#!/bin/bash
export DEBIAN_FRONTEND=noninteractive
export LC_ALL=C
export LANG=en_US.UTF-8
export LC_CTYPE=en_US.UTF-8
# Protect the droplet
ufw limit ssh
ufw allow https
ufw allow http
ufw allow mysql
ufw --force enable
#Generate Mysql root password.
root_mysql_pass=$(openssl rand -hex 24)
admin_mysql_pass=$(openssl rand -hex 24)
app_mysql_pass=$(openssl rand -hex 24)
debian_sys_maint_mysql_pass=$(openssl rand -hex 24)
# Save the passwords
cat > /root/.digitalocean_password <<EOM
root_mysql_pass="${root_mysql_pass}"
admin_mysql_pass="${admin_mysql_pass}"
app_mysql_pass="${app_mysql_pass}"
EOM
# Set the password
mysqladmin -u root -h localhost create phpmyadmin
mysqladmin -u root -h localhost password ${root_mysql_pass}
mysql -uroot -p${root_mysql_pass} \
-e "CREATE USER 'admin'@'localhost' IDENTIFIED BY '${admin_mysql_pass}'"
mysql -uroot -p${root_mysql_pass} \
-e "GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' WITH GRANT OPTION"
mysql -uroot -p${root_mysql_pass} \
-e "CREATE USER 'phpmyadminapp'@'localhost' IDENTIFIED BY '${app_mysql_pass}'"
mysql -uroot -p${root_mysql_pass} \
-e "GRANT ALL PRIVILEGES ON phymyadmin.* TO phpmyadminapp@localhost"
mysql -uroot -p${root_mysql_pass} \
-e "ALTER USER 'debian-sys-maint'@'localhost' IDENTIFIED BY '${debian_sys_maint_mysql_pass}'"
cat >> /etc/mysql/mysql.conf.d/mysqld.cnf <<EOM
bind-address = 0.0.0.0
EOM
MYSQL_ROOT_PASSWORD=${root_mysql_pass}
SECURE_MYSQL=$(expect -c "
set timeout 10
spawn mysql_secure_installation
expect \"Enter current password for root (enter for none):\"
send \"$MYSQL_ROOT_PASSWORD\r\"
expect \"Change the root password?\"
send \"n\r\"
expect \"Remove anonymous users?\"
send \"y\r\"
expect \"Disallow root login remotely?\"
send \"y\r\"
expect \"Remove test database and access to it?\"
send \"y\r\"
expect \"Reload privilege tables now?\"
send \"y\r\"
expect eof
")
cat > /etc/mysql/debian.cnf <<EOM
# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host = localhost
user = debian-sys-maint
password = ${debian_sys_maint_mysql_pass}
socket = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host = localhost
user = debian-sys-maint
password = ${debian_sys_maint_mysql_pass}
socket = /var/run/mysqld/mysqld.sock
EOM
systemctl restart mysql
# reconfigure phpMyAdmin
printf "%s\t%s\t%s\t%s\n" \
phpmyadmin phpmyadmin/db/app-user string phpmyadminapp \
| debconf-set-selections
printf "%s\t%s\t%s\t%s\n" \
phpmyadmin phpmyadmin/mysql/admin-user string admin \
| debconf-set-selections
printf "%s\t%s\t%s\t%s\n" \
phpmyadmin phpmyadmin/mysql/admin-user string admin \
| debconf-set-selections
printf "%s\t%s\t%s\t%s\n" \
phpmyadmin phpmyadmin/mysql/app-pass password "${app_mysql_pass}" \
| debconf-set-selections
printf "%s\t%s\t%s\t%s\n" \
phpmyadmin phpmyadmin/mysql/admin-pass password "${admin_mysql_pass}" \
| debconf-set-selections
printf "%s\t%s\t%s\t%s\n" \
phpmyadmin phpmyadmin/reconfigure-webserver string apache2 \
| debconf-set-selections
printf "%s\t%s\t%s\t%s\n" \
phpmyadmin phpmyadmin/dbconfig-reinstall boolean true \
| debconf-set-selections
dpkg-reconfigure --force phpmyadmin
ln -sf /etc/phpmyadmin/apache.conf /etc/apache2/conf-enabled/phpmyadmin.conf
systemctl restart apache2