Automating Server Provisioning with Shell Scripts

Automating Server Provisioning with Shell Scripts

Shell scripts remain one of the fastest ways to automate Breeze provisioning. They require no external tools and run natively on any Linux server, making them ideal for straightforward setup tasks.

A Complete Provisioning Script

#!/bin/bash
set -euo pipefail

echo "=== Breeze Provisioning Script ==="

# Update system
apt-get update && apt-get upgrade -y

# Install essential packages
apt-get install -y \
  curl wget vim git \
  ufw fail2ban \
  unattended-upgrades

# Create deploy user
useradd -m -s /bin/bash -G sudo deploy
mkdir -p /home/deploy/.ssh
chmod 700 /home/deploy/.ssh
chown -R deploy:deploy /home/deploy/.ssh

# Harden SSH
cat > /etc/ssh/sshd_config.d/hardening.conf <<EOF
PermitRootLogin no
PasswordAuthentication no
MaxAuthTries 3
ClientAliveInterval 300
EOF
systemctl restart sshd

# Configure firewall
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw --force enable

# Enable automatic security updates
dpkg-reconfigure -f noninteractive unattended-upgrades

echo "=== Provisioning complete ==="

Running the Script

chmod +x provision.sh
sudo ./provision.sh 2>&1 | tee /var/log/provision.log

Best Practices

• Always use set -euo pipefail to catch errors early
• Log output with tee for troubleshooting
• Make scripts idempotent so re-running them is safe
• Store scripts in Git and version them alongside your infrastructure