Last active
May 12, 2023 03:16
-
-
Save zudsniper/c2deae4eb0c1a07ca570488440520292 to your computer and use it in GitHub Desktop.
[DEPRECATED] check @zudsniper/bashbits | deb11_base stackscript for linode -- no ptero
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| # ================================================================================ # | |
| # __ __ _ _ __ | |
| # /\ \ /\ \ /' \ /' \ /\ \ | |
| # \_\ \ __\ \ \____/\_, \/\_, \ \ \ \____ __ ____ __ | |
| # /'_` \ /'__`\ \ '__`\/_/\ \/_/\ \ \ \ '__`\ /'__`\ /',__\ /'__`\ | |
| # /\ \L\ \/\ __/\ \ \L\ \ \ \ \ \ \ \ \ \ \L\ \/\ \L\.\_/\__, `\/\ __/ | |
| # \ \___,_\ \____\\ \_,__/ \ \_\ \ \_\ \ \_,__/\ \__/.\_\/\____/\ \____\ | |
| # \/__,_ /\/____/ \/___/ \/_/ \/_/ _______\/___/ \/__/\/_/\/___/ \/____/ | |
| # /\______\ | |
| # \/______/ | |
| # ================================================================================= # | |
| usage() { | |
| echo -e "${A_LCYAN}USAGE:${A_RESET} $0 -r [main_user] -pw [main_password] -k [ssh_key] [-h]" | |
| echo "" | |
| echo "${A_LCYAN}deb11_base${A_RESETi}" | |
| echo "" | |
| echo "${A_LCYAN}OPTIONS:${A_RESET}" | |
| echo " ${A_YELLOW}-r, --root${A_RESET} ${A_LIGHTGRAY}MAIN USER username${A_RESET}" | |
| echo " ${A_YELLOW}-pw, --root_password${A_RESET} ${A_LIGHTGRAY}MAIN USER password${A_RESET}" | |
| echo " ${A_YELLOW}-k, --ssh_key${A_RESET} ${A_LIGHTGRAY}MAIN USER ssh key${A_RESET}" | |
| echo " ${A_YELLOW}-h, --help${A_RESET} ${A_LIGHTGRAY}Show this help message${A_RESET}" | |
| exit 1 | |
| } | |
| # ============== parse_args ================ # | |
| # Parse command line arguments | |
| parse_args=() | |
| while [[ $# -gt 0 ]]; do | |
| case "$1" in | |
| -r|--root) | |
| MAIN_USER=$(echo "$2" | sed 's:/*$::') # Remove trailing slashes | |
| shift 2;; | |
| -pw|--root_password) | |
| MAIN_PASS=$(echo "$2" | sed 's:/*$::') # Remove trailing slashes | |
| shift 2;; | |
| -k|--ssh_key) | |
| MAIN_SSH_KEY=$(echo "$2" | sed 's:/*$::') # Remove trailing slashes | |
| shift 2;; | |
| --) | |
| parse_args+=("${@:2}") | |
| break;; | |
| -h|--help) | |
| usage;; | |
| *) | |
| usage;; | |
| esac | |
| done | |
| # ============ ANSI u cant see ============= # | |
| rm -f ansi_colors.sh | |
| curl -sL https://gist.githubusercontent.com/zudsniper/e5bbdb7d3384a2b5f76277b52d103e59/raw/ansi_colors.sh -o ansi_colors.sh | |
| source ansi_colors.sh | |
| # ============ update packages ============ # | |
| apt-get update && apt-get -y upgrade | |
| # ========== NETWORK SAFETY =========== # | |
| # disable `root` from ssh connection directly with server | |
| sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config | |
| sed -i -e "s/#PermitRootLogin no/PermitRootLogin no/" /etc/ssh/sshd_config | |
| # disable password ssh authentication | |
| sed -i -e "s/PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config | |
| sed -i -e "s/#PasswordAuthentication no/PasswordAuthentication no/" /etc/ssh/sshd_config | |
| systemctl restart ssh | |
| #=========== NET-PREP FUNC ============= # | |
| function user_add_sudo() { | |
| if [[ $# -ne 2 ]]; then | |
| echo -ne "${A_RED}${A_BOLD}Epic fail, no params${A_RESET}\n"; | |
| exit; | |
| fi | |
| # add user and set password, then add to sudoers & docker | |
| sudo useradd -m -d "/home/${MAIN_USER}" "$MAIN_USER" || echo "${A_YELLOW}User already exists...${A_RESET}\n"; | |
| sudo yes "$MAIN_PASS" | passwd "$MAIN_USER" | |
| sudo usermod -aG sudo "$MAIN_USER" | |
| } | |
| function user_add_pubkey() { | |
| if [[ $# -ne 2 ]]; then | |
| echo -ne "${A_RED}${A_BOLD}Epic fail, no params${A_RESET}\n"; | |
| exit; | |
| fi | |
| # add sshkey to authorized_keys | |
| echo "${MAIN_SSH_KEY}" >> .ssh/authorized_keys; | |
| } | |
| # ========= NETWORK SAFETY 2 ========== # | |
| # set up the main user, disable SSH root access, enable sudo, and setup fail2ban | |
| user_add_sudo "$MAIN_USER" "$MAIN_PASS" | |
| user_add_pubkey "$MAIN_USER" "$MAIN_SSH_KEY" | |
| # add the main user to the /etc/sudoers file for password-less sudo | |
| echo "$MAIN_USER ALL = (ALL) NOPASSWD: ALL" >> /etc/sudoers | |
| # ========== DEPENDENCIES =========== # | |
| # install useful packages from aptitude | |
| sudo apt-get -y install python3-dev python3-virtualenv build-essential libpq-dev gcc g++ htop \ | |
| curl neovim libmagic1 make git cmake pkg-config gnupg2 unzip zip wget autoconf fail2ban \ | |
| jq postgresql-client rsync bzip2 | |
| # install nvm (node version manager) | |
| # (this will be accomplished by the latest version of my `get_nvm.sh` gist. ) | |
| yes | curl -sL https://gist.githubusercontent.com/zudsniper/dac0bd4122a00edf7bc00fdbec08956f/raw/get_nvm.sh | /bin/bash -s yes ; | |
| # install gh | |
| # (again, my installer) | |
| yes | curl -sL https://gist.githubusercontent.com/zudsniper/0ba53973f9e3fe6222ffd1763bc80055/raw/get_gh.sh | /bin/bash -s yes; | |
| # install bashrc.zod.tf | |
| # -- obviously this is my bashrc, and it may not be necessary for you. | |
| # however, if you modify this script, MAKE SURE your ~/.bashrc already | |
| # the necessary nvm sourcing code -- or simply run it yourself | |
| curl -sL https://bashrc.zod.tf -o ~/.bashrc | |
| chmod ugo+x ~/.bashrc | |
| . ~/.bashrc | |
| # ^^ VERY NECESSARY to initialize nvm for later. | |
| # install `docker` | |
| apt-get -y install apt-transport-https ca-certificates lsb-release | |
| curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg | |
| echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \ | |
| $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null | |
| apt update | |
| apt install -y docker-ce docker-ce-cli containerd.io slirp4netns | |
| # install `docker-compose` | |
| curl -L "https://github.com/docker/compose/releases/download/1.28.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | |
| chmod +x /usr/local/bin/docker-compose | |
| # make docker non-sudoable | |
| usermod -a -G docker "$MAIN_USER" | |
| # update docker's daemon.json to add log-rotation using the local driver | |
| echo '{"log-driver": "local"}' > /etc/docker/daemon.json | |
| systemctl restart docker | |
| ## > This is gas? | |
| # configure `nvm` | |
| nvm install 18.15.1 | |
| nvm alias default 18.15.1 | |
| nvm use 18.15.1 | |
| # now npm & node are correct versions | |
| npm i pm2 -g -y | |
| ## install nginx and certbot | |
| sudo apt install -y nginx-full python3-certbot-nginx | |
| ## stop the web server | |
| systemctl stop nginx |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euo pipefail | |
| # ================================================================================ # | |
| # __ __ _ _ __ | |
| # /\ \ /\ \ /' \ /' \ /\ \ | |
| # \_\ \ __\ \ \____/\_, \/\_, \ \ \ \____ __ ____ __ | |
| # /'_` \ /'__`\ \ '__`\/_/\ \/_/\ \ \ \ '__`\ /'__`\ /',__\ /'__`\ | |
| # /\ \L\ \/\ __/\ \ \L\ \ \ \ \ \ \ \ \ \ \L\ \/\ \L\.\_/\__, `\/\ __/ | |
| # \ \___,_\ \____\\ \_,__/ \ \_\ \ \_\ \ \_,__/\ \__/.\_\/\____/\ \____\ | |
| # \/__,_ /\/____/ \/___/ \/_/ \/_/ _______\/___/ \/__/\/_/\/___/ \/____/ | |
| # /\______\ | |
| # \/______/ | |
| # ================================================================================= # | |
| # === User Defined Values === # | |
| # === General Server Information === # | |
| # <UDF name="box_hostname" label="Hostname for this box" default="box1"> | |
| # <UDF name="main_user" label="Username for the primary user" default="zod"> | |
| # <UDF name="main_pass" label="Password for the primary user" default="archmania"> | |
| # <UDF name="main_ssh_key" label="Public SSH Key for the primary user" example="ssh-rsa AAAA..." /> | |
| # ============ Linode Base Info =========== # | |
| source <ssinclude StackScriptID="1"> | |
| # set the hostname, FQDN, and self /etc/hosts entries | |
| export OUR_IP_ADDR=$(system_primary_ip) | |
| system_set_hostname "$BOX_HOSTNAME" | |
| system_add_host_entry "$OUR_IP_ADDR" "$BOX_HOSTNAME" "$BOX_HOSTNAME" | |
| # ============ ANSI u cant see ============= # | |
| rm -f ansi_colors.sh | |
| curl -sL https://gist.githubusercontent.com/zudsniper/e5bbdb7d3384a2b5f76277b52d103e59/raw/ansi_colors.sh -o ansi_colors.sh | |
| source ansi_colors.sh | |
| # ============ update packages ============ # | |
| apt-get update && apt-get -y upgrade | |
| # ========== NETWORK SAFETY =========== # | |
| # disable `root` from ssh connection directly with server | |
| sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config | |
| sed -i -e "s/#PermitRootLogin no/PermitRootLogin no/" /etc/ssh/sshd_config | |
| # disable password ssh authentication | |
| sed -i -e "s/PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config | |
| sed -i -e "s/#PasswordAuthentication no/PasswordAuthentication no/" /etc/ssh/sshd_config | |
| systemctl restart ssh | |
| # ========= NETWORK SAFETY 2 ========== # | |
| # set up the main user, disable SSH root access, enable sudo, and setup fail2ban | |
| user_add_sudo "$MAIN_USER" "$MAIN_PASS" | |
| user_add_pubkey "$MAIN_USER" "$MAIN_SSH_KEY" | |
| # add the main user to the /etc/sudoers file for password-less sudo | |
| echo "$MAIN_USER ALL = (ALL) NOPASSWD: ALL" >> /etc/sudoers | |
| # ========== DEPENDENCIES =========== # | |
| # install useful packages from aptitude | |
| sudo apt-get -y install python3-dev python3-virtualenv build-essential libpq-dev gcc g++ htop \ | |
| curl neovim libmagic1 make git cmake pkg-config gnupg2 unzip zip wget autoconf fail2ban \ | |
| jq postgresql-client rsync bzip2 | |
| # ***** | |
| # INSTALLS MY PERSONAL DEB11 ~/.bashrc FROM https://bashrc.zod.tf | |
| # > remove this if you don't want this, but it will break the script. (because the script needs the nvm sourcing code which is pre-included.) | |
| # install nvm (node version manager) | |
| # (this will be accomplished by the latest version of my `get_nvm.sh` gist. ) | |
| yes | curl -sL https://gist.githubusercontent.com/zudsniper/dac0bd4122a00edf7bc00fdbec08956f/raw/get_nvm.sh | /bin/bash -s yes ; | |
| # install gh | |
| # (again, my installer) | |
| yes | curl -sL https://gist.githubusercontent.com/zudsniper/0ba53973f9e3fe6222ffd1763bc80055/raw/get_gh.sh | /bin/bash -s yes; | |
| # install `docker` | |
| apt-get -y install apt-transport-https ca-certificates lsb-release | |
| curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg | |
| echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \ | |
| $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null | |
| apt update | |
| apt install -y docker-ce docker-ce-cli containerd.io slirp4netns | |
| # install `docker-compose` | |
| curl -L "https://github.com/docker/compose/releases/download/1.28.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | |
| chmod +x /usr/local/bin/docker-compose | |
| # make docker non-sudoable | |
| usermod -a -G docker "$MAIN_USER" | |
| # update docker's daemon.json to add log-rotation using the local driver | |
| echo '{"log-driver": "local"}' > /etc/docker/daemon.json | |
| systemctl restart docker | |
| ## > This is gas? | |
| # configure `nvm` | |
| nvm install 18.15.1 | |
| nvm alias default 18.15.1 | |
| nvm use 18.15.1 | |
| # now npm & node are correct versions | |
| npm i pm2 -g -y | |
| ## install nginx and certbot | |
| sudo apt install -y nginx-full python3-certbot-nginx | |
| ## stop the web server | |
| systemctl stop nginx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment