#!/usr/bin/env bash set -euo pipefail # Simple installer for Ubuntu server: # - unattended-upgrades (security updates + automatic reboot) # - Docker (engine + compose plugin) per Docker docs steps 1-3 # - zsh (set as default shell for original user) # - 1Password CLI for access to secrets # - secret-tools for storing tokens needed (i.e. for 1Password CLI) # Must be run as root if [ "$EUID" -ne 0 ]; then echo "Please run as root: sudo bash $0" exit 1 fi # Detect target user to set default shell for TARGET_USER="${SUDO_USER:-$(whoami)}" apt-get update # 1) Enable automatic security updates and automatic reboot apt-get install -y unattended-upgrades # Enable periodic updates/unattended-upgrades cat > /etc/apt/apt.conf.d/20auto-upgrades <<'EOF' APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1"; APT::Periodic::AutocleanInterval "7"; EOF # Ensure automatic reboot after unattended-upgrades (time adjustable) cat > /etc/apt/apt.conf.d/99auto-reboot <<'EOF' Unattended-Upgrade::Automatic-Reboot "true"; Unattended-Upgrade::Automatic-Reboot-Time "04:00"; EOF # Start/enable unattended-upgrades (if system uses service/timer) if systemctl list-unit-files | grep -q unattended-upgrades; then systemctl enable --now unattended-upgrades || true fi # 2) Install Docker (steps 1-3 from Docker docs) # Install prerequisites apt-get install -y ca-certificates curl gnupg lsb-release # Create keyrings dir and add Docker GPG key install -m 0755 -d /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc chmod a+r /etc/apt/keyrings/docker.asc # Add Docker apt repository ARCH=$(dpkg --print-architecture) . /etc/os-release UBU_CODENAME="${UBUNTU_CODENAME:-$VERSION_CODENAME}" echo "deb [arch=${ARCH} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu ${UBU_CODENAME} stable" \ > /etc/apt/sources.list.d/docker.list apt-get update # Install Docker Engine + plugins including compose plugin apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin # Verify Docker works by running hello-world (this will pull an image) if command -v docker >/dev/null 2>&1; then docker run --rm hello-world || true fi # 3) Install zsh and make it the default shell for the target user apt-get install -y zsh ZSH_PATH="$(which zsh)" if ! grep -q "^${ZSH_PATH}$" /etc/shells; then echo "${ZSH_PATH}" >> /etc/shells fi # Change shell for target user (if possible) if id "${TARGET_USER}" >/dev/null 2>&1; then chsh -s "${ZSH_PATH}" "${TARGET_USER}" || echo "chsh failed for ${TARGET_USER}; you may need to run 'chsh -s ${ZSH_PATH} ${TARGET_USER}' manually" else echo "User ${TARGET_USER} not found; skipping chsh" fi # 4) Install 1Password CLI for access to secrets curl -sS https://downloads.1password.com/linux/keys/1password.asc | \ gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg && \ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/$(dpkg --print-architecture) stable main" | \ tee /etc/apt/sources.list.d/1password.list && \ mkdir -p /etc/debsig/policies/AC2D62742012EA22/ && \ curl -sS https://downloads.1password.com/linux/debian/debsig/1password.pol | \ tee /etc/debsig/policies/AC2D62742012EA22/1password.pol && \ mkdir -p /usr/share/debsig/keyrings/AC2D62742012EA22 && \ curl -sS https://downloads.1password.com/linux/keys/1password.asc | \ gpg --dearmor --output /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg && \ apt update && apt install 1password-cli # Check successful install op --version # 5) Install gnome-keyring secret-tool for securely storing tokens apt install pass gnupg2 echo "Done. Recommended: log out and back in (or reboot) to start using zsh and ensure all services are active."