2024-02-23 14:28:42 +01:00
|
|
|
#!/bin/bash
|
|
|
|
|
2024-02-23 15:46:03 +01:00
|
|
|
PURPLE='\033[35m'
|
2024-02-23 15:38:12 +01:00
|
|
|
BOLD='\033[1m'
|
|
|
|
RESET='\033[0m'
|
|
|
|
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}"
|
2024-02-23 14:28:42 +01:00
|
|
|
|
|
|
|
if [ "$EUID" -ne 0 ]; then
|
|
|
|
echo "Please run as root"
|
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
|
|
|
#
|
|
|
|
# USER
|
|
|
|
#
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Create a user ? (y/n) ${RESET}"
|
2024-02-23 15:38:12 +01:00
|
|
|
read answer
|
2024-02-23 15:14:36 +01:00
|
|
|
if [[ "$answer" == "y" ]]; then
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Create user${RESET}"
|
2024-02-23 14:28:42 +01:00
|
|
|
|
2024-02-23 15:14:36 +01:00
|
|
|
read -p "Enter username: " username
|
2024-02-23 14:28:42 +01:00
|
|
|
|
2024-02-23 15:14:36 +01:00
|
|
|
if id "$username" &>/dev/null; then
|
|
|
|
echo "User '$username' already exists."
|
|
|
|
exit 1
|
|
|
|
fi
|
2024-02-23 14:28:42 +01:00
|
|
|
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}"
|
2024-02-23 15:14:36 +01:00
|
|
|
read -s -p "Enter password: " password
|
|
|
|
echo
|
|
|
|
useradd -m "$username"
|
|
|
|
chsh -s /bin/bash $username
|
|
|
|
echo "$username:$password" | chpasswd
|
2024-02-23 14:28:42 +01:00
|
|
|
|
2024-02-23 15:14:36 +01:00
|
|
|
usermod -aG sudo $username
|
2024-02-23 14:28:42 +01:00
|
|
|
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}User '$username' created with password successfully.${RESET}"
|
2024-02-23 15:14:36 +01:00
|
|
|
fi
|
2024-02-23 14:28:42 +01:00
|
|
|
|
|
|
|
#
|
|
|
|
# SSH
|
|
|
|
#
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Setup SSH ? (y/n) ${RESET}"
|
2024-02-23 15:38:12 +01:00
|
|
|
read answer
|
2024-02-23 15:14:36 +01:00
|
|
|
if [[ "$answer" == "y" ]]; then
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Setup SSH${RESET}"
|
2024-02-23 15:14:36 +01:00
|
|
|
|
|
|
|
touch /etc/ssh/sshd_config.d/custom.conf
|
|
|
|
echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf
|
|
|
|
echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config.d/custom.conf
|
|
|
|
systemctl reload ssh
|
|
|
|
fi
|
2024-02-23 15:01:45 +01:00
|
|
|
|
|
|
|
#
|
|
|
|
# FIREWALL AND FAIL2BAN
|
|
|
|
#
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban ? (y/n) ${RESET}"
|
2024-02-23 15:38:12 +01:00
|
|
|
read answer
|
2024-02-23 15:14:36 +01:00
|
|
|
if [[ "$answer" == "y" ]]; then
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban${RESET}"
|
2024-02-23 15:14:36 +01:00
|
|
|
apt install -y ufw fail2ban
|
|
|
|
systemctl enable fail2ban
|
|
|
|
ufw allow ssh
|
|
|
|
ufw allow http
|
|
|
|
ufw allow https
|
|
|
|
fi
|
2024-02-23 15:01:45 +01:00
|
|
|
|
|
|
|
#
|
|
|
|
# TODO : ZABBIX AND URBACKUP
|
|
|
|
#
|
|
|
|
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}TODO : Zabbix and Urbackup${RESET}"
|
2024-02-23 15:01:45 +01:00
|
|
|
|
|
|
|
#
|
|
|
|
# CADDY
|
|
|
|
#
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Install Caddy webserver ? (y/n) ${RESET}"
|
2024-02-23 15:38:12 +01:00
|
|
|
read answer
|
2024-02-23 15:14:36 +01:00
|
|
|
if [[ "$answer" == "y" ]]; then
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Install Caddy Webserver${RESET}"
|
2024-02-23 15:14:36 +01:00
|
|
|
apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
|
|
|
|
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
|
|
|
|
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
|
|
|
|
apt update
|
|
|
|
apt install -y caddy
|
2024-02-23 15:38:12 +01:00
|
|
|
fi
|
|
|
|
|
2024-02-23 15:46:03 +01:00
|
|
|
#
|
|
|
|
# MARIADB
|
|
|
|
#
|
|
|
|
|
|
|
|
echo -e "${PURPLE}${BOLD}Install MariaDB ? (y/n) ${RESET}"
|
|
|
|
read answer
|
|
|
|
if [[ "$answer" == "y" ]]; then
|
|
|
|
apt install -y mariadb-server
|
|
|
|
echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}"
|
|
|
|
echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}"
|
|
|
|
read -s db_root_password
|
|
|
|
echo
|
2024-02-23 16:21:55 +01:00
|
|
|
apt -y install expect
|
|
|
|
SECURE_MYSQL=$(expect -c "
|
|
|
|
set timeout 3
|
|
|
|
spawn mysql_secure_installation
|
|
|
|
expect \"Enter current password for root (enter for none):\"
|
|
|
|
send \"\r\"
|
2024-02-23 16:30:50 +01:00
|
|
|
expect \"Switch to unix_socket authentication [Y/n]\"
|
|
|
|
send \"n\r\"
|
|
|
|
expect \"Change the root password? [Y/n]\"
|
2024-02-23 16:21:55 +01:00
|
|
|
send \"y\r\"
|
|
|
|
expect \"New password:\"
|
|
|
|
send \"$db_root_password\r\"
|
|
|
|
expect \"Re-enter new password:\"
|
|
|
|
send \"$db_root_password\r\"
|
|
|
|
expect \"Remove anonymous users?\"
|
|
|
|
send \"y\r\"
|
|
|
|
expect \"Disallow root login remotely?\"
|
|
|
|
send \"y\r\"
|
|
|
|
expect \"Remove test database and access to it?\"
|
|
|
|
send \"y\r\"
|
|
|
|
expect \"Reload privilege tables now?\"
|
|
|
|
send \"y\r\"
|
|
|
|
expect eof
|
|
|
|
")
|
|
|
|
echo "${SECURE_MYSQL}"
|
|
|
|
apt -y purge expect
|
|
|
|
# https://gist.github.com/coderua/5592d95970038944d099
|
2024-02-23 15:46:03 +01:00
|
|
|
fi
|
|
|
|
|
|
|
|
echo -e "${PURPLE}${BOLD}Setup Directus database ? (y/n) ${RESET}"
|
|
|
|
read answer
|
|
|
|
if [[ "$answer" == "y" ]]; then
|
|
|
|
echo "yooooo"
|
|
|
|
fi
|