commit ffe4d0181ca97001e952b953ea370b9d9076be0a Author: Valentin Date: Wed Oct 23 01:46:08 2024 +0200 first commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..bc444cf --- /dev/null +++ b/README.md @@ -0,0 +1,2 @@ +Deployment [**D**ebian](https://www.debian.org/) (os) + [**D**ocker](https://www.docker.com/) (containerization) + [**C**addy](https://caddyserver.com/) (webserver) + [**D**irectus](https://directus.io/) (cms) + [**N**uxt](https://nuxt.com/) (static front). + diff --git a/bin/first-install/add_swap.sh b/bin/first-install/add_swap.sh new file mode 100644 index 0000000..3b622f7 --- /dev/null +++ b/bin/first-install/add_swap.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +fallocate -l 2G /swapfile +chmod 600 /swapfile +mkswap /swapfile +swapon /swapfile +echo '/swapfile none swap sw 0 0' | tee -a /etc/fstab + +echo -e "${PURPLE}${BOLD}2G swapfile created${RESET}" \ No newline at end of file diff --git a/bin/first-install/create_user.sh b/bin/first-install/create_user.sh new file mode 100644 index 0000000..66a8854 --- /dev/null +++ b/bin/first-install/create_user.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +echo -e "${PURPLE}${BOLD}Create user${RESET}" + +read -p "Enter username: " username + +if id "$username" &>/dev/null; then + echo "User '$username' already exists." + exit 1 +fi + +echo -e "${ORANGE}${BOLD}Generate and store the password somewhere safe${RESET}" +read -s -p "Enter password: " password +echo +useradd -m "$username" +chsh -s /bin/bash $username +echo "$username:$password" | chpasswd + +usermod -aG sudo $username + +echo -e "${PURPLE}${BOLD}User '$username' created with password successfully.${RESET}" \ No newline at end of file diff --git a/bin/first-install/setup_frewall_fail2ban.sh b/bin/first-install/setup_frewall_fail2ban.sh new file mode 100644 index 0000000..cb2a899 --- /dev/null +++ b/bin/first-install/setup_frewall_fail2ban.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban${RESET}" +install_pkg ufw +install_pkg fail2ban +systemctl enable fail2ban +get_ssh_port +ufw allow $ssh_port +ufw allow http +ufw allow https + +echo -e "${PURPLE}Firewall and Fail2ban are setup${RESET}" \ No newline at end of file diff --git a/bin/first-install/setup_ssh.sh b/bin/first-install/setup_ssh.sh new file mode 100644 index 0000000..d6dc006 --- /dev/null +++ b/bin/first-install/setup_ssh.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +echo -e "${PURPLE}${BOLD}Setup SSH${RESET}" + +ssh_port=$((RANDOM % (65536 - 1024 + 1) + 1024)) + +touch /etc/ssh/sshd_config.d/custom.conf +echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf +echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config.d/custom.conf +echo "Port ${ssh_port}" >> /etc/ssh/sshd_config.d/custom.conf +systemctl reload ssh + +echo -e "${ORANGE}${BOLD}Store the ssh port ${ssh_port} somewhere safe${RESET}" \ No newline at end of file diff --git a/bin/first_install.sh b/bin/first_install.sh new file mode 100644 index 0000000..e66569f --- /dev/null +++ b/bin/first_install.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +if [ "$EUID" -ne 0 ]; then + echo "Please run as root" + exit +fi + +# USER +echo -e "${PURPLE}${BOLD}Create a user ? (y/N) ${RESET}" +read answer +if [[ "$answer" == "y" ]]; then + . first-install/create_user.sh +fi + +# SSH +echo -e "${PURPLE}${BOLD}Setup SSH ? (y/N) ${RESET}" +read answer +if [[ "$answer" == "y" ]]; then + . first-install/setup_ssh.sh +fi + +# SWAP +echo -e "${PURPLE}${BOLD}Add SWAP ? (y/N) ${RESET}" +read answer +if [[ "$answer" == "y" ]]; then + . first-install/add_swap.sh +fi + +# FIREWALL AND FAIL2BAN +echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban ? (y/N) ${RESET}" +read answer +if [[ "$answer" == "y" ]]; then + . first-install/setup_firewall_fail2ban.sh +fi \ No newline at end of file diff --git a/bin/variables.sh b/bin/variables.sh new file mode 100644 index 0000000..67b8ea7 --- /dev/null +++ b/bin/variables.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +# Texts layout +PURPLE='\033[35m' +ORANGE='\033[33m' +BLUE='\033[34m' +BOLD='\033[1m' +RESET='\033[0m' \ No newline at end of file diff --git a/install.sh b/install.sh new file mode 100644 index 0000000..10c6215 --- /dev/null +++ b/install.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +. bin/variables.sh + +echo -e "${PURPLE}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}" + +if [ "$(dirname "$(readlink -f "$0")")" != "$(pwd)" ]; then + echo "Please run this script from its directory." + exit +fi + +# First install, root only +echo -e "${PURPLE}${BOLD}First server installation${RESET}" +. bin/first_install.sh