DigitalOcean Ubuntu 16.04 user-data¶

#! /bin/bash
set -eux

USER_NAME="deploy"
ENCRYPTED_ROOT_PW="$(grep root /etc/shadow | cut --delimiter=: --fields=2)"
HOME_DIRECTORY="$(eval echo /home/${USER_NAME})"
FONTS_DIRECTORY="${HOME_DIRECTORY}/.local/share/fonts"

# pembaruan system awal
apt-get update
apt-get upgrade -y
apt-get dist-upgrade -y
apt autoremove -y

## locale
locale-gen --purge "en_US.UTF-8" \
  && locale-gen en_US.UTF-8 \
  && localedef -i en_US -f UTF-8 en_US.UTF-8
export LANGUAGE=en_US.UTF-8 \
  && export LANG=en_US.UTF-8 \
  && export LC_ALL=en_US.UTF-8
locale-gen en_US.UTF-8 \
  && dpkg-reconfigure locales --frontend=noninteractive
sed -e '/SendEnv/ s/^#*/#/' -i /etc/ssh/ssh_config
update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8

# menyesuiakan zona waktu lokal untuk server
timedatectl set-timezone Asia/Jakarta

# Instalasi paket yang diinginkan
apt-get install -y \
    apt-transport-https \
    ca-certificates \
    curl \
    fail2ban \
    git \
    gnupg-agent \
    htop \
    screen \
    software-properties-common \
    sudo \
    tree \
    unattended-upgrades \
    unzip \
    wget \
    zsh

# membuat pengguna $USER_NAME
useradd --create-home --shell $(which zsh) --groups sudo "${USER_NAME}"

echo "${USER_NAME} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/${USER_NAME}

if [ "${ENCRYPTED_ROOT_PW}" != "*" ]; then
    echo "${USER_NAME}:${ENCRYPTED_ROOT_PW}" | chpasswd --encrypted
    passwd --lock root
else
    passwd --delete "${USER_NAME}"
fi

chage --lastday 0 "${USER_NAME}"

# Create SSH directory for sudo user
mkdir --parents "${HOME_DIRECTORY}/.ssh"

cp /root/.ssh/authorized_keys "${HOME_DIRECTORY}/.ssh"

# Adjust SSH configuration ownership and permissions
chmod 0700 "${HOME_DIRECTORY}/.ssh"
chmod 0600 "${HOME_DIRECTORY}/.ssh/authorized_keys"
#

## unattended-upgrades (50unattended-upgrades)
# mencadangkan berkas pembaruan keamanan, dan membuat ulang dengan aturan baru
mv /etc/apt/apt.conf.d/50unattended-upgrades{,.orig}
# touch /etc/apt/apt.conf.d/50unattended-upgrades
cat << EOF > /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins {
 "\${distro_id}:\${distro_codename}-security";
 "\${distro_id}ESM:\${distro_codename}";
};
Unattended-Upgrade::AutoFixInterruptedDpkg "true";
Unattended-Upgrade::Mail "[email protected]";
Unattended-Upgrade::MailOnlyOnError "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "02:00";
EOF

/etc/init.d/unattended-upgrades restart

# mencegah penggunaan pengguna root, dan mencegah akses dengan kata sandi pada
# berkas /etc/ssh/sshd_config. Lalu menjalankan ulang layanan ssh.
cp -v /etc/ssh/sshd_config{,.orig}
sed -i -r 's/^#?(PermitRootLogin|PermitEmptyPasswords|PasswordAuthentication|X11Forwarding) yes/\1 no/' /etc/ssh/sshd_config
/etc/init.d/ssh reload

# membersihkan cache dan paket yang sudah tidak digunakan lagi beserta paket
# terkait lainnya
apt autoclean && apt autoremove -y && rm -rf /var/cache/apt/archives/
# exit

# oh-my-zsh on steroid
git clone https://github.com/ohmyzsh/ohmyzsh.git "${HOME_DIRECTORY}/.oh-my-zsh" && \
git clone https://github.com/zdharma/fast-syntax-highlighting.git  "${HOME_DIRECTORY}/.oh-my-zsh/custom/plugins/fast-syntax-highlighting" && \
git clone https://github.com/zsh-users/zsh-autosuggestions "${HOME_DIRECTORY}/.oh-my-zsh/custom/plugins/zsh-autosuggestions" && \
git clone https://github.com/zsh-users/zsh-completions "${HOME_DIRECTORY}/.oh-my-zsh/custom/plugins/zsh-completions" && \
git clone --depth=1 https://github.com/romkatv/powerlevel10k.git "${HOME_DIRECTORY}/.oh-my-zsh/custom/themes/powerlevel10k"
mkdir -p ${HOME_DIRECTORY}/.local/share/fonts && \
for mesloFonts in {'MesloLGS%20NF%20Regular','MesloLGS%20NF%20Bold','MesloLGS%20NF%20Italic','MesloLGS%20NF%20Bold%20Italic'}; do wget -P "$FONTS_DIRECTORY" https://github.com/romkatv/powerlevel10k-media/raw/master/$mesloFonts.ttf; done

cat << EOF > "${HOME_DIRECTORY}/.zshrc"
#
  export ZSH="${HOME_DIRECTORY}/.oh-my-zsh"
#
ZSH_THEME="powerlevel10k/powerlevel10k"
#
export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
#
plugins=(
  colored-man-pages
  colorize
  command-not-found
  common-aliases
  debian
  fast-syntax-highlighting
  git
  history
  sudo
  systemd
  zsh-autosuggestions
  zsh-completions
)

source \$ZSH/oh-my-zsh.sh
EOF

# HOME_DIRECTORY Permission
chown --recursive "${USER_NAME}":"${USER_NAME}" "${HOME_DIRECTORY}"