update install.sh

install.sh

@@ -2,9 +2,12 @@
 # Install the packages we need to set up our gliders website + backend.
 # This file doubles up as notes/instructions.
 
+# Installed on a VirtualBox VM with 512mb RAM, 1 CPU, 8gb storage
+# Add a second 'Host Only' network adapter to allow SSH/web connections
+# from host machine.
+
 # Based on a clean CentOS 7 minimal x64 installation
 # (CentOS-7-x86_64-Minimal-1503-01)
-# Installed on a VirtualBox VM with 512mb RAM, 1 CPU, 8gb storage
 # All configuration during CentOS install process was left as defaults
 # Base installation chosen.
 # One user added: gliders, pw: gliders9876
@@ -14,7 +17,7 @@ yum check-update
 yum update
 
 # Install needed tools
-yum install git rsync wget
+yum install git rsync wget vim ansible tmux htop iotop dstat lsof ipython
 
 # And development tools (needed to compile python libs from pip)
 yum groupinstall "Development Tools"
@@ -25,18 +28,26 @@ python -m easy_install pip
 pip install pandas
 
 # Install (& configure) sendmail
-yum install sendmail
+yum install sendmail sendmail-cf m4
+systemctl enable sendmail
 
 # Install & config MariaDB (MySQL)
 yum install mariadb mariadb-server
+mysql_secure_installation
+# ^ mariadb root pw was set to gliders9876, anon users + test db removed,
+# remote root login disabled
+systemctl enable mariadb
 
 # Install a relevant python ORM library
 # TODO: Pick one we like the most!
 # Big ones like SQLAlchemy?
 # owanes quite likes the look of https://storm.canonical.com/ :)
+pip install storm
 
 # Install PHP
-yum install php php-fpm php-pecl-apcu
+yum install php php-fpm php-apc
+cp php-fpm-www.conf /etc/php-fpm.d/www.conf
+systemctl enable php-fpm
 
 # As for the webserver -- either apache or nginx...
 # nginx is nice and fast, apache gets better support from
@@ -47,8 +58,33 @@ yum install php php-fpm php-pecl-apcu
 yum install epel-release  # enables another software repo
 yum check-update
 yum install nginx
+useradd -m gliders
+gpasswd -a nginx gliders
+gpasswd -a apache gliders
+mkdir -p /home/gliders/www
+chmod -R g+x /home/gliders
+cp nginx.conf /etc/nginx/
+cp gliders.nginx.conf /etc/nginx/conf.d/
+systemctl enable nginx
+
+# Install fail2ban
+yum install fail2ban
+systemctl enable fail2ban
 
 # Allow web through the firewall
 firewall-cmd --permanent --zone=public --add-service=http 
 firewall-cmd --permanent --zone=public --add-service=https
-firewall-cmd --reload
\ No newline at end of file
+firewall-cmd --permanent --zone=public --add-service=8080/tcp
+firewall-cmd --reload
+
+# Pull glider website and glider scripts from git repos
+mkdir -p /home/gliders/code
+mkdir -p /home/gliders/pythonenv
+cd /home/gliders/code
+ssh-keygen
+# Add contents of /home/gliders/.ssh/id_rsa.pub to GitLab
+git clone git@gitlab.noc.soton.ac.uk:allore/Website-Scripts.git
+
+# Restart (needed to get firewall to open ports for web, kernel might be
+# updated etc.)
+reboot
\ No newline at end of file