forked from szepeviktor/debian-server-tools
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdebian-setup2.sh
More file actions
executable file
·328 lines (263 loc) · 7.94 KB
/
debian-setup2.sh
File metadata and controls
executable file
·328 lines (263 loc) · 7.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
#!/bin/bash
#
# Continue Debian stretch setup on a virtual server.
#
# VERSION :2.1.2
# URL :https://github.com/szepeviktor/debian-server-tools
# AUTHOR :Viktor Szépe <viktor@szepe.net>
# LICENSE :The MIT License (MIT)
# BASH-VERSION :4.2+
# CI :shellcheck -x debian-setup2.sh
# CONFIG :/root/server.yml
# Advise
#
# Prepare two terminals.
declare -i CPU_COUNT
set -e -x
if [ ! -t 0 ]; then
echo "Some commands still need a terminal." 1>&2
exit 10
fi
# shellcheck disable=SC1091
. debian-setup-functions.inc.sh
VIRT="$(Data get-value virtualization)"
export VIRT
IP="$(ifconfig | sed -n -e '0,/^\s*inet \(addr:\)\?\([0-9\.]\+\)\b.*$/s//\2/p')"
export IP
# _check-system needs most
debian-setup/most
# Manual checks
debian-setup/_check-system
# Basic packages
Pkg_install_quiet \
localepurge unattended-upgrades apt-listchanges debsums \
ncurses-term mc most less time moreutils unzip \
logtail apg bc dos2unix ccze colordiff sipcalc jq \
net-tools whois ntpdate ipset netcat-openbsd lftp s-nail \
gcc libc6-dev make strace \
unscd mtr-tiny cruft bash-completion htop mmdb-bin
# Provide mail command
debian-setup/s-nail
# From backports
# List available backports: apt-get upgrade -t stretch-backports
# @nonDebian
Pkg_install_quiet \
-t stretch-backports needrestart geoipupdate git goaccess
# Also in debian-setup/fail2ban
# From testing
debian-setup/ca-certificates
# From custom repos
debian-setup/ipset-persistent
# Provider packages
if [ -n "$(Data get-value provider-package "")" ]; then
# shellcheck disable=SC2046
Pkg_install_quiet $(Data get-values provider-package)
fi
# Restore original sudoers file
debian-setup/sudo
debian-setup/locales
# tzdata first as it may modify system time
debian-setup/tzdata
debian-setup/rsyslog
debian-setup/localepurge
debian-setup/unattended-upgrades
# Custom APT repository script
Dinstall package/apt-add-repo.sh
# @FIXME
#debian-setup/ifupdown
debian-setup/_resolv_conf
# Micro Name Service Caching
debian-setup/unscd
debian-setup/kmod
debian-setup/procps
debian-setup/mount
debian-setup/initscripts
# IRQ balance
CPU_COUNT="$(grep -c "^processor" /proc/cpuinfo)"
if [ "$CPU_COUNT" -gt 1 ]; then
# Stable has a bug, it exits
Pkg_install_quiet irqbalance
cat /proc/interrupts
elif Is_installed "irqbalance"; then
apt-get purge -qq irqbalance
fi
# Time synchronization
debian-setup/util-linux
# @TODO
# if grep -F 'kvm-clock' /sys/devices/system/clocksource/clocksource0/current_clocksource \
# || dmesg | grep -F -w 'kvm-clock'; then
# # Display clock sources
# cat /sys/devices/system/clocksource/clocksource0/available_clocksource
# echo "https://s19n.net/articles/2011/kvm_clock.html"
# fi
if [ "$VIRT" == kvm ] && ! Is_installed systemd; then
debian-setup/chrony
fi
# Monitor clock without monit
# Dinstall monitoring/monit/services/ntpdate_script
# echo -e '#!/bin/bash\n/usr/local/bin/ntp-alert.sh' >/etc/cron.daily/ntp-alert1
# chmod +x /etc/cron.daily/ntp-alert1
# Entropy
if Is_installed "rng-tools"; then
# VirtIO RNG on KVM
test -c /dev/hwrng
cat /sys/devices/virtual/misc/hw_random/rng_{available,current}
else
# Software based entropy source
cat /proc/sys/kernel/random/entropy_avail
Pkg_install_quiet haveged
cat /proc/sys/kernel/random/entropy_avail
fi
# @TODO
#if [ "$VIRT" == kvm ]; then
# debian-setup/_virt-kvm
#fi
if [ "$VIRT" == xen ]; then
debian-setup/_virt-xen
fi
if [ "$VIRT" == vmware ]; then
debian-setup/_virt-vmware
fi
if [ -n "$(Data get-value software.aruba-arping "")" ]; then
Dinstall monitoring/aruba-arping.sh
fi
# Extra packages
if [ -n "$(Data get-value package.apt.extra "")" ]; then
# shellcheck disable=SC2046
Pkg_install_quiet $(Data get-values package.apt.extra)
fi
debian-setup/cron
debian-setup/debsums
debian-setup/openssh-client
debian-setup/mc
debian-setup/iptables
# After debian-setup/iptables
debian-setup/fail2ban
#debian-setup/_cert-szepenet
#debian-setup/proftpd-basic
# Tools (courier uses catconf)
for TOOL in catconf cnet doc hosthost hostinfo ip.sh lsrev msec reboot revip \
sortip swap-usage.sh u udrush uwp whichdo whoistop; do
Dinstall "tools/${TOOL}"
done
# Courier MTA - deliver all messages to a smarthost
mail/courier-mta-satellite-system.sh
if Is_installed "msmtp-mta"; then
debian-setup/msmtp-mta
fi
#if Is_installed "nullmailer"; then
# debian-setup/nullmailer
#fi
# init-alert (after MTA)
# @nonDebian
Pkg_install_quiet init-alert
# Apache 2.4
webserver/apache-httpd.sh
Dinstall webserver/apache-resolve-hostnames.sh
if Is_installed "mod-pagespeed-stable"; then
debian-setup/mod-pagespeed-stable
fi
# PHP-FPM
if Data get-values-0 package.apt.extra | grep -z -F -x 'php5-fpm' \
|| Data get-values-0 package.apt.extra | grep -z -F -x 'php5.6-fpm'; then
PHP="5.6"
elif Data get-values-0 package.apt.extra | grep -z -F -x 'php7.0-fpm'; then
PHP="7.0"
elif Data get-values-0 package.apt.extra | grep -z -F -x 'php7.1-fpm'; then
PHP="7.1"
elif Data get-values-0 package.apt.extra | grep -z -F -x 'php7.2-fpm'; then
PHP="7.2"
fi
export PHP
webserver/php-fpm.sh
# Package managers
debian-setup/_package-python-pip
# Needs PHP-CLI
debian-setup/_package-php-composer
# Node.js (from package.apt.extra)
# @nonDebian
if Is_installed "nodejs"; then
debian-setup/nodejs
fi
# Webserver reload
Dinstall webserver/webrestart.sh
# Redis server and PHP extension
debian-setup/redis-server
webserver/php-redis.sh
if Data get-values-0 package.apt.sources | grep -z -F -x 'mysql-5.7'; then
# MySQL 5.7 from Debian sid
debian-setup/mariadb-server
elif Data get-values-0 package.apt.sources | grep -q -z -F -x 'percona' \
&& [ -n "$(Data get-value package.apt.extra "")" ] \
&& Data get-values-0 package.apt.extra | grep -z -F -x 'percona-server-server-5.7'; then
# Percona Server 5.7
debian-setup/percona-server-server-5.7
elif Data get-values-0 package.apt.sources | grep -z -F -x 'oracle-mysql-server'; then
# Oracle MySQL 5.7
debian-setup/mysql-community-server
else
# MariaDB
debian-setup/mariadb-server
fi
# Add the development website, needs composer
##webserver/add-prg-site-auto.sh
# apache-default, apache-combined and apache-instant Fail2ban jails are enabled by default
service fail2ban restart
# Backup
Pkg_install_quiet debconf-utils rsync mariadb-client
# percona-xtrabackup is installed in debian-setup/mariadb,mysql
# @nonDebian
Pkg_install_quiet s3ql
# Disable Apache configuration from javascript-common
if hash a2disconf 2>/dev/null; then
a2disconf javascript-common
fi
# CLI tools
debian-setup/php-wpcli
# WordPress cron
Dinstall webserver/wp-install/wp-cron-cli.sh
debian-setup/php-cachetool
#debian-setup/php-drush
# Monit - monitoring
# @FIXME Needs a production website for apache2 and php-fpm
# @FIXME Defaults file editor
# @FIXME Depends on repo
(
cd /usr/local/src/debian-server-tools/monitoring/monit/
install --mode=0640 -D -t /etc/monit monit.defaults
editor /etc/monit/monit.defaults
./monit-debian-setup.sh
)
# After monit
debian-setup/libpam-modules
# @TODO
# Munin - network-wide graphing
#monitoring/munin/munin-debian-setup.sh
# Clean up
apt-get autoremove --purge -y
apt-get clean
# Throttle automatic package downloads
echo -e 'Acquire::Queue-mode "access";\nAcquire::http::Dl-Limit "1000";' >/etc/apt/apt.conf.d/76throttle-download
# etckeeper at last
debian-setup/etckeeper
# Remove old configuration files
find /etc/ -type f "(" -iname "*old" -or -iname "*dist" ")" -print -delete
# List of emails
find /var/mail/ -type f
# Clear Bash history
history -c
set +x
# @TODO Automate these
cat <<"EOT"
# TODO - hosts
editor /etc/hosts
# TODO - users
adduser USER
# TODO - server backup
./install.sh backup/system-backup.sh
# TODO - monit/apache+php
monitoring/monit/monit-debian-setup.sh
# TODO - Monitoring
open https://github.com/szepeviktor/debian-server-tools/blob/master/monitoring/README.md
EOT
echo "OK. (exit from script command now)"