m724/vpsmusthave
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update debian/debian-secure.sh

Browse source
This commit is contained in:
Minecon724 2025-07-02 19:17:38 +02:00
commit e83720f4a5
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
debian/debian-secure.sh vendored
View file

@ -26,6 +26,7 @@ Address = $WG_SUBNET::1/64
PublicKey = $WIREGUARD_PUBKEY PublicKey = $WIREGUARD_PUBKEY
AllowedIPs = $WG_SUBNET::2/128 AllowedIPs = $WG_SUBNET::2/128
EOF EOF
chmod -R 700 /etc/wireguard
systemctl enable --now wg-quick@vmh-ssh-vpn systemctl enable --now wg-quick@vmh-ssh-vpn
@ -33,6 +34,8 @@ systemctl enable --now wg-quick@vmh-ssh-vpn
echo "Configuring ssh..." echo "Configuring ssh..."
mkdir /home/$USERNAME/.ssh mkdir /home/$USERNAME/.ssh
echo $MY_SSH_KEY > /home/$USERNAME/.ssh/authorized_keys echo $MY_SSH_KEY > /home/$USERNAME/.ssh/authorized_keys
chmod 600 /home/$USERNAME/.ssh/authorized_keys
chmod 700 /home/$USERNAME/.ssh
cat <<EOF > /etc/ssh/sshd_config.d/10-vmh_ssh.conf cat <<EOF > /etc/ssh/sshd_config.d/10-vmh_ssh.conf
X11Forwarding no X11Forwarding no
@ -56,6 +59,7 @@ echo "Configuring sudo..."
cat <<EOF > /etc/sudoers.d/99-vmh-newuser cat <<EOF > /etc/sudoers.d/99-vmh-newuser
$USERNAME ALL=(ALL:ALL) NOPASSWD:ALL $USERNAME ALL=(ALL:ALL) NOPASSWD:ALL
EOF EOF
chmod 440 /etc/sudoers.d/99-vmh-newuser
echo echo
echo "BEFORE DISCONNECTING, FOLLOW THE FOLLOWING STEPS" echo "BEFORE DISCONNECTING, FOLLOW THE FOLLOWING STEPS"