$USERNAME" "/home/$USERNAME/.ssh/authorized_keys" | |
| echo "Configuring the SSH server" | |
| cat << EOF > /etc/ssh/sshd_config.d/override.conf | |
| Port ${SSH_PORT:-22} | |
| LogLevel INFO | |
| PermitRootLogin no | |
| StrictModes yes | |
| MaxAuthTries 6 | |
| MaxSessions 10 | |
| PasswordAuthentication no | |
| PubkeyAuthentication yes | |
| AllowUsers "$USERNAME" | |
| PrintMotd no | |
| AcceptEnv LANG LC_* | |
| X11Forwarding yes | |
| EOF | |
| systemctl reload sshd | |
| echo "Disabling the root account" | |
| passwd -l root | |
| echo "Setting up auto-updates" | |
| apt-get update | |
| apt-get install -y unattended-upgrades | |
| cat << EOF > /etc/apt/apt.conf.d/20auto-upgrades | |
| APT::Periodic::Update-Package-Lists "1"; | |
| APT::Periodic::Unattended-Upgrade "1"; | |
| EOF | |
| cat << EOF > /etc/apt/apt.conf.d/51unattended-upgrades-override | |
| Unattended-Upgrade::Automatic-Reboot "true"; | |
| Unattended-Upgrade::Automatic-Reboot-Time "07:16"; | |
| EOF | |
| systemctl enable unattended-upgrades | |
| systemctl start unattended-upgrades | |
| echo "Installing Docker" | |
| apt-get install -y ca-certificates curl | |
| install -m 0755 -d /etc/apt/keyrings | |
| curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc | |
| chmod a+r /etc/apt/keyrings/docker.asc | |
| echo \ | |
| "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \ | |
| $(. /etc/os-release && echo "$VERSION_CODENAME") stable" > /etc/apt/sources.list.d/docker.list | |
| apt-get update | |
| apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin | |
| systemctl enable docker.service | |
| systemctl start docker.service | |
| docker run hello-world | |
| echo "Adding a swapfile" | |
| fallocate -l 4G /swapfile | |
| chmod 600 /swapfile | |
| mkswap /swapfile | |
| swapon /swapfile | |
| echo '/swapfile none swap sw 0 0' >> /etc/fstab | |
| echo 'vm.swappiness=10' >> /etc/sysctl.conf | |
| sysctl -p | |
| apt-get upgrade -y |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment