Madh93 · December 21, 2022 13:37
diff --git a/DigitalOcean_Scripts.md b/DigitalOcean_Scripts.md
diff --git a/initial_setup.sh b/initial_setup.sh
 #! /bin/bash

 if [[ $EUID -ne 0 ]]; then
  echo "This script must be run as root" 2>&1
  exit 1
 fi

 MY_USER=migue

 # Create user
 adduser $MY_USER
 gpasswd -a $MY_USER sudo

 # Edit SSH configuration
 cp -r /root/.ssh /home/$MY_USER
 chown -R $MY_USER:$MY_USER /home/$MY_USER/.ssh
 sed -i 's/PermitRootLogin/PermitRootLogin no#/g' /etc/ssh/sshd_config
 sed -i 's/PasswordAuthentication/PasswordAuthentication no#/g' /etc/ssh/sshd_config
 sed -i 's/X11Forwarding/X11Forwarding no#/g' /etc/ssh/sshd_config
 sed -i 's/LoginGraceTime/LoginGraceTime 30#/g' /etc/ssh/sshd_config
 echo "#" >> /etc/ssh/sshd_config
 echo 'ClientAliveInterval 120' >> /etc/ssh/sshd_config
 echo 'ClientAliveCountMax 2' >> /etc/ssh/sshd_config
 echo 'MaxStartUps 3' >> /etc/ssh/sshd_config
 echo 'AllowTcpForwarding no' >> /etc/ssh/sshd_config
 systemctl restart ssh

 # Set Time Zone
 timedatectl set-timezone 'Atlantic/Canary'
 systemctl restart rsyslog

 # Update packages
 apt update && apt upgrade -y && apt-get autoremove -y

 # Install useful packages
 apt install -y fail2ban htop curl
diff --git a/install_docker.sh b/install_docker.sh
 #! /bin/bash

 if [[ $EUID -ne 0 ]]; then
  echo "This script must be run as root" 2>&1
  exit 1
 fi

 MY_USER=migue

 # Installing dependencies and add docker repository
 apt update
 apt install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common

 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

 echo "deb [arch=amd64] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list

 ##Installing Docker
 apt update && apt install -y docker-ce docker-ce-cli containerd.io

 ## After installing Docker
 usermod -aG docker $MY_USER
 systemctl enable docker
diff --git a/install_nextcloud.sh b/install_nextcloud.sh
 #! /bin/bash

 # TODO
 # - Add external storage (through web right now)

 MY_ADMIN_USER='admin_user'
 MY_ADMIN_PASSWORD='admin_password'
 MY_USER='my_user'
 MY_DOMAIN='my_domain'

 # Install Nextcloud 13
 sudo snap install nextcloud --channel=13/edge

 # Initial setup configuration
 sudo snap set nextcloud php.memory-limit=512M
 sudo nextcloud.manual-install $MY_ADMIN_USER $MY_ADMIN_PASSWORD

 # Extra configuration settings
 sudo nextcloud.occ config:system:set auth.bruteforce.protection.enabled --value=true
 sudo nextcloud.occ config:system:set trusted_domains 0 --value=$MY_DOMAIN
 sudo nextcloud.enable-https lets-encrypt

 # Install extra apps
 sudo nextcloud.occ app:install apporder
 sudo nextcloud.occ app:install bookmarks
 sudo nextcloud.occ app:install bruteforcesettings
 sudo nextcloud.occ app:install calendar
 sudo nextcloud.occ app:install contacts
 sudo nextcloud.occ app:install deck
 sudo nextcloud.occ app:install files_markdown
 sudo nextcloud.occ app:install music
 sudo nextcloud.occ app:install tasks
 sudo nextcloud.occ app:install twofactor_totp
 sudo nextcloud.occ app:install twofactor_u2f
 sudo nextcloud.occ app:install unsplash

 # Enable extra apps
 sudo nextcloud.occ app:enable files_external
 sudo nextcloud.occ app:enable files_pdfviewer
 sudo nextcloud.occ app:enable admin_audit
 sudo nextcloud.occ app:enable encryption
 sudo nextcloud.occ app:enable apporder
 sudo nextcloud.occ app:enable bookmarks
 sudo nextcloud.occ app:enable bruteforcesettings
 sudo nextcloud.occ app:enable calendar
 sudo nextcloud.occ app:enable contacts
 sudo nextcloud.occ app:enable deck
 sudo nextcloud.occ app:enable files_markdown
 sudo nextcloud.occ app:enable music
 sudo nextcloud.occ app:enable tasks
 sudo nextcloud.occ app:enable twofactor_totp
 sudo nextcloud.occ app:enable twofactor_u2f
 sudo nextcloud.occ app:enable unsplash

 # Enable server encryption
 sudo nextcloud.occ encryption:enable

 # Create users (customize disk quota through web)
 sudo nextcloud.occ user:add --group="users" $MY_USER
diff --git a/install_vpn.sh b/install_vpn.sh
 #! /bin/bash

 # Requirements: Docker
 # Info: https://github.com/kylemanna/docker-openvpn

 MY_NAME="my_name"
 MY_DOMAIN="my_domain"
 MY_VPN_CLIENTS=(client1 client2 client3)
 OVPN_DATA="ovpn-data-$MY_NAME"

 # Initial configuration to protect the private key
 docker volume create --name $OVPN_DATA
 docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://$MY_DOMAIN
 docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki

 # Install systemd service
 curl -L https://raw.githubusercontent.com/kylemanna/docker-openvpn/master/init/docker-openvpn%40.service | sudo tee /etc/systemd/system/[email protected]

 # Enable systemd service
 sudo systemctl enable --now docker-openvpn@$MY_NAME.service

 # Generate a client certificate
 for client in "${MY_VPN_CLIENTS[@]}"; do
  docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full $MY_NAME-$client nopass
 done

 # Retrieve the client configuration with embedded certificates
 for client in "${MY_VPN_CLIENTS[@]}"; do
  docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient $MY_NAME-$client > $MY_NAME-$client.ovpn
 done
	#! /bin/bash

	if [[ $EUID -ne 0 ]]; then
	echo "This script must be run as root" 2>&1
	exit 1
	fi

	MY_USER=migue

	# Create user
	adduser $MY_USER
	gpasswd -a $MY_USER sudo

	# Edit SSH configuration
	cp -r /root/.ssh /home/$MY_USER
	chown -R $MY_USER:$MY_USER /home/$MY_USER/.ssh
	sed -i 's/PermitRootLogin/PermitRootLogin no#/g' /etc/ssh/sshd_config
	sed -i 's/PasswordAuthentication/PasswordAuthentication no#/g' /etc/ssh/sshd_config
	sed -i 's/X11Forwarding/X11Forwarding no#/g' /etc/ssh/sshd_config
	sed -i 's/LoginGraceTime/LoginGraceTime 30#/g' /etc/ssh/sshd_config
	echo "#" >> /etc/ssh/sshd_config
	echo 'ClientAliveInterval 120' >> /etc/ssh/sshd_config
	echo 'ClientAliveCountMax 2' >> /etc/ssh/sshd_config
	echo 'MaxStartUps 3' >> /etc/ssh/sshd_config
	echo 'AllowTcpForwarding no' >> /etc/ssh/sshd_config
	systemctl restart ssh

	# Set Time Zone
	timedatectl set-timezone 'Atlantic/Canary'
	systemctl restart rsyslog

	# Update packages
	apt update && apt upgrade -y && apt-get autoremove -y

	# Install useful packages
	apt install -y fail2ban htop curl
	#! /bin/bash

	# TODO
	# - Add external storage (through web right now)

	MY_ADMIN_USER='admin_user'
	MY_ADMIN_PASSWORD='admin_password'
	MY_USER='my_user'
	MY_DOMAIN='my_domain'

	# Install Nextcloud 13
	sudo snap install nextcloud --channel=13/edge

	# Initial setup configuration
	sudo snap set nextcloud php.memory-limit=512M
	sudo nextcloud.manual-install $MY_ADMIN_USER $MY_ADMIN_PASSWORD

	# Extra configuration settings
	sudo nextcloud.occ config:system:set auth.bruteforce.protection.enabled --value=true
	sudo nextcloud.occ config:system:set trusted_domains 0 --value=$MY_DOMAIN
	sudo nextcloud.enable-https lets-encrypt

	# Install extra apps
	sudo nextcloud.occ app:install apporder
	sudo nextcloud.occ app:install bookmarks
	sudo nextcloud.occ app:install bruteforcesettings
	sudo nextcloud.occ app:install calendar
	sudo nextcloud.occ app:install contacts
	sudo nextcloud.occ app:install deck
	sudo nextcloud.occ app:install files_markdown
	sudo nextcloud.occ app:install music
	sudo nextcloud.occ app:install tasks
	sudo nextcloud.occ app:install twofactor_totp
	sudo nextcloud.occ app:install twofactor_u2f
	sudo nextcloud.occ app:install unsplash

	# Enable extra apps
	sudo nextcloud.occ app:enable files_external
	sudo nextcloud.occ app:enable files_pdfviewer
	sudo nextcloud.occ app:enable admin_audit
	sudo nextcloud.occ app:enable encryption
	sudo nextcloud.occ app:enable apporder
	sudo nextcloud.occ app:enable bookmarks
	sudo nextcloud.occ app:enable bruteforcesettings
	sudo nextcloud.occ app:enable calendar
	sudo nextcloud.occ app:enable contacts
	sudo nextcloud.occ app:enable deck
	sudo nextcloud.occ app:enable files_markdown
	sudo nextcloud.occ app:enable music
	sudo nextcloud.occ app:enable tasks
	sudo nextcloud.occ app:enable twofactor_totp
	sudo nextcloud.occ app:enable twofactor_u2f
	sudo nextcloud.occ app:enable unsplash

	# Enable server encryption
	sudo nextcloud.occ encryption:enable

	# Create users (customize disk quota through web)
	sudo nextcloud.occ user:add --group="users" $MY_USER
	#! /bin/bash

	# Requirements: Docker
	# Info: https://github.com/kylemanna/docker-openvpn

	MY_NAME="my_name"
	MY_DOMAIN="my_domain"
	MY_VPN_CLIENTS=(client1 client2 client3)
	OVPN_DATA="ovpn-data-$MY_NAME"

	# Initial configuration to protect the private key
	docker volume create --name $OVPN_DATA
	docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://$MY_DOMAIN
	docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki

	# Install systemd service
	curl -L https://raw.githubusercontent.com/kylemanna/docker-openvpn/master/init/docker-openvpn%40.service \| sudo tee /etc/systemd/system/[email protected]

	# Enable systemd service
	sudo systemctl enable --now docker-openvpn@$MY_NAME.service

	# Generate a client certificate
	for client in "${MY_VPN_CLIENTS[@]}"; do
	docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full $MY_NAME-$client nopass
	done

	# Retrieve the client configuration with embedded certificates
	for client in "${MY_VPN_CLIENTS[@]}"; do
	docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient $MY_NAME-$client > $MY_NAME-$client.ovpn
	done