Created
November 8, 2011 15:50
-
-
Save patmcnally/1348134 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # ArchLinux StackScript to create a rails / node box | |
| # | |
| # <UDF name="sys_hostname" Label="Hostname" example="Ex: test.example.com" /> | |
| # | |
| # | |
| # The idea behind this bash script is to create a ArchLinux box | |
| # provisioned and hosted exactly as we'd like. | |
| # | |
| # This handles | |
| # 1. Setting Hostname | |
| # 2. Setting locale | |
| # 3. Updating the system | |
| # 4. Configure a strict set up IPTABLES rules | |
| # 5. Configure SSHD | |
| # Logging is done with synchronous output to the STDOUT | |
| # You can see both stackscript.log & stackscript.err in the root folder | |
| # Change to No to disable logging | |
| STACKSCRIPTSLOG="Yes" | |
| if [ "$STACKSCRIPTSLOG" == "Yes" ]; then | |
| exec > >(tee -a /root/stackscript.log) | |
| exec 2> >(tee -a /root/stackscript.err) | |
| fi | |
| ###################### | |
| ## SYSTEM FUNCTIONS ## | |
| ###################### | |
| function system_update { | |
| pacman -Sy pacman --noconfirm | |
| pacman-db-upgrade | |
| pacman -Syu --noconfirm | |
| } | |
| function set_hostname { | |
| # Set the systems hostname | |
| # $1 = the hostname | |
| if [ ! -n "$1" ]; then | |
| echo "set_hostname() requires the hostname as its first argument" | |
| return 1; | |
| fi | |
| echo "$1" > /etc/hostname | |
| hostname -F /etc/hostname | |
| } | |
| function set_us_locale{ | |
| # Set the systems locale | |
| mv /etc/locale.gen /etc/local.gen.orig | |
| echo "en_US.UTF-8 UTF-8" > /etc/locale.gen | |
| echo "en_US ISO-8859-1" >> /etc/locale.gen | |
| locale-gen | |
| } | |
| function uncomment_line{ | |
| # Uncomment a line from a file (remove the # from before it) | |
| # $1 = the line to uncomment | |
| # $2 = the file | |
| if [ ! -n "$1" ]; then | |
| echo "uncomment_line() requires the line as its first argument" | |
| return 1; | |
| fi | |
| if [ ! -n "$2" ]; then | |
| echo "uncomment_line() requires the file name as its second argument" | |
| return 1; | |
| fi | |
| local line_content=$1 | |
| local line_commented="#$line_content" | |
| local file_path=$2 | |
| sed -i 's/$line_commented/$line_content/' file_path | |
| } | |
| function set_ip_tables{ | |
| # Install iptables | |
| pacman -S iptables --noconfirm | |
| # Set up iptables | |
| cat > /etc/iptables/iptables.rules << EOF | |
| *filter | |
| :INPUT DROP [0:0] | |
| :FORWARD DROP [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| -A INPUT -p icmp -j ACCEPT | |
| -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| -A INPUT -i lo -j ACCEPT | |
| -A INPUT -p tcp --dport 22 -j ACCEPT | |
| -A INPUT -p tcp --dport 80 -j ACCEPT | |
| -A INPUT -j LOG | |
| -A INPUT -j REJECT --reject-with icmp-port-unreachable | |
| COMMIT | |
| EOF | |
| /etc/rc.d/iptables restart | |
| # Set up ip6tables | |
| cat > /etc/iptables/ip6tables.rules << EOF | |
| *filter | |
| :INPUT DROP [0:0] | |
| :FORWARD DROP [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| -A INPUT -p ipv6-icmp -j ACCEPT | |
| -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| -A INPUT -i lo -j ACCEPT | |
| -A INPUT -p tcp --dport 22 -j ACCEPT | |
| -A INPUT -p tcp --dport 80 -j ACCEPT | |
| -A INPUT -j LOG | |
| -A INPUT -j REJECT --reject-with icmp6-port-unreachable | |
| COMMIT | |
| EOF | |
| /etc/rc.d/ip6tables restart | |
| } | |
| function configure_sshd{ | |
| # Enable SSH via IPv6 | |
| sed -i 's/#AddressFamily any/AddressFamily any/' /etc/ssh/sshd_config | |
| /etc/rc.d/sshd restart | |
| } | |
| ###################### | |
| ## STACKSCRIPT FLOW ## | |
| ###################### | |
| # Set system hostname & timezone | |
| set_hostname "$SYS_HOSTNAME" | |
| set_us_locale | |
| # Bring system up to date | |
| system_update | |
| set_ip_tables | |
| # apt_install 'linux-headers-generic build-essential zlib1g-dev libssl-dev libreadline5-dev git tmux curl libmagickcore-dev imagemagick libxml2-dev libxslt1-dev' | |
| # apt_install 'puppet' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment