Last active
January 24, 2016 18:37
-
-
Save jackson-dean/543149551b13b27892be to your computer and use it in GitHub Desktop.
Initial setup for new digital ocean droplet.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #inital setup for ubuntu 14.04 digital ocean droplet | |
| #creates a new sudo user, copies root authorized keys file to user | |
| #disables root and password logins | |
| if [[ -z "$1" ]]; then | |
| echo "You didn't enter a username!" | |
| exit 1 | |
| fi | |
| id -u "$1" > /dev/null || { | |
| adduser "$1" | |
| gpasswd -a "$1" sudo | |
| } | |
| ssh_dir="/home/${1}/.ssh" | |
| if [[ ! -d "$ssh_dir" ]]; then | |
| mkdir "$ssh_dir" | |
| fi | |
| cp -r /root/.ssh/authorized_keys "${ssh_dir}/authorized_keys" | |
| chown -R "$1:$1" "$ssh_dir" | |
| chmod 600 "${ssh_dir}/authorized_keys" | |
| sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config | |
| sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config | |
| service ssh restart | |
| #setup basic firewall rules | |
| sudo ufw allow ssh | |
| sudo ufw allow 80/tcp | |
| sudo ufw allow 443/tcp | |
| sudo ufw allow 25/tcp | |
| sudo ufw enable | |
| #create swap file | |
| fallocate -l 2G /swapfile | |
| chmod 600 /swapfile | |
| mkswap /swapfile | |
| swapon /swapfile | |
| sh -c 'echo "/swapfile none swap sw 0 0" >> /etc/fstab' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment