This repository contains PowerShell and Bash scripts used to:
- 🔧 Install and configure applications
- 🔐 Apply security hardening
- ⚙️ Standardise infrastructure setup
- 🚀 Automate deployment prerequisites
- 🟦 TeamCity
- 🐙 Octopus Deploy
- 🔍 Splunk
- 📊 Elastic Stack
- ☁️ General infrastructure (Linux & Windows)
.
├── .buildkite/ # CI pipelines
├── scripts/
│ ├── powershell/ # Windows automation & hardening
│ ├── bash/ # Linux automation & hardening
│ └── shared/ # Reusable helpers
├── AGENTS.md # CodeRabbit review guidance
├── .coderabbit.yaml # CodeRabbit configuration
├── .mergify.yml # Merge automation rules
└── README.md
| Tool | Purpose |
|---|---|
| 🟢 Buildkite | Pipeline execution & orchestration |
| 🔐 GitGuardian | Secret scanning & detection |
| 🤖 CodeRabbit | AI-assisted code reviews |
| 🔀 Mergify | Automated PR merging & rules |
This repo follows strict security-first practices:
- ❌ No hardcoded secrets
- 🔑 Secrets managed externally (Vault / CI variables)
- 🔒 TLS enforced wherever possible
- 📦 Downloads verified (checksum/signature where applicable)
- 🧱 Least privilege execution
Set-StrictMode -Version Latest$ErrorActionPreference = "Stop"- Idempotent design
- Safe registry + service changes
set -euo pipefail- Quoted variables
- Minimal assumptions on distro
- Safe package installs
-
These scripts may modify system-level configuration
-
Always test in non-production environments first
-
Some scripts may require:
- 🛡️ Administrator (Windows)
- 🔐 Root / sudo (Linux)
All PRs are automatically reviewed for:
- 🔐 Security issues
- ⚙️ Operational risks
- 🔁 Idempotency
- 📉 Reliability concerns
See AGENTS.md for full review policy.
- Create feature branch
- Open PR
- ✅ Buildkite runs
- 🔐 GitGuardian scans
- 🤖 CodeRabbit reviews
- 👀 Manual approval
- 🚀 Mergify auto-merges
Example:
.\scripts\powershell\harden-teamcity.ps1chmod +x ./scripts/bash/harden-elastic.sh
./scripts/bash/harden-elastic.sh- Add checksum validation to all downloads
- Add SBOM generation
- Add OPA policy checks
- Expand platform coverage
- Follow security-first approach
- Keep scripts idempotent
- Document breaking changes
- Avoid introducing interactive steps
MIT License (or update as appropriate)
Built for 🔐 secure, ⚙️ repeatable, and 🚀 production-ready infrastructure