nullprop/debian
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Init

Browse source
This commit is contained in:
Lauri Räsänen 2025-04-27 01:19:08 +03:00
commit 58328a42d5
6 changed files with 89 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

19
full.sh Executable file
View file

@ -0,0 +1,19 @@
#!/bin/bash
set -euo pipefail
sudo apt update
sudo apt upgrade
sudo apt install -y \
btop \
fail2ban \
python3 \
python3-pip \
vim
./sshd.sh
./nginx.sh
./ufw.sh
./podman.sh
./unattended.sh

5
nginx.sh Executable file
View file

@ -0,0 +1,5 @@
#!/bin/bash
set -euo pipefail
sudo apt install -y nginx

8
podman.sh Executable file
View file

@ -0,0 +1,8 @@
#!/bin/bash
set -euo pipefail
sudo apt install -y podman
systemctl --user enable podman.socket
systemctl --user start podman.socket

10
sshd.sh Executable file
View file

@ -0,0 +1,10 @@
#!/bin/bash
set -euo pipefail
# TODO: just 'sed' the usual hardenings
sudo vim /etc/ssh/sshd_config
if ! sudo sshd -t; then
sudo systemctl restart sshd
fi

23
ufw.sh Executable file
View file

@ -0,0 +1,23 @@
#!/bin/bash
set -euo pipefail
sudo apt install -y ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
port=$(cat /etc/ssh/sshd_config | grep -o 'Port [0-9]*' | grep -o '[0-9]*')
sudo ufw allow "$port/tcp"
if ! which nginx; then
sudo ufw allow "Nginx Full"
fi
sudo ufw show added
read -p "Rules good? [y/N]: " prompt
if [[ $prompt == "y" ]]; then
sudo ufw enable
fi

24
unattended.sh Executable file
View file

@ -0,0 +1,24 @@
#!/bin/bash
set -euo pipefail
sudo apt install -y unattended-upgrades apt-listchanges
echo "/etc/apt/apt.conf.d/50unattended-upgrades:"
cat /etc/apt/apt.conf.d/50unattended-upgrades
read -p "Unattended update mail address: " mail
echo "Unattended-Upgrade::Mail \"$mail\";" >> /etc/apt/apt.conf.d/52unattended-upgrades-local
echo "Unattended-Upgrade::MailReport \"always\";" >> /etc/apt/apt.conf.d/52unattended-upgrades-local
echo "/etc/apt/apt.conf.d/52unattended-upgrades-local:"
cat /etc/apt/apt.conf.d/52unattended-upgrades-local
echo "/etc/apt/apt.conf.d/20auto-upgrades:"
cat /etc/apt/apt.conf.d/20auto-upgrades
read -p "Config good? [y/N]: " prompt
if [[ $prompt == "y" ]]; then
echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean true | debconf-set-selections
dpkg-reconfigure -f noninteractive unattended-upgrades
fi