#!/bin/sh # This script needs to be executed as root. # Install Docker. # Source: https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository apt-get update apt-get -y install ca-certificates curl gnupg lsb-release curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null apt-get update apt-get -y install docker-ce docker-ce-cli containerd.io # Install Docker Compose. # Source: https://docs.docker.com/compose/install/#install-compose-on-linux-systems curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose # Install GitHub CLI # Source: https://github.com/cli/cli/blob/trunk/docs/install_linux.md#official-sources curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null apt update apt -y install gh # Install randomness daemon so there is enough entropy for Docker to work without hanging. apt-get -y install haveged # Make sure all other packages are up-to-date. apt update apt -y upgrade apt -y dist-upgrade apt -y autoremove # Set up unattended updates apt-get -y install unattended-upgrades cat < /etc/apt/apt.conf.d/50unattended-upgrades Unattended-Upgrade::Allowed-Origins { "${distro_id}:${distro_codename}"; "${distro_id}:${distro_codename}-security"; "${distro_id}ESMApps:${distro_codename}-apps-security"; "${distro_id}ESM:${distro_codename}-infra-security"; }; Unattended-Upgrade::Package-Blacklist { }; Unattended-Upgrade::DevRelease "false"; Unattended-Upgrade::AutoFixInterruptedDpkg "true"; Unattended-Upgrade::MinimalSteps "true"; Unattended-Upgrade::InstallOnShutdown "false"; //Unattended-Upgrade::Mail ""; //Unattended-Upgrade::MailReport "on-change"; Unattended-Upgrade::Remove-Unused-Kernel-Packages "true"; Unattended-Upgrade::Remove-New-Unused-Dependencies "true"; Unattended-Upgrade::Remove-Unused-Dependencies "true"; Unattended-Upgrade::Automatic-Reboot "true"; Unattended-Upgrade::Automatic-Reboot-WithUsers "true"; Unattended-Upgrade::Automatic-Reboot-Time "02:00"; //Acquire::http::Dl-Limit "70"; Unattended-Upgrade::SyslogEnable "true"; // Unattended-Upgrade::SyslogFacility "daemon"; Unattended-Upgrade::OnlyOnACPower "true"; Unattended-Upgrade::Skip-Updates-On-Metered-Connections "true"; Unattended-Upgrade::Verbose "false"; Unattended-Upgrade::Debug "false"; // Unattended-Upgrade::Allow-downgrade "false"; EOF chown root:root /etc/apt/apt.conf.d/50unattended-upgrades chmod 644 /etc/apt/apt.conf.d/50unattended-upgrades