Last active
April 30, 2024 09:03
-
-
Save kolosek/4d47a6b0a9ed698af455e220ca2f27b1 to your computer and use it in GitHub Desktop.
Worker setup
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| # Update-ovanje i upgrade-ovanje servera | |
| sudo apt update # && sudo apt upgrade -y | |
| # Kreiranje novog korisnika i dodavanje tog korisnika u sudo grupu | |
| adduser worker | |
| usermod -aG sudo worker | |
| # Obezbjedjivanje SSH-a | |
| sudo sed -i 's/#Port 22/Port 9022/g' /etc/ssh/sshd_config | |
| sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config | |
| sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config | |
| sudo sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config | |
| sudo systemctl restart ssh.service | |
| # Podesavanje UFW | |
| sudo ufw disable | |
| sudo ufw default allow outgoing | |
| sudo ufw default deny incoming | |
| sudo ufw allow 9022 | |
| sudo ufw enable | |
| sudo apt install apt-transport-https ca-certificates curl software-properties-common -y | |
| curl -sSL https://get.docker.com | sh | |
| sudo usermod -aG docker worker | |
| ## This should be executed on Worker user ### | |
| #mkdir -p ~/.docker/cli-plugins/ | |
| #curl -SL https://github.com/docker/compose/releases/download/v2.3.3/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose | |
| sudo curl -SL https://github.com/docker/compose/releases/download/v2.24.6/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose | |
| sudo chmod +x /usr/local/bin/docker-compose | |
| #chmod +x ~/.docker/cli-plugins/docker-compose | |
| sudo sysctl -w vm.max_map_count=262144 | |
| echo "worker ALL= NOPASSWD:/usr/bin/rsync" >> /etc/sudoers | |
| echo "worker ALL= NOPASSWD:/usr/bin/touch" >> /etc/sudoers | |
| echo "worker ALL= NOPASSWD:/usr/bin/du" >> /etc/sudoers | |
| echo "worker ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers | |
| mkdir -p /home/worker/.ssh | |
| wget https://gist.githubusercontent.com/kolosek/88ca9d6834c2b2ac43cdf64ef2ef7938/raw/3cd7855107f597821cd13107a614ca4d39130ce8/rubyci-public-ssh | |
| touch /home/worker/.ssh/authorized_keys | |
| cat rubyci-public-ssh >> /home/worker//.ssh/authorized_keys | |
| chmod 700 /home/worker/.ssh && chmod 600 /home/worker/.ssh/authorized_keys | |
| sudo chown -v -R worker:worker /home/worker/.ssh/ | |
| su - worker |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment