Skip to content

Instantly share code, notes, and snippets.

@kaspergrubbe

kaspergrubbe/bootstrap_ubuntu.sh

Created November 5, 2013 16:49
Show Gist options
  • Save kaspergrubbe/7322038 to your computer and use it in GitHub Desktop.
Save kaspergrubbe/7322038 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
bootstrap_ubuntu.sh
#!/bin/bash
# <UDF name="HOSTNAME" Label="server hostname" default="linode"/>
# <udf name="PACKAGES" label="Packages to install" manyOf="Varnish, Nginx, Postgres, Redis, Beanstalk, Memcache" default="">
###########################################################
# System Helpers
###########################################################
function system_update {
apt-get update
apt-get -y install aptitude
aptitude -y full-upgrade
}
function system_primary_ip {
# returns the primary IP assigned to eth0
echo $(ifconfig eth0 | awk -F: '/inet addr:/ {print $2}' | awk '{ print $1 }')
}
function get_rdns {
# calls host on an IP address and returns its reverse dns
if [ ! -e /usr/bin/host ]; then
aptitude -y install dnsutils > /dev/null
fi
echo $(host $1 | awk '/pointer/ {print $5}' | sed 's/\.$//')
}
function get_rdns_primary_ip {
# returns the reverse dns of the primary IP assigned to this system
echo $(get_rdns $(system_primary_ip))
}
# add_line_if_not_exists ~/.bashrc 'export FLAGS="-march=native -O3 -pipe -fomit-frame-pointer"'
function add_line_if_not_exists {
if [ -f $1 ];
then
grep -q "$2" $1 || echo $2 >> $1
echo A file named $1
else
echo No file named $1
fi
}
#########################################
# NGINX
#########################################
function install_nginx {
apt-get -y install nginx
}
function add_nginx_config {
rm /etc/nginx/sites-enabled/default
cat > /etc/nginx/sites-available/kaspergrubbe.dk << EOF
upstream varnish {
server 127.0.0.1:6081; # this could also be Unicorn
}
server {
listen 80;
server_name kaspergrubbe.dk;
location / {
proxy_pass http://varnish;
proxy_redirect off;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
# Use Picturables server-header
proxy_pass_header Server;
# Hide server-tokens:
server_tokens off;
}
}
server {
listen 80;
server_name assets.kaspergrubbe.dk;
# server_name ~^assets%d.your-host.com;
# rails: config.action_controller.asset_host = "http://assets%d.yourhost.com"
location ~ /assets/ {
root /home/deployer/apps/kaspergrubbe/shared;
gzip_static on; # to serve pre-gzipped version
expires max;
add_header Cache-Control public;
}
}
EOF
ln -s /etc/nginx/sites-available/kaspergrubbe.dk /etc/nginx/sites-enabled/kaspergrubbe.dk
}
###########################################################
# Postgres
###########################################################
function postgresql_install {
apt-get -y install postgresql-9.1
apt-get -y install postgresql-client-9.1
apt-get -y install postgresql-contrib-9.1
# Let postgres listen on all interfaces
sed -i "s/#listen_addresses = 'localhost'/listen_addresses = '*'/g" /etc/postgresql/9.1/main/postgresql.conf
}
function postgresql_create_user {
# postgresql_create_user(username, password)
if [ -z "$1" ]; then
echo "postgresql_create_user() requires username as the first argument"
return 1;
fi
if [ -z "$2" ]; then
echo "postgresql_create_user() requires a password as the second argument"
return 1;
fi
echo "CREATE ROLE $1 WITH LOGIN ENCRYPTED PASSWORD '$2';" | su postgres -c psql
add_line_if_not_exists /etc/postgresql/9.1/main/pg_hba.conf "host all $1 all md5"
}
function postgresql_create_database {
# postgresql_create_database(dbname, owner)
if [ -z "$1" ]; then
echo "postgresql_create_database() requires database name as the first argument"
return 1;
fi
if [ -z "$2" ]; then
echo "postgresql_create_database() requires an owner username as the second argument"
return 1;
fi
su postgres -c "createdb --owner=$2 $1"
}
echo $HOSTNAME > /etc/hostname
echo -e "\n127.0.0.1 $HOSTNAME $HOSTNAME.local\n" >> /etc/hosts
hostname -F /etc/hostname
# Set timezone
# http://serverfault.com/questions/84521/automate-dpkg-reconfigure-tzdata/84528#84528
echo "Europe/Copenhagen" > /etc/timezone
dpkg-reconfigure -f noninteractive tzdata
# Setup needed packages for building Ruby
system_update
apt-get -y install gcc make git zlib1g-dev build-essential bison openssl libreadline6 libreadline6-dev curl git-core zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-0 libsqlite3-dev sqlite3 libxml2-dev libxslt-dev autoconf libc6-dev ncurses-dev
# Imagemagick
apt-get -y install graphicsmagick imagemagick
apt-get -y install libjemalloc1 # jemalloc
# Postgres client
apt-get -y install postgresql-client-9.1 libpq-dev
# JRuby
# apt-get -y install openjdk-6-jre
# apt-get -y install java6-runtime
# inotify
# apt-get -y install inotify-tools
# top
apt-get -y install htop
# screen
apt-get -y install screen
# fail-2-ban
apt-get -y install fail2ban
# Fixing Locale errors
apt-get -y install language-pack-da-base
echo LANGUAGE=\"en_US\" >> /etc/environment
echo LC_ALL=\"da_DK.UTF-8\" >> /etc/environment
echo LANG=\"en_US\" >> /etc/environment
echo LC_TYPE=\"da_DK\" >> /etc/environment
dpkg-reconfigure locales
# Setting up SSH-keys
# https://github.com/kaspergrubbe.keys
touch key
wget https://github.com/kaspergrubbe.keys -O - >> key
echo "" >> key
wget https://github.com/Takle.keys -O - >> key
echo "" >> key
wget https://github.com/Snuden.keys -O - >> key
echo "" >> key
# Setup root:
mkdir -p /root/.ssh
touch /root/.ssh/authorized_keys
cat key | cat >> /root/.ssh/authorized_keys
# colors for root:
sed -i "s/#force_color_prompt=yes/force_color_prompt=yes/g" /root/.bashrc
ufw allow 22
#if [[ -n "$(echo $PACKAGES | grep 'Nginx')" ]]; then
# Install nginx
install_nginx
add_nginx_config
service nginx restart
# Firewall
ufw allow 80
#fi
#if [[ -n "$(echo $PACKAGES | grep 'Postgres')" ]]; then
# Setup database
postgresql_install
postgresql_create_user "kasper" "password"
postgresql_create_database "kaspergrubbedk" "kasper"
# Firewall
ufw allow from 176.58.110.75 to any port 5432
ufw allow from 176.58.122.173 to any port 5432
#fi
# Enable firewall
ufw enable
# Add deployer user with ssh
adduser deployer --ingroup sudo --disabled-password --gecos ""
usermod -a -G sudo deployer
sudo -u deployer mkdir -p /home/deployer/.ssh
sudo -u deployer touch /home/deployer/.ssh/authorized_keys
cat key | cat >> /home/deployer/.ssh/authorized_keys
rm key
#sudo -u deployer ssh-keygen -q -t rsa -N '' -f /home/deployer/.ssh/id_rsa
sudo -u deployer touch /home/deployer/.ssh/id_rsa
sudo -u deployer chmod 700 /home/deployer/.ssh/id_rsa
cat > /home/deployer/.ssh/id_rsa << EOF
-----BEGIN RSA PRIVATE KEY-----
TODO ADD A PRIVATE KEY OR GENERATE IT
-----END RSA PRIVATE KEY-----
EOF
sudo -u deployer touch /home/deployer/.ssh/id_rsa.pub
sudo -u deployer chmod 700 /home/deployer/.ssh/id_rsa.pub
cat > /home/deployer/.ssh/id_rsa.pub << EOF
TODO ADD YOU PUBLIC KEY
EOF
# Disable hostname checking, unless capistrano would wait for user input
sudo -u deployer echo -e "Host github.com\n\tStrictHostKeyChecking no\n" >> /home/deployer/.ssh/config
# enable colors for deployer
sed -i "s/#force_color_prompt=yes/force_color_prompt=yes/g" /home/deployer/.bashrc
sudo -u deployer source /home/deployer/.bashrc
# Ruby GC-tweaks (deployer)
echo export RUBY_HEAP_MIN_SLOTS=1000000 >> /home/deployer/.bashrc
echo export RUBY_HEAP_SLOTS_INCREMENT=1000000 >> /home/deployer/.bashrc
echo export RUBY_HEAP_SLOTS_GROWTH_FACTOR=1 >> /home/deployer/.bashrc
echo export RUBY_GC_MALLOC_LIMIT=1000000000 >> /home/deployer/.bashrc
echo export RUBY_HEAP_FREE_MIN=500000 >> /home/deployer/.bashrc
# Dont install rdoc and stuff for gems
sudo -u deployer touch /home/deployer/.gemrc
echo gem: --no-rdoc --no-ri >> /home/deployer/.gemrc
# Compile flags
echo "" >> /home/deployer/.bashrc
echo 'export CFLAGS="-march=native -O3 -pipe -fomit-frame-pointer"' >> /home/deployer/.bashrc
echo "" >> /home/deployer/.bashrc
echo 'export LD_PRELOAD=$LD_PRELOAD:/usr/lib/libjemalloc.so.1' # https://gist.github.com/4136373
# Installing RBENV
su deployer -c "cd ~ && wget https://raw.github.com/fesplugas/rbenv-installer/master/bin/rbenv-installer && bash rbenv-installer"
echo 'export RBENV_ROOT="${HOME}/.rbenv"' >> /home/deployer/.bashrc
echo 'if [ -d "${RBENV_ROOT}" ]; then' >> /home/deployer/.bashrc
echo ' export PATH="${RBENV_ROOT}/bin:${PATH}"' >> /home/deployer/.bashrc
echo ' eval "$(rbenv init -)"' >> /home/deployer/.bashrc
echo 'fi' >> /home/deployer/.bashrc
su deployer -c "git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build"
su deployer -c "cd ~ && ~/.rbenv/bin/rbenv install 2.0.0-p195"
su deployer -c "cd ~ && ~/.rbenv/bin/rbenv global 2.0.0-p195"
#su deployer -c "cd ~ && ~/.rbenv/bin/rbenv install 1.9.3-p392"
#su deployer -c "cd ~ && ~/.rbenv/bin/rbenv global 1.9.3-p392"
su deployer -c "source ~/.bashrc"
su deployer -c "/home/deployer/.rbenv/shims/gem install bundler"
su deployer -c "cd ~ && ~/.rbenv/bin/rbenv rehash"
#su deployer -c "cd ~ && ~/.rbenv/bin/rbenv install jruby-1.7.1"
#su deployer -c "cd ~ && ~/.rbenv/bin/rbenv global jruby-1.7.1"
# Reboot after a time to let the stackscript clean up and finish this properly
# https://forum.linode.com/viewtopic.php?p=42936
$(shutdown -r 1) &
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment