amanjuman

1. Open CMD as Administrator

2. Paste the following commands into the Cmd: One by one, follow the order.

 cscript slmgr.vbs /ipk "SERIAL NUMBER HERE"
 
 Replace SERIAL NUMBER HER with any of these, according your Windows 10 installation type.
          Home/Core                            TX9XD-98N7V-6WMQ6-BX7FG-H8Q99        
          Home/Core (Country Specific)         PVMJN-6DFY6-9CCP6-7BKTT-D3WVR  
          Home/Core (Single Language)          7HNRX-D7KGG-3K4RQ-4WPJ4-YTDFH  

amanjuman

server
{
	# Listen
	listen 80;
	listen [::]:80;
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	# Server Name and Alias
	server_name urbackup.example.com;

amanjuman

Install Packages

sudo apt install netplan.io openvswitch-switch

Configure Netplan

nano /etc/netplan/network.yaml

network:

amanjuman

deb http://deb.debian.org/debian/ bookworm main non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware

deb http://security.debian.org/debian-security bookworm-security main non-free-firmware
deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware

deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware

deb [arch=amd64 by-hash=yes signed-by=/usr/share/keyrings/3cx-archive-keyring.gpg] http://repo.3cx.com/debian/2001 bookworm main

amanjuman

### The original Author of this package had enabled CloudFlare JS verification. As a result, this automated script will not work.
### Therefore you have to download each package and install it manually.

## Change Directory
cd /tmp/

## Update opkg
opkg update

## If wget not installed already

amanjuman

## You need to remove the default dnsmasq package.
## If you remove straight, it will stop resolving DNS, and that is why we are going to use these following commands
opkg update; cd /tmp/ && opkg download dnsmasq-full; opkg install ipset libnettle8 libnetfilter-conntrack3;
opkg remove dnsmasq; opkg install dnsmasq-full --cache /tmp/; rm -f /tmp/dnsmasq-full*.ipk;

## Install wget if you don't have it.
## You can skip that if you can upload those files using SCP
## Check the official repo as those endpoints update frequently therefore change it accordingly
opkg install wget
wget https://downloads.sourceforge.net/project/v2raya/openwrt/v2raya.pub -O /etc/opkg/keys/94cc2a834fb0aa03

amanjuman

# Install Duplicity 

sudo apt-get update
sudo apt-get install duplicity duply python-boto screen

#Create a profile of backup.

duply backupfullserver create

#Generate Secure Password for GPG

amanjuman

Wireguard and iptables restrictions for multiple users

If you don't know what Wireguard is, well, you should. It's fast, easy to setup and highly configurable. We will configure Wireguard for multiple users with various restrictions using iptables.

Assumptions

This should fit most setups (not mine though 😉)

amanjuman

## Remove Existing Host Files
rm /etc/ssh/ssh_host_*

## Regenerate Host Files
ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ""
ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ""

## Enable Host Files
sed -i 's/^HostKey \/etc\/ssh\/ssh_host_\(dsa\|ecdsa\)_key$/\#HostKey \/etc\/ssh\/ssh_host_\1_key/g' /etc/ssh/sshd_config

amanjuman

## Seed
## xeob8mPP2VPHBXHCexEPGjOMdBKgQ7qCv2tRC6BXSfQ2ahAeEHC374OyOykUYCyRKU/n8Azv6cw6/MLwNZq9HSYEPfKNFTKhJG2vKZUmFNzc9RDzxya9Lp9VsE34P/tWL4EBO+c7an3Lvi9vXYI79uTbVMcdmNQP5ZrQ6AIZYwCc/N1jdM71muV4Vc94jY9aRsmQvC6bOrxgHlAcWrUw8irEbUNCg5xe5INpnCjbRSXnojisx07zmNDSQ5BUH4LXhRok/uIuGg5qqJaans+FegDc1+aN2L2cTlcefYjTJnMNIjzuPFBClbaAszDTcmQ7wjF7TdYZgJTd3V+754+RlQ==
## WireGuard Server Configuration
[Interface]
Address = 172.73.74.1/24
ListenPort = 12345
PrivateKey = wLgZoPI44SU67MXktUnRMNYz4WbLTYIWweX03cBXukQ=

## Allow communication between WireGuard peers and MASQUERADE traffic
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;