-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetup.sh
184 lines (141 loc) · 5.66 KB
/
setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
#!/bin/bash
# Author: Joss C
# Contributors:
# Usage ./script.sh [-k <sshkey>] [-u <newUser>]
R='\033[0;31m'
G='\033[0;32m'
Y='\033[1;32m'
B='\033[0;34m'
NO='\033[0m'
while getopts ":k:u:" opt; do
case $opt in
k) sshkey="$OPTARG"
;;
u) newUser="$OPTARG"
;;
\?) echo -e "Invalid option -$OPTARG" >&2
exit 1
;;
esac
case $OPTARG in
-*) echo -e "Option $opt needs a valid argument"
exit 1
;;
esac
done
if [ "$EUID" -ne 0 ]
then echo -e "${R}Please run as root${NO}"
exit
fi
# ---------------------------------------------------------------------------- #
# SCRIPT #
# ---------------------------------------------------------------------------- #
echo -e "${G}-- Starting server preparation${NO}"
sudo apt update
sudo apt-get -y install unzip whois
# ---------------------------------------------------------------------------- #
echo -e "${G}-- UPDATE HISTORY DATE FORMAT${NO}"
echo 'HISTTIMEFORMAT="%F %T "' >> ~/.bashrc
source ~/.bashrc
# ---------------------------------------------------------------------------- #
echo -e "${G}-- Updating root password${NO}"
password=$(openssl rand -base64 12)
echo -e "root:$password" | sudo chpasswd
# ---------------------------------------------------------------------------- #
if [[ "$newUser" != "" ]]; then
echo -e "${G}-- Creating new user${NO}"
newUserPassword=$(openssl rand -base64 12)
sudo useradd -m -p $(openssl passwd -1 $newUserPassword) -s /bin/bash $newUser
sudo usermod -aG sudo $newUser
fi
# ---------------------------------------------------------------------------- #
echo -e "${G}-- Updating SSH Port${NO}"
sudo sed -i 's+#Port 22+Port 4222+g' /etc/ssh/sshd_config
sudo sed -i 's+ListenStream=22+ListenStream=4222+g' /lib/systemd/system/ssh.socket
sudo service ssh restart
# ---------------------------------------------------------------------------- #
if [[ "$sshkey" != "" ]]; then
echo -e "${G}-- Adding SSH Key${NO}"
mkdir ~/.ssh
echo $sshkey >> ~/.ssh/authorized_keys
if [[ "$newUser" != "" ]]; then
echo -e "${G}-- Adding SSH Key to new user${NO}"
sudo mkdir /home/$newUser/.ssh
sudo chown $newUser:$newUser /home/$newUser/.ssh
sudo echo $sshkey >> /home/$newUser/.ssh/authorized_keys
sudo chown $newUser:$newUser /home/$newUser/.ssh/authorized_keys
fi
fi
# ---------------------------------------------------------------------------- #
echo -e "${G}-- Installing Docker and Docker Compose${NO}"
sudo apt-get -y install docker.io docker-compose
sudo systemctl start docker
sudo usermod -aG docker $USER
if [[ "$newUser" != "" ]]; then
sudo usermod -aG docker $newUser
fi
echo -e "-- Restarting Docker service"
sudo service docker restart
sudo /etc/init.d/docker restart
sudo snap restart docker
# ---------------------------------------------------------------------------- #
echo -e "${G}-- Installing new Docker Compose command${NO}"
mkdir -p ~/.docker/cli-plugins/
curl -SL https://github.com/docker/compose/releases/download/v2.3.3/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose
chmod +x ~/.docker/cli-plugins/docker-compose
# ---------------------------------------------------------------------------- #
echo -e "${G}-- Installing NoHang${NO}"
sudo add-apt-repository ppa:oibaf/test -y
sudo apt update -y
sudo apt -y install nohang
sudo systemctl enable --now nohang-desktop.service
# ---------------------------------------------------------------------------- #
echo -e "${G}-- Installing git${NO}"
sudo apt-get -y install git
# ---------------------------------------------------------------------------- #
echo -e "${G}-- Setup firewall${NO}"
sudo apt-get -y install ufw
sudo ufw allow 4222/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw --force enable
# ---------------------------------------------------------------------------- #
echo -e "${G}-- Installing usefull tools${NO}"
sudo apt-get -y install htop
sudo apt-get -y install net-tools
sudo apt-get -y install tree
sudo apt-get -y install curl
sudo apt-get -y install wget
sudo apt-get -y install vim
sudo apt -y install bpytop
# ---------------------------------------------------------------------------- #
echo -e "${G}-- Installing lsd${NO}"
wget https://github.com/lsd-rs/lsd/releases/download/0.23.1/lsd-musl_0.23.1_amd64.deb
sudo dpkg -i lsd-musl_0.23.1_amd64.deb
echo -e "alias ls='lsd'" >> ~/.bashrc
rm ./lsd-musl_*
# ---------------------------------------------------------------------------- #
echo -e "${G}-- Add docker aliases${NO}"
echo -e "alias dps='docker ps --format \"table {{.ID}}\t{{.Names}}\t{{.Status}}\t{{.Ports}}\"'" >> ~/.bashrc
echo -e "alias dpsp='docker ps --format \"{{.Ports}} - {{.Names}} ({{.ID}})\" | grep 0.0.0.0'" >> ~/.bashrc
echo -e "alias dcd='docker-compose down'" >> ~/.bashrc
echo -e "alias dcu='docker-compose up -d'" >> ~/.bashrc
# ---------------------------------------------------------------------------- #
echo -e "${G}-- Installing Fail2Ban for Production server${NO}"
git clone https://github.com/fail2ban/fail2ban.git
cd fail2ban
sudo python3 setup.py install
sudo cp files/debian-initd /etc/init.d/fail2ban
sudo update-rc.d fail2ban defaults
sudo service fail2ban start
cd ..
sudo rm -rf fail2ban
# ---------------------------------------------------------------------------- #
# reboot the system
echo -e "${G}-- Rebooting the system ! See you soon ;-)${NO}"
echo -e "${Y}PLEASE NOTE: ${G}Your new root password is: ${R}$password${NO}"
if [[ "$newUser" != "" ]]; then
echo -e "${Y}PLEASE NOTE: ${G}Your new user is: ${R}$newUser${NO}"
echo -e "${Y}PLEASE NOTE: ${G}Your new user password is: ${R}$newUserPassword${NO}"
fi
sudo reboot now