This commit is contained in:
Gabriel Kheisa 2025-03-16 00:45:13 +07:00
commit fb5e15b6e2
4 changed files with 256 additions and 0 deletions

22
.gitignore vendored Normal file
View File

@ -0,0 +1,22 @@
# Ignore Terraform files
.terraform/
terraform.tfstate
terraform.tfstate.backup
# Ignore sensitive files
*.tfvars
*.tfstate.*
# Ignore SSH and credentials
id_rsa*
*.pem
# Ignore setup script artifacts
/tmp/setup.sh
/home/gabriel/.password.txt
# Ignore log files
*.log
*.swp
*.hcl

92
README.md Normal file
View File

@ -0,0 +1,92 @@
# Remote Desktop Setup on DigitalOcean
## Overview
This project automates the deployment of a remote desktop environment on a DigitalOcean droplet using Terraform. It configures a Ubuntu 20.04 server with XFCE4, X2Go server for remote access, and a preconfigured user account.
## Features
- Deploys a DigitalOcean droplet in the `sgp1` region.
- Sets up a secure root password and a random password for the user `gabriel`.
- Installs XFCE4 as the desktop environment.
- Installs and configures X2Go for remote desktop access.
- Installs Chromium browser.
- Automatically provisions a 2GB swap file.
## Prerequisites
- [Terraform](https://developer.hashicorp.com/terraform/downloads) installed on your local machine.
- A [DigitalOcean account](https://www.digitalocean.com/) with an API token.
- SSH access to the deployed droplet.
## Deployment Steps
### 1. Configure Terraform
Edit `deploy.tf` and insert your DigitalOcean API token:
```hcl
provider "digitalocean" {
token = "your_digitalocean_api_token"
}
```
### 2. Initialize Terraform
Run the following command to initialize Terraform and download the required providers:
```sh
terraform init
```
### 3. Apply the Configuration
To deploy the droplet, execute:
```sh
terraform apply -auto-approve
```
Terraform will:
- Create a DigitalOcean droplet.
- Generate secure passwords for root and `gabriel`.
- Run `setup.sh` to configure the system.
### 4. Retrieve Access Credentials
After the deployment, retrieve the droplet IP and passwords:
```sh
terraform output
```
Expected output:
```
droplet_ip = "xxx.xxx.xxx.xxx"
root_password = (sensitive value)
gabriel_password = (sensitive value)
```
### 5. Connect to the Droplet
#### Using SSH:
```sh
ssh root@<droplet_ip>
```
Use the root password retrieved from Terraform.
#### Using X2Go:
1. Download and install [X2Go Client](https://wiki.x2go.org/doku.php).
2. Set up a new session with:
- Host: `<droplet_ip>`
- Login: `gabriel`
- Session Type: `XFCE`
3. Use the password retrieved from Terraform.
4. Connect to the remote desktop environment.
## Cleanup
To destroy the droplet and clean up resources, run:
```sh
terraform destroy -auto-approve
```
## Security Considerations
- The generated passwords are sensitive and should be handled securely.
- Remove the stored password file (`/home/gabriel/.password.txt`) after first login.
- Consider setting up SSH keys for better security.
## Troubleshooting
- Ensure the droplet is running: `terraform show`
- Check X2Go server logs: `sudo systemctl status x2goserver`
- Verify SSH authentication is enabled: `cat /etc/ssh/sshd_config | grep PasswordAuthentication`
## License
This project is open-source and can be modified as needed.

77
deploy.tf Normal file
View File

@ -0,0 +1,77 @@
terraform {
required_providers {
digitalocean = {
source = "digitalocean/digitalocean"
version = "~> 2.0"
}
}
}
provider "digitalocean" {
token = "" # Insert manually
}
# Generate a random root password
resource "random_password" "root_password" {
length = 16
special = false
}
# Generate a random password for Gabriel
resource "random_password" "gabriel_password" {
length = 8
special = false
}
resource "digitalocean_droplet" "example" {
name = "rdp-ticket"
region = "sgp1"
size = "s-1vcpu-1gb"
image = "ubuntu-20-04-x64"
# Cloud-Init to enable password SSH authentication
user_data = <<-EOF
#cloud-config
password: ${random_password.root_password.result}
chpasswd: { expire: False }
ssh_pwauth: True
EOF
# Connection details
connection {
type = "ssh"
user = "root"
password = random_password.root_password.result
host = self.ipv4_address
}
# Upload setup script
provisioner "file" {
source = "setup.sh"
destination = "/tmp/setup.sh"
}
# Execute setup script with Gabriel's random password
provisioner "remote-exec" {
inline = [
"set -x", # Print each command for debugging
"chmod +x /tmp/setup.sh",
"sudo /tmp/setup.sh ${random_password.gabriel_password.result}"
]
}
}
# Output droplet IP and sensitive passwords
output "droplet_ip" {
value = digitalocean_droplet.example.ipv4_address
}
output "root_password" {
value = random_password.root_password.result
sensitive = true
}
output "gabriel_password" {
value = random_password.gabriel_password.result
sensitive = true
}

65
setup.sh Normal file
View File

@ -0,0 +1,65 @@
#!/bin/bash
# Prevent interactive prompts
export DEBIAN_FRONTEND=noninteractive
# Prevent kernel restart prompt
echo '* libraries/restart-without-asking boolean true' | sudo debconf-set-selections
# Get Gabriel's password from Terraform argument
GABRIEL_PASSWORD=$1
# Create a 2GB swap file
if [ ! -f /swapfile ]; then
echo "Creating swap file..."
sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
else
echo "Swap file already exists, skipping..."
fi
# Create a new user 'gabriel' with the generated password
if id "gabriel" &>/dev/null; then
echo "User 'gabriel' already exists, skipping..."
else
echo "Creating user 'gabriel'..."
sudo useradd -m -s /bin/bash gabriel
echo "gabriel:$GABRIEL_PASSWORD" | sudo chpasswd
sudo usermod -aG ssl-cert gabriel
fi
# Update system & keep local SSH config
echo "Updating and upgrading system..."
sudo apt update -y
sudo apt-get -o Dpkg::Options::="--force-confold" --assume-yes upgrade
# Install XFCE4 (No Display Manager Needed)
echo "Installing XFCE4..."
sudo apt install -y xfce4 xfce4-goodies --no-install-recommends
# Install X2Go Server
echo "Installing X2Go Server..."
sudo apt install -y x2goserver x2goserver-xsession
# Install Chromium browser
echo "Installing Chromium..."
sudo apt install -y chromium-browser
# Set XFCE4 as the default session for X2Go
echo "xfce4-session" | sudo tee /home/gabriel/.xsession
sudo chown gabriel:gabriel /home/gabriel/.xsession
# Restart X2Go server
echo "Restarting X2Go Server..."
sudo systemctl restart x2goserver
# Store the password securely for reference
PASSWORD_FILE="/home/gabriel/.password.txt"
echo "$GABRIEL_PASSWORD" | sudo tee "$PASSWORD_FILE"
sudo chown gabriel:gabriel "$PASSWORD_FILE"
sudo chmod 600 "$PASSWORD_FILE"
echo "Setup completed successfully! Gabriel's password is stored securely."