Ubuntu 20.04 DigitalOcean user-data
#!/bin/bash
set -eux
USERNAME=deploy
ENCRYPTED_ROOT_PW="$(grep root /etc/shadow | cut --delimiter=: --fields=2)"
HOME_DIRECTORY="$(eval echo /home/${USERNAME})"
FONTS_DIRECTORY=${HOME_DIRECTORY}/.local/share/fonts
apt-get update
apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
fail2ban \
git \
gnupg-agent \
htop \
screen \
software-properties-common \
sudo \
tree \
unattended-upgrades \
unzip \
wget \
zsh
useradd --create-home --shell $(which zsh) --groups sudo "${USERNAME}"
echo "${USERNAME} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/${USERNAME}
if [ "${ENCRYPTED_ROOT_PW}" != "*" ]; then
echo "${USERNAME}:${ENCRYPTED_ROOT_PW}" | chpasswd --encrypted
passwd --lock root
else
passwd --delete "${USERNAME}"
fi
chage --lastday 0 "${USERNAME}"
# Create SSH directory for sudo user
mkdir --parents -v "${HOME_DIRECTORY}/.ssh"
cp -v /root/.ssh/authorized_keys "${HOME_DIRECTORY}/.ssh"
# Adjust SSH configuration ownership and permissions
chmod -v 0700 "${HOME_DIRECTORY}/.ssh"
chmod -v 0600 "${HOME_DIRECTORY}/.ssh/authorized_keys"
# Bebersih
apt-get upgrade -y
apt autoremove -y
apt autoclean -y
rm -rf /var/apt/cache/*
# Disable root SSH login with password
sed --in-place 's/^PermitRootLogin.*/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
if sshd -t -q; then
systemctl restart sshd
fi
# Setel zona waktu ke Jakarta
timedatectl set-timezone Asia/Jakarta && timedatectl
# Pembaruan otomatis hanya untuk keamanan
mv /etc/apt/apt.conf.d/50unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades.orig
cat << EOF > /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins {
"\${distro_id}:\${distro_codename}-security";
"\${distro_id}ESM:\${distro_codename}";
};
Unattended-Upgrade::AutoFixInterruptedDpkg "true";
Unattended-Upgrade::Mail "[email protected]";
Unattended-Upgrade::MailOnlyOnError "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "02:00";
EOF
# oh-my-zsh
git clone https://github.com/ohmyzsh/ohmyzsh.git "${HOME_DIRECTORY}/.oh-my-zsh" && \
# on steroid
git clone https://github.com/z-shell/F-Sy-H.git "${HOME_DIRECTORY}/.oh-my-zsh/custom/plugins/F-Sy-H" && \
git clone https://github.com/zsh-users/zsh-autosuggestions "${HOME_DIRECTORY}/.oh-my-zsh/custom/plugins/zsh-autosuggestions" && \
git clone https://github.com/zsh-users/zsh-completions "${HOME_DIRECTORY}/.oh-my-zsh/custom/plugins/zsh-completions"
mkdir -p ${HOME_DIRECTORY}/.local/share/fonts && \
for mesloFonts in {'MesloLGS%20NF%20Regular','MesloLGS%20NF%20Bold','MesloLGS%20NF%20Italic','MesloLGS%20NF%20Bold%20Italic'}; do wget -P "$FONTS_DIRECTORY" https://github.com/romkatv/powerlevel10k-media/raw/master/$mesloFonts.ttf; done
cat << EOF > "${HOME_DIRECTORY}/.zshrc"
#
export ZSH="${HOME_DIRECTORY}/.oh-my-zsh"
#
#
export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
#
plugins=(
colored-man-pages
colorize
command-not-found
common-aliases
debian
F-Sy-H
git
history
sudo
systemd
zsh-autosuggestions
zsh-completions
)
source \$ZSH/oh-my-zsh.sh
EOF
# HOME_DIRECTORY Permission
chown --recursive -v "${USERNAME}":"${USERNAME}" "${HOME_DIRECTORY}"
curl -sSL https://repos.insights.digitalocean.com/install.sh | bash
Rujukan