2017-06-23 10:17:08 +02:00
|
|
|
#!/bin/bash
|
|
|
|
|
2017-06-25 20:49:10 +02:00
|
|
|
SOURCE_DIR=$(realpath $(dirname "${0}"))
|
2017-09-20 10:10:04 +02:00
|
|
|
export DEBIAN_FRONTEND="noninteractive"
|
2017-06-25 20:49:10 +02:00
|
|
|
|
2017-06-23 10:17:08 +02:00
|
|
|
# Uninstall unnecessary packages
|
2017-09-11 17:45:18 +02:00
|
|
|
apt-get -y purge bsdmainutils dictionaries-common emacsen-common iamerican ibritish ienglish-common installation-report ispell laptop-detect nano os-prober task-english tasksel tasksel-data wamerican
|
2017-06-25 20:49:10 +02:00
|
|
|
|
|
|
|
# Install useful packages
|
2017-07-18 10:49:35 +02:00
|
|
|
apt-get -y update
|
2017-11-26 19:31:36 +01:00
|
|
|
apt-get -y --no-install-recommends install apt-transport-https bash-completion ca-certificates file git htop ntp openssl sudo tree unzip vim
|
2017-06-25 20:49:10 +02:00
|
|
|
|
|
|
|
|
|
|
|
######
|
2017-06-30 18:05:48 +02:00
|
|
|
# OpenSSH and user settings
|
2017-06-25 20:49:10 +02:00
|
|
|
#####
|
2017-06-23 10:17:08 +02:00
|
|
|
|
2017-06-23 16:03:19 +02:00
|
|
|
# Install OpenSSH server
|
2017-06-25 20:49:10 +02:00
|
|
|
apt-get -y --no-install-recommends install openssh-server
|
2017-09-11 10:36:04 +02:00
|
|
|
mkdir ~/.ssh
|
2017-09-17 23:05:00 +02:00
|
|
|
cp ${SOURCE_DIR}/basic/root/.ssh/authorized_keys /root/.ssh/authorized_keys
|
2017-06-23 11:01:08 +02:00
|
|
|
|
2017-09-17 23:05:00 +02:00
|
|
|
# Copy profile files and settings
|
|
|
|
mkdir -p /root/.config/htop
|
2017-06-29 11:38:48 +02:00
|
|
|
cp ${SOURCE_DIR}/basic/root/.bashrc /root/.bashrc
|
2017-09-17 23:05:00 +02:00
|
|
|
cp ${SOURCE_DIR}/basic/root/.config/htop/htoprc /root/.config/htop/htoprc
|
2017-08-31 21:54:13 +02:00
|
|
|
cp ${SOURCE_DIR}/basic/root/.vimrc /root/.vimrc
|
2017-06-25 20:49:10 +02:00
|
|
|
|
2017-06-30 18:05:48 +02:00
|
|
|
# Remove default user
|
|
|
|
deluser --remove-all-files user 2>/dev/null
|
2017-06-25 20:49:10 +02:00
|
|
|
|
2017-08-31 19:45:00 +02:00
|
|
|
|
2017-06-25 20:49:10 +02:00
|
|
|
#####
|
|
|
|
# System boot
|
|
|
|
#####
|
2017-06-23 11:01:08 +02:00
|
|
|
|
2017-06-23 10:24:16 +02:00
|
|
|
# Rename encrypted partition
|
|
|
|
sed -i 's/sda2_crypt/system/' /etc/crypttab
|
|
|
|
dmsetup rename sda2_crypt system
|
|
|
|
|
2017-06-23 16:09:10 +02:00
|
|
|
# Suppress warnings during boot
|
2017-06-25 20:49:10 +02:00
|
|
|
cp ${SOURCE_DIR}/basic/usr/share/initramfs-tools/scripts/local-top/lvm2 /usr/share/initramfs-tools/scripts/local-top/lvm2
|
|
|
|
cp ${SOURCE_DIR}/basic/usr/share/initramfs-tools/scripts/local-top/cryptroot /usr/share/initramfs-tools/scripts/local-top/cryptroot
|
2017-06-23 16:03:19 +02:00
|
|
|
|
|
|
|
# Set GRUB options
|
2017-06-25 20:49:10 +02:00
|
|
|
cp ${SOURCE_DIR}/basic/etc/default/grub /etc/default/grub
|
2017-06-23 10:32:56 +02:00
|
|
|
|
2017-06-23 10:35:14 +02:00
|
|
|
# Set legal banner with URL + latin2 character set
|
2017-06-25 20:49:10 +02:00
|
|
|
cp ${SOURCE_DIR}/basic/etc/default/console-setup /etc/default/console-setup
|
|
|
|
cp ${SOURCE_DIR}/basic/etc/issue /etc/issue
|
2017-09-20 10:10:04 +02:00
|
|
|
dpkg-reconfigure console-setup
|
2017-06-23 10:37:25 +02:00
|
|
|
|
|
|
|
# Forbid login on tty1, disable tty2-6
|
2017-06-25 20:49:10 +02:00
|
|
|
cp ${SOURCE_DIR}/basic/lib/systemd/system/getty@.service /lib/systemd/system/getty@.service
|
2017-06-23 10:37:25 +02:00
|
|
|
systemctl mask getty-static
|
2017-06-25 20:49:10 +02:00
|
|
|
|
|
|
|
# Update initramfs and GRUB
|
|
|
|
update-initramfs -u
|
|
|
|
update-grub
|
|
|
|
|
|
|
|
|
2017-09-18 23:04:16 +02:00
|
|
|
#####
|
|
|
|
# Postfix
|
|
|
|
#####
|
|
|
|
|
|
|
|
# Preconfigure
|
|
|
|
echo postfix postfix/main_mailer_type string "Satellite system" | debconf-set-selections
|
|
|
|
echo postfix postfix/mailname string "$(hostname -f)" | debconf-set-selections
|
|
|
|
echo postfix postfix/relayhost string "" | debconf-set-selections
|
|
|
|
|
|
|
|
# Install packages
|
|
|
|
apt-get -y --no-install-recommends install postfix
|
|
|
|
|
2017-10-14 12:07:15 +02:00
|
|
|
# Configure Postfix
|
|
|
|
cp ${SOURCE_DIR}/basic/etc/postfix/main.cf /etc/postfix/main.cf
|
|
|
|
|
|
|
|
# Restart services
|
|
|
|
systemctl restart postfix
|
|
|
|
|
2017-09-18 23:04:16 +02:00
|
|
|
|
2017-06-25 20:49:10 +02:00
|
|
|
#####
|
|
|
|
# Nginx + uWSGI
|
|
|
|
#####
|
|
|
|
|
|
|
|
# Install packages
|
|
|
|
apt-get -y --no-install-recommends install nginx-light uwsgi uwsgi-plugin-python
|
|
|
|
|
|
|
|
# Create a self-signed certificate
|
|
|
|
openssl req -x509 -new -out /etc/ssl/certs/services.pem -keyout /etc/ssl/private/services.key -nodes -days 3654 -subj "/C=CZ/CN=$(hostname -f)"
|
2017-12-03 21:41:52 +01:00
|
|
|
chgrp ssl-cert /etc/ssl/private/services.key
|
2017-06-25 20:49:10 +02:00
|
|
|
chmod 640 /etc/ssl/private/services.key
|
|
|
|
|
2017-09-18 17:50:13 +02:00
|
|
|
# Configure nginx
|
2017-06-25 20:49:10 +02:00
|
|
|
mkdir /etc/nginx/apps-available /etc/nginx/apps-enabled
|
2017-09-18 17:50:13 +02:00
|
|
|
cp ${SOURCE_DIR}/basic/etc/nginx/nginx.conf /etc/nginx/nginx.conf
|
2017-06-25 20:49:10 +02:00
|
|
|
cp ${SOURCE_DIR}/basic/etc/nginx/sites-available/default /etc/nginx/sites-available/default
|
2017-09-18 17:50:13 +02:00
|
|
|
|
2017-09-20 14:15:57 +02:00
|
|
|
# Workaround for web2py shutdown problem, see https://github.com/web2py/web2py/issues/1769
|
|
|
|
sed -i 's|QUIT/30|QUIT/5|' /usr/share/uwsgi/init/specific_daemon
|
|
|
|
|
2017-09-18 17:50:13 +02:00
|
|
|
# Copy Portal resources
|
2017-09-14 21:49:57 +02:00
|
|
|
cp -r ${SOURCE_DIR}/basic/srv/portal /srv/portal
|
2017-06-25 20:49:10 +02:00
|
|
|
chown -R www-data:www-data /srv/portal
|
|
|
|
|
|
|
|
# Restart
|
|
|
|
systemctl restart nginx
|
|
|
|
|
|
|
|
|
|
|
|
#####
|
|
|
|
# PostgreSQL + PostGIS
|
|
|
|
#####
|
|
|
|
|
|
|
|
# Install packages
|
2017-10-23 10:42:57 +02:00
|
|
|
apt-get -y --no-install-recommends install postgresql-9.6 postgresql-9.6-postgis postgresql-contrib-9.6
|
2017-06-25 20:49:10 +02:00
|
|
|
|
2017-11-19 10:01:18 +01:00
|
|
|
# Install Czech search data
|
|
|
|
wget http://postgres.cz/data/czech.tar.gz -O /tmp/czech.tar.gz
|
|
|
|
tar xzf /tmp/czech.tar.gz -C /usr/share/postgresql/9.6/tsearch_data --strip-components 1
|
|
|
|
chown root:root /usr/share/postgresql/9.6/tsearch_data/czech.*
|
|
|
|
rm -f /tmp/czech.tar.gz
|
|
|
|
|
2017-06-25 20:49:10 +02:00
|
|
|
# Configure
|
|
|
|
cp ${SOURCE_DIR}/basic/etc/postgresql/9.6/main/postgresql.conf /etc/postgresql/9.6/main/postgresql.conf
|
|
|
|
cp ${SOURCE_DIR}/basic/etc/postgresql/9.6/main/pg_hba.conf /etc/postgresql/9.6/main/pg_hba.conf
|
|
|
|
|
2017-09-26 12:52:05 +02:00
|
|
|
# Enable query logging. Only if the DEBUG environment variable is set
|
|
|
|
if [ ${DEBUG:-0} -eq 1 ]; then
|
2017-09-20 11:35:13 +02:00
|
|
|
sed -i 's/#log_destination/log_destination/' /etc/postgresql/9.6/main/postgresql.conf
|
|
|
|
sed -i 's/#logging_collector/logging_collector/' /etc/postgresql/9.6/main/postgresql.conf
|
|
|
|
sed -i 's/#log_directory/log_directory/' /etc/postgresql/9.6/main/postgresql.conf
|
|
|
|
sed -i 's/#log_statement/log_statement/' /etc/postgresql/9.6/main/postgresql.conf
|
|
|
|
fi
|
|
|
|
|
2017-06-25 20:49:10 +02:00
|
|
|
# Restart
|
|
|
|
systemctl restart postgresql
|
2017-10-26 22:47:44 +02:00
|
|
|
|
|
|
|
|
|
|
|
#####
|
|
|
|
# MariaDB
|
|
|
|
#####
|
|
|
|
|
|
|
|
# Install packages
|
|
|
|
apt-get -y --no-install-recommends install mariadb-server
|