#!/bin/bash -eu ############################################################################ # # # Run this as the Linux user with sudo (but NOT as root) # # # ############################################################################ # Input variables read -p "Enter a domain name for our internal API to find you. End users won't see this domain, just our API and the SSL renewal. For example, \"example.com\": " PUBLIC_DOMAIN export PUBLIC_DOMAIN=$PUBLIC_DOMAIN read -p "Enter an email for SSL renewal errors. For example, \"you@example.com\": " PUBLIC_EMAIL export PUBLIC_EMAIL=$PUBLIC_EMAIL ############################################################################ # # # Setup UFW # # # ############################################################################ sudo apt install ufw sudo ufw default deny incoming sudo ufw allow OpenSSH sudo ufw allow 20203 sudo ufw allow 51820 sudo ufw allow 8080 sudo ufw allow 8081 sudo ufw allow 53 sudo ufw allow 1080 sudo ufw allow 443 sudo ufw allow 80 sudo ufw show added echo "Enabling the Firewall" sudo ufw enable -y sleep 2 #sudo ufw status verbose ############################################################################ # # # Installation of docker and it's dependencies # # # ############################################################################ install -m 0755 -d /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc chmod a+r /etc/apt/keyrings/docker.asc # Add the repository to Apt sources: echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \ $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ tee /etc/apt/sources.list.d/docker.list > /dev/null apt update && apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin sleep 2 ############################################################################ # # # Setup HydraVeil # # # ############################################################################ # Install git & Generate API token sudo apt install git pwgen -y export API_TOKEN=$(pwgen -s 48 1) ### Get it: read -p "are you doing IPv6 or IPv4? say '6' or '4' (6/4): " ARE_THEY_USING_IPV6 # Check the user's answer if [[ "$ARE_THEY_USING_IPV6" == "6" ]]; then REPO_URL="git@git.simplifiedprivacy.com:codeking/sp-env-wireguard-ipv6.git" #git clone git@git.simplifiedprivacy.com:codeking/sp-env-wireguard-ipv6.git wireguard elif [[ "$ARE_THEY_USING_IPV6" == "4" ]]; then REPO_URL="git@git.simplifiedprivacy.com:codeking/sp-env-wireguard-ipv4.git" #git clone git@git.simplifiedprivacy.com:codeking/sp-env-wireguard-ipv4.git wireguard else echo "Please answer with 'yes' or 'no'." fi # deal with permissions issue of user if [ "$EUID" -eq 0 ]; then # Output the original user who invoked sudo export original_user=$SUDO_USER echo "The script is being run as root. The original user is: $original_user" else # Output the current user (not root) export original_user=$(whoami) echo "The current user is: $original_user" fi # Clone the repository while trusting the fingerprint sudo -u $original_user GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git clone "$REPO_URL" wireguard cd wireguard # make config file: echo " SERVER_URL=$PUBLIC_DOMAIN API_TOKEN=$API_TOKEN COMPOSE_PROFILES=dedicated # Dedicated CERTBOT_EMAIL=$PUBLIC_EMAIL # Shared API_TLS_CERTIFICATE= API_TLS_PRIVATE_KEY= " > .env sudo docker compose up -d --force-recreate sleep 3 PUB_WIREGUARD_KEY=$(sudo docker exec -it wireguard wg | grep public) echo echo echo echo " Give these TWO things to Simplified Privacy, 1) WireGuard Public Key is: $PUB_WIREGUARD_KEY (This is what you're signing, it should not be be blank ABOVE this line) 2) API TOKEN PASS is: $API_TOKEN "