-
Notifications
You must be signed in to change notification settings - Fork 0
/
Setup_Ubuntu_Server.sh
392 lines (319 loc) · 10.7 KB
/
Setup_Ubuntu_Server.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
#############################################################################
# Static IP LAN #
#############################################################################
#connect using lan first
# view network devices
ls /sys/class/net
# view plans
ls /etc/netplan
# select the correct plan and edit
sudo nano /etc/netplan/10-rpi-ethernet-eth0.yaml
network:
ethernets:
eth0:
# Rename the built-in ethernet device to "eth0"
match:
driver: bcmgenet smsc95xx lan78xx
set-name: eth0
dhcp4: no
addresses: [192.168.1.231/24]
gateway4: 192.168.1.1
nameservers:
addresses: [192.168.1.1]
optional: true
sudo netplan generate
sudo netplan apply
#############################################################################
# Static IP Wifi #
#############################################################################
#connect using lan first
# view network devices
ls /sys/class/net
# view plans
ls /etc/netplan
# select the correct plan and edit
sudo nano /etc/netplan/50-cloud-init.yaml
network:
ethernets:
eth0:
dhcp4: true
optional: true
version: 2
wifis:
wlan0:
dhcp4: no
addresses: [192.168.1.233/24]
gateway4: 192.168.1.1
nameservers:
addresses: [192.168.1.1]
optional: true
access-points:
"YOUR-WIFI-NAME":
password: "PASSWORD"
hidden: true #IF HIDDEN WIFI
# set country code
# https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
# set country code to india
# check if it is set
sudo iw reg get
# if not set
sudo iw reg set IN
# just to make sure add here also
sudo nano /etc/default/crda
REGDOMAIN=IN
sudo netplan generate
sudo netplan apply
#############################################################################
# automount mmc #
#############################################################################
# check memory card location
sudo fdisk -l
# Locate the UUID
sudo blkid
#add folder and permisions
sudo mkdir /media/mmc
sudo groupadd mmc
sudo usermod -aG mmc $USER
sudo chown -R :mmc /media/mmc
#add at the bottom
sudo nano /etc/fstab
UUID=9691fac2-0a5b-4af8-957b-8ced1ce901c9 /media/mmc auto nosuid,nodev,nofail,x-gvfs-show 0 0
# test if working
sudo mount -a
sudo reboot
#############################################################################
# Ubuntu basic setup #
#############################################################################
# add user and disable ubuntu
sudo adduser "USER-NAME"
sudo gpasswd -a $USER adm
sudo gpasswd -a $USER sudo
# change the ssh connection to "USER-NAME" and then proceed
sudo passwd -l ubuntu
# set timezones
# to list all the timezones
timedatectl list-timezones
#select your timezone
sudo timedatectl set-timezone Asia/Kolkata
# set hostname
sudo hostnamectl set-hostname "NEW-HOSTNAME"
# disable microcode modules (not required for rpi in ubuntu)
sudo nano /etc/needrestart/needrestart.conf
$nrconf{ucodehints} = 0;
sudo reboot
# update ubuntu
sudo apt update -y && sudo apt upgrade -y
sudo reboot
# install raspi specific contents
sudo apt install linux-modules-extra-raspi libraspberrypi-bin zip unzip net-tools -y
sudo usermod -aG video $USER
sudo reboot
# silience the ssh startup
touch ~/.hushlogin
# enable automatic system updates
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
# enable the following
"${distro_id}:${distro_codename}-updates";
Unattended-Upgrade::AutoFixInterruptedDpkg "true";
Unattended-Upgrade::MinimalSteps "true";
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-WithUsers "true";
Unattended-Upgrade::SyslogEnable "true";
Unattended-Upgrade::SyslogFacility "daemon";
# enable custome scripts
# copy all the scripts to home directory first
sudo chmod +x ~/scripts/*
mkdir ~/.temp
touch ~/.temp/temp
# normal user jobs, add at the end
crontab -e
*/10 * * * * /home/$USER/scripts/./high-cpu-temps.sh >> /dev/null
*/60 * * * * /home/$USER/scripts/./check-other-server.sh >> /dev/null
@reboot sleep 60 && /home/$USER/scripts/./raspi-started.sh >> /dev/null
# sudo jobs, add at the end
sudo crontab -e
0 4 * * 6 /home/$USER/scripts/./backup-server.sh
*/30 * * * * /home/$USER/scripts/./network-troubleshoot.sh >> /dev/null
# limit log files size
sudo journalctl --rotate
sudo journalctl --vacuum-size=100M
# set boot to usb
sudo -E rpi-eeprom-config --edit
BOOT_ORDER=0xf41 # Fall back to SD card IF USB boot fails
or
BOOT_ORDER=0x4 # Boot straight to USB mass storage
#############################################################################
# OverClock rpi4 #
#############################################################################
sudo nano /boot/firmware/config.txt
# add to the end
over_voltage=4
arm_freq=1900
#############################################################################
# Securing SSH #
#############################################################################
# secure ssh
mkdir .ssh
# copy ssh pub key
sudo nano ~/.ssh/authorized_keys
#ADD PUB KEY IN THE FILE
sudo nano /etc/ssh/sshd_config
Port "USE-ANY-PORT"
Allowusers $USER
PubkeyAuthentication yes
PasswordAuthentication no
PermitRootLogin prohibit-password
sudo service ssh restart
sudo reboot
#############################################################################
# install docker #
#############################################################################
# docker install
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
# give permisions to docker
sudo usermod -aG docker $USER
# reduce logging
sudo nano /etc/docker/daemon.json
# create new file
{
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
}
}
#edit for dns settings also used to free port 53 and pihole
sudo nano /etc/systemd/resolved.conf
DNSStubListener=no
sudo sh -c 'rm /etc/resolv.conf && ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf'
sudo systemctl restart systemd-resolved
# remove sudo host not found error
sudo nano /etc/hosts
# add
127.0.0.1 localhost "YOUR-HOSTNAME"
# for use with db's
sudo nano /boot/firmware/cmdline.txt
# edit and add these in the beggining
cgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1 swapaccount=1
sudo reboot
# check if docker is working
docker run hello-world
#install docker compose (check for newer doker compose version)
sudo curl -L "https://github.com/docker/compose/releases/download/v2.1.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
# check if workin
docker-compose --version
# command line completetion
sudo curl \
-L https://raw.githubusercontent.com/docker/compose/1.29.2/contrib/completion/bash/docker-compose \
-o /etc/bash_completion.d/docker-compose
# install portainer
docker run -d -p 8000:8000 -p 9443:9443 -p 9000:9000 --name portainer \
--restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /home/$USER/docker_appdata/portainer/data:/data \
portainer/portainer-ce:latest
# install portainer agent
docker run -d -p 9001:9001 --name portainer_agent --restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /var/lib/docker/volumes:/var/lib/docker/volumes \
portainer/agent:latest
# install watchtower
docker run -d \
--name watchtower \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /etc/localtime:/etc/localtime:ro \
containrrr/watchtower \
--cleanup \
--remove-volumes \
--include-stopped
# remove plugins which are not required
sudo nano /etc/containerd/config.toml
disabled_plugins = ["cri", "aufs", "btrfs", "devmapper", "zfs"]
#############################################################################
# install samba #
#############################################################################
sudo apt install samba -y
sudo nano /etc/samba/smb.conf
map to guest = bad user # disable this
usershare allow guests = no
# add at the end of file
[YOUR-FOLDER]
comment = "YOUR-COMMENTS"
path = "YOUR-PATH"
guest ok = no
read only = no
browsable = yes
create mask = 0666
directory mask = 0755
sudo service smbd restart
sudo smbpasswd -a $USER
#############################################################################
# install zsh #
#############################################################################
sudo apt install zsh -y
zsh --version
chsh -s $(which zsh)
#after re-logging check
echo $SHELL
# install oh my zsh
sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
# install fzf and add pluggins
sudo apt-get install fzf autojump -y
nano ~/.zshrc
# add theme
ZSH_THEME="agnoster"
# add plugins
plugins=(
adb
alias-finder
aliases
autojump
command-not-found
common-aliases
docker
git
history
sudo
ubuntu
zsh-interactive-cd
)
# set aliases
nano ~/.zshrc
alias update='sudo apt update -y && sudo apt upgrade -y'
alias backup='~/scripts/./backup-server.sh'
alias ll='ls -la'
alias remove='sudo rm -r'
alias copy='sudo cp -r'
alias monitor='watch --color "~/scripts/./raspi-monitor.sh --color"'
alias errors='grep "error" /var/log/syslog'
alias fails='grep "fail" /var/log/syslog'
alias logs='cat ~/custome_scripts.log'
alias cron-logs='grep CRON /var/log/syslog'
alias nano='nano -m'
alias zshconf="nano -m ~/.zshrc"
#############################################################################
# custome banner #
#############################################################################
# install ascii generator
sudo apt install figlet rubygems git -y
#go to home folder
git clone https://github.com/busyloop/lolcat
#install lolcat rainbow colors
cd lolcat/bin && sudo gem install lolcat
#install custom fonts for figlet
cd /usr/share
sudo git clone https://github.com/xero/figlet-fonts
sudo mv figlet-fonts/* figlet
sudo rm -r figlet-fonts
# view all fonts
showfigfonts
# actual demo code (add it at the end of profile)
#zsh = sudo nano /etc/zsh/zshrc
#bash = sudo nano /etc/bash.bashrc
# SAMPLES
figlet -ct -f Poison "U b u n t u" | lolcat -a -d 1 -t