A windows startup cmd script, and bash script to execute it on vultr. installs all the things i think are useful to have on a new windows server

vultrwin.sh

#!/bin/bash
domain="alyssasmith.id.au"
if [ -z "$1" ]; then
  region="syd"
else
  region="$1"
fi
if [ -z "$2" ]; then
  size="vc2-4c-8gb"
else
  size="$2"
fi
echo "please don't run this script without reading it first"
exit
if (vultr-cli regions availability $region | grep $size); then
  python -c "from datetime import datetime, timedelta; print('est time of completion: {} (9 minutes)'.format(datetime.now()+timedelta(minutes=9)))"
  read ID <<<$((set -x; vultr-cli instance create --label "${region}w" --host "$region.w.$domain" --firewall-group a4496c76-4a45-4051-a923-3d2d08159dcc --script-id 03c1ae6a-59f6-4190-a8a1-af9f1e23c1f0 --region "$region" --os 371 --plan "$size") | egrep '^ID\t' | awk '{print $2}')
  echo https://my.vultr.com/subs/vps/novnc/?id=$ID
  echo -n Waiting for IP
  until vultr-cli instance list | grep "${region}w" | awk '{print $2}' | grep -v "0.0.0.0" >/dev/null; do
    echo -n "."
    sleep 1;
  done
  read IP <<<$(vultr-cli instance list | grep "${region}w" | awk '{print $2}')
  read DOID <<<$(doctl compute domain records list $domain | grep $region.w | awk '{print $1}')
  if [ -z "$DOID" ]; then
    (set -x; doctl compute domain records create $domain --record-name $region.w --record-type A --record-data $IP)
  else
    (set -x; doctl compute domain records update $domain --record-id $DOID --record-name $region.w --record-type A --record-data $IP)
  fi
  echo Waiting for ssh
  until ssh -o StrictHostKeyChecking=no administrator@$IP; do
    sleep 1
  done
  if read -p "Delete instance?" a; then
    (set -x; vultr-cli instance delete $ID)
  fi
else
  echo "$size not available in $region"
fi

windows-init.cmd

rem replace all instances of alyssasmith.id.au with your own values, as well as the url for authorized keys

powershell -Command "iwr https://github.com/PowerShell/PowerShell/releases/download/v7.1.3/PowerShell-7.1.3-win-x64.msi -OutFile c:\powershell.msi"
msiexec /i c:\powershell.msi /quiet

"C:\Program Files\PowerShell\7\pwsh" -Command "Invoke-WebRequest https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.11-I601-Win10.exe -OutFile c:\openvpn-setup.exe"
c:\openvpn-setup.exe /S
"C:\Program Files\PowerShell\7\pwsh" -Command "set-service -name OpenVPNService -StartupType Automatic"
netsh advfirewall firewall add rule name="3389" dir=in action=allow protocol=tcp localport=3389

"C:\Program Files\PowerShell\7\pwsh" -Command "Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0"
"C:\Program Files\PowerShell\7\pwsh" -Command "New-ItemProperty -Path 'HKLM:\SOFTWARE\OpenSSH' -Name DefaultShell -Value 'C:\Program Files\PowerShell\7\pwsh.exe' -PropertyType String -Force"
netsh advfirewall firewall add rule name="22" dir=in action=allow protocol=tcp localport=22
"C:\Program Files\PowerShell\7\pwsh" -Command "iwr example.com -OutFile c:\programdata\ssh\administrators_authorized_keys"
"C:\Program Files\PowerShell\7\pwsh" -Command "$acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys; $acl.SetAccessRuleProtection($true, $false); $administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule('Administrators','FullControl','Allow'); $systemRule = New-Object system.security.accesscontrol.filesystemaccessrule('SYSTEM','FullControl','Allow'); $acl.SetAccessRule($administratorsRule); $acl.SetAccessRule($systemRule); $acl | Set-Acl"
"C:\Program Files\PowerShell\7\pwsh" -Command "set-service -name sshd -StartupType Automatic"

"C:\Program Files\PowerShell\7\pwsh" -Command "iwr -useb get.scoop.sh | iex; scoop install git; scoop update; scoop bucket add extras; scoop install chromium rclone"

"C:\Program Files\PowerShell\7\pwsh" -Command "$_host = ((iwr http://169.254.169.254/v1/hostname).Content -replace '.w.alyssasmith.id.au$'); rename-computer -newname $_host"