2024-07-29 19:03:50 -05:00
|
|
|
#!/bin/bash
|
|
|
|
|
2024-07-29 20:20:37 -05:00
|
|
|
#Run as normal user
|
|
|
|
|
|
|
|
|
|
|
|
#Wireguard config check
|
|
|
|
if [[ $(ls | grep 'wg0.conf') ]]; then
|
|
|
|
echo 'Wireguard config found continuing'
|
|
|
|
else
|
|
|
|
echo 'No Wireguard config found please place in home directory'
|
|
|
|
exit 78
|
|
|
|
fi
|
|
|
|
|
2024-07-29 19:03:50 -05:00
|
|
|
#Nginx Repo setup
|
2024-07-29 19:15:45 -05:00
|
|
|
echo '[#] Installing pre-requisites'
|
2024-07-29 19:40:33 -05:00
|
|
|
sudo apt install -y curl gnupg2 ca-certificates lsb-release debian-archive-keyring git > /dev/null
|
|
|
|
echo '[#] NGINX Repo setup'
|
2024-07-29 19:03:50 -05:00
|
|
|
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
|
2024-07-29 19:40:33 -05:00
|
|
|
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg > /dev/null
|
|
|
|
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list > /dev/null
|
2024-07-29 19:15:45 -05:00
|
|
|
echo '[#] Updating APT cache'
|
2024-07-29 19:40:33 -05:00
|
|
|
sudo apt update > /dev/null
|
2024-07-29 19:03:50 -05:00
|
|
|
|
|
|
|
#Crowdsec Repo setup
|
2024-07-29 19:15:45 -05:00
|
|
|
echo '[#] Crowdsec Repo setup'
|
2024-07-29 19:40:33 -05:00
|
|
|
curl -s https://install.crowdsec.net | sudo sh > /dev/null
|
2024-07-29 19:03:50 -05:00
|
|
|
|
|
|
|
#Package install
|
2024-07-29 19:15:45 -05:00
|
|
|
echo '[#] Installing packages'
|
2024-07-29 20:20:37 -05:00
|
|
|
sudo apt install -y iptables nginx crowdsec crowdsec-firewall-bouncer-iptables resolvconf wireguard avahi-daemon > /dev/null
|
2024-07-29 19:03:50 -05:00
|
|
|
|
|
|
|
#rsyslog setup
|
2024-07-29 19:15:45 -05:00
|
|
|
echo '[#] syslog forwarder setup'
|
2024-07-29 19:40:33 -05:00
|
|
|
sudo apt install -y rsyslog
|
2024-07-29 20:02:33 -05:00
|
|
|
echo '*.* @10.0.100.34:514' | sudo tee --append /etc/rsyslog.conf > /dev/null
|
2024-07-29 19:03:50 -05:00
|
|
|
sudo systemctl enable rsyslog
|
|
|
|
sudo systemctl start rsyslog
|
|
|
|
|
|
|
|
#Crowdsec setup
|
2024-07-29 19:15:45 -05:00
|
|
|
echo '[#] Enroling endpoint into Crowdsec console'
|
2024-07-29 19:03:50 -05:00
|
|
|
sudo cscli console enroll -e context clz7m6x9o0003jo08v8g6lm0v
|
|
|
|
|
|
|
|
#Add authorized keys to user matthew
|
2024-07-29 19:15:45 -05:00
|
|
|
echo '[#] Adding ssh keys'
|
|
|
|
mkdir ~/.ssh
|
|
|
|
curl http://git.lan.fisherhome.xyz/matthew/project_tunnelfin/raw/branch/main/authorized_keys > ~/.ssh/authorized_keys
|
2024-07-29 19:03:50 -05:00
|
|
|
|
|
|
|
#Start wireguard service
|
2024-07-29 19:15:45 -05:00
|
|
|
echo '[#] Starting Wireguard service'
|
2024-07-29 19:40:33 -05:00
|
|
|
sudo systemctl enable --now wg-quick@wg0
|
|
|
|
|
|
|
|
#Setup iptables
|
2024-07-29 20:52:17 -05:00
|
|
|
sudo iptables -A INPUT -i lo -j ACCEPT
|
|
|
|
sudo iptables -A OUTPUT -o lo -j ACCEPT
|
2024-07-29 19:40:33 -05:00
|
|
|
#iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
|
|
|
|
#iptables -A OUTPUT -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
|
|
|
|
#iptables -P INPUT DROP
|
|
|
|
#iptables -P OUTPUT DROP
|
|
|
|
|
2024-07-29 20:02:33 -05:00
|
|
|
#Setup Avahi
|
|
|
|
sudo systemctl start avahi-daemon
|
|
|
|
sudo systemctl enable avahi-daemon
|
|
|
|
|
2024-07-29 19:40:33 -05:00
|
|
|
#Setup Nginx
|
|
|
|
sudo apt install -y lua5.1 libnginx-mod-http-lua luarocks gettext-base lua-cjson
|
2024-07-29 20:02:33 -05:00
|
|
|
sudo apt install -y crowdsec-nginx-bouncer
|
2024-07-29 20:52:17 -05:00
|
|
|
curl http://git.lan.fisherhome.xyz/matthew/project_tunnelfin/raw/branch/main/ > /etc/nginx/conf.d/jellyfin.conf
|
|
|
|
sudo rm /etc/nginx/conf.d/default.conf
|
|
|
|
sudo systemctl restart nginx
|
|
|
|
sudo systemctl enable nginx
|
2024-07-29 20:02:33 -05:00
|
|
|
|
|
|
|
#Setup Telegraf
|
|
|
|
wget -q https://repos.influxdata.com/influxdata-archive_compat.key
|
|
|
|
echo '393e8779c89ac8d958f81f942f9ad7fb82a25e133faddaf92e15b16e6ac9ce4c influxdata-archive_compat.key' | sha256sum -c && cat influxdata-archive_compat.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg > /dev/null
|
|
|
|
echo 'deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg] https://repos.influxdata.com/debian stable main' | sudo tee /etc/apt/sources.list.d/influxdata.list
|
|
|
|
|
|
|
|
sudo apt-get update && sudo apt-get install telegraf
|