johnwilson/flynn-online-net-install.sh

## flynn-online-net-install.sh
#!/usr/bin/env bash

#===========================================================
#
# Run this command:
#
#	sudo SERVERS="Space separated list of IPs" bash install.sh
#
#===========================================================


# Default software install
apt-get update
apt-get install -y vim
apt-get install -y unattended-upgrades
apt-get install -y fail2ban
apt-get install -y ufw
apt-get install -y curl

# Setup automatic updates
# create alias for easier downloads
AUTO_UPG_FILE="/etc/apt/apt.conf.d/20auto-upgrades"

/bin/cat <<EOM >$AUTO_UPG_FILE
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOM
chmod a+rx $AUTO_UPG_FILE


# Update ssh config file
sed -i -e 's/\#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
systemctl restart sshd


# Firewall settings
IFS=' ' read -r -a ips <<< "${SERVERS}"
sed -i -e 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/' /etc/default/ufw
ufw allow 22
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 3000:3500/tcp
ufw default deny incoming
ufw default allow outgoing

for element in "${ips[@]}"
do
	ufw allow from $element
done

ufw allow in on flynnbr0
ufw allow in on flannel.1
echo "y" | ufw enable

# Flynn install
curl -fsSL -o /tmp/install-flynn https://dl.flynn.io/install-flynn
bash /tmp/install-flynn --channel nightly
	#!/usr/bin/env bash

	#===========================================================
	#
	# Run this command:
	#
	# sudo SERVERS="Space separated list of IPs" bash install.sh
	#
	#===========================================================


	# Default software install
	apt-get update
	apt-get install -y vim
	apt-get install -y unattended-upgrades
	apt-get install -y fail2ban
	apt-get install -y ufw
	apt-get install -y curl

	# Setup automatic updates
	# create alias for easier downloads
	AUTO_UPG_FILE="/etc/apt/apt.conf.d/20auto-upgrades"

	/bin/cat <<EOM >$AUTO_UPG_FILE
	APT::Periodic::Update-Package-Lists "1";
	APT::Periodic::Download-Upgradeable-Packages "1";
	APT::Periodic::AutocleanInterval "7";
	APT::Periodic::Unattended-Upgrade "1";
	EOM
	chmod a+rx $AUTO_UPG_FILE


	# Update ssh config file
	sed -i -e 's/\#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
	systemctl restart sshd


	# Firewall settings
	IFS=' ' read -r -a ips <<< "${SERVERS}"
	sed -i -e 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/' /etc/default/ufw
	ufw allow 22
	ufw allow 80/tcp
	ufw allow 443/tcp
	ufw allow 3000:3500/tcp
	ufw default deny incoming
	ufw default allow outgoing

	for element in "${ips[@]}"
	do
	ufw allow from $element
	done

	ufw allow in on flynnbr0
	ufw allow in on flannel.1
	echo "y" \| ufw enable

	# Flynn install
	curl -fsSL -o /tmp/install-flynn https://dl.flynn.io/install-flynn
	bash /tmp/install-flynn --channel nightly