New direction; removed wireguard, readme update
This commit is contained in:
24
provision.sh
24
provision.sh
@@ -4,7 +4,6 @@
|
||||
# [server_id!] - the servers id
|
||||
# [keystonepublickey!] - keystone's public key
|
||||
# [callback!] - callback url
|
||||
# [internal_ip_ending!] - internal ip ending
|
||||
|
||||
apt_wait() {
|
||||
while fuser /var/lib/dpkg/lock >/dev/null 2>&1; do
|
||||
@@ -35,7 +34,7 @@ apt update
|
||||
apt_wait
|
||||
apt upgrade -y
|
||||
apt_wait
|
||||
apt install unzip curl fail2ban ufw wireguard -y
|
||||
apt install unzip curl fail2ban ufw -y
|
||||
|
||||
# No password logins
|
||||
sed -i "/PasswordAuthentication yes/d" /etc/ssh/sshd_config
|
||||
@@ -52,11 +51,6 @@ if [ ! -d /root/.ssh ]; then
|
||||
touch /root/.ssh/authorized_keys
|
||||
fi
|
||||
|
||||
# Create the wireguard directory
|
||||
if [ ! -d /root/.wg ]; then
|
||||
mkdir -p /root/.wg
|
||||
fi
|
||||
|
||||
# Set The Hostname If Necessary
|
||||
echo "[!hostname!]" > /etc/hostname sed -i 's/127\.0\.0\.1.*localhost/127.0.0.1 [!hostname!].localdomain [!hostname!] localhost/' /etc/hosts
|
||||
hostname [!hostname!]
|
||||
@@ -65,7 +59,6 @@ hostname [!hostname!]
|
||||
useradd keystone
|
||||
mkdir -p /home/keystone/.ssh
|
||||
mkdir -p /home/keystone/.keystone
|
||||
mkdir -p /home/keystone/.wg
|
||||
adduser keystone sudo
|
||||
|
||||
# Setup Bash For Keystone User
|
||||
@@ -91,16 +84,6 @@ ssh-keygen -f /home/keystone/.ssh/id_ed25519 -t ed25519 -N ''
|
||||
# Restart SSH
|
||||
service ssh restart
|
||||
|
||||
# Create the wireguard key pairs
|
||||
wg genkey > /root/.wg/privatekey
|
||||
wg pubkey < /root/.wg/privatekey > /root/.wg/publickey
|
||||
|
||||
# Configure wireguard
|
||||
ip link add dev wg0 type wireguard
|
||||
ip address add dev wg0 192.168.2.[!internal_ip_ending!]/24
|
||||
wg set wg0 listen-port 51820 private-key /root/.wg/privatekey
|
||||
ip link set up dev wg0
|
||||
|
||||
# Setup Keystone Home Directory Permissions
|
||||
chown -R keystone:keystone /home/keystone
|
||||
chmod -R 755 /home/keystone
|
||||
@@ -108,7 +91,6 @@ chmod 700 /home/keystone/.ssh/id_rsa
|
||||
|
||||
# Setup UFW Firewall
|
||||
ufw allow 22
|
||||
ufw allow 51820 # wireguard
|
||||
ufw --force enable
|
||||
|
||||
# Add Keystone User To www-data Group
|
||||
@@ -168,7 +150,5 @@ APT::Periodic::AutocleanInterval "7";
|
||||
APT::Periodic::Unattended-Upgrade "1";
|
||||
EOF
|
||||
|
||||
INTERNAL_PUBLIC_KEY="$(cat /root/.wg/publickey)"
|
||||
|
||||
# Callback that the server is installed
|
||||
curl --insecure --data "server_id=[!server_id!]&internal_public_key=$INTERNAL_PUBLIC_KEY" [!callback!]
|
||||
curl --insecure --data "server_id=[!server_id!]" [!callback!]
|
||||
Reference in New Issue
Block a user