#!/bin/bash PURPLE='\033[35m' BOLD='\033[1m' RESET='\033[0m' install_expect() { if ! command -v expect &> /dev/null; then sudo apt install -y expect echo -e "${PURPLE}${BOLD}expect installed${RESET}" else echo -e "${PURPLE}${BOLD}expect already installed${RESET}" fi } echo -e "${PURPLE}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}" if [ "$EUID" -ne 0 ]; then echo "Please run as root" exit fi # # USER # echo -e "${PURPLE}${BOLD}Create a user ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Create user${RESET}" read -p "Enter username: " username if id "$username" &>/dev/null; then echo "User '$username' already exists." exit 1 fi echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}" read -s -p "Enter password: " password echo useradd -m "$username" chsh -s /bin/bash $username echo "$username:$password" | chpasswd usermod -aG sudo $username echo -e "${PURPLE}${BOLD}User '$username' created with password successfully.${RESET}" fi # # SSH # echo -e "${PURPLE}${BOLD}Setup SSH ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Setup SSH${RESET}" touch /etc/ssh/sshd_config.d/custom.conf echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config.d/custom.conf systemctl reload ssh fi # # FIREWALL AND FAIL2BAN # echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban${RESET}" apt install -y ufw fail2ban systemctl enable fail2ban ufw allow ssh ufw allow http ufw allow https fi # # TODO : ZABBIX AND URBACKUP # echo -e "${PURPLE}${BOLD}TODO : Zabbix and Urbackup${RESET}" # # CADDY # echo -e "${PURPLE}${BOLD}Install Caddy webserver ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Install Caddy Webserver${RESET}" apt install -y debian-keyring debian-archive-keyring apt-transport-https curl curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list apt update apt install -y caddy fi # # MARIADB # echo -e "${PURPLE}${BOLD}Install MariaDB ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then apt install -y mariadb-server echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}" echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}" read -s db_root_password echo install_expect SECURE_MYSQL=$(expect -c " set timeout 3 spawn mysql_secure_installation expect \"Enter current password for root (enter for none):\" send \"\r\" expect \"Switch to unix_socket authentication \\[Y/n\\]\" send \"n\r\" expect \"Change the root password? \\[Y/n\\]\" send \"y\r\" expect \"New password:\" send \"$db_root_password\r\" expect \"Re-enter new password:\" send \"$db_root_password\r\" expect \"Remove anonymous users?\" send \"y\r\" expect \"Disallow root login remotely?\" send \"y\r\" expect \"Remove test database and access to it?\" send \"y\r\" expect \"Reload privilege tables now?\" send \"y\r\" expect eof ") echo "${SECURE_MYSQL}" apt -y purge expect # https://gist.github.com/coderua/5592d95970038944d099 fi # # DIRECTUS DB # echo -e "${PURPLE}${BOLD}Setup Directus database ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}" echo -e "${PURPLE}${BOLD}Enter the MariaDB Directus password : ${RESET}" read -s db_directus_password echo if [[ -z "$db_root_password" ]]; then echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}" read -s db_root_password echo fi install_expect spawn mariadb -u root -p expect "Enter password:" send "$db_root_password\r" expect "mysql>" send "CREATE USER 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r" send "CREATE DATABASE directus;\r" send "GRANT ALL PRIVILEGES ON directus.* TO 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r" send "FLUSH PRIVILEGES;\r" expect "mysql>" send "exit\r" wait fi # TODO REMOVE EXPECT IF IT IS INSTALLED