#!/usr/bin/env bash set -euo pipefail mkdir /tmp/riju pushd /tmp/riju export DEBIAN_FRONTEND=noninteractive sudo -E apt-get update sudo -E apt-get dist-upgrade -y sudo -E apt-get install -y curl gnupg lsb-release curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo -E apt-key add - ubuntu_name="$(lsb_release -cs)" sudo tee -a /etc/apt/sources.list.d/custom.list >/dev/null <&2 exit 1 fi IFS=" " read contents < "/tmp/id_${user}.pub" echo "${contents}" > "/tmp/id_${user}.pub" done sudo sed -Ei 's/^#?PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config sudo sed -Ei 's/^#?PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config sudo sed -Ei 's/^#?PermitEmptyPasswords .*/PermitEmptyPasswords no/' /etc/ssh/sshd_config sudo passwd -l root sudo useradd admin -g admin -G sudo -s /usr/bin/bash -p "$(echo "${ADMIN_PASSWORD}" | mkpasswd -s)" -m sudo useradd deploy -s /usr/bin/bash -p "!" -m for user in admin deploy; do sudo runuser -u "${user}" -- mkdir -p "/home/${user}/.ssh" sudo mv "/tmp/id_${user}.pub" "/home/${user}/.ssh/authorized_keys" sudo chown -R "${user}:${user}" "/home/${user}/.ssh" sudo chmod -R go-rwx "/home/${user}/.ssh" done sudo runuser -u deploy -- sed -i 's/^/command="sudo riju-deploy ${SSH_ORIGINAL_COMMAND}",restrict /' /home/deploy/.ssh/authorized_keys sudo tee /etc/sudoers.d/riju >/dev/null <<"EOF" deploy ALL=(root) NOPASSWD: /usr/local/bin/riju-deploy EOF sudo hostnamectl set-hostname riju sudo systemctl enable riju sudo passwd -l ubuntu popd rm -rf /tmp/riju