#!/bin/bash source ./variables echo "Installing dependencides... Please stay for a second, you will confirm the install" apt update apt install sudo wireguard-tools echo "Setting up user..." useradd -m -s /bin/bash $USERNAME echo "Configuring WireGuard..." WG_SUBNET="fc$(openssl rand -hex 1):$(openssl rand -hex 2):$(openssl rand -hex 2):$(openssl rand -hex 2)" WG_LISTEN_PORT=$(shuf -i 49152-65535 -n 1) WG_LOCAL_PRIVKEY=$(wg genkey) WG_LOCAL_PUBKEY=$(echo $WG_LOCAL_PRIVKEY | wg pubkey) cat < /etc/wireguard/vmh-ssh-vpn.conf [Interface] ListenPort = $WG_LISTEN_PORT PrivateKey = $WG_LOCAL_PRIVKEY Address = $WG_SUBNET::1/64 [Peer] PublicKey = $WIREGUARD_PUBKEY AllowedIPs = $WG_SUBNET::2/128 EOF systemctl enable --now wg-quick@vmh-ssh-vpn echo "Configuring ssh..." mkdir /home/$USERNAME/.ssh echo $MY_SSH_KEY > /home/$USERNAME/.ssh/authorized_keys cat < /etc/ssh/sshd_config.d/10-vmh_ssh.conf X11Forwarding no PasswordAuthentication no PubkeyAuthentication yes PermitRootLogin no ListenAddress $WG_SUBNET::1 EOF mkdir /etc/systemd/system/sshd.service.d cat < /etc/systemd/system/sshd.service.d/10-vmh-listen.conf [Unit] After=wg-quick@vmh-ssh-vpn.service EOF systemctl restart sshd echo "Configuring sudo..." cat < /etc/sudoers.d/99-vmh-newuser $USERNAME ALL=(ALL:ALL) NOPASSWD:ALL EOF echo echo "BEFORE DISCONNECTING, FOLLOW THE STEPS" echo "You won't be able to reconnect if you don't." echo echo "To connect to this machine:" echo " ssh $USERNAME@$WG_SUBNET::1" echo "1. Install the WireGuard config (fill in the gaps)" echo echo "[Interface]" echo "PrivateKey = ..." echo "Address = $WG_SUBNET::2/64" echo "[Peer]" echo "Endpoint = ...:$WG_LISTEN_PORT" echo "PublicKey = $WG_LOCAL_PUBKEY" echo "AllowedIPs = $WG_SUBNET::1/128" echo echo "2. Use this command to connect" echo echo "ssh $USERNAME@$WG_SUBNET::1"