#!/bin/bash SOURCE_DIR=$(realpath $(dirname "${0}"))/basic export DEBIAN_FRONTEND="noninteractive" # Uninstall unnecessary packages apt-get -y purge bsdmainutils dictionaries-common emacsen-common iamerican ibritish ienglish-common installation-report ispell laptop-detect nano os-prober task-english tasksel tasksel-data wamerican # Install useful packages apt-get -y update apt-get -y --no-install-recommends install apt-transport-https bash-completion ca-certificates curl file git htop ntp openssl sudo tree unzip vim ###### # OpenSSH and user settings ##### # Install OpenSSH server apt-get -y --no-install-recommends install openssh-server mkdir ~/.ssh cp ${SOURCE_DIR}/root/.ssh/authorized_keys /root/.ssh/authorized_keys # Copy profile files and settings mkdir -p /root/.config/htop cp ${SOURCE_DIR}/root/.bashrc /root/.bashrc cp ${SOURCE_DIR}/root/.config/htop/htoprc /root/.config/htop/htoprc cp ${SOURCE_DIR}/root/.vimrc /root/.vimrc # Remove default user deluser --remove-all-files user 2>/dev/null ##### # System boot ##### # Rename encrypted partition sed -i 's/sda2_crypt/system/' /etc/crypttab dmsetup rename sda2_crypt system # Suppress warnings during boot cp ${SOURCE_DIR}/usr/share/initramfs-tools/scripts/local-top/lvm2 /usr/share/initramfs-tools/scripts/local-top/lvm2 cp ${SOURCE_DIR}/usr/share/initramfs-tools/scripts/local-top/cryptroot /usr/share/initramfs-tools/scripts/local-top/cryptroot # Set GRUB options cp ${SOURCE_DIR}/etc/default/grub /etc/default/grub # Set legal banner with URL + latin2 character set cp ${SOURCE_DIR}/etc/default/console-setup /etc/default/console-setup cp ${SOURCE_DIR}/etc/issue /etc/issue dpkg-reconfigure console-setup # Forbid login on tty1, disable tty2-6 cp ${SOURCE_DIR}/lib/systemd/system/getty@.service /lib/systemd/system/getty@.service systemctl mask getty-static # Update initramfs and GRUB update-initramfs -u update-grub ##### # Postfix ##### # Preconfigure echo postfix postfix/main_mailer_type string "Satellite system" | debconf-set-selections echo postfix postfix/mailname string "$(hostname -f)" | debconf-set-selections echo postfix postfix/relayhost string "" | debconf-set-selections # Install packages apt-get -y --no-install-recommends install postfix # Configure Postfix cp ${SOURCE_DIR}/etc/postfix/main.cf /etc/postfix/main.cf # Restart services systemctl restart postfix ##### # Docker ##### # Add Docker repository echo 'deb https://download.docker.com/linux/debian stretch stable' > /etc/apt/sources.list.d/docker.list wget https://download.docker.com/linux/debian/gpg -O - | apt-key add - apt-get -y update # Install packages apt-get -y --no-install-recommends install docker-ce ##### # Nginx + uWSGI ##### # Install packages apt-get -y --no-install-recommends install nginx-light uwsgi uwsgi-plugin-python # Create a self-signed certificate openssl req -x509 -new -out /etc/ssl/certs/services.pem -keyout /etc/ssl/private/services.key -nodes -days 3654 -subj "/C=CZ/CN=$(hostname -f)" chgrp ssl-cert /etc/ssl/private/services.key chmod 640 /etc/ssl/private/services.key # Configure nginx mkdir /etc/nginx/apps-available /etc/nginx/apps-enabled cp ${SOURCE_DIR}/etc/nginx/nginx.conf /etc/nginx/nginx.conf cp ${SOURCE_DIR}/etc/nginx/sites-available/default /etc/nginx/sites-available/default # Workaround for web2py shutdown problem, see https://github.com/web2py/web2py/issues/1769 sed -i 's|QUIT/30|QUIT/5|' /usr/share/uwsgi/init/specific_daemon # Copy Portal resources cp -r ${SOURCE_DIR}/usr/local/bin/portal-app-manager /usr/local/bin/portal-app-manager cp -r ${SOURCE_DIR}/srv/portal /srv/portal chown -R www-data:www-data /srv/portal # Restart systemctl restart nginx ##### # PostgreSQL + PostGIS ##### # Install packages apt-get -y --no-install-recommends install postgresql-9.6 postgresql-9.6-postgis postgresql-contrib-9.6 # Install Czech search data wget http://postgres.cz/data/czech.tar.gz -O /tmp/czech.tar.gz tar xzf /tmp/czech.tar.gz -C /usr/share/postgresql/9.6/tsearch_data --strip-components 1 chown root:root /usr/share/postgresql/9.6/tsearch_data/czech.* rm -f /tmp/czech.tar.gz # Configure cp ${SOURCE_DIR}/etc/postgresql/9.6/main/postgresql.conf /etc/postgresql/9.6/main/postgresql.conf cp ${SOURCE_DIR}/etc/postgresql/9.6/main/pg_hba.conf /etc/postgresql/9.6/main/pg_hba.conf # Enable query logging. Only if the DEBUG environment variable is set if [ ${DEBUG:-0} -eq 1 ]; then sed -i 's/#log_destination/log_destination/' /etc/postgresql/9.6/main/postgresql.conf sed -i 's/#logging_collector/logging_collector/' /etc/postgresql/9.6/main/postgresql.conf sed -i 's/#log_directory/log_directory/' /etc/postgresql/9.6/main/postgresql.conf sed -i 's/#log_statement/log_statement/' /etc/postgresql/9.6/main/postgresql.conf fi # Restart systemctl restart postgresql ##### # MariaDB ##### # Install packages apt-get -y --no-install-recommends install mariadb-server # Enable query logging. Only if the DEBUG environment variable is set if [ ${DEBUG:-0} -eq 1 ]; then sed -i 's/#general_log/general_log/g' /etc/mysql/mariadb.conf.d/50-server.cnf fi # Restart systemctl restart mysqld ##### # Tomcat ##### # Install packages apt-get -y --no-install-recommends install libservlet3.1-java openjdk-8-jre-headless tomcat8 # Configure cp ${SOURCE_DIR}/etc/tomcat8/server.xml /etc/tomcat8/server.xml # Restart systemctl restart tomcat8