threefold_public
/
public
5
2
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
Public repo to distribute scripts and config's
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
80 Révisions
1 Branche
26 MiB
 
Aborescence: 6820191dda
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '6820191dda'
${ noResults }
public/prep-grid-vm.sh

110 lignes
3.6 KiB
Brut Annotations Historique 

  1. #!/bin/bash

  2. set -euo pipefail

  3. 

  4. REPO_BASE="https://docs.grid.tf/threefold_public/public/raw/branch/master"

  5. 

  6. echo "=== Grid VM Preparation ==="

  7. 

  8. if [ "$EUID" -ne 0 ]; then

  9.   echo "Please run as root"

  10.   exit 1

  11. fi

  12. 

  13. # --- System update and base tools ---

  14. echo ""

  15. echo "=== Updating system and installing base tools ==="

  16. apt-get update -y

  17. DEBIAN_FRONTEND=noninteractive apt-get install -y \

  18.   sudo nmon tmux restic tcpdump nano iputils-ping net-tools curl wget

  19. 

  20. # --- TF Users ---

  21. echo ""

  22. echo "=== Setting up TF Users ==="

  23. wget -q "${REPO_BASE}/add-tf-users.sh" -O /tmp/add-tf-users.sh

  24. bash /tmp/add-tf-users.sh

  25. rm -f /tmp/add-tf-users.sh

  26. 

  27. # --- SSH hardening ---

  28. echo ""

  29. echo "=== Configuring SSH ==="

  30. 

  31. ubuntu_version=$(lsb_release -rs 2>/dev/null || (. /etc/os-release && echo "$VERSION_ID"))

  32. major_version=$(echo "$ubuntu_version" | cut -d. -f1)

  33. 

  34. echo "Detected Ubuntu $ubuntu_version (major: $major_version)"

  35. 

  36. # Backup original if not already backed up

  37. if [ ! -f "/etc/ssh/sshd_config.original" ]; then

  38.   cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original

  39.   echo "[OK] Backed up original sshd_config"

  40. fi

  41. 

  42. wget -q "${REPO_BASE}/sshd_config" -O /etc/ssh/sshd_config

  43. echo "[OK] Installed hardened sshd_config (port 34022, no root, no password)"

  44. 

  45. if [ "$major_version" -ge 24 ]; then

  46.   # Ubuntu 24.04+ uses ssh.socket — override listen port

  47.   echo "Configuring ssh.socket for port 34022..."

  48.   mkdir -p /etc/systemd/system/ssh.socket.d

  49.   cat > /etc/systemd/system/ssh.socket.d/port.conf <<EOF

  50. [Socket]

  51. ListenStream=

  52. ListenStream=34022

  53. EOF

  54.   systemctl daemon-reload

  55.   systemctl restart ssh.socket

  56.   systemctl enable ssh.socket

  57.   echo "[OK] ssh.socket configured for port 34022"

  58. else

  59.   # Ubuntu 22.04 and older — restart ssh service

  60.   systemctl restart ssh

  61.   echo "[OK] ssh service restarted"

  62. fi

  63. 

  64. # --- Optional flags ---

  65. while getopts ":dc" opt; do

  66.   case ${opt} in

  67.     d )

  68.       echo ""

  69.       echo "=== Installing Docker ==="

  70.       if command -v docker &>/dev/null; then

  71.         echo "[OK] Docker already installed"

  72.       else

  73.         DEBIAN_FRONTEND=noninteractive apt-get install -y \

  74.           ca-certificates curl gnupg lsb-release

  75.         curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

  76.         echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null

  77.         apt-get update

  78.         DEBIAN_FRONTEND=noninteractive apt-get install -y docker-ce docker-ce-cli containerd.io

  79.         systemctl enable --now docker

  80.         echo "[OK] Docker installed"

  81.       fi

  82.       ;;

  83.     c )

  84.       echo ""

  85.       echo "=== Installing Caddy ==="

  86.       if command -v caddy &>/dev/null; then

  87.         echo "[OK] Caddy already installed"

  88.       else

  89.         apt-get install -y debian-keyring debian-archive-keyring apt-transport-https

  90.         curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg

  91.         curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list

  92.         apt-get update

  93.         DEBIAN_FRONTEND=noninteractive apt-get install -y caddy

  94.         echo "[OK] Caddy installed"

  95.       fi

  96.       ;;

  97.     \? )

  98.       echo "Invalid option: $OPTARG" 1>&2

  99.       ;;

  100.   esac

  101. done

  102. shift $((OPTIND -1))

  103. 

  104. echo ""

  105. echo "=== VM Preparation Complete ==="

  106. echo ""

  107. echo "SSH is now on port 34022. Connect with:"

  108. echo "  ssh -p 34022 <username>@<server-ip>"

  109. echo ""

  110. echo "Root login is disabled. Use sudo from a TF user account."