[
  {
    "path": "README.md",
    "content": "# Automated Setups\n"
  },
  {
    "path": "Ubuntu-18.04/README.md",
    "content": "# Scripts\n\n## initial_server_setup.sh\n\n* [Automation tutorial](https://www.digitalocean.com/community/tutorials/automating-initial-server-setup-with-ubuntu-18-04)\n* [Manual process](https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-18-04)\n"
  },
  {
    "path": "Ubuntu-18.04/initial_server_setup.sh",
    "content": "#!/bin/bash\nset -euo pipefail\n\n########################\n### SCRIPT VARIABLES ###\n########################\n\n# Name of the user to create and grant sudo privileges\nUSERNAME=sammy\n\n# Whether to copy over the root user's `authorized_keys` file to the new sudo\n# user.\nCOPY_AUTHORIZED_KEYS_FROM_ROOT=true\n\n# Additional public keys to add to the new sudo user\n# OTHER_PUBLIC_KEYS_TO_ADD=(\n#     \"ssh-rsa AAAAB...\"\n#     \"ssh-rsa AAAAB...\"\n# )\nOTHER_PUBLIC_KEYS_TO_ADD=(\n)\n\n####################\n### SCRIPT LOGIC ###\n####################\n\n# Add sudo user and grant privileges\nuseradd --create-home --shell \"/bin/bash\" --groups sudo \"${USERNAME}\"\n\n# Check whether the root account has a real password set\nencrypted_root_pw=\"$(grep root /etc/shadow | cut --delimiter=: --fields=2)\"\n\nif [ \"${encrypted_root_pw}\" != \"*\" ]; then\n    # Transfer auto-generated root password to user if present\n    # and lock the root account to password-based access\n    echo \"${USERNAME}:${encrypted_root_pw}\" | chpasswd --encrypted\n    passwd --lock root\nelse\n    # Delete invalid password for user if using keys so that a new password\n    # can be set without providing a previous value\n    passwd --delete \"${USERNAME}\"\nfi\n\n# Expire the sudo user's password immediately to force a change\nchage --lastday 0 \"${USERNAME}\"\n\n# Create SSH directory for sudo user\nhome_directory=\"$(eval echo ~${USERNAME})\"\nmkdir --parents \"${home_directory}/.ssh\"\n\n# Copy `authorized_keys` file from root if requested\nif [ \"${COPY_AUTHORIZED_KEYS_FROM_ROOT}\" = true ]; then\n    cp /root/.ssh/authorized_keys \"${home_directory}/.ssh\"\nfi\n\n# Add additional provided public keys\nfor pub_key in \"${OTHER_PUBLIC_KEYS_TO_ADD[@]}\"; do\n    echo \"${pub_key}\" >> \"${home_directory}/.ssh/authorized_keys\"\ndone\n\n# Adjust SSH configuration ownership and permissions\nchmod 0700 \"${home_directory}/.ssh\"\nchmod 0600 \"${home_directory}/.ssh/authorized_keys\"\nchown --recursive \"${USERNAME}\":\"${USERNAME}\" \"${home_directory}/.ssh\"\n\n# Disable root SSH login with password\nsed --in-place 's/^PermitRootLogin.*/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config\nif sshd -t -q; then\n    systemctl restart sshd\nfi\n\n# Add exception for SSH and then enable UFW firewall\nufw allow OpenSSH\nufw --force enable\n"
  }
]