diff --git a/Personal Server Scripts/serversetup.sh b/Personal Server Scripts/serversetup.sh new file mode 100644 index 0000000..a3fc707 --- /dev/null +++ b/Personal Server Scripts/serversetup.sh @@ -0,0 +1,605 @@ +#!/bin/bash +# Function to check and modify sources.list files +check_and_modify_sources() { + local file="$1" + if [ -f "$file" ]; then + if grep -q "^deb cdrom:" "$file" || grep -q "^deb \[arch=" "$file"; then + print_color "yellow" "CD-ROM or DVD entries found in $file. Commenting them out..." + sed -i '/^deb cdrom:/s/^/# /' "$file" + sed -i '/^deb \[arch=/s/^/# /' "$file" + print_color "green" "CD-ROM and DVD entries in $file have been commented out." + else + print_color "green" "No CD-ROM or DVD entries found in $file." + fi + fi +} +display_ascii_art() { + local art="$1" + echo "$art" +} +# Function to center text +center_text() { + local text="$1" + local width + width=$(tput cols) || return + local padding=$(( (width - ${#text}) / 2 )) + printf "%${padding}s%s\n" '' "$text" +} +# Function to print colored output +print_color() { + case $1 in + "green") echo -e "\e[32m$2\e[0m" ;; + "red") echo -e "\e[31m$2\e[0m" ;; + "yellow") echo -e "\e[33m$2\e[0m" ;; + esac + sleep 0.1 +} +# Function to prompt user for yes/no input +prompt_yes_no() { + while true; do + read -r -p "$1 (y/n): " yn + case $yn in + [Yy]*) return 0 ;; + [Nn]*) return 1 ;; + *) echo "Please answer yes or no." ;; + esac + done +} +# Function to show progress +show_progress() { + local pid=$1 + local delay=0.1 + local spinstr='⠋⠙⠹⠸⠼⠴⠦⠧⠇⠏' + local start_time=$(date +%s) + + printf " " + while ps -p "$pid" > /dev/null 2>&1; do + local temp=${spinstr#?} + printf "\r[%c] " "$spinstr" + local spinstr=$temp${spinstr%"$temp"} + sleep $delay + local current_time=$(date +%s) + local elapsed=$((current_time - start_time)) + printf "%02d:%02d" $((elapsed / 60)) $((elapsed % 60)) + done + printf "\r[✓] Done! \n" +} +#force scroll for after neoss install no idea why it hangs. +force_scroll() { + local lines=${1:-10} + for i in $(seq 1 $lines); do + echo + sleep 0.1 + done +} +# Complex ASCII art +complex_ascii_art=$(cat </dev/null; then + print_color "yellow" "No active package sources found. Adding a default source..." + echo "deb http://deb.debian.org/debian $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list +fi + +print_color "yellow" "Updating system..." +apt update > /tmp/apt_update.log 2>&1 & +update_pid=$! +show_progress $update_pid + +wait $update_pid +update_status=$? + +if [ $update_status -eq 0 ]; then + print_color "green" "Update completed successfully." +else + print_color "red" "Failed to update package lists. Here's the detailed error:" + cat /tmp/apt_update.log + exit 1 +fi + +print_color "yellow" "Upgrading system..." +DEBIAN_FRONTEND=noninteractive apt upgrade -y > /tmp/apt_upgrade.log 2>&1 & +upgrade_pid=$! +show_progress $upgrade_pid + +wait $upgrade_pid +upgrade_status=$? + +if [ $upgrade_status -eq 0 ]; then + print_color "green" "Upgrade completed successfully." +else + print_color "red" "Failed to upgrade packages. Here's the detailed error:" + cat /tmp/apt_upgrade.log + exit 1 +fi + +#--------------------- +# Installs Basic Tools +#--------------------- +essential_packages=("sudo" "net-tools" "wget" "curl" "git") +missing_packages=() +for package in "${essential_packages[@]}"; do + if ! command -v "$package" &>/dev/null; then + missing_packages+=("$package") + fi +done +if [ ${#missing_packages[@]} -ne 0 ]; then + print_color "yellow" "Installing missing basic packages: ${missing_packages[*]}" + (apt install -y "${missing_packages[@]}" >/dev/null 2>&1) & + show_progress $! + print_color "green" "Basic packages installed." +else + print_color "green" "All essential packages are already installed." +fi +# Ensure sudo is configured correctly +if ! grep -q "^%sudo" /etc/sudoers; then + print_color "yellow" "Configuring sudo..." + echo "%sudo ALL=(ALL:ALL) ALL" >>/etc/sudoers + print_color "green" "Sudo configured." +fi + +#---------------------- +# Set up non-root user +#---------------------- +if prompt_yes_no "Do you want to set up a new non-root user?"; then + read -r -p "Enter new username: " new_user + sudo adduser "$new_user" + sudo usermod -aG sudo "$new_user" + print_color "green" "User $new_user has been created and added to sudo group" +fi + +#--------------- +# SSH hardening +#--------------- +ssh_hardened=false +new_ssh_port="" +if prompt_yes_no "Do you want to harden SSH?"; then + print_color "yellow" "Configuring SSH..." + + # Backup original sshd_config + sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak + + # Change SSH port + while true; do + read -r -p "Enter new SSH port (default: 2222): " ssh_port + ssh_port=${ssh_port:-2222} + if [[ "$ssh_port" =~ ^[0-9]+$ ]] && [ "$ssh_port" -ge 1024 ] && [ "$ssh_port" -le 65535 ]; then + break + else + print_color "red" "Invalid port number. Please enter a number between 1024 and 65535." + fi + done + + # Apply SSH hardening configurations + sudo sed -i "s/^#Port 22/Port $ssh_port/" /etc/ssh/sshd_config + sudo sed -i 's/^#PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config + sudo sed -i 's/^#PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config + sudo sed -i 's/^#PubkeyAuthentication .*/PubkeyAuthentication yes/' /etc/ssh/sshd_config + + # Allow only the new user (assuming $new_user is set earlier in the script) + echo "AllowUsers $new_user" | sudo tee -a /etc/ssh/sshd_config > /dev/null + + print_color "yellow" "New SSH configuration:" + print_color "yellow" "Port: $ssh_port" + print_color "yellow" "Root login disabled" + print_color "yellow" "Password authentication disabled" + print_color "yellow" "Only user $new_user is allowed to login" + + # Test the new configuration + if sudo sshd -t -f /etc/ssh/sshd_config; then + print_color "green" "SSH configuration test passed." + + # Restart SSH service + if sudo systemctl is-active --quiet ssh; then + sudo systemctl restart ssh + print_color "green" "SSH service restarted." + else + print_color "yellow" "SSH service not found. You may need to restart it manually." + fi + + print_color "green" "SSH has been hardened. Check the end of the script for instructions on setting up an SSH key and logging in." + ssh_hardened=true + new_ssh_port=$ssh_port + else + print_color "red" "SSH configuration test failed. Reverting changes..." + sudo mv /etc/ssh/sshd_config.bak /etc/ssh/sshd_config + print_color "yellow" "Please check your SSH configuration manually" + fi +else + print_color "yellow" "Skipping SSH hardening." +fi +sleep 5 + +#------------- +# UFW setup +#------------- +if prompt_yes_no "Do you want to install and configure UFW?"; then + print_color "yellow" "Installing and configuring UFW..." + (apt install ufw -y >/dev/null 2>&1) & + show_progress $! + ufw default deny incoming >/dev/null 2>&1 + ufw default allow outgoing >/dev/null 2>&1 + ufw allow "$ssh_port"/tcp >/dev/null 2>&1 + ufw allow 80/tcp >/dev/null 2>&1 + ufw allow 443/tcp >/dev/null 2>&1 + echo "y" | ufw enable >/dev/null 2>&1 + print_color "green" "UFW has been installed and configured" +fi + +#--------------- +# Fail2Ban setup +#--------------- +if prompt_yes_no "Do you want to install and configure Fail2Ban?"; then + print_color "yellow" "Installing and configuring Fail2Ban..." + (apt install fail2ban -y >/dev/null 2>&1) & + show_progress $! + + # Create a custom jail configuration + cat </etc/fail2ban/jail.local +[DEFAULT] +bantime = 10m +findtime = 10m +maxretry = 5 + +# Avoid banning local network +ignoreip = 127.0.0.1/8 ::1 + +[sshd] +enabled = true +port = $ssh_port +logpath = %(sshd_log)s +backend = %(sshd_backend)s +EOF + systemctl enable fail2ban >/dev/null 2>&1 + systemctl start fail2ban >/dev/null 2>&1 + print_color "green" "Fail2Ban has been installed and configured" + print_color "yellow" "Default Fail2Ban settings:" + print_color "yellow" "- Ban time: 10 minutes" + print_color "yellow" "- Find time: 10 minutes" + print_color "yellow" "- Max retries: 5" + print_color "yellow" "- Ignored IP: localhost" + print_color "yellow" "You can adjust these settings in /etc/fail2ban/jail.local" +fi + + +#--------------- +# Install Nginx +#--------------- +if prompt_yes_no "Do you want to install Nginx?"; then + print_color "yellow" "Installing Nginx..." + (apt install nginx -y > /dev/null 2>&1) & + show_progress $! + systemctl enable nginx > /dev/null 2>&1 + systemctl start nginx > /dev/null 2>&1 + print_color "green" "Nginx has been installed and started" +fi + +#--------------- +# Install Docker +#--------------- +if prompt_yes_no "Do you want to install Docker?"; then + print_color "yellow" "Installing Docker using the official method..." + + # Uninstall old versions + print_color "yellow" "Removing old Docker versions if present..." + for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do + (sudo apt remove $pkg -y -qq > /dev/null 2>&1) & + show_progress $! + done + + # Update the apt package index + print_color "yellow" "Updating apt package index..." + (sudo apt update -qq > /dev/null 2>&1) & + show_progress $! + + # Install packages to allow apt to use a repository over HTTPS + print_color "yellow" "Installing required packages..." + (sudo apt install ca-certificates curl -y -qq > /dev/null 2>&1) & + show_progress $! + + # Add Docker's official GPG key + print_color "yellow" "Adding Docker's official GPG key..." + sudo install -m 0755 -d /etc/apt/keyrings + sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc + sudo chmod a+r /etc/apt/keyrings/docker.asc + + # Set up the repository + print_color "yellow" "Setting up the Docker repository..." + echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \ + $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ + sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + + # Update the apt package index again + print_color "yellow" "Updating apt package index..." + (sudo apt update -qq > /dev/null 2>&1) & + show_progress $! + + # Install Docker Engine, containerd, and Docker Compose + print_color "yellow" "Installing Docker Engine, containerd, and Docker Compose..." + (sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y -qq > /dev/null 2>&1) & + show_progress $! + + # Verify Docker installation + if docker --version > /dev/null 2>&1; then + print_color "green" "Docker has been successfully installed." + + # Add user to the docker group + print_color "yellow" "Adding $new_user to the docker group..." + sudo usermod -aG docker "$new_user" + + # Verify group membership + if id -nG "$new_user" | grep -qw "docker"; then + print_color "green" "$new_user has been successfully added to the docker group." + else + print_color "red" "Failed to add $new_user to the docker group. Please add manually with: sudo usermod -aG docker $new_user" + fi + + print_color "yellow" "Please log out and log back in for the group changes to take effect." + print_color "yellow" "After logging back in, you can verify Docker works without sudo by running: docker run hello-world" + else + print_color "red" "Docker installation seems to have failed. Please check the logs and try again." + fi +else + print_color "yellow" "Skipping Docker installation" +fi + +#------------------------- +# Install additional tools +#------------------------- +tools=("btop" "goaccess" "ncdu" "mc") +for tool in "${tools[@]}"; do + if prompt_yes_no "Do you want to install $tool?"; then + print_color "yellow" "Installing $tool..." + (apt install "$tool" -y > /dev/null 2>&1) & + show_progress $! + print_color "green" "$tool has been installed" + fi +done + +#-------------------------------- +# Install Node.js, npm, and Neoss +#-------------------------------- +if prompt_yes_no "Do you want to install Neoss? This requires Node.js and npm to be installed as well."; then + print_color "yellow" "Installing Node.js and npm..." + + # Download and run the NodeSource setup script + print_color "yellow" "Adding NodeSource repository..." + if curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash - > /dev/null 2>&1; then + print_color "green" "NodeSource repository added successfully." + else + print_color "red" "Failed to add NodeSource repository. Aborting Node.js installation." + return 1 + fi + + # Install Node.js (which includes npm) + print_color "yellow" "Installing Node.js and npm..." + if apt install -y nodejs > /dev/null 2>&1; then + print_color "green" "Node.js and npm installed successfully." + else + print_color "red" "Failed to install Node.js and npm. Please check your internet connection and try again." + return 1 + fi + + # Verify installation + if node --version > /dev/null 2>&1 && npm --version > /dev/null 2>&1; then + NODE_VERSION=$(node --version) + NPM_VERSION=$(npm --version) + print_color "green" "Node.js ${NODE_VERSION} and npm ${NPM_VERSION} have been successfully installed" + + # Install Neoss + print_color "yellow" "Installing Neoss..." + npm install -g neoss > /tmp/neoss_install.log 2>&1 & + install_pid=$! + show_progress $install_pid + + wait $install_pid + install_status=$? + + if [ $install_status -eq 0 ]; then + NEOSS_VERSION=$(neoss --version 2>/dev/null || echo "version unknown") + print_color "green" "Neoss installation successful." + print_color "green" "Version: ${NEOSS_VERSION}" + else + print_color "red" "Neoss installation failed. Error log:" + cat /tmp/neoss_install.log + print_color "red" "You can try to install it manually later with 'npm install -g neoss'." + fi + else + print_color "red" "Node.js and npm installation verification failed. Please check the installation manually." + return 1 + fi + + sleep 0.5 + force_scroll 5 +else + print_color "yellow" "Skipping Node.js, npm, and Neoss installation" +fi + +#------------------------ +# Configure log rotation +#------------------------ +if prompt_yes_no "Do you want to configure log rotation?"; then + print_color "yellow" "Configuring log rotation..." + + # Default settings + rotate_frequency="weekly" + rotate_count=4 + rotate_size="100M" + + if prompt_yes_no "Do you want to customize global log rotation settings?"; then + read -r -p "Enter rotation frequency (daily/weekly/monthly) [default: weekly]: " custom_frequency + rotate_frequency=${custom_frequency:-$rotate_frequency} + + read -r -p "Enter number of log files to keep [default: 4]: " custom_count + rotate_count=${custom_count:-$rotate_count} + + read -r -p "Enter max size of log file before rotation (e.g., 100M, 500M, 1G) [default: 100M]: " custom_size + rotate_size=${custom_size:-$rotate_size} + else + print_color "yellow" "Using default settings for global log rotation." + fi + + # Update global configuration + cat </etc/logrotate.conf +# Global log rotation settings +${rotate_frequency} +rotate ${rotate_count} +create +compress +dateext + +# Rotate log files larger than ${rotate_size} even before the scheduled rotation time +size ${rotate_size} + +include /etc/logrotate.d + +# System-specific logs may be configured here +EOF + + print_color "green" "Global log rotation has been configured with the following settings:" + print_color "yellow" "- Rotation frequency: ${rotate_frequency}" + print_color "yellow" "- Number of log files to keep: ${rotate_count}" + print_color "yellow" "- Max size before rotation: ${rotate_size}" + print_color "yellow" "You can further adjust these settings in /etc/logrotate.conf" + + # Nginx-specific configuration + if command -v nginx &>/dev/null || [ -d "/etc/nginx" ]; then + print_color "yellow" "Nginx installation detected." + if prompt_yes_no "Do you want to configure Nginx-specific log rotation?"; then + mkdir -p /etc/logrotate.d + cat </etc/logrotate.d/nginx +/var/log/nginx/*.log { + ${rotate_frequency} + missingok + rotate ${rotate_count} + compress + delaycompress + notifempty + create 0640 www-data adm + sharedscripts + maxsize ${rotate_size} + postrotate + if [ -f /var/run/nginx.pid ]; then + kill -USR1 \$(cat /var/run/nginx.pid) + fi + endscript +} +EOF + print_color "green" "Nginx-specific log rotation has been configured." + print_color "yellow" "Nginx log rotation configuration created at /etc/logrotate.d/nginx" + else + print_color "yellow" "Skipping Nginx-specific log rotation configuration." + fi + else + print_color "yellow" "Nginx installation not detected. Skipping Nginx-specific log rotation configuration." + fi + + # Docker-specific configuration + if command -v docker &>/dev/null; then + if prompt_yes_no "Docker is installed. Do you want to configure Docker-specific log rotation?"; then + mkdir -p /etc/docker + cat </etc/docker/daemon.json +{ + "log-driver": "json-file", + "log-opts": { + "max-size": "${rotate_size}", + "max-file": "${rotate_count}" + } +} +EOF + print_color "green" "Docker-specific log rotation has been configured." + print_color "yellow" "Note: You'll need to restart Docker for these changes to take effect." + if prompt_yes_no "Do you want to restart Docker now?"; then + systemctl restart docker + print_color "green" "Docker has been restarted." + else + print_color "yellow" "Please remember to restart Docker later for the log rotation changes to take effect." + fi + else + print_color "yellow" "Skipping Docker-specific log rotation configuration." + fi + fi + +else + print_color "yellow" "Skipping log rotation configuration." +fi + +#--------------- +# End of Script +#--------------- +if [ "$ssh_hardened" = true ]; then + print_color "yellow" "===== IMPORTANT: SSH KEY SETUP =====" + print_color "yellow" "SSH has been hardened. If you haven't set up an SSH key, do so before logging out!" + print_color "yellow" "Please test your SSH connection in a new terminal before closing this session." + print_color "yellow" "Follow these steps on your local machine:" + print_color "yellow" "1. Generate an SSH key:" + print_color "yellow" " ssh-keygen -t ed25519 -C 'your_email@example.com'" + print_color "yellow" "2. Copy the key to your server:" + print_color "yellow" " ssh-copy-id -i ~/.ssh/id_ed25519.pub -p $ssh_port $new_user@your_server_ip" + print_color "yellow" "3. Test your new key:" + print_color "yellow" " ssh -p $ssh_port $new_user@your_server_ip" + print_color "yellow" "4. If successful, run this script again to disable password authentication." + print_color "yellow" "If you can't connect, check your SSH configuration at /etc/ssh/sshd_config" + print_color "yellow" "=====================================" +fi + +print_color "green" "Server setup complete!" diff --git a/Personal Server Scripts/vaultwarden.sh b/Personal Server Scripts/vaultwarden.sh index baeaf73..89ffd08 100644 --- a/Personal Server Scripts/vaultwarden.sh +++ b/Personal Server Scripts/vaultwarden.sh @@ -1,58 +1,92 @@ #!/bin/bash -# Check if script is run as root -if [ "$EUID" -ne 0 ]; then - echo "This script must be run as root. Please use sudo or run as root." - exit 1 -fi - +# Function to show progress +show_progress() { + local pid=$1 + local delay=0.1 + local spinstr='⠋⠙⠹⠸⠼⠴⠦⠧⠇⠏' + local start_time=$(date +%s) + + printf " " + while ps -p "$pid" > /dev/null 2>&1; do + local temp=${spinstr#?} + printf "\r[%c] " "$spinstr" + local spinstr=$temp${spinstr%"$temp"} + sleep $delay + local current_time=$(date +%s) + local elapsed=$((current_time - start_time)) + printf "%02d:%02d" $((elapsed / 60)) $((elapsed % 60)) + done + printf "\r[✓] Done! \n" +} +# Function to print colored output +print_color() { + case $1 in + "green") echo -e "\e[32m$2\e[0m" ;; + "red") echo -e "\e[31m$2\e[0m" ;; + "yellow") echo -e "\e[33m$2\e[0m" ;; + esac + sleep 0.1 +} +# Function to center text +center_text() { + local text="$1" + local width + width=$(tput cols) || return + local padding=$(( (width - ${#text}) / 2 )) + printf "%${padding}s%s\n" '' "$text" +} # Function to install necessary packages install_dependencies() { - echo "Installing necessary packages..." - sudo apt update && apt upgrade -y - sudo apt install -y wget curl sudo + print_color "yellow" "Installing dependencies..." + (sudo apt update -q && sudo apt install -y -q wget curl sudo > /dev/null 2>&1) & + show_progress $! + print_color "green" "Dependencies installed successfully." } - # Function to create vaultwarden user if it doesn't exist create_vaultwarden_user() { if ! command -v useradd &> /dev/null; then - echo "useradd command not found. Installing..." - sudo apt install -y passwd + print_color "yellow" "useradd command not found. Installing..." + (sudo apt install -y passwd > /dev/null 2>&1) & + show_progress $! fi if ! id "vaultwarden" &>/dev/null; then - echo "Creating vaultwarden user..." - sudo useradd -r -s /bin/false vaultwarden - echo "Vaultwarden user created." + print_color "yellow" "Creating vaultwarden user..." + (sudo useradd -r -s /bin/false vaultwarden > /dev/null 2>&1) & + show_progress $! + print_color "green" "Vaultwarden user created successfully." else - echo "Vaultwarden user already exists." + print_color "green" "Vaultwarden user already exists." fi } - # Function to extract without Docker extract_without_docker() { - echo "Extracting binaries without Docker..." - mkdir -p vw-image - cd vw-image - if ! wget https://raw.githubusercontent.com/jjlin/docker-image-extract/main/docker-image-extract; then - echo "Failed to download docker-image-extract script. Exiting." + print_color "yellow" "Extracting Vaultwarden binaries..." + ( + mkdir -p vw-image + cd vw-image + wget -q https://raw.githubusercontent.com/jjlin/docker-image-extract/main/docker-image-extract + chmod +x docker-image-extract + ./docker-image-extract vaultwarden/server:latest-alpine + sudo mv output/vaultwarden /home/vaultwarden/ + sudo mv output/web-vault /home/vaultwarden/ + cd .. + rm -rf vw-image + sudo mkdir -p /home/vaultwarden/data + ) &> /dev/null & + show_progress $! + + if [ -f "/home/vaultwarden/vaultwarden" ] && [ -d "/home/vaultwarden/web-vault" ]; then + print_color "green" "Extraction complete." + else + print_color "red" "Extraction failed. Please check the logs and try again." exit 1 fi - chmod +x docker-image-extract - if ! ./docker-image-extract vaultwarden/server:latest-alpine; then - echo "Failed to extract Vaultwarden image. Exiting." - exit 1 - fi - sudo mv output/vaultwarden /home/vaultwarden/ || { echo "Failed to move vaultwarden binary. Exiting."; exit 1; } - sudo mv output/web-vault /home/vaultwarden/ || { echo "Failed to move web-vault. Exiting."; exit 1; } - cd .. - rm -rf vw-image - sudo mkdir -p /home/vaultwarden/data - echo "Extraction complete." } - # Create systemd service file create_systemd_service() { + print_color "yellow" "Creating systemd service file..." sudo tee /etc/systemd/system/vaultwarden.service > /dev/null << EOF [Unit] Description=Vaultwarden Server @@ -68,13 +102,14 @@ EnvironmentFile=/home/vaultwarden/.env [Install] WantedBy=multi-user.target EOF + print_color "green" "Systemd service file created successfully." } - # Function to create .env file create_env_file() { - echo "Setting up Vaultwarden configuration..." + print_color "yellow" "Setting up Vaultwarden configuration..." read -p "Enter domain name for Vaultwarden (e.g., vault.example.com): " DOMAIN + print_color "yellow" "Creating .env file..." sudo tee /home/vaultwarden/.env > /dev/null << EOF DOMAIN=https://$DOMAIN ROCKET_PORT=8000 @@ -82,28 +117,20 @@ DATA_FOLDER=/home/vaultwarden/data WEB_VAULT_FOLDER=/home/vaultwarden/web-vault EOF - sudo chown vaultwarden:vaultwarden /home/vaultwarden/.env - sudo chmod 600 /home/vaultwarden/.env + (sudo chown vaultwarden:vaultwarden /home/vaultwarden/.env && + sudo chmod 600 /home/vaultwarden/.env) & + show_progress $! + print_color "green" "Vaultwarden configuration file created successfully." } - -# Function to install Certbot -install_certbot() { - echo "Installing Certbot..." - sudo apt update - sudo apt install -y snapd - sudo snap install core - sudo snap refresh core - sudo snap install --classic certbot - sudo ln -s /snap/bin/certbot /usr/bin/certbot -} - # Function to set up Nginx setup_nginx() { if ! command -v nginx &> /dev/null; then - echo "Nginx not found. Installing..." - sudo apt update && sudo apt install -y nginx + print_color "yellow" "Nginx not found. Installing..." + (sudo apt update && sudo apt install -y nginx > /dev/null 2>&1) & + show_progress $! fi + print_color "yellow" "Configuring Nginx for Vaultwarden..." sudo tee /etc/nginx/sites-available/vaultwarden > /dev/null << EOF server { listen 80; @@ -121,82 +148,95 @@ EOF sudo ln -sf /etc/nginx/sites-available/vaultwarden /etc/nginx/sites-enabled/ - # Install Certbot before testing Nginx configuration - install_certbot - - # Now test and reload Nginx - sudo nginx -t && sudo systemctl reload nginx - - echo "Nginx configured." -}install_certbot() { - if ! command -v certbot &> /dev/null; then - echo "Installing Certbot..." - sudo apt update - sudo apt install -y certbot python3-certbot-nginx + print_color "yellow" "Testing Nginx configuration..." + if sudo nginx -t; then + (sudo systemctl reload nginx > /dev/null 2>&1) & + show_progress $! + print_color "green" "Nginx configured and reloaded successfully." else - echo "Certbot is already installed." + print_color "red" "Nginx configuration test failed. Please check your configuration." fi } - +# Function to install Certbot +install_certbot() { + print_color "yellow" "Installing Certbot..." + (sudo apt update && + sudo apt install -y snapd && + sudo snap install core && + sudo snap refresh core && + sudo snap install --classic certbot && + sudo ln -s /snap/bin/certbot /usr/bin/certbot) & + show_progress $! + print_color "green" "Certbot installed successfully." +} # Function to set up admin panel setup_admin_panel() { - echo "Setting up admin panel..." + print_color "yellow" "Setting up admin panel..." # Install argon2 if not already installed if ! command -v argon2 &> /dev/null; then - echo "Installing argon2..." - sudo apt update - sudo apt install -y argon2 + print_color "yellow" "Installing argon2..." + (sudo apt update && sudo apt install -y argon2 > /dev/null 2>&1) & + show_progress $! fi # Prompt for admin password read -sp "Enter the admin password: " admin_password echo + print_color "yellow" "Generating admin token..." # Generate argon2 hash admin_token=$(echo -n "$admin_password" | argon2 $(openssl rand -base64 32) -e -id -k 65540 -t 3 -p 4) # Append admin token to .env file - echo "ENABLE_ADMIN=true" | sudo tee -a /home/vaultwarden/.env > /dev/null - echo "ADMIN_TOKEN='$admin_token'" | sudo tee -a /home/vaultwarden/.env > /dev/null + print_color "yellow" "Updating .env file with admin token..." + (echo "ENABLE_ADMIN=true" | sudo tee -a /home/vaultwarden/.env > /dev/null + echo "ADMIN_TOKEN='$admin_token'" | sudo tee -a /home/vaultwarden/.env > /dev/null) & + show_progress $! - echo "Admin panel has been enabled." + print_color "green" "Admin panel has been enabled successfully." } -# Main script starts here - +#------------- +# Main script +#------------- +# Check if script is run as root +if [ "$EUID" -ne 0 ]; then + echo "This script must be run as root. Please use sudo or run as root." + exit 1 +fi # Welcome Message cat <<"EOF" -! -! ███████╗ ██████╗ ██╗ ██╗██████╗ █████╗ ███╗ ██╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗ ██████╗ █████╗ ██████╗██╗ ██╗ -! ██╔════╝██╔═══██╗██║ ██║██╔══██╗██╔══██╗████╗ ██║ ██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗ ██╔══██╗██╔══██╗██╔════╝██║ ██╔╝ -! ███████╗██║ ██║██║ ██║██████╔╝███████║██╔██╗ ██║ ███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝ ██████╔╝███████║██║ █████╔╝ -! ╚════██║██║ ██║╚██╗ ██╔╝██╔══██╗██╔══██║██║╚██╗██║ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗ ██╔═══╝ ██╔══██║██║ ██╔═██╗ -! ███████║╚██████╔╝ ╚████╔╝ ██║ ██║██║ ██║██║ ╚████║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║ ██║ ██║ ██║╚██████╗██║ ██╗ -! ╚══════╝ ╚═════╝ ╚═══╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝ -! +██╗ ██╗ █████╗ ██╗ ██╗██╗ ████████╗██╗ ██╗ █████╗ ██████╗ ██████╗ ███████╗███╗ ██╗ +██║ ██║██╔══██╗██║ ██║██║ ╚══██╔══╝██║ ██║██╔══██╗██╔══██╗██╔══██╗██╔════╝████╗ ██║ +██║ ██║███████║██║ ██║██║ ██║ ██║ █╗ ██║███████║██████╔╝██║ ██║█████╗ ██╔██╗ ██║ +╚██╗ ██╔╝██╔══██║██║ ██║██║ ██║ ██║███╗██║██╔══██║██╔══██╗██║ ██║██╔══╝ ██║╚██╗██║ + ╚████╔╝ ██║ ██║╚██████╔╝███████╗██║ ╚███╔███╔╝██║ ██║██║ ██║██████╔╝███████╗██║ ╚████║ + ╚═══╝ ╚═╝ ╚═╝ ╚═════╝ ╚══════╝╚═╝ ╚══╝╚══╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝ ╚══════╝╚═╝ ╚═══╝ + ███████╗███████╗████████╗██╗ ██╗██████╗ + ██╔════╝██╔════╝╚══██╔══╝██║ ██║██╔══██╗ + ███████╗█████╗ ██║ ██║ ██║██████╔╝ + ╚════██║██╔══╝ ██║ ██║ ██║██╔═══╝ + ███████║███████╗ ██║ ╚██████╔╝██║ + ╚══════╝╚══════╝ ╚═╝ ╚═════╝ ╚═╝ EOF - -echo "Thanks for using Enki's Vault Warden script" -echo "This script will install Vault Warden and add it to the system files so it can start at boot." -echo "This also sets up Nginx for your domain as an option." +echo +center_text "Created by Enki" +center_text "Thanks for using this Vaultwarden installation script" +center_text "This script will install Vaultwarden server and configure it to start at boot." +center_text "It can also set up the Vaultwarden web server on your domain." +echo +print_color "yellow" "Make sure you have pointed your domain to this server's IP address before proceeding if you are not installing localy." if [ -t 0 ]; then - echo "To continue, hit any key." + print_color "green" "Press any key to continue..." read -n 1 -s -r -p "" fi +echo -echo "Starting Vaultwarden installation..." - -# Install dependencies +print_color "green" "Starting Vaultwarden installation..." install_dependencies - -# Create vaultwarden user create_vaultwarden_user - -# Create vaultwarden directory sudo mkdir -p /home/vaultwarden - -# Extract Vaultwarden extract_without_docker # Create .env file @@ -206,46 +246,44 @@ create_env_file create_systemd_service # Set correct permissions -sudo chown -R vaultwarden:vaultwarden /home/vaultwarden +print_color "yellow" "Setting correct permissions..." +(sudo chown -R vaultwarden:vaultwarden /home/vaultwarden) & +show_progress $! +print_color "green" "Permissions set successfully." # Offer to set up Nginx read -p "Would you like to set up Nginx as a reverse proxy? (y/n) " setup_nginx_answer if [[ $setup_nginx_answer =~ ^[Yy]$ ]]; then setup_nginx + install_certbot + print_color "yellow" "You can set up SSL later by running: sudo certbot --nginx -d $DOMAIN" fi # Enable and start Vaultwarden service -sudo systemctl enable vaultwarden -sudo systemctl start vaultwarden +print_color "yellow" "Enabling and starting Vaultwarden service..." +(sudo systemctl enable vaultwarden && sudo systemctl start vaultwarden) & +show_progress $! +print_color "green" "Vaultwarden service enabled and started." -echo "Vaultwarden has been installed, configured, and started." -echo "Please ensure your firewall allows traffic on ports 80 and 443 (if using HTTPS)." -echo "If you didn't set up Nginx, make sure to allow traffic on port 8000 as well." +print_color "green" "Vaultwarden has been installed and configured." +print_color "yellow" "Please ensure your firewall allows traffic on ports 80 and 443 (if using HTTPS)." +print_color "yellow" "If you didn't set up Nginx, make sure to allow traffic on port 8000 as well." # Offer to set up admin panel read -p "Would you like to enable the admin panel? (y/n) " setup_admin_answer if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then setup_admin_panel # Restart Vaultwarden to apply changes - sudo systemctl restart vaultwarden + print_color "yellow" "Restarting Vaultwarden to apply changes..." + (sudo systemctl restart vaultwarden) & + show_progress $! + print_color "green" "Vaultwarden restarted successfully." fi - -if [[ $setup_nginx_answer =~ ^[Yy]$ ]]; then - echo "" - echo "IMPORTANT: SSL/HTTPS Setup Instructions" - echo "----------------------------------------" - echo "1. Ensure you have pointed your domain's A record to this server's IP address." - echo "2. Once DNS propagation is complete (this can take up to 48 hours but in most cases it only takes a few minutes), run the following command:" - echo " sudo certbot --nginx -d $DOMAIN" - echo "3. Follow the prompts to complete the SSL certificate installation." - echo "4. Certbot will automatically modify your Nginx configuration to use HTTPS." - echo "" - echo "For more information on using Certbot, visit: https://certbot.eff.org/" -fi - -if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then - echo "" - echo "Admin panel has been enabled. You can access it at https://$DOMAIN/admin" - echo "Use the password you provided to log in." +print_color "green" "Vaultwarden installation complete!" +if [[ $DOMAIN ]]; then + print_color "yellow" "You can access your Vaultwarden instance at: https://$DOMAIN" + if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then + print_color "yellow" "Admin panel is available at: https://$DOMAIN/admin" + fi fi \ No newline at end of file diff --git a/README.md b/README.md index 06b336b..d0b048c 100644 --- a/README.md +++ b/README.md @@ -12,18 +12,17 @@ # How to use these scripts ---------------------------- -These should work on most Debian based distros that use apt. +These should work on most Debian based distros. If you're using a GUI, then you can download the zip file. Unzip and open the folder. -Find the script (or set of scripts.) that you want to use right click, look for the permissions section and tick the "run as program" permission. -Right click on a folder select "Open in terminal" then type `ls` this will show whats in the folder +Find the script (or set of scripts.) that you want to use right click, look for the permissions section and tick the "run as program" permission. Right click on a folder select "Open in terminal" then type `ls` this will show whats in the folder then `sudo ./full_script_name.sh`. You might need to provide an admin password. If you are running 'headless' and dont have Git installed yet you can run : -`wget https://github.com/Enkimin/Sovran-Scripts/archive/main.tar.gz`\ +`wget https://git.sovbit.dev/Enki/sovran-scripts/archive/main.tar.gz`\ `tar -xzf main.tar.gz`\ `cd main`\ `ls`\ @@ -33,7 +32,7 @@ If you are running 'headless' and dont have Git installed yet you can run : If Git is installed use : -`git clone https://github.com/Enkimin/Sovran-Scripts.git`\ +`git clone https://git.sovbit.dev/Enki/sovran-scripts.git`\ `cd Sovran-Scripts`\ `ls`\ `cd folder_name`\ @@ -43,11 +42,8 @@ All the scripts need to be given permission to execute, you can do this with: `chmod +x scriptname.sh` --------------------------------------- +------------ ## Scripts - ### List of scripts and what they do --------------------------------------- - ------------ ## Bitcoin ------------ @@ -57,5 +53,8 @@ All the scripts need to be given permission to execute, you can do this with: ---------------------- ### Personal Server ---------------------- +### Server Setup +- This script does some basic server setup. It will harden SSH, setup a non-root user, install some basic tools, configure log rotation, install docker and nginx, and install UFW and Fail2Ban with some basic configuration. All optional wth user input for most configuration settings. + ### Vault Warden -- Installes and configures Vault Warden. Will also install nginx, certbot and add Vault Warden to systemd for easy managment. \ No newline at end of file +- Installs and configures Vault Warden. Will also install nginx, certbot and add Vault Warden to systemd for easy management. \ No newline at end of file