Madh93/DigitalOcean_Scripts.md

## DigitalOcean_Scripts.md

      
    Raw
  

              DigitalOcean_Scripts.md
            
          
    DigitalOcean scripts


Initial setup
Install Docker
Install Nextcloud
Install OpenVPN Server


## initial_setup.sh
#! /bin/bash

if [[ $EUID -ne 0 ]]; then
  echo "This script must be run as root" 2>&1
  exit 1
fi

MY_USER=migue

# Create user
adduser $MY_USER
gpasswd -a $MY_USER sudo

# Edit SSH configuration
cp -r /root/.ssh /home/$MY_USER
chown -R $MY_USER:$MY_USER /home/$MY_USER/.ssh
sed -i 's/PermitRootLogin/PermitRootLogin no#/g' /etc/ssh/sshd_config
sed -i 's/PasswordAuthentication/PasswordAuthentication no#/g' /etc/ssh/sshd_config
sed -i 's/X11Forwarding/X11Forwarding no#/g' /etc/ssh/sshd_config
sed -i 's/LoginGraceTime/LoginGraceTime 30#/g' /etc/ssh/sshd_config
echo "#" >> /etc/ssh/sshd_config
echo 'ClientAliveInterval 120' >> /etc/ssh/sshd_config
echo 'ClientAliveCountMax 2' >> /etc/ssh/sshd_config
echo 'MaxStartUps 3' >> /etc/ssh/sshd_config
echo 'AllowTcpForwarding no' >> /etc/ssh/sshd_config
systemctl restart ssh

# Set Time Zone
timedatectl set-timezone 'Atlantic/Canary'
systemctl restart rsyslog

# Update packages
apt update && apt upgrade -y && apt-get autoremove -y

# Install useful packages
apt install -y fail2ban htop curl

## install_docker.sh
#! /bin/bash

if [[ $EUID -ne 0 ]]; then
  echo "This script must be run as root" 2>&1
  exit 1
fi

MY_USER=migue

# Installing dependencies and add docker repository
apt update
apt install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

echo "deb [arch=amd64] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list

##Installing Docker
apt update && apt install -y docker-ce docker-ce-cli containerd.io

## After installing Docker
usermod -aG docker $MY_USER
systemctl enable docker

## install_nextcloud.sh
#! /bin/bash

# TODO
# - Add external storage (through web right now)

MY_ADMIN_USER='admin_user'
MY_ADMIN_PASSWORD='admin_password'
MY_USER='my_user'
MY_DOMAIN='my_domain'

# Install Nextcloud 13
sudo snap install nextcloud --channel=13/edge

# Initial setup configuration
sudo snap set nextcloud php.memory-limit=512M
sudo nextcloud.manual-install $MY_ADMIN_USER $MY_ADMIN_PASSWORD

# Extra configuration settings
sudo nextcloud.occ config:system:set auth.bruteforce.protection.enabled --value=true
sudo nextcloud.occ config:system:set trusted_domains 0 --value=$MY_DOMAIN
sudo nextcloud.enable-https lets-encrypt

# Install extra apps
sudo nextcloud.occ app:install apporder
sudo nextcloud.occ app:install bookmarks
sudo nextcloud.occ app:install bruteforcesettings
sudo nextcloud.occ app:install calendar
sudo nextcloud.occ app:install contacts
sudo nextcloud.occ app:install deck
sudo nextcloud.occ app:install files_markdown
sudo nextcloud.occ app:install music
sudo nextcloud.occ app:install tasks
sudo nextcloud.occ app:install twofactor_totp
sudo nextcloud.occ app:install twofactor_u2f
sudo nextcloud.occ app:install unsplash

# Enable extra apps
sudo nextcloud.occ app:enable files_external
sudo nextcloud.occ app:enable files_pdfviewer
sudo nextcloud.occ app:enable admin_audit
sudo nextcloud.occ app:enable encryption
sudo nextcloud.occ app:enable apporder
sudo nextcloud.occ app:enable bookmarks
sudo nextcloud.occ app:enable bruteforcesettings
sudo nextcloud.occ app:enable calendar
sudo nextcloud.occ app:enable contacts
sudo nextcloud.occ app:enable deck
sudo nextcloud.occ app:enable files_markdown
sudo nextcloud.occ app:enable music
sudo nextcloud.occ app:enable tasks
sudo nextcloud.occ app:enable twofactor_totp
sudo nextcloud.occ app:enable twofactor_u2f
sudo nextcloud.occ app:enable unsplash

# Enable server encryption
sudo nextcloud.occ encryption:enable

# Create users (customize disk quota through web)
sudo nextcloud.occ user:add --group="users" $MY_USER

## install_vpn.sh
#! /bin/bash

# Requirements: Docker
# Info: https://github.com/kylemanna/docker-openvpn

MY_NAME="my_name"
MY_DOMAIN="my_domain"
MY_VPN_CLIENTS=(client1 client2 client3)
OVPN_DATA="ovpn-data-$MY_NAME"

# Initial configuration to protect the private key
docker volume create --name $OVPN_DATA
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://$MY_DOMAIN
docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki

# Install systemd service
curl -L https://raw.githubusercontent.com/kylemanna/docker-openvpn/master/init/docker-openvpn%40.service | sudo tee /etc/systemd/system/docker-openvpn@.service

# Enable systemd service
sudo systemctl enable --now docker-openvpn@$MY_NAME.service

# Generate a client certificate
for client in "${MY_VPN_CLIENTS[@]}"; do
  docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full $MY_NAME-$client nopass
done

# Retrieve the client configuration with embedded certificates
for client in "${MY_VPN_CLIENTS[@]}"; do
  docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient $MY_NAME-$client > $MY_NAME-$client.ovpn
done
	#! /bin/bash

	if [[ $EUID -ne 0 ]]; then
	echo "This script must be run as root" 2>&1
	exit 1
	fi

	MY_USER=migue

	# Create user
	adduser $MY_USER
	gpasswd -a $MY_USER sudo

	# Edit SSH configuration
	cp -r /root/.ssh /home/$MY_USER
	chown -R $MY_USER:$MY_USER /home/$MY_USER/.ssh
	sed -i 's/PermitRootLogin/PermitRootLogin no#/g' /etc/ssh/sshd_config
	sed -i 's/PasswordAuthentication/PasswordAuthentication no#/g' /etc/ssh/sshd_config
	sed -i 's/X11Forwarding/X11Forwarding no#/g' /etc/ssh/sshd_config
	sed -i 's/LoginGraceTime/LoginGraceTime 30#/g' /etc/ssh/sshd_config
	echo "#" >> /etc/ssh/sshd_config
	echo 'ClientAliveInterval 120' >> /etc/ssh/sshd_config
	echo 'ClientAliveCountMax 2' >> /etc/ssh/sshd_config
	echo 'MaxStartUps 3' >> /etc/ssh/sshd_config
	echo 'AllowTcpForwarding no' >> /etc/ssh/sshd_config
	systemctl restart ssh

	# Set Time Zone
	timedatectl set-timezone 'Atlantic/Canary'
	systemctl restart rsyslog

	# Update packages
	apt update && apt upgrade -y && apt-get autoremove -y

	# Install useful packages
	apt install -y fail2ban htop curl
	#! /bin/bash

	# TODO
	# - Add external storage (through web right now)

	MY_ADMIN_USER='admin_user'
	MY_ADMIN_PASSWORD='admin_password'
	MY_USER='my_user'
	MY_DOMAIN='my_domain'

	# Install Nextcloud 13
	sudo snap install nextcloud --channel=13/edge

	# Initial setup configuration
	sudo snap set nextcloud php.memory-limit=512M
	sudo nextcloud.manual-install $MY_ADMIN_USER $MY_ADMIN_PASSWORD

	# Extra configuration settings
	sudo nextcloud.occ config:system:set auth.bruteforce.protection.enabled --value=true
	sudo nextcloud.occ config:system:set trusted_domains 0 --value=$MY_DOMAIN
	sudo nextcloud.enable-https lets-encrypt

	# Install extra apps
	sudo nextcloud.occ app:install apporder
	sudo nextcloud.occ app:install bookmarks
	sudo nextcloud.occ app:install bruteforcesettings
	sudo nextcloud.occ app:install calendar
	sudo nextcloud.occ app:install contacts
	sudo nextcloud.occ app:install deck
	sudo nextcloud.occ app:install files_markdown
	sudo nextcloud.occ app:install music
	sudo nextcloud.occ app:install tasks
	sudo nextcloud.occ app:install twofactor_totp
	sudo nextcloud.occ app:install twofactor_u2f
	sudo nextcloud.occ app:install unsplash

	# Enable extra apps
	sudo nextcloud.occ app:enable files_external
	sudo nextcloud.occ app:enable files_pdfviewer
	sudo nextcloud.occ app:enable admin_audit
	sudo nextcloud.occ app:enable encryption
	sudo nextcloud.occ app:enable apporder
	sudo nextcloud.occ app:enable bookmarks
	sudo nextcloud.occ app:enable bruteforcesettings
	sudo nextcloud.occ app:enable calendar
	sudo nextcloud.occ app:enable contacts
	sudo nextcloud.occ app:enable deck
	sudo nextcloud.occ app:enable files_markdown
	sudo nextcloud.occ app:enable music
	sudo nextcloud.occ app:enable tasks
	sudo nextcloud.occ app:enable twofactor_totp
	sudo nextcloud.occ app:enable twofactor_u2f
	sudo nextcloud.occ app:enable unsplash

	# Enable server encryption
	sudo nextcloud.occ encryption:enable

	# Create users (customize disk quota through web)
	sudo nextcloud.occ user:add --group="users" $MY_USER
	#! /bin/bash

	# Requirements: Docker
	# Info: https://github.com/kylemanna/docker-openvpn

	MY_NAME="my_name"
	MY_DOMAIN="my_domain"
	MY_VPN_CLIENTS=(client1 client2 client3)
	OVPN_DATA="ovpn-data-$MY_NAME"

	# Initial configuration to protect the private key
	docker volume create --name $OVPN_DATA
	docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://$MY_DOMAIN
	docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki

	# Install systemd service
	curl -L https://raw.githubusercontent.com/kylemanna/docker-openvpn/master/init/docker-openvpn%40.service \| sudo tee /etc/systemd/system/docker-openvpn@.service

	# Enable systemd service
	sudo systemctl enable --now docker-openvpn@$MY_NAME.service

	# Generate a client certificate
	for client in "${MY_VPN_CLIENTS[@]}"; do
	docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full $MY_NAME-$client nopass
	done

	# Retrieve the client configuration with embedded certificates
	for client in "${MY_VPN_CLIENTS[@]}"; do
	docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient $MY_NAME-$client > $MY_NAME-$client.ovpn
	done