l1ahim · August 8, 2019 07:56
diff --git a/ovh_centos7.sh b/ovh_centos7.sh
 #! /bin/bash
 
 # http://linuxcommand.org/wss0150.php
 function error_exit
 {
 	echo "$1" 1>&2
 	exit 1
 } 
 
 # http://unix.stackexchange.com/questions/70859/why-doesnt-sudo-su-in-a-shell-script-run-the-rest-of-the-script-as-root 
 if [ `whoami` = root ]; then

    cp /root/.ssh/authorized_keys2 /root/.ssh/authorized_keys
    sed -i 's/RSAAuthentication no/RSAAuthentication yes/g' /etc/ssh/sshd_config
    sed -i 's/PubkeyAuthentication no/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
    sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
    sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
    # sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
    systemctl restart sshd
 
    yum -y install firewalld
    systemctl enable firewalld
    systemctl start firewalld
    firewall-cmd --permanent --zone=drop --add-service=ssh
    firewall-cmd --set-default-zone=drop
    firewall-cmd --reload
 
    ## fail2ban
    ## http://www.servermom.org/install-fail2ban-centos/1809/
    #yum install epel-release -y
    #yum install fail2ban -y
    #yum install fail2ban-firewalld -y 
    ## sed -i 's/maxretry = 5/maxretry = 1/g' /etc/fail2ban/jail.conf
    ## sed -i 's/bantime  = 600/bantime  = 86400/g' /etc/fail2ban/jail.conf
    
    ## sshd jail not enabled by default
    #echo >> /etc/fail2ban/jail.conf
    #echo "[sshd]" >> /etc/fail2ban/jail.conf
    #echo "enabled = true" >> /etc/fail2ban/jail.conf
    #echo "maxretry = 1" >> /etc/fail2ban/jail.conf
    #echo "bantime = 86400" >> /etc/fail2ban/jail.conf
    #systemctl enable fail2ban.service
    #systemctl restart fail2ban.service

    yum -y install make 
    yum -y install vim-enhanced tmux
    yum -y install git
    yum -y install git-daemon
    yum -y install irssi nc socat lsof
    yum -y install xorg-x11-xauth xorg-x11-apps
    yum -y install docker
    yum -y install docker-registry
    # for building ghc
    yum -y install bzip2
    yum -y install perl gmp gmp-devel zlib zlib-devel gcc
    ln -s /usr/lib64/libgmp.so.10 /usr/lib64/libgmp.so.3
    # java stuff
    yum -y install java-1.7.0-openjdk.x86_64
    yum -y install maven
    # http://comments.gmane.org/gmane.comp.lang.haskell.glasgow.user/15874
    yum -y install libedit-devel.i686 libedit-devel.x86_64
    yum -y install readline.i686 readline.x86_64
    
    # make the Docker registry listen only on localhost
    sed -i 's/REGISTRY_ADDRESS=0\.0\.0\.0/REGISTRY_ADDRESS=127.0.0.1/g' /etc/sysconfig/docker-registry
    
    ## Installing Go
    #cd /usr/local
    #wget https://storage.googleapis.com/golang/go1.4.linux-amd64.tar.gz
    #tar -zxvf go1.4.linux-amd64.tar.gz
    #cd /root
    
    # Installing GHC from source
    curl -L -O http://downloads.haskell.org/~ghc/7.10.1/ghc-7.10.1-x86_64-unknown-linux-deb7.tar.bz2
    tar -jxvf ghc-7.10.1-x86_64-unknown-linux-deb7.tar.bz2
    cd ghc-7.10.1
    ./configure
    make install || error_exit "ERROR: GHC"    
    cd /root
    
    # Creating and configuring hask user
    useradd -m hask
    # https://docs.docker.com/installation/binaries/#giving-non-root-access
    # http://www.ludeke.net/2013/12/run-docker-commands-without-sudo.html
    # https://docs.docker.com/articles/security/#dockersecurity-daemon
    gpasswd -a hask docker
    mkdir /home/hask/.ssh
    cp /root/.ssh/authorized_keys /home/hask/.ssh/authorized_keys
    chown -R hask:hask /home/hask/.ssh
 
    cp $0 /home/hask/hask.sh
    chown hask:hask /home/hask/hask.sh
    chmod u+x /home/hask/hask.sh
    su - -c /home/hask/hask.sh hask
    rm -rf /home/hask/hask.sh
    
    # Haskdev can shut the machine down
    # http://www.garron.me/en/linux/visudo-command-sudoers-file-sudo-default-editor.html
    echo "hask ALL= NOPASSWD: /sbin/shutdown -h now, /usr/bin/lastb" >> /etc/sudoers
 
    # Starting Docker
    # service docker start
    # service docker-registry start
 
 elif [ `whoami` = hask ]; then
 
    # Configuring git
    git config --global user.name "DDC"
    git config --global user.email [email protected]
    git config --global push.default simple
 
    # Configuring vim
    curl -L -O https://raw.githubusercontent.com/danidiaz/miscellany/master/linux/.vimrc
     
    mkdir -p ~/.vim/autoload ~/.vim/bundle && \
    curl -LSso ~/.vim/autoload/pathogen.vim https://tpo.pe/pathogen.vim
     
    cd .vim/bundle
    git clone https://github.com/Shougo/unite.vim.git
    git clone https://github.com/tpope/vim-repeat
    git clone https://github.com/tpope/vim-surround.git
    git clone https://github.com/tommcdo/vim-exchange.git
    git clone https://github.com/justinmk/vim-sneak.git
    git clone https://github.com/sirver/ultisnips
    git clone https://github.com/dag/vim2hs
    git clone https://github.com/fatih/vim-go
    git clone https://github.com/michaeljsmith/vim-indent-object
    cd $HOME
    
    mkdir .vim/colors
    cd .vim/colors
    curl -L -O https://raw.githubusercontent.com/fugalh/desert.vim/master/desert.vim
    cd $HOME
 
    # Configuring tmux
    # Note that prefix is set to C-j
    curl -L -O https://raw.githubusercontent.com/danidiaz/miscellany/master/linux/.tmux.conf
     
    # Necessary for tmux to work
    # echo export LD_LIBRARY_PATH=/usr/local/lib >> $HOME/.bash_profile
 
    # Settign go path
    echo "PATH=\$PATH:/usr/local/go/bin" >> .bash_profile
    
    mkdir go
    mkdir go/src
    mkdir go/pkg
    mkdir go/bin
    
    echo "GOPATH=\$PATH:\$HOME/go" >> .bash_profile
    echo "export GOPATH" >> .bash_profile
    echo "PATH=\$PATH:\$HOME/go/bin" >> .bash_profile
 
    # Installing Cabal
    curl -L -O https://www.haskell.org/cabal/release/cabal-install-1.22.6.0/cabal-install-1.22.6.0.tar.gz
    tar -zxvf cabal-install-1.22.6.0.tar.gz
    cd cabal-install-1.22.6.0
    ./bootstrap.sh || error_exit "ERROR: CABAL"    
    cd $HOME
 
    echo "PATH=\$PATH:\$HOME/.cabal/bin" >> .bash_profile
    
    #
    echo "export PATH" >> .bash_profile
     
    PATH=$PATH:$HOME/.cabal/bin
    cabal update
 
    cd $HOME
    rm -rf cabal-install* 
 
    # echo "set -o vi" >> .bashrc
    #echo ''alias dockerX11run=\''docker run -v $HOME:/hosthome:ro -e XAUTHORITY=/hosthome/.Xauthority -e DISPLAY=$(echo $DISPLAY | sed "s/^.*:/$(hostname -i):/")'''\' >> .bashrc
 
 else
 
    echo "Should not be here!!!"
 
 fi
	#! /bin/bash

	# http://linuxcommand.org/wss0150.php
	function error_exit
	{
	echo "$1" 1>&2
	exit 1
	}

	# http://unix.stackexchange.com/questions/70859/why-doesnt-sudo-su-in-a-shell-script-run-the-rest-of-the-script-as-root
	if [ `whoami` = root ]; then

	cp /root/.ssh/authorized_keys2 /root/.ssh/authorized_keys
	sed -i 's/RSAAuthentication no/RSAAuthentication yes/g' /etc/ssh/sshd_config
	sed -i 's/PubkeyAuthentication no/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
	sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
	sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
	# sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
	systemctl restart sshd

	yum -y install firewalld
	systemctl enable firewalld
	systemctl start firewalld
	firewall-cmd --permanent --zone=drop --add-service=ssh
	firewall-cmd --set-default-zone=drop
	firewall-cmd --reload

	## fail2ban
	## http://www.servermom.org/install-fail2ban-centos/1809/
	#yum install epel-release -y
	#yum install fail2ban -y
	#yum install fail2ban-firewalld -y
	## sed -i 's/maxretry = 5/maxretry = 1/g' /etc/fail2ban/jail.conf
	## sed -i 's/bantime = 600/bantime = 86400/g' /etc/fail2ban/jail.conf

	## sshd jail not enabled by default
	#echo >> /etc/fail2ban/jail.conf
	#echo "[sshd]" >> /etc/fail2ban/jail.conf
	#echo "enabled = true" >> /etc/fail2ban/jail.conf
	#echo "maxretry = 1" >> /etc/fail2ban/jail.conf
	#echo "bantime = 86400" >> /etc/fail2ban/jail.conf
	#systemctl enable fail2ban.service
	#systemctl restart fail2ban.service

	yum -y install make
	yum -y install vim-enhanced tmux
	yum -y install git
	yum -y install git-daemon
	yum -y install irssi nc socat lsof
	yum -y install xorg-x11-xauth xorg-x11-apps
	yum -y install docker
	yum -y install docker-registry
	# for building ghc
	yum -y install bzip2
	yum -y install perl gmp gmp-devel zlib zlib-devel gcc
	ln -s /usr/lib64/libgmp.so.10 /usr/lib64/libgmp.so.3
	# java stuff
	yum -y install java-1.7.0-openjdk.x86_64
	yum -y install maven
	# http://comments.gmane.org/gmane.comp.lang.haskell.glasgow.user/15874
	yum -y install libedit-devel.i686 libedit-devel.x86_64
	yum -y install readline.i686 readline.x86_64

	# make the Docker registry listen only on localhost
	sed -i 's/REGISTRY_ADDRESS=0\.0\.0\.0/REGISTRY_ADDRESS=127.0.0.1/g' /etc/sysconfig/docker-registry

	## Installing Go
	#cd /usr/local
	#wget https://storage.googleapis.com/golang/go1.4.linux-amd64.tar.gz
	#tar -zxvf go1.4.linux-amd64.tar.gz
	#cd /root

	# Installing GHC from source
	curl -L -O http://downloads.haskell.org/~ghc/7.10.1/ghc-7.10.1-x86_64-unknown-linux-deb7.tar.bz2
	tar -jxvf ghc-7.10.1-x86_64-unknown-linux-deb7.tar.bz2
	cd ghc-7.10.1
	./configure
	make install \|\| error_exit "ERROR: GHC"
	cd /root

	# Creating and configuring hask user
	useradd -m hask
	# https://docs.docker.com/installation/binaries/#giving-non-root-access
	# http://www.ludeke.net/2013/12/run-docker-commands-without-sudo.html
	# https://docs.docker.com/articles/security/#dockersecurity-daemon
	gpasswd -a hask docker
	mkdir /home/hask/.ssh
	cp /root/.ssh/authorized_keys /home/hask/.ssh/authorized_keys
	chown -R hask:hask /home/hask/.ssh

	cp $0 /home/hask/hask.sh
	chown hask:hask /home/hask/hask.sh
	chmod u+x /home/hask/hask.sh
	su - -c /home/hask/hask.sh hask
	rm -rf /home/hask/hask.sh

	# Haskdev can shut the machine down
	# http://www.garron.me/en/linux/visudo-command-sudoers-file-sudo-default-editor.html
	echo "hask ALL= NOPASSWD: /sbin/shutdown -h now, /usr/bin/lastb" >> /etc/sudoers

	# Starting Docker
	# service docker start
	# service docker-registry start

	elif [ `whoami` = hask ]; then

	# Configuring git
	git config --global user.name "DDC"
	git config --global user.email [email protected]
	git config --global push.default simple

	# Configuring vim
	curl -L -O https://raw.githubusercontent.com/danidiaz/miscellany/master/linux/.vimrc

	mkdir -p ~/.vim/autoload ~/.vim/bundle && \
	curl -LSso ~/.vim/autoload/pathogen.vim https://tpo.pe/pathogen.vim

	cd .vim/bundle
	git clone https://github.com/Shougo/unite.vim.git
	git clone https://github.com/tpope/vim-repeat
	git clone https://github.com/tpope/vim-surround.git
	git clone https://github.com/tommcdo/vim-exchange.git
	git clone https://github.com/justinmk/vim-sneak.git
	git clone https://github.com/sirver/ultisnips
	git clone https://github.com/dag/vim2hs
	git clone https://github.com/fatih/vim-go
	git clone https://github.com/michaeljsmith/vim-indent-object
	cd $HOME

	mkdir .vim/colors
	cd .vim/colors
	curl -L -O https://raw.githubusercontent.com/fugalh/desert.vim/master/desert.vim
	cd $HOME

	# Configuring tmux
	# Note that prefix is set to C-j
	curl -L -O https://raw.githubusercontent.com/danidiaz/miscellany/master/linux/.tmux.conf

	# Necessary for tmux to work
	# echo export LD_LIBRARY_PATH=/usr/local/lib >> $HOME/.bash_profile

	# Settign go path
	echo "PATH=\$PATH:/usr/local/go/bin" >> .bash_profile

	mkdir go
	mkdir go/src
	mkdir go/pkg
	mkdir go/bin

	echo "GOPATH=\$PATH:\$HOME/go" >> .bash_profile
	echo "export GOPATH" >> .bash_profile
	echo "PATH=\$PATH:\$HOME/go/bin" >> .bash_profile

	# Installing Cabal
	curl -L -O https://www.haskell.org/cabal/release/cabal-install-1.22.6.0/cabal-install-1.22.6.0.tar.gz
	tar -zxvf cabal-install-1.22.6.0.tar.gz
	cd cabal-install-1.22.6.0
	./bootstrap.sh \|\| error_exit "ERROR: CABAL"
	cd $HOME

	echo "PATH=\$PATH:\$HOME/.cabal/bin" >> .bash_profile

	#
	echo "export PATH" >> .bash_profile

	PATH=$PATH:$HOME/.cabal/bin
	cabal update

	cd $HOME
	rm -rf cabal-install*

	# echo "set -o vi" >> .bashrc
	#echo ''alias dockerX11run=\''docker run -v $HOME:/hosthome:ro -e XAUTHORITY=/hosthome/.Xauthority -e DISPLAY=$(echo $DISPLAY \| sed "s/^.*:/$(hostname -i):/")'''\' >> .bashrc

	else

	echo "Should not be here!!!"

	fi