only-cliches · June 22, 2021 18:13
diff --git a/alpine-setup.sh b/alpine-setup.sh
 #!/bin/ash

 # This script takes a bare Alpine install and installs/configures all the apps required by my use case.

 if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 
   exit 1
 fi

 echo "Update"
 echo "==============================="

 apk update && apk upgrade

 echo "Installing Docker & Docker Compose"
 echo "========================================="

 apk add docker
 rc-update add docker boot
 service docker start

 apk add docker-compose

 adduser -SDHs /sbin/nologin dockremap
 addgroup -S dockremap
 echo dockremap:$(cat /etc/passwd|grep dockremap|cut -d: -f3):65536 >> /etc/subuid
 echo dockremap:$(cat /etc/passwd|grep dockremap|cut -d: -f4):65536 >> /etc/subgid

 echo "{\"userns-remap\": \"dockremap\"}" >> /etc/docker/daemon.json


 echo "Installing Nginx"
 echo "========================================="

 apk add nginx
 rc-update add nginx default

 echo "Installing ZFS"
 echo "========================================="

 apk add zfs zfs-openrc zfs-$(uname -r | rev | cut -d'-' -f1 | rev)
 rc-update add zfs-import default 
 rc-update add zfs-mount default 

 echo "Installing Wiregaurd"
 echo "========================================="

 apk add wireguard-tools bash wireguard-tools-wg

 echo "Installing UFW"
 echo "========================================="

 apk add ip6tables ufw
 ufw default deny incoming
 ufw default deny outgoing


 ufw limit SSH         # open SSH port and protect against brute-force login attacks
 ufw allow out 123/udp # allow outgoing NTP (Network Time Protocol)
 ufw allow out DNS     # allow outgoing DNS
 ufw allow out 80/tcp  # allow outgoing HTTP/HTTPS traffic
 ufw allow out 443/tcp 
 ufw allow 51820/udp   # Wireguard

 ufw enable     # enable the firewall
 rc-update add ufw    # add UFW init scripts

 echo "Done! Rebooting"
 echo "========================================="
 reboot
	#!/bin/ash

	# This script takes a bare Alpine install and installs/configures all the apps required by my use case.

	if [[ $EUID -ne 0 ]]; then
	echo "This script must be run as root"
	exit 1
	fi

	echo "Update"
	echo "==============================="

	apk update && apk upgrade

	echo "Installing Docker & Docker Compose"
	echo "========================================="

	apk add docker
	rc-update add docker boot
	service docker start

	apk add docker-compose

	adduser -SDHs /sbin/nologin dockremap
	addgroup -S dockremap
	echo dockremap:$(cat /etc/passwd\|grep dockremap\|cut -d: -f3):65536 >> /etc/subuid
	echo dockremap:$(cat /etc/passwd\|grep dockremap\|cut -d: -f4):65536 >> /etc/subgid

	echo "{\"userns-remap\": \"dockremap\"}" >> /etc/docker/daemon.json


	echo "Installing Nginx"
	echo "========================================="

	apk add nginx
	rc-update add nginx default

	echo "Installing ZFS"
	echo "========================================="

	apk add zfs zfs-openrc zfs-$(uname -r \| rev \| cut -d'-' -f1 \| rev)
	rc-update add zfs-import default
	rc-update add zfs-mount default

	echo "Installing Wiregaurd"
	echo "========================================="

	apk add wireguard-tools bash wireguard-tools-wg

	echo "Installing UFW"
	echo "========================================="

	apk add ip6tables ufw
	ufw default deny incoming
	ufw default deny outgoing


	ufw limit SSH # open SSH port and protect against brute-force login attacks
	ufw allow out 123/udp # allow outgoing NTP (Network Time Protocol)
	ufw allow out DNS # allow outgoing DNS
	ufw allow out 80/tcp # allow outgoing HTTP/HTTPS traffic
	ufw allow out 443/tcp
	ufw allow 51820/udp # Wireguard

	ufw enable # enable the firewall
	rc-update add ufw # add UFW init scripts

	echo "Done! Rebooting"
	echo "========================================="
	reboot