Last active
December 3, 2023 01:17
-
-
Save rigwild/26268ca12e9e599e024605e4ce22652a to your computer and use it in GitHub Desktop.
Quick VM install script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Check if script is ran by root user -> exit | |
| if [[ $EUID -eq 0 ]]; then echo "This script should not be ran by root!"; exit 1; fi | |
| # Stop script on error | |
| set -e | |
| set -o pipefail | |
| sudo apt update | |
| sudo apt upgrade -y | |
| # Install common packages | |
| sudo apt install -y \ | |
| linux-generic \ | |
| build-essential \ | |
| apt-transport-https \ | |
| ca-certificates \ | |
| curl \ | |
| gnupg-agent \ | |
| jq \ | |
| bat \ | |
| software-properties-common \ | |
| fail2ban \ | |
| nginx \ | |
| snapd | |
| # Install Snap and certbot | |
| sudo snap install core; sudo snap refresh core | |
| sudo snap install --classic certbot | |
| sudo ln -s /snap/bin/certbot /usr/bin/certbot | |
| # Install Node.js | |
| sudo apt-get install -y ca-certificates curl gnupg | |
| sudo mkdir -p /etc/apt/keyrings | |
| curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg | |
| NODE_MAJOR=20 | |
| echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | sudo tee /etc/apt/sources.list.d/nodesource.list | |
| sudo apt install -y nodejs | |
| node -v | |
| # Install pnpm | |
| curl -fsSL https://get.pnpm.io/install.sh | sh - | |
| # Install PM2 and zx | |
| pnpm i -g pm2 zx | |
| source ~/.bashrc | |
| # Install Redis | |
| sudo apt install -y redis-server | |
| sudo sed -i -e 's/supervised no/supervised systemd/g' /etc/redis/redis.conf | |
| sudo systemctl restart redis.service | |
| # Configure fail2ban | |
| awk '{ printf "# "; print; }' /etc/fail2ban/jail.conf | sudo tee /etc/fail2ban/jail.local | |
| sudo sed -i -e 's/maxretry = 5/maxretry = 3/g' /etc/fail2ban/jail.conf | |
| sudo sed -i -e 's/# \[sshd\]/# \[sshd-example-jail\]/g' /etc/fail2ban/jail.conf | |
| sudo sed -i -e 's/\[sshd\]/\[sshd\]\nenabled = true/g' /etc/fail2ban/jail.conf | |
| sudo sed -i -e 's/findtime = 10m/findtime = 15m/g' /etc/fail2ban/jail.conf | |
| sudo service fail2ban restart | |
| # Configure SSH | |
| # Disable SSH password login | |
| # sudo sed -i -e 's/#PasswordAuthentication yes/PasswordAuthentication no\n#PasswordAuthentication yes/g' /etc/ssh/sshd_config | |
| # Change SSH port from 22 to 2222 | |
| sudo sed -i -e 's/#Port 22/Port 2222\n#Port 22/g' /etc/ssh/sshd_config | |
| sudo mkdir -p /etc/systemd/system/ssh.socket.d | |
| sudo bash -c 'cat << EOF > /etc/systemd/system/ssh.socket.d/listen.conf | |
| [Socket] | |
| ListenStream= | |
| ListenStream=2222 | |
| EOF' | |
| sudo systemctl daemon-reload | |
| sudo systemctl restart ssh.socket | |
| # Add Swap | |
| sudo fallocate -l 2G /swapfile | |
| sudo chmod 600 /swapfile | |
| sudo mkswap /swapfile | |
| sudo swapon /swapfile | |
| sudo cp /etc/fstab /etc/fstab.bak | |
| echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab | |
| # Finalize setup | |
| echo "alias grep='grep --color=auto'" >> ~/.bashrc | |
| echo "alias fgrep='fgrep --color=auto'" >> ~/.bashrc | |
| echo "alias egrep='egrep --color=auto'" >> ~/.bashrc | |
| echo "alias l='LANG=C ls -ahl --color=auto $*'" >> ~/.bashrc | |
| echo "alias ll='LANG=C ls -ahl --color=auto $*'" >> ~/.bashrc | |
| echo "alias gs='git status'" >> ~/.bashrc | |
| echo "alias gl='git log'" >> ~/.bashrc | |
| echo "alias gb='git branch'" >> ~/.bashrc | |
| echo "alias gc='git checkout'" >> ~/.bashrc | |
| echo "alias bat='batcat'" >> ~/.bashrc | |
| sudo mkdir -p /var/www | |
| sudo chown -R $UID:$GID /var/www | |
| source ~/.bashrc |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment