Install Flynn PaaS on Online.net bare metal server

flynn-online-net-install.sh

#!/usr/bin/env bash

#===========================================================
# 
# Run this command:
#
#	sudo SERVERS="Space separated list of IPs" bash install.sh
#
#===========================================================


# Default software install
apt-get update
apt-get install -y vim
apt-get install -y unattended-upgrades
apt-get install -y fail2ban
apt-get install -y ufw
apt-get install -y curl

# Setup automatic updates
# create alias for easier downloads
AUTO_UPG_FILE="/etc/apt/apt.conf.d/20auto-upgrades"

/bin/cat <<EOM >$AUTO_UPG_FILE
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOM
chmod a+rx $AUTO_UPG_FILE


# Update ssh config file
sed -i -e 's/\#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
systemctl restart sshd


# Firewall settings
IFS=' ' read -r -a ips <<< "${SERVERS}"
sed -i -e 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/' /etc/default/ufw
ufw allow 22
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 3000:3500/tcp
ufw default deny incoming
ufw default allow outgoing

for element in "${ips[@]}"
do
	ufw allow from $element
done

ufw allow in on flynnbr0
ufw allow in on flannel.1
echo "y" | ufw enable

# Flynn install
curl -fsSL -o /tmp/install-flynn https://dl.flynn.io/install-flynn
bash /tmp/install-flynn --channel nightly