Initialize Debian 11. curl -fsSL https://gist.githubusercontent.com/jinta4020/672e7c01a5f03a42a80ab917ee2f61a3/raw/Debian11-WinterBoot-Init | bash

Debian11-WinterBoot-Init

#!/bin/bash

# Author: Jinta Orishima

set -eu

script_name="Debian 11 Winter Boot Init"

ask_yn () {
  while true; do
    echo -n "$* [y/n]: "
    read ANS
    case $ANS in
      [Yy]*)
        return 0
        ;;  
      [Nn]*)
        return 1
        ;;
      *)
        echo "Enter y/n ."
        ;;
    esac
  done
}

echo "Running ${script_name}..."

#FIXME: なぜかシェルスクリプトがとまる
#apt=$(ps aux | grep apt | grep -v 'grep')
#if [ -n "$apt" ]; then
#  echo "The system is busy. Please wait for a few minutes and rerun this script."
#  exit 1
#fi

read -p "Enter your user_name [worker]: " user_name
user_name=${user_name:-worker}
read -p "Enter your SSH port number [22]: " port
port=${port:-22}
read -p "Enter this machine name [winter]: " machine_name
machine_name=${machine_name:-winter}

if ask_yn "Do you want to generate SSH keys?"; then
  generate_keys=1
else
  generate_keys=0
fi

if [ $generate_keys -eq 1 ]; then
  read -p "Enter your device names [win,mac]: " device_names
  device_names=${device_names:-win,mac}
else
  read -p "Enter your public key: " public_key
  public_key=${public_key}
fi

password=$(more /dev/urandom | tr -d -c '[:alnum:]' | fold -w 16 | head -1)
echo "Please save ${user_name}'s password, and press any key to continue."
echo ${password}
read Wait

echo "Updating packages..."
apt -y update && apt -y upgrade

adduser -q --gecos "" --disabled-login ${user_name}
echo "${user_name}:${password}" | chpasswd
gpasswd -a ${user_name} sudo

# sshdの設定
sed -i -e "s|#Port 22|Port ${port}|" /etc/ssh/sshd_config
sed -i -e "s|PermitRootLogin yes|PermitRootLogin no|" /etc/ssh/sshd_config
sed -i -e "s|#PasswordAuthentication yes|PasswordAuthentication no|" /etc/ssh/sshd_config

# ファイアウォールの設定
apt -y install ufw
ufw allow ${port}
ufw default deny

# 秘密鍵の生成
if [ $generate_keys -eq 1 ]; then
  DEFAULT_IFS=$IFS

  IFS=, read -ra device_array <<< ${device_names}
  for device_name in "${device_array[@]}"
  do
  key_comment="user=${user_name},machine=${machine_name},device=${device_name}"
  file_name="${machine_name}_${user_name}_${device_name}_ed25519"

  if ask_yn "Do you set a passphrase to the key '${file_name}'?"; then
    passphrase=$(more /dev/urandom | tr -d -c '[:alnum:]' | fold -w 16 | head -1)
    sudo -u ${user_name} ssh-keygen -t ed25519 -f /home/${user_name}/.ssh/${file_name} -q -N "" -C ${key_comment} -N ${passphrase}
    echo "Please save your passphrase, and press any key to continue."
    echo ${passphrase}
    read Wait
  else
    sudo -u ${user_name} ssh-keygen -t ed25519 -f /home/${user_name}/.ssh/${file_name} -q -N "" -C ${key_comment}
  fi

  echo "Please save your public key '${file_name}.pub', and press any key to continue."
  sudo -u ${user_name} cat /home/${user_name}/.ssh/${file_name}.pub
  read Wait
  sudo -u ${user_name} sh -c "cat /home/${user_name}/.ssh/${file_name}.pub >> /home/${user_name}/.ssh/authorized_keys"
  sudo -u ${user_name} rm /home/${user_name}/.ssh/${file_name}.pub

  echo "Please save your private key '${file_name}', and press any key to continue."
  sudo -u ${user_name} cat /home/${user_name}/.ssh/${file_name}
  read Wait
  sudo -u ${user_name} rm /home/${user_name}/.ssh/${file_name}
  done

  IFS=$DEFAULT_IFS
else
  sudo -u ${user_name} mkdir /home/${user_name}/.ssh
  sudo -u ${user_name} sh -c "echo ${public_key} >> /home/${user_name}/.ssh/authorized_keys"
fi

sudo -u ${user_name} chmod 600 /home/${user_name}/.ssh/authorized_keys
sudo -u ${user_name} chmod 700 /home/${user_name}/.ssh

echo "Clearing bash history..."
history -c

service ssh restart
echo "y" | ufw enable

echo "Initialize completed."
echo "Restarting bash..."
reboot