-
Notifications
You must be signed in to change notification settings - Fork 10
/
raspberry.sh
120 lines (99 loc) · 3.34 KB
/
raspberry.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
#!/bin/bash
# sudo check
if [ `whoami` = root ];
then
echo Please do not run this script as root or using sudo
return 1 2>/dev/null
exit 1
fi
# Check for dpkg lock
while sudo fuser /var/{lib/{dpkg,apt/lists},cache/apt/archives}/lock >/dev/null 2>&1; do
sleep 1
echo "Waiting... dpkg lock"
done
# Start the system upgrade
echo "Updating system"
sudo apt update
sudo apt upgrade -y
sudo apt dist-upgrade -y
sudo apt autoremove --purge -y
# Enable firewall and allow only port 22
echo "Enable firewall"
sudo apt install ufw -y
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22
sudo ufw enable
# Install tmux
sudo apt install tmux -y
echo "set -g terminal-overrides 'xterm*:smcup@:rmcup@'" > .tmux.conf
# Install fail2ban
sudo apt-get install fail2ban -y
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo wget https://raw.githubusercontent.com/daboynb/linux_scripts/main/jail.local -O /etc/fail2ban/jail.local
sudo service fail2ban restart
# Keep the pi updated
update_script="$HOME/update.sh"
create_update_script() {
cat << EOF > ${update_script}
#!/bin/bash
# Check for dpkg lock
while sudo fuser /var/{lib/{dpkg,apt/lists},cache/apt/archives}/lock >/dev/null 2>&1; do
sleep 1
echo "Waiting... dpkg lock"
done
# Start the system upgrade
echo "Updating system"
sudo apt update
sudo apt upgrade -y
sudo apt dist-upgrade -y
EOF
}
create_update_script
chmod +x $update_script
(crontab -l ; echo "0 */6 * * * $HOME/update.sh") | crontab -
sudo systemctl restart cron
# Add logo and infos when you log with ssh
SCRIPT_CONTENT=$(cat << 'EOF'
echo "$(tput setaf 2)
.. ..
'. \ ' ' / .'
.~ .~~~..~. $(tput sgr0) _ _ $(tput setaf 1)
: .~.'~'.~. : $(tput sgr0) ___ ___ ___ ___| |_ ___ ___ ___ _ _ ___|_|$(tput setaf 1)
~ ( ) ( ) ~ $(tput sgr0) | _| .'|_ -| . | . | -_| _| _| | | | . | |$(tput setaf 1)
( : '~'.~.'~' : ) $(tput sgr0) |_| |__,|___| _|___|___|_| |_| |_ | | _|_|$(tput setaf 1)
~ .~ ( ) ~. ~ $(tput sgr0) |_| |___| |_| $(tput setaf 1)
( : '~' : )
'~ .~~~. ~'
'~'
$(tput sgr0)"
echo ""
free_storage=$(df -h / | awk '{print $4}' | tail -n 1)
echo "$(tput setaf 4)Free Storage: ${free_storage} $(tput sgr0)"
used_mem=$(free -m | awk '/^Mem:/ {print $3}')
total_mem=$(free -m | awk '/^Mem:/ {print $2}')
echo "$(tput setaf 4)RAM Usage: Used: ${used_mem} MB / Free: $((total_mem - used_mem)) MB / Total: ${total_mem} MB$(tput sgr0)"
EOF
)
echo "$SCRIPT_CONTENT" >> "/$HOME/.bashrc"
# Add tmux session when you log with ssh
# https://stackoverflow.com/a/40192494/19680438
SCRIPT_CONTENT=$(cat << 'EOF'
if [[ $- =~ i ]] && [[ -z "$TMUX" ]] && [[ -n "$SSH_TTY" ]]; then
tmux attach-session -t ssh_tmux || tmux new-session -s ssh_tmux
fi
EOF
)
echo "$SCRIPT_CONTENT" >> "/$HOME/.bashrc"
# Disable motd
touch "$HOME/.hushlogin"
# Update .bashrc
echo "To apply run this command 👉 'source .bashrc' "
# Install docker
curl -sSL https://get.docker.com | sh
sudo usermod -aG docker $USER
# Portainer
sudo docker pull portainer/portainer-ce:latest
sudo docker run -d -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
# Argon case
# curl https://download.argon40.com/argon1.sh | bash