project_tunnelfin/init.sh

77 lines
3.0 KiB
Bash
Raw Normal View History

#!/bin/bash
2024-07-29 20:20:37 -05:00
#Run as normal user
#Wireguard config check
if [[ $(ls | grep 'wg0.conf') ]]; then
echo 'Wireguard config found continuing'
else
echo 'No Wireguard config found please place in home directory'
exit 78
fi
#Nginx Repo setup
2024-07-29 19:15:45 -05:00
echo '[#] Installing pre-requisites'
2024-07-29 19:40:33 -05:00
sudo apt install -y curl gnupg2 ca-certificates lsb-release debian-archive-keyring git > /dev/null
echo '[#] NGINX Repo setup'
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
2024-07-29 19:40:33 -05:00
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list > /dev/null
2024-07-29 19:15:45 -05:00
echo '[#] Updating APT cache'
2024-07-29 19:40:33 -05:00
sudo apt update > /dev/null
#Crowdsec Repo setup
2024-07-29 19:15:45 -05:00
echo '[#] Crowdsec Repo setup'
2024-07-29 19:40:33 -05:00
curl -s https://install.crowdsec.net | sudo sh > /dev/null
#Package install
2024-07-29 19:15:45 -05:00
echo '[#] Installing packages'
2024-07-29 20:20:37 -05:00
sudo apt install -y iptables nginx crowdsec crowdsec-firewall-bouncer-iptables resolvconf wireguard avahi-daemon > /dev/null
#rsyslog setup
2024-07-29 19:15:45 -05:00
echo '[#] syslog forwarder setup'
2024-07-29 19:40:33 -05:00
sudo apt install -y rsyslog
2024-07-29 20:02:33 -05:00
echo '*.* @10.0.100.34:514' | sudo tee --append /etc/rsyslog.conf > /dev/null
sudo systemctl enable rsyslog
sudo systemctl start rsyslog
#Crowdsec setup
2024-07-29 19:15:45 -05:00
echo '[#] Enroling endpoint into Crowdsec console'
sudo cscli console enroll -e context clz7m6x9o0003jo08v8g6lm0v
#Add authorized keys to user matthew
2024-07-29 19:15:45 -05:00
echo '[#] Adding ssh keys'
mkdir ~/.ssh
curl http://git.lan.fisherhome.xyz/matthew/project_tunnelfin/raw/branch/main/authorized_keys > ~/.ssh/authorized_keys
#Start wireguard service
2024-07-29 19:15:45 -05:00
echo '[#] Starting Wireguard service'
2024-07-29 19:40:33 -05:00
sudo systemctl enable --now wg-quick@wg0
#Setup iptables
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
2024-07-29 19:40:33 -05:00
#iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
#iptables -A OUTPUT -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
#iptables -P INPUT DROP
#iptables -P OUTPUT DROP
2024-07-29 20:02:33 -05:00
#Setup Avahi
sudo systemctl start avahi-daemon
sudo systemctl enable avahi-daemon
2024-07-29 19:40:33 -05:00
#Setup Nginx
sudo apt install -y lua5.1 libnginx-mod-http-lua luarocks gettext-base lua-cjson
2024-07-29 20:02:33 -05:00
sudo apt install -y crowdsec-nginx-bouncer
curl http://git.lan.fisherhome.xyz/matthew/project_tunnelfin/raw/branch/main/ > /etc/nginx/conf.d/jellyfin.conf
sudo rm /etc/nginx/conf.d/default.conf
sudo systemctl restart nginx
sudo systemctl enable nginx
2024-07-29 20:02:33 -05:00
#Setup Telegraf
wget -q https://repos.influxdata.com/influxdata-archive_compat.key
echo '393e8779c89ac8d958f81f942f9ad7fb82a25e133faddaf92e15b16e6ac9ce4c influxdata-archive_compat.key' | sha256sum -c && cat influxdata-archive_compat.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg > /dev/null
echo 'deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg] https://repos.influxdata.com/debian stable main' | sudo tee /etc/apt/sources.list.d/influxdata.list
sudo apt-get update && sudo apt-get install telegraf