-
Notifications
You must be signed in to change notification settings - Fork 19
/
post-install.sh
158 lines (117 loc) · 4.52 KB
/
post-install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
#!/bin/bash
# Goal: Script which automatically sets up a new Ubuntu Machine after installation
# This is a basic install, easily configurable to your needs
# Test to see if user is running with root privileges.
if [[ "${UID}" -ne 0 ]]
then
echo 'Must execute with sudo or root' >&2
exit 1
fi
# Ensure system is up to date
sudo apt-get update -y
# Upgrade the system
sudo apt-get upgrade -y
# Install OpenSSH
sudo apt-get install openssh-server -y
# Enable Firewall
sudo ufw enable
# configure the firewall
sudo ufw allow OpenSSH
# Disabling root login
echo "PermitRootLogin no" >> /etc/ssh/sshd_config
echo "PermitEmptyPasswords no" /etc/ssh/sshd_config
# Message of the day
sudo wget https://raw.githubusercontent.com/jwandrews99/Linux-Automation/master/misc/motd.sh
sudo mv motd.sh /etc/update-motd.d/05-info
sudo chmod +x /etc/update-motd.d/05-info
# Automatic downloads of security updates
sudo apt-get install -y unattended-upgrades
echo "Unattended-Upgrade::Allowed-Origins {
# "${distro_id}:${distro_codename}-security";
#// "${distro_id}:${distro_codename}-updates";
#// "${distro_id}:${distro_codename}-proposed";
#// "${distro_id}:${distro_codename}-backports";
#Unattended-Upgrade::Automatic-Reboot "true";
#}; " >> /etc/apt/apt.conf.d/50unattended-upgrades
# Fail2Ban install
sudo apt-get install -y fail2ban
sudo systemctl start fail2ban
sudo systemctl enable fail2ban
echo "
[sshd]
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
maxretry = 4
" >> /etc/fail2ban/jail.local
# SpeedTest Install
sudo apt-get install speedtest-cli -y
# SFTP Server / FTP server that runs over ssh
echo "
Match group sftp
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
" >> /etc/ssh/sshd_config
sudo service ssh restart
# Docker option install
echo "
######################################################################################################
Do you want to install docker? If so type y / If you dont want to install enter n
######################################################################################################
"
read $docker
if [[ $docker -eq "y" ]] || [[ $docker -eq "yes" ]]; then
sudo apt install apt-transport-https ca-certificates curl software-properties-common -y
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable"
sudo apt-get update -y
apt-cache policy docker-ce
sudo apt install docker-ce -y
sudo apt-get install docker-compose -y
echo "
Installing Portainer on port 9000
"
sudo docker volume create portainer_data
sudo docker run -d -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer
echo "
#####################################################################################################
Congrats Docker has been installed
######################################################################################################
"
docker -v
else
echo "Docker was not installed"
fi
# Wireguard install
echo "
######################################################################################################
Would you like to install a wireguard VPN Server? If so enter y / If you dont want to install enter n
######################################################################################################
"
read $vpn
if [[ $vpn -eq "y" ]] || [ $vpn -eq "yes" ]] ; then
wget https://raw.githubusercontent.com/l-n-s/wireguard-install/master/wireguard-install.sh -O wireguard-install.sh
bash wireguard-install.sh
elif [[ $vpn -eq "n" ]] || [ $vpn -eq "no" ]] ; then
echo "Wireguard wasnt installed"
else
echo "Error Install Aborted!"
exit 1
fi
# Cleanup
sudo apt autoremove
sudo apt clean
echo "
######################################################################################################
A few tid bits
In order to use SpeedTest - Just use "speedtest" in the cli
Reboot your server to fully configure the vpn service
When using the VPN service on a device simply use the config file in you home directory.
To create a new config enter bash wireguard-install.sh in the cli and choose a new name
If you installed Docker a portainer management image is running on ip:9000
######################################################################################################
"
exit 0