MattieTK/gist:8c18e201fbf03bec58ae3844c673d7c1

## gistfile1.txt
# Update Raspberry Pi OS
sudo apt update
sudo apt full-upgrade
sudo apt install linux-modules-extra-raspi
sudo reboot

#Setup eth0
sudo crontab -e
# Add line
@reboot dhclient -v

# Install and setup firewall (UFW)
sudo apt -y install ufw
sudo systemctl enable ufw
sudo systemctl start ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw limit XXXXX/tcp comment 'SSH port rate limit'
sudo ufw enable

# Setup fail2ban
sudo apt -y install fail2ban

# Setup automatic updates
sudo apt-get install -y unattended-upgrades apt-listchanges
sudo dpkg-reconfigure -plow unattended-upgrades

## Docker
# Uninstall previous
for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done
# Setup
sudo apt-get install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

 sudo apt-get update
 sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

 # Add Portainer
 curl -L https://downloads.portainer.io/ce2-18/portainer-agent-stack.yml -o portainer-agent-stack.yml
 docker stack deploy -c portainer-agent-stack.yml portainer

 # Add Tailscale
 curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/focal.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/focal.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list

sudo apt-get update
sudo apt-get install tailscale
	# Update Raspberry Pi OS
	sudo apt update
	sudo apt full-upgrade
	sudo apt install linux-modules-extra-raspi
	sudo reboot

	#Setup eth0
	sudo crontab -e
	# Add line
	@reboot dhclient -v

	# Install and setup firewall (UFW)
	sudo apt -y install ufw
	sudo systemctl enable ufw
	sudo systemctl start ufw
	sudo ufw default deny incoming
	sudo ufw default allow outgoing
	sudo ufw limit XXXXX/tcp comment 'SSH port rate limit'
	sudo ufw enable

	# Setup fail2ban
	sudo apt -y install fail2ban

	# Setup automatic updates
	sudo apt-get install -y unattended-upgrades apt-listchanges
	sudo dpkg-reconfigure -plow unattended-upgrades

	## Docker
	# Uninstall previous
	for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done
	# Setup
	sudo apt-get install ca-certificates curl gnupg
	sudo install -m 0755 -d /etc/apt/keyrings
	curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
	sudo chmod a+r /etc/apt/keyrings/docker.gpg

	echo \
	"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
	"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" \| \
	sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

	sudo apt-get update
	sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

	# Add Portainer
	curl -L https://downloads.portainer.io/ce2-18/portainer-agent-stack.yml -o portainer-agent-stack.yml
	docker stack deploy -c portainer-agent-stack.yml portainer

	# Add Tailscale
	curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/focal.noarmor.gpg \| sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
	curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/focal.tailscale-keyring.list \| sudo tee /etc/apt/sources.list.d/tailscale.list

	sudo apt-get update
	sudo apt-get install tailscale