Like 1
Fork 0

Last active 1748426794

Init a server from cloud provider

anduin's Avatar anduin revised this gist 1725450549. Go to revision

1 file changed, 274 deletions

init.sh

@@ -308,280 +308,6 @@ print_layout()
308 308 curl https://ipinfo.io
309 309 }
310 310
311 - # To use this function:
312 - # Arg1: username
313 - # Arg2: password
314 - # Arg3: servername
315 - # Arg4: Desired hostname
316 - # Arg5: Desired username
317 - prepare_server "$@"}
318 -
319 - function print_error() {
320 - echo -e "${ERROR} ${Red} $1 ${Font}"
321 - }
322 -
323 - function print_warn() {
324 - echo -e "${WARNING} ${Yellow} $1 ${Font}"
325 - }
326 -
327 - #==========================
328 - # Judge function
329 - #==========================
330 - function judge() {
331 - if [[ 0 -eq $? ]]; then
332 - print_ok "$1 succeeded"
333 - sleep 0.2
334 - else
335 - print_error "$1 failed"
336 - exit 1
337 - fi
338 - }
339 -
340 - prepare_host()
341 - {
342 - print_ok "Update apt-get"
343 - sudo apt-get update
344 - judge "Update apt-get"
345 -
346 - print_ok "Install sshpass"
347 - sudo apt-get install -y sshpass
348 - judge "Install sshpass"
349 - }
350 -
351 - wait_server_till_can_ssh()
352 - {
353 - userName=$1
354 - password=$2
355 - serverName=$3
356 -
357 - print_ok "Waiting for server to be ready: ssh $userName@$serverName"
358 - while true; do
359 - set +e
360 - sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "echo 'Server is ready'"
361 - if [ $? -eq 0 ]; then
362 - break
363 - fi
364 - print_warn "Server is not ready yet. Retrying..."
365 - sleep 5
366 - done
367 -
368 - print_ok "Server is ready to connect via ssh"
369 - set -e
370 - }
371 -
372 - prepare_server()
373 - {
374 - userName=$1
375 - if [ -z "$userName" ]; then
376 - print_error "Please provide username. Usage: prepare_server.sh '<username>' '<password>' '<serverName>' '<desiredHostname>' '<desiredUsername>'"
377 - exit 1
378 - fi
379 -
380 - password=$2
381 - if [ -z "$password" ]; then
382 - print_error "Please provide password for user $userName. Usage: prepare_server.sh '<username>' '<password>' '<serverName>' '<desiredHostname>' '<desiredUsername>'"
383 - exit 1
384 - fi
385 -
386 - serverName=$3
387 - if [ -z "$serverName" ]; then
388 - print_error "Please provide server name. Usage: prepare_server.sh '<username>' '<password>' '<serverName>' '<desiredHostname>' '<desiredUsername>'"
389 - exit 1
390 - fi
391 -
392 - desiredHostname=$4
393 - if [ -z "$desiredHostname" ]; then
394 - echo "Please provide desired hostname. Usage: prepare_server.sh '<username>' '<password>' '<serverName>' '<desiredHostname>' '<desiredUsername>'"
395 - exit 1
396 - fi
397 -
398 - desiredUsername=$5
399 - if [ -z "$desiredUsername" ]; then
400 - print_error "Please provide desired username. Usage: prepare_server.sh '<username>' '<password>' '<serverName>' '<desiredHostname>' '<desiredUsername>'"
401 - exit 1
402 - fi
403 -
404 - prepare_host
405 - ssh-keygen -f "/home/anduin/.ssh/known_hosts" -R $serverName
406 -
407 - wait_server_till_can_ssh $userName $password $serverName
408 -
409 - print_ok "Ensure Server is Ubuntu 22.04" # Accept 22.04.1, 22.04.2, etc
410 - osVersion=$(sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "lsb_release -r | awk '{print \$2}'")
411 - if [ "$osVersion" != "22.04" ]; then
412 - print_error "Server is not Ubuntu 22.04. Please use Ubuntu 22.04"
413 - exit 1
414 - fi
415 -
416 - print_ok "Changing hostname for $serverName to $desiredHostname"
417 - sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo hostnamectl set-hostname $desiredHostname"
418 - sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sleep 3"
419 - sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo reboot" || true
420 - sleep 5
421 - print_ok "Hostname changed to $desiredHostname"
422 - print_warn "Server is rebooting..."
423 -
424 - wait_server_till_can_ssh $userName $password $serverName
425 -
426 - print_ok "Creating a new user..."
427 - sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo adduser $desiredUsername --gecos 'First Last,RoomNumber,WorkPhone,HomePhone' --disabled-password"
428 - judge "User $desiredUsername created"
429 -
430 - print_ok "Setting password for user $desiredUsername"
431 - userPassword=$(uuidgen)
432 - sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "echo $desiredUsername:$userPassword | sudo chpasswd"
433 - judge "Password set for user $desiredUsername"
434 -
435 - print_ok "Adding user $desiredUsername to sudo group"
436 - sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo usermod -aG sudo $desiredUsername"
437 - judge "User $desiredUsername created with password $userPassword"
438 -
439 - print_ok "Allowing user $desiredUsername to run sudo without password"
440 - sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo mkdir -p /etc/sudoers.d"
441 - sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo touch /etc/sudoers.d/$desiredUsername"
442 - sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "echo '$desiredUsername ALL=(ALL) NOPASSWD:ALL' | sudo tee -a /etc/sudoers.d/$desiredUsername"
443 - judge "User $desiredUsername can run sudo without password"
444 -
445 - # If ~/ssh/id_rsa.pub does not exist, create it
446 - if [ ! -f ~/.ssh/id_rsa.pub ]; then
447 - print_warn "Creating ssh keys on local machine"
448 - ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
449 - fi
450 -
451 - print_ok "Copying ssh keys with ssh-copy-id"
452 - sshpass -p $userPassword ssh-copy-id -i ~/.ssh/id_rsa.pub $desiredUsername@$serverName
453 - print_ok "SSH keys copied"
454 -
455 - wait_server_till_can_ssh $desiredUsername $userPassword $serverName
456 -
457 - print_ok "Disabling root login, password login and enabling ssh key login"
458 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config"
459 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config"
460 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PubkeyAuthentication no/PubkeyAuthentication yes/g' /etc/ssh/sshd_config"
461 - # Uncomment those lines if they are commented
462 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PermitRootLogin no/PermitRootLogin no/g' /etc/ssh/sshd_config"
463 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PasswordAuthentication no/PasswordAuthentication no/g' /etc/ssh/sshd_config"
464 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config"
465 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemctl restart sshd"
466 - judge "Disable root login, password login and enabled ssh key login"
467 -
468 - print_ok "Server is ready for $desiredUsername to login. Deleting other users..."
469 - otherUsers=$(ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "cat /etc/passwd | grep -v nologin | grep -v false | grep -v root | grep -v sync | grep -v $desiredUsername | cut -d: -f1")
470 - for otherUser in $otherUsers; do
471 - print_warn "Deleting user $otherUser..."
472 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo pkill -u $otherUser"
473 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo deluser --remove-home $otherUser"
474 - done
475 -
476 - print_ok "Resetting machine-id"
477 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm /etc/machine-id"
478 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm /var/lib/dbus/machine-id"
479 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemd-machine-id-setup"
480 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cp /etc/machine-id /var/lib/dbus/machine-id"
481 - judge "Machine-id reset"
482 -
483 - print_ok "Enabling ufw firewall"
484 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt-get install -y ufw"
485 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo ufw allow OpenSSH"
486 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "echo 'y' | sudo ufw enable"
487 - judge "Ufw firewall enabled"
488 -
489 - print_ok "Enabling BBR if not enabled"
490 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl net.ipv4.tcp_available_congestion_control | grep -q bbr || echo 'net.core.default_qdisc=fq' | sudo tee -a /etc/sysctl.conf"
491 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl net.ipv4.tcp_available_congestion_control | grep -q bbr || echo 'net.ipv4.tcp_congestion_control=bbr' | sudo tee -a /etc/sysctl.conf"
492 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl -p"
493 - judge "BBR enabled"
494 -
495 - print_ok "Selecting best mirror"
496 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "curl -s https://gist.aiursoft.cn/anduin/3643fb2cafeb42379d362e33e5f2313a/download/HEAD/mirror.sh | bash"
497 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt update"
498 - judge "Best mirror selected"
499 -
500 - print_ok "Installing latest kernel..."
501 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y linux-generic-hwe-22.04"
502 - judge "Latest kernel installed"
503 -
504 - print_ok "Installing updates"
505 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt update"
506 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt upgrade -y"
507 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt autoremove -y"
508 - judge "Updates installed"
509 -
510 - print_ok "Rebooting server..."
511 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sleep 3"
512 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo reboot" || true
513 - sleep 5
514 - print_warn "Server is rebooting..."
515 -
516 - wait_server_till_can_ssh $desiredUsername $userPassword $serverName
517 -
518 - print_ok "Set CPU to performance mode"
519 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y linux-tools-common linux-tools-$(uname -r)"
520 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cpupower frequency-info"
521 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cpupower frequency-set -g performance" || true
522 - judge "CPU set to performance mode"
523 -
524 - print_ok "Set timezone to GMT"
525 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo timedatectl set-timezone GMT"
526 - judge "Timezone set to GMT"
527 -
528 - print_ok "Removing snap..."
529 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemctl disable --now snapd"
530 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt purge -y snapd"
531 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm -rf /snap /var/snap /var/lib/snapd /var/cache/snapd /usr/lib/snapd ~/snap"
532 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "cat << EOF | sudo tee -a /etc/apt/preferences.d/no-snap.pref
533 - Package: snapd
534 - Pin: release a=*
535 - Pin-Priority: -10
536 - EOF"
537 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo chown root:root /etc/apt/preferences.d/no-snap.pref"
538 - judge "Snap removed"
539 -
540 - print_ok "Autoremoving apt packages"
541 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt autoremove -y --purge"
542 - judge "Apt packages autoremoved"
543 -
544 - print_ok "Benchmarking server..."
545 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y sysbench"
546 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sysbench cpu --threads=\$(nproc) run"
547 - judge "Server benchmarked"
548 -
549 - print_ok "Server is ready for use"
550 - print_ok "ssh $desiredUsername@$serverName"
551 -
552 - print_layout
553 - }
554 -
555 - print_layout()
556 - {
557 - print_ok "OS information"
558 - sudo lsb_release -a
559 - print_ok "OS install date"
560 - stat -c %w /
561 - print_ok "Secure Boot status"
562 - sudo mokutil --sb-state
563 - print_ok "Root file system"
564 - sudo df -Th /
565 - print_ok "Boot mode"
566 - if [ -d /sys/firmware/efi ]; then echo "Boot mode: UEFI"; else echo "Boot mode: Legacy"; fi
567 - print_ok "USB information"
568 - sudo lsusb
569 - print_ok "Disk layout"
570 - sudo lsblk
571 - print_ok "All disks information"
572 - sudo fdisk -l
573 - prprint_okint "Disk usage"
574 - sudo df -Th
575 - print_ok "Memory information"
576 - sudo free -h
577 - print_ok "Network information"
578 - sudo ip link show
579 - print_ok "Firewall status"
580 - sudo ufw status
581 - print_ok "Network location"
582 - curl https://ipinfo.io
583 - }
584 -
585 311 # To use this function:
586 312 # Arg1: username
587 313 # Arg2: password

anduin's Avatar anduin revised this gist 1725450442. Go to revision

1 file changed, 280 insertions

init.sh

@@ -89,6 +89,286 @@ wait_server_till_can_ssh()
89 89 set -e
90 90 }
91 91
92 + prepare_server()
93 + {
94 + userName=$1
95 + if [ -z "$userName" ]; then
96 + print_error "Please provide username. Usage: prepare_server.sh '<username>' '<password>' '<serverName>' '<desiredHostname>' '<desiredUsername>'"
97 + exit 1
98 + fi
99 +
100 + password=$2
101 + if [ -z "$password" ]; then
102 + print_error "Please provide password for user $userName. Usage: prepare_server.sh '<username>' '<password>' '<serverName>' '<desiredHostname>' '<desiredUsername>'"
103 + exit 1
104 + fi
105 +
106 + serverName=$3
107 + if [ -z "$serverName" ]; then
108 + print_error "Please provide server name. Usage: prepare_server.sh '<username>' '<password>' '<serverName>' '<desiredHostname>' '<desiredUsername>'"
109 + exit 1
110 + fi
111 +
112 + desiredHostname=$4
113 + if [ -z "$desiredHostname" ]; then
114 + echo "Please provide desired hostname. Usage: prepare_server.sh '<username>' '<password>' '<serverName>' '<desiredHostname>' '<desiredUsername>'"
115 + exit 1
116 + fi
117 +
118 + desiredUsername=$5
119 + if [ -z "$desiredUsername" ]; then
120 + print_error "Please provide desired username. Usage: prepare_server.sh '<username>' '<password>' '<serverName>' '<desiredHostname>' '<desiredUsername>'"
121 + exit 1
122 + fi
123 +
124 + prepare_host
125 + ssh-keygen -f "/home/anduin/.ssh/known_hosts" -R $serverName
126 +
127 + wait_server_till_can_ssh $userName $password $serverName
128 +
129 + print_ok "Ensure Server is Ubuntu 22.04" # Accept 22.04.1, 22.04.2, etc
130 + osVersion=$(sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "lsb_release -r | awk '{print \$2}'")
131 + if [ "$osVersion" != "22.04" ]; then
132 + print_error "Server is not Ubuntu 22.04. Please use Ubuntu 22.04"
133 + exit 1
134 + fi
135 +
136 + print_ok "Changing hostname for $serverName to $desiredHostname"
137 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo hostnamectl set-hostname $desiredHostname"
138 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sleep 3"
139 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo reboot" || true
140 + sleep 5
141 + print_ok "Hostname changed to $desiredHostname"
142 + print_warn "Server is rebooting..."
143 +
144 + wait_server_till_can_ssh $userName $password $serverName
145 +
146 + print_ok "Creating a new user..."
147 + alreadyExist=$(sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "cat /etc/passwd | grep -w $desiredUsername | wc -l")
148 + if [ $alreadyExist -gt 0 ]; then
149 + print_ok "User $desiredUsername already exists."
150 + else
151 + print_ok "Creating user $desiredUsername"
152 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo adduser $desiredUsername --gecos 'First Last,RoomNumber,WorkPhone,HomePhone' --disabled-password"
153 + fi
154 + judge "User $desiredUsername created"
155 +
156 + print_ok "Setting password for user $desiredUsername"
157 + userPassword=$(uuidgen)
158 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "echo $desiredUsername:$userPassword | sudo chpasswd"
159 + judge "Password set for user $desiredUsername"
160 +
161 + print_ok "Adding user $desiredUsername to sudo group"
162 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo usermod -aG sudo $desiredUsername"
163 + judge "User $desiredUsername created with password $userPassword"
164 +
165 + print_ok "Allowing user $desiredUsername to run sudo without password"
166 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo mkdir -p /etc/sudoers.d"
167 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo touch /etc/sudoers.d/$desiredUsername"
168 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "echo '$desiredUsername ALL=(ALL) NOPASSWD:ALL' | sudo tee -a /etc/sudoers.d/$desiredUsername"
169 + judge "User $desiredUsername can run sudo without password"
170 +
171 + # If ~/ssh/id_rsa.pub does not exist, create it
172 + if [ ! -f ~/.ssh/id_rsa.pub ]; then
173 + print_warn "Creating ssh keys on local machine"
174 + ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
175 + fi
176 +
177 + print_ok "Copying ssh keys with ssh-copy-id"
178 + sshpass -p $userPassword ssh-copy-id -i ~/.ssh/id_rsa.pub $desiredUsername@$serverName
179 + print_ok "SSH keys copied"
180 +
181 + wait_server_till_can_ssh $desiredUsername $userPassword $serverName
182 +
183 + print_ok "Disabling root login, password login and enabling ssh key login"
184 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config"
185 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config"
186 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PubkeyAuthentication no/PubkeyAuthentication yes/g' /etc/ssh/sshd_config"
187 + # Uncomment those lines if they are commented
188 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PermitRootLogin no/PermitRootLogin no/g' /etc/ssh/sshd_config"
189 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PasswordAuthentication no/PasswordAuthentication no/g' /etc/ssh/sshd_config"
190 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config"
191 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemctl restart sshd"
192 + judge "Disable root login, password login and enabled ssh key login"
193 +
194 + print_ok "Server is ready for $desiredUsername to login. Deleting other users..."
195 + otherUsers=$(ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "cat /etc/passwd | grep -v nologin | grep -v false | grep -v root | grep -v sync | grep -v $desiredUsername | cut -d: -f1")
196 + for otherUser in $otherUsers; do
197 + print_warn "Deleting user $otherUser..."
198 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo pkill -u $otherUser" || true
199 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo deluser --remove-home $otherUser"
200 + done
201 +
202 + print_ok "Resetting machine-id"
203 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm /etc/machine-id"
204 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm /var/lib/dbus/machine-id"
205 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemd-machine-id-setup"
206 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cp /etc/machine-id /var/lib/dbus/machine-id"
207 + judge "Machine-id reset"
208 +
209 + print_ok "Enabling ufw firewall"
210 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt-get install -y ufw"
211 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo ufw allow OpenSSH"
212 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "echo 'y' | sudo ufw enable"
213 + judge "Ufw firewall enabled"
214 +
215 + print_ok "Enabling BBR if not enabled"
216 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl net.ipv4.tcp_available_congestion_control | grep -q bbr || echo 'net.core.default_qdisc=fq' | sudo tee -a /etc/sysctl.conf"
217 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl net.ipv4.tcp_available_congestion_control | grep -q bbr || echo 'net.ipv4.tcp_congestion_control=bbr' | sudo tee -a /etc/sysctl.conf"
218 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl -p"
219 + judge "BBR enabled"
220 +
221 + print_ok "Selecting best mirror"
222 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "curl -s https://gist.aiursoft.cn/anduin/879917820a6c4b268fc12c21f1b3fe7a/raw/HEAD/mirror.sh | bash"
223 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt update"
224 + judge "Best mirror selected"
225 +
226 + print_ok "Installing latest kernel..."
227 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y linux-generic-hwe-22.04"
228 + judge "Latest kernel installed"
229 +
230 + print_ok "Installing updates"
231 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt update"
232 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt upgrade -y"
233 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt autoremove -y"
234 + judge "Updates installed"
235 +
236 + print_ok "Rebooting server..."
237 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sleep 3"
238 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo reboot" || true
239 + sleep 5
240 + print_warn "Server is rebooting..."
241 +
242 + wait_server_till_can_ssh $desiredUsername $userPassword $serverName
243 +
244 + print_ok "Set CPU to performance mode"
245 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y linux-tools-common linux-tools-$(uname -r)"
246 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cpupower frequency-info"
247 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cpupower frequency-set -g performance" || true
248 + judge "CPU set to performance mode"
249 +
250 + print_ok "Set timezone to GMT"
251 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo timedatectl set-timezone GMT"
252 + judge "Timezone set to GMT"
253 +
254 + print_ok "Removing snap..."
255 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemctl disable --now snapd"
256 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt purge -y snapd"
257 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm -rf /snap /var/snap /var/lib/snapd /var/cache/snapd /usr/lib/snapd ~/snap"
258 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "cat << EOF | sudo tee -a /etc/apt/preferences.d/no-snap.pref
259 + Package: snapd
260 + Pin: release a=*
261 + Pin-Priority: -10
262 + EOF"
263 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo chown root:root /etc/apt/preferences.d/no-snap.pref"
264 + judge "Snap removed"
265 +
266 + print_ok "Autoremoving apt packages"
267 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt autoremove -y --purge"
268 + judge "Apt packages autoremoved"
269 +
270 + print_ok "Benchmarking server..."
271 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y sysbench"
272 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sysbench cpu --threads=\$(nproc) run"
273 + judge "Server benchmarked"
274 +
275 + print_ok "Server is ready for use"
276 + print_ok "ssh $desiredUsername@$serverName"
277 +
278 + print_layout
279 + }
280 +
281 + print_layout()
282 + {
283 + print_ok "OS information"
284 + sudo lsb_release -a
285 + print_ok "OS install date"
286 + stat -c %w /
287 + print_ok "Secure Boot status"
288 + sudo mokutil --sb-state
289 + print_ok "Root file system"
290 + sudo df -Th /
291 + print_ok "Boot mode"
292 + if [ -d /sys/firmware/efi ]; then echo "Boot mode: UEFI"; else echo "Boot mode: Legacy"; fi
293 + print_ok "USB information"
294 + sudo lsusb
295 + print_ok "Disk layout"
296 + sudo lsblk
297 + print_ok "All disks information"
298 + sudo fdisk -l
299 + prprint_okint "Disk usage"
300 + sudo df -Th
301 + print_ok "Memory information"
302 + sudo free -h
303 + print_ok "Network information"
304 + sudo ip link show
305 + print_ok "Firewall status"
306 + sudo ufw status
307 + print_ok "Network location"
308 + curl https://ipinfo.io
309 + }
310 +
311 + # To use this function:
312 + # Arg1: username
313 + # Arg2: password
314 + # Arg3: servername
315 + # Arg4: Desired hostname
316 + # Arg5: Desired username
317 + prepare_server "$@"}
318 +
319 + function print_error() {
320 + echo -e "${ERROR} ${Red} $1 ${Font}"
321 + }
322 +
323 + function print_warn() {
324 + echo -e "${WARNING} ${Yellow} $1 ${Font}"
325 + }
326 +
327 + #==========================
328 + # Judge function
329 + #==========================
330 + function judge() {
331 + if [[ 0 -eq $? ]]; then
332 + print_ok "$1 succeeded"
333 + sleep 0.2
334 + else
335 + print_error "$1 failed"
336 + exit 1
337 + fi
338 + }
339 +
340 + prepare_host()
341 + {
342 + print_ok "Update apt-get"
343 + sudo apt-get update
344 + judge "Update apt-get"
345 +
346 + print_ok "Install sshpass"
347 + sudo apt-get install -y sshpass
348 + judge "Install sshpass"
349 + }
350 +
351 + wait_server_till_can_ssh()
352 + {
353 + userName=$1
354 + password=$2
355 + serverName=$3
356 +
357 + print_ok "Waiting for server to be ready: ssh $userName@$serverName"
358 + while true; do
359 + set +e
360 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "echo 'Server is ready'"
361 + if [ $? -eq 0 ]; then
362 + break
363 + fi
364 + print_warn "Server is not ready yet. Retrying..."
365 + sleep 5
366 + done
367 +
368 + print_ok "Server is ready to connect via ssh"
369 + set -e
370 + }
371 +
92 372 prepare_server()
93 373 {
94 374 userName=$1

anduin's Avatar anduin revised this gist 1725376061. Go to revision

1 file changed, 88 insertions

mirror.sh(file created)

@@ -0,0 +1,88 @@
1 + function switchSource() {
2 + mirrors=(
3 + "https://archive.ubuntu.com/ubuntu/"
4 + "https://mirror.aarnet.edu.au/pub/ubuntu/archive/" # Australia
5 + "https://mirror.fsmg.org.nz/ubuntu/" # New Zealand
6 + "https://mirrors.neterra.net/ubuntu/archive/" # Bulgaria
7 + "https://mirror.csclub.uwaterloo.ca/ubuntu/" # Canada
8 + "https://mirrors.dotsrc.org/ubuntu/" # Denmark
9 + "https://mirrors.nic.funet.fi/ubuntu/" # Finland
10 + "https://mirror.ubuntu.ikoula.com/" # France
11 + "https://mirror.xtom.com.hk/ubuntu/" # Hong Kong
12 + "https://mirrors.piconets.webwerks.in/ubuntu-mirror/ubuntu/" # India
13 + "https://ftp.udx.icscoe.jp/Linux/ubuntu/" # Japan
14 + "https://ftp.kaist.ac.kr/ubuntu/" # Korea
15 + "https://ubuntu.mirror.garr.it/ubuntu/" # Italy
16 + "https://ftp.uni-stuttgart.de/ubuntu/" # Germany
17 + "https://mirror.i3d.net/pub/ubuntu/" # Netherlands
18 + "https://mirroronet.pl/pub/mirrors/ubuntu/" # Poland
19 + "https://ubuntu.mobinhost.com/ubuntu/" # Iran
20 + "http://sg.archive.ubuntu.com/ubuntu/" # Singapore
21 + "http://ossmirror.mycloud.services/os/linux/ubuntu/" # Singapore
22 + "https://mirror.enzu.com/ubuntu/" # United States
23 + "http://jp.archive.ubuntu.com/ubuntu/" # Japan
24 + "http://kr.archive.ubuntu.com/ubuntu/" # Korea
25 + "http://us.archive.ubuntu.com/ubuntu/" # United States
26 + "http://tw.archive.ubuntu.com/ubuntu/" # Taiwan (Province of China)
27 + "https://mirror.twds.com.tw/ubuntu/" # Taiwan (Province of China)
28 + "https://ubuntu.mirrors.uk2.net/ubuntu/" # United Kingdom
29 + "http://mirrors.ustc.edu.cn/ubuntu/" # 中国科学技术大学
30 + "http://ftp.sjtu.edu.cn/ubuntu/" # 上海交通大学
31 + "http://mirrors.tuna.tsinghua.edu.cn/ubuntu/" # 清华大学
32 + "http://mirrors.aliyun.com/ubuntu/" # Aliyun
33 + "http://mirrors.163.com/ubuntu/" # NetEase
34 + "http://mirrors.cloud.tencent.com/ubuntu/" # Tencent Cloud
35 + "http://mirror.aiursoft.cn/ubuntu/" # Aiursoft
36 + "http://mirrors.anduinos.com/ubuntu/" # AnduinOS
37 + "http://mirrors.huaweicloud.com/ubuntu/" # Huawei Cloud
38 + "http://mirrors.zju.edu.cn/ubuntu/" # 浙江大学
39 + "http://azure.archive.ubuntu.com/ubuntu/" # Azure
40 + "https://mirrors.isu.net.sa/apt-mirror/" # Saudi Arabia
41 + "https://mirror.team-host.ru/ubuntu/" # Russia
42 + "https://labs.eif.urjc.es/mirror/ubuntu/" # Spain
43 + "https://mirror.alastyr.com/ubuntu/ubuntu-archive/" # Turkey
44 + "https://ftp.acc.umu.se/ubuntu/" # Sweden
45 + "https://mirror.kku.ac.th/ubuntu/" # Thailand
46 + "https://mirror.bizflycloud.vn/ubuntu/" # Vietnam
47 + )
48 +
49 + declare -A results
50 +
51 + test_speed() {
52 + url=$1
53 + response=$(curl -o /dev/null -s -w "%{http_code} %{time_total}\n" --connect-timeout 1 --max-time 2 "$url")
54 + http_code=$(echo $response | awk '{print $1}')
55 + time_total=$(echo $response | awk '{print $2}')
56 +
57 + if [ "$http_code" -eq 200 ]; then
58 + results["$url"]=$time_total
59 + else
60 + echo "Failed to access $url"
61 + results["$url"]="9999"
62 + fi
63 + }
64 +
65 + echo "Testing all mirrors..."
66 + for mirror in "${mirrors[@]}"; do
67 + test_speed "$mirror"
68 + done
69 +
70 + sorted_mirrors=$(for url in "${!results[@]}"; do echo "$url ${results[$url]}"; done | sort -k2 -n)
71 +
72 + echo "Sorted mirrors:"
73 + echo "$sorted_mirrors"
74 +
75 + fastest_mirror=$(echo "$sorted_mirrors" | head -n 1 | awk '{print $1}')
76 +
77 + echo "Fastest mirror: $fastest_mirror"
78 + echo "
79 + deb $fastest_mirror jammy main restricted universe multiverse
80 + deb $fastest_mirror jammy-updates main restricted universe multiverse
81 + deb $fastest_mirror jammy-backports main restricted universe multiverse
82 + deb $fastest_mirror jammy-security main restricted universe multiverse
83 + " | sudo tee /etc/apt/sources.list
84 + }
85 +
86 + sudo apt update
87 + sudo apt install curl apt-transport-https -y
88 + switchSource

anduin's Avatar anduin revised this gist 1723976775. Go to revision

1 file changed, 5 insertions, 2 deletions

init.sh

@@ -136,7 +136,8 @@ prepare_server()
136 136 print_ok "Changing hostname for $serverName to $desiredHostname"
137 137 sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo hostnamectl set-hostname $desiredHostname"
138 138 sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sleep 3"
139 - sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo reboot"
139 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo reboot" || true
140 + sleep 5
140 141 print_ok "Hostname changed to $desiredHostname"
141 142 print_warn "Server is rebooting..."
142 143
@@ -188,6 +189,7 @@ prepare_server()
188 189 otherUsers=$(ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "cat /etc/passwd | grep -v nologin | grep -v false | grep -v root | grep -v sync | grep -v $desiredUsername | cut -d: -f1")
189 190 for otherUser in $otherUsers; do
190 191 print_warn "Deleting user $otherUser..."
192 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo pkill -u $otherUser"
191 193 ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo deluser --remove-home $otherUser"
192 194 done
193 195
@@ -227,7 +229,8 @@ prepare_server()
227 229
228 230 print_ok "Rebooting server..."
229 231 ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sleep 3"
230 - ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo reboot"
232 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo reboot" || true
233 + sleep 5
231 234 print_warn "Server is rebooting..."
232 235
233 236 wait_server_till_can_ssh $desiredUsername $userPassword $serverName

anduin's Avatar anduin revised this gist 1723975372. Go to revision

1 file changed, 75 insertions, 50 deletions

init.sh

@@ -133,7 +133,7 @@ prepare_server()
133 133 exit 1
134 134 fi
135 135
136 - print_ok "Changing hostname for $serverName"
136 + print_ok "Changing hostname for $serverName to $desiredHostname"
137 137 sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo hostnamectl set-hostname $desiredHostname"
138 138 sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sleep 3"
139 139 sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo reboot"
@@ -174,104 +174,129 @@ prepare_server()
174 174 wait_server_till_can_ssh $desiredUsername $userPassword $serverName
175 175
176 176 print_ok "Disabling root login, password login and enabling ssh key login"
177 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config"
178 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config"
179 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PubkeyAuthentication no/PubkeyAuthentication yes/g' /etc/ssh/sshd_config"
177 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config"
178 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config"
179 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PubkeyAuthentication no/PubkeyAuthentication yes/g' /etc/ssh/sshd_config"
180 180 # Uncomment those lines if they are commented
181 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PermitRootLogin no/PermitRootLogin no/g' /etc/ssh/sshd_config"
182 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PasswordAuthentication no/PasswordAuthentication no/g' /etc/ssh/sshd_config"
183 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config"
184 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemctl restart sshd"
181 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PermitRootLogin no/PermitRootLogin no/g' /etc/ssh/sshd_config"
182 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PasswordAuthentication no/PasswordAuthentication no/g' /etc/ssh/sshd_config"
183 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config"
184 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemctl restart sshd"
185 185 judge "Disable root login, password login and enabled ssh key login"
186 186
187 187 print_ok "Server is ready for $desiredUsername to login. Deleting other users..."
188 - otherUsers=$(sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "cat /etc/passwd | grep -v nologin | grep -v false | grep -v root | grep -v sync | grep -v $desiredUsername | cut -d: -f1")
188 + otherUsers=$(ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "cat /etc/passwd | grep -v nologin | grep -v false | grep -v root | grep -v sync | grep -v $desiredUsername | cut -d: -f1")
189 189 for otherUser in $otherUsers; do
190 190 print_warn "Deleting user $otherUser..."
191 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo deluser --remove-home $otherUser"
191 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo deluser --remove-home $otherUser"
192 192 done
193 193
194 194 print_ok "Resetting machine-id"
195 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm /etc/machine-id"
196 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm /var/lib/dbus/machine-id"
197 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemd-machine-id-setup"
198 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cp /etc/machine-id /var/lib/dbus/machine-id"
195 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm /etc/machine-id"
196 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm /var/lib/dbus/machine-id"
197 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemd-machine-id-setup"
198 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cp /etc/machine-id /var/lib/dbus/machine-id"
199 199 judge "Machine-id reset"
200 200
201 - print_ok "Rebooting server..."
202 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sleep 3"
203 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo reboot"
204 - print_warn "Server is rebooting..."
205 -
206 - wait_server_till_can_ssh $desiredUsername $userPassword $serverName
207 -
208 201 print_ok "Enabling ufw firewall"
209 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt-get install -y ufw"
210 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo ufw allow OpenSSH"
211 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "echo 'y' | sudo ufw enable"
202 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt-get install -y ufw"
203 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo ufw allow OpenSSH"
204 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "echo 'y' | sudo ufw enable"
212 205 judge "Ufw firewall enabled"
213 206
214 207 print_ok "Enabling BBR if not enabled"
215 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl net.ipv4.tcp_available_congestion_control | grep -q bbr || echo 'net.core.default_qdisc=fq' | sudo tee -a /etc/sysctl.conf"
216 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl net.ipv4.tcp_available_congestion_control | grep -q bbr || echo 'net.ipv4.tcp_congestion_control=bbr' | sudo tee -a /etc/sysctl.conf"
217 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl -p"
208 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl net.ipv4.tcp_available_congestion_control | grep -q bbr || echo 'net.core.default_qdisc=fq' | sudo tee -a /etc/sysctl.conf"
209 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl net.ipv4.tcp_available_congestion_control | grep -q bbr || echo 'net.ipv4.tcp_congestion_control=bbr' | sudo tee -a /etc/sysctl.conf"
210 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl -p"
218 211 judge "BBR enabled"
219 212
220 213 print_ok "Selecting best mirror"
221 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "curl -s https://gist.aiursoft.cn/anduin/3643fb2cafeb42379d362e33e5f2313a/download/HEAD/mirror.sh | bash"
222 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt update"
214 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "curl -s https://gist.aiursoft.cn/anduin/3643fb2cafeb42379d362e33e5f2313a/download/HEAD/mirror.sh | bash"
215 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt update"
223 216 judge "Best mirror selected"
224 217
225 218 print_ok "Installing latest kernel..."
226 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y linux-generic-hwe-22.04"
219 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y linux-generic-hwe-22.04"
227 220 judge "Latest kernel installed"
228 221
229 222 print_ok "Installing updates"
230 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt update"
231 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt upgrade -y"
232 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt autoremove -y"
223 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt update"
224 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt upgrade -y"
225 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt autoremove -y"
233 226 judge "Updates installed"
234 227
235 228 print_ok "Rebooting server..."
236 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sleep 3"
237 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo reboot"
229 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sleep 3"
230 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo reboot"
238 231 print_warn "Server is rebooting..."
239 232
240 233 wait_server_till_can_ssh $desiredUsername $userPassword $serverName
241 234
242 - print_ok "Autoremoving apt packages"
243 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt autoremove -y --purge"
244 - judge "Apt packages autoremoved"
245 -
246 235 print_ok "Set CPU to performance mode"
247 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y linux-tools-common linux-tools-$(uname -r)"
248 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cpupower frequency-info"
249 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cpupower frequency-set -g performance" || true
236 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y linux-tools-common linux-tools-$(uname -r)"
237 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cpupower frequency-info"
238 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cpupower frequency-set -g performance" || true
250 239 judge "CPU set to performance mode"
251 240
252 241 print_ok "Set timezone to GMT"
253 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo timedatectl set-timezone GMT"
242 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo timedatectl set-timezone GMT"
254 243 judge "Timezone set to GMT"
255 244
256 245 print_ok "Removing snap..."
257 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemctl disable --now snapd"
258 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt purge -y snapd"
259 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm -rf /snap /var/snap /var/lib/snapd /var/cache/snapd /usr/lib/snapd ~/snap"
260 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "cat << EOF | sudo tee -a /etc/apt/preferences.d/no-snap.pref
246 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemctl disable --now snapd"
247 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt purge -y snapd"
248 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm -rf /snap /var/snap /var/lib/snapd /var/cache/snapd /usr/lib/snapd ~/snap"
249 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "cat << EOF | sudo tee -a /etc/apt/preferences.d/no-snap.pref
261 250 Package: snapd
262 251 Pin: release a=*
263 252 Pin-Priority: -10
264 253 EOF"
265 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo chown root:root /etc/apt/preferences.d/no-snap.pref"
254 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo chown root:root /etc/apt/preferences.d/no-snap.pref"
266 255 judge "Snap removed"
267 256
257 + print_ok "Autoremoving apt packages"
258 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt autoremove -y --purge"
259 + judge "Apt packages autoremoved"
260 +
268 261 print_ok "Benchmarking server..."
269 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y sysbench"
270 - sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sysbench cpu --threads=\$(nproc) run"
262 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y sysbench"
263 + ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sysbench cpu --threads=\$(nproc) run"
271 264 judge "Server benchmarked"
272 265
273 266 print_ok "Server is ready for use"
274 267 print_ok "ssh $desiredUsername@$serverName"
268 +
269 + print_layout
270 + }
271 +
272 + print_layout()
273 + {
274 + print_ok "OS information"
275 + sudo lsb_release -a
276 + print_ok "OS install date"
277 + stat -c %w /
278 + print_ok "Secure Boot status"
279 + sudo mokutil --sb-state
280 + print_ok "Root file system"
281 + sudo df -Th /
282 + print_ok "Boot mode"
283 + if [ -d /sys/firmware/efi ]; then echo "Boot mode: UEFI"; else echo "Boot mode: Legacy"; fi
284 + print_ok "USB information"
285 + sudo lsusb
286 + print_ok "Disk layout"
287 + sudo lsblk
288 + print_ok "All disks information"
289 + sudo fdisk -l
290 + prprint_okint "Disk usage"
291 + sudo df -Th
292 + print_ok "Memory information"
293 + sudo free -h
294 + print_ok "Network information"
295 + sudo ip link show
296 + print_ok "Firewall status"
297 + sudo ufw status
298 + print_ok "Network location"
299 + curl https://ipinfo.io
275 300 }
276 301
277 302 # To use this function:

anduin's Avatar anduin revised this gist 1723974435. Go to revision

1 file changed, 283 insertions

init.sh(file created)

@@ -0,0 +1,283 @@
1 + #!/bin/bash
2 +
3 + #==========================
4 + # Set up the environment
5 + #==========================
6 + set -e # exit on error
7 + set -o pipefail # exit on pipeline error
8 + set -u # treat unset variable as error
9 +
10 + #==========================
11 + # Basic Information
12 + #==========================
13 + export LC_ALL=C
14 + export LANG=en_US.UTF-8
15 + export DEBIAN_FRONTEND=noninteractive
16 + export SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
17 +
18 + #==========================
19 + # Color
20 + #==========================
21 + Green="\033[32m"
22 + Red="\033[31m"
23 + Yellow="\033[33m"
24 + Blue="\033[36m"
25 + Font="\033[0m"
26 + GreenBG="\033[42;37m"
27 + RedBG="\033[41;37m"
28 + OK="${Green}[ OK ]${Font}"
29 + ERROR="${Red}[FAILED]${Font}"
30 + WARNING="${Yellow}[ WARN ]${Font}"
31 +
32 + #==========================
33 + # Print Colorful Text
34 + #==========================
35 + function print_ok() {
36 + echo -e "${OK} ${Blue} $1 ${Font}"
37 + }
38 +
39 + function print_error() {
40 + echo -e "${ERROR} ${Red} $1 ${Font}"
41 + }
42 +
43 + function print_warn() {
44 + echo -e "${WARNING} ${Yellow} $1 ${Font}"
45 + }
46 +
47 + #==========================
48 + # Judge function
49 + #==========================
50 + function judge() {
51 + if [[ 0 -eq $? ]]; then
52 + print_ok "$1 succeeded"
53 + sleep 0.2
54 + else
55 + print_error "$1 failed"
56 + exit 1
57 + fi
58 + }
59 +
60 + prepare_host()
61 + {
62 + print_ok "Update apt-get"
63 + sudo apt-get update
64 + judge "Update apt-get"
65 +
66 + print_ok "Install sshpass"
67 + sudo apt-get install -y sshpass
68 + judge "Install sshpass"
69 + }
70 +
71 + wait_server_till_can_ssh()
72 + {
73 + userName=$1
74 + password=$2
75 + serverName=$3
76 +
77 + print_ok "Waiting for server to be ready: ssh $userName@$serverName"
78 + while true; do
79 + set +e
80 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "echo 'Server is ready'"
81 + if [ $? -eq 0 ]; then
82 + break
83 + fi
84 + print_warn "Server is not ready yet. Retrying..."
85 + sleep 5
86 + done
87 +
88 + print_ok "Server is ready to connect via ssh"
89 + set -e
90 + }
91 +
92 + prepare_server()
93 + {
94 + userName=$1
95 + if [ -z "$userName" ]; then
96 + print_error "Please provide username. Usage: prepare_server.sh '<username>' '<password>' '<serverName>' '<desiredHostname>' '<desiredUsername>'"
97 + exit 1
98 + fi
99 +
100 + password=$2
101 + if [ -z "$password" ]; then
102 + print_error "Please provide password for user $userName. Usage: prepare_server.sh '<username>' '<password>' '<serverName>' '<desiredHostname>' '<desiredUsername>'"
103 + exit 1
104 + fi
105 +
106 + serverName=$3
107 + if [ -z "$serverName" ]; then
108 + print_error "Please provide server name. Usage: prepare_server.sh '<username>' '<password>' '<serverName>' '<desiredHostname>' '<desiredUsername>'"
109 + exit 1
110 + fi
111 +
112 + desiredHostname=$4
113 + if [ -z "$desiredHostname" ]; then
114 + echo "Please provide desired hostname. Usage: prepare_server.sh '<username>' '<password>' '<serverName>' '<desiredHostname>' '<desiredUsername>'"
115 + exit 1
116 + fi
117 +
118 + desiredUsername=$5
119 + if [ -z "$desiredUsername" ]; then
120 + print_error "Please provide desired username. Usage: prepare_server.sh '<username>' '<password>' '<serverName>' '<desiredHostname>' '<desiredUsername>'"
121 + exit 1
122 + fi
123 +
124 + prepare_host
125 + ssh-keygen -f "/home/anduin/.ssh/known_hosts" -R $serverName
126 +
127 + wait_server_till_can_ssh $userName $password $serverName
128 +
129 + print_ok "Ensure Server is Ubuntu 22.04" # Accept 22.04.1, 22.04.2, etc
130 + osVersion=$(sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "lsb_release -r | awk '{print \$2}'")
131 + if [ "$osVersion" != "22.04" ]; then
132 + print_error "Server is not Ubuntu 22.04. Please use Ubuntu 22.04"
133 + exit 1
134 + fi
135 +
136 + print_ok "Changing hostname for $serverName"
137 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo hostnamectl set-hostname $desiredHostname"
138 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sleep 3"
139 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo reboot"
140 + print_ok "Hostname changed to $desiredHostname"
141 + print_warn "Server is rebooting..."
142 +
143 + wait_server_till_can_ssh $userName $password $serverName
144 +
145 + print_ok "Creating a new user..."
146 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo adduser $desiredUsername --gecos 'First Last,RoomNumber,WorkPhone,HomePhone' --disabled-password"
147 + judge "User $desiredUsername created"
148 +
149 + print_ok "Setting password for user $desiredUsername"
150 + userPassword=$(uuidgen)
151 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "echo $desiredUsername:$userPassword | sudo chpasswd"
152 + judge "Password set for user $desiredUsername"
153 +
154 + print_ok "Adding user $desiredUsername to sudo group"
155 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo usermod -aG sudo $desiredUsername"
156 + judge "User $desiredUsername created with password $userPassword"
157 +
158 + print_ok "Allowing user $desiredUsername to run sudo without password"
159 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo mkdir -p /etc/sudoers.d"
160 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "sudo touch /etc/sudoers.d/$desiredUsername"
161 + sshpass -p $password ssh -o StrictHostKeyChecking=no $userName@$serverName "echo '$desiredUsername ALL=(ALL) NOPASSWD:ALL' | sudo tee -a /etc/sudoers.d/$desiredUsername"
162 + judge "User $desiredUsername can run sudo without password"
163 +
164 + # If ~/ssh/id_rsa.pub does not exist, create it
165 + if [ ! -f ~/.ssh/id_rsa.pub ]; then
166 + print_warn "Creating ssh keys on local machine"
167 + ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
168 + fi
169 +
170 + print_ok "Copying ssh keys with ssh-copy-id"
171 + sshpass -p $userPassword ssh-copy-id -i ~/.ssh/id_rsa.pub $desiredUsername@$serverName
172 + print_ok "SSH keys copied"
173 +
174 + wait_server_till_can_ssh $desiredUsername $userPassword $serverName
175 +
176 + print_ok "Disabling root login, password login and enabling ssh key login"
177 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config"
178 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config"
179 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/PubkeyAuthentication no/PubkeyAuthentication yes/g' /etc/ssh/sshd_config"
180 + # Uncomment those lines if they are commented
181 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PermitRootLogin no/PermitRootLogin no/g' /etc/ssh/sshd_config"
182 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PasswordAuthentication no/PasswordAuthentication no/g' /etc/ssh/sshd_config"
183 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config"
184 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemctl restart sshd"
185 + judge "Disable root login, password login and enabled ssh key login"
186 +
187 + print_ok "Server is ready for $desiredUsername to login. Deleting other users..."
188 + otherUsers=$(sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "cat /etc/passwd | grep -v nologin | grep -v false | grep -v root | grep -v sync | grep -v $desiredUsername | cut -d: -f1")
189 + for otherUser in $otherUsers; do
190 + print_warn "Deleting user $otherUser..."
191 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo deluser --remove-home $otherUser"
192 + done
193 +
194 + print_ok "Resetting machine-id"
195 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm /etc/machine-id"
196 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm /var/lib/dbus/machine-id"
197 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemd-machine-id-setup"
198 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cp /etc/machine-id /var/lib/dbus/machine-id"
199 + judge "Machine-id reset"
200 +
201 + print_ok "Rebooting server..."
202 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sleep 3"
203 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo reboot"
204 + print_warn "Server is rebooting..."
205 +
206 + wait_server_till_can_ssh $desiredUsername $userPassword $serverName
207 +
208 + print_ok "Enabling ufw firewall"
209 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt-get install -y ufw"
210 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo ufw allow OpenSSH"
211 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "echo 'y' | sudo ufw enable"
212 + judge "Ufw firewall enabled"
213 +
214 + print_ok "Enabling BBR if not enabled"
215 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl net.ipv4.tcp_available_congestion_control | grep -q bbr || echo 'net.core.default_qdisc=fq' | sudo tee -a /etc/sysctl.conf"
216 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl net.ipv4.tcp_available_congestion_control | grep -q bbr || echo 'net.ipv4.tcp_congestion_control=bbr' | sudo tee -a /etc/sysctl.conf"
217 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo sysctl -p"
218 + judge "BBR enabled"
219 +
220 + print_ok "Selecting best mirror"
221 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "curl -s https://gist.aiursoft.cn/anduin/3643fb2cafeb42379d362e33e5f2313a/download/HEAD/mirror.sh | bash"
222 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt update"
223 + judge "Best mirror selected"
224 +
225 + print_ok "Installing latest kernel..."
226 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y linux-generic-hwe-22.04"
227 + judge "Latest kernel installed"
228 +
229 + print_ok "Installing updates"
230 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt update"
231 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt upgrade -y"
232 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt autoremove -y"
233 + judge "Updates installed"
234 +
235 + print_ok "Rebooting server..."
236 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sleep 3"
237 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo reboot"
238 + print_warn "Server is rebooting..."
239 +
240 + wait_server_till_can_ssh $desiredUsername $userPassword $serverName
241 +
242 + print_ok "Autoremoving apt packages"
243 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt autoremove -y --purge"
244 + judge "Apt packages autoremoved"
245 +
246 + print_ok "Set CPU to performance mode"
247 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y linux-tools-common linux-tools-$(uname -r)"
248 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cpupower frequency-info"
249 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo cpupower frequency-set -g performance" || true
250 + judge "CPU set to performance mode"
251 +
252 + print_ok "Set timezone to GMT"
253 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo timedatectl set-timezone GMT"
254 + judge "Timezone set to GMT"
255 +
256 + print_ok "Removing snap..."
257 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo systemctl disable --now snapd"
258 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt purge -y snapd"
259 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo rm -rf /snap /var/snap /var/lib/snapd /var/cache/snapd /usr/lib/snapd ~/snap"
260 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "cat << EOF | sudo tee -a /etc/apt/preferences.d/no-snap.pref
261 + Package: snapd
262 + Pin: release a=*
263 + Pin-Priority: -10
264 + EOF"
265 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo chown root:root /etc/apt/preferences.d/no-snap.pref"
266 + judge "Snap removed"
267 +
268 + print_ok "Benchmarking server..."
269 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sudo apt install -y sysbench"
270 + sshpass -p $userPassword ssh -o StrictHostKeyChecking=no $desiredUsername@$serverName "sysbench cpu --threads=\$(nproc) run"
271 + judge "Server benchmarked"
272 +
273 + print_ok "Server is ready for use"
274 + print_ok "ssh $desiredUsername@$serverName"
275 + }
276 +
277 + # To use this function:
278 + # Arg1: username
279 + # Arg2: password
280 + # Arg3: servername
281 + # Arg4: Desired hostname
282 + # Arg5: Desired username
283 + prepare_server "$@"
Newer Older

Powered by Opengist Load: 32ms

English