ss-o · December 24, 2022 08:33
diff --git a/docker-dnscrypt.sh b/docker-dnscrypt.sh
 #!/usr/bin/env bash
 SERVER="$(hostname)"
 SERVER_HOST_V4="$(curl -4 -s 'https://api.ipengine.dev' | jq -r '.network.ip')" || SERVER_HOST_V4="$(ip route get 8.8.8.8 | grep src | sed 's/.*src \(.* \)/\1/g' | cut -f1 -d ' ')"
 SERVER_HOST_V6="$(curl -6 -s 'https://api.ipengine.dev' | jq -r '.network.ip')" || SERVER_HOST_V6="$(ip -6 addr | sed -ne 's|^.* inet6 \([^/]*\)/.* scope global.*$|\1|p' | head -1)"
 SSHPORT='22'
 DNSPORT='443'

 apt-get update && apt-get upgrade -y

 sed -ri -e "s/^#Port.*|^Port.*/Port $SSHPORT/" \
 -e 's/^#PrintMotd .*|^PrintMotd no/PrintMotd yes/' /etc/ssh/sshd_config
 service sshd restart

 # Configure firewall
 apt install ufw -y
 ufw --force enable
 ufw allow "${SSHPORT}"/tcp
 ufw allow 443/tcp
 ufw allow 443/udp
 ufw allow 9100/tcp

 [ ! -d /etc/encrypted-dns/keys ] && mkdir -p /etc/encrypted-dns/keys 

 #TODO: Print gathered info to confirm before deploying. 
 # - Add checks

 docker run --name=dnscrypt-server -p "8443:443/udp" -p "8443:443/tcp" \
 --net=host --restart=unless-stopped \
 -v /etc/encrypted-dns/keys:/opt/encrypted-dns/etc/keys \
 -v /etc/encrypted-dns/lists:/opt/encrypted-dns/etc/lists \
 -v /etc/encrypted-dns/zones:/opt/unbound/etc/unbound/zones \
 jedisct1/dnscrypt-server init -A -N "w-ss.io" -E "159.65.63.76:8443,[2a03:b0c0:1:d0::e3f:1]:8443" 
 # -T '0.0.0.0:4443' - Relay traffic. ex. webpage (Remove -A flag if uncommented as previously failed)
 cat /etc/encrypted-dns/keys/provider-info.txt

 docker run -d --name watchtower --restart=unless-stopped \
 -v /var/run/docker.sock:/var/run/docker.sock \
 v2tec/watchtower dnscrypt-server

 ln -sf /etc/encrypted-dns/keys /root 
diff --git a/encrypted-dns.sh b/encrypted-dns.sh
 #!/usr/bin/env bash

 sudo mkdir -p /opt/encrypted-dns
 cd /opt/encrypted-dns
 sudo wget https://github.com/jedisct1/encrypted-dns-server/releases/download/0.9.9/encrypted-dns_0.9.9_amd64.deb
 sudo dpkg -i encrypted-dns_0.*.*_amd64.deb
 sudo cp /usr/share/doc/encrypted-dns/example-encrypted-dns.toml /opt/encrypted-dns/encrypted-dns.toml
 echo "Modify /opt/encrypted-dns/encrypted-dns.toml and run: sudo systemctl enable start encrypted-dns"

 sudo bash -c 'cat << EOF > /etc/systemd/system/encrypted-dns.service
 # /etc/systemd/system/dnscrypt-server.service
 [Unit]
 Description=DNSCrypt v2 server
 ConditionFileIsExecutable=/usr/bin/encrypted-dns
 After=syslog.target network-online.target

 [Service]
 StartLimitInterval=5
 StartLimitBurst=10
 ExecStart=/usr/bin/encrypted-dns -c /opt/encrypted-dns/encrypted-dns.toml
 WorkingDirectory=/opt/encrypted-dns/
 Restart=always
 RestartSec=10

 [Install]
 WantedBy=multi-user.target
 EOF'

 sudo systemctl enable encrypted-dns
	#!/usr/bin/env bash
	SERVER="$(hostname)"
	SERVER_HOST_V4="$(curl -4 -s 'https://api.ipengine.dev' \| jq -r '.network.ip')" \|\| SERVER_HOST_V4="$(ip route get 8.8.8.8 \| grep src \| sed 's/.src \(. \)/\1/g' \| cut -f1 -d ' ')"
	SERVER_HOST_V6="$(curl -6 -s 'https://api.ipengine.dev' \| jq -r '.network.ip')" \|\| SERVER_HOST_V6="$(ip -6 addr \| sed -ne 's\|^.* inet6 \([^/]\)/. scope global.*$\|\1\|p' \| head -1)"
	SSHPORT='22'
	DNSPORT='443'

	apt-get update && apt-get upgrade -y

	sed -ri -e "s/^#Port.\|^Port./Port $SSHPORT/" \
	-e 's/^#PrintMotd .*\|^PrintMotd no/PrintMotd yes/' /etc/ssh/sshd_config
	service sshd restart

	# Configure firewall
	apt install ufw -y
	ufw --force enable
	ufw allow "${SSHPORT}"/tcp
	ufw allow 443/tcp
	ufw allow 443/udp
	ufw allow 9100/tcp

	[ ! -d /etc/encrypted-dns/keys ] && mkdir -p /etc/encrypted-dns/keys

	#TODO: Print gathered info to confirm before deploying.
	# - Add checks

	docker run --name=dnscrypt-server -p "8443:443/udp" -p "8443:443/tcp" \
	--net=host --restart=unless-stopped \
	-v /etc/encrypted-dns/keys:/opt/encrypted-dns/etc/keys \
	-v /etc/encrypted-dns/lists:/opt/encrypted-dns/etc/lists \
	-v /etc/encrypted-dns/zones:/opt/unbound/etc/unbound/zones \
	jedisct1/dnscrypt-server init -A -N "w-ss.io" -E "159.65.63.76:8443,[2a03:b0c0:1:d0::e3f:1]:8443"
	# -T '0.0.0.0:4443' - Relay traffic. ex. webpage (Remove -A flag if uncommented as previously failed)
	cat /etc/encrypted-dns/keys/provider-info.txt

	docker run -d --name watchtower --restart=unless-stopped \
	-v /var/run/docker.sock:/var/run/docker.sock \
	v2tec/watchtower dnscrypt-server

	ln -sf /etc/encrypted-dns/keys /root
	#!/usr/bin/env bash

	sudo mkdir -p /opt/encrypted-dns
	cd /opt/encrypted-dns
	sudo wget https://github.com/jedisct1/encrypted-dns-server/releases/download/0.9.9/encrypted-dns_0.9.9_amd64.deb
	sudo dpkg -i encrypted-dns_0.._amd64.deb
	sudo cp /usr/share/doc/encrypted-dns/example-encrypted-dns.toml /opt/encrypted-dns/encrypted-dns.toml
	echo "Modify /opt/encrypted-dns/encrypted-dns.toml and run: sudo systemctl enable start encrypted-dns"

	sudo bash -c 'cat << EOF > /etc/systemd/system/encrypted-dns.service
	# /etc/systemd/system/dnscrypt-server.service
	[Unit]
	Description=DNSCrypt v2 server
	ConditionFileIsExecutable=/usr/bin/encrypted-dns
	After=syslog.target network-online.target

	[Service]
	StartLimitInterval=5
	StartLimitBurst=10
	ExecStart=/usr/bin/encrypted-dns -c /opt/encrypted-dns/encrypted-dns.toml
	WorkingDirectory=/opt/encrypted-dns/
	Restart=always
	RestartSec=10

	[Install]
	WantedBy=multi-user.target
	EOF'

	sudo systemctl enable encrypted-dns