initial commit
This commit is contained in:
commit
2585a04d13
GPG key ID:
3CCC4D267742C8E8
5 changed files with 157 additions and 0 deletions
5
README.md
Normal file
5
README.md
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
Some scripts for new vpses \
|
||||
|
||||
### Requirements
|
||||
- Debian 12
|
||||
- working internet
|
||||
51
docker-rootless.sh
Normal file
51
docker-rootless.sh
Normal file
|
|
@ -0,0 +1,51 @@
|
|||
#!/bin/bash
|
||||
source ./variables
|
||||
|
||||
echo "Please confirm installing dependencies"
|
||||
apt update
|
||||
apt install ca-certificates curl
|
||||
|
||||
|
||||
echo "Installing docker..."
|
||||
install -m 0755 -d /etc/apt/keyrings
|
||||
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
|
||||
chmod a+r /etc/apt/keyrings/docker.asc
|
||||
|
||||
echo \
|
||||
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
|
||||
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
|
||||
tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||
|
||||
|
||||
echo "Installing docker now, please confirm"
|
||||
apt update
|
||||
apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin dbus-user-session fuse-overlayfs uidmap iptables
|
||||
|
||||
systemctl disable --now docker.service docker.socket
|
||||
rm /var/run/docker.sock
|
||||
|
||||
|
||||
echo "Installing for user $DOCKER_USER..."
|
||||
useradd -m -s /bin/bash -G docker $DOCKER_USER
|
||||
loginctl enable-linger $DOCKER_USER
|
||||
USER_UID=$(id -u $DOCKER_USER)
|
||||
|
||||
cat <<EOF >> /home/$DOCKER_USER/.profile
|
||||
export XDG_RUNTIME_DIR=/run/user/$USER_UID
|
||||
export DOCKER_HOST=unix://\$XDG_RUNTIME_DIR/docker.sock
|
||||
EOF
|
||||
|
||||
echo "Waiting for systemd..."
|
||||
until sudo -iu $DOCKER_USER systemctl --user show-environment &> /dev/null; do
|
||||
sleep .1
|
||||
done
|
||||
|
||||
sudo -iu $DOCKER_USER /usr/bin/dockerd-rootless-setuptool.sh install
|
||||
sudo -iu $DOCKER_USER docker run hello-world
|
||||
|
||||
echo
|
||||
echo "To manage docker, do:"
|
||||
echo " sudo -iu $DOCKER_USER"
|
||||
echo "Or execute commands directly (not recommended):"
|
||||
echo " sudo -iu $DOCKER_USER docker run hello-world"
|
||||
echo
|
||||
77
secure.sh
Normal file
77
secure.sh
Normal file
|
|
@ -0,0 +1,77 @@
|
|||
#!/bin/bash
|
||||
source ./variables
|
||||
|
||||
echo "Installing dependencides... Please stay for a second, you will confirm the install"
|
||||
apt update
|
||||
apt install sudo wireguard-tools
|
||||
|
||||
|
||||
echo "Setting up user..."
|
||||
useradd -m -s /bin/bash $USERNAME
|
||||
|
||||
|
||||
echo "Configuring WireGuard..."
|
||||
WG_SUBNET="fc$(openssl rand -hex 1):$(openssl rand -hex 2):$(openssl rand -hex 2):$(openssl rand -hex 2)"
|
||||
WG_LISTEN_PORT=$(shuf -i 49152-65535 -n 1)
|
||||
WG_LOCAL_PRIVKEY=$(wg genkey)
|
||||
WG_LOCAL_PUBKEY=$(echo $WG_LOCAL_PRIVKEY | wg pubkey)
|
||||
|
||||
cat <<EOF > /etc/wireguard/vmh-ssh-vpn.conf
|
||||
[Interface]
|
||||
ListenPort = $WG_LISTEN_PORT
|
||||
PrivateKey = $WG_LOCAL_PRIVKEY
|
||||
Address = $WG_SUBNET::1/64
|
||||
|
||||
[Peer]
|
||||
PublicKey = $WIREGUARD_PUBKEY
|
||||
AllowedIPs = $WG_SUBNET::2/128
|
||||
EOF
|
||||
|
||||
systemctl enable --now wg-quick@vmh-ssh-vpn
|
||||
|
||||
|
||||
echo "Configuring ssh..."
|
||||
mkdir /home/$USERNAME/.ssh
|
||||
echo $MY_SSH_KEY > /home/$USERNAME/.ssh/authorized_keys
|
||||
|
||||
cat <<EOF > /etc/ssh/sshd_config.d/10-vmh_ssh.conf
|
||||
X11Forwarding no
|
||||
PasswordAuthentication no
|
||||
PubkeyAuthentication yes
|
||||
PermitRootLogin no
|
||||
|
||||
ListenAddress $WG_SUBNET::1
|
||||
EOF
|
||||
|
||||
mkdir /etc/systemd/system/sshd.service.d
|
||||
cat <<EOF > /etc/systemd/system/sshd.service.d/10-vmh-listen.conf
|
||||
[Unit]
|
||||
After=wg-quick@vmh-ssh-vpn.service
|
||||
EOF
|
||||
|
||||
systemctl restart sshd
|
||||
|
||||
|
||||
echo "Configuring sudo..."
|
||||
cat <<EOF > /etc/sudoers.d/99-vmh-newuser
|
||||
$USERNAME ALL=(ALL:ALL) NOPASSWD:ALL
|
||||
EOF
|
||||
|
||||
echo
|
||||
echo "Now listen carefully, you must do this to connect to this machine:"
|
||||
echo "To connect to this machine:"
|
||||
echo " ssh $USERNAME@$WG_SUBNET::1"
|
||||
echo "1. Install the WireGuard config (fill in the gaps)"
|
||||
echo
|
||||
echo "[Interface]"
|
||||
echo "PrivateKey = ..."
|
||||
echo "Address = $WG_SUBNET::2/64"
|
||||
echo "[Peer]"
|
||||
echo "Endpoint = ...:$WG_LISTEN_PORT"
|
||||
echo "PublicKey = $WG_LOCAL_PUBKEY"
|
||||
echo "AllowedIPs = $WG_SUBNET::1/128"
|
||||
echo
|
||||
echo "2. Use this command to connect"
|
||||
echo
|
||||
echo "ssh $USERNAME@$WG_SUBNET::1"
|
||||
|
||||
15
tor-repo.sh
Normal file
15
tor-repo.sh
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
#!/bin/bash
|
||||
apt install apt-transport-https curl gnupg2
|
||||
|
||||
source /etc/os-release
|
||||
|
||||
curl https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/deb.torproject.org-keyring.gpg >/dev/null
|
||||
|
||||
cat <<EOF > /etc/apt/sources.list.d/tor.list
|
||||
deb [signed-by=/usr/share/keyrings/deb.torproject.org-keyring.gpg] https://deb.torproject.org/torproject.org $VERSION_CODENAME main
|
||||
deb-src [signed-by=/usr/share/keyrings/deb.torproject.org-keyring.gpg] https://deb.torproject.org/torproject.org $VERSION_CODENAME main
|
||||
EOF
|
||||
apt update
|
||||
apt install deb.torproject.org-keyring
|
||||
|
||||
echo -e "Done, now you can \e[1mapt install tor\e[0m or something"
|
||||
9
variables
Normal file
9
variables
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
# the user to create
|
||||
USERNAME=vpsuser
|
||||
# the wireguard public key you will use to connect
|
||||
WIREGUARD_PUBKEY=
|
||||
# the ssh key you're connecting with
|
||||
MY_SSH_KEY=""
|
||||
|
||||
# the user docker will be installed to
|
||||
DOCKER_USER=dockeruser
|
||||
Loading…
Reference in a new issue