andrewmackrodt · June 21, 2024 20:10
diff --git a/install-openmptcprouter-vps.sh b/install-openmptcprouter-vps.sh
 #!/usr/bin/env bash
 set -euo pipefail

 sshUser="REPLACE_ME"
 sshKeys=$(cat <<'EOF'
 REPLACE_ME
 EOF
  )

 assert_root() {
  if [[ $(id -u) -ne 0 ]]; then
    echo "ERROR must be run as root user" >&2
    exit 1
  fi
 }

 reboot_if_required() {
  if [[ -f /var/run/reboot-required ]] || \
     [[ "$(uname -r)" != "$(ls -1 /boot/vmlinuz-* | sed 's#/boot/vmlinuz-##' | sort -rV | head -n1)" ]]\
  ; then
    reboot
  fi
 }

 sys_upgrade() {
  export DEBIAN_FRONTEND=noninteractive
  apt update -qq
  apt upgrade -qqy -o Dpkg::Options::="--force-confnew"
  apt install -qqy -o Dpkg::Options::="--force-confnew" htop net-tools nethogs rsync speedtest-cli
  unset DEBIAN_FRONTEND
  reboot_if_required
 }

 create_ssh_user() {
  if [[ ! -f "/home/$sshUser/.ssh/authorized_keys" ]]; then
    useradd "$sshUser" -G adm,sudo -m -s /bin/bash
    passwd -d "$sshUser"
    mkdir "/home/$sshUser/.ssh"
    chmod 0700 "/home/$sshUser/.ssh"
    echo -n "$sshKeys" >"/home/$sshUser/.ssh/authorized_keys"
    chown -R "$sshUser:$sshUser" "/home/$sshUser/.ssh"
  fi
 }

 configure_sshd() {
  local restartSSH=false

  # harden sshd config
  if [[ ! -f /etc/ssh/sshd_config.d/99-harden.conf ]]; then
    cat <<'EOF' >/etc/ssh/sshd_config.d/99-harden.conf
 PermitRootLogin no
 PasswordAuthentication no
 GatewayPorts clientspecified
 EOF
    restartSSH=true
  fi

  # remove cloud init sshd config
  if [[ -f /etc/ssh/sshd_config.d/50-cloud-init.conf ]]; then
    rm /etc/ssh/sshd_config.d/50-cloud-init.conf
    restartSSH=true
  fi

  # restart sshd
  if [[ "$restartSSH" == "true" ]]; then
    systemctl restart sshd
  fi
 }

 install_omr() {
  if ! which omr-service >/dev/null; then
    wget -O- https://www.openmptcprouter.com/server/debian-x86_64.sh | KERNEL="6.1" sh
    cat /root/openmptcprouter_config.txt
    reboot now
  fi
 }

 assert_root
 sys_upgrade
 create_ssh_user
 configure_sshd
 install_omr
	#!/usr/bin/env bash
	set -euo pipefail

	sshUser="REPLACE_ME"
	sshKeys=$(cat <<'EOF'
	REPLACE_ME
	EOF
	)

	assert_root() {
	if [[ $(id -u) -ne 0 ]]; then
	echo "ERROR must be run as root user" >&2
	exit 1
	fi
	}

	reboot_if_required() {
	if [[ -f /var/run/reboot-required ]] \|\| \
	[[ "$(uname -r)" != "$(ls -1 /boot/vmlinuz-* \| sed 's#/boot/vmlinuz-##' \| sort -rV \| head -n1)" ]]\
	; then
	reboot
	fi
	}

	sys_upgrade() {
	export DEBIAN_FRONTEND=noninteractive
	apt update -qq
	apt upgrade -qqy -o Dpkg::Options::="--force-confnew"
	apt install -qqy -o Dpkg::Options::="--force-confnew" htop net-tools nethogs rsync speedtest-cli
	unset DEBIAN_FRONTEND
	reboot_if_required
	}

	create_ssh_user() {
	if [[ ! -f "/home/$sshUser/.ssh/authorized_keys" ]]; then
	useradd "$sshUser" -G adm,sudo -m -s /bin/bash
	passwd -d "$sshUser"
	mkdir "/home/$sshUser/.ssh"
	chmod 0700 "/home/$sshUser/.ssh"
	echo -n "$sshKeys" >"/home/$sshUser/.ssh/authorized_keys"
	chown -R "$sshUser:$sshUser" "/home/$sshUser/.ssh"
	fi
	}

	configure_sshd() {
	local restartSSH=false

	# harden sshd config
	if [[ ! -f /etc/ssh/sshd_config.d/99-harden.conf ]]; then
	cat <<'EOF' >/etc/ssh/sshd_config.d/99-harden.conf
	PermitRootLogin no
	PasswordAuthentication no
	GatewayPorts clientspecified
	EOF
	restartSSH=true
	fi

	# remove cloud init sshd config
	if [[ -f /etc/ssh/sshd_config.d/50-cloud-init.conf ]]; then
	rm /etc/ssh/sshd_config.d/50-cloud-init.conf
	restartSSH=true
	fi

	# restart sshd
	if [[ "$restartSSH" == "true" ]]; then
	systemctl restart sshd
	fi
	}

	install_omr() {
	if ! which omr-service >/dev/null; then
	wget -O- https://www.openmptcprouter.com/server/debian-x86_64.sh \| KERNEL="6.1" sh
	cat /root/openmptcprouter_config.txt
	reboot now
	fi
	}

	assert_root
	sys_upgrade
	create_ssh_user
	configure_sshd
	install_omr