diff options
| author | Aleksa Vučković <aleksav013@gmail.com> | 2021-08-19 19:07:01 +0200 |
|---|---|---|
| committer | Aleksa Vučković <aleksav013@gmail.com> | 2021-08-19 19:07:01 +0200 |
| commit | af573a324938b5657b602a77988b0ef5689a2709 (patch) | |
| tree | 88f75378f4252f9163ef4cb68b794ad9b37ee4cf | |
| parent | e4700bf2500433c2393d32add5b91bb1bbbb5d5a (diff) | |
Initial commit
| -rwxr-xr-x | pisetup | 92 |
1 files changed, 92 insertions, 0 deletions
@@ -0,0 +1,92 @@ +!/bin/bash + +# prepare os + +#unzip -p <arm64_lite>.img | dd of=/dev/mmcblk0 conv=fsync bs=4M status=progress +#mount /dev/mmcblk0#p1 /mnt +#cd /mnt +#touch ssh +#add those lines to config.txt +disable_overscan=1 +over_voltage=6 +arm_freq=2147 +gpu_freq=750 + + + +# update system +apt update +apt dist-upgrade +apt upgrade +apt autoremove +rpi-eeprom-update + +# install tools +apt install tmux neovim ranger neofetch + +#ssh-copy-id -i .ssh/id_rsa.pub pi@192.168.0.22 +#passwd + +# set ssh to accept only keys on localhost* +vim /etc/ssh/sshd_config +#add those lines +PermitRootLogin no +PasswordAuthentication no +service sshd restart + + +# install pihole & pivpn +curl -L https://install.pivpn.io | bash +curl -sSL https://install.pi-hole.net | bash +#change pihole password +pihole -a -p + +# 80 -> 8080 lighttp +sed -i "s/80/8080/" /etc/lighttpd/lighttpd.conf +service lighttpd restart + +# installing +apt install nginx certbot python3-certbot-nginx ufw fail2ban prosody + +# move default index page to /var/www/html/default +mkdir /var/www/html/default +mv /var/www/html/index* /var/www/html/default +sed -i "s/w\/html/w\/html\/default/" /etc/nginx/sites-available/default +service nginx restart + +# configure nginx to prevent spam +limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; +limit_req zone=one; + +# ufw & fail2ban +pivpn -d +vim /etc/default/ufw "disable ipv6" +ufw allow from 192.168.0.0/24 +ufw allow from 10.8.0.0/24 +ufw allow 80/tcp +ufw allow 443/tcp +ufw allow XMPP +ufw enable + +# certbot +certbot -d gajba.cf --nginx +certbot certonly -d conference.gajba.cf --nginx + +# ovpns +pivpn add -n aleksa + +# prosody +admins = { "aleksa@gajba.cf" } +VirtualHost "gajba.cf" +service prosody restart +sudo prosodyctl --root cert import /etc/letsencrypt/live/ +sudo prosodyctl adduser aleksa@gajba.cf + +# mail server +# in progress + +# that's it +reboot + +# testing +for i in {nginx,ufw,fail2ban,prosody}; do service $i status | grep Active; done |