dhensby · September 7, 2017 11:01 · Sep 7, 2017
diff --git a/speedy-provision.sh b/speedy-provision.sh
@@ -0,0 +1,148 @@
+#!/usr/bin/env bash
+
+GISTID=''
+
+if [ -z "$GISTID" ]; then
+  echo "GIST ID NEEDED"
+  exit 1
+fi
+
+# install deps
+# firewall
+# install dhensby user
+# install ssh keys
+# add swap
+# configure php
+# configure apache
+# configure mariadb
+# composer install
+
+# install DO droplet metrics
+read sys_vendor < /sys/devices/virtual/dmi/id/bios_vendor
+if [ "$sys_vendor" = "DigitalOcean" ]; then
+    curl -sSL https://agent.digitalocean.com/install.sh | sh
+fi
+
+# install extra repos
+rpm -i https://mirror.webtatic.com/yum/el7/epel-release.rpm
+rpm -i https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
+
+# firewall
+yum install -y firewalld
+systemctl start firewalld
+systemctl enable firewalld
+firewall-cmd --add-service=ssh --permanent
+firewall-cmd --add-service=http --permanent
+firewall-cmd --reload
+
+# provision dhensby user securely
+yum install -y jq
+if [ ! "$?" ]; then
+    echo "Failed to install jq dep"
+    exit 1
+fi
+KEYS="$(curl -s -H 'accept: application/vnd.github.v3+json' https://api.github.com/gists/$GISTID | jq -r '.files[].content')"
+
+useradd dhensby
+gpasswd -a dhensby wheel
+HOME_DIR=$(eval echo ~dhensby)
+mkdir -p -m 700 "${HOME_DIR}/.ssh/"
+touch "${HOME_DIR}/.ssh/authorized_keys"
+echo '### AUTOMATICALLY MANAGED KEYS ###' >> "${HOME_DIR}/.ssh/authorized_keys"
+while read line; do
+    if [[ "${line}" == \#*  ]]; then
+        continue
+    fi
+    echo "${line}" >> "${HOME_DIR}/.ssh/authorized_keys"
+done <<< "${KEYS}"
+echo '### END OF AUTOMATICALLY MANAGED KEYS ###' >> "${HOME_DIR}/.ssh/authorized_keys"
+chown -R dhensby: "${HOME_DIR}/.ssh"
+chmod 0600 "${HOME_DIR}/.ssh/authorized_keys"
+echo "${USER}        ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers
+sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
+sed -i 's/^ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
+sed -i 's/^#\?PermitRootLogin\s\+yes/PermitRootLogin no/' /etc/ssh/sshd_config
+systemctl restart sshd
+#todo: set up cron for updating ssh keys
+
+# add swap
+dd if=/dev/zero of=/swapfile count="1024" bs=1MiB
+chmod 600 /swapfile
+mkswap /swapfile
+swapon /swapfile
+echo "/swapfile   swap    swap    sw  0   0" >> /etc/fstab
+sysctl vm.swappiness=10
+echo "vm.swappiness = 10" >> /etc/sysctl.conf
+sysctl vm.vfs_cache_pressure=50
+echo "vm.vfs_cache_pressure = 50" >> /etc/sysctl.conf
+
+# configure php
+yum install -y php56w php56w-{common,mysql,gd,mbstring,xml,tidy,pear,intl,devel,opcache}
+sed -i "s/;date\.timezone.*/date\.timezone = UTC/g" /etc/php.ini
+sed -i "s/memory_limit.*/memory_limit = 256M/g" /etc/php.ini
+sed -i "s/max_execution_time.*/max_execution_time = 60/g" /etc/php.ini
+
+# configure apache
+
+yum install -y httpd
+systemctl enable httpd.service
+sed -i '/<Directory "\/var\/www\/html">/,/<\/Directory>/ { s/AllowOverride None/AllowOverride All/i }' /etc/httpd/conf/httpd.conf
+systemctl restart httpd.service
+
+# configure mariadb
+
+yum install -y mariadb-server
+systemctl enable mariadb.service
+systemctl start mariadb.service
+mysql -u root <<< "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION; FLUSH PRIVILEGES;"
+
+# configure composer
+yum install -y git
+php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+php -r "if (hash_file('SHA384', 'composer-setup.php') === '$(curl -q https://composer.github.io/installer.sig)') { echo 'Installer verified' . PHP_EOL; } else { echo 'Installer corrupt' . PHP_EOL; unlink('composer-setup.php'); exit(1); }"
+if [ $? != 0 ]; then
+	echo "Bad composer installer";
+	exit
+fi
+php composer-setup.php -- --install-dir=/usr/bin --filename=composer
+php -r "unlink('composer-setup.php');"
+composer config -g optimize-autoloader true
+cat >/etc/profile.d/composer-bin-root.sh <<EOF
+#!/usr/bin/env bash
+pathmunge /home/vagrant/.composer/vendor/bin after
+pathmunge /root/.composer/vendor/bin after
+export COMPOSER_ALLOW_SUPERUSER=1
+EOF
+
+# install silverstripe
+composer create-project silverstripe/installer /var/www/html
+cat >/var/www/_ss_environment.php <<EOF
+<?php
+
+//define DB settings
+define('SS_DATABASE_SERVER', '127.0.0.1');
+define('SS_DATABASE_CLASS','MySQLDatabase');
+define('SS_DATABASE_TIMEZONE','+00:00');
+define('SS_DATABASE_USERNAME', 'root');
+define('SS_DATABASE_PASSWORD', '');
+define('SS_DATABASE_NAME', 'silverstripe');
+
+//set the DB name - this provide backwards compatibility with 2.x and 3.0 sites
+global \$database;
+\$database = SS_DATABASE_NAME;
+
+//define('SS_DATABASE_SUFFIX', '_dev');
+define('SS_ENVIRONMENT_TYPE', 'dev');
+define('SS_DEFAULT_ADMIN_USERNAME', 'admin');
+define('SS_DEFAULT_ADMIN_PASSWORD', 'password');
+
+global \$_FILE_TO_URL_MAPPING;
+\$_FILE_TO_URL_MAPPING['/var/www/html'] = 'http://localhost';
+
+EOF
+
+mkdir -p /var/www/html/assets
+chmod 0777 /var/www/html/assets
+
+chmod +x /var/www/html/framework/sake
+/var/www/html/framework/sake dev/build
No results found