Revision of Server Init

anduin revisou este gist 1735397302. Ir para a revisão

1 file changed, 3 insertions, 3 deletions

init.sh

			@@ -244,9 +244,9 @@ prepare_server()
244	244		wait_server_till_can_ssh $desiredUsername $userPassword $serverName
245	245
246	246		print_ok "Set CPU to performance mode"
247		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y linux-tools-common linux-tools-$(uname -r)"
248		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cpupower frequency-info"
249		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cpupower frequency-set -g performance" \|\| true
	247	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt install -y linux-tools-common linux-tools-\$(uname -r)"
	248	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo cpupower frequency-info"
	249	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo cpupower frequency-set -g performance" \|\| true
250	250		judge "CPU set to performance mode"
251	251
252	252		print_ok "Set timezone to GMT"

anduin revisou este gist 1735396094. Ir para a revisão

1 file changed, 1 insertion, 1 deletion

init.sh

			@@ -182,7 +182,7 @@ prepare_server()
182	182		ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PermitRootLogin no/PermitRootLogin no/g' /etc/ssh/sshd_config"
183	183		ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PasswordAuthentication no/PasswordAuthentication no/g' /etc/ssh/sshd_config"
184	184		ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config"
185		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemctl restart sshd"
	185	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemctl restart ssh*"
186	186		judge "Disable root login, password login and enabled ssh key login"
187	187
188	188		print_ok "Server is ready for $desiredUsername to login. Deleting other users..."

anduin revisou este gist 1735395960. Ir para a revisão

1 file changed, 2 insertions, 2 deletions

init.sh

			@@ -148,7 +148,7 @@ prepare_server()
148	148
149	149		print_ok "Adding user $desiredUsername to sudo group"
150	150		sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo usermod -aG sudo $desiredUsername"
151		-	judge "User $desiredUsername created with password $userPassword"
	151	+	judge "User $desiredUsername created with password"
152	152
153	153		print_ok "Allowing user $desiredUsername to run sudo without password"
154	154		sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo mkdir -p /etc/sudoers.d"
			@@ -156,8 +156,8 @@ prepare_server()
156	156		sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "echo '$desiredUsername ALL=(ALL) NOPASSWD:ALL' \| sudo tee -a /etc/sudoers.d/$desiredUsername"
157	157		judge "User $desiredUsername can run sudo without password"
158	158
159		-	print_ok "Setting password for user $desiredUsername"
160	159		userPassword=$(uuidgen)
	160	+	print_ok "Setting password for user $desiredUsername to $userPassword"
161	161		sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "echo $desiredUsername:$userPassword \| sudo chpasswd"
162	162		judge "Password set for user $desiredUsername as $userPassword"
163	163

anduin revisou este gist 1735395731. Ir para a revisão

1 file changed, 70 insertions, 75 deletions

init.sh

			@@ -77,7 +77,7 @@ wait_server_till_can_ssh()
77	77		print_ok "Waiting for server to be ready: ssh $userName@$serverName"
78	78		while true; do
79	79		set +e
80		-	sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$userName@$serverName" "echo 'Server is ready'"
	80	+	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "echo 'Server is ready'"
81	81		if [ $? -eq 0 ]; then
82	82		break
83	83		fi
			@@ -122,161 +122,156 @@ prepare_server()
122	122		fi
123	123
124	124		prepare_host
125		-	ssh-keygen -f "/home/anduin/.ssh/known_hosts" -R "$serverName"
	125	+	ssh-keygen -f "/home/anduin/.ssh/known_hosts" -R $serverName
126	126
127		-	wait_server_till_can_ssh "$userName" "$password" "$serverName"
	127	+	wait_server_till_can_ssh $userName $password $serverName
128	128
129	129		print_ok "Changing hostname for $serverName to $desiredHostname"
130		-	sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$userName@$serverName" "sudo hostnamectl set-hostname $desiredHostname"
131		-	sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$userName@$serverName" "sleep 3"
132		-	sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$userName@$serverName" "sudo reboot" \|\| true
	130	+	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo hostnamectl set-hostname $desiredHostname"
	131	+	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sleep 3"
	132	+	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo reboot" \|\| true
133	133		sleep 5
134	134		print_ok "Hostname changed to $desiredHostname"
135	135		print_warn "Server is rebooting..."
136	136
137		-	wait_server_till_can_ssh "$userName" "$password" "$serverName"
	137	+	wait_server_till_can_ssh $userName $password $serverName
138	138
139	139		print_ok "Creating a new user..."
140		-	alreadyExist=$(sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$userName@$serverName" "grep -w '^$desiredUsername:' /etc/passwd \| wc -l")
141		-	if [ "$alreadyExist" -gt 0 ]; then
	140	+	alreadyExist=$(sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "cat /etc/passwd \| grep -w $desiredUsername \| wc -l")
	141	+	if [ $alreadyExist -gt 0 ]; then
142	142		print_ok "User $desiredUsername already exists."
143	143		else
144	144		print_ok "Creating user $desiredUsername"
145		-	sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$userName@$serverName" "sudo adduser $desiredUsername --gecos 'First Last,RoomNumber,WorkPhone,HomePhone' --disabled-password"
	145	+	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo adduser $desiredUsername --gecos 'First Last,RoomNumber,WorkPhone,HomePhone' --disabled-password"
	146	+	judge "User $desiredUsername created"
146	147		fi
147		-	judge "User $desiredUsername created"
148		-
149		-	print_ok "Setting password for user $desiredUsername"
150		-	userPassword=$(uuidgen)
151		-	sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$userName@$serverName" "echo '$desiredUsername:$userPassword' \| sudo chpasswd"
152		-	judge "Password set for user $desiredUsername as $userPassword"
153	148
154	149		print_ok "Adding user $desiredUsername to sudo group"
155		-	sshpass -p "$userPassword" ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo usermod -aG sudo $desiredUsername"
156		-	judge "User $desiredUsername added to sudo group"
157		-
158		-	# Determine if userName and desiredUsername are the same
159		-	if [ "$userName" = "$desiredUsername" ]; then
160		-	# Update the password variable to the new password
161		-	print_ok "Initial user and desired user are the same. Updating password for subsequent SSH connections."
162		-	password="$userPassword"
163		-	fi
	150	+	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo usermod -aG sudo $desiredUsername"
	151	+	judge "User $desiredUsername created with password $userPassword"
164	152
165	153		print_ok "Allowing user $desiredUsername to run sudo without password"
166		-	sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo mkdir -p /etc/sudoers.d"
167		-	sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo touch /etc/sudoers.d/$desiredUsername"
168		-	sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "echo '$desiredUsername ALL=(ALL) NOPASSWD:ALL' \| sudo tee -a /etc/sudoers.d/$desiredUsername"
	154	+	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo mkdir -p /etc/sudoers.d"
	155	+	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo touch /etc/sudoers.d/$desiredUsername"
	156	+	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "echo '$desiredUsername ALL=(ALL) NOPASSWD:ALL' \| sudo tee -a /etc/sudoers.d/$desiredUsername"
169	157		judge "User $desiredUsername can run sudo without password"
170	158
171		-	# If ~/.ssh/id_rsa.pub does not exist, create it
	159	+	print_ok "Setting password for user $desiredUsername"
	160	+	userPassword=$(uuidgen)
	161	+	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "echo $desiredUsername:$userPassword \| sudo chpasswd"
	162	+	judge "Password set for user $desiredUsername as $userPassword"
	163	+
	164	+
	165	+	# If ~/ssh/id_rsa.pub does not exist, create it
172	166		if [ ! -f ~/.ssh/id_rsa.pub ]; then
173	167		print_warn "Creating ssh keys on local machine"
174	168		ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
175	169		fi
176	170
177	171		print_ok "Copying ssh keys with ssh-copy-id"
178		-	sshpass -p "$password" ssh-copy-id -i ~/.ssh/id_rsa.pub "$desiredUsername@$serverName"
	172	+	sshpass -p $userPassword ssh-copy-id -i ~/.ssh/id_rsa.pub $desiredUsername@$serverName
179	173		print_ok "SSH keys copied"
180	174
181		-	wait_server_till_can_ssh "$desiredUsername" "$password" "$serverName"
	175	+	wait_server_till_can_ssh $desiredUsername $userPassword $serverName
182	176
183	177		print_ok "Disabling root login, password login and enabling ssh key login"
184		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config"
185		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config"
186		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo sed -i 's/PubkeyAuthentication no/PubkeyAuthentication yes/g' /etc/ssh/sshd_config"
	178	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config"
	179	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config"
	180	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PubkeyAuthentication no/PubkeyAuthentication yes/g' /etc/ssh/sshd_config"
187	181		# Uncomment those lines if they are commented
188		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo sed -i 's/#PermitRootLogin no/PermitRootLogin no/g' /etc/ssh/sshd_config"
189		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo sed -i 's/#PasswordAuthentication no/PasswordAuthentication no/g' /etc/ssh/sshd_config"
190		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config"
191		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo systemctl restart sshd"
	182	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PermitRootLogin no/PermitRootLogin no/g' /etc/ssh/sshd_config"
	183	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PasswordAuthentication no/PasswordAuthentication no/g' /etc/ssh/sshd_config"
	184	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config"
	185	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemctl restart sshd"
192	186		judge "Disable root login, password login and enabled ssh key login"
193	187
194	188		print_ok "Server is ready for $desiredUsername to login. Deleting other users..."
195		-	otherUsers=$(ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "grep -v -E 'nologin\|false\|root\|sync\|$desiredUsername' /etc/passwd \| cut -d: -f1")
	189	+	otherUsers=$(ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "cat /etc/passwd \| grep -v nologin \| grep -v false \| grep -v root \| grep -v sync \| grep -v $desiredUsername \| cut -d: -f1")
196	190		for otherUser in $otherUsers; do
197	191		print_warn "Deleting user $otherUser..."
198		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo pkill -u $otherUser" \|\| true
199		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo deluser --remove-home $otherUser"
	192	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo pkill -u $otherUser" \|\| true
	193	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo deluser --remove-home $otherUser"
200	194		done
201	195
202	196		print_ok "Resetting machine-id"
203		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo rm -f /etc/machine-id /var/lib/dbus/machine-id"
204		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo systemd-machine-id-setup"
205		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo cp /etc/machine-id /var/lib/dbus/machine-id"
	197	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm /etc/machine-id"
	198	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm /var/lib/dbus/machine-id"
	199	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemd-machine-id-setup"
	200	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cp /etc/machine-id /var/lib/dbus/machine-id"
206	201		judge "Machine-id reset"
207	202
208	203		print_ok "Enabling ufw firewall"
209		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt-get install -y ufw"
210		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo ufw allow OpenSSH"
211		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "echo 'y' \| sudo ufw enable"
	204	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt-get install -y ufw"
	205	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo ufw allow OpenSSH"
	206	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "echo 'y' \| sudo ufw enable"
212	207		judge "Ufw firewall enabled"
213	208
214	209		print_ok "Enabling BBR if not enabled"
215		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo sysctl net.ipv4.tcp_available_congestion_control \| grep -q bbr \|\| echo 'net.core.default_qdisc=fq' \| sudo tee -a /etc/sysctl.conf"
216		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo sysctl net.ipv4.tcp_available_congestion_control \| grep -q bbr \|\| echo 'net.ipv4.tcp_congestion_control=bbr' \| sudo tee -a /etc/sysctl.conf"
217		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo sysctl -p"
	210	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl net.ipv4.tcp_available_congestion_control \| grep -q bbr \|\| echo 'net.core.default_qdisc=fq' \| sudo tee -a /etc/sysctl.conf"
	211	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl net.ipv4.tcp_available_congestion_control \| grep -q bbr \|\| echo 'net.ipv4.tcp_congestion_control=bbr' \| sudo tee -a /etc/sysctl.conf"
	212	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl -p"
218	213		judge "BBR enabled"
219	214
220	215		print_ok "Selecting best mirror"
221		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "curl -s https://gist.aiursoft.cn/anduin/879917820a6c4b268fc12c21f1b3fe7a/raw/HEAD/mirror.sh \| bash"
222		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt update"
	216	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "curl -s https://gist.aiursoft.cn/anduin/879917820a6c4b268fc12c21f1b3fe7a/raw/HEAD/mirror.sh \| bash"
	217	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt update"
223	218		judge "Best mirror selected"
224	219
225	220		print_ok "Installing latest kernel..."
226		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt search linux-generic-hwe-* \| awk -F'/' '/linux-generic-hwe-/ {print \$1}' \| sort \| head -n 1 \| xargs -r sudo apt install -y"
	221	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt search linux-generic-hwe-* \| awk -F'/' '/linux-generic-hwe-/ {print $1}' \| sort \| head -n 1 \| xargs -r sudo apt install -y"
227	222		judge "Latest kernel installed"
228	223
229	224		print_ok "Rebooting server..."
230		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sleep 3"
231		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo reboot" \|\| true
	225	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sleep 3"
	226	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo reboot" \|\| true
232	227		sleep 5
233	228		print_warn "Server is rebooting..."
234	229
235		-	wait_server_till_can_ssh "$desiredUsername" "$password" "$serverName"
	230	+	wait_server_till_can_ssh $desiredUsername $userPassword $serverName
236	231
237	232		print_ok "Installing updates"
238		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt update"
239		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt upgrade -y"
240		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt autoremove -y"
	233	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt update"
	234	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt upgrade -y"
	235	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt autoremove -y"
241	236		judge "Updates installed"
242	237
243	238		print_ok "Rebooting server..."
244		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sleep 3"
245		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo reboot" \|\| true
	239	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sleep 3"
	240	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo reboot" \|\| true
246	241		sleep 5
247	242		print_warn "Server is rebooting..."
248	243
249		-	wait_server_till_can_ssh "$desiredUsername" "$password" "$serverName"
	244	+	wait_server_till_can_ssh $desiredUsername $userPassword $serverName
250	245
251	246		print_ok "Set CPU to performance mode"
252		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt install -y linux-tools-common linux-tools-\$(uname -r)"
253		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo cpupower frequency-info"
254		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo cpupower frequency-set -g performance" \|\| true
	247	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y linux-tools-common linux-tools-$(uname -r)"
	248	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cpupower frequency-info"
	249	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cpupower frequency-set -g performance" \|\| true
255	250		judge "CPU set to performance mode"
256	251
257	252		print_ok "Set timezone to GMT"
258		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo timedatectl set-timezone GMT"
	253	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo timedatectl set-timezone GMT"
259	254		judge "Timezone set to GMT"
260	255
261	256		print_ok "Removing snap..."
262		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo systemctl disable --now snapd"
263		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt purge -y snapd"
264		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo rm -rf /snap /var/snap /var/lib/snapd /var/cache/snapd /usr/lib/snapd ~/snap"
265		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo tee /etc/apt/preferences.d/no-snap.pref > /dev/null << EOF
	257	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemctl disable --now snapd"
	258	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt purge -y snapd"
	259	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm -rf /snap /var/snap /var/lib/snapd /var/cache/snapd /usr/lib/snapd ~/snap"
	260	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "cat << EOF \| sudo tee -a /etc/apt/preferences.d/no-snap.pref
266	261		Package: snapd
267	262		Pin: release a=*
268	263		Pin-Priority: -10
269	264		EOF"
270		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo chown root:root /etc/apt/preferences.d/no-snap.pref"
	265	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo chown root:root /etc/apt/preferences.d/no-snap.pref"
271	266		judge "Snap removed"
272	267
273	268		print_ok "Autoremoving apt packages"
274		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt autoremove -y --purge"
	269	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt autoremove -y --purge"
275	270		judge "Apt packages autoremoved"
276	271
277	272		print_ok "Benchmarking server..."
278		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt install -y sysbench"
279		-	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sysbench cpu --threads=\$(nproc) run"
	273	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y sysbench"
	274	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sysbench cpu --threads=\$(nproc) run"
280	275		judge "Server benchmarked"
281	276
282	277		print_ok "Server is ready for use"
			@@ -289,4 +284,4 @@ EOF"
289	284		# Arg3: servername
290	285		# Arg4: Desired hostname
291	286		# Arg5: Desired username
292		-	prepare_server "$@"
	287	+	prepare_server "$@"

anduin revisou este gist 1735394482. Ir para a revisão

1 file changed, 70 insertions, 64 deletions

init.sh

			@@ -77,7 +77,7 @@ wait_server_till_can_ssh()
77	77		print_ok "Waiting for server to be ready: ssh $userName@$serverName"
78	78		while true; do
79	79		set +e
80		-	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "echo 'Server is ready'"
	80	+	sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$userName@$serverName" "echo 'Server is ready'"
81	81		if [ $? -eq 0 ]; then
82	82		break
83	83		fi
			@@ -122,155 +122,161 @@ prepare_server()
122	122		fi
123	123
124	124		prepare_host
125		-	ssh-keygen -f "/home/anduin/.ssh/known_hosts" -R $serverName
	125	+	ssh-keygen -f "/home/anduin/.ssh/known_hosts" -R "$serverName"
126	126
127		-	wait_server_till_can_ssh $userName $password $serverName
	127	+	wait_server_till_can_ssh "$userName" "$password" "$serverName"
128	128
129	129		print_ok "Changing hostname for $serverName to $desiredHostname"
130		-	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo hostnamectl set-hostname $desiredHostname"
131		-	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sleep 3"
132		-	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo reboot" \|\| true
	130	+	sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$userName@$serverName" "sudo hostnamectl set-hostname $desiredHostname"
	131	+	sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$userName@$serverName" "sleep 3"
	132	+	sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$userName@$serverName" "sudo reboot" \|\| true
133	133		sleep 5
134	134		print_ok "Hostname changed to $desiredHostname"
135	135		print_warn "Server is rebooting..."
136	136
137		-	wait_server_till_can_ssh $userName $password $serverName
	137	+	wait_server_till_can_ssh "$userName" "$password" "$serverName"
138	138
139	139		print_ok "Creating a new user..."
140		-	alreadyExist=$(sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "cat /etc/passwd \| grep -w $desiredUsername \| wc -l")
141		-	if [ $alreadyExist -gt 0 ]; then
	140	+	alreadyExist=$(sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$userName@$serverName" "grep -w '^$desiredUsername:' /etc/passwd \| wc -l")
	141	+	if [ "$alreadyExist" -gt 0 ]; then
142	142		print_ok "User $desiredUsername already exists."
143	143		else
144	144		print_ok "Creating user $desiredUsername"
145		-	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo adduser $desiredUsername --gecos 'First Last,RoomNumber,WorkPhone,HomePhone' --disabled-password"
	145	+	sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$userName@$serverName" "sudo adduser $desiredUsername --gecos 'First Last,RoomNumber,WorkPhone,HomePhone' --disabled-password"
146	146		fi
147	147		judge "User $desiredUsername created"
148	148
149	149		print_ok "Setting password for user $desiredUsername"
150	150		userPassword=$(uuidgen)
151		-	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "echo $desiredUsername:$userPassword \| sudo chpasswd"
	151	+	sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$userName@$serverName" "echo '$desiredUsername:$userPassword' \| sudo chpasswd"
152	152		judge "Password set for user $desiredUsername as $userPassword"
153	153
154	154		print_ok "Adding user $desiredUsername to sudo group"
155		-	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo usermod -aG sudo $desiredUsername"
156		-	judge "User $desiredUsername created with password $userPassword"
	155	+	sshpass -p "$userPassword" ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo usermod -aG sudo $desiredUsername"
	156	+	judge "User $desiredUsername added to sudo group"
	157	+
	158	+	# Determine if userName and desiredUsername are the same
	159	+	if [ "$userName" = "$desiredUsername" ]; then
	160	+	# Update the password variable to the new password
	161	+	print_ok "Initial user and desired user are the same. Updating password for subsequent SSH connections."
	162	+	password="$userPassword"
	163	+	fi
157	164
158	165		print_ok "Allowing user $desiredUsername to run sudo without password"
159		-	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo mkdir -p /etc/sudoers.d"
160		-	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo touch /etc/sudoers.d/$desiredUsername"
161		-	sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "echo '$desiredUsername ALL=(ALL) NOPASSWD:ALL' \| sudo tee -a /etc/sudoers.d/$desiredUsername"
	166	+	sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo mkdir -p /etc/sudoers.d"
	167	+	sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo touch /etc/sudoers.d/$desiredUsername"
	168	+	sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "echo '$desiredUsername ALL=(ALL) NOPASSWD:ALL' \| sudo tee -a /etc/sudoers.d/$desiredUsername"
162	169		judge "User $desiredUsername can run sudo without password"
163	170
164		-	# If ~/ssh/id_rsa.pub does not exist, create it
	171	+	# If ~/.ssh/id_rsa.pub does not exist, create it
165	172		if [ ! -f ~/.ssh/id_rsa.pub ]; then
166	173		print_warn "Creating ssh keys on local machine"
167	174		ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
168	175		fi
169	176
170	177		print_ok "Copying ssh keys with ssh-copy-id"
171		-	sshpass -p $userPassword ssh-copy-id -i ~/.ssh/id_rsa.pub $desiredUsername@$serverName
	178	+	sshpass -p "$password" ssh-copy-id -i ~/.ssh/id_rsa.pub "$desiredUsername@$serverName"
172	179		print_ok "SSH keys copied"
173	180
174		-	wait_server_till_can_ssh $desiredUsername $userPassword $serverName
	181	+	wait_server_till_can_ssh "$desiredUsername" "$password" "$serverName"
175	182
176	183		print_ok "Disabling root login, password login and enabling ssh key login"
177		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config"
178		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config"
179		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PubkeyAuthentication no/PubkeyAuthentication yes/g' /etc/ssh/sshd_config"
	184	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config"
	185	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config"
	186	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo sed -i 's/PubkeyAuthentication no/PubkeyAuthentication yes/g' /etc/ssh/sshd_config"
180	187		# Uncomment those lines if they are commented
181		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PermitRootLogin no/PermitRootLogin no/g' /etc/ssh/sshd_config"
182		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PasswordAuthentication no/PasswordAuthentication no/g' /etc/ssh/sshd_config"
183		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config"
184		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemctl restart sshd"
	188	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo sed -i 's/#PermitRootLogin no/PermitRootLogin no/g' /etc/ssh/sshd_config"
	189	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo sed -i 's/#PasswordAuthentication no/PasswordAuthentication no/g' /etc/ssh/sshd_config"
	190	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config"
	191	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo systemctl restart sshd"
185	192		judge "Disable root login, password login and enabled ssh key login"
186	193
187	194		print_ok "Server is ready for $desiredUsername to login. Deleting other users..."
188		-	otherUsers=$(ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "cat /etc/passwd \| grep -v nologin \| grep -v false \| grep -v root \| grep -v sync \| grep -v $desiredUsername \| cut -d: -f1")
	195	+	otherUsers=$(ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "grep -v -E 'nologin\|false\|root\|sync\|$desiredUsername' /etc/passwd \| cut -d: -f1")
189	196		for otherUser in $otherUsers; do
190	197		print_warn "Deleting user $otherUser..."
191		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo pkill -u $otherUser" \|\| true
192		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo deluser --remove-home $otherUser"
	198	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo pkill -u $otherUser" \|\| true
	199	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo deluser --remove-home $otherUser"
193	200		done
194	201
195	202		print_ok "Resetting machine-id"
196		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm /etc/machine-id"
197		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm /var/lib/dbus/machine-id"
198		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemd-machine-id-setup"
199		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cp /etc/machine-id /var/lib/dbus/machine-id"
	203	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo rm -f /etc/machine-id /var/lib/dbus/machine-id"
	204	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo systemd-machine-id-setup"
	205	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo cp /etc/machine-id /var/lib/dbus/machine-id"
200	206		judge "Machine-id reset"
201	207
202	208		print_ok "Enabling ufw firewall"
203		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt-get install -y ufw"
204		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo ufw allow OpenSSH"
205		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "echo 'y' \| sudo ufw enable"
	209	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt-get install -y ufw"
	210	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo ufw allow OpenSSH"
	211	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "echo 'y' \| sudo ufw enable"
206	212		judge "Ufw firewall enabled"
207	213
208	214		print_ok "Enabling BBR if not enabled"
209		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl net.ipv4.tcp_available_congestion_control \| grep -q bbr \|\| echo 'net.core.default_qdisc=fq' \| sudo tee -a /etc/sysctl.conf"
210		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl net.ipv4.tcp_available_congestion_control \| grep -q bbr \|\| echo 'net.ipv4.tcp_congestion_control=bbr' \| sudo tee -a /etc/sysctl.conf"
211		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl -p"
	215	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo sysctl net.ipv4.tcp_available_congestion_control \| grep -q bbr \|\| echo 'net.core.default_qdisc=fq' \| sudo tee -a /etc/sysctl.conf"
	216	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo sysctl net.ipv4.tcp_available_congestion_control \| grep -q bbr \|\| echo 'net.ipv4.tcp_congestion_control=bbr' \| sudo tee -a /etc/sysctl.conf"
	217	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo sysctl -p"
212	218		judge "BBR enabled"
213	219
214	220		print_ok "Selecting best mirror"
215		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "curl -s https://gist.aiursoft.cn/anduin/879917820a6c4b268fc12c21f1b3fe7a/raw/HEAD/mirror.sh \| bash"
216		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt update"
	221	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "curl -s https://gist.aiursoft.cn/anduin/879917820a6c4b268fc12c21f1b3fe7a/raw/HEAD/mirror.sh \| bash"
	222	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt update"
217	223		judge "Best mirror selected"
218	224
219	225		print_ok "Installing latest kernel..."
220		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt search linux-generic-hwe-* \| awk -F'/' '/linux-generic-hwe-/ {print $1}' \| sort \| head -n 1 \| xargs -r sudo apt install -y"
	226	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt search linux-generic-hwe-* \| awk -F'/' '/linux-generic-hwe-/ {print \$1}' \| sort \| head -n 1 \| xargs -r sudo apt install -y"
221	227		judge "Latest kernel installed"
222	228
223	229		print_ok "Rebooting server..."
224		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sleep 3"
225		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo reboot" \|\| true
	230	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sleep 3"
	231	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo reboot" \|\| true
226	232		sleep 5
227	233		print_warn "Server is rebooting..."
228	234
229		-	wait_server_till_can_ssh $desiredUsername $userPassword $serverName
	235	+	wait_server_till_can_ssh "$desiredUsername" "$password" "$serverName"
230	236
231	237		print_ok "Installing updates"
232		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt update"
233		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt upgrade -y"
234		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt autoremove -y"
	238	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt update"
	239	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt upgrade -y"
	240	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt autoremove -y"
235	241		judge "Updates installed"
236	242
237	243		print_ok "Rebooting server..."
238		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sleep 3"
239		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo reboot" \|\| true
	244	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sleep 3"
	245	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo reboot" \|\| true
240	246		sleep 5
241	247		print_warn "Server is rebooting..."
242	248
243		-	wait_server_till_can_ssh $desiredUsername $userPassword $serverName
	249	+	wait_server_till_can_ssh "$desiredUsername" "$password" "$serverName"
244	250
245	251		print_ok "Set CPU to performance mode"
246		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y linux-tools-common linux-tools-$(uname -r)"
247		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cpupower frequency-info"
248		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cpupower frequency-set -g performance" \|\| true
	252	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt install -y linux-tools-common linux-tools-\$(uname -r)"
	253	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo cpupower frequency-info"
	254	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo cpupower frequency-set -g performance" \|\| true
249	255		judge "CPU set to performance mode"
250	256
251	257		print_ok "Set timezone to GMT"
252		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo timedatectl set-timezone GMT"
	258	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo timedatectl set-timezone GMT"
253	259		judge "Timezone set to GMT"
254	260
255	261		print_ok "Removing snap..."
256		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemctl disable --now snapd"
257		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt purge -y snapd"
258		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm -rf /snap /var/snap /var/lib/snapd /var/cache/snapd /usr/lib/snapd ~/snap"
259		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "cat << EOF \| sudo tee -a /etc/apt/preferences.d/no-snap.pref
	262	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo systemctl disable --now snapd"
	263	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt purge -y snapd"
	264	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo rm -rf /snap /var/snap /var/lib/snapd /var/cache/snapd /usr/lib/snapd ~/snap"
	265	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo tee /etc/apt/preferences.d/no-snap.pref > /dev/null << EOF
260	266		Package: snapd
261	267		Pin: release a=*
262	268		Pin-Priority: -10
263	269		EOF"
264		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo chown root:root /etc/apt/preferences.d/no-snap.pref"
	270	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo chown root:root /etc/apt/preferences.d/no-snap.pref"
265	271		judge "Snap removed"
266	272
267	273		print_ok "Autoremoving apt packages"
268		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt autoremove -y --purge"
	274	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt autoremove -y --purge"
269	275		judge "Apt packages autoremoved"
270	276
271	277		print_ok "Benchmarking server..."
272		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y sysbench"
273		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sysbench cpu --threads=\$(nproc) run"
	278	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sudo apt install -y sysbench"
	279	+	ssh -o StrictHostKeyChecking=no "$desiredUsername@$serverName" "sysbench cpu --threads=\$(nproc) run"
274	280		judge "Server benchmarked"
275	281
276	282		print_ok "Server is ready for use"
			@@ -283,4 +289,4 @@ EOF"
283	289		# Arg3: servername
284	290		# Arg4: Desired hostname
285	291		# Arg5: Desired username
286		-	prepare_server "$@"
	292	+	prepare_server "$@"

anduin revisou este gist 1735394181. Ir para a revisão

1 file changed, 1 insertion, 1 deletion

init.sh

			@@ -149,7 +149,7 @@ prepare_server()
149	149		print_ok "Setting password for user $desiredUsername"
150	150		userPassword=$(uuidgen)
151	151		sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "echo $desiredUsername:$userPassword \| sudo chpasswd"
152		-	judge "Password set for user $desiredUsername"
	152	+	judge "Password set for user $desiredUsername as $userPassword"
153	153
154	154		print_ok "Adding user $desiredUsername to sudo group"
155	155		sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo usermod -aG sudo $desiredUsername"

anduin revisou este gist 1735367900. Ir para a revisão

1 file changed, 92 insertions, 63 deletions

mirror.sh

			@@ -1,88 +1,117 @@
	1	+	#!/usr/bin/env bash
	2	+	# Step 1: Ensure required packages are installed
	3	+	sudo apt update
	4	+	sudo apt install -y curl apt-transport-https lsb-release
	5	+
1	6		function switchSource() {
	7	+	# Get current Ubuntu codename (e.g., jammy, focal, bionic)
	8	+	codename=$(lsb_release -cs)
	9	+
	10	+	# Define a list of potential mirrors
2	11		mirrors=(
3	12		"https://archive.ubuntu.com/ubuntu/"
4	13		"https://mirror.aarnet.edu.au/pub/ubuntu/archive/" # Australia
5		-	"https://mirror.fsmg.org.nz/ubuntu/" # New Zealand
6		-	"https://mirrors.neterra.net/ubuntu/archive/" # Bulgaria
7		-	"https://mirror.csclub.uwaterloo.ca/ubuntu/" # Canada
8		-	"https://mirrors.dotsrc.org/ubuntu/" # Denmark
9		-	"https://mirrors.nic.funet.fi/ubuntu/" # Finland
10		-	"https://mirror.ubuntu.ikoula.com/" # France
11		-	"https://mirror.xtom.com.hk/ubuntu/" # Hong Kong
	14	+	"https://mirror.fsmg.org.nz/ubuntu/" # New Zealand
	15	+	"https://mirrors.neterra.net/ubuntu/archive/" # Bulgaria
	16	+	"https://mirror.csclub.uwaterloo.ca/ubuntu/" # Canada
	17	+	"https://mirrors.dotsrc.org/ubuntu/" # Denmark
	18	+	"https://mirrors.nic.funet.fi/ubuntu/" # Finland
	19	+	"https://mirror.ubuntu.ikoula.com/" # France
	20	+	"https://mirror.xtom.com.hk/ubuntu/" # Hong Kong
12	21		"https://mirrors.piconets.webwerks.in/ubuntu-mirror/ubuntu/" # India
13		-	"https://ftp.udx.icscoe.jp/Linux/ubuntu/" # Japan
14		-	"https://ftp.kaist.ac.kr/ubuntu/" # Korea
15		-	"https://ubuntu.mirror.garr.it/ubuntu/" # Italy
16		-	"https://ftp.uni-stuttgart.de/ubuntu/" # Germany
17		-	"https://mirror.i3d.net/pub/ubuntu/" # Netherlands
18		-	"https://mirroronet.pl/pub/mirrors/ubuntu/" # Poland
19		-	"https://ubuntu.mobinhost.com/ubuntu/" # Iran
20		-	"http://sg.archive.ubuntu.com/ubuntu/" # Singapore
	22	+	"https://ftp.udx.icscoe.jp/Linux/ubuntu/" # Japan
	23	+	"https://ftp.kaist.ac.kr/ubuntu/" # Korea
	24	+	"https://ubuntu.mirror.garr.it/ubuntu/" # Italy
	25	+	"https://ftp.uni-stuttgart.de/ubuntu/" # Germany
	26	+	"https://mirror.i3d.net/pub/ubuntu/" # Netherlands
	27	+	"https://mirroronet.pl/pub/mirrors/ubuntu/" # Poland
	28	+	"https://ubuntu.mobinhost.com/ubuntu/" # Iran
	29	+	"http://sg.archive.ubuntu.com/ubuntu/" # Singapore
21	30		"http://ossmirror.mycloud.services/os/linux/ubuntu/" # Singapore
22		-	"https://mirror.enzu.com/ubuntu/" # United States
23		-	"http://jp.archive.ubuntu.com/ubuntu/" # Japan
24		-	"http://kr.archive.ubuntu.com/ubuntu/" # Korea
25		-	"http://us.archive.ubuntu.com/ubuntu/" # United States
26		-	"http://tw.archive.ubuntu.com/ubuntu/" # Taiwan (Province of China)
27		-	"https://mirror.twds.com.tw/ubuntu/" # Taiwan (Province of China)
28		-	"https://ubuntu.mirrors.uk2.net/ubuntu/" # United Kingdom
29		-	"http://mirrors.ustc.edu.cn/ubuntu/" # 中国科学技术大学
30		-	"http://ftp.sjtu.edu.cn/ubuntu/" # 上海交通大学
31		-	"http://mirrors.tuna.tsinghua.edu.cn/ubuntu/" # 清华大学
32		-	"http://mirrors.aliyun.com/ubuntu/" # Aliyun
33		-	"http://mirrors.163.com/ubuntu/" # NetEase
34		-	"http://mirrors.cloud.tencent.com/ubuntu/" # Tencent Cloud
35		-	"http://mirror.aiursoft.cn/ubuntu/" # Aiursoft
36		-	"http://mirrors.anduinos.com/ubuntu/" # AnduinOS
37		-	"http://mirrors.huaweicloud.com/ubuntu/" # Huawei Cloud
38		-	"http://mirrors.zju.edu.cn/ubuntu/" # 浙江大学
39		-	"http://azure.archive.ubuntu.com/ubuntu/" # Azure
40		-	"https://mirrors.isu.net.sa/apt-mirror/" # Saudi Arabia
41		-	"https://mirror.team-host.ru/ubuntu/" # Russia
42		-	"https://labs.eif.urjc.es/mirror/ubuntu/" # Spain
	31	+	"https://mirror.enzu.com/ubuntu/" # United States
	32	+	"http://jp.archive.ubuntu.com/ubuntu/" # Japan
	33	+	"http://kr.archive.ubuntu.com/ubuntu/" # Korea
	34	+	"http://us.archive.ubuntu.com/ubuntu/" # United States
	35	+	"http://tw.archive.ubuntu.com/ubuntu/" # Taiwan
	36	+	"https://mirror.twds.com.tw/ubuntu/" # Taiwan
	37	+	"https://ubuntu.mirrors.uk2.net/ubuntu/" # United Kingdom
	38	+	"http://mirrors.ustc.edu.cn/ubuntu/" # 中国科学技术大学
	39	+	"http://ftp.sjtu.edu.cn/ubuntu/" # 上海交通大学
	40	+	"http://mirrors.tuna.tsinghua.edu.cn/ubuntu/" # 清华大学
	41	+	"http://mirrors.aliyun.com/ubuntu/" # 阿里云
	42	+	"http://mirrors.163.com/ubuntu/" # 网易
	43	+	"http://mirrors.cloud.tencent.com/ubuntu/" # 腾讯云
	44	+	"http://mirror.aiursoft.cn/ubuntu/" # Aiursoft
	45	+	"http://mirrors.anduinos.com/ubuntu/" # AnduinOS
	46	+	"http://mirrors.huaweicloud.com/ubuntu/" # 华为云
	47	+	"http://mirrors.zju.edu.cn/ubuntu/" # 浙江大学
	48	+	"http://azure.archive.ubuntu.com/ubuntu/" # Azure
	49	+	"https://mirrors.isu.net.sa/apt-mirror/" # Saudi Arabia
	50	+	"https://mirror.team-host.ru/ubuntu/" # Russia
	51	+	"https://labs.eif.urjc.es/mirror/ubuntu/" # Spain
43	52		"https://mirror.alastyr.com/ubuntu/ubuntu-archive/" # Turkey
44		-	"https://ftp.acc.umu.se/ubuntu/" # Sweden
45		-	"https://mirror.kku.ac.th/ubuntu/" # Thailand
46		-	"https://mirror.bizflycloud.vn/ubuntu/" # Vietnam
	53	+	"https://ftp.acc.umu.se/ubuntu/" # Sweden
	54	+	"https://mirror.kku.ac.th/ubuntu/" # Thailand
	55	+	"https://mirror.bizflycloud.vn/ubuntu/" # Vietnam
47	56		)
48	57
49	58		declare -A results
50	59
	60	+	# Function to test speed of a single mirror
51	61		test_speed() {
52		-	url=$1
53		-	response=$(curl -o /dev/null -s -w "%{http_code} %{time_total}\n" --connect-timeout 1 --max-time 2 "$url")
54		-	http_code=$(echo $response \| awk '{print $1}')
55		-	time_total=$(echo $response \| awk '{print $2}')
	62	+	url="$1"
	63	+	# Attempt to do a quick GET and measure total time
	64	+	response="$(curl -o /dev/null -s -w "%{http_code} %{time_total}\n" \
	65	+	--connect-timeout 1 --max-time 2 "$url")"
	66	+
	67	+	http_code=$(echo "$response" \| awk '{print $1}')
	68	+	time_total=$(echo "$response" \| awk '{print $2}')
56	69
57		-	if [ "$http_code" -eq 200 ]; then
58		-	results["$url"]=$time_total
59		-	else
60		-	echo "Failed to access $url"
61		-	results["$url"]="9999"
62		-	fi
	70	+	# If HTTP code == 200, mark the measured time; otherwise use a large value
	71	+	if [ "$http_code" -eq 200 ]; then
	72	+	results["$url"]="$time_total"
	73	+	else
	74	+	echo "Failed to access $url (HTTP code: $http_code)"
	75	+	results["$url"]="9999"
	76	+	fi
63	77		}
64	78
65		-	echo "Testing all mirrors..."
	79	+	echo "Testing all mirrors for Ubuntu '$codename'..."
66	80		for mirror in "${mirrors[@]}"; do
67		-	test_speed "$mirror"
	81	+	test_speed "$mirror"
68	82		done
69	83
70		-	sorted_mirrors=$(for url in "${!results[@]}"; do echo "$url ${results[$url]}"; done \| sort -k2 -n)
	84	+	# Sort mirrors by time_total
	85	+	# Example of sorted_mirrors entry: "https://archive.ubuntu.com/ubuntu/ 0.034"
	86	+	sorted_mirrors="$(
	87	+	for url in "${!results[@]}"; do
	88	+	echo "$url ${results[$url]}"
	89	+	done \| sort -k2 -n
	90	+	)"
71	91
72		-	echo "Sorted mirrors:"
	92	+	echo
	93	+	echo "=== Sorted mirrors by response time (ascending) ==="
73	94		echo "$sorted_mirrors"
	95	+	echo
74	96
75		-	fastest_mirror=$(echo "$sorted_mirrors" \| head -n 1 \| awk '{print $1}')
	97	+	# Pick the top (fastest) mirror from the sorted list
	98	+	fastest_mirror="$(echo "$sorted_mirrors" \| head -n 1 \| awk '{print $1}')"
76	99
77		-	echo "Fastest mirror: $fastest_mirror"
78		-	echo "
79		-	deb $fastest_mirror jammy main restricted universe multiverse
80		-	deb $fastest_mirror jammy-updates main restricted universe multiverse
81		-	deb $fastest_mirror jammy-backports main restricted universe multiverse
82		-	deb $fastest_mirror jammy-security main restricted universe multiverse
83		-	" \| sudo tee /etc/apt/sources.list
	100	+	echo "Fastest mirror found: $fastest_mirror"
	101	+	echo "Updating /etc/apt/sources.list..."
	102	+
	103	+	# Update /etc/apt/sources.list with the fastest mirror
	104	+	sudo tee /etc/apt/sources.list >/dev/null <<EOF
	105	+	deb $fastest_mirror $codename main restricted universe multiverse
	106	+	deb $fastest_mirror $codename-updates main restricted universe multiverse
	107	+	deb $fastest_mirror $codename-backports main restricted universe multiverse
	108	+	deb $fastest_mirror $codename-security main restricted universe multiverse
	109	+	EOF
	110	+
	111	+	# Final check
	112	+	sudo apt update
	113	+	echo "All done!"
84	114		}
85	115
86		-	sudo apt update
87		-	sudo apt install curl apt-transport-https -y
	116	+	# Call the main function
88	117		switchSource

anduin revisou este gist 1735367885. Ir para a revisão

1 file changed, 1 insertion, 8 deletions

init.sh

			@@ -126,13 +126,6 @@ prepare_server()
126	126
127	127		wait_server_till_can_ssh $userName $password $serverName
128	128
129		-	print_ok "Ensure Server is Ubuntu 22.04" # Accept 22.04.1, 22.04.2, etc
130		-	osVersion=$(sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "lsb_release -r \| awk '{print \$2}'")
131		-	if [ "$osVersion" != "22.04" ]; then
132		-	print_error "Server is not Ubuntu 22.04. Please use Ubuntu 22.04"
133		-	exit 1
134		-	fi
135		-
136	129		print_ok "Changing hostname for $serverName to $desiredHostname"
137	130		sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo hostnamectl set-hostname $desiredHostname"
138	131		sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sleep 3"
			@@ -224,7 +217,7 @@ prepare_server()
224	217		judge "Best mirror selected"
225	218
226	219		print_ok "Installing latest kernel..."
227		-	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y linux-generic-hwe-22.04"
	220	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt search linux-generic-hwe-* \| awk -F'/' '/linux-generic-hwe-/ {print $1}' \| sort \| head -n 1 \| xargs -r sudo apt install -y"
228	221		judge "Latest kernel installed"
229	222
230	223		print_ok "Rebooting server..."

anduin revisou este gist 1731166747. Ir para a revisão

1 file changed, 32 deletions

init.sh

			@@ -282,38 +282,6 @@ EOF"
282	282
283	283		print_ok "Server is ready for use"
284	284		print_ok "ssh $desiredUsername@$serverName"
285		-
286		-	print_layout
287		-	}
288		-
289		-	print_layout()
290		-	{
291		-	print_ok "OS information"
292		-	sudo lsb_release -a
293		-	print_ok "OS install date"
294		-	stat -c %w /
295		-	print_ok "Secure Boot status"
296		-	sudo mokutil --sb-state
297		-	print_ok "Root file system"
298		-	sudo df -Th /
299		-	print_ok "Boot mode"
300		-	if [ -d /sys/firmware/efi ]; then echo "Boot mode: UEFI"; else echo "Boot mode: Legacy"; fi
301		-	print_ok "USB information"
302		-	sudo lsusb
303		-	print_ok "Disk layout"
304		-	sudo lsblk
305		-	print_ok "All disks information"
306		-	sudo fdisk -l
307		-	prprint_okint "Disk usage"
308		-	sudo df -Th
309		-	print_ok "Memory information"
310		-	sudo free -h
311		-	print_ok "Network information"
312		-	sudo ip link show
313		-	print_ok "Firewall status"
314		-	sudo ufw status
315		-	print_ok "Network location"
316		-	curl https://ipinfo.io
317	285		}
318	286
319	287		# To use this function:

anduin revisou este gist 1731166573. Ir para a revisão

1 file changed, 8 insertions

init.sh

			@@ -227,6 +227,14 @@ prepare_server()
227	227		ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y linux-generic-hwe-22.04"
228	228		judge "Latest kernel installed"
229	229
	230	+	print_ok "Rebooting server..."
	231	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sleep 3"
	232	+	ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo reboot" \|\| true
	233	+	sleep 5
	234	+	print_warn "Server is rebooting..."
	235	+
	236	+	wait_server_till_can_ssh $desiredUsername $userPassword $serverName
	237	+
230	238		print_ok "Installing updates"
231	239		ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt update"
232	240		ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt upgrade -y"

Próximo Anterior