rigwild · June 11, 2022 14:12
diff --git a/install.sh b/install.sh
 #!/bin/bash

 # Check if script is ran by root user -> exit
 if [[ $EUID -eq 0 ]]; then echo "This script should not be ran by root!"; exit 1; fi

 # Stop script on error
 set -e
 set -o pipefail

 sudo apt update
 sudo apt upgrade -y

 # Install common packages
 sudo apt install -y \
  linux-generic \
  build-essential \
  apt-transport-https \
  ca-certificates \
  curl \
  gnupg-agent \
  jq \
  bat \
  software-properties-common \
  fail2ban \
  git \
  htop

 # Install Node.js
 curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
 sudo apt install -y nodejs

 # Install yarn
 curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/yarnkey.gpg >/dev/null
 echo "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
 sudo apt update && sudo apt -y install yarn

 # Install pnpm
 curl -fsSL https://get.pnpm.io/install.sh | sh -
 source ~/.bashrc

 # Install PM2 and zx
 pnpm i -g pm2 zx

 # Install Redis
 sudo apt install -y redis-server
 sudo sed -i -e 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
 sudo systemctl restart redis.service

 # Configure fail2ban
 awk '{ printf "# "; print; }' /etc/fail2ban/jail.conf | sudo tee /etc/fail2ban/jail.local
 sudo sed -i -e 's/maxretry = 5/maxretry = 3/g' /etc/fail2ban/jail.conf
 sudo sed -i -e 's/# \[sshd\]/# \[sshd-example-jail\]/g' /etc/fail2ban/jail.conf
 sudo sed -i -e 's/\[sshd\]/\[sshd\]\nenabled = true/g' /etc/fail2ban/jail.conf
 sudo sed -i -e 's/findtime  = 10m/findtime  = 15m/g' /etc/fail2ban/jail.conf
 sudo service fail2ban restart

 # Configure SSH
 # Change SSH port from 22 to 2222
 sudo sed -i -e 's/#Port 22/Port 2222\n#Port 22/g' /etc/ssh/sshd_config
 # Disable SSH password login
 sudo sed -i -e 's/#PasswordAuthentication yes/PasswordAuthentication no\n#PasswordAuthentication yes/g' /etc/ssh/sshd_config
 sudo service sshd restart

 # Add 2 GB of swap
 sudo fallocate -l 2G /swapfile
 sudo chmod 600 /swapfile
 sudo mkswap /swapfile
 sudo swapon /swapfile
 sudo cp /etc/fstab /etc/fstab.bak
 echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

 # Finalize setup
 echo 'alias bat=batcat' >> ~/.bashrc
 echo 'alias ll="ls -al"' >> ~/.bashrc
 echo 'cd /var/www' >> ~/.bashrc
 sudo mkdir /var/www
 sudo chown -R $UID:$UID /var/www

 source  ~/.bashrc
	#!/bin/bash

	# Check if script is ran by root user -> exit
	if [[ $EUID -eq 0 ]]; then echo "This script should not be ran by root!"; exit 1; fi

	# Stop script on error
	set -e
	set -o pipefail

	sudo apt update
	sudo apt upgrade -y

	# Install common packages
	sudo apt install -y \
	linux-generic \
	build-essential \
	apt-transport-https \
	ca-certificates \
	curl \
	gnupg-agent \
	jq \
	bat \
	software-properties-common \
	fail2ban \
	git \
	htop

	# Install Node.js
	curl -fsSL https://deb.nodesource.com/setup_18.x \| sudo -E bash -
	sudo apt install -y nodejs

	# Install yarn
	curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg \| gpg --dearmor \| sudo tee /usr/share/keyrings/yarnkey.gpg >/dev/null
	echo "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" \| sudo tee /etc/apt/sources.list.d/yarn.list
	sudo apt update && sudo apt -y install yarn

	# Install pnpm
	curl -fsSL https://get.pnpm.io/install.sh \| sh -
	source ~/.bashrc

	# Install PM2 and zx
	pnpm i -g pm2 zx

	# Install Redis
	sudo apt install -y redis-server
	sudo sed -i -e 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
	sudo systemctl restart redis.service

	# Configure fail2ban
	awk '{ printf "# "; print; }' /etc/fail2ban/jail.conf \| sudo tee /etc/fail2ban/jail.local
	sudo sed -i -e 's/maxretry = 5/maxretry = 3/g' /etc/fail2ban/jail.conf
	sudo sed -i -e 's/# \[sshd\]/# \[sshd-example-jail\]/g' /etc/fail2ban/jail.conf
	sudo sed -i -e 's/\[sshd\]/\[sshd\]\nenabled = true/g' /etc/fail2ban/jail.conf
	sudo sed -i -e 's/findtime = 10m/findtime = 15m/g' /etc/fail2ban/jail.conf
	sudo service fail2ban restart

	# Configure SSH
	# Change SSH port from 22 to 2222
	sudo sed -i -e 's/#Port 22/Port 2222\n#Port 22/g' /etc/ssh/sshd_config
	# Disable SSH password login
	sudo sed -i -e 's/#PasswordAuthentication yes/PasswordAuthentication no\n#PasswordAuthentication yes/g' /etc/ssh/sshd_config
	sudo service sshd restart

	# Add 2 GB of swap
	sudo fallocate -l 2G /swapfile
	sudo chmod 600 /swapfile
	sudo mkswap /swapfile
	sudo swapon /swapfile
	sudo cp /etc/fstab /etc/fstab.bak
	echo '/swapfile none swap sw 0 0' \| sudo tee -a /etc/fstab

	# Finalize setup
	echo 'alias bat=batcat' >> ~/.bashrc
	echo 'alias ll="ls -al"' >> ~/.bashrc
	echo 'cd /var/www' >> ~/.bashrc
	sudo mkdir /var/www
	sudo chown -R $UID:$UID /var/www

	source ~/.bashrc