build-machine-debian

#!/bin/bash
# Ubuntu 20.04
# curl -sSL https://raw.githubusercontent.com/hut8/build-machine/master/build-machine-debian | bash
set -euo pipefail

repo_url='https://raw.githubusercontent.com/hut8/build-machine/master'

if ! [ "$(id -u)" = 0 ]; then
    echo 'this script must be run as root'
    exit 1
fi

export DEBIAN_FRONTEND=noninteractive

user_exists(){ id "$1" &>/dev/null; }

sudo apt-get update
sudo apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
sudo apt-get install -y \
    -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" \
    apt-transport-https \
    autoconf \
    automake \
    build-essential \
    cmake \
    curl \
    dnsutils \
    emacs \
    g++ \
    git \
    gnupg \
    htop \
    iotop \
    jq \
    libbz2-dev \
    libffi-dev \
    liblzma-dev \
    libncurses-dev \
    libpq-dev \
    libreadline-dev \
    libsqlite3-dev \
    libyaml-dev \
    lsb-release \
    moreutils \
    ncdu \
    netcat-openbsd \
    nethogs \
    pcregrep \
    pipx \
    pkg-config \
    pv \
    python3 \
    python3-dev \
    python3-full \
    python-is-python3 \
    recode \
    rmlint \
    rsync \
    silversearcher-ag \
    texinfo \
    tig \
    tmux \
    toilet \
    tree \
    wget \
    zsh

hash rclone 2>/dev/null || {
    curl https://rclone.org/install.sh | bash
}


[[ -f /swapfile ]] || {
  dd if=/dev/zero of=/swapfile bs=1024 count=8M
  chmod 0600 /swapfile
  mkswap /swapfile
  swapon /swapfile
}


trusted_keyrings='/etc/apt/trusted.gpg.d'

# # Add docker repository and install docker
# docker_keyring_path="$trusted_keyrings/docker.asc"
# if [ ! -f "$docker_keyring_path" ]; then
#     echo "adding docker keyring to $docker_keyring_path"
#     curl -fsSL https://download.docker.com/linux/debian/gpg > "$docker_keyring_path"
#     chmod a+r "$docker_keyring_path"
# fi

# docker_source_path='/etc/apt/sources.list.d/docker.list'
# if [ ! -f $docker_source_path ]; then
#     echo \
#         "deb [arch="$(dpkg --print-architecture)" signed-by=$docker_keyring_path] https://download.docker.com/linux/debian \
#         "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
#         tee "$docker_source_path" > /dev/null
# fi
# apt-get update
# apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

# MongoDB Community Edition
# Adds repo and key but does not install
[[ ! -f $trusted_keyrings/mongodb-server-6.0.gpg ]] && curl -fsSL https://pgp.mongodb.com/server-6.0.asc | gpg -o $trusted_keyrings/mongodb-server-6.0.gpg --dearmor
echo "deb [signed-by=$trusted_keyrings/mongodb-server-6.0.gpg] http://repo.mongodb.org/apt/debian bullseye/mongodb-org/6.0 main" | tee /etc/apt/sources.list.d/mongodb-org-6.0.list

# Gcloud
echo "deb [signed-by=$trusted_keyrings/cloud.google.asc] https://packages.cloud.google.com/apt cloud-sdk main" | tee /etc/apt/sources.list.d/google-cloud-sdk.list
[[ ! -f "$trusted_keyrings/cloud.google.asc" ]] && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | tee "$trusted_keyrings/cloud.google.asc"

# Postgres repo
echo "deb [signed-by=$trusted_keyrings/apt.postgresql.org.gpg] https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o "$trusted_keyrings/apt.postgresql.org.gpg"

# Caddy repo
[[ ! -f $trusted_keyrings/caddy-stable-archive-keyring.gpg ]] && curl 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o "$trusted_keyrings/caddy-stable-archive-keyring.gpg"
echo "deb [signed-by=$trusted_keyrings/caddy-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main" | tee /etc/apt/sources.list.d/caddy-stable.list

# Install Go
arch=$(uname -m | sed -e 's/x86_64/amd64/g' -e 's/aarch64/arm64/g')
os=$(uname -s | tr '[:upper:]' '[:lower:]')
archive=$(curl -sSL 'https://go.dev/dl/?mode=json' |
    jq -r '.[0].files[] | select(.os == "'$os'") | select(.arch == "'$arch'") | select(.kind == "archive")')
version="$(echo "$archive" | jq -r '.version')"
go_filename=$(echo "$archive" | jq -r '.filename')
go_path='/usr/local/go'
go_url_base='https://go.dev/dl'
go_url="${go_url_base}/${go_filename}"
if [[ ! -d $go_path ]]; then
    (
        echo "go: latest version: $version for $os/$arch"
        echo "downloading go from $go_url to $go_path"
        cd /tmp
        curl --location --remote-name --silent --show-error "$go_url"
        tar -C /usr/local -xzf "${go_filename}"
        rm "${go_filename}"
    )
fi


# Create my user
if ! user_exists "liam";
then
    echo 'creating user'
    useradd \
        --comment 'Liam' \
        --user-group \
        --shell /usr/bin/zsh \
        --create-home \
        liam
else
    chsh --shell /usr/bin/zsh liam # idempotent
fi

[[ -v "${WITH_DOCKER-}" ]] && usermod -a -G docker liam

# locale-gen en_US.UTF-8 UTF-8
# update-locale en_US.UTF-8 UTF-8

curl -sSL "$repo_url/sudoers" > /etc/sudoers.d/liam

curl -sSL "$repo_url/build-account" |
  sudo --set-home -u liam /usr/bin/zsh