first

2025-04-03 18:09:03 +07:00 · 2025-03-16 00:45:13 +07:00 · 2025-03-16 00:45:13 +07:00 · fb5e15b6e2
commit fb5e15b6e2
4 changed files with 256 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,22 @@
+# Ignore Terraform files
+.terraform/
+terraform.tfstate
+terraform.tfstate.backup
+
+# Ignore sensitive files
+*.tfvars
+*.tfstate.*
+
+# Ignore SSH and credentials
+id_rsa*
+*.pem
+
+# Ignore setup script artifacts
+/tmp/setup.sh
+/home/gabriel/.password.txt
+
+# Ignore log files
+*.log
+*.swp
+
+*.hcl
--- a/README.md
+++ b/README.md
@ -0,0 +1,92 @@
+# Remote Desktop Setup on DigitalOcean
+
+## Overview
+This project automates the deployment of a remote desktop environment on a DigitalOcean droplet using Terraform. It configures a Ubuntu 20.04 server with XFCE4, X2Go server for remote access, and a preconfigured user account.
+
+## Features
+- Deploys a DigitalOcean droplet in the `sgp1` region.
+- Sets up a secure root password and a random password for the user `gabriel`.
+- Installs XFCE4 as the desktop environment.
+- Installs and configures X2Go for remote desktop access.
+- Installs Chromium browser.
+- Automatically provisions a 2GB swap file.
+
+## Prerequisites
+- [Terraform](https://developer.hashicorp.com/terraform/downloads) installed on your local machine.
+- A [DigitalOcean account](https://www.digitalocean.com/) with an API token.
+- SSH access to the deployed droplet.
+
+## Deployment Steps
+
+### 1. Configure Terraform
+Edit `deploy.tf` and insert your DigitalOcean API token:
+```hcl
+provider "digitalocean" {
+  token = "your_digitalocean_api_token"
+}
+```
+
+### 2. Initialize Terraform
+Run the following command to initialize Terraform and download the required providers:
+```sh
+terraform init
+```
+
+### 3. Apply the Configuration
+To deploy the droplet, execute:
+```sh
+terraform apply -auto-approve
+```
+Terraform will:
+- Create a DigitalOcean droplet.
+- Generate secure passwords for root and `gabriel`.
+- Run `setup.sh` to configure the system.
+
+### 4. Retrieve Access Credentials
+After the deployment, retrieve the droplet IP and passwords:
+```sh
+terraform output
+```
+Expected output:
+```
+droplet_ip = "xxx.xxx.xxx.xxx"
+root_password = (sensitive value)
+gabriel_password = (sensitive value)
+```
+
+### 5. Connect to the Droplet
+#### Using SSH:
+```sh
+ssh root@<droplet_ip>
+```
+Use the root password retrieved from Terraform.
+
+#### Using X2Go:
+1. Download and install [X2Go Client](https://wiki.x2go.org/doku.php).
+2. Set up a new session with:
+   - Host: `<droplet_ip>`
+   - Login: `gabriel`
+   - Session Type: `XFCE`
+3. Use the password retrieved from Terraform.
+4. Connect to the remote desktop environment.
+
+## Cleanup
+To destroy the droplet and clean up resources, run:
+```sh
+terraform destroy -auto-approve
+```
+
+## Security Considerations
+- The generated passwords are sensitive and should be handled securely.
+- Remove the stored password file (`/home/gabriel/.password.txt`) after first login.
+- Consider setting up SSH keys for better security.
+
+## Troubleshooting
+- Ensure the droplet is running: `terraform show`
+- Check X2Go server logs: `sudo systemctl status x2goserver`
+- Verify SSH authentication is enabled: `cat /etc/ssh/sshd_config | grep PasswordAuthentication`
+
+## License
+This project is open-source and can be modified as needed.
+
+
--- a/deploy.tf
+++ b/deploy.tf
@ -0,0 +1,77 @@
+terraform {
+  required_providers {
+    digitalocean = {
+      source  = "digitalocean/digitalocean"
+      version = "~> 2.0"
+    }
+  }
+}
+
+provider "digitalocean" {
+  token = ""  # Insert manually
+}
+
+# Generate a random root password
+resource "random_password" "root_password" {
+  length  = 16
+  special = false
+}
+
+# Generate a random password for Gabriel
+resource "random_password" "gabriel_password" {
+  length  = 8
+  special = false
+}
+
+resource "digitalocean_droplet" "example" {
+  name   = "rdp-ticket"
+  region = "sgp1"
+  size   = "s-1vcpu-1gb"
+  image  = "ubuntu-20-04-x64"
+
+  # Cloud-Init to enable password SSH authentication
+  user_data = <<-EOF
+    #cloud-config
+    password: ${random_password.root_password.result}
+    chpasswd: { expire: False }
+    ssh_pwauth: True
+    EOF
+
+  # Connection details
+  connection {
+    type     = "ssh"
+    user     = "root"
+    password = random_password.root_password.result
+    host     = self.ipv4_address
+  }
+
+  # Upload setup script
+  provisioner "file" {
+    source      = "setup.sh"
+    destination = "/tmp/setup.sh"
+  }
+
+  # Execute setup script with Gabriel's random password
+  provisioner "remote-exec" {
+    inline = [
+      "set -x", # Print each command for debugging
+      "chmod +x /tmp/setup.sh",
+      "sudo /tmp/setup.sh ${random_password.gabriel_password.result}"
+    ]
+  }
+}
+
+# Output droplet IP and sensitive passwords
+output "droplet_ip" {
+  value = digitalocean_droplet.example.ipv4_address
+}
+
+output "root_password" {
+  value     = random_password.root_password.result
+  sensitive = true
+}
+
+output "gabriel_password" {
+  value     = random_password.gabriel_password.result
+  sensitive = true
+}
--- a/setup.sh
+++ b/setup.sh
@ -0,0 +1,65 @@
+#!/bin/bash
+
+# Prevent interactive prompts
+export DEBIAN_FRONTEND=noninteractive
+
+# Prevent kernel restart prompt
+echo '* libraries/restart-without-asking boolean true' | sudo debconf-set-selections
+
+# Get Gabriel's password from Terraform argument
+GABRIEL_PASSWORD=$1
+
+# Create a 2GB swap file
+if [ ! -f /swapfile ]; then
+    echo "Creating swap file..."
+    sudo fallocate -l 2G /swapfile
+    sudo chmod 600 /swapfile
+    sudo mkswap /swapfile
+    sudo swapon /swapfile
+    echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
+else
+    echo "Swap file already exists, skipping..."
+fi
+
+# Create a new user 'gabriel' with the generated password
+if id "gabriel" &>/dev/null; then
+    echo "User 'gabriel' already exists, skipping..."
+else
+    echo "Creating user 'gabriel'..."
+    sudo useradd -m -s /bin/bash gabriel
+    echo "gabriel:$GABRIEL_PASSWORD" | sudo chpasswd
+    sudo usermod -aG ssl-cert gabriel
+fi
+
+# Update system & keep local SSH config
+echo "Updating and upgrading system..."
+sudo apt update -y
+sudo apt-get -o Dpkg::Options::="--force-confold" --assume-yes upgrade
+
+# Install XFCE4 (No Display Manager Needed)
+echo "Installing XFCE4..."
+sudo apt install -y xfce4 xfce4-goodies --no-install-recommends
+
+# Install X2Go Server
+echo "Installing X2Go Server..."
+sudo apt install -y x2goserver x2goserver-xsession
+
+# Install Chromium browser
+echo "Installing Chromium..."
+sudo apt install -y chromium-browser
+
+# Set XFCE4 as the default session for X2Go
+echo "xfce4-session" | sudo tee /home/gabriel/.xsession
+sudo chown gabriel:gabriel /home/gabriel/.xsession
+
+# Restart X2Go server
+echo "Restarting X2Go Server..."
+sudo systemctl restart x2goserver
+
+# Store the password securely for reference
+PASSWORD_FILE="/home/gabriel/.password.txt"
+echo "$GABRIEL_PASSWORD" | sudo tee "$PASSWORD_FILE"
+sudo chown gabriel:gabriel "$PASSWORD_FILE"
+sudo chmod 600 "$PASSWORD_FILE"
+
+echo "Setup completed successfully! Gabriel's password is stored securely."