#!/bin/bash PURPLE='\033[35m' BOLD='\033[1m' RESET='\033[0m' echo -e "${PURPLE}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}" if [ "$EUID" -ne 0 ]; then echo "Please run as root" exit fi # # USER # echo -e "${PURPLE}${BOLD}Create a user ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Create user${RESET}" read -p "Enter username: " username if id "$username" &>/dev/null; then echo "User '$username' already exists." exit 1 fi echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}" read -s -p "Enter password: " password echo useradd -m "$username" chsh -s /bin/bash $username echo "$username:$password" | chpasswd usermod -aG sudo $username echo -e "${PURPLE}${BOLD}User '$username' created with password successfully.${RESET}" fi # # SSH # echo -e "${PURPLE}${BOLD}Setup SSH ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Setup SSH${RESET}" touch /etc/ssh/sshd_config.d/custom.conf echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config.d/custom.conf systemctl reload ssh fi # # FIREWALL AND FAIL2BAN # echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban${RESET}" apt install -y ufw fail2ban systemctl enable fail2ban ufw allow ssh ufw allow http ufw allow https fi # # TODO : ZABBIX AND URBACKUP # echo -e "${PURPLE}${BOLD}TODO : Zabbix and Urbackup${RESET}" # # CADDY # echo -e "${PURPLE}${BOLD}Install Caddy webserver ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Install Caddy Webserver${RESET}" apt install -y debian-keyring debian-archive-keyring apt-transport-https curl curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list apt update apt install -y caddy fi # # MARIADB # echo -e "${PURPLE}${BOLD}Install MariaDB ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then apt install -y mariadb-server echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}" echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}" read -s db_root_password echo mariadb -e "UPDATE mysql.user SET Password = PASSWORD('${db_root_password}') WHERE User = 'root'" mariadb -e "DROP USER ''@'localhost'" mariadb -e "DROP USER ''@'$(hostname)'" mariadb -e "DROP DATABASE test" mariadb -e "FLUSH PRIVILEGES" # https://fedingo.com/how-to-automate-mysql_secure_installation-script/ # to replace mysql_secure_installation fi echo -e "${PURPLE}${BOLD}Setup Directus database ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo "yooooo" fi