Server script addtion and update of vaultwarden script

This commit is contained in:
Enki 2024-08-16 15:40:11 -07:00
parent 8f42ce4425
commit 38e5391c51
3 changed files with 774 additions and 132 deletions

View File

@ -0,0 +1,605 @@
#!/bin/bash
# Function to check and modify sources.list files
check_and_modify_sources() {
local file="$1"
if [ -f "$file" ]; then
if grep -q "^deb cdrom:" "$file" || grep -q "^deb \[arch=" "$file"; then
print_color "yellow" "CD-ROM or DVD entries found in $file. Commenting them out..."
sed -i '/^deb cdrom:/s/^/# /' "$file"
sed -i '/^deb \[arch=/s/^/# /' "$file"
print_color "green" "CD-ROM and DVD entries in $file have been commented out."
else
print_color "green" "No CD-ROM or DVD entries found in $file."
fi
fi
}
display_ascii_art() {
local art="$1"
echo "$art"
}
# Function to center text
center_text() {
local text="$1"
local width
width=$(tput cols) || return
local padding=$(( (width - ${#text}) / 2 ))
printf "%${padding}s%s\n" '' "$text"
}
# Function to print colored output
print_color() {
case $1 in
"green") echo -e "\e[32m$2\e[0m" ;;
"red") echo -e "\e[31m$2\e[0m" ;;
"yellow") echo -e "\e[33m$2\e[0m" ;;
esac
sleep 0.1
}
# Function to prompt user for yes/no input
prompt_yes_no() {
while true; do
read -r -p "$1 (y/n): " yn
case $yn in
[Yy]*) return 0 ;;
[Nn]*) return 1 ;;
*) echo "Please answer yes or no." ;;
esac
done
}
# Function to show progress
show_progress() {
local pid=$1
local delay=0.1
local spinstr='⠋⠙⠹⠸⠼⠴⠦⠧⠇⠏'
local start_time=$(date +%s)
printf " "
while ps -p "$pid" > /dev/null 2>&1; do
local temp=${spinstr#?}
printf "\r[%c] " "$spinstr"
local spinstr=$temp${spinstr%"$temp"}
sleep $delay
local current_time=$(date +%s)
local elapsed=$((current_time - start_time))
printf "%02d:%02d" $((elapsed / 60)) $((elapsed % 60))
done
printf "\r[✓] Done! \n"
}
#force scroll for after neoss install no idea why it hangs.
force_scroll() {
local lines=${1:-10}
for i in $(seq 1 $lines); do
echo
sleep 0.1
done
}
# Complex ASCII art
complex_ascii_art=$(cat <<EOF
███████╗ ██████╗ ██╗ ██╗██████╗ █████╗ ███╗ ██╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗ ██████╗ █████╗ ██████╗██╗ ██╗
██╔════╝██╔═══██╗██║ ██║██╔══██╗██╔══██╗████╗ ██║ ██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗ ██╔══██╗██╔══██╗██╔════╝██║ ██╔╝
███████╗██║ ██║██║ ██║██████╔╝███████║██╔██╗ ██║ ███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝ ██████╔╝███████║██║ █████╔╝
╚════██║██║ ██║╚██╗ ██╔╝██╔══██╗██╔══██║██║╚██╗██║ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗ ██╔═══╝ ██╔══██║██║ ██╔═██╗
███████║╚██████╔╝ ╚████╔╝ ██║ ██║██║ ██║██║ ╚████║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║ ██║ ██║ ██║╚██████╗██║ ██╗
╚══════╝ ╚═════╝ ╚═══╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝
EOF
)
# Simple ASCII art
simple_ascii_art=$(cat <<'EOF'
____ ____ ___ __
/ __/__ _ _________ ____ / __/__ _____ _____ ____ / _ \___ _____/ /__
_\ \/ _ \ |/ / __/ _ `/ _ \ _\ \/ -_) __/ |/ / -_) __/ / ___/ _ `/ __/ '_/
/___/\___/___/_/ \_,_/_//_/ /___/\__/_/ |___/\__/_/ /_/ \_,_/\__/_/\_\
EOF
)
#-------------
# Main Script
#-------------
# Check if script is run as root
if [[ $EUID -ne 0 ]]; then
print_color "red" "This script must be run as root"
exit 1
fi
if [ "$1" = "simple" ] || [ "$USE_SIMPLE_ART" = "true" ]; then
selected_art="$simple_ascii_art"
else
# Check terminal width
if [ "$(tput cols)" -ge 100 ]; then
selected_art="$complex_ascii_art"
else
selected_art="$simple_ascii_art"
fi
fi
clear
echo
display_ascii_art "$selected_art"
echo
center_text "Created by Enki"
center_text "Thanks for using this server setup script"
center_text "This script will walk you through some basic server setup and configuration."
echo
print_color "green" "Starting server setup..."
sleep 5
#--------------------
# Update and upgrade
#--------------------
print_color "yellow" "Checking and updating package sources..."
# Check main sources.list and all files in sources.list.d
check_and_modify_sources "/etc/apt/sources.list"
for file in /etc/apt/sources.list.d/*.list; do
check_and_modify_sources "$file"
done
# Ensure that at least one valid source is present
if ! grep -qE '^deb ' /etc/apt/sources.list /etc/apt/sources.list.d/*.list 2>/dev/null; then
print_color "yellow" "No active package sources found. Adding a default source..."
echo "deb http://deb.debian.org/debian $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list
fi
print_color "yellow" "Updating system..."
apt update > /tmp/apt_update.log 2>&1 &
update_pid=$!
show_progress $update_pid
wait $update_pid
update_status=$?
if [ $update_status -eq 0 ]; then
print_color "green" "Update completed successfully."
else
print_color "red" "Failed to update package lists. Here's the detailed error:"
cat /tmp/apt_update.log
exit 1
fi
print_color "yellow" "Upgrading system..."
DEBIAN_FRONTEND=noninteractive apt upgrade -y > /tmp/apt_upgrade.log 2>&1 &
upgrade_pid=$!
show_progress $upgrade_pid
wait $upgrade_pid
upgrade_status=$?
if [ $upgrade_status -eq 0 ]; then
print_color "green" "Upgrade completed successfully."
else
print_color "red" "Failed to upgrade packages. Here's the detailed error:"
cat /tmp/apt_upgrade.log
exit 1
fi
#---------------------
# Installs Basic Tools
#---------------------
essential_packages=("sudo" "net-tools" "wget" "curl" "git")
missing_packages=()
for package in "${essential_packages[@]}"; do
if ! command -v "$package" &>/dev/null; then
missing_packages+=("$package")
fi
done
if [ ${#missing_packages[@]} -ne 0 ]; then
print_color "yellow" "Installing missing basic packages: ${missing_packages[*]}"
(apt install -y "${missing_packages[@]}" >/dev/null 2>&1) &
show_progress $!
print_color "green" "Basic packages installed."
else
print_color "green" "All essential packages are already installed."
fi
# Ensure sudo is configured correctly
if ! grep -q "^%sudo" /etc/sudoers; then
print_color "yellow" "Configuring sudo..."
echo "%sudo ALL=(ALL:ALL) ALL" >>/etc/sudoers
print_color "green" "Sudo configured."
fi
#----------------------
# Set up non-root user
#----------------------
if prompt_yes_no "Do you want to set up a new non-root user?"; then
read -r -p "Enter new username: " new_user
sudo adduser "$new_user"
sudo usermod -aG sudo "$new_user"
print_color "green" "User $new_user has been created and added to sudo group"
fi
#---------------
# SSH hardening
#---------------
ssh_hardened=false
new_ssh_port=""
if prompt_yes_no "Do you want to harden SSH?"; then
print_color "yellow" "Configuring SSH..."
# Backup original sshd_config
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
# Change SSH port
while true; do
read -r -p "Enter new SSH port (default: 2222): " ssh_port
ssh_port=${ssh_port:-2222}
if [[ "$ssh_port" =~ ^[0-9]+$ ]] && [ "$ssh_port" -ge 1024 ] && [ "$ssh_port" -le 65535 ]; then
break
else
print_color "red" "Invalid port number. Please enter a number between 1024 and 65535."
fi
done
# Apply SSH hardening configurations
sudo sed -i "s/^#Port 22/Port $ssh_port/" /etc/ssh/sshd_config
sudo sed -i 's/^#PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config
sudo sed -i 's/^#PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo sed -i 's/^#PubkeyAuthentication .*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
# Allow only the new user (assuming $new_user is set earlier in the script)
echo "AllowUsers $new_user" | sudo tee -a /etc/ssh/sshd_config > /dev/null
print_color "yellow" "New SSH configuration:"
print_color "yellow" "Port: $ssh_port"
print_color "yellow" "Root login disabled"
print_color "yellow" "Password authentication disabled"
print_color "yellow" "Only user $new_user is allowed to login"
# Test the new configuration
if sudo sshd -t -f /etc/ssh/sshd_config; then
print_color "green" "SSH configuration test passed."
# Restart SSH service
if sudo systemctl is-active --quiet ssh; then
sudo systemctl restart ssh
print_color "green" "SSH service restarted."
else
print_color "yellow" "SSH service not found. You may need to restart it manually."
fi
print_color "green" "SSH has been hardened. Check the end of the script for instructions on setting up an SSH key and logging in."
ssh_hardened=true
new_ssh_port=$ssh_port
else
print_color "red" "SSH configuration test failed. Reverting changes..."
sudo mv /etc/ssh/sshd_config.bak /etc/ssh/sshd_config
print_color "yellow" "Please check your SSH configuration manually"
fi
else
print_color "yellow" "Skipping SSH hardening."
fi
sleep 5
#-------------
# UFW setup
#-------------
if prompt_yes_no "Do you want to install and configure UFW?"; then
print_color "yellow" "Installing and configuring UFW..."
(apt install ufw -y >/dev/null 2>&1) &
show_progress $!
ufw default deny incoming >/dev/null 2>&1
ufw default allow outgoing >/dev/null 2>&1
ufw allow "$ssh_port"/tcp >/dev/null 2>&1
ufw allow 80/tcp >/dev/null 2>&1
ufw allow 443/tcp >/dev/null 2>&1
echo "y" | ufw enable >/dev/null 2>&1
print_color "green" "UFW has been installed and configured"
fi
#---------------
# Fail2Ban setup
#---------------
if prompt_yes_no "Do you want to install and configure Fail2Ban?"; then
print_color "yellow" "Installing and configuring Fail2Ban..."
(apt install fail2ban -y >/dev/null 2>&1) &
show_progress $!
# Create a custom jail configuration
cat <<EOF >/etc/fail2ban/jail.local
[DEFAULT]
bantime = 10m
findtime = 10m
maxretry = 5
# Avoid banning local network
ignoreip = 127.0.0.1/8 ::1
[sshd]
enabled = true
port = $ssh_port
logpath = %(sshd_log)s
backend = %(sshd_backend)s
EOF
systemctl enable fail2ban >/dev/null 2>&1
systemctl start fail2ban >/dev/null 2>&1
print_color "green" "Fail2Ban has been installed and configured"
print_color "yellow" "Default Fail2Ban settings:"
print_color "yellow" "- Ban time: 10 minutes"
print_color "yellow" "- Find time: 10 minutes"
print_color "yellow" "- Max retries: 5"
print_color "yellow" "- Ignored IP: localhost"
print_color "yellow" "You can adjust these settings in /etc/fail2ban/jail.local"
fi
#---------------
# Install Nginx
#---------------
if prompt_yes_no "Do you want to install Nginx?"; then
print_color "yellow" "Installing Nginx..."
(apt install nginx -y > /dev/null 2>&1) &
show_progress $!
systemctl enable nginx > /dev/null 2>&1
systemctl start nginx > /dev/null 2>&1
print_color "green" "Nginx has been installed and started"
fi
#---------------
# Install Docker
#---------------
if prompt_yes_no "Do you want to install Docker?"; then
print_color "yellow" "Installing Docker using the official method..."
# Uninstall old versions
print_color "yellow" "Removing old Docker versions if present..."
for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do
(sudo apt remove $pkg -y -qq > /dev/null 2>&1) &
show_progress $!
done
# Update the apt package index
print_color "yellow" "Updating apt package index..."
(sudo apt update -qq > /dev/null 2>&1) &
show_progress $!
# Install packages to allow apt to use a repository over HTTPS
print_color "yellow" "Installing required packages..."
(sudo apt install ca-certificates curl -y -qq > /dev/null 2>&1) &
show_progress $!
# Add Docker's official GPG key
print_color "yellow" "Adding Docker's official GPG key..."
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Set up the repository
print_color "yellow" "Setting up the Docker repository..."
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# Update the apt package index again
print_color "yellow" "Updating apt package index..."
(sudo apt update -qq > /dev/null 2>&1) &
show_progress $!
# Install Docker Engine, containerd, and Docker Compose
print_color "yellow" "Installing Docker Engine, containerd, and Docker Compose..."
(sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y -qq > /dev/null 2>&1) &
show_progress $!
# Verify Docker installation
if docker --version > /dev/null 2>&1; then
print_color "green" "Docker has been successfully installed."
# Add user to the docker group
print_color "yellow" "Adding $new_user to the docker group..."
sudo usermod -aG docker "$new_user"
# Verify group membership
if id -nG "$new_user" | grep -qw "docker"; then
print_color "green" "$new_user has been successfully added to the docker group."
else
print_color "red" "Failed to add $new_user to the docker group. Please add manually with: sudo usermod -aG docker $new_user"
fi
print_color "yellow" "Please log out and log back in for the group changes to take effect."
print_color "yellow" "After logging back in, you can verify Docker works without sudo by running: docker run hello-world"
else
print_color "red" "Docker installation seems to have failed. Please check the logs and try again."
fi
else
print_color "yellow" "Skipping Docker installation"
fi
#-------------------------
# Install additional tools
#-------------------------
tools=("btop" "goaccess" "ncdu" "mc")
for tool in "${tools[@]}"; do
if prompt_yes_no "Do you want to install $tool?"; then
print_color "yellow" "Installing $tool..."
(apt install "$tool" -y > /dev/null 2>&1) &
show_progress $!
print_color "green" "$tool has been installed"
fi
done
#--------------------------------
# Install Node.js, npm, and Neoss
#--------------------------------
if prompt_yes_no "Do you want to install Neoss? This requires Node.js and npm to be installed as well."; then
print_color "yellow" "Installing Node.js and npm..."
# Download and run the NodeSource setup script
print_color "yellow" "Adding NodeSource repository..."
if curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash - > /dev/null 2>&1; then
print_color "green" "NodeSource repository added successfully."
else
print_color "red" "Failed to add NodeSource repository. Aborting Node.js installation."
return 1
fi
# Install Node.js (which includes npm)
print_color "yellow" "Installing Node.js and npm..."
if apt install -y nodejs > /dev/null 2>&1; then
print_color "green" "Node.js and npm installed successfully."
else
print_color "red" "Failed to install Node.js and npm. Please check your internet connection and try again."
return 1
fi
# Verify installation
if node --version > /dev/null 2>&1 && npm --version > /dev/null 2>&1; then
NODE_VERSION=$(node --version)
NPM_VERSION=$(npm --version)
print_color "green" "Node.js ${NODE_VERSION} and npm ${NPM_VERSION} have been successfully installed"
# Install Neoss
print_color "yellow" "Installing Neoss..."
npm install -g neoss > /tmp/neoss_install.log 2>&1 &
install_pid=$!
show_progress $install_pid
wait $install_pid
install_status=$?
if [ $install_status -eq 0 ]; then
NEOSS_VERSION=$(neoss --version 2>/dev/null || echo "version unknown")
print_color "green" "Neoss installation successful."
print_color "green" "Version: ${NEOSS_VERSION}"
else
print_color "red" "Neoss installation failed. Error log:"
cat /tmp/neoss_install.log
print_color "red" "You can try to install it manually later with 'npm install -g neoss'."
fi
else
print_color "red" "Node.js and npm installation verification failed. Please check the installation manually."
return 1
fi
sleep 0.5
force_scroll 5
else
print_color "yellow" "Skipping Node.js, npm, and Neoss installation"
fi
#------------------------
# Configure log rotation
#------------------------
if prompt_yes_no "Do you want to configure log rotation?"; then
print_color "yellow" "Configuring log rotation..."
# Default settings
rotate_frequency="weekly"
rotate_count=4
rotate_size="100M"
if prompt_yes_no "Do you want to customize global log rotation settings?"; then
read -r -p "Enter rotation frequency (daily/weekly/monthly) [default: weekly]: " custom_frequency
rotate_frequency=${custom_frequency:-$rotate_frequency}
read -r -p "Enter number of log files to keep [default: 4]: " custom_count
rotate_count=${custom_count:-$rotate_count}
read -r -p "Enter max size of log file before rotation (e.g., 100M, 500M, 1G) [default: 100M]: " custom_size
rotate_size=${custom_size:-$rotate_size}
else
print_color "yellow" "Using default settings for global log rotation."
fi
# Update global configuration
cat <<EOF >/etc/logrotate.conf
# Global log rotation settings
${rotate_frequency}
rotate ${rotate_count}
create
compress
dateext
# Rotate log files larger than ${rotate_size} even before the scheduled rotation time
size ${rotate_size}
include /etc/logrotate.d
# System-specific logs may be configured here
EOF
print_color "green" "Global log rotation has been configured with the following settings:"
print_color "yellow" "- Rotation frequency: ${rotate_frequency}"
print_color "yellow" "- Number of log files to keep: ${rotate_count}"
print_color "yellow" "- Max size before rotation: ${rotate_size}"
print_color "yellow" "You can further adjust these settings in /etc/logrotate.conf"
# Nginx-specific configuration
if command -v nginx &>/dev/null || [ -d "/etc/nginx" ]; then
print_color "yellow" "Nginx installation detected."
if prompt_yes_no "Do you want to configure Nginx-specific log rotation?"; then
mkdir -p /etc/logrotate.d
cat <<EOF >/etc/logrotate.d/nginx
/var/log/nginx/*.log {
${rotate_frequency}
missingok
rotate ${rotate_count}
compress
delaycompress
notifempty
create 0640 www-data adm
sharedscripts
maxsize ${rotate_size}
postrotate
if [ -f /var/run/nginx.pid ]; then
kill -USR1 \$(cat /var/run/nginx.pid)
fi
endscript
}
EOF
print_color "green" "Nginx-specific log rotation has been configured."
print_color "yellow" "Nginx log rotation configuration created at /etc/logrotate.d/nginx"
else
print_color "yellow" "Skipping Nginx-specific log rotation configuration."
fi
else
print_color "yellow" "Nginx installation not detected. Skipping Nginx-specific log rotation configuration."
fi
# Docker-specific configuration
if command -v docker &>/dev/null; then
if prompt_yes_no "Docker is installed. Do you want to configure Docker-specific log rotation?"; then
mkdir -p /etc/docker
cat <<EOF >/etc/docker/daemon.json
{
"log-driver": "json-file",
"log-opts": {
"max-size": "${rotate_size}",
"max-file": "${rotate_count}"
}
}
EOF
print_color "green" "Docker-specific log rotation has been configured."
print_color "yellow" "Note: You'll need to restart Docker for these changes to take effect."
if prompt_yes_no "Do you want to restart Docker now?"; then
systemctl restart docker
print_color "green" "Docker has been restarted."
else
print_color "yellow" "Please remember to restart Docker later for the log rotation changes to take effect."
fi
else
print_color "yellow" "Skipping Docker-specific log rotation configuration."
fi
fi
else
print_color "yellow" "Skipping log rotation configuration."
fi
#---------------
# End of Script
#---------------
if [ "$ssh_hardened" = true ]; then
print_color "yellow" "===== IMPORTANT: SSH KEY SETUP ====="
print_color "yellow" "SSH has been hardened. If you haven't set up an SSH key, do so before logging out!"
print_color "yellow" "Please test your SSH connection in a new terminal before closing this session."
print_color "yellow" "Follow these steps on your local machine:"
print_color "yellow" "1. Generate an SSH key:"
print_color "yellow" " ssh-keygen -t ed25519 -C 'your_email@example.com'"
print_color "yellow" "2. Copy the key to your server:"
print_color "yellow" " ssh-copy-id -i ~/.ssh/id_ed25519.pub -p $ssh_port $new_user@your_server_ip"
print_color "yellow" "3. Test your new key:"
print_color "yellow" " ssh -p $ssh_port $new_user@your_server_ip"
print_color "yellow" "4. If successful, run this script again to disable password authentication."
print_color "yellow" "If you can't connect, check your SSH configuration at /etc/ssh/sshd_config"
print_color "yellow" "====================================="
fi
print_color "green" "Server setup complete!"

View File

@ -1,58 +1,92 @@
#!/bin/bash #!/bin/bash
# Check if script is run as root # Function to show progress
if [ "$EUID" -ne 0 ]; then show_progress() {
echo "This script must be run as root. Please use sudo or run as root." local pid=$1
exit 1 local delay=0.1
fi local spinstr='⠋⠙⠹⠸⠼⠴⠦⠧⠇⠏'
local start_time=$(date +%s)
printf " "
while ps -p "$pid" > /dev/null 2>&1; do
local temp=${spinstr#?}
printf "\r[%c] " "$spinstr"
local spinstr=$temp${spinstr%"$temp"}
sleep $delay
local current_time=$(date +%s)
local elapsed=$((current_time - start_time))
printf "%02d:%02d" $((elapsed / 60)) $((elapsed % 60))
done
printf "\r[✓] Done! \n"
}
# Function to print colored output
print_color() {
case $1 in
"green") echo -e "\e[32m$2\e[0m" ;;
"red") echo -e "\e[31m$2\e[0m" ;;
"yellow") echo -e "\e[33m$2\e[0m" ;;
esac
sleep 0.1
}
# Function to center text
center_text() {
local text="$1"
local width
width=$(tput cols) || return
local padding=$(( (width - ${#text}) / 2 ))
printf "%${padding}s%s\n" '' "$text"
}
# Function to install necessary packages # Function to install necessary packages
install_dependencies() { install_dependencies() {
echo "Installing necessary packages..." print_color "yellow" "Installing dependencies..."
sudo apt update && apt upgrade -y (sudo apt update -q && sudo apt install -y -q wget curl sudo > /dev/null 2>&1) &
sudo apt install -y wget curl sudo show_progress $!
print_color "green" "Dependencies installed successfully."
} }
# Function to create vaultwarden user if it doesn't exist # Function to create vaultwarden user if it doesn't exist
create_vaultwarden_user() { create_vaultwarden_user() {
if ! command -v useradd &> /dev/null; then if ! command -v useradd &> /dev/null; then
echo "useradd command not found. Installing..." print_color "yellow" "useradd command not found. Installing..."
sudo apt install -y passwd (sudo apt install -y passwd > /dev/null 2>&1) &
show_progress $!
fi fi
if ! id "vaultwarden" &>/dev/null; then if ! id "vaultwarden" &>/dev/null; then
echo "Creating vaultwarden user..." print_color "yellow" "Creating vaultwarden user..."
sudo useradd -r -s /bin/false vaultwarden (sudo useradd -r -s /bin/false vaultwarden > /dev/null 2>&1) &
echo "Vaultwarden user created." show_progress $!
print_color "green" "Vaultwarden user created successfully."
else else
echo "Vaultwarden user already exists." print_color "green" "Vaultwarden user already exists."
fi fi
} }
# Function to extract without Docker # Function to extract without Docker
extract_without_docker() { extract_without_docker() {
echo "Extracting binaries without Docker..." print_color "yellow" "Extracting Vaultwarden binaries..."
mkdir -p vw-image (
cd vw-image mkdir -p vw-image
if ! wget https://raw.githubusercontent.com/jjlin/docker-image-extract/main/docker-image-extract; then cd vw-image
echo "Failed to download docker-image-extract script. Exiting." wget -q https://raw.githubusercontent.com/jjlin/docker-image-extract/main/docker-image-extract
chmod +x docker-image-extract
./docker-image-extract vaultwarden/server:latest-alpine
sudo mv output/vaultwarden /home/vaultwarden/
sudo mv output/web-vault /home/vaultwarden/
cd ..
rm -rf vw-image
sudo mkdir -p /home/vaultwarden/data
) &> /dev/null &
show_progress $!
if [ -f "/home/vaultwarden/vaultwarden" ] && [ -d "/home/vaultwarden/web-vault" ]; then
print_color "green" "Extraction complete."
else
print_color "red" "Extraction failed. Please check the logs and try again."
exit 1 exit 1
fi fi
chmod +x docker-image-extract
if ! ./docker-image-extract vaultwarden/server:latest-alpine; then
echo "Failed to extract Vaultwarden image. Exiting."
exit 1
fi
sudo mv output/vaultwarden /home/vaultwarden/ || { echo "Failed to move vaultwarden binary. Exiting."; exit 1; }
sudo mv output/web-vault /home/vaultwarden/ || { echo "Failed to move web-vault. Exiting."; exit 1; }
cd ..
rm -rf vw-image
sudo mkdir -p /home/vaultwarden/data
echo "Extraction complete."
} }
# Create systemd service file # Create systemd service file
create_systemd_service() { create_systemd_service() {
print_color "yellow" "Creating systemd service file..."
sudo tee /etc/systemd/system/vaultwarden.service > /dev/null << EOF sudo tee /etc/systemd/system/vaultwarden.service > /dev/null << EOF
[Unit] [Unit]
Description=Vaultwarden Server Description=Vaultwarden Server
@ -68,13 +102,14 @@ EnvironmentFile=/home/vaultwarden/.env
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
EOF EOF
print_color "green" "Systemd service file created successfully."
} }
# Function to create .env file # Function to create .env file
create_env_file() { create_env_file() {
echo "Setting up Vaultwarden configuration..." print_color "yellow" "Setting up Vaultwarden configuration..."
read -p "Enter domain name for Vaultwarden (e.g., vault.example.com): " DOMAIN read -p "Enter domain name for Vaultwarden (e.g., vault.example.com): " DOMAIN
print_color "yellow" "Creating .env file..."
sudo tee /home/vaultwarden/.env > /dev/null << EOF sudo tee /home/vaultwarden/.env > /dev/null << EOF
DOMAIN=https://$DOMAIN DOMAIN=https://$DOMAIN
ROCKET_PORT=8000 ROCKET_PORT=8000
@ -82,28 +117,20 @@ DATA_FOLDER=/home/vaultwarden/data
WEB_VAULT_FOLDER=/home/vaultwarden/web-vault WEB_VAULT_FOLDER=/home/vaultwarden/web-vault
EOF EOF
sudo chown vaultwarden:vaultwarden /home/vaultwarden/.env (sudo chown vaultwarden:vaultwarden /home/vaultwarden/.env &&
sudo chmod 600 /home/vaultwarden/.env sudo chmod 600 /home/vaultwarden/.env) &
show_progress $!
print_color "green" "Vaultwarden configuration file created successfully."
} }
# Function to install Certbot
install_certbot() {
echo "Installing Certbot..."
sudo apt update
sudo apt install -y snapd
sudo snap install core
sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
}
# Function to set up Nginx # Function to set up Nginx
setup_nginx() { setup_nginx() {
if ! command -v nginx &> /dev/null; then if ! command -v nginx &> /dev/null; then
echo "Nginx not found. Installing..." print_color "yellow" "Nginx not found. Installing..."
sudo apt update && sudo apt install -y nginx (sudo apt update && sudo apt install -y nginx > /dev/null 2>&1) &
show_progress $!
fi fi
print_color "yellow" "Configuring Nginx for Vaultwarden..."
sudo tee /etc/nginx/sites-available/vaultwarden > /dev/null << EOF sudo tee /etc/nginx/sites-available/vaultwarden > /dev/null << EOF
server { server {
listen 80; listen 80;
@ -121,82 +148,95 @@ EOF
sudo ln -sf /etc/nginx/sites-available/vaultwarden /etc/nginx/sites-enabled/ sudo ln -sf /etc/nginx/sites-available/vaultwarden /etc/nginx/sites-enabled/
# Install Certbot before testing Nginx configuration print_color "yellow" "Testing Nginx configuration..."
install_certbot if sudo nginx -t; then
(sudo systemctl reload nginx > /dev/null 2>&1) &
# Now test and reload Nginx show_progress $!
sudo nginx -t && sudo systemctl reload nginx print_color "green" "Nginx configured and reloaded successfully."
echo "Nginx configured."
}install_certbot() {
if ! command -v certbot &> /dev/null; then
echo "Installing Certbot..."
sudo apt update
sudo apt install -y certbot python3-certbot-nginx
else else
echo "Certbot is already installed." print_color "red" "Nginx configuration test failed. Please check your configuration."
fi fi
} }
# Function to install Certbot
install_certbot() {
print_color "yellow" "Installing Certbot..."
(sudo apt update &&
sudo apt install -y snapd &&
sudo snap install core &&
sudo snap refresh core &&
sudo snap install --classic certbot &&
sudo ln -s /snap/bin/certbot /usr/bin/certbot) &
show_progress $!
print_color "green" "Certbot installed successfully."
}
# Function to set up admin panel # Function to set up admin panel
setup_admin_panel() { setup_admin_panel() {
echo "Setting up admin panel..." print_color "yellow" "Setting up admin panel..."
# Install argon2 if not already installed # Install argon2 if not already installed
if ! command -v argon2 &> /dev/null; then if ! command -v argon2 &> /dev/null; then
echo "Installing argon2..." print_color "yellow" "Installing argon2..."
sudo apt update (sudo apt update && sudo apt install -y argon2 > /dev/null 2>&1) &
sudo apt install -y argon2 show_progress $!
fi fi
# Prompt for admin password # Prompt for admin password
read -sp "Enter the admin password: " admin_password read -sp "Enter the admin password: " admin_password
echo echo
print_color "yellow" "Generating admin token..."
# Generate argon2 hash # Generate argon2 hash
admin_token=$(echo -n "$admin_password" | argon2 $(openssl rand -base64 32) -e -id -k 65540 -t 3 -p 4) admin_token=$(echo -n "$admin_password" | argon2 $(openssl rand -base64 32) -e -id -k 65540 -t 3 -p 4)
# Append admin token to .env file # Append admin token to .env file
echo "ENABLE_ADMIN=true" | sudo tee -a /home/vaultwarden/.env > /dev/null print_color "yellow" "Updating .env file with admin token..."
echo "ADMIN_TOKEN='$admin_token'" | sudo tee -a /home/vaultwarden/.env > /dev/null (echo "ENABLE_ADMIN=true" | sudo tee -a /home/vaultwarden/.env > /dev/null
echo "ADMIN_TOKEN='$admin_token'" | sudo tee -a /home/vaultwarden/.env > /dev/null) &
show_progress $!
echo "Admin panel has been enabled." print_color "green" "Admin panel has been enabled successfully."
} }
# Main script starts here #-------------
# Main script
#-------------
# Check if script is run as root
if [ "$EUID" -ne 0 ]; then
echo "This script must be run as root. Please use sudo or run as root."
exit 1
fi
# Welcome Message # Welcome Message
cat <<"EOF" cat <<"EOF"
! ██╗ ██╗ █████╗ ██╗ ██╗██╗ ████████╗██╗ ██╗ █████╗ ██████╗ ██████╗ ███████╗███╗ ██╗
! ███████╗ ██████╗ ██╗ ██╗██████╗ █████╗ ███╗ ██╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗ ██████╗ █████╗ ██████╗██╗ ██╗ ██║ ██║██╔══██╗██║ ██║██║ ╚══██╔══╝██║ ██║██╔══██╗██╔══██╗██╔══██╗██╔════╝████╗ ██║
! ██╔════╝██╔═══██╗██║ ██║██╔══██╗██╔══██╗████╗ ██║ ██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗ ██╔══██╗██╔══██╗██╔════╝██║ ██╔╝ ██║ ██║███████║██║ ██║██║ ██║ ██║ █╗ ██║███████║██████╔╝██║ ██║█████╗ ██╔██╗ ██║
! ███████╗██║ ██║██║ ██║██████╔╝███████║██╔██╗ ██║ ███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝ ██████╔╝███████║██║ █████╔╝ ╚██╗ ██╔╝██╔══██║██║ ██║██║ ██║ ██║███╗██║██╔══██║██╔══██╗██║ ██║██╔══╝ ██║╚██╗██║
! ╚════██║██║ ██║╚██╗ ██╔╝██╔══██╗██╔══██║██║╚██╗██║ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗ ██╔═══╝ ██╔══██║██║ ██╔═██╗ ╚████╔╝ ██║ ██║╚██████╔╝███████╗██║ ╚███╔███╔╝██║ ██║██║ ██║██████╔╝███████╗██║ ╚████║
! ███████║╚██████╔╝ ╚████╔╝ ██║ ██║██║ ██║██║ ╚████║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║ ██║ ██║ ██║╚██████╗██║ ██╗ ╚═══╝ ╚═╝ ╚═╝ ╚═════╝ ╚══════╝╚═╝ ╚══╝╚══╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝ ╚══════╝╚═╝ ╚═══╝
! ╚══════╝ ╚═════╝ ╚═══╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝ ███████╗███████╗████████╗██╗ ██╗██████╗
! ██╔════╝██╔════╝╚══██╔══╝██║ ██║██╔══██╗
███████╗█████╗ ██║ ██║ ██║██████╔╝
╚════██║██╔══╝ ██║ ██║ ██║██╔═══╝
███████║███████╗ ██║ ╚██████╔╝██║
╚══════╝╚══════╝ ╚═╝ ╚═════╝ ╚═╝
EOF EOF
echo
echo "Thanks for using Enki's Vault Warden script" center_text "Created by Enki"
echo "This script will install Vault Warden and add it to the system files so it can start at boot." center_text "Thanks for using this Vaultwarden installation script"
echo "This also sets up Nginx for your domain as an option." center_text "This script will install Vaultwarden server and configure it to start at boot."
center_text "It can also set up the Vaultwarden web server on your domain."
echo
print_color "yellow" "Make sure you have pointed your domain to this server's IP address before proceeding if you are not installing localy."
if [ -t 0 ]; then if [ -t 0 ]; then
echo "To continue, hit any key." print_color "green" "Press any key to continue..."
read -n 1 -s -r -p "" read -n 1 -s -r -p ""
fi fi
echo
echo "Starting Vaultwarden installation..." print_color "green" "Starting Vaultwarden installation..."
# Install dependencies
install_dependencies install_dependencies
# Create vaultwarden user
create_vaultwarden_user create_vaultwarden_user
# Create vaultwarden directory
sudo mkdir -p /home/vaultwarden sudo mkdir -p /home/vaultwarden
# Extract Vaultwarden
extract_without_docker extract_without_docker
# Create .env file # Create .env file
@ -206,46 +246,44 @@ create_env_file
create_systemd_service create_systemd_service
# Set correct permissions # Set correct permissions
sudo chown -R vaultwarden:vaultwarden /home/vaultwarden print_color "yellow" "Setting correct permissions..."
(sudo chown -R vaultwarden:vaultwarden /home/vaultwarden) &
show_progress $!
print_color "green" "Permissions set successfully."
# Offer to set up Nginx # Offer to set up Nginx
read -p "Would you like to set up Nginx as a reverse proxy? (y/n) " setup_nginx_answer read -p "Would you like to set up Nginx as a reverse proxy? (y/n) " setup_nginx_answer
if [[ $setup_nginx_answer =~ ^[Yy]$ ]]; then if [[ $setup_nginx_answer =~ ^[Yy]$ ]]; then
setup_nginx setup_nginx
install_certbot
print_color "yellow" "You can set up SSL later by running: sudo certbot --nginx -d $DOMAIN"
fi fi
# Enable and start Vaultwarden service # Enable and start Vaultwarden service
sudo systemctl enable vaultwarden print_color "yellow" "Enabling and starting Vaultwarden service..."
sudo systemctl start vaultwarden (sudo systemctl enable vaultwarden && sudo systemctl start vaultwarden) &
show_progress $!
print_color "green" "Vaultwarden service enabled and started."
echo "Vaultwarden has been installed, configured, and started." print_color "green" "Vaultwarden has been installed and configured."
echo "Please ensure your firewall allows traffic on ports 80 and 443 (if using HTTPS)." print_color "yellow" "Please ensure your firewall allows traffic on ports 80 and 443 (if using HTTPS)."
echo "If you didn't set up Nginx, make sure to allow traffic on port 8000 as well." print_color "yellow" "If you didn't set up Nginx, make sure to allow traffic on port 8000 as well."
# Offer to set up admin panel # Offer to set up admin panel
read -p "Would you like to enable the admin panel? (y/n) " setup_admin_answer read -p "Would you like to enable the admin panel? (y/n) " setup_admin_answer
if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then
setup_admin_panel setup_admin_panel
# Restart Vaultwarden to apply changes # Restart Vaultwarden to apply changes
sudo systemctl restart vaultwarden print_color "yellow" "Restarting Vaultwarden to apply changes..."
(sudo systemctl restart vaultwarden) &
show_progress $!
print_color "green" "Vaultwarden restarted successfully."
fi fi
print_color "green" "Vaultwarden installation complete!"
if [[ $setup_nginx_answer =~ ^[Yy]$ ]]; then if [[ $DOMAIN ]]; then
echo "" print_color "yellow" "You can access your Vaultwarden instance at: https://$DOMAIN"
echo "IMPORTANT: SSL/HTTPS Setup Instructions" if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then
echo "----------------------------------------" print_color "yellow" "Admin panel is available at: https://$DOMAIN/admin"
echo "1. Ensure you have pointed your domain's A record to this server's IP address." fi
echo "2. Once DNS propagation is complete (this can take up to 48 hours but in most cases it only takes a few minutes), run the following command:"
echo " sudo certbot --nginx -d $DOMAIN"
echo "3. Follow the prompts to complete the SSL certificate installation."
echo "4. Certbot will automatically modify your Nginx configuration to use HTTPS."
echo ""
echo "For more information on using Certbot, visit: https://certbot.eff.org/"
fi
if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then
echo ""
echo "Admin panel has been enabled. You can access it at https://$DOMAIN/admin"
echo "Use the password you provided to log in."
fi fi

View File

@ -12,18 +12,17 @@
# How to use these scripts # How to use these scripts
---------------------------- ----------------------------
These should work on most Debian based distros that use apt. These should work on most Debian based distros.
If you're using a GUI, then you can download the zip file. If you're using a GUI, then you can download the zip file.
Unzip and open the folder. Unzip and open the folder.
Find the script (or set of scripts.) that you want to use right click, look for the permissions section and tick the "run as program" permission. Find the script (or set of scripts.) that you want to use right click, look for the permissions section and tick the "run as program" permission. Right click on a folder select "Open in terminal" then type `ls` this will show whats in the folder
Right click on a folder select "Open in terminal" then type `ls` this will show whats in the folder
then `sudo ./full_script_name.sh`. You might need to provide an admin password. then `sudo ./full_script_name.sh`. You might need to provide an admin password.
If you are running 'headless' and dont have Git installed yet you can run : If you are running 'headless' and dont have Git installed yet you can run :
`wget https://github.com/Enkimin/Sovran-Scripts/archive/main.tar.gz`\ `wget https://git.sovbit.dev/Enki/sovran-scripts/archive/main.tar.gz`\
`tar -xzf main.tar.gz`\ `tar -xzf main.tar.gz`\
`cd main`\ `cd main`\
`ls`\ `ls`\
@ -33,7 +32,7 @@ If you are running 'headless' and dont have Git installed yet you can run :
If Git is installed use : If Git is installed use :
`git clone https://github.com/Enkimin/Sovran-Scripts.git`\ `git clone https://git.sovbit.dev/Enki/sovran-scripts.git`\
`cd Sovran-Scripts`\ `cd Sovran-Scripts`\
`ls`\ `ls`\
`cd folder_name`\ `cd folder_name`\
@ -43,11 +42,8 @@ All the scripts need to be given permission to execute, you can do this with:
`chmod +x scriptname.sh` `chmod +x scriptname.sh`
-------------------------------------- ------------
## Scripts ## Scripts
### List of scripts and what they do
--------------------------------------
------------ ------------
## Bitcoin ## Bitcoin
------------ ------------
@ -57,5 +53,8 @@ All the scripts need to be given permission to execute, you can do this with:
---------------------- ----------------------
### Personal Server ### Personal Server
---------------------- ----------------------
### Server Setup
- This script does some basic server setup. It will harden SSH, setup a non-root user, install some basic tools, configure log rotation, install docker and nginx, and install UFW and Fail2Ban with some basic configuration. All optional wth user input for most configuration settings.
### Vault Warden ### Vault Warden
- Installes and configures Vault Warden. Will also install nginx, certbot and add Vault Warden to systemd for easy managment. - Installs and configures Vault Warden. Will also install nginx, certbot and add Vault Warden to systemd for easy management.