forked from jasonheecs/ubuntu-server-setup
-
Notifications
You must be signed in to change notification settings - Fork 0
/
setupLibrary.sh
153 lines (128 loc) · 4.18 KB
/
setupLibrary.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
#!/bin/bash
# Add the new user account
# Arguments:
# Account Username
# Account Password
# Flag to determine if user account is added silently. (With / Without GECOS prompt)
function addUserAccount() {
local username=${1}
local password=${2}
local silent_mode=${3}
if [[ ${silent_mode} == "true" ]]; then
sudo adduser --disabled-password --gecos '' "${username}"
else
sudo adduser --disabled-password "${username}"
fi
echo "${username}:${password}" | sudo chpasswd
sudo usermod -aG sudo "${username}"
}
# Add the local machine public SSH Key for the new user account
# Arguments:
# Account Username
# Public SSH Key
function addSSHKey() {
local username=${1}
local sshKey=${2}
execAsUser "${username}" "mkdir -p ~/.ssh; chmod 700 ~/.ssh; touch ~/.ssh/authorized_keys"
execAsUser "${username}" "echo \"${sshKey}\" | sudo tee -a ~/.ssh/authorized_keys"
execAsUser "${username}" "chmod 600 ~/.ssh/authorized_keys"
}
# Execute a command as a certain user
# Arguments:
# Account Username
# Command to be executed
function execAsUser() {
local username=${1}
local exec_command=${2}
sudo -u "${username}" -H bash -c "${exec_command}"
}
# Modify the sshd_config file
# shellcheck disable=2116
function changeSSHConfig() {
sudo sed -re 's/^(\#?)(PasswordAuthentication)([[:space:]]+)yes/\2\3no/' -i."$(echo 'old')" /etc/ssh/sshd_config
sudo sed -re 's/^(\#?)(PermitRootLogin)([[:space:]]+)(.*)/PermitRootLogin no/' -i /etc/ssh/sshd_config
}
# Setup the Uncomplicated Firewall
function setupUfw() {
sudo ufw allow OpenSSH
yes y | sudo ufw enable
}
# Create the swap file based on amount of physical memory on machine (Maximum size of swap is 4GB)
function createSwap() {
local swapmem=$(($(getPhysicalMemory) * 2))
# Anything over 4GB in swap is probably unnecessary as a RAM fallback
if [ ${swapmem} -gt 4 ]; then
swapmem=4
fi
sudo fallocate -l "${swapmem}G" /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
}
# Mount the swapfile
function mountSwap() {
sudo cp /etc/fstab /etc/fstab.bak
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
}
# Modify the swapfile settings
# Arguments:
# new vm.swappiness value
# new vm.vfs_cache_pressure value
function tweakSwapSettings() {
local swappiness=${1}
local vfs_cache_pressure=${2}
sudo sysctl vm.swappiness="${swappiness}"
sudo sysctl vm.vfs_cache_pressure="${vfs_cache_pressure}"
}
# Save the modified swap settings
# Arguments:
# new vm.swappiness value
# new vm.vfs_cache_pressure value
function saveSwapSettings() {
local swappiness=${1}
local vfs_cache_pressure=${2}
echo "vm.swappiness=${swappiness}" | sudo tee -a /etc/sysctl.conf
echo "vm.vfs_cache_pressure=${vfs_cache_pressure}" | sudo tee -a /etc/sysctl.conf
}
# Set the machine's timezone
# Arguments:
# tz data timezone
function setTimezone() {
local timezone=${1}
echo "${1}" | sudo tee /etc/timezone
sudo ln -fs "/usr/share/zoneinfo/${timezone}" /etc/localtime # https://bugs.launchpad.net/ubuntu/+source/tzdata/+bug/1554806
sudo dpkg-reconfigure -f noninteractive tzdata
}
# Configure Network Time Protocol
function configureNTP() {
ubuntu_version="$(lsb_release -sr)"
if [[ $ubuntu_version == '20.04' ]]; then
sudo systemctl restart systemd-timesyncd
else
sudo apt-get update
sudo apt-get --assume-yes install ntp
fi
}
# Gets the amount of physical memory in GB (rounded up) installed on the machine
function getPhysicalMemory() {
local phymem
phymem="$(free -g|awk '/^Mem:/{print $2}')"
if [[ ${phymem} == '0' ]]; then
echo 1
else
echo "${phymem}"
fi
}
# Disables the sudo password prompt for a user account by editing /etc/sudoers
# Arguments:
# Account username
function disableSudoPassword() {
local username="${1}"
sudo cp /etc/sudoers /etc/sudoers.bak
sudo bash -c "echo '${1} ALL=(ALL) NOPASSWD: ALL' | (EDITOR='tee -a' visudo)"
}
# Reverts the original /etc/sudoers file before this script is ran
function revertSudoers() {
sudo cp /etc/sudoers.bak /etc/sudoers
sudo rm -rf /etc/sudoers.bak
}