djrobby/deploy.sh

## deploy.sh
#!/bin/bash

cat << EOF
#=============================================================================#
#                             Startup Boot Script                             #
# --------------------------------------------------------------------------- #
# Platform : Vultr VPS (Debian 9)                                             #
# Author   : KaiserKatze <donizyo@gmail.com>                                  #
# --------------------------------------------------------------------------- #
# This startup script is saved to `/tmp/firstboot.exec` after execution.      #
# Output produced can be found in `/tmp/firstboot.log`.                       #
# Scripts are executed using `/bin/bash` (Linux), `/bin/sh` (FreeBSD), etc.   #
#=============================================================================#
EOF

#=============================================================================#
# Variables
#=============================================================================#

NEW_USER_NAME=
NEW_SSH_PORT=
SHADOWSOCKS_PORT=
SHADOWSOCKS_PASSWORD=
SHADOWSOCKS_METHOD="xchacha20-ietf-poly1305"

#=============================================================================#
# Install apt packages
#=============================================================================#

# shadowsocks-libev
sh -c 'printf "deb http://deb.debian.org/debian stretch-backports main" > /etc/apt/sources.list.d/stretch-backports.list'
apt update
apt -t stretch-backports install shadowsocks-libev
# User permission management
apt install -y sudo
# Network analysis - nmap
apt install -y nmap
# DNS analysis - dig
apt install -y dnsutils
# Fire wall - ufw
apt install -y ufw
# Build essentials - gcc
apt install -y build-essential

#=============================================================================#
# Routines
#=============================================================================#

# Create new user
PATH_ROOT_DIR="/root"
PATH_HOME_DIR="/home/$NEW_USER_NAME"
# Add yourself as new user
useradd -m -d "$PATH_HOME_DIR" -s /bin/bash "$NEW_USER_NAME"
# Grant youself admin priviledges
usermod -aG sudo "$NEW_USER_NAME"
# Verify priviledges
groups "$NEW_USER_NAME"

# Setup SSH authorization
PATH_SSH_DIR="$PATH_HOME_DIR/.ssh"
PATH_SSH_AKEYS="$PATH_SSH_DIR/authorized_keys"
mkdir -p "$PATH_SSH_DIR"
chmod 600 "$PATH_SSH_DIR"
touch "$PATH_SSH_AKEYS"
# !!! TODO: Please fill in your public key !!!
cat > "$PATH_SSH_AKEYS" << EOF
EOF
chmod 700 "$PATH_SSH_AKEYS"

PATH_ROOT_APP_DIR="$PATH_ROOT_DIR/App"
mkdir -p "$PATH_ROOT_APP_DIR"
# Setup DenyHosts
# @see https://github.com/denyhosts/denyhosts
# @see http://denyhosts.sourceforge.net/
cd "$PATH_ROOT_APP_DIR"
git clone https://github.com/denyhosts/denyhosts.git
cd denyhosts
# WARNING:
# module `ipaddr` & `denyhosts` must be installed with root/sudo permission;
# in addition, they must be installed under python 2.x environment.
python -m pip install ipaddr
python setup.py install
FILE_DENYHOST_CONFIG="denyhosts.conf"
cp -t /etc "$FILE_DENYHOST_CONFIG"
cp daemon-control-dist daemon-control
# On my VPS instance (Debian 9), `denyhosts.py` is found in `/usr/local/bin/`
ln -s "/usr/local/bin/denyhosts.py" "/usr/sbin/denyhosts"
chown root daemon-control
chmod 700 daemon-control
python daemon-control start

# Setup `~/.bashrc`
# !!! TODO: Please fill in your .bashrc script !!!
cat > "$PATH_HOME_DIR/.bashrc" << EOF
EOF

# Ban root user
passwd -l root

# Configure sshd
PATH_SSHD_CONFIG="/etc/ssh/sshd_config"
# !!! TODO: Please fill in your sshd config !!!
cat > "$PATH_SSHD_CONFIG" << EOF
EOF
# Restart sshd
systemctl reload sshd

# Setup firewall
ufw limit "$NEW_SSH_PORT/tcp"
ufw allow "WWW Secure" # allows HTTPS, vital for nginx
ufw allow "$SHADOWSOCKS_PORT" # allows both tcp and udp traffic
ufw logging off
ufw enable
ufw status numbered

# Setup shadowsocks-libev service
PATH_SHADOWSOCKS_CONFIG="/etc/shadowsocks-libev/config.json"
cat > "$PATH_SHADOWSOCKS_CONFIG" << EOF
{
  "server":"0.0.0.0",
  "server_port":$SHADOWSOCKS_PORT,
  "local_port":1080,
  "password":"$SHADOWSOCKS_PASSWORD",
  "timeout":300,
  "method":"$SHADOWSOCKS_METHOD"
}
EOF
service shadowsocks-libev start
systemctl status shadowsocks-libev

# Web server
apt install -y nginx-full
# HTTPS certification
apt install -y certbot
# Setup Django server
python3 -m pip install django
python3 -m pip install uwsgi
# Setup Nodejs server
curl -sL https://deb.nodesource.com/setup_11.x | bash -
apt install -y nodejs


# FTP server
apt install -y vsftpd

# DNS server
apt install -y bind9
	#!/bin/bash

	cat << EOF
	#=============================================================================#
	# Startup Boot Script #
	# --------------------------------------------------------------------------- #
	# Platform : Vultr VPS (Debian 9) #
	# Author : KaiserKatze <donizyo@gmail.com> #
	# --------------------------------------------------------------------------- #
	# This startup script is saved to `/tmp/firstboot.exec` after execution. #
	# Output produced can be found in `/tmp/firstboot.log`. #
	# Scripts are executed using `/bin/bash` (Linux), `/bin/sh` (FreeBSD), etc. #
	#=============================================================================#
	EOF

	#=============================================================================#
	# Variables
	#=============================================================================#

	NEW_USER_NAME=
	NEW_SSH_PORT=
	SHADOWSOCKS_PORT=
	SHADOWSOCKS_PASSWORD=
	SHADOWSOCKS_METHOD="xchacha20-ietf-poly1305"

	#=============================================================================#
	# Install apt packages
	#=============================================================================#

	# shadowsocks-libev
	sh -c 'printf "deb http://deb.debian.org/debian stretch-backports main" > /etc/apt/sources.list.d/stretch-backports.list'
	apt update
	apt -t stretch-backports install shadowsocks-libev
	# User permission management
	apt install -y sudo
	# Network analysis - nmap
	apt install -y nmap
	# DNS analysis - dig
	apt install -y dnsutils
	# Fire wall - ufw
	apt install -y ufw
	# Build essentials - gcc
	apt install -y build-essential

	#=============================================================================#
	# Routines
	#=============================================================================#

	# Create new user
	PATH_ROOT_DIR="/root"
	PATH_HOME_DIR="/home/$NEW_USER_NAME"
	# Add yourself as new user
	useradd -m -d "$PATH_HOME_DIR" -s /bin/bash "$NEW_USER_NAME"
	# Grant youself admin priviledges
	usermod -aG sudo "$NEW_USER_NAME"
	# Verify priviledges
	groups "$NEW_USER_NAME"

	# Setup SSH authorization
	PATH_SSH_DIR="$PATH_HOME_DIR/.ssh"
	PATH_SSH_AKEYS="$PATH_SSH_DIR/authorized_keys"
	mkdir -p "$PATH_SSH_DIR"
	chmod 600 "$PATH_SSH_DIR"
	touch "$PATH_SSH_AKEYS"
	# !!! TODO: Please fill in your public key !!!
	cat > "$PATH_SSH_AKEYS" << EOF
	EOF
	chmod 700 "$PATH_SSH_AKEYS"

	PATH_ROOT_APP_DIR="$PATH_ROOT_DIR/App"
	mkdir -p "$PATH_ROOT_APP_DIR"
	# Setup DenyHosts
	# @see https://github.com/denyhosts/denyhosts
	# @see http://denyhosts.sourceforge.net/
	cd "$PATH_ROOT_APP_DIR"
	git clone https://github.com/denyhosts/denyhosts.git
	cd denyhosts
	# WARNING:
	# module `ipaddr` & `denyhosts` must be installed with root/sudo permission;
	# in addition, they must be installed under python 2.x environment.
	python -m pip install ipaddr
	python setup.py install
	FILE_DENYHOST_CONFIG="denyhosts.conf"
	cp -t /etc "$FILE_DENYHOST_CONFIG"
	cp daemon-control-dist daemon-control
	# On my VPS instance (Debian 9), `denyhosts.py` is found in `/usr/local/bin/`
	ln -s "/usr/local/bin/denyhosts.py" "/usr/sbin/denyhosts"
	chown root daemon-control
	chmod 700 daemon-control
	python daemon-control start

	# Setup `~/.bashrc`
	# !!! TODO: Please fill in your .bashrc script !!!
	cat > "$PATH_HOME_DIR/.bashrc" << EOF
	EOF

	# Ban root user
	passwd -l root

	# Configure sshd
	PATH_SSHD_CONFIG="/etc/ssh/sshd_config"
	# !!! TODO: Please fill in your sshd config !!!
	cat > "$PATH_SSHD_CONFIG" << EOF
	EOF
	# Restart sshd
	systemctl reload sshd

	# Setup firewall
	ufw limit "$NEW_SSH_PORT/tcp"
	ufw allow "WWW Secure" # allows HTTPS, vital for nginx
	ufw allow "$SHADOWSOCKS_PORT" # allows both tcp and udp traffic
	ufw logging off
	ufw enable
	ufw status numbered

	# Setup shadowsocks-libev service
	PATH_SHADOWSOCKS_CONFIG="/etc/shadowsocks-libev/config.json"
	cat > "$PATH_SHADOWSOCKS_CONFIG" << EOF
	{
	"server":"0.0.0.0",
	"server_port":$SHADOWSOCKS_PORT,
	"local_port":1080,
	"password":"$SHADOWSOCKS_PASSWORD",
	"timeout":300,
	"method":"$SHADOWSOCKS_METHOD"
	}
	EOF
	service shadowsocks-libev start
	systemctl status shadowsocks-libev

	# Web server
	apt install -y nginx-full
	# HTTPS certification
	apt install -y certbot
	# Setup Django server
	python3 -m pip install django
	python3 -m pip install uwsgi
	# Setup Nodejs server
	curl -sL https://deb.nodesource.com/setup_11.x \| bash -
	apt install -y nodejs


	# FTP server
	apt install -y vsftpd

	# DNS server
	apt install -y bind9