#!/bin/bash # As 'bash -x' is ignored above, when pipe has already launched bash set -x # "-m" creates homedir /home/iiab-admin, "-s /bin/bash" overrides /bin/sh # useradd -m -s /bin/bash -G sudo iiab-admin if [ $# -eq 0 ]; then echo root:g0adm1n | chpasswd else echo "root:$1" | chpasswd fi /usr/bin/apt update /usr/bin/apt -y install openssh-server ncat nmap openvpn # /etc/ssh/sshd_config.d/60-cloudimg-settings.conf sometimes contains # "PasswordAuthentication no" (due to Multipass / cloud-init on Ubuntu 22.10 ?) mv /etc/ssh/sshd_config.d/* ~ if grep -q '^PermitRootLogin[[:blank:]]' /etc/ssh/sshd_config ; then sed -i 's/^PermitRootLogin[[:blank:]].*/PermitRootLogin yes/' /etc/ssh/sshd_config else echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config fi if grep -q '^PasswordAuthentication[[:blank:]]' /etc/ssh/sshd_config ; then sed -i 's/^PasswordAuthentication[[:blank:]].*/PasswordAuthentication yes/' /etc/ssh/sshd_config else echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config fi systemctl restart ssh mkdir -p /etc/openvpn/keys /etc/openvpn/scripts cd /etc/openvpn/keys/ wget https://raw.githubusercontent.com/iiab/iiab/master/roles/openvpn/templates/ca.crt -O ca.crt wget https://raw.githubusercontent.com/iiab/iiab/master/roles/openvpn/templates/client1.crt -O client1.crt chmod 644 ca.crt client1.crt wget https://raw.githubusercontent.com/iiab/iiab/master/roles/openvpn/templates/client1.key -O client1.key chmod 600 client1.key cd /etc/openvpn/scripts/ wget https://raw.githubusercontent.com/iiab/iiab/master/roles/openvpn/templates/announce -O announce wget https://raw.githubusercontent.com/iiab/iiab/master/roles/openvpn/templates/announcer -O announcer wget https://raw.githubusercontent.com/iiab/iiab/master/roles/openvpn/templates/silence -O silence chmod 755 announce announcer silence cd /etc/openvpn/ wget https://iiab.io/packages/xscenet.conf -O xscenet.conf chmod 644 xscenet.conf systemctl daemon-reload systemctl restart openvpn # Nice idea, but OpenVPN IP address is usually not quite ready! # hostname -I