Ubuntu 16.04 ZEN Secure Nodes Automated Setup

Ubuntu 16.04 ZEN Secure Nodes Automated Setup.txt

#This script was written by REXOVAS to automate 90% of a ZEN Secure Node setup process for an IPv4 node.
#Parts of this script were adapted from a script by github user rnkhouse
#rnkhouse script found here: https://gist.github.com/rnkhouse/f7f04f0cb10b596e2c6623275968a220
#Prior to running this script, please ensure that you are not signed in as root, and have completed all steps up until the copying
#of authentication key pairs in this guide: https://blockoperations.com/build-zencash-secure-node-part-1-prepare-vps/

#This script performs all actions described in the 3 guides found on blockoperations.com.  It compiles zend from source.
#This script installs both Monit and PM2 and automatically configures monit to monitor zend.

#WARNING:  This script is intended for use by advanced Linux users.  Please read through this script thoroughly to ensure that
#          it performs no malicious activity, and completes only the tasks required to initialize a secure node.

# This script will not work 100% in Debian, as Debian will default to installing TLS certs in the root dir, when they are
# required to be in the user dir.  Only use this script in UBUNTU 16.04.

# REXOVAS:   contact@rexovas.com
# ZEN DONATION ADDRESS:  znfRdzcDB1oBDCk2ox7n9Syh2VybrmZfoP3

# INSTRUCTIONS:   Copy the contents of this script into a new file (replace <filename> with the name of the file)
#                 Run chmod +x <filename> to make the script executable
#                 Run sudo ./<filename>
#                 NOTE:  User input is required at various moments in the setup process.  Please monitor the process.

#!/usr/bin/env bash

# Quit on any error.
set -e
purpleColor='\033[0;95m'
normalColor='\033[0m'

# Set environment variables:
read -p "Enter FQDN (a.example.com): " FQDN
read -p "Enter required swap memory (4G): " SWAP
read -p "Enter Username (rexovas): " USER
read -p "Enter Email Address for Alerts (email@gmail.com): " EMAIL
read -p "Ensure the above inputs are as desired.  If not press ctrl+c and re-run script.  Otherwise press enter to continue " nil

######################################################
sudo timedatectl set-timezone 'America/New_York'

sudo apt update
sudo apt -y install git screen vim nmap ncdu busybox inxi links unzip python pwgen ufw

#########################FIREWALL############
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow ssh/tcp
sudo ufw limit ssh/tcp
sudo ufw allow http/tcp
sudo ufw allow https/tcp
sudo ufw allow 9033/tcp
#sudo ufw allow 19033/tcp
sudo ufw logging on
sudo ufw enable

#############################################
  sudo fallocate -l $SWAP /swapfile
  sudo chmod 600 /swapfile
  sudo mkswap /swapfile
  sudo swapon /swapfile
  sudo echo "/swapfile   none    swap    sw    0   0" >> /etc/fstab
  sudo echo "vm.swappiness=10" >> /etc/sysctl.conf

echo -e $purpleColor"Swapfile is done!"$normalColor

##########################################################
sudo apt -y install mailutils postfix
sudo echo "root: $EMAIL" >> /etc/aliases
sudo newaliases
sudo systemctl enable postfix
sudo systemctl restart postfix
echo "NEW NODE TEST" | mail -s "NEW NODE TEST" root

######################################################
sudo apt -y install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
##########################################
sudo apt -y install rkhunter
sudo rkhunter --propupd
#####################################################
sudo touch /home/$USER/update

sudo sh -c "echo '
#!/bin/bash
sudo apt update
sudo apt -y dist-upgrade
sudo apt -y autoremove
npm i -g npm
sudo rkhunter --propupd
' >> /home/$USER/update"

chmod +x update
#######################################################################
mkdir /home/$USER/zencash
cd zencash
git clone https://github.com/ZencashOfficial/zen.git
sudo apt -y install build-essential pkg-config libc6-dev m4 g++-multilib autoconf libtool ncurses-dev unzip git python zlib1g-dev wget bsdmainutils automake
cd zen
./zcutil/build.sh -j$(nproc)
./zcutil/fetch-params.sh

#sudo mv /root/.zcash-params /home/$USER/
#####################################################################################
sudo mkdir -p /home/$USER/.zen
sudo touch /home/$USER/.zen/zen.conf

RPC_USERNAME=$(pwgen -s 74 1)
RPC_PASSWORD=$(pwgen -s 74 1)

sudo sh -c "echo '
addnode=$FQDN
addnode=zennodes.network
rpcuser=$RPC_USERNAME
rpcpassword=$RPC_PASSWORD
rpcport=18231
rpcallowip=127.0.0.1
server=1
daemon=1
listen=1
txindex=1
logtimestamps=1
tlscertpath=/home/$USER/.acme.sh/$FQDN/$FQDN.cer
tlskeypath=/home/$USER/.acme.sh/$FQDN/$FQDN.key
testnet=0
' >> /home/$USER/.zen/zen.conf"

echo -e $purpleColor"zen.conf is done!"$normalColor

##########################################################################
sudo apt-get install monit
sudo touch /home/$USER/zencash/init_zen
sudo cat << EOF >> /home/$USER/zencash/init_zen
#!/bin/bash

PID_FILE='/home/$USER/.zen/zen_node.pid'

start() {
       touch \$PID_FILE
       eval "/bin/su $USER -c '/usr/bin/zend 2>&1 >> /dev/null'"
       PID=\$(ps aux | grep zend | grep -v grep | awk '{print \$2}')
       echo "Starting zend with PID \$PID"
       echo \$PID > \$PID_FILE
}
stop () {
       pkill zend
       rm \$PID_FILE
       echo "Stopping zend"
}

case \$1 in
    start)
       start
       ;;
    stop)  
       stop
       ;;
     *)  
       echo "usage: zend {start|stop}" ;;
 esac
 exit 0
EOF

sudo chown -R $USER: /home/$USER/zencash
chmod u+x /home/$USER/zencash/init_zen
sudo cat << EOF >> /etc/monit/monitrc
#added on setup for zend
set httpd port 2812
use address localhost # only accept connection from localhost
allow localhost # allow localhost to connect to the server
#
#zend process control
check process zend with pidfile /home/$USER/.zen/zen_node.pid
start program = "/home/$USER/zencash/init_zen start" with timeout 60 seconds
stop program = "/home/$USER/zencash/init_zen stop"
#
#email notifications using local postfix relay
set mailserver localhost
set mail-format { from: monit@$FQDN }
set alert $EMAIL	#receive all alerts
EOF

##################################################
cd /home/$USER
mkdir acme
sudo apt install socat
cd acme
git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh
./acme.sh --install
cd /home/$USER
sudo /home/$USER/.acme.sh/acme.sh --issue --standalone -d $FQDN

chown -R $USER: /home/$USER/.acme.sh

sudo mkdir /usr/share/ca-certificates/letsencrypt/
sudo cp /home/$USER/.acme.sh/$FQDN/ca.cer /usr/share/ca-certificates/letsencrypt/ca.crt

sudo dpkg-reconfigure ca-certificates

CRONCMD_ACME="6 0 * * * \"/home/$USER/.acme.sh\"/acme.sh --cron --home \"/home/$USER/.acme.sh\" > /dev/null" && (crontab -l | grep -v -F "$CRONCMD_ACME" ; echo "$CRONCMD_ACME") | crontab -

echo -e $purpleColor"certificates has been installed!"$normalColor
###################################################################

################################################################
sudo cp /home/$USER/zencash/zen/src/zend /usr/bin/
sudo cp /home/$USER/zencash/zen/src/zen-cli /usr/bin/
chown -R $USER: /home/$USER/.zen
sudo monit reload
sudo monit start zend

#sudo apt install curl
#curl -sL https://deb.nodesource.com/setup_8.x | sudo bash -
#sudo apt-get install -y nodejs
sudo apt-get install -y npm
sudo npm install -g n
sudo n 8.9
cd /home/$USER/zencash
git clone https://github.com/ZencashOfficial/secnodetracker.git
cd secnodetracker
npm install
sudo chown -R $USER: /home/$USER/zencash
npm install pm2 -g
pm2 kill
sudo chown -R $USER: /home/$USER/.pm2
node -v
npm -v

echo -e $purpleColor"Change /etc/monit/monitrc check frequency!"$normalColor
echo -e $purpleColor"sudo vim /etc/monit/monitrc 'Set daemon 120' change to 'Set daemon 10'"$normalColor
echo -e $purpleColor"sudo monit reload"$normalColor
echo -e $purpleColor"sudo monit start zend"$normalColor
echo -e $purpleColor"zen-cli getinfo to confirm blockchain is syncing"$normalColor
echo -e $purpleColor""$normalColor
echo -e $purpleColor"Navigate to '/home/$USER/zencash/secnodetracker' and run node setup"$normalColor
echo -e $purpleColor"Run pm2 startup"$normalColor
echo -e $purpleColor"Copy and paste the command that pm2 tells you to run"$normalColor
echo -e $purpleColor"Run pm2 start app.js --name secnodetracker"$normalColor
echo -e $purpleColor"Run pm2 save"$normalColor
echo -e $purpleColor"To monitor, type pm2 logs.  When finished press ctrl+c"$normalColor
echo -e $purpleColor"IMPORTANT: Verify secnodetracker runs on reboot: Reboot the server 'sudo reboot now', log back in, and run 'pm2 logs'"$normalColor
echo -e $purpleColor"Secnodetracker should be running"$normalColor
echo -e $purpleColor""$normalColor
echo -e $purpleColor""$normalColor
echo -e $purpleColor"REXOVAS:   contact@rexovas.com"$normalColor
echo -e $purpleColor"ZEN DONATION ADDRESS:  znfRdzcDB1oBDCk2ox7n9Syh2VybrmZfoP3"$normalColor

Is /home/$USER/zencash/zen/src used by anything? I think it should be deleted after the cp to clear up space.
Or just the whole /home/$USER/zencash/zen directory, if it's not being used.

Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
fallocate: no filename specified

How can I fix that?