25/09/20 Notes
Bash Provisioning on a Vultur VM 
#!/bin/bash
# The below script can be used on Vultur to provision my webserver VM
# The idea is that the website code & config is GitManaged and run in a Docker container on this VM

# Install Packages
/usr/bin/yum install git -y
/usr/bin/yum install docker -y
/usr/bin/yum install yum-cron -y

# Security Related
/usr/sbin/setenforce 1
/usr/bin/firewall-cmd --permanent --zone=public --add-port=80/tcp
/usr/bin/sed -i 's|^apply_updates = no|apply_updates = yes|' /etc/yum/yum-cron.conf
/usr/bin/systemctl disable --now sshd
/usr/sbin/usermod root --password 'somecrazypwdhash'

# Enable Services
/usr/bin/systemctl enable --now docker
/usr/bin/systemctl enable --now firewalld
/usr/bin/systemctl enable --now yum-cron

# Set timezone
/usr/bin/timedatectl set-timezone Australia/Sydney

# Update System
/usr/bin/yum update -y

# Create Docker dir
/usr/bin/mkdir /opt/web-contained

# Create Dockerfile
cat < /opt/web-contained/Dockerfile
#!/bin/sh
# Download Ubuntu base OS
FROM ubuntu:20.04

# LABEL about this custom image
LABEL maintainer="guy@mail.com"
LABEL version="1.0"
LABEL description="Runs my website."

# Disable Prompt During Packages Installation
ARG DEBIAN_FRONTEND=noninteractive

# Update Ubuntu Software repository
RUN apt-get update -y && apt-get upgrade -y

# Download websites and apache config
RUN apt-get install git -y && \
    mkdir website && \
    cd website && \
    git init && \
    git config user.email "guy@mail.com" && \
    git config user.name "guy" && \
    git pull https://tokenid@github.com/guy/website.git master && \
    git pull https://tokenid@github.com/guy/apache-config.git master --allow-unrelated-histories

# Install apache and required module
RUN apt-get install apache2 -y
RUN a2enmod rewrite

# Replace apache config file
RUN mv /website/apache2.conf /etc/apache2/
RUN chown root:root /etc/apache2/apache2.conf
RUN chmod 644 /etc/apache2/apache2.conf

# Move websites into apache web directory
RUN mv /website/ /var/www/html/
RUN chown -R www-data:www-data /var/www/html

# Listen on port 80
EXPOSE 80
EOF

# Create Docker Script
/usr/bin/cat < /opt/web-contained/docker-rebuild.sh
#!/bin/bash
# Wait for Docker to start when rebooting
/usr/bin/sleep 30
# Stop the container
/usr/bin/docker stop tayicseua
# Delete the container
/usr/bin/docker rm tayicseua
# Remove the docker images
/usr/bin/docker image rm ubuntu:20.04
/usr/bin/docker image rm website-image:latest
# Build the docker image
/usr/bin/docker build -t website-image /opt/web-contained
# Start the container
/usr/bin/docker run -d -t -p 80:80 --name tayicseua website-image bash -c "service apache2 start && sleep infinity"
EOF

# Permissions
/usr/bin/chown -R root:root /opt/web-contained
/usr/bin/chmod -R 0600 /opt/web-contained
/usr/bin/chmod -R 0700 /opt/web-contained/docker-rebuild.sh

# Cronjobs
echo "30 4 * * MON-SAT root /opt/web-contained/docker-rebuild.sh" >> /etc/crontab
echo "@reboot root /opt/web-contained/docker-rebuild.sh" >> /etc/crontab
echo "30 4 * * SUN root /usr/sbin/reboot now" >> /etc/crontab

# Cleanup
/usr/bin/rm -f /tmp/firstboot.exec

# Restart
/usr/sbin/reboot now