From 2585a04d136b4d1fe023419ea7699e321801911e Mon Sep 17 00:00:00 2001
From: Minecon724 <git@m724.eu>
Date: Mon, 22 Jul 2024 11:43:08 +0200
Subject: [PATCH] initial commit

---
 README.md          |  5 +++
 docker-rootless.sh | 51 ++++++++++++++++++++++++++++++
 secure.sh          | 77 ++++++++++++++++++++++++++++++++++++++++++++++
 tor-repo.sh        | 15 +++++++++
 variables          |  9 ++++++
 5 files changed, 157 insertions(+)
 create mode 100644 README.md
 create mode 100644 docker-rootless.sh
 create mode 100644 secure.sh
 create mode 100644 tor-repo.sh
 create mode 100644 variables

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..488fe46
--- /dev/null
+++ b/README.md
@@ -0,0 +1,5 @@
+Some scripts for new vpses \
+
+### Requirements
+- Debian 12
+- working internet
diff --git a/docker-rootless.sh b/docker-rootless.sh
new file mode 100644
index 0000000..7b4bf49
--- /dev/null
+++ b/docker-rootless.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+source ./variables
+
+echo "Please confirm installing dependencies"
+apt update
+apt install ca-certificates curl
+
+
+echo "Installing docker..."
+install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
+chmod a+r /etc/apt/keyrings/docker.asc
+
+echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
+  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+  tee /etc/apt/sources.list.d/docker.list > /dev/null
+
+
+echo "Installing docker now, please confirm"
+apt update
+apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin dbus-user-session fuse-overlayfs uidmap iptables
+
+systemctl disable --now docker.service docker.socket
+rm /var/run/docker.sock
+
+
+echo "Installing for user $DOCKER_USER..."
+useradd -m -s /bin/bash -G docker $DOCKER_USER
+loginctl enable-linger $DOCKER_USER
+USER_UID=$(id -u $DOCKER_USER)
+
+cat <<EOF >> /home/$DOCKER_USER/.profile
+export XDG_RUNTIME_DIR=/run/user/$USER_UID
+export DOCKER_HOST=unix://\$XDG_RUNTIME_DIR/docker.sock
+EOF
+
+echo "Waiting for systemd..."
+until sudo -iu $DOCKER_USER systemctl --user show-environment &> /dev/null; do
+  sleep .1
+done
+
+sudo -iu $DOCKER_USER /usr/bin/dockerd-rootless-setuptool.sh install
+sudo -iu $DOCKER_USER docker run hello-world
+
+echo
+echo "To manage docker, do:"
+echo " sudo -iu $DOCKER_USER"
+echo "Or execute commands directly (not recommended):"
+echo " sudo -iu $DOCKER_USER docker run hello-world"
+echo
diff --git a/secure.sh b/secure.sh
new file mode 100644
index 0000000..3c2772f
--- /dev/null
+++ b/secure.sh
@@ -0,0 +1,77 @@
+#!/bin/bash
+source ./variables
+
+echo "Installing dependencides... Please stay for a second, you will confirm the install"
+apt update
+apt install sudo wireguard-tools
+
+
+echo "Setting up user..."
+useradd -m -s /bin/bash $USERNAME
+
+
+echo "Configuring WireGuard..."
+WG_SUBNET="fc$(openssl rand -hex 1):$(openssl rand -hex 2):$(openssl rand -hex 2):$(openssl rand -hex 2)"
+WG_LISTEN_PORT=$(shuf -i 49152-65535 -n 1)
+WG_LOCAL_PRIVKEY=$(wg genkey)
+WG_LOCAL_PUBKEY=$(echo $WG_LOCAL_PRIVKEY | wg pubkey)
+
+cat <<EOF > /etc/wireguard/vmh-ssh-vpn.conf
+[Interface]
+ListenPort = $WG_LISTEN_PORT
+PrivateKey = $WG_LOCAL_PRIVKEY
+Address = $WG_SUBNET::1/64
+
+[Peer]
+PublicKey = $WIREGUARD_PUBKEY
+AllowedIPs = $WG_SUBNET::2/128
+EOF
+
+systemctl enable --now wg-quick@vmh-ssh-vpn
+
+
+echo "Configuring ssh..."
+mkdir /home/$USERNAME/.ssh
+echo $MY_SSH_KEY > /home/$USERNAME/.ssh/authorized_keys
+
+cat <<EOF > /etc/ssh/sshd_config.d/10-vmh_ssh.conf
+X11Forwarding no
+PasswordAuthentication no
+PubkeyAuthentication yes
+PermitRootLogin no
+
+ListenAddress $WG_SUBNET::1
+EOF
+
+mkdir /etc/systemd/system/sshd.service.d
+cat <<EOF > /etc/systemd/system/sshd.service.d/10-vmh-listen.conf
+[Unit]
+After=wg-quick@vmh-ssh-vpn.service
+EOF
+
+systemctl restart sshd
+
+
+echo "Configuring sudo..."
+cat <<EOF > /etc/sudoers.d/99-vmh-newuser
+$USERNAME    ALL=(ALL:ALL)   NOPASSWD:ALL
+EOF
+
+echo
+echo "Now listen carefully, you must do this to connect to this machine:"
+echo "To connect to this machine:"
+echo " ssh $USERNAME@$WG_SUBNET::1"
+echo "1. Install the WireGuard config (fill in the gaps)"
+echo
+echo "[Interface]"
+echo "PrivateKey = ..."
+echo "Address = $WG_SUBNET::2/64"
+echo "[Peer]"
+echo "Endpoint = ...:$WG_LISTEN_PORT"
+echo "PublicKey = $WG_LOCAL_PUBKEY"
+echo "AllowedIPs = $WG_SUBNET::1/128"
+echo
+echo "2. Use this command to connect"
+echo
+echo "ssh $USERNAME@$WG_SUBNET::1"
+
diff --git a/tor-repo.sh b/tor-repo.sh
new file mode 100644
index 0000000..761cfce
--- /dev/null
+++ b/tor-repo.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+apt install apt-transport-https curl gnupg2
+
+source /etc/os-release
+
+curl https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/deb.torproject.org-keyring.gpg >/dev/null
+
+cat <<EOF > /etc/apt/sources.list.d/tor.list
+deb     [signed-by=/usr/share/keyrings/deb.torproject.org-keyring.gpg] https://deb.torproject.org/torproject.org $VERSION_CODENAME main
+deb-src [signed-by=/usr/share/keyrings/deb.torproject.org-keyring.gpg] https://deb.torproject.org/torproject.org $VERSION_CODENAME main
+EOF
+apt update
+apt install deb.torproject.org-keyring
+
+echo -e "Done, now you can \e[1mapt install tor\e[0m or something"
diff --git a/variables b/variables
new file mode 100644
index 0000000..b91c9f2
--- /dev/null
+++ b/variables
@@ -0,0 +1,9 @@
+# the user to create
+USERNAME=vpsuser
+# the wireguard public key you will use to connect
+WIREGUARD_PUBKEY=
+# the ssh key you're connecting with
+MY_SSH_KEY=""
+
+# the user docker will be installed to
+DOCKER_USER=dockeruser