Last active
June 21, 2024 20:10
-
-
Save andrewmackrodt/a710afe82f709d7681c20f480890b559 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -euo pipefail | |
sshUser="REPLACE_ME" | |
sshKeys=$(cat <<'EOF' | |
REPLACE_ME | |
EOF | |
) | |
assert_root() { | |
if [[ $(id -u) -ne 0 ]]; then | |
echo "ERROR must be run as root user" >&2 | |
exit 1 | |
fi | |
} | |
reboot_if_required() { | |
if [[ -f /var/run/reboot-required ]] || \ | |
[[ "$(uname -r)" != "$(ls -1 /boot/vmlinuz-* | sed 's#/boot/vmlinuz-##' | sort -rV | head -n1)" ]]\ | |
; then | |
reboot | |
fi | |
} | |
sys_upgrade() { | |
export DEBIAN_FRONTEND=noninteractive | |
apt update -qq | |
apt upgrade -qqy -o Dpkg::Options::="--force-confnew" | |
apt install -qqy -o Dpkg::Options::="--force-confnew" htop net-tools nethogs rsync speedtest-cli | |
unset DEBIAN_FRONTEND | |
reboot_if_required | |
} | |
create_ssh_user() { | |
if [[ ! -f "/home/$sshUser/.ssh/authorized_keys" ]]; then | |
useradd "$sshUser" -G adm,sudo -m -s /bin/bash | |
passwd -d "$sshUser" | |
mkdir "/home/$sshUser/.ssh" | |
chmod 0700 "/home/$sshUser/.ssh" | |
echo -n "$sshKeys" >"/home/$sshUser/.ssh/authorized_keys" | |
chown -R "$sshUser:$sshUser" "/home/$sshUser/.ssh" | |
fi | |
} | |
configure_sshd() { | |
local restartSSH=false | |
# harden sshd config | |
if [[ ! -f /etc/ssh/sshd_config.d/99-harden.conf ]]; then | |
cat <<'EOF' >/etc/ssh/sshd_config.d/99-harden.conf | |
PermitRootLogin no | |
PasswordAuthentication no | |
GatewayPorts clientspecified | |
EOF | |
restartSSH=true | |
fi | |
# remove cloud init sshd config | |
if [[ -f /etc/ssh/sshd_config.d/50-cloud-init.conf ]]; then | |
rm /etc/ssh/sshd_config.d/50-cloud-init.conf | |
restartSSH=true | |
fi | |
# restart sshd | |
if [[ "$restartSSH" == "true" ]]; then | |
systemctl restart sshd | |
fi | |
} | |
install_omr() { | |
if ! which omr-service >/dev/null; then | |
wget -O- https://www.openmptcprouter.com/server/debian-x86_64.sh | KERNEL="6.1" sh | |
cat /root/openmptcprouter_config.txt | |
reboot now | |
fi | |
} | |
assert_root | |
sys_upgrade | |
create_ssh_user | |
configure_sshd | |
install_omr |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment