From fb5e15b6e2d5000e3c9c1eac3e8363c88d203662 Mon Sep 17 00:00:00 2001 From: gabrielkheisa Date: Sun, 16 Mar 2025 00:45:13 +0700 Subject: [PATCH] first --- .gitignore | 22 +++++++++++++ README.md | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ deploy.tf | 77 +++++++++++++++++++++++++++++++++++++++++++++ setup.sh | 65 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 256 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 deploy.tf create mode 100644 setup.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..46b6c3c --- /dev/null +++ b/.gitignore @@ -0,0 +1,22 @@ +# Ignore Terraform files +.terraform/ +terraform.tfstate +terraform.tfstate.backup + +# Ignore sensitive files +*.tfvars +*.tfstate.* + +# Ignore SSH and credentials +id_rsa* +*.pem + +# Ignore setup script artifacts +/tmp/setup.sh +/home/gabriel/.password.txt + +# Ignore log files +*.log +*.swp + +*.hcl diff --git a/README.md b/README.md new file mode 100644 index 0000000..7bbaaf6 --- /dev/null +++ b/README.md @@ -0,0 +1,92 @@ +# Remote Desktop Setup on DigitalOcean + +## Overview +This project automates the deployment of a remote desktop environment on a DigitalOcean droplet using Terraform. It configures a Ubuntu 20.04 server with XFCE4, X2Go server for remote access, and a preconfigured user account. + +## Features +- Deploys a DigitalOcean droplet in the `sgp1` region. +- Sets up a secure root password and a random password for the user `gabriel`. +- Installs XFCE4 as the desktop environment. +- Installs and configures X2Go for remote desktop access. +- Installs Chromium browser. +- Automatically provisions a 2GB swap file. + +## Prerequisites +- [Terraform](https://developer.hashicorp.com/terraform/downloads) installed on your local machine. +- A [DigitalOcean account](https://www.digitalocean.com/) with an API token. +- SSH access to the deployed droplet. + +## Deployment Steps + +### 1. Configure Terraform +Edit `deploy.tf` and insert your DigitalOcean API token: +```hcl +provider "digitalocean" { + token = "your_digitalocean_api_token" +} +``` + +### 2. Initialize Terraform +Run the following command to initialize Terraform and download the required providers: +```sh +terraform init +``` + +### 3. Apply the Configuration +To deploy the droplet, execute: +```sh +terraform apply -auto-approve +``` +Terraform will: +- Create a DigitalOcean droplet. +- Generate secure passwords for root and `gabriel`. +- Run `setup.sh` to configure the system. + +### 4. Retrieve Access Credentials +After the deployment, retrieve the droplet IP and passwords: +```sh +terraform output +``` +Expected output: +``` +droplet_ip = "xxx.xxx.xxx.xxx" +root_password = (sensitive value) +gabriel_password = (sensitive value) +``` + +### 5. Connect to the Droplet +#### Using SSH: +```sh +ssh root@ +``` +Use the root password retrieved from Terraform. + +#### Using X2Go: +1. Download and install [X2Go Client](https://wiki.x2go.org/doku.php). +2. Set up a new session with: + - Host: `` + - Login: `gabriel` + - Session Type: `XFCE` +3. Use the password retrieved from Terraform. +4. Connect to the remote desktop environment. + +## Cleanup +To destroy the droplet and clean up resources, run: +```sh +terraform destroy -auto-approve +``` + +## Security Considerations +- The generated passwords are sensitive and should be handled securely. +- Remove the stored password file (`/home/gabriel/.password.txt`) after first login. +- Consider setting up SSH keys for better security. + +## Troubleshooting +- Ensure the droplet is running: `terraform show` +- Check X2Go server logs: `sudo systemctl status x2goserver` +- Verify SSH authentication is enabled: `cat /etc/ssh/sshd_config | grep PasswordAuthentication` + +## License +This project is open-source and can be modified as needed. + + diff --git a/deploy.tf b/deploy.tf new file mode 100644 index 0000000..502ee1d --- /dev/null +++ b/deploy.tf @@ -0,0 +1,77 @@ +terraform { + required_providers { + digitalocean = { + source = "digitalocean/digitalocean" + version = "~> 2.0" + } + } +} + +provider "digitalocean" { + token = "" # Insert manually +} + +# Generate a random root password +resource "random_password" "root_password" { + length = 16 + special = false +} + +# Generate a random password for Gabriel +resource "random_password" "gabriel_password" { + length = 8 + special = false +} + +resource "digitalocean_droplet" "example" { + name = "rdp-ticket" + region = "sgp1" + size = "s-1vcpu-1gb" + image = "ubuntu-20-04-x64" + + # Cloud-Init to enable password SSH authentication + user_data = <<-EOF + #cloud-config + password: ${random_password.root_password.result} + chpasswd: { expire: False } + ssh_pwauth: True + EOF + + # Connection details + connection { + type = "ssh" + user = "root" + password = random_password.root_password.result + host = self.ipv4_address + } + + # Upload setup script + provisioner "file" { + source = "setup.sh" + destination = "/tmp/setup.sh" + } + + # Execute setup script with Gabriel's random password + provisioner "remote-exec" { + inline = [ + "set -x", # Print each command for debugging + "chmod +x /tmp/setup.sh", + "sudo /tmp/setup.sh ${random_password.gabriel_password.result}" + ] + } +} + +# Output droplet IP and sensitive passwords +output "droplet_ip" { + value = digitalocean_droplet.example.ipv4_address +} + +output "root_password" { + value = random_password.root_password.result + sensitive = true +} + +output "gabriel_password" { + value = random_password.gabriel_password.result + sensitive = true +} diff --git a/setup.sh b/setup.sh new file mode 100644 index 0000000..bff4f32 --- /dev/null +++ b/setup.sh @@ -0,0 +1,65 @@ +#!/bin/bash + +# Prevent interactive prompts +export DEBIAN_FRONTEND=noninteractive + +# Prevent kernel restart prompt +echo '* libraries/restart-without-asking boolean true' | sudo debconf-set-selections + +# Get Gabriel's password from Terraform argument +GABRIEL_PASSWORD=$1 + +# Create a 2GB swap file +if [ ! -f /swapfile ]; then + echo "Creating swap file..." + sudo fallocate -l 2G /swapfile + sudo chmod 600 /swapfile + sudo mkswap /swapfile + sudo swapon /swapfile + echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab +else + echo "Swap file already exists, skipping..." +fi + +# Create a new user 'gabriel' with the generated password +if id "gabriel" &>/dev/null; then + echo "User 'gabriel' already exists, skipping..." +else + echo "Creating user 'gabriel'..." + sudo useradd -m -s /bin/bash gabriel + echo "gabriel:$GABRIEL_PASSWORD" | sudo chpasswd + sudo usermod -aG ssl-cert gabriel +fi + +# Update system & keep local SSH config +echo "Updating and upgrading system..." +sudo apt update -y +sudo apt-get -o Dpkg::Options::="--force-confold" --assume-yes upgrade + +# Install XFCE4 (No Display Manager Needed) +echo "Installing XFCE4..." +sudo apt install -y xfce4 xfce4-goodies --no-install-recommends + +# Install X2Go Server +echo "Installing X2Go Server..." +sudo apt install -y x2goserver x2goserver-xsession + +# Install Chromium browser +echo "Installing Chromium..." +sudo apt install -y chromium-browser + +# Set XFCE4 as the default session for X2Go +echo "xfce4-session" | sudo tee /home/gabriel/.xsession +sudo chown gabriel:gabriel /home/gabriel/.xsession + +# Restart X2Go server +echo "Restarting X2Go Server..." +sudo systemctl restart x2goserver + +# Store the password securely for reference +PASSWORD_FILE="/home/gabriel/.password.txt" +echo "$GABRIEL_PASSWORD" | sudo tee "$PASSWORD_FILE" +sudo chown gabriel:gabriel "$PASSWORD_FILE" +sudo chmod 600 "$PASSWORD_FILE" + +echo "Setup completed successfully! Gabriel's password is stored securely."