#!/bin/bash echo "==================================================================================" echo "Check if the system is freshly installed before doing anything else, because we don't want to run the installation script twice..." if [ -d /etc/webmin ]; then echo "It seems this script has already been executed on this server." echo "This script should be run only once as otherwise it will duplicate entries in number of configuration files!" exit 0 fi chmod -x /etc/update-motd.d/* apt-get update -y && apt-get upgrade -y && apt full-upgrade -y && apt autoremove -y # Per https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1780196 apt install dracut-core -y apt install policycoreutils -y echo "net.ipv6.conf.all.disable_ipv6=1" >> /etc/sysctl.conf echo "net.ipv6.conf.default.disable_ipv6=1" >> /etc/sysctl.conf echo "net.ipv6.conf.lo.disable_ipv6=1" >> /etc/sysctl.conf apt install net-tools echo "Done..." echo "==================================================================================" echo "==================================================================================" echo "Set some variables to use later in the installation script..." if grep -q "QEMU" /proc/bus/input/devices; then PORT=19759 else PORT=19753 fi export PORT IP="$( hostname -I )" IP6="$( ip -6 addr | grep inet6 | awk -F '[ \t]+|/' '{print $3}' | grep -v ^::1 )" IFACE=$(ip addr | grep $IP | awk '{print $NF}') OWNER="" TIMESTAMP=$(date +%s) SECONDS=0 echo "Done..." echo "==================================================================================" echo "==================================================================================" echo "Change SSH port..." adduser --disabled-password --gecos "" altagrade usermod -aG sudo altagrade sed -i '/%sudo/c\%sudo ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers mkdir /home/altagrade/.ssh echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC753VZbicoElj5moS0XZ70ERwse483Cuqc6Jf3YXJvn4+ZGzdjUsUI4+0GHK0aufeFh4YNZQ9QoQnM/3HUKZIGm3/2lYvzY1Z2YtyWz57LSX6o+oskq01Pe+3g+sxbt1yOW/KhClVhTSNzFPtMV5h4//JLxdO1Z6pctXSgq2COZ9fnEAm/AzmYFpuNvg0JmNdWuFkvnSKZrkt9hmw72TTjTE+p9DviTmoq4GCr6l2Pg4y6oTlyQ595yi6wDZe0JK7cdkKMsA4U6kAyHqci7zXOu7HjLdYcKZCohCp/iddHZbERmlZuS1eGbiARYtBZb9FNdUmnUB3nggb4DU3FPeDl' >> /home/altagrade/.ssh/authorized_keys restorecon -R -v /home/altagrade/.ssh sed -i "s/#force_color_prompt=yes/force_color_prompt=yes/g" /root/.bashrc source /root/.bashrc sed -i "s/#force_color_prompt=yes/force_color_prompt=yes/g" /home/altagrade/.bashrc sed -i "s/#Port 22/Port $PORT/g" /etc/ssh/sshd_config sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/g" /etc/ssh/sshd_config sed -i "s/PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config service sshd restart echo "Done..." echo "==================================================================================" echo "==================================================================================" echo "Prepare the system..." # Make boot fast systemctl disable systemd-networkd-wait-online.service systemctl mask systemd-networkd-wait-online.service if [ "$(readlink /etc/localtime)" != "/usr/share/zoneinfo/UTC" ]; then echo "==================================================================================" echo "Setting local time to UTC .." rm -f /etc/localtime ln -s /usr/share/zoneinfo/UTC /etc/localtime echo ".. done" fi if [ ! -d /backup ]; then echo "==================================================================================" echo "Creating /home/backup directory .." mkdir /backup echo ".. done" fi if [ ! -d /sandbox ]; then echo "==================================================================================" echo "Creating /sandbox directory .." mkdir /sandbox echo ".. done" fi echo "Done..." echo "==================================================================================" echo "==================================================================================" echo "Enable Automatic Updates..." apt install unattended-upgrades apt install update-notifier-common #edit /etc/apt/apt.conf.d/50unattended-upgrades per https://linoxide.com/enable-automatic-updates-on-ubuntu-20-04/ sed -i 's*//Unattended-Upgrade::Mail "";*Unattended-Upgrade::Mail "info@altagrade.com";*g' /etc/apt/apt.conf.d/50unattended-upgrades sed -i 's*//Unattended-Upgrade::MailReport "on-change";*Unattended-Upgrade::MailReport "only-on-error";*g' /etc/apt/apt.conf.d/50unattended-upgrades sed -i 's*//Unattended-Upgrade::Automatic-Reboot "false";*Unattended-Upgrade::Automatic-Reboot "true";*g' /etc/apt/apt.conf.d/50unattended-upgrades sed -i 's*//Unattended-Upgrade::Automatic-Reboot-WithUsers "true";*Unattended-Upgrade::Automatic-Reboot-WithUsers "true";*g' /etc/apt/apt.conf.d/50unattended-upgrades sed -i 's*//Unattended-Upgrade::Automatic-Reboot-Time "02:00";*Unattended-Upgrade::Automatic-Reboot-Time "02:36";*g' /etc/apt/apt.conf.d/50unattended-upgrades echo "Done..." echo "==================================================================================" echo "==================================================================================" echo " Installing Webmin and Virtualmin..." if [ ! -d /etc/webmin ]; then echo "==================================================================================" echo "Installing control panel .." cd /usr/src wget http://software.virtualmin.com/gpl/scripts/install.sh chmod 755 install.sh ./install.sh -y echo ".. done" fi echo "Done..." echo "==================================================================================" echo "==================================================================================" echo "Configuring Virtualmin..." # yes | /usr/share/webmin/authentic-theme/theme-update.sh # yes | /usr/share/usermin/authentic-theme/theme-update.sh # Adapting Virtualmin and Webmin jargon for cPanel users /etc/ag/cp/new-lang.sh sed -i 's/bandwidth /traffic /g' /etc/webmin/virtual-server/bw-template sed -i 's/bandwidth /traffic /g' /etc/webmin/virtual-server/warnbw-template sed -i 's/Bandwidth /Traffic /g' /etc/webmin/virtual-server/bw-template sed -i 's/Bandwidth /Traffic /g' /etc/webmin/virtual-server/warnbw-template sed -i 's/virtual server /domain /g' /etc/webmin/virtual-server/bw-template sed -i 's/virtual server /domain /g' /etc/webmin/virtual-server/warnbw-template sed -i 's/sub-servers /sub-domains /g' /etc/webmin/virtual-server/bw-template sed -i 's/sub-servers /sub-domains /g' /etc/webmin/virtual-server/warnbw-template rm -rf /etc/webmin/authentic-theme cp -R /etc/ag/webmin/authentic-theme /etc/webmin rm -rf /etc/webmin/status cp -R /etc/ag/webmin/status /etc/webmin rm -rf /etc/webmin/custom cp -R /etc/ag/webmin/custom /etc/webmin sed -i 's/mail=1/mail=2/g' /etc/webmin/virtual-server/config sed -i 's/spam=1/spam=2/g' /etc/webmin/virtual-server/config sed -i 's/dns=1/dns=2/g' /etc/webmin/virtual-server/config sed -i 's/plugins=virtualmin-awstats virtualmin-dav virtualmin-htpasswd/plugins=virtualmin-htpasswd/g' /etc/webmin/virtual-server/config sed -i 's/ftp=2/ftp=0/g' /etc/webmin/virtual-server/config sed -i 's/virus=1/virus=2/g' /etc/webmin/virtual-server/config echo 'plugins_inactive=virtualmin-awstats virtualmin-init virtualmin-dav virtualmin-registrar virtualmin-git virtualmin-sqlite virtualmin-slavedns' >> /etc/webmin/virtual-server/config echo "PORT ${PORT}" > /etc/webmin/virtual-server/globals echo "Done..." echo "==================================================================================" echo "==================================================================================" echo "Webmin UI categories..." cat > /etc/webmin/webmin.descs << 'EOT' bandwidth=Traffic Monitoring webmin=Host Manager Configuration servers=Host Manager Servers webminlog=Host Manager Log acl=Host Manager Users virtualmin-registrar=Site Manager Domain Registration virtualmin-dav=Site Manager DAV virtualmin-init=Site Manager Bootup Actions virtualmin-git=Site Manager Git virtualmin-htpasswd=Site Manager Protected Directories virtualmin-sqlite=Site Manager SQLite virtual-server=Site Manager Domains usermin=User Manager Configuration custom=AltaGrade Commands EOT cat > /etc/webmin/webmin.catnames << 'EOT' =AltaGrade EOT echo "Done..." echo "==================================================================================" echo "==================================================================================" echo "Email template for domains..." cat > /etc/webmin/virtual-server/domain-template << 'EOT' The following website has been created successfully: +=============================================+ | Website Info | ${DOM} +=============================================+ | Username: ${USER} | Password: ${PASS} ${IF-WEB} | Website: http://www.${DOM} | HTML directory: ${PUBLIC_HTML_PATH} ${IF-MAIL} | SMTP server: mail.${DOM} | POP3 server: mail.${DOM} ${ENDIF-MAIL} ${IF-WEBALIZER} | Webalizer log reporting: Enabled ${ENDIF-WEBALIZER} ${ENDIF-WEB} ${IF-MYSQL} | MySQL database: ${DB} | MySQL login: ${MYSQL_USER} ${IF-MYSQL_PASS} | MySQL password: ${MYSQL_PASS} ${ELSE-MYSQL_PASS} | MySQL password: ${PASS} ${ENDIF-MYSQL_PASS} ${ENDIF-MYSQL} | Apache Solr Host: localhost | Apache Solr Port: 8983 | Apache Solr Path: /solr/${DOM} +=============================================+ +=============================================+ | Server Info | ${IP} +=============================================+ | Dedicated IP: ${IP} | SSH and SFTP Port: ${PORT} | Control Panel: http://admin.${DOM} | (or https://${IP}:8443 before propagation) +=============================================+ Please note of the following important details: - The above access information is not for your profile account at https://my.altagrade.com. You set your own username and password for your profile account during sign-up process. If you forgot your password to your profile account, then please just reset it on https://my.altagrade.com/user/password. - You can request this e-mail any time by logging in to your control panel, selecting the website's domain name in the drop-down list on the left menu and clicking on "Administration Options" > Re-Send Signup Email. - Find more detailed information please read our documentation portal at https://www.altagrade.com/help. - If you have any questions, comments, or concerns, feel free to create a support ticket at https://my.altagrade.com. EOT cat > /etc/webmin/virtual-server/subdomain-template << 'EOT' The following website has been created successfully: +===================================+ | Website Info | ${DOM} +===================================+ | Username: ${USER} | Password: ${PASS} ${IF-WEB} | Website: http://www.${DOM} ${IF-MAIL} | SMTP server: mail.${DOM} | POP3 server: mail.${DOM} ${ENDIF-MAIL} ${IF-WEBALIZER} | Webalizer log reporting: Enabled ${ENDIF-WEBALIZER} ${ENDIF-WEB} ${IF-MYSQL} | MySQL database: ${DB} | MySQL login: ${MYSQL_USER} ${IF-MYSQL_PASS} | MySQL password: ${MYSQL_PASS} ${ELSE-MYSQL_PASS} | MySQL password: ${PASS} ${ENDIF-MYSQL_PASS} ${ENDIF-MYSQL} | Apache Solr Host: localhost | Apache Solr Port: 8983 | Apache Solr Path: /solr/${DOM} +===================================+ +===================================+ | Server Info | ${IP} +===================================+ | Dedicated IP: ${IP} | SSH and SFTP Port: ${PORT} | Control Panel: http://admin.${DOM} (or https://${IP}:8443 before propagation) +===================================+ - The above access information is not for your profile account at https://my.altagrade.com. You set your own username and password for your profile account during sign-up process. If you forgot your password to your profile account, then please just reset it on https://my.altagrade.com/user/password. - You can request this e-mail any time by logging in to your control panel, selecting the website's domain name in the drop-down list on the left menu and clicking on "Administration Options" > Re-Send Signup Email. - Find more detailed information please read our documentation portal at https://www.altagrade.com/help. - If you have any questions, comments, or concerns, feel free to create a support ticket at https://my.altagrade.com. EOT sed -i '/newdom_subject/c\ newdom_subject=Account information for ${DOM}' /etc/webmin/virtual-server/config sed -i '/newsubdom_subject/c\ newdom_subject=Account information for ${DOM}' /etc/webmin/virtual-server/config echo "Done..." echo "==================================================================================" echo "==================================================================================" echo "Unlimited plan..." cat > /etc/webmin/virtual-server/plans/0 << 'EOT' quota= quota= bwlimit= norename=0 file=/etc/webmin/virtual-server/plans/0 uquota= nodbname=1 realdomslimit= migrate=0 aliaslimit= domslimit= capabilities= ipfollow= id=0 featurelimits= mailboxlimit= name=Unlimited Plan dbslimit= aliasdomslimit= forceunder=0 scripts= safeunder=0 EOT echo "Done..." echo "==================================================================================" echo "==================================================================================" echo "Configure firewall..." sed -ie 's/port=10000/port=8443/' /etc/webmin/miniserv.conf sed -ie 's/listen=10000/listen=8443/' /etc/webmin/miniserv.conf systemctl disable --now firewalld.service apt-get install ufw -y yes | ufw enable ufw default deny incoming ufw default allow outgoing ufw allow "Apache Full" ufw allow ssh ufw allow $PORT/tcp ufw allow 8443/tcp yes | ufw enable echo "Done..." echo "==================================================================================" echo "==================================================================================" echo "Install additional PHP packages & Composer..." apt-get install php8.3-{cli,pdo,fpm,zip,gd,xml,mysql,cgi,apcu,uploadprogress} -y echo "==================================================================================" echo "Changing PHP configurations settings .." sed -ie 's/upload_max_filesize = 2M/upload_max_filesize = 20M/' /etc/php/8.3/cgi/php.ini sed -ie 's/post_max_size = 8M/post_max_size = 16M/' /etc/php/8.3/cgi/php.ini sed -ie 's/max_execution_time = 30/max_execution_time = 600/' /etc/php/8.3/cgi/php.ini sed -ie 's/max_input_time = 60/max_input_time = 600/' /etc/php/8.3/cgi/php.ini sed -ie 's/memory_limit = 128M/memory_limit = 1280M/' /etc/php/8.3/cgi/php.ini sed -ie 's/upload_max_filesize = 2M/upload_max_filesize = 20M/' /etc/php/8.3/fpm/php.ini sed -ie 's/post_max_size = 8M/post_max_size = 16M/' /etc/php/8.3/fpm/php.ini sed -ie 's/max_execution_time = 30/max_execution_time = 600/' /etc/php/8.3/fpm/php.ini sed -ie 's/max_input_time = 60/max_input_time = 600/' /etc/php/8.3/fpm/php.ini sed -ie 's/memory_limit = 128M/memory_limit = 1280M/' /etc/php/8.3/fpm/php.ini sed -ie 's/upload_max_filesize = 2M/upload_max_filesize = 20M/' /etc/php/8.3/cli/php.ini sed -ie 's/post_max_size = 8M/post_max_size = 16M/' /etc/php/8.3/cli/php.ini sed -ie 's/max_execution_time = 30/max_execution_time = 600/' /etc/php/8.3/cli/php.ini sed -ie 's/max_input_time = 60/max_input_time = 600/' /etc/php/8.3/cli/php.ini sed -ie 's/memory_limit = 128M/memory_limit = 1280M/' /etc/php/8.3/cli/php.ini echo "==================================================================================" echo "Installing Composer .." cd ~ curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer echo ".. done" apt install memcached libmemcached-tools -y sed -ie 's/-m 64/-m 4096/' /etc/memcached.conf sed -ie 's/-l ::1/#-l ::1/' /etc/memcached.conf systemctl enable memcached systemctl start memcached apt install php8.3-memcached -y echo "Done..." echo "==================================================================================" echo "==================================================================================" echo "Install bee..." cd /usr/local/src && git clone https://github.com/backdrop-contrib/bee.git ln -s /usr/local/src/bee/bee.php /usr/local/bin/bee echo "Done..." echo "==================================================================================" echo "==================================================================================" echo "Configuring AltaGrade cron-tasks..." cat > /etc/cron.daily/altagrade << 'EOF' #!/bin/bash sed -ie 's/Ubuntu Linux/AltaOS/' /etc/webmin/config >/dev/null 2>&1 sh /etc/ag/cp/new-lang.sh >/dev/null 2>&1 sed -ie 's/slider_enabled=true/slider_enabled=false/' /etc/webmin/authentic-theme/settings.js >/dev/null 2>&1 exit EOF chmod 755 /etc/cron.daily/altagrade /etc/cron.daily/altagrade echo "Done..." echo "==================================================================================" echo "==================================================================================" echo "Add banner message..." if ! grep -Fq "▓▓▓█████▓" /etc/banner then echo "==================================================================================" echo "Creating /etc/banner .." cat <> /etc/banner ▄▄▄ ▓▓▓ ▓▓▓█████▓ ▄▄▄ ▄████ ▓▓▀███ ▄▄▄ ▓█████▄ ▓█████ ▒▓▓██▄ ▓██▒ ▓ ▓▓▒ ▓▒▒████▄ ▓▓▒ ▀█▒▓██ ▒ ▓█▒▒▓▓██▄ ▒▓▓▀ ██▌▓▓ ▀ ▒▓▓ ▀█▄ ▒▓▓░ ▒ ▓██░ ▒░▒▓▓ ▀█▄ ▒▓▓░▄▄▄░▓▓▓ ░▄█ ▒▒▓▓ ▀█▄ ░██ █▌▒▓▓██ ░██▄▄▄▄██ ▒▓▓░ ░ ▓██▓ ░ ░██▄▄▄▄██ ░▓█ ██▓▒▓▓▀▀█▄ ░██▄▄▄▄██ ░▓█▄ ▌▒▓█ ▄ ▓█ ▓██▒░██████▒▒██▒ ░ ▓█ ▓██▒░▒▓███▀▒░██▓ ▒▓▓▒ ▓█ ▓██▒░▒████▓ ░▒████▒ ▒▒ ▓▒█░░ ▒░▓ ░▒ ░░ ▒▒ ▓▒█░ ░▒ ▒ ░ ▒▓ ░▒▓░ ▒▒ ▓▒█░ ▒▒▓ ▒ ░░ ▒░ ░ ▒ ▒▒ ░░ ░ ▒ ░ ░ ▒ ▒▒ ░ ░ ░ ░▒ ░ ▒░ ▒ ▒▒ ░ ░ ▒ ▒ ░ ░ ░ ░ ▒ ░ ░ ░ ░ ▒ ░ ░ ░ ░░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ***************************************************************************** * Welcome to AltaGrade Optimized Operating System! * * * * If you encounter any issues with the server, then please browse our Help * * section on https://www.altagrade.com/docs first. And if you couldn't find * * any solution, then submit a support request at https://my.altagrade.com. * * * ***************************************************************************** EOT echo ".. done" fi if grep -Fq "#Banner none" /etc/ssh/sshd_config then sed -ie '/#Banner none/c\Banner /etc/banner' /etc/ssh/sshd_config else echo 'Banner /etc/banner' >> /etc/ssh/sshd_config fi echo "Done..." echo "==================================================================================" echo "==================================================================================" echo "Finalizing the installation script..." # Per https://www.virtualmin.com/node/43097 rm -rf /var/webmin/module.infos.cache sh /etc/ag/cp/new-lang.sh >/dev/null 2>&1 /sbin/virtualmin check-config # Calculating execution time executed="$(($SECONDS / 60)) minutes and $(($SECONDS % 60)) seconds" echo "The installation took $executed" echo "AltaOS installed on $(date)" > /root/.altaos/install_date.txt updatedb echo "Rebooting the system..." reboot echo "Done..." echo "==================================================================================" exit