m724/vpsmusthave
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update alpine/alpine-secure.sh

Browse source
This commit is contained in:
Minecon724 2025-07-02 18:52:42 +02:00
commit c29736ad0e
1 changed files with 29 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

42
alpine/alpine-secure.sh
View file

@ -1,13 +1,22 @@
#!/bin/sh
#!/bin/bash
# This script is intended for Alpine Linux.
# Ensure this script is run as root
if [ "$(id -u)" -ne 0 ]; then
echo "This script must be run as root" 1>&2
exit 1
fi
source ./variables source ./variables
echo "Installing dependencides... Please stay for a second, you will confirm the install" echo "Installing dependencies..."
apk update apk update
apk add wireguard-tools openssl sudo apk add bash sudo wireguard-tools openssl
echo "Setting up user..." echo "Setting up user..."
useradd -m -s /bin/bash $USERNAME adduser -D -s /bin/bash $USERNAME
echo "Configuring WireGuard..." echo "Configuring WireGuard..."
@ -27,17 +36,19 @@ PublicKey = $WIREGUARD_PUBKEY
AllowedIPs = $WG_SUBNET::2/128 AllowedIPs = $WG_SUBNET::2/128
EOF EOF
chmod 600 /etc/wireguard/vmh-ssh-vpn.conf rc-update add wg-quick@vmh-ssh-vpn default
rc-service wg-quick@vmh-ssh-vpn start
ln -s /etc/init.d/wg-quick /etc/init.d/wg-quick.vmh-ssh-vpn
rc-update add wg-quick.vmh-ssh-vpn default
rc-service wg-quick.vmh-ssh-vpn start
echo "Configuring ssh..." echo "Configuring ssh..."
mkdir /home/$USERNAME/.ssh mkdir -p /home/$USERNAME/.ssh
echo $MY_SSH_KEY > /home/$USERNAME/.ssh/authorized_keys chown $USERNAME:$USERNAME /home/$USERNAME/.ssh
echo "$MY_SSH_KEY" > /home/$USERNAME/.ssh/authorized_keys
chown $USERNAME:$USERNAME /home/$USERNAME/.ssh/authorized_keys
chmod 600 /home/$USERNAME/.ssh/authorized_keys
chmod 700 /home/$USERNAME/.ssh
mkdir -p /etc/ssh/sshd_config.d
cat <<EOF > /etc/ssh/sshd_config.d/10-vmh_ssh.conf cat <<EOF > /etc/ssh/sshd_config.d/10-vmh_ssh.conf
X11Forwarding no X11Forwarding no
PasswordAuthentication no PasswordAuthentication no
@ -47,16 +58,19 @@ PermitRootLogin no
ListenAddress $WG_SUBNET::1 ListenAddress $WG_SUBNET::1
EOF EOF
echo "rc_before=sshd" > /etc/conf.d/wg-quick.vmh-ssh-vpn echo 'rc_need="wg-quick@vmh-ssh-vpn"' >> /etc/conf.d/sshd
rc-service sshd restart rc-service sshd restart
echo "Configuring sudo..." echo "Configuring sudo..."
cat <<EOF > /etc/sudoers.d/99-vmh-newuser cat <<EOF > /etc/sudoers.d/99-vmh-newuser
$USERNAME ALL=(ALL:ALL) NOPASSWD:ALL $USERNAME ALL=(ALL:ALL) NOPASSWD:ALL
EOF EOF
chmod 440 /etc/sudoers.d/99-vmh-newuser
echo echo
echo "BEFORE DISCONNECTING, FOLLOW THE FOLLOWING STEPS" echo "BEFORE DISCONNECTING, FOLLOW THE FOLLOWING STEPS"
echo "You won't be able to reconnect if you don't." echo "You won't be able to reconnect if you don't."
@ -77,3 +91,5 @@ echo "ssh $USERNAME@$WG_SUBNET::1"
echo echo
echo "NOTICE:" echo "NOTICE:"
echo "If you need to change the port or other VPN settings, do it NOW. Edit /etc/wireguard/vmh-ssh-vpn.conf" echo "If you need to change the port or other VPN settings, do it NOW. Edit /etc/wireguard/vmh-ssh-vpn.conf"