threefold_public
/
public
5
2
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
Public repo to distribute scripts and config's
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
84 Révisions
1 Branche
26 MiB
 
Aborescence: bcdc464b06
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de 'bcdc464b06'
${ noResults }
public/prep-grid-vm.sh

112 lignes
3.6 KiB
Brut Annotations Historique 

  1. #!/bin/bash

  2. set -euo pipefail

  3. 

  4. REPO_BASE="https://docs.grid.tf/threefold_public/public/raw/branch/master"

  5. 

  6. echo "=== Grid VM Preparation ==="

  7. 

  8. if [ "$EUID" -ne 0 ]; then

  9.   echo "Please run as root"

  10.   exit 1

  11. fi

  12. 

  13. # --- System update and base tools ---

  14. echo ""

  15. echo "=== Updating system and installing base tools ==="

  16. apt-get update -y

  17. DEBIAN_FRONTEND=noninteractive apt-get install -y \

  18.   sudo nmon tmux restic tcpdump nano iputils-ping net-tools curl wget

  19. 

  20. # --- TF Users ---

  21. echo ""

  22. echo "=== Setting up TF Users ==="

  23. wget -q "${REPO_BASE}/add-tf-users.sh" -O /tmp/add-tf-users.sh

  24. bash /tmp/add-tf-users.sh

  25. rm -f /tmp/add-tf-users.sh

  26. 

  27. # --- SSH hardening ---

  28. echo ""

  29. echo "=== Configuring SSH ==="

  30. 

  31. ubuntu_version=$(lsb_release -rs 2>/dev/null || (. /etc/os-release && echo "$VERSION_ID"))

  32. major_version=$(echo "$ubuntu_version" | cut -d. -f1)

  33. 

  34. echo "Detected Ubuntu $ubuntu_version (major: $major_version)"

  35. 

  36. # Backup original if not already backed up

  37. if [ ! -f "/etc/ssh/sshd_config.original" ]; then

  38.   cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original

  39.   echo "[OK] Backed up original sshd_config"

  40. fi

  41. 

  42. wget -q "${REPO_BASE}/sshd_config" -O /etc/ssh/sshd_config

  43. echo "[OK] Installed hardened sshd_config (port 34022, no root, no password)"

  44. 

  45. if [ "$major_version" -ge 24 ]; then

  46.   # Ubuntu 24.04+ uses ssh.socket — override listen port

  47.   echo "Configuring ssh.socket for port 34022..."

  48.   mkdir -p /etc/systemd/system/ssh.socket.d

  49.   cat > /etc/systemd/system/ssh.socket.d/port.conf <<EOF

  50. [Socket]

  51. ListenStream=

  52. ListenStream=0.0.0.0:34022

  53. ListenStream=[::]:34022

  54. EOF

  55.   systemctl daemon-reload

  56.   systemctl restart ssh.socket

  57.   systemctl enable ssh.socket

  58.   echo "[OK] ssh.socket configured for port 34022"

  59. else

  60.   # Ubuntu 22.04 and older — restart ssh service

  61.   systemctl restart ssh

  62.   echo "[OK] ssh service restarted"

  63. fi

  64. 

  65. # --- Optional flags ---

  66. while getopts ":dc" opt; do

  67.   case ${opt} in

  68.     d )

  69.       echo ""

  70.       echo "=== Installing Docker ==="

  71.       if command -v docker &>/dev/null; then

  72.         echo "[OK] Docker already installed"

  73.       else

  74.         DEBIAN_FRONTEND=noninteractive apt-get install -y \

  75.           ca-certificates curl gnupg lsb-release

  76.         curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

  77.         echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null

  78.         apt-get update

  79.         DEBIAN_FRONTEND=noninteractive apt-get install -y docker-ce docker-ce-cli containerd.io

  80.         systemctl enable --now docker

  81.         echo "[OK] Docker installed"

  82.       fi

  83.       ;;

  84.     c )

  85.       echo ""

  86.       echo "=== Installing Caddy ==="

  87.       if command -v caddy &>/dev/null; then

  88.         echo "[OK] Caddy already installed"

  89.       else

  90.         apt-get install -y debian-keyring debian-archive-keyring apt-transport-https

  91.         curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg

  92.         curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list

  93.         apt-get update

  94.         DEBIAN_FRONTEND=noninteractive apt-get install -y caddy

  95.         echo "[OK] Caddy installed"

  96.       fi

  97.       ;;

  98.     \? )

  99.       echo "Invalid option: $OPTARG" 1>&2

  100.       ;;

  101.   esac

  102. done

  103. shift $((OPTIND -1))

  104. 

  105. echo ""

  106. echo "=== VM Preparation Complete ==="

  107. echo ""

  108. echo "SSH is now on port 34022. Connect with:"

  109. echo "  ssh -p 34022 <username>@<server-ip>"

  110. echo ""

  111. echo "Root login is disabled. Use sudo from a TF user account."