My docker friendly image

by dulanov
17 deployments · 8 still active · last rev. 4 months ago

Minimalist and secure installation to start working with docker as fast as possible.

Compatible with: Ubuntu 16.04 LTS
						#! /bin/bash
#
# <UDF name="USERNAME" Label="Username" />
# <UDF name="PASSWORD" Label="Password" />
# <UDF name="USERPKEY" Label="Public Key" />

apt-get -o Acquire::ForceIPv4=true update
DEBIAN_FRONTEND=noninteractive apt-get -o Acquire::ForceIPv4=true -y upgrade
DEBIAN_FRONTEND=noninteractive apt-get install -q -y \
  -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" linux-image-virtual grub2 -y

update-grub

echo '%sudo ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers

sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
touch /tmp/restart-ssh
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config 
service sshd restart

apt-get -y install sudo
adduser $USERNAME --disabled-password --gecos ""
echo "$USERNAME:$PASSWORD" | chpasswd
usermod -aG sudo $USERNAME

mkdir -p /home/$USERNAME/.ssh
echo "$USERPKEY" >> /home/$USERNAME/.ssh/authorized_keys
chown -R "$USERNAME":"$USERNAME" /home/$USERNAME/.ssh

# setup fail2ban
apt-get install -y fail2ban

# setup ufw
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw enable

# setup unattended-upgrades
apt-get install -y unattended-upgrades

cat > /etc/apt/apt.conf.d/20auto-upgrades << EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF

# setup docker
apt-get -o Acquire::ForceIPv4=true install -y \
  apt-transport-https ca-certificates curl software-properties-common wget unzip

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -

apt-key fingerprint 0EBFCD88
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

apt-get -o Acquire::ForceIPv4=true update
apt-get -o Acquire::ForceIPv4=true install -y \
  docker-ce

usermod -aG docker $USERNAME

# other useful stuff
apt-get -o Acquire::ForceIPv4=true install -y \
  bash-completion command-not-found git vim