Linode stackscript to setup node, deployer user, git, private networking, basic security, coffee script, and pm2 for node process management.

Node Linode Stackscript

#!/bin/bash

# <UDF name="user_name" label="Unprivileged user account name" example="This is the account that you will be using to log in or deploy (deployer)." default="deployer" optional="false" />
# <UDF name="user_password" label="Unprivileged user password" optional="false" />
# <UDF name="user_sshkey" label="Public Key for user" default="" example="Recommended method of authentication. It is more secure than password log in." optional="false" />
# <UDF name="user_shell" label="Shell" oneof="/bin/zsh,/bin/bash" default="/bin/bash" />
# <UDF name="sys_hostname" label="System hostname" default="myvps" example="Name of your server, i.e. linode1." optional="false" />
# <UDF name="sys_private_ip" Label="Private IP" default="" example="Configure network card to listen on this Private IP (if enabled in Linode/Remote Access settings tab). See http://library.linode.com/networking/configuring-static-ip-interfaces" optional="false" />

USER_GROUPS=sudo

exec &> /root/stackscript.log

source <ssinclude StackScriptID="1"> # StackScript Bash Library
system_update

source <ssinclude StackScriptID="124"> # lib-system

system_start_etc_dir_versioning #start recording changes of /etc config files

# Configure system
source <ssinclude StackScriptID="123"> # lib-system-ubuntu
system_update_hostname "$SYS_HOSTNAME"

system_record_etc_dir_changes "Updated hostname" # SS124

# Create user account
system_add_user "$USER_NAME" "$USER_PASSWORD" "$USER_GROUPS" "$USER_SHELL"
system_user_add_ssh_key "$USER_NAME" "$USER_SSHKEY"
system_record_etc_dir_changes "Added unprivileged user account" # SS124

# Configure sshd
system_sshd_permitrootlogin "no"
system_sshd_passwordauthentication "no"
touch /tmp/restart-ssh
system_record_etc_dir_changes "Configured sshd" # SS124

# Lock root account
system_lock_user "root"
system_record_etc_dir_changes "Locked root account" # SS124

# Lock user account
system_lock_user "$USER_NAME"
system_record_etc_dir_changes "Locked $USER_NAME account" # SS124

# Setup fail2ban
system_security_fail2ban
system_record_etc_dir_changes "Installed fail2ban" # SS124

# Setup firewall
system_security_ufw_configure_basic
system_record_etc_dir_changes "Configured UFW" # SS124

source <ssinclude StackScriptID="126"> # lib-python
python_install
system_record_etc_dir_changes "Installed python" # SS124

# lib-system - SS124
system_install_utils
system_install_build
system_install_git
system_record_etc_dir_changes "Installed common utils"

system_configure_private_network "$SYS_PRIVATE_IP"
system_record_etc_dir_changes "Configured private network"

# install node
apt-get install -y python-software-properties
add-apt-repository ppa:chris-lea/node.js
apt-get update
apt-get install -y nodejs

# install npm
curl https://npmjs.org/install.sh | clean=no sh

# install coffee
npm install -g coffee-script

# install pm2
npm install -g pm2

# env variables
echo 'export NODE_ENV=production' >> "/home/$USER_NAME/.profile"
echo 'export NODE_PATH=/usr/lib/node_modules' >> "/home/$USER_NAME/.profile"
echo 'export PORT=80' >> "/home/$USER_NAME/.profile"

# sudoers
cat <<EOF > /etc/sudoers.d/node
deployer     ALL=NOPASSWD: /sbin/restart node
deployer     ALL=NOPASSWD: /sbin/stop node
deployer     ALL=NOPASSWD: /sbin/start node
EOF
chmod 0440 /etc/sudoers.d/node

restart_services
restart_initd_services