47 lines
1.1 KiB
Go Template
47 lines
1.1 KiB
Go Template
|
#!/bin/sh
|
||
|
|
||
|
set -e
|
||
|
|
||
|
# Upgrade system and install required packages
|
||
|
apk update
|
||
|
apk upgrade
|
||
|
|
||
|
apk add \
|
||
|
curl \
|
||
|
docker \
|
||
|
openntpd \
|
||
|
openssh \
|
||
|
shadow \
|
||
|
tzdata
|
||
|
|
||
|
groupadd -g {{ .StackScript.SharedGroupGid }} shared-flow
|
||
|
groupadd -g 1001 flow
|
||
|
useradd -s /bin/bash -g 1001 -u 1001 -m -G docker,shared-flow flow
|
||
|
|
||
|
mkdir /home/flow/.ssh
|
||
|
chmod 0700 /home/flow/.ssh
|
||
|
chown flow:flow /home/flow/.ssh
|
||
|
touch /home/flow/.ssh/authorized_keys
|
||
|
chown flow:flow /home/flow/.ssh/authorized_keys
|
||
|
chmod 0600 /home/flow/.ssh/authorized_keys
|
||
|
echo "{{ .StackScript.AuthorizedKey }}" | tee /home/flow/.ssh/authorized_keys
|
||
|
|
||
|
# TODO: Mount volume and edit /etc/fstab
|
||
|
|
||
|
# TODO: SSH Hardening (backup original config)
|
||
|
# Port 3142
|
||
|
# PermitRootLogin no
|
||
|
# PasswordAuthentication no
|
||
|
# PermitEmptyPasswords no
|
||
|
# AllowTcpForwarding no
|
||
|
# GatewayPorts no
|
||
|
# X11Forwarding no
|
||
|
|
||
|
# Set the timezone and local time
|
||
|
mkdir -p /etc/zoneinfo/Europe
|
||
|
chmod -R 0755 /etc/zoneinfo
|
||
|
cp /usr/share/zoneinfo/Europe/London /etc/zoneinfo/Europe/
|
||
|
ln -fs /etc/zoneinfo/Europe/London /etc/localtime
|
||
|
echo "Europe/London" > /etc/timezone
|
||
|
apk del tzdata
|