project_tunnelfin/init.sh

#!/bin/bash

#Nginx Repo setup
sudo apt install -y curl gnupg2 ca-certificates lsb-release debian-archive-keyring git
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
sudo apt update

#Crowdsec Repo setup
curl -s https://install.crowdsec.net | sudo sh

#Package install
sudo apt install iptables rsyslog nginx crowdsec crowdsec-firewall-bouncer-iptables wireguard

#rsyslog setup
echo '*.* 10.0.100.34:514' | sudo tee /etc/rsyslog.conf
sudo systemctl enable rsyslog
sudo systemctl start rsyslog

#Crowdsec setup
sudo cscli console enroll -e context clz7m6x9o0003jo08v8g6lm0v

#Add authorized keys to user matthew
cp authorized_keys ~/.ssh/authorized_keys

#Start wireguard service
sudo systemctl enable --now wg-quick@wg0
new file: authorized_keys modified: init.sh 2024-07-29 19:03:50 -05:00			`#!/bin/bash`

			`#Nginx Repo setup`
			`sudo apt install -y curl gnupg2 ca-certificates lsb-release debian-archive-keyring git`
			`curl https://nginx.org/keys/nginx_signing.key \| gpg --dearmor \| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null`
			`gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg`
			echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" \| sudo tee /etc/apt/sources.list.d/nginx.list
			`sudo apt update`

			`#Crowdsec Repo setup`
			`curl -s https://install.crowdsec.net \| sudo sh`

			`#Package install`
			`sudo apt install iptables rsyslog nginx crowdsec crowdsec-firewall-bouncer-iptables wireguard`

			`#rsyslog setup`
			`echo '. 10.0.100.34:514' \| sudo tee /etc/rsyslog.conf`
			`sudo systemctl enable rsyslog`
			`sudo systemctl start rsyslog`

			`#Crowdsec setup`
			`sudo cscli console enroll -e context clz7m6x9o0003jo08v8g6lm0v`

			`#Add authorized keys to user matthew`
			`cp authorized_keys ~/.ssh/authorized_keys`

			`#Start wireguard service`
			`sudo systemctl enable --now wg-quick@wg0`