121 lines
5.1 KiB
Bash
121 lines
5.1 KiB
Bash
#!/bin/bash
|
|
RED="31"
|
|
GREEN="32"
|
|
BOLDGREEN="\e[1;${GREEN}m"
|
|
BOLDRED="\e[1;${RED}m"
|
|
ITALICGREEN="\e[3;${GREEN}m"
|
|
ITALICRED="\e[3;${RED}m"
|
|
ENDCOLOR="\e[0m"
|
|
WEBMIN=0
|
|
PIHOLE=0
|
|
if [ "$(whoami)" != "root" ]; then
|
|
SUDO=sudo
|
|
fi
|
|
#Installs sury's php repository
|
|
${SUDO} apt update
|
|
${SUDO} apt -y install apt-transport-https lsb-release ca-certificates vim curl sudo perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python certbot shared-mime-info fail2ban unzip git gpg
|
|
${SUDO} curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg
|
|
${SUDO} sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
|
${SUDO} apt update
|
|
read -p "Create user?(y/n)? " answer
|
|
case ${answer:0:1} in
|
|
y|Y )
|
|
read -p "Enter username " USERNAME
|
|
${SUDO} adduser --gecos "" $USERNAME
|
|
read -p "Should I add the new user to sudo group?(y/n)? " answer
|
|
case ${answer:0:1} in
|
|
y|Y )
|
|
${SUDO} usermod -aG sudo $USERNAME
|
|
echo Done
|
|
;;
|
|
* )
|
|
echo Ok, continuing....
|
|
;;
|
|
esac
|
|
;;
|
|
* )
|
|
echo Ok, continuing...
|
|
;;
|
|
esac
|
|
echo -e "${ITALICGREEN}Configuring timezone to Madrid....${ENDCOLOR}"
|
|
echo 'Europe/Madrid' | ${SUDO} tee /etc/timezone > /dev/null && ${SUDO} dpkg-reconfigure -f noninteractive tzdata > /dev/null
|
|
read -p "Install webmin?(y/n) " answer
|
|
case ${answer:0:1} in
|
|
y|Y )
|
|
${SUDO} sh -c 'echo "deb https://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list'
|
|
wget https://download.webmin.com/jcameron-key.asc
|
|
${SUDO} sudo gpg --dearmor jcameron-key.asc
|
|
${SUDO} sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys d97a3ae911f63c51
|
|
${SUDO} rm jcameron-key.asc
|
|
${SUDO} apt update && ${SUDO} apt install webmin && WEBMIN=1
|
|
read -p "Press enter to continue"
|
|
;;
|
|
* )
|
|
echo -e Webmin "${BOLDRED} NOT${ENDCOLOR}" installed
|
|
;;
|
|
esac
|
|
read -p "Install pihole?(y/n) " answer
|
|
case ${answer:0:1} in
|
|
y|Y )
|
|
git clone --depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole
|
|
cd "Pi-hole/automated install/"
|
|
bash basic-install.sh
|
|
pihole -a -p
|
|
read -p "Press enter to continue"
|
|
;;
|
|
* )
|
|
echo -e PiHole "${BOLDRED} NOT${ENDCOLOR} " installed
|
|
;;
|
|
esac
|
|
if [[ $WEBMIN != 0 ]];then
|
|
echo -e "${ITALICGREEN}Stopping Webmin${ENDCOLOR}"
|
|
${SUDO} systemctl stop webmin
|
|
${SUDO} certbot certonly --standalone
|
|
${SUDO} cat /etc/letsencrypt/live/$HOSTNAME/privkey.pem /etc/letsencrypt/live/$HOSTNAME/cert.pem | ${SUDO} tee /etc/letsencrypt/live/$HOSTNAME/combined.pem
|
|
rm /etc/webmin/miniserv.pem
|
|
${SUDO} ln -s /etc/letsencrypt/live/$HOSTNAME/combined.pem /etc/webmin/miniserv.pem
|
|
${SUDO} systemctl start webmin
|
|
else
|
|
#echo No
|
|
fi
|
|
if [[ -d "/etc/lighttpd" ]];then
|
|
read -p "Request let's encrypt certificate for lighttpd(y/n)" answer
|
|
case ${answer:0:1} in
|
|
y|Y )
|
|
echo -e "${ITALICGREEN}Stopping lighttpd${ENDCOLOR}"
|
|
${SUDO} systemctl stop lighttpd
|
|
${SUDO} echo '# /usr/share/doc/lighttpd/ssl.txt' > /etc/lighttpd/conf-available/10-ssl.conf
|
|
${SUDO} echo '$SERVER["socket"] == "0.0.0.0:443" {' >> /etc/lighttpd/conf-available/10-ssl.conf
|
|
${SUDO} echo ' ssl.engine = "enable"' >> /etc/lighttpd/conf-available/10-ssl.conf
|
|
${SUDO} echo " ssl.pemfile = \"/etc/letsencrypt/live/$HOSTNAME/combined.pem\"" >> /etc/lighttpd/conf-available/10-ssl.conf
|
|
${SUDO} echo " ssl.ca-file = \"/etc/letsencrypt/live/$HOSTNAME/fullchain.pem\"" >> /etc/lighttpd/conf-available/10-ssl.conf
|
|
${SUDO} echo ' ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"' >> /etc/lighttpd/conf-available/10-ssl.conf
|
|
${SUDO} echo ' ssl.honor-cipher-order = "enable"' >> /etc/lighttpd/conf-available/10-ssl.conf
|
|
${SUDO} echo ' ssl.use-sslv2 = "disable"' >> /etc/lighttpd/conf-available/10-ssl.conf
|
|
${SUDO} echo ' ssl.use-sslv3 = "disable"' >> /etc/lighttpd/conf-available/10-ssl.conf
|
|
${SUDO} echo '}' >> /etc/lighttpd/conf-available/10-ssl.conf
|
|
${SUDO} echo '$HTTP["scheme"] == "http" {' >> /etc/lighttpd/conf-available/10-ssl.conf
|
|
${SUDO} echo ' $HTTP["host"] =~ ".*" {' >> /etc/lighttpd/conf-available/10-ssl.conf
|
|
${SUDO} echo ' url.redirect = ("^/admin/.*" => "https://%0$0")' >> /etc/lighttpd/conf-available/10-ssl.conf
|
|
${SUDO} echo ' }' >> /etc/lighttpd/conf-available/10-ssl.conf
|
|
${SUDO} echo '}' >> /etc/lighttpd/conf-available/10-ssl.conf
|
|
${SUDO} ln -s /etc/lighttpd/conf-available/10-ssl.conf /etc/lighttpd/conf-enabled/
|
|
${SUDO} systemctl start lighttpd
|
|
;;
|
|
* )
|
|
echo -e SSL certificate was "${BOLDRED}NOT${ENDCOLOR}" installed
|
|
;;
|
|
esac
|
|
else
|
|
#echo No
|
|
fi
|
|
echo -e "${ITALICGREEN}PIVPN${ENDCOLOR}" is the simplest way to setup and manage a VPN
|
|
read -p "Install pivpn?(y/n) " answer
|
|
case ${answer:0:1} in
|
|
y|Y )
|
|
curl -L https://install.pivpn.io | bash
|
|
;;
|
|
* )
|
|
echo -e PiVPN "${BOLDRED} NOT${ENDCOLOR} " installed
|
|
;;
|
|
esac |