Revision as of 19:27, 25 March 2017

Aptitude
- apt get update
- aptitude build scripts

Sysadmin stuff
- Make non-root default user

SSH
- No root login

Docker

Aptitude

Ubuntu 16.04 LTS

Fresh dev machine apt script

Runs apt-get for all the dev things you need. Ubuntu 16.04 LTS.

#!/bin/sh
#
# Run as root
# 
# Use the -s flag to simulate this command before actually running it,
# as libraries tend to shift around a lot between Ubuntu versions.

echo "export EDITOR=\"vim\"" >> ~/.bash_profile

# Stupid ubuntu packages
# http://askubuntu.com/questions/593433/error-sudo-add-apt-repository-command-not-found#639431
apt-get install software-properties-common

apt-get install -y \
	vim \
	aptitude \
	build-essential \
	checkinstall \
	make \
	m4 \
	bison \
	flex \
	tar \
	perl \
	binutils \
	sed \
	gawk \
	\
	git \
	wget \
	curl \
	docker \
	\
	python2.7 \
	python3 python3-pip \
	\
	libreadline-gplv2-dev  \
	libncursesw5-dev \
	libssl-dev

Dotfiles

Wait until you create a user to install any dotfiles, of course. Root remains plain and uncontaminated.

Unix dotfiles - yargwid repo https://github.com/charlesreid1/yargwid

Mirror: http://git.charlesreid1.com/charlesreid1/yargwid

Users

See Unix/Sysadmin

Add a non-root user

#!/bin/sh

export USERNAME="zappa"

echo "Making user ${USERNAME}"
useradd ${USERNAME}

echo "Setting home directory /home/${USERNAME}"
mkdir -p /home/${HOME}
chown ${USERNAME} /home/${HOME}
usermod -d /home/${HOME} ${USERNAME}

echo "Setting ${USERNAME} shell to bash"
usermod -s /bin/bash ${USERNAME}

echo "If you want to add ${USERNAME} to sudo group, run the command yourself:"
echo ""
echo "    usermod -G sudo ${USERNAME}"
echo ""

echo "Set password for ${USERNAME}:"
passwd ${USERNAME}

Once user is in sudo group, no need to add them to sudoers file.

SSH

SSHD Config

Set up sshd config file:

$ sudo vim /etc/ssh/sshd_config

Specifically, here are the keys to change:

PermitRootLogin no

then restart the sshd service:

$ sudo service sshd restart

SSL

Getting a certificate for the domain associated with the new node:

Visit Let's Encrypt website https://letsencrypt.org/
If command line access, redirected to CertBot https://certbot.eff.org/
It directs me to run:

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot

Obtaining a cert from the web root plugin requires access to directory one higher than web root directory. To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

Docker

Installing

See Docker/Installing

$ apt-get install docker

Flag

@@ Line 158: / Line 158: @@
 $ apt-get install docker
 </pre>
+=Flag=
+{{DockerFlag}}
+[[Category:Deployment]]
+[[Category:Docker]]
+[[Category:Linode]]

Deployment/New Node Checklist: Difference between revisions

From charlesreid1