SimplifiedPrivacy/HydraVeil-Node-Operator-Toolkit
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
HydraVeil-Node-Operator-Too.../server-side/step3_node_setup_as_user_with_sudo.py

111 lines
4.2 KiB
Python
Raw Blame History

#!/bin/bash -eu
############################################################################
# #
# Run this as the Linux user (and NOT as root) #
# #
############################################################################
# Input variables
read -p "Enter a domain name for our internal API to find you. End users won't see this domain, just our API and the SSL renewal. For example, \"example.com\": " PUBLIC_DOMAIN
export PUBLIC_DOMAIN=$PUBLIC_DOMAIN
read -p "Enter an email for SSL renewal errors. For example, \"you@example.com\": " PUBLIC_EMAIL
export PUBLIC_EMAIL=$PUBLIC_EMAIL
############################################################################
# #
# Setup UFW #
# #
############################################################################
sudo apt install ufw
sudo ufw default deny incoming
sudo ufw allow OpenSSH
sudo ufw allow 20203
sudo ufw allow 51820
sudo ufw allow 8080
sudo ufw allow 8081
sudo ufw allow 53
sudo ufw allow 1080
sudo ufw allow 443
sudo ufw allow 80
sudo ufw show added
echo "Enabling the Firewall"
sudo ufw enable -y
sleep 2
#sudo ufw status verbose
############################################################################
# #
# Installation of docker and it's dependencies #
# #
############################################################################
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update && apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sleep 2
############################################################################
# #
# Setup HydraVeil #
# #
############################################################################
# Install git & Generate API token
sudo apt install git pwgen -y
export API_TOKEN=$(pwgen -s 48 1)
### Get it:
read -p "are you doing IPv6 or IPv4? say '6' or '4' (6/4): " ARE_THEY_USING_IPV6
# Check the user's answer
if [[ "$ARE_THEY_USING_IPV6" == "6" ]]; then
REPO_URL="git@git.simplifiedprivacy.com:codeking/sp-env-wireguard-ipv6.git"
elif [[ "$ARE_THEY_USING_IPV6" == "4" ]]; then
REPO_URL="git@git.simplifiedprivacy.com:codeking/sp-env-wireguard-ipv4.git"
else
echo "Please answer with 'yes' or 'no'."
fi
# deal with permissions issue of user
if [ "$EUID" -eq 0 ]; then
# Output the original user who invoked sudo
export original_user=$SUDO_USER
echo "The script is being run as root. The original user is: $original_user"
else
# Output the current user (not root)
export original_user=$(whoami)
echo "The current user is: $original_user"
fi
# Clone the repository while trusting the fingerprint
sudo -u $original_user GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git clone "$REPO_URL" wireguard
cd wireguard
# make config file:
echo "
SERVER_URL=$PUBLIC_DOMAIN
API_TOKEN=$API_TOKEN
COMPOSE_PROFILES=dedicated
# Dedicated
CERTBOT_EMAIL=$PUBLIC_EMAIL
# Shared
API_TLS_CERTIFICATE=
API_TLS_PRIVATE_KEY=
" > .env
sudo docker compose up -d --force-recreate
sleep 3
PUB_WIREGUARD_KEY=$(sudo docker exec -it wireguard wg | grep public)
echo
echo
echo
echo "
Give this to Simplified Privacy,
WireGuard Public Key:
$PUB_WIREGUARD_KEY
(this is what you're signing)
API TOKEN PASS:
$API_TOKEN
"
Reference in a new issue View git blame Copy permalink