Merge branch 'main' of https://git.dereyck.eu/thomas/snippets

2025-04-08 12:26:48 +02:00
parent 245a1ac13f 04fb6626d3
commit df13809a3a
1 changed files with 71 additions and 0 deletions
--- a/docker/configure_docker_host.sh
+++ b/docker/configure_docker_host.sh
@ -0,0 +1,71 @@
+#!/bin/sh
+
+# This script needs to be executed as root.
+
+# Install Docker.
+# Source: https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository
+apt-get update
+apt-get -y install ca-certificates curl gnupg lsb-release
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
+apt-get update
+apt-get -y install docker-ce docker-ce-cli containerd.io
+
+# Install Docker Compose.
+# Source: https://docs.docker.com/compose/install/#install-compose-on-linux-systems
+ curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
+ chmod +x /usr/local/bin/docker-compose
+ 
+# Install GitHub CLI
+# Source: https://github.com/cli/cli/blob/trunk/docs/install_linux.md#official-sources
+curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null
+apt update
+apt -y install gh
+
+# Install randomness daemon so there is enough entropy for Docker to work without hanging.
+apt-get -y install haveged
+
+# Make sure all other packages are up-to-date.
+apt update
+apt -y upgrade
+apt -y dist-upgrade
+apt -y autoremove
+
+# Set up unattended updates
+apt-get -y install unattended-upgrades
+
+cat <<EOF > /etc/apt/apt.conf.d/50unattended-upgrades
+Unattended-Upgrade::Allowed-Origins {
+    "${distro_id}:${distro_codename}";
+    "${distro_id}:${distro_codename}-security";
+    "${distro_id}ESMApps:${distro_codename}-apps-security";
+    "${distro_id}ESM:${distro_codename}-infra-security";
+};
+Unattended-Upgrade::Package-Blacklist {
+
+};
+Unattended-Upgrade::DevRelease "false";
+Unattended-Upgrade::AutoFixInterruptedDpkg "true";
+Unattended-Upgrade::MinimalSteps "true";
+Unattended-Upgrade::InstallOnShutdown "false";
+//Unattended-Upgrade::Mail "";
+//Unattended-Upgrade::MailReport "on-change";
+Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
+Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
+Unattended-Upgrade::Remove-Unused-Dependencies "true";
+Unattended-Upgrade::Automatic-Reboot "true";
+Unattended-Upgrade::Automatic-Reboot-WithUsers "true";
+Unattended-Upgrade::Automatic-Reboot-Time "02:00";
+//Acquire::http::Dl-Limit "70";
+Unattended-Upgrade::SyslogEnable "true";
+// Unattended-Upgrade::SyslogFacility "daemon";
+Unattended-Upgrade::OnlyOnACPower "true";
+Unattended-Upgrade::Skip-Updates-On-Metered-Connections "true";
+Unattended-Upgrade::Verbose "false";
+Unattended-Upgrade::Debug "false";
+// Unattended-Upgrade::Allow-downgrade "false";
+EOF
+
+chown root:root /etc/apt/apt.conf.d/50unattended-upgrades
+chmod 644 /etc/apt/apt.conf.d/50unattended-upgrades