enki/Sovran-Scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: enki:13daaf1c766c4afdf425058a0661957d56b093b5
Branches Tags
enki:main
...
compare: enki:38e5391c517a40daa2615d45c2ad4431e04d7657
Branches Tags
enki:main

10 Commits
13daaf1c76 ... 38e5391c51

Author SHA1 Message Date
Enki
38e5391c51 Server script addtion and update of vaultwarden script 2024-08-16 15:40:11 -07:00
Enki
8f42ce4425 spell check is my friend. 2024-07-17 14:28:18 -07:00
Enki
d695ce8a11 readme update 2024-07-17 14:26:47 -07:00
Enki
d4b10db334 readme update 2024-07-17 14:22:02 -07:00
Enki
e26b6c45a0 Readme update 2024-07-17 14:20:42 -07:00
Enki
c92824b073 This updates the readme and adds a vault warden Script 2024-07-17 14:19:55 -07:00
Enki
2704f37c41 Merge remote-tracking branch 'origin/main' 2024-07-08 23:07:34 -07:00
enki
e5b70edaf5 Initial commit 2024-07-09 05:58:00 +00:00
Enki
910f8763cd some changes and new idea for LN Script 2024-07-08 22:51:50 -07:00
Enki
220125a2d9 Last round of clean up and fixes I hope 2024-01-09 17:49:26 -08:00
7 changed files with 1931 additions and 21 deletions
Show Stats Expand all files Collapse all files

8
Bitcoin/coreinstall.sh
View File

@ -198,7 +198,7 @@ install_bitcoin_core_dependencies() {
sleep 3 sleep 3
if ! is_package_installed "git"; then if ! is_package_installed "git"; then
echo "Installing git..." echo "Installing git..."
if ! apt-get install -y -q git; then if ! apt-get install -y -qq git; then
echo "Failed to install git." >&2 echo "Failed to install git." >&2
exit 1 exit 1
fi fi
@ -208,7 +208,7 @@ install_bitcoin_core_dependencies() {
if ! is_package_installed "curl"; then if ! is_package_installed "curl"; then
echo "Installing curl..." echo "Installing curl..."
if ! apt-get install -y -q curl; then if ! apt-get install -y -qq curl; then
echo "Failed to install curl." >&2 echo "Failed to install curl." >&2
exit 1 exit 1
fi fi
@ -222,7 +222,7 @@ install_bitcoin_core_dependencies() {
for dep in "${bitcoin_core_dependencies[@]}"; do for dep in "${bitcoin_core_dependencies[@]}"; do
if ! is_package_installed "$dep"; then if ! is_package_installed "$dep"; then
echo "Installing $dep..." echo "Installing $dep..."
if ! apt-get install -y -q "$dep"; then if ! apt-get install -y -qq "$dep"; then
echo "Failed to install $dep." >&2 echo "Failed to install $dep." >&2
exit 1 exit 1
fi fi
@ -739,7 +739,7 @@ start_and_enable_bitcoin_core
check_services # Final systems check and exit check_services # Final systems check and exit
# Inform the user that the script has completed successfully # Inform the user that the script has completed successfully
"Thanks for running a Bitcoin full node, you're helping to decentralize the network even further!" echo "Thanks for running a Bitcoin full node, you're helping to decentralize the network even further!"
echo "You can check your node's sync status with 'bitcoin-cli -getinfo'" echo "You can check your node's sync status with 'bitcoin-cli -getinfo'"
echo "You can check the status of your peer connections with 'bitcoin-cli -netinfo'" echo "You can check the status of your peer connections with 'bitcoin-cli -netinfo'"
echo "This will show the amount of peers you are connected to for each network." echo "This will show the amount of peers you are connected to for each network."

503
Bitcoin/lndinstall.sh Normal file
View File

@ -0,0 +1,503 @@
#!/bin/bash
#This is a script to install LND.
#Global Functions.
#Global Functions.
is_package_installed() {
if dpkg -l "$1" 2>/dev/null | grep -q "^ii"; then
echo "$1 is installed."
return 0 # Package is installed
else
echo "$1 is not installed."
return 1 # Package is not installed
fi
}
prompt_yes_no() {
local question="$1"
local default_choice="${2:-yes}"
while true; do
read -p "$question (y/n) [default: $default_choice]: " user_choice
case $user_choice in
[Yy])
echo "yes"
return
;;
[Nn])
echo "no"
return
;;
"")
# If the user just presses Enter, return the default choice
echo "$default_choice"
return
;;
*)
echo "Invalid choice. Please enter 'y' for yes or 'n' for no."
;;
esac
done
}
is_bitcoin_core_installed() {
command -v bitcoind &>/dev/null
}
# Lightning Stuff
# Function to check if Go is installed and upgrade to the latest version if needed
upgrade_go() {
local installed_go_version=$(go version 2>/dev/null | grep -oP 'go[0-9.]+')
local latest_go_version=$(curl -s https://golang.org/dl/ | grep -oP 'https://golang.org/dl/go([0-9.]+).linux-amd64.tar.gz' | head -1 | grep -oP 'go([0-9.]+)')
if [[ -z "$installed_go_version" ]]; then
echo "Go is not installed. Installing the latest version."
elif [[ "$installed_go_version" == "$latest_go_version" ]]; then
echo "Latest version of Go ($installed_go_version) is already installed. Skipping."
return
else
echo "Upgrading Go from $installed_go_version to $latest_go_version."
fi
wget -q "https://golang.org/dl/$latest_go_version.linux-amd64.tar.gz" -P /tmp || {
echo "Failed to download Go. Aborting."
exit 1
}
tar -C /usr/local -xzf "/tmp/$latest_go_version.linux-amd64.tar.gz" || {
echo "Failed to extract Go. Aborting."
exit 1
}
rm "/tmp/$latest_go_version.linux-amd64.tar.gz"
if ! grep -q '/usr/local/go/bin' /etc/profile; then
echo "export PATH=\$PATH:/usr/local/go/bin" >>/etc/profile
echo "Go installation/upgrade completed successfully! Sourcing /etc/profile to update the PATH for the current session."
source /etc/profile
else
echo "Go installation/upgrade completed successfully!"
fi
}
# Function to install LND
install_lnd() {
# Edit the bitcoin.conf file using cat
bitcoin_conf_file="/home/bitcoin/.bitcoin/bitcoin.conf"
if [ -f "$bitcoin_conf_file" ]; then
echo "Editing the bitcoin.conf file..."
cat <<EOF >>"$bitcoin_conf_file"
# [RPC]
debug=rpc
rpcauth='lnd:1628299163766bdce1b3b9d321955971\$dfeb5a806808e3f5f31b46bc8289c79f27f679cfd41b9df1e154ab6588e10ad7'
# [zeromq]
zmqpubrawblock=tcp://127.0.0.1:28332
zmqpubrawtx=tcp://127.0.0.1:28333
EOF
else
echo "Bitcoin configuration file not found at $bitcoin_conf_file. Please ensure Bitcoin Core is correctly configured."
fi
# Restart bitcoind
echo "Restarting bitcoind..."
sudo systemctl restart bitcoind
echo "bitcoind has been restarted."
echo "Checking the latest release of LND..."
latest_release=$(curl -s https://api.github.com/repos/lightningnetwork/lnd/releases/latest | grep -oP '"tag_name": "\K(.*)(?=")')
lnd_directory="/home/bitcoin/node/lnd"
if [ -d "$lnd_directory" ]; then
echo "LND directory already exists. Skipping cloning."
else
echo "Cloning LND into /home/bitcoin/node/lnd..."
git clone https://github.com/lightningnetwork/lnd "$lnd_directory"
fi
cd "$lnd_directory"
echo "Checking out the latest release of LND (v$latest_release)..."
git checkout "v$latest_release"
echo "Building and installing LND..."
make install
echo "LND has been installed successfully."
# Move lncli binary to /usr/local/bin for system-wide access
echo "Moving lncli binary to /usr/local/bin..."
sudo mv /home/bitcoin/go/bin/lncli /usr/local/bin/
}
# Function to configure LND and create its data folder
configure_lnd() {
echo "Configuring LND..."
# Ask the user for their node name
echo -n "Enter a name for your node: "
read -r node_name
# Create the LND data folder if it doesn't exist
lnd_data_folder="/home/bitcoin/.lnd"
mkdir -p "$lnd_data_folder"
chown bitcoin:bitcoin "$lnd_data_folder"
echo "LND data folder created: $lnd_data_folder"
# Generate LND configuration file
lnd_config_file="/home/bitcoin/.lnd/lnd.conf"
cat <<EOF >"$lnd_config_file"
[Application Options]
# Allow push payments
accept-keysend=1
# Public network name (User-provided node name)
alias=$node_name
# Allow gift routes
allow-circular-route=1
# Reduce the cooperative close chain fee
coop-close-target-confs=1000
# Log levels
debuglevel=CNCT=debug,CRTR=debug,HSWC=debug,NTFN=debug,RPCS=debug
# Mark unpayable, unpaid invoices as deleted
gc-canceled-invoices-on-startup=1
gc-canceled-invoices-on-the-fly=1
# Avoid historical graph data sync
ignore-historical-gossip-filters=1
# Listen (not using Tor? Remove this)
listen=localhost
# Set the maximum amount of commit fees in a channel
max-channel-fee-allocation=1.0
# Set the max timeout blocks of a payment
max-cltv-expiry=5000
# Allow commitment fee to rise on anchor channels
max-commit-fee-rate-anchors=100
# Pending channel limit
maxpendingchannels=10
# Min inbound channel limit
minchansize=5000
# gRPC socket binding
rpclisten=0.0.0.0:10009
restlisten=0.0.0.0:8080
# Avoid high startup overhead
stagger-initial-reconnect=1
# Delete and recreate RPC TLS certificate when details change or cert expires
tlsautorefresh=true
# Do not include IPs in the RPC TLS certificate
tlsdisableautofill=true
[Bitcoin]
# Turn on Bitcoin mode
bitcoin.active=1
# Set the channel confs to wait for channels
bitcoin.defaultchanconfs=2
# Forward fee rate in parts per million
bitcoin.feerate=1000
# Set bitcoin.testnet=1 or bitcoin.mainnet=1 as appropriate
bitcoin.mainnet=1
# Set the lower bound for HTLCs
bitcoin.minhtlc=1
# Set backing node, bitcoin.node=neutrino or bitcoin.node=bitcoind
bitcoin.node=bitcoind
# Set CLTV forwarding delta time
bitcoin.timelockdelta=144
[bitcoind]
# Configuration for using Bitcoin Core backend
# Set the password to what the auth script said
bitcoind.rpcpass=K@iHa$$0
# Set the username
bitcoind.rpcuser=lnd
# Set the ZMQ listeners
bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332
bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333
[bolt]
# Enable database compaction when restarting
db.bolt.auto-compact=true
[protocol]
# Enable large channels support
protocol.wumbo-channels=1
[routerrpc]
# Set minimum desired savings of trying a cheaper path
routerrpc.attemptcost=10
routerrpc.attemptcostppm=10
# Set the number of historical routing records
routerrpc.maxmchistory=10000
# Set the min confidence in a path worth trying
routerrpc.minrtprob=0.005
[routing]
# Remove channels from graph that have one side that hasn't made announcements
routing.strictgraphpruning=1
EOF
chown bitcoin:bitcoin "$lnd_config_file"
echo "LND configuration file created: $lnd_config_file"
# Ask the user about Tor mode and validate input
while true; do
read -rp "Do you want to use Tor only mode or hybrid mode? (Type 'yes' for Tor only mode, 'no' for hybrid mode): " tor_mode
case $tor_mode in
[Yy]es)
echo "Enabling Tor mode in LND..."
;;
[Nn]o)
echo "LND will be configured in hybrid mode (without Tor)."
;;
*)
echo "Invalid input. Please type 'yes' for Tor only mode or 'no' for hybrid mode."
continue
;;
esac
break
done
if [[ "$tor_mode" == "yes" ]]; then
echo -n "Enter a password for LND Tor (this will be used to generate HashedControlPassword in torrc): "
read -r tor_password
# Set Tor configurations in LND conf file for Tor only mode
cat <<EOF >>"$lnd_config_file"
[tor]
tor.active=1
tor.v3=1
tor.socks=127.0.0.1:9050
tor.streamisolation=true
tor.password=$tor_password
tor.privatekeypath=/root/.lnd/v3_onion_private_key
EOF
# Update the torrc file with HashedControlPassword
tor_hashed_password=$(tor --hash-password "$tor_password")
echo "Updating torrc file with HashedControlPassword..."
echo "HashedControlPassword $tor_hashed_password" | sudo tee -a /etc/tor/torrc
sudo systemctl restart tor
echo "LND has been configured in Tor only mode."
else
echo -n "Enter a password for LND Tor (this will be used to generate HashedControlPassword in torrc): "
read -r tor_password
# Set Tor configurations in LND conf file for hybrid mode
cat <<EOF >>"$lnd_config_file"
[tor]
tor.active=1
tor.v3=1
tor.socks=127.0.0.1:9050
tor.streamisolation=false
tor.password=$tor_password
tor.privatekeypath=/root/.lnd/v3_onion_private_key
EOF
# Update the torrc file with HashedControlPassword
tor_hashed_password=$(tor --hash-password "$tor_password")
echo "Updating torrc file with HashedControlPassword..."
echo "HashedControlPassword $tor_hashed_password" | sudo tee -a /etc/tor/torrc
sudo systemctl restart tor
fi
# Create the systemd service file for LND
lnd_service_file="/etc/systemd/system/lnd.service"
cat <<EOF | sudo tee "$lnd_service_file"
[Unit]
Description=LND Lightning Network Daemon
Wants=bitcoind.service
After=bitcoind.service
[Service]
User=bitcoin
LimitNOFILE=65535
ExecStart=/home/bitcoin/go/bin/lnd --configfile=/home/bitcoin/.lnd/lnd.conf
ExecStop=/usr/local/bin/lncli stop
SyslogIdentifier=lnd
Restart=always
RestartSec=30
[Install]
WantedBy=multi-user.target
EOF
# Enable and start the LND service
sudo systemctl enable lnd.service
sudo systemctl start lnd.service
}
# Function to prompt the user to create a wallet
prompt_create_wallet() {
echo "Now it's time to create your wallet. Please press any key to continue and create a new wallet."
# Wait for user input to continue
read -n 1 -s -r -p ""
echo ""
echo -n "Please remember the password you enter for your wallet: "
read -s wallet_password
echo ""
# Run the lncli create command
lncli create
# Create the wallet password file
wallet_password_file="/home/bitcoin/.lnd/wallet_password"
echo "$wallet_password" >"$wallet_password_file"
chown bitcoin:bitcoin "$wallet_password_file"
chmod 400 "$wallet_password_file"
}
# Ride the lightning dashboard stuff
# Install RTL dash (Ride The Lightning)
install_rtl() {
echo "Checking for NPM (Node Package Manager)..."
if ! command -v npm &>/dev/null; then
echo "NPM not found. Installing NPM..."
sleep 1
sudo apt update
sudo apt install -qq -y npm
else
echo "NPM is already installed."
sleep 1
fi
rtl_folder="/home/bitcoin/node/RTL"
echo "Cloning RTL into $rtl_folder..."
git clone https://github.com/Ride-The-Lightning/RTL.git "$rtl_folder"
echo "Entering the RTL folder..."
cd "$rtl_folder"
echo "Running npm install..."
npm install --omit=dev
echo "RTL has been installed successfully."
sleep 1
}
# Configure RTL and plug it into systemd
configure_rtl() {
echo "Configuring RTL..."
sleep 1
# Get the computer's LAN IPv4 address
lan_address=$(ip -4 addr show | grep -oP '(?<=inet\s)\d+(\.\d+){3}' | grep -v '127.0.0.1' | head -1)
# Ask the user about enabling FIAT conversion
echo "Do you want to enable FIAT conversion? (Type 'yes' for enabling FIAT conversion, 'no' otherwise):"
read -r enable_fiat
rtl_folder="/home/bitcoin/node/RTL"
rtl_config_file="$rtl_folder/RTL-Config.json"
cat <<EOF >"$rtl_config_file"
{
"multiPass": "password",
"port": "3000",
"defaultNodeIndex": 1,
"dbDirectoryPath": "/home/bitcoin/node/RTL/data",
"SSO": {
"rtlSSO": 0
},
"nodes": [
{
"index": 1,
"lnNode": "LND",
"lnImplementation": "LND",
"Authentication": {
"macaroonPath": "/home/bitcoin/.lnd/data/chain/bitcoin/mainnet"
},
"Settings": {
"userPersona": "OPERATOR",
"themeMode": "NIGHT",
"themeColor": "PURPLE",
"channelBackupPath": "/home/bitcoin/bitcoin/node/RTL/backups",
"bitcoindConfigPath": "/home/bitcoin/.bitcoin/bitcoin.conf",
"logLevel": "INFO",
"fiatConversion": "$enable_fiat",
"unannouncedChannels": true,
"lnServerUrl": "https://$lan_address:8080"
}
}
]
}
EOF
echo "RTL configuration file created: $rtl_config_file"
# Create the data folder for RTL
rtl_data_folder="/home/bitcoin/node/RTL/data"
mkdir -p "$rtl_data_folder"
chown bitcoin:bitcoin "$rtl_data_folder"
echo "RTL data folder created: $rtl_data_folder"
echo "RTL has been configured."
# Create and start the systemd service for RTL
rtl_systemd_file="/etc/systemd/system/rtl.service"
cat <<EOF >"$rtl_systemd_file"
[Unit]
Description=Ride The Lightning (RTL) Bitcoin Lightning Network GUI
After=bitcoind.service lnd.service
[Service]
User=bitcoin
Group=bitcoin
Type=simple
ExecStart=/usr/bin/npm --prefix /home/bitcoin/node/RTL run start
[Install]
WantedBy=multi-user.target
EOF
echo "Systemd service file created: $rtl_systemd_file"
sudo systemctl enable rtl
sudo systemctl start rtl
echo "RTL service has been started."
echo "You can access RTL at http://localhost:8080 or http://$lan_address:8080"
}
# Root Check
if [ "$EUID" -ne 0 ]; then
echo "Please run this script as root."
exit 1
fi
# Welcom Message
cat <<"EOF"
! .::::::. ... ::: .::.:::::::.. :::. :::. :::. :::. :::. ... :::::::-. .,:::::: ::::::::::. :::. .,-::::: ::: .
! ;;;` ` .;;;;;;;. ';;, ,;;;' ;;;;``;;;; ;;`;; `;;;;, `;;; `;;;;, `;;; .;;;;;;;. ;;, `';,;;;;'''' `;;;```.;;; ;;`;; ,;;;'````' ;;; .;;,.
! '[==/[[[[,,[[ \[[, \[[ .[[/ [[[,/[[[' ,[[ '[[, [[[[[. '[[ [[[[[. '[[,[[ \[[, `[[ [[ [[cccc `]]nnn]]' ,[[ '[[, [[[ [[[[[/'
! ''' $$$$, $$$ Y$c.$$" $$$$$$c c$$$cc$$$c $$$ "Y$c$$ $$$ "Y$c$$$$$, $$$ $$, $$ $$"""" $$$"" c$$$cc$$$c $$$ _$$$$,
! 88b dP"888,_ _,88P Y88P 888b "88bo, 888 888, 888 Y88 888 Y88"888,_ _,88P 888_,o8P' 888oo,__ 888o 888 888,`88bo,__,o, "888"88o,
! "YMmMY" "YMMMMMP" MP MMMM "W" YMM ""` MMM YM MMM YM "YMMMMMP" MMMMP"` """"YUMMM YMMMb YMM ""` "YUMMMMMP" MMM "MMP"
EOF
echo
center_text "Thanks for using Enki's LND install script"
center_text "This script will install LND and RTL on your box."
center_text "To continue, hit any key."
if [ -t 0 ]; then # Check if running in an interactive shell before using "read"
center_text "To continue, hit any key."
read -n 1 -s -r -p ""
fi
echo
# Main part of the script.
# Checks if Bitcoin Core is installed
if is_bitcoin_core_installed; then
echo "Core is installed. Lets "
else
echo "Bitcoin Core is not installed. do you want to install Core?"
fi
install_go # Install Go if it's not already installed
install_lnd # Call the function to install LND
configure_lnd # Call the function to configure LND and create its data folder
prompt_create_wallet # Makes a wallet and adds the auto unlock file.
install_rtl # Installs Ride The Lightning
configure_rtl # makes the RTL config file and plugs it into systemd

504
Bitcoin/lndnew.sh Normal file
View File

@ -0,0 +1,504 @@
#!/bin/bash
#This is a script to install LND.
#--------------------
#Global Functions.
#--------------------
is_package_installed() {
if dpkg -l "$1" 2>/dev/null | grep -q "^ii"; then
echo "$1 is installed."
return 0 # Package is installed
else
echo "$1 is not installed."
return 1 # Package is not installed
fi
}
prompt_yes_no() {
local question="$1"
local default_choice="${2:-yes}"
while true; do
read -p "$question (y/n) [default: $default_choice]: " user_choice
case $user_choice in
[Yy])
echo "yes"
return
;;
[Nn])
echo "no"
return
;;
"")
# If the user just presses Enter, return the default choice
echo "$default_choice"
return
;;
*)
echo "Invalid choice. Please enter 'y' for yes or 'n' for no."
;;
esac
done
}
is_bitcoin_core_installed() {
command -v bitcoind &>/dev/null
}
#--------------------
# Lightning Stuff
#--------------------
# Function to check if Go is installed and upgrade to the latest version if needed
upgrade_go() {
local installed_go_version=$(go version 2>/dev/null | grep -oP 'go[0-9.]+')
local latest_go_version=$(curl -s https://golang.org/dl/ | grep -oP 'https://golang.org/dl/go([0-9.]+).linux-amd64.tar.gz' | head -1 | grep -oP 'go([0-9.]+)')
if [[ -z "$installed_go_version" ]]; then
echo "Go is not installed. Installing the latest version."
elif [[ "$installed_go_version" == "$latest_go_version" ]]; then
echo "Latest version of Go ($installed_go_version) is already installed. Skipping."
return
else
echo "Upgrading Go from $installed_go_version to $latest_go_version."
fi
wget -q "https://golang.org/dl/$latest_go_version.linux-amd64.tar.gz" -P /tmp || {
echo "Failed to download Go. Aborting."
exit 1
}
tar -C /usr/local -xzf "/tmp/$latest_go_version.linux-amd64.tar.gz" || {
echo "Failed to extract Go. Aborting."
exit 1
}
rm "/tmp/$latest_go_version.linux-amd64.tar.gz"
if ! grep -q '/usr/local/go/bin' /etc/profile; then
echo "export PATH=\$PATH:/usr/local/go/bin" >>/etc/profile
echo "Go installation/upgrade completed successfully! Sourcing /etc/profile to update the PATH for the current session."
source /etc/profile
else
echo "Go installation/upgrade completed successfully!"
fi
}
# Function to install LND
install_lnd() {
# Edit the bitcoin.conf file using cat
bitcoin_conf_file="/home/bitcoin/.bitcoin/bitcoin.conf"
if [ -f "$bitcoin_conf_file" ]; then
echo "Editing the bitcoin.conf file..."
cat <<EOF >>"$bitcoin_conf_file"
# [RPC]
debug=rpc
rpcauth='lnd:1628299163766bdce1b3b9d321955971\$dfeb5a806808e3f5f31b46bc8289c79f27f679cfd41b9df1e154ab6588e10ad7'
# [zeromq]
zmqpubrawblock=tcp://127.0.0.1:28332
zmqpubrawtx=tcp://127.0.0.1:28333
EOF
else
echo "Bitcoin configuration file not found at $bitcoin_conf_file. Please ensure Bitcoin Core is correctly configured."
fi
# Restart bitcoind
echo "Restarting bitcoind..."
sudo systemctl restart bitcoind
echo "bitcoind has been restarted."
echo "Checking the latest release of LND..."
latest_release=$(curl -s https://api.github.com/repos/lightningnetwork/lnd/releases/latest | grep -oP '"tag_name": "\K(.*)(?=")')
lnd_directory="/home/bitcoin/node/lnd"
if [ -d "$lnd_directory" ]; then
echo "LND directory already exists. Skipping cloning."
else
echo "Cloning LND into /home/bitcoin/node/lnd..."
git clone https://github.com/lightningnetwork/lnd "$lnd_directory"
fi
cd "$lnd_directory"
echo "Checking out the latest release of LND (v$latest_release)..."
git checkout "v$latest_release"
echo "Building and installing LND..."
make install
echo "LND has been installed successfully."
# Move lncli binary to /usr/local/bin for system-wide access
echo "Moving lncli binary to /usr/local/bin..."
sudo mv /home/bitcoin/go/bin/lncli /usr/local/bin/
}
# Function to configure LND and create its data folder
configure_lnd() {
echo "Configuring LND..."
# Ask the user for their node name
echo -n "Enter a name for your node: "
read -r node_name
# Create the LND data folder if it doesn't exist
lnd_data_folder="/home/bitcoin/.lnd"
mkdir -p "$lnd_data_folder"
chown bitcoin:bitcoin "$lnd_data_folder"
echo "LND data folder created: $lnd_data_folder"
# Generate LND configuration file
lnd_config_file="/home/bitcoin/.lnd/lnd.conf"
cat <<EOF >"$lnd_config_file"
[Application Options]
# Allow push payments
accept-keysend=1
# Public network name (User-provided node name)
alias=$node_name
# Allow gift routes
allow-circular-route=1
# Reduce the cooperative close chain fee
coop-close-target-confs=1000
# Log levels
debuglevel=CNCT=debug,CRTR=debug,HSWC=debug,NTFN=debug,RPCS=debug
# Mark unpayable, unpaid invoices as deleted
gc-canceled-invoices-on-startup=1
gc-canceled-invoices-on-the-fly=1
# Avoid historical graph data sync
ignore-historical-gossip-filters=1
# Listen (not using Tor? Remove this)
listen=localhost
# Set the maximum amount of commit fees in a channel
max-channel-fee-allocation=1.0
# Set the max timeout blocks of a payment
max-cltv-expiry=5000
# Allow commitment fee to rise on anchor channels
max-commit-fee-rate-anchors=100
# Pending channel limit
maxpendingchannels=10
# Min inbound channel limit
minchansize=5000
# gRPC socket binding
rpclisten=0.0.0.0:10009
restlisten=0.0.0.0:8080
# Avoid high startup overhead
stagger-initial-reconnect=1
# Delete and recreate RPC TLS certificate when details change or cert expires
tlsautorefresh=true
# Do not include IPs in the RPC TLS certificate
tlsdisableautofill=true
[Bitcoin]
# Turn on Bitcoin mode
bitcoin.active=1
# Set the channel confs to wait for channels
bitcoin.defaultchanconfs=2
# Forward fee rate in parts per million
bitcoin.feerate=1000
# Set bitcoin.testnet=1 or bitcoin.mainnet=1 as appropriate
bitcoin.mainnet=1
# Set the lower bound for HTLCs
bitcoin.minhtlc=1
# Set backing node, bitcoin.node=neutrino or bitcoin.node=bitcoind
bitcoin.node=bitcoind
# Set CLTV forwarding delta time
bitcoin.timelockdelta=144
[bitcoind]
# Configuration for using Bitcoin Core backend
# Set the password to what the auth script said
bitcoind.rpcpass=K@iHa$$0
# Set the username
bitcoind.rpcuser=lnd
# Set the ZMQ listeners
bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332
bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333
[bolt]
# Enable database compaction when restarting
db.bolt.auto-compact=true
[protocol]
# Enable large channels support
protocol.wumbo-channels=1
[routerrpc]
# Set minimum desired savings of trying a cheaper path
routerrpc.attemptcost=10
routerrpc.attemptcostppm=10
# Set the number of historical routing records
routerrpc.maxmchistory=10000
# Set the min confidence in a path worth trying
routerrpc.minrtprob=0.005
[routing]
# Remove channels from graph that have one side that hasn't made announcements
routing.strictgraphpruning=1
EOF
chown bitcoin:bitcoin "$lnd_config_file"
echo "LND configuration file created: $lnd_config_file"
# Ask the user about Tor mode and validate input
while true; do
read -rp "Do you want to use Tor only mode or hybrid mode? (Type 'yes' for Tor only mode, 'no' for hybrid mode): " tor_mode
case $tor_mode in
[Yy]es)
echo "Enabling Tor mode in LND..."
;;
[Nn]o)
echo "LND will be configured in hybrid mode (without Tor)."
;;
*)
echo "Invalid input. Please type 'yes' for Tor only mode or 'no' for hybrid mode."
continue
;;
esac
break
done
if [[ "$tor_mode" == "yes" ]]; then
echo -n "Enter a password for LND Tor (this will be used to generate HashedControlPassword in torrc): "
read -r tor_password
# Set Tor configurations in LND conf file for Tor only mode
cat <<EOF >>"$lnd_config_file"
[tor]
tor.active=1
tor.v3=1
tor.socks=127.0.0.1:9050
tor.streamisolation=true
tor.password=$tor_password
tor.privatekeypath=/root/.lnd/v3_onion_private_key
EOF
# Update the torrc file with HashedControlPassword
tor_hashed_password=$(tor --hash-password "$tor_password")
echo "Updating torrc file with HashedControlPassword..."
echo "HashedControlPassword $tor_hashed_password" | sudo tee -a /etc/tor/torrc
sudo systemctl restart tor
echo "LND has been configured in Tor only mode."
else
echo -n "Enter a password for LND Tor (this will be used to generate HashedControlPassword in torrc): "
read -r tor_password
# Set Tor configurations in LND conf file for hybrid mode
cat <<EOF >>"$lnd_config_file"
[tor]
tor.active=1
tor.v3=1
tor.socks=127.0.0.1:9050
tor.streamisolation=false
tor.password=$tor_password
tor.privatekeypath=/root/.lnd/v3_onion_private_key
EOF
# Update the torrc file with HashedControlPassword
tor_hashed_password=$(tor --hash-password "$tor_password")
echo "Updating torrc file with HashedControlPassword..."
echo "HashedControlPassword $tor_hashed_password" | sudo tee -a /etc/tor/torrc
sudo systemctl restart tor
fi
# Create the systemd service file for LND
lnd_service_file="/etc/systemd/system/lnd.service"
cat <<EOF | sudo tee "$lnd_service_file"
[Unit]
Description=LND Lightning Network Daemon
Wants=bitcoind.service
After=bitcoind.service
[Service]
User=bitcoin
LimitNOFILE=65535
ExecStart=/home/bitcoin/go/bin/lnd --configfile=/home/bitcoin/.lnd/lnd.conf
ExecStop=/usr/local/bin/lncli stop
SyslogIdentifier=lnd
Restart=always
RestartSec=30
[Install]
WantedBy=multi-user.target
EOF
# Enable and start the LND service
sudo systemctl enable lnd.service
sudo systemctl start lnd.service
}
# Function to prompt the user to create a wallet
prompt_create_wallet() {
echo "Now it's time to create your wallet. Please press any key to continue and create a new wallet."
# Wait for user input to continue
read -n 1 -s -r -p ""
echo ""
echo -n "Please remember the password you enter for your wallet: "
read -s wallet_password
echo ""
# Run the lncli create command
lncli create
# Create the wallet password file
wallet_password_file="/home/bitcoin/.lnd/wallet_password"
echo "$wallet_password" >"$wallet_password_file"
chown bitcoin:bitcoin "$wallet_password_file"
chmod 400 "$wallet_password_file"
}
# Ride the lightning dashboard stuff
# Install RTL dash (Ride The Lightning)
install_rtl() {
echo "Checking for NPM (Node Package Manager)..."
if ! command -v npm &>/dev/null; then
echo "NPM not found. Installing NPM..."
sleep 1
sudo apt update
sudo apt install -qq -y npm
else
echo "NPM is already installed."
sleep 1
fi
rtl_folder="/home/bitcoin/node/RTL"
echo "Cloning RTL into $rtl_folder..."
git clone https://github.com/Ride-The-Lightning/RTL.git "$rtl_folder"
echo "Entering the RTL folder..."
cd "$rtl_folder"
echo "Running npm install..."
npm install --omit=dev
echo "RTL has been installed successfully."
sleep 1
}
# Configure RTL and plug it into systemd
configure_rtl() {
echo "Configuring RTL..."
sleep 1
# Get the computer's LAN IPv4 address
lan_address=$(ip -4 addr show | grep -oP '(?<=inet\s)\d+(\.\d+){3}' | grep -v '127.0.0.1' | head -1)
# Ask the user about enabling FIAT conversion
echo "Do you want to enable FIAT conversion? (Type 'yes' for enabling FIAT conversion, 'no' otherwise):"
read -r enable_fiat
rtl_folder="/home/bitcoin/node/RTL"
rtl_config_file="$rtl_folder/RTL-Config.json"
cat <<EOF >"$rtl_config_file"
{
"multiPass": "password",
"port": "3000",
"defaultNodeIndex": 1,
"dbDirectoryPath": "/home/bitcoin/node/RTL/data",
"SSO": {
"rtlSSO": 0
},
"nodes": [
{
"index": 1
"lnNode": "LND",
"lnImplementation": "LND",
"Authentication": {
"macaroonPath": "/home/bitcoin/.lnd/data/chain/bitcoin/mainnet"
},
"Settings": {
"userPersona": "OPERATOR",
"themeMode": "NIGHT",
"themeColor": "PURPLE",
"channelBackupPath": "/home/bitcoin/bitcoin/node/RTL/backups",
"bitcoindConfigPath": "/home/bitcoin/.bitcoin/bitcoin.conf",
"logLevel": "INFO",
"fiatConversion": "$enable_fiat",
"unannouncedChannels": true,
"lnServerUrl": "https://$lan_address:8080"
}
}
]
}
EOF
echo "RTL configuration file created: $rtl_config_file"
# Create the data folder for RTL
rtl_data_folder="/home/bitcoin/node/RTL/data"
mkdir -p "$rtl_data_folder"
chown bitcoin:bitcoin "$rtl_data_folder"
echo "RTL data folder created: $rtl_data_folder"
echo "RTL has been configured."
# Create and start the systemd service for RTL
rtl_systemd_file="/etc/systemd/system/rtl.service"
cat <<EOF >"$rtl_systemd_file"
[Unit]
Description=Ride The Lightning (RTL) Bitcoin Lightning Network GUI
After=bitcoind.service lnd.service
[Service]
User=bitcoin
Group=bitcoin
Type=simple
ExecStart=/usr/bin/npm --prefix /home/bitcoin/node/RTL run start
[Install]
WantedBy=multi-user.target
EOF
echo "Systemd service file created: $rtl_systemd_file"
sudo systemctl enable rtl
sudo systemctl start rtl
echo "RTL service has been started."
echo "You can access RTL at http://localhost:8080 or http://$lan_address:8080"
}
# Root Check
if [ "$EUID" -ne 0 ]; then
echo "Please run this script as root."
exit 1
fi
# Welcom Message
cat <<"EOF"
! .::::::. ... ::: .::.:::::::.. :::. :::. :::. :::. :::. ... :::::::-. .,:::::: ::::::::::. :::. .,-::::: ::: .
! ;;;` ` .;;;;;;;. ';;, ,;;;' ;;;;``;;;; ;;`;; `;;;;, `;;; `;;;;, `;;; .;;;;;;;. ;;, `';,;;;;'''' `;;;```.;;; ;;`;; ,;;;'````' ;;; .;;,.
! '[==/[[[[,,[[ \[[, \[[ .[[/ [[[,/[[[' ,[[ '[[, [[[[[. '[[ [[[[[. '[[,[[ \[[, `[[ [[ [[cccc `]]nnn]]' ,[[ '[[, [[[ [[[[[/'
! ''' $$$$, $$$ Y$c.$$" $$$$$$c c$$$cc$$$c $$$ "Y$c$$ $$$ "Y$c$$$$$, $$$ $$, $$ $$"""" $$$"" c$$$cc$$$c $$$ _$$$$,
! 88b dP"888,_ _,88P Y88P 888b "88bo, 888 888, 888 Y88 888 Y88"888,_ _,88P 888_,o8P' 888oo,__ 888o 888 888,`88bo,__,o, "888"88o,
! "YMmMY" "YMMMMMP" MP MMMM "W" YMM ""` MMM YM MMM YM "YMMMMMP" MMMMP"` """"YUMMM YMMMb YMM ""` "YUMMMMMP" MMM "MMP"
EOF
echo
center_text "Thanks for using Enki's LND install script"
center_text "This script will install LND and RTL on your box."
center_text "To continue, hit any key."
if [ -t 0 ]; then # Check if running in an interactive shell before using "read"
center_text "To continue, hit any key."
read -n 1 -s -r -p ""
fi
echo
# Main part of the script.
# Checks if Bitcoin Core is installed
if is_bitcoin_core_installed; then
echo "Core is installed. LFG"
else
echo "Bitcoin Core is not installed. do you want to install Core?"
fi
install_go # Install Go if it's not already installed
install_lnd # Call the function to install LND
configure_lnd # Call the function to configure LND and create its data folder
prompt_create_wallet # Makes a wallet and adds the auto unlock file.
install_rtl # Installs Ride The Lightning
configure_rtl # makes the RTL config file and plugs it into systemd

3
LICENSE
View File

@ -1,7 +1,4 @@
MIT License MIT License
Copyright (c) 2023 enki
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

605
Personal Server Scripts/serversetup.sh Normal file
View File

@ -0,0 +1,605 @@
#!/bin/bash
# Function to check and modify sources.list files
check_and_modify_sources() {
local file="$1"
if [ -f "$file" ]; then
if grep -q "^deb cdrom:" "$file" || grep -q "^deb \[arch=" "$file"; then
print_color "yellow" "CD-ROM or DVD entries found in $file. Commenting them out..."
sed -i '/^deb cdrom:/s/^/# /' "$file"
sed -i '/^deb \[arch=/s/^/# /' "$file"
print_color "green" "CD-ROM and DVD entries in $file have been commented out."
else
print_color "green" "No CD-ROM or DVD entries found in $file."
fi
fi
}
display_ascii_art() {
local art="$1"
echo "$art"
}
# Function to center text
center_text() {
local text="$1"
local width
width=$(tput cols) || return
local padding=$(( (width - ${#text}) / 2 ))
printf "%${padding}s%s\n" '' "$text"
}
# Function to print colored output
print_color() {
case $1 in
"green") echo -e "\e[32m$2\e[0m" ;;
"red") echo -e "\e[31m$2\e[0m" ;;
"yellow") echo -e "\e[33m$2\e[0m" ;;
esac
sleep 0.1
}
# Function to prompt user for yes/no input
prompt_yes_no() {
while true; do
read -r -p "$1 (y/n): " yn
case $yn in
[Yy]*) return 0 ;;
[Nn]*) return 1 ;;
*) echo "Please answer yes or no." ;;
esac
done
}
# Function to show progress
show_progress() {
local pid=$1
local delay=0.1
local spinstr='⠋⠙⠹⠸⠼⠴⠦⠧⠇⠏'
local start_time=$(date +%s)
printf " "
while ps -p "$pid" > /dev/null 2>&1; do
local temp=${spinstr#?}
printf "\r[%c] " "$spinstr"
local spinstr=$temp${spinstr%"$temp"}
sleep $delay
local current_time=$(date +%s)
local elapsed=$((current_time - start_time))
printf "%02d:%02d" $((elapsed / 60)) $((elapsed % 60))
done
printf "\r[✓] Done! \n"
}
#force scroll for after neoss install no idea why it hangs.
force_scroll() {
local lines=${1:-10}
for i in $(seq 1 $lines); do
echo
sleep 0.1
done
}
# Complex ASCII art
complex_ascii_art=$(cat <<EOF
███████╗ ██████╗ ██╗ ██╗██████╗ █████╗ ███╗ ██╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗ ██████╗ █████╗ ██████╗██╗ ██╗
██╔════╝██╔═══██╗██║ ██║██╔══██╗██╔══██╗████╗ ██║ ██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗ ██╔══██╗██╔══██╗██╔════╝██║ ██╔╝
███████╗██║ ██║██║ ██║██████╔╝███████║██╔██╗ ██║ ███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝ ██████╔╝███████║██║ █████╔╝
╚════██║██║ ██║╚██╗ ██╔╝██╔══██╗██╔══██║██║╚██╗██║ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗ ██╔═══╝ ██╔══██║██║ ██╔═██╗
███████║╚██████╔╝ ╚████╔╝ ██║ ██║██║ ██║██║ ╚████║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║ ██║ ██║ ██║╚██████╗██║ ██╗
╚══════╝ ╚═════╝ ╚═══╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝
EOF
)
# Simple ASCII art
simple_ascii_art=$(cat <<'EOF'
____ ____ ___ __
/ __/__ _ _________ ____ / __/__ _____ _____ ____ / _ \___ _____/ /__
_\ \/ _ \ |/ / __/ _ `/ _ \ _\ \/ -_) __/ |/ / -_) __/ / ___/ _ `/ __/ '_/
/___/\___/___/_/ \_,_/_//_/ /___/\__/_/ |___/\__/_/ /_/ \_,_/\__/_/\_\
EOF
)
#-------------
# Main Script
#-------------
# Check if script is run as root
if [[ $EUID -ne 0 ]]; then
print_color "red" "This script must be run as root"
exit 1
fi
if [ "$1" = "simple" ] || [ "$USE_SIMPLE_ART" = "true" ]; then
selected_art="$simple_ascii_art"
else
# Check terminal width
if [ "$(tput cols)" -ge 100 ]; then
selected_art="$complex_ascii_art"
else
selected_art="$simple_ascii_art"
fi
fi
clear
echo
display_ascii_art "$selected_art"
echo
center_text "Created by Enki"
center_text "Thanks for using this server setup script"
center_text "This script will walk you through some basic server setup and configuration."
echo
print_color "green" "Starting server setup..."
sleep 5
#--------------------
# Update and upgrade
#--------------------
print_color "yellow" "Checking and updating package sources..."
# Check main sources.list and all files in sources.list.d
check_and_modify_sources "/etc/apt/sources.list"
for file in /etc/apt/sources.list.d/*.list; do
check_and_modify_sources "$file"
done
# Ensure that at least one valid source is present
if ! grep -qE '^deb ' /etc/apt/sources.list /etc/apt/sources.list.d/*.list 2>/dev/null; then
print_color "yellow" "No active package sources found. Adding a default source..."
echo "deb http://deb.debian.org/debian $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list
fi
print_color "yellow" "Updating system..."
apt update > /tmp/apt_update.log 2>&1 &
update_pid=$!
show_progress $update_pid
wait $update_pid
update_status=$?
if [ $update_status -eq 0 ]; then
print_color "green" "Update completed successfully."
else
print_color "red" "Failed to update package lists. Here's the detailed error:"
cat /tmp/apt_update.log
exit 1
fi
print_color "yellow" "Upgrading system..."
DEBIAN_FRONTEND=noninteractive apt upgrade -y > /tmp/apt_upgrade.log 2>&1 &
upgrade_pid=$!
show_progress $upgrade_pid
wait $upgrade_pid
upgrade_status=$?
if [ $upgrade_status -eq 0 ]; then
print_color "green" "Upgrade completed successfully."
else
print_color "red" "Failed to upgrade packages. Here's the detailed error:"
cat /tmp/apt_upgrade.log
exit 1
fi
#---------------------
# Installs Basic Tools
#---------------------
essential_packages=("sudo" "net-tools" "wget" "curl" "git")
missing_packages=()
for package in "${essential_packages[@]}"; do
if ! command -v "$package" &>/dev/null; then
missing_packages+=("$package")
fi
done
if [ ${#missing_packages[@]} -ne 0 ]; then
print_color "yellow" "Installing missing basic packages: ${missing_packages[*]}"
(apt install -y "${missing_packages[@]}" >/dev/null 2>&1) &
show_progress $!
print_color "green" "Basic packages installed."
else
print_color "green" "All essential packages are already installed."
fi
# Ensure sudo is configured correctly
if ! grep -q "^%sudo" /etc/sudoers; then
print_color "yellow" "Configuring sudo..."
echo "%sudo ALL=(ALL:ALL) ALL" >>/etc/sudoers
print_color "green" "Sudo configured."
fi
#----------------------
# Set up non-root user
#----------------------
if prompt_yes_no "Do you want to set up a new non-root user?"; then
read -r -p "Enter new username: " new_user
sudo adduser "$new_user"
sudo usermod -aG sudo "$new_user"
print_color "green" "User $new_user has been created and added to sudo group"
fi
#---------------
# SSH hardening
#---------------
ssh_hardened=false
new_ssh_port=""
if prompt_yes_no "Do you want to harden SSH?"; then
print_color "yellow" "Configuring SSH..."
# Backup original sshd_config
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
# Change SSH port
while true; do
read -r -p "Enter new SSH port (default: 2222): " ssh_port
ssh_port=${ssh_port:-2222}
if [[ "$ssh_port" =~ ^[0-9]+$ ]] && [ "$ssh_port" -ge 1024 ] && [ "$ssh_port" -le 65535 ]; then
break
else
print_color "red" "Invalid port number. Please enter a number between 1024 and 65535."
fi
done
# Apply SSH hardening configurations
sudo sed -i "s/^#Port 22/Port $ssh_port/" /etc/ssh/sshd_config
sudo sed -i 's/^#PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config
sudo sed -i 's/^#PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo sed -i 's/^#PubkeyAuthentication .*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
# Allow only the new user (assuming $new_user is set earlier in the script)
echo "AllowUsers $new_user" | sudo tee -a /etc/ssh/sshd_config > /dev/null
print_color "yellow" "New SSH configuration:"
print_color "yellow" "Port: $ssh_port"
print_color "yellow" "Root login disabled"
print_color "yellow" "Password authentication disabled"
print_color "yellow" "Only user $new_user is allowed to login"
# Test the new configuration
if sudo sshd -t -f /etc/ssh/sshd_config; then
print_color "green" "SSH configuration test passed."
# Restart SSH service
if sudo systemctl is-active --quiet ssh; then
sudo systemctl restart ssh
print_color "green" "SSH service restarted."
else
print_color "yellow" "SSH service not found. You may need to restart it manually."
fi
print_color "green" "SSH has been hardened. Check the end of the script for instructions on setting up an SSH key and logging in."
ssh_hardened=true
new_ssh_port=$ssh_port
else
print_color "red" "SSH configuration test failed. Reverting changes..."
sudo mv /etc/ssh/sshd_config.bak /etc/ssh/sshd_config
print_color "yellow" "Please check your SSH configuration manually"
fi
else
print_color "yellow" "Skipping SSH hardening."
fi
sleep 5
#-------------
# UFW setup
#-------------
if prompt_yes_no "Do you want to install and configure UFW?"; then
print_color "yellow" "Installing and configuring UFW..."
(apt install ufw -y >/dev/null 2>&1) &
show_progress $!
ufw default deny incoming >/dev/null 2>&1
ufw default allow outgoing >/dev/null 2>&1
ufw allow "$ssh_port"/tcp >/dev/null 2>&1
ufw allow 80/tcp >/dev/null 2>&1
ufw allow 443/tcp >/dev/null 2>&1
echo "y" | ufw enable >/dev/null 2>&1
print_color "green" "UFW has been installed and configured"
fi
#---------------
# Fail2Ban setup
#---------------
if prompt_yes_no "Do you want to install and configure Fail2Ban?"; then
print_color "yellow" "Installing and configuring Fail2Ban..."
(apt install fail2ban -y >/dev/null 2>&1) &
show_progress $!
# Create a custom jail configuration
cat <<EOF >/etc/fail2ban/jail.local
[DEFAULT]
bantime = 10m
findtime = 10m
maxretry = 5
# Avoid banning local network
ignoreip = 127.0.0.1/8 ::1
[sshd]
enabled = true
port = $ssh_port
logpath = %(sshd_log)s
backend = %(sshd_backend)s
EOF
systemctl enable fail2ban >/dev/null 2>&1
systemctl start fail2ban >/dev/null 2>&1
print_color "green" "Fail2Ban has been installed and configured"
print_color "yellow" "Default Fail2Ban settings:"
print_color "yellow" "- Ban time: 10 minutes"
print_color "yellow" "- Find time: 10 minutes"
print_color "yellow" "- Max retries: 5"
print_color "yellow" "- Ignored IP: localhost"
print_color "yellow" "You can adjust these settings in /etc/fail2ban/jail.local"
fi
#---------------
# Install Nginx
#---------------
if prompt_yes_no "Do you want to install Nginx?"; then
print_color "yellow" "Installing Nginx..."
(apt install nginx -y > /dev/null 2>&1) &
show_progress $!
systemctl enable nginx > /dev/null 2>&1
systemctl start nginx > /dev/null 2>&1
print_color "green" "Nginx has been installed and started"
fi
#---------------
# Install Docker
#---------------
if prompt_yes_no "Do you want to install Docker?"; then
print_color "yellow" "Installing Docker using the official method..."
# Uninstall old versions
print_color "yellow" "Removing old Docker versions if present..."
for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do
(sudo apt remove $pkg -y -qq > /dev/null 2>&1) &
show_progress $!
done
# Update the apt package index
print_color "yellow" "Updating apt package index..."
(sudo apt update -qq > /dev/null 2>&1) &
show_progress $!
# Install packages to allow apt to use a repository over HTTPS
print_color "yellow" "Installing required packages..."
(sudo apt install ca-certificates curl -y -qq > /dev/null 2>&1) &
show_progress $!
# Add Docker's official GPG key
print_color "yellow" "Adding Docker's official GPG key..."
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Set up the repository
print_color "yellow" "Setting up the Docker repository..."
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# Update the apt package index again
print_color "yellow" "Updating apt package index..."
(sudo apt update -qq > /dev/null 2>&1) &
show_progress $!
# Install Docker Engine, containerd, and Docker Compose
print_color "yellow" "Installing Docker Engine, containerd, and Docker Compose..."
(sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y -qq > /dev/null 2>&1) &
show_progress $!
# Verify Docker installation
if docker --version > /dev/null 2>&1; then
print_color "green" "Docker has been successfully installed."
# Add user to the docker group
print_color "yellow" "Adding $new_user to the docker group..."
sudo usermod -aG docker "$new_user"
# Verify group membership
if id -nG "$new_user" | grep -qw "docker"; then
print_color "green" "$new_user has been successfully added to the docker group."
else
print_color "red" "Failed to add $new_user to the docker group. Please add manually with: sudo usermod -aG docker $new_user"
fi
print_color "yellow" "Please log out and log back in for the group changes to take effect."
print_color "yellow" "After logging back in, you can verify Docker works without sudo by running: docker run hello-world"
else
print_color "red" "Docker installation seems to have failed. Please check the logs and try again."
fi
else
print_color "yellow" "Skipping Docker installation"
fi
#-------------------------
# Install additional tools
#-------------------------
tools=("btop" "goaccess" "ncdu" "mc")
for tool in "${tools[@]}"; do
if prompt_yes_no "Do you want to install $tool?"; then
print_color "yellow" "Installing $tool..."
(apt install "$tool" -y > /dev/null 2>&1) &
show_progress $!
print_color "green" "$tool has been installed"
fi
done
#--------------------------------
# Install Node.js, npm, and Neoss
#--------------------------------
if prompt_yes_no "Do you want to install Neoss? This requires Node.js and npm to be installed as well."; then
print_color "yellow" "Installing Node.js and npm..."
# Download and run the NodeSource setup script
print_color "yellow" "Adding NodeSource repository..."
if curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash - > /dev/null 2>&1; then
print_color "green" "NodeSource repository added successfully."
else
print_color "red" "Failed to add NodeSource repository. Aborting Node.js installation."
return 1
fi
# Install Node.js (which includes npm)
print_color "yellow" "Installing Node.js and npm..."
if apt install -y nodejs > /dev/null 2>&1; then
print_color "green" "Node.js and npm installed successfully."
else
print_color "red" "Failed to install Node.js and npm. Please check your internet connection and try again."
return 1
fi
# Verify installation
if node --version > /dev/null 2>&1 && npm --version > /dev/null 2>&1; then
NODE_VERSION=$(node --version)
NPM_VERSION=$(npm --version)
print_color "green" "Node.js ${NODE_VERSION} and npm ${NPM_VERSION} have been successfully installed"
# Install Neoss
print_color "yellow" "Installing Neoss..."
npm install -g neoss > /tmp/neoss_install.log 2>&1 &
install_pid=$!
show_progress $install_pid
wait $install_pid
install_status=$?
if [ $install_status -eq 0 ]; then
NEOSS_VERSION=$(neoss --version 2>/dev/null || echo "version unknown")
print_color "green" "Neoss installation successful."
print_color "green" "Version: ${NEOSS_VERSION}"
else
print_color "red" "Neoss installation failed. Error log:"
cat /tmp/neoss_install.log
print_color "red" "You can try to install it manually later with 'npm install -g neoss'."
fi
else
print_color "red" "Node.js and npm installation verification failed. Please check the installation manually."
return 1
fi
sleep 0.5
force_scroll 5
else
print_color "yellow" "Skipping Node.js, npm, and Neoss installation"
fi
#------------------------
# Configure log rotation
#------------------------
if prompt_yes_no "Do you want to configure log rotation?"; then
print_color "yellow" "Configuring log rotation..."
# Default settings
rotate_frequency="weekly"
rotate_count=4
rotate_size="100M"
if prompt_yes_no "Do you want to customize global log rotation settings?"; then
read -r -p "Enter rotation frequency (daily/weekly/monthly) [default: weekly]: " custom_frequency
rotate_frequency=${custom_frequency:-$rotate_frequency}
read -r -p "Enter number of log files to keep [default: 4]: " custom_count
rotate_count=${custom_count:-$rotate_count}
read -r -p "Enter max size of log file before rotation (e.g., 100M, 500M, 1G) [default: 100M]: " custom_size
rotate_size=${custom_size:-$rotate_size}
else
print_color "yellow" "Using default settings for global log rotation."
fi
# Update global configuration
cat <<EOF >/etc/logrotate.conf
# Global log rotation settings
${rotate_frequency}
rotate ${rotate_count}
create
compress
dateext
# Rotate log files larger than ${rotate_size} even before the scheduled rotation time
size ${rotate_size}
include /etc/logrotate.d
# System-specific logs may be configured here
EOF
print_color "green" "Global log rotation has been configured with the following settings:"
print_color "yellow" "- Rotation frequency: ${rotate_frequency}"
print_color "yellow" "- Number of log files to keep: ${rotate_count}"
print_color "yellow" "- Max size before rotation: ${rotate_size}"
print_color "yellow" "You can further adjust these settings in /etc/logrotate.conf"
# Nginx-specific configuration
if command -v nginx &>/dev/null || [ -d "/etc/nginx" ]; then
print_color "yellow" "Nginx installation detected."
if prompt_yes_no "Do you want to configure Nginx-specific log rotation?"; then
mkdir -p /etc/logrotate.d
cat <<EOF >/etc/logrotate.d/nginx
/var/log/nginx/*.log {
${rotate_frequency}
missingok
rotate ${rotate_count}
compress
delaycompress
notifempty
create 0640 www-data adm
sharedscripts
maxsize ${rotate_size}
postrotate
if [ -f /var/run/nginx.pid ]; then
kill -USR1 \$(cat /var/run/nginx.pid)
fi
endscript
}
EOF
print_color "green" "Nginx-specific log rotation has been configured."
print_color "yellow" "Nginx log rotation configuration created at /etc/logrotate.d/nginx"
else
print_color "yellow" "Skipping Nginx-specific log rotation configuration."
fi
else
print_color "yellow" "Nginx installation not detected. Skipping Nginx-specific log rotation configuration."
fi
# Docker-specific configuration
if command -v docker &>/dev/null; then
if prompt_yes_no "Docker is installed. Do you want to configure Docker-specific log rotation?"; then
mkdir -p /etc/docker
cat <<EOF >/etc/docker/daemon.json
{
"log-driver": "json-file",
"log-opts": {
"max-size": "${rotate_size}",
"max-file": "${rotate_count}"
}
}
EOF
print_color "green" "Docker-specific log rotation has been configured."
print_color "yellow" "Note: You'll need to restart Docker for these changes to take effect."
if prompt_yes_no "Do you want to restart Docker now?"; then
systemctl restart docker
print_color "green" "Docker has been restarted."
else
print_color "yellow" "Please remember to restart Docker later for the log rotation changes to take effect."
fi
else
print_color "yellow" "Skipping Docker-specific log rotation configuration."
fi
fi
else
print_color "yellow" "Skipping log rotation configuration."
fi
#---------------
# End of Script
#---------------
if [ "$ssh_hardened" = true ]; then
print_color "yellow" "===== IMPORTANT: SSH KEY SETUP ====="
print_color "yellow" "SSH has been hardened. If you haven't set up an SSH key, do so before logging out!"
print_color "yellow" "Please test your SSH connection in a new terminal before closing this session."
print_color "yellow" "Follow these steps on your local machine:"
print_color "yellow" "1. Generate an SSH key:"
print_color "yellow" " ssh-keygen -t ed25519 -C 'your_email@example.com'"
print_color "yellow" "2. Copy the key to your server:"
print_color "yellow" " ssh-copy-id -i ~/.ssh/id_ed25519.pub -p $ssh_port $new_user@your_server_ip"
print_color "yellow" "3. Test your new key:"
print_color "yellow" " ssh -p $ssh_port $new_user@your_server_ip"
print_color "yellow" "4. If successful, run this script again to disable password authentication."
print_color "yellow" "If you can't connect, check your SSH configuration at /etc/ssh/sshd_config"
print_color "yellow" "====================================="
fi
print_color "green" "Server setup complete!"

289
Personal Server Scripts/vaultwarden.sh Normal file
View File

@ -0,0 +1,289 @@
#!/bin/bash
# Function to show progress
show_progress() {
local pid=$1
local delay=0.1
local spinstr='⠋⠙⠹⠸⠼⠴⠦⠧⠇⠏'
local start_time=$(date +%s)
printf " "
while ps -p "$pid" > /dev/null 2>&1; do
local temp=${spinstr#?}
printf "\r[%c] " "$spinstr"
local spinstr=$temp${spinstr%"$temp"}
sleep $delay
local current_time=$(date +%s)
local elapsed=$((current_time - start_time))
printf "%02d:%02d" $((elapsed / 60)) $((elapsed % 60))
done
printf "\r[✓] Done! \n"
}
# Function to print colored output
print_color() {
case $1 in
"green") echo -e "\e[32m$2\e[0m" ;;
"red") echo -e "\e[31m$2\e[0m" ;;
"yellow") echo -e "\e[33m$2\e[0m" ;;
esac
sleep 0.1
}
# Function to center text
center_text() {
local text="$1"
local width
width=$(tput cols) || return
local padding=$(( (width - ${#text}) / 2 ))
printf "%${padding}s%s\n" '' "$text"
}
# Function to install necessary packages
install_dependencies() {
print_color "yellow" "Installing dependencies..."
(sudo apt update -q && sudo apt install -y -q wget curl sudo > /dev/null 2>&1) &
show_progress $!
print_color "green" "Dependencies installed successfully."
}
# Function to create vaultwarden user if it doesn't exist
create_vaultwarden_user() {
if ! command -v useradd &> /dev/null; then
print_color "yellow" "useradd command not found. Installing..."
(sudo apt install -y passwd > /dev/null 2>&1) &
show_progress $!
fi
if ! id "vaultwarden" &>/dev/null; then
print_color "yellow" "Creating vaultwarden user..."
(sudo useradd -r -s /bin/false vaultwarden > /dev/null 2>&1) &
show_progress $!
print_color "green" "Vaultwarden user created successfully."
else
print_color "green" "Vaultwarden user already exists."
fi
}
# Function to extract without Docker
extract_without_docker() {
print_color "yellow" "Extracting Vaultwarden binaries..."
(
mkdir -p vw-image
cd vw-image
wget -q https://raw.githubusercontent.com/jjlin/docker-image-extract/main/docker-image-extract
chmod +x docker-image-extract
./docker-image-extract vaultwarden/server:latest-alpine
sudo mv output/vaultwarden /home/vaultwarden/
sudo mv output/web-vault /home/vaultwarden/
cd ..
rm -rf vw-image
sudo mkdir -p /home/vaultwarden/data
) &> /dev/null &
show_progress $!
if [ -f "/home/vaultwarden/vaultwarden" ] && [ -d "/home/vaultwarden/web-vault" ]; then
print_color "green" "Extraction complete."
else
print_color "red" "Extraction failed. Please check the logs and try again."
exit 1
fi
}
# Create systemd service file
create_systemd_service() {
print_color "yellow" "Creating systemd service file..."
sudo tee /etc/systemd/system/vaultwarden.service > /dev/null << EOF
[Unit]
Description=Vaultwarden Server
After=network.target
[Service]
User=vaultwarden
Group=vaultwarden
ExecStart=/home/vaultwarden/vaultwarden
WorkingDirectory=/home/vaultwarden
EnvironmentFile=/home/vaultwarden/.env
[Install]
WantedBy=multi-user.target
EOF
print_color "green" "Systemd service file created successfully."
}
# Function to create .env file
create_env_file() {
print_color "yellow" "Setting up Vaultwarden configuration..."
read -p "Enter domain name for Vaultwarden (e.g., vault.example.com): " DOMAIN
print_color "yellow" "Creating .env file..."
sudo tee /home/vaultwarden/.env > /dev/null << EOF
DOMAIN=https://$DOMAIN
ROCKET_PORT=8000
DATA_FOLDER=/home/vaultwarden/data
WEB_VAULT_FOLDER=/home/vaultwarden/web-vault
EOF
(sudo chown vaultwarden:vaultwarden /home/vaultwarden/.env &&
sudo chmod 600 /home/vaultwarden/.env) &
show_progress $!
print_color "green" "Vaultwarden configuration file created successfully."
}
# Function to set up Nginx
setup_nginx() {
if ! command -v nginx &> /dev/null; then
print_color "yellow" "Nginx not found. Installing..."
(sudo apt update && sudo apt install -y nginx > /dev/null 2>&1) &
show_progress $!
fi
print_color "yellow" "Configuring Nginx for Vaultwarden..."
sudo tee /etc/nginx/sites-available/vaultwarden > /dev/null << EOF
server {
listen 80;
server_name $DOMAIN;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
}
}
EOF
sudo ln -sf /etc/nginx/sites-available/vaultwarden /etc/nginx/sites-enabled/
print_color "yellow" "Testing Nginx configuration..."
if sudo nginx -t; then
(sudo systemctl reload nginx > /dev/null 2>&1) &
show_progress $!
print_color "green" "Nginx configured and reloaded successfully."
else
print_color "red" "Nginx configuration test failed. Please check your configuration."
fi
}
# Function to install Certbot
install_certbot() {
print_color "yellow" "Installing Certbot..."
(sudo apt update &&
sudo apt install -y snapd &&
sudo snap install core &&
sudo snap refresh core &&
sudo snap install --classic certbot &&
sudo ln -s /snap/bin/certbot /usr/bin/certbot) &
show_progress $!
print_color "green" "Certbot installed successfully."
}
# Function to set up admin panel
setup_admin_panel() {
print_color "yellow" "Setting up admin panel..."
# Install argon2 if not already installed
if ! command -v argon2 &> /dev/null; then
print_color "yellow" "Installing argon2..."
(sudo apt update && sudo apt install -y argon2 > /dev/null 2>&1) &
show_progress $!
fi
# Prompt for admin password
read -sp "Enter the admin password: " admin_password
echo
print_color "yellow" "Generating admin token..."
# Generate argon2 hash
admin_token=$(echo -n "$admin_password" | argon2 $(openssl rand -base64 32) -e -id -k 65540 -t 3 -p 4)
# Append admin token to .env file
print_color "yellow" "Updating .env file with admin token..."
(echo "ENABLE_ADMIN=true" | sudo tee -a /home/vaultwarden/.env > /dev/null
echo "ADMIN_TOKEN='$admin_token'" | sudo tee -a /home/vaultwarden/.env > /dev/null) &
show_progress $!
print_color "green" "Admin panel has been enabled successfully."
}
#-------------
# Main script
#-------------
# Check if script is run as root
if [ "$EUID" -ne 0 ]; then
echo "This script must be run as root. Please use sudo or run as root."
exit 1
fi
# Welcome Message
cat <<"EOF"
██╗ ██╗ █████╗ ██╗ ██╗██╗ ████████╗██╗ ██╗ █████╗ ██████╗ ██████╗ ███████╗███╗ ██╗
██║ ██║██╔══██╗██║ ██║██║ ╚══██╔══╝██║ ██║██╔══██╗██╔══██╗██╔══██╗██╔════╝████╗ ██║
██║ ██║███████║██║ ██║██║ ██║ ██║ █╗ ██║███████║██████╔╝██║ ██║█████╗ ██╔██╗ ██║
╚██╗ ██╔╝██╔══██║██║ ██║██║ ██║ ██║███╗██║██╔══██║██╔══██╗██║ ██║██╔══╝ ██║╚██╗██║
╚████╔╝ ██║ ██║╚██████╔╝███████╗██║ ╚███╔███╔╝██║ ██║██║ ██║██████╔╝███████╗██║ ╚████║
╚═══╝ ╚═╝ ╚═╝ ╚═════╝ ╚══════╝╚═╝ ╚══╝╚══╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝ ╚══════╝╚═╝ ╚═══╝
███████╗███████╗████████╗██╗ ██╗██████╗
██╔════╝██╔════╝╚══██╔══╝██║ ██║██╔══██╗
███████╗█████╗ ██║ ██║ ██║██████╔╝
╚════██║██╔══╝ ██║ ██║ ██║██╔═══╝
███████║███████╗ ██║ ╚██████╔╝██║
╚══════╝╚══════╝ ╚═╝ ╚═════╝ ╚═╝
EOF
echo
center_text "Created by Enki"
center_text "Thanks for using this Vaultwarden installation script"
center_text "This script will install Vaultwarden server and configure it to start at boot."
center_text "It can also set up the Vaultwarden web server on your domain."
echo
print_color "yellow" "Make sure you have pointed your domain to this server's IP address before proceeding if you are not installing localy."
if [ -t 0 ]; then
print_color "green" "Press any key to continue..."
read -n 1 -s -r -p ""
fi
echo
print_color "green" "Starting Vaultwarden installation..."
install_dependencies
create_vaultwarden_user
sudo mkdir -p /home/vaultwarden
extract_without_docker
# Create .env file
create_env_file
# Create systemd service
create_systemd_service
# Set correct permissions
print_color "yellow" "Setting correct permissions..."
(sudo chown -R vaultwarden:vaultwarden /home/vaultwarden) &
show_progress $!
print_color "green" "Permissions set successfully."
# Offer to set up Nginx
read -p "Would you like to set up Nginx as a reverse proxy? (y/n) " setup_nginx_answer
if [[ $setup_nginx_answer =~ ^[Yy]$ ]]; then
setup_nginx
install_certbot
print_color "yellow" "You can set up SSL later by running: sudo certbot --nginx -d $DOMAIN"
fi
# Enable and start Vaultwarden service
print_color "yellow" "Enabling and starting Vaultwarden service..."
(sudo systemctl enable vaultwarden && sudo systemctl start vaultwarden) &
show_progress $!
print_color "green" "Vaultwarden service enabled and started."
print_color "green" "Vaultwarden has been installed and configured."
print_color "yellow" "Please ensure your firewall allows traffic on ports 80 and 443 (if using HTTPS)."
print_color "yellow" "If you didn't set up Nginx, make sure to allow traffic on port 8000 as well."
# Offer to set up admin panel
read -p "Would you like to enable the admin panel? (y/n) " setup_admin_answer
if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then
setup_admin_panel
# Restart Vaultwarden to apply changes
print_color "yellow" "Restarting Vaultwarden to apply changes..."
(sudo systemctl restart vaultwarden) &
show_progress $!
print_color "green" "Vaultwarden restarted successfully."
fi
print_color "green" "Vaultwarden installation complete!"
if [[ $DOMAIN ]]; then
print_color "yellow" "You can access your Vaultwarden instance at: https://$DOMAIN"
if [[ $setup_admin_answer =~ ^[Yy]$ ]]; then
print_color "yellow" "Admin panel is available at: https://$DOMAIN/admin"
fi
fi

38
README.md
View File

@ -12,37 +12,49 @@
# How to use these scripts # How to use these scripts
---------------------------- ----------------------------
These should work on most Debian based distros that use apt. These should work on most Debian based distros.
If you're using a GUI, then you can download the zip file. If you're using a GUI, then you can download the zip file.
Unzip and open the folder. Unzip and open the folder.
Find the script (or set of scripts.) that you want to use right click, look for the permissions section and tick the "run as program" permission. Find the script (or set of scripts.) that you want to use right click, look for the permissions section and tick the "run as program" permission. Right click on a folder select "Open in terminal" then type `ls` this will show whats in the folder
Right click on a folder select "Open in terminal" then type `ls` this will show whats in the folder
then `sudo ./full_script_name.sh`. You might need to provide an admin password. then `sudo ./full_script_name.sh`. You might need to provide an admin password.
If you are running 'headless' and dont have Git installed yet you can run : If you are running 'headless' and dont have Git installed yet you can run :
`wget https://github.com/Enkimin/Sovran-Scripts/archive/main.tar.gz` `wget https://git.sovbit.dev/Enki/sovran-scripts/archive/main.tar.gz`\
`tar -xzf main.tar.gz` `tar -xzf main.tar.gz`\
`cd main` `cd main`\
`ls` `ls`\
`cd folder_name` `cd folder_name`\
`sudo ./script_name.sh` `sudo ./script_name.sh`
If Git is installed use : If Git is installed use :
`git clone https://github.com/Enkimin/Sovran-Scripts.git` `git clone https://git.sovbit.dev/Enki/sovran-scripts.git`\
`cd Sovran-Scripts` `cd Sovran-Scripts`\
`ls` `ls`\
`cd folder_name` `cd folder_name`\
`sudo ./script_name.sh` `sudo ./script_name.sh`
All the scripts need to be given permission to execute, you can do this with:
`chmod +x scriptname.sh`
------------
## Scripts ## Scripts
### List of scripts and what they do. ------------
## Bitcoin
------------ ------------
### coreinstall.sh ### coreinstall.sh
- This script walks the user through the process of installing TOR, I2P, and Bitcoin Core plus configures Core to use whatever network is installed. - This script walks the user through the process of installing TOR, I2P, and Bitcoin Core plus configures Core to use whatever network is installed.
----------------------
### Personal Server
----------------------
### Server Setup
- This script does some basic server setup. It will harden SSH, setup a non-root user, install some basic tools, configure log rotation, install docker and nginx, and install UFW and Fail2Ban with some basic configuration. All optional wth user input for most configuration settings.
### Vault Warden
- Installs and configures Vault Warden. Will also install nginx, certbot and add Vault Warden to systemd for easy management.