From ae8c5d9c3e39af837fe6f02b3df917e84fe67abe Mon Sep 17 00:00:00 2001 From: Doc Date: Sun, 14 Dec 2025 21:03:24 -0500 Subject: [PATCH] Improved appearance. Added error checking. --- scripts/bootstrap-vps-debian12.sh | 176 +++++++++++++++++++++++++++--- 1 file changed, 160 insertions(+), 16 deletions(-) diff --git a/scripts/bootstrap-vps-debian12.sh b/scripts/bootstrap-vps-debian12.sh index b6dc0aa..a4d1868 100644 --- a/scripts/bootstrap-vps-debian12.sh +++ b/scripts/bootstrap-vps-debian12.sh @@ -9,33 +9,152 @@ if [[ "${UID}" -ne 0 ]]; then exit 1 fi -ANSIUSER=ansiuser +ANSIUSER=${1:-ansiuser} ANSIUSERDIR=/home/$ANSIUSER -TMP_PORT=46347 +TMP_PORT=${2:-46347} + +cat << EOF + + +##################### +# Updating System # +##################### + +EOF # Update to current apt update && apt upgrade -y +err=$? +# Was there an error +if [ $err -ne 0 ]; then + cat << EOF -# Install requirements -apt install -y --no-install-recommends openssh-client openssh-server sudo git curl wget +########################################### +# # # # # # # # # # # # # # # # # # # # # # +### ERROR while updating the system! ### +# # # # # # # # # # # # # # # # # # # # # # +########################################### -# Create a user for Ansible +Correct the issues and try again. Exiting. + +EOF + exit $err +fi + +cat << EOF + + +############################# +# Installing ssh and sudo # +############################# + +EOF + +apt install -y --no-install-recommends openssh-client openssh-server sudo +err=$? + +if [ $err -ne 0 ]; then + cat << EOF + +############################################### +# # # # # # # # # # # # # # # # # # # # # # # # +### ERROR while installing ssh and sudo! ### +# # # # # # # # # # # # # # # # # # # # # # # # +############################################### + +Correct the issues and try again. Exiting. + +EOF + exit $err +fi + +cat << EOF + + +################################### +# Creating and configuring user # +################################### + +EOF + +echo -e "- Creating user '$ANSIUSER'..." useradd -m -s /bin/bash -c "Ansible User" $ANSIUSER -echo "Configuring sudo for user $ANSIUSER" +echo "- Configuring sudo for user '$ANSIUSER'..." usermod -aG sudo $ANSIUSER mkdir -p /etc/sudoers.d cat << EOF > /etc/sudoers.d/99-ansible-user $ANSIUSER ALL=(ALL) NOPASSWD:ALL EOF + echo "" mkdir -p $ANSIUSERDIR/.ssh -# Prompt to paste public key -echo "Paste public key for $ANSIUSER. Ctl+d when done." ; cat >> $ANSIUSERDIR/.ssh/authorized_keys -echo "" -echo "Configuring ssh..." +# Prompt to paste public key +cat << EOF + + +######################################################## +# IMPORTANT! | # +#-------------+ # +# # +# Past public key for '$ANSIUSER'. # +# Ctrl+d when done. # +# # +######################################################## + +EOF + +if [ -f "$ANSIUSERDIR/.ssh/authorized_keys" ]; then + BEFORESZ=$(wc -c "$ANSIUSERDIR/.ssh/authorized_keys") +else + BEFORESZ=0 +fi + +cat >> $ANSIUSERDIR/.ssh/authorized_keys +err=$? + +if [ -f "$ANSIUSERDIR/.ssh/authorized_keys" ]; then + AFTERSZ=$(wc -c "$ANSIUSERDIR/.ssh/authorized_keys") + if [ ! $AFTERSZ -gt $BEFORESZ ]; then + cat << EOF + +############################################### +# # # # # # # # # # # # # # # # # # # # # # # # +### ERROR authorized_keys did not change ### +# # # # # # # # # # # # # # # # # # # # # # # # +############################################### + +Exiting! + +EOF + exit $? + fi +else + cat << EOF + +##################################################### +# # # # # # # # # # # # # # # # # # # # # # # # # # # +### ERROR could not append to authorized_keys! ### +# # # # # # # # # # # # # # # # # # # # # # # # # # # +##################################################### + +Exiting! + +EOF + exit $err +fi + +cat << EOF + + +################################### +# (Re)setting SSH configuration # +################################### + +EOF + chown -Rc ${ANSIUSER}:${ANSIUSER} $ANSIUSERDIR/.ssh chmod 700 $ANSIUSERDIR/.ssh && chmod 600 $ANSIUSERDIR/.ssh/authorized_keys @@ -61,20 +180,43 @@ cat << EOF > /etc/ssh/sshd_config.d/enable_$ANSIUSER.conf AllowUsers $ANSIUSER EOF +cat << EOF + + +################################ +# Opening a port (if needed) # +################################ + +EOF + if command -v ufw &> /dev/null; then echo "Opening port $TMP_PORT with ufw..." - ufw allow $TMP_PORT/tcp comment 'Allow temporary SSH port' + ufw allow $TMP_PORT/tcp comment 'Allow temporary SSH port' || echo "## WARNING error occurred while openning a port ##" elif command -v firewall-cmd &> /dev/null; then echo "Opening port $TMP_PORT with firewalld..." - firewall-cmd --permanent --add-port=$TMP_PORT/tcp + firewall-cmd --permanent --add-port=$TMP_PORT/tcp || echo "## WARNING error occurred while openning a port ##" firewall-cmd --reload elif command -v iptables &> /dev/null; then echo "Temporarily opening port $TMP_PORT with iptables (this session only)..." - iptables -I INPUT -p tcp --dport $TMP_PORT -j ACCEPT + iptables -I INPUT -p tcp --dport $TMP_PORT -j ACCEPT || echo "## WARNING error occurred while openning a port ##" fi -echo "User: $ANSIUSER" -echo "Port: $TMP_PORT" +cat << EOF + + +################################### +# Complete | # +#-----------+ # +# # +# Process completed. # +# After action summary below: # +# # +################################### + +EOF + +echo " - User: $ANSIUSER" +echo " - Port: $TMP_PORT" echo "" # Partially redact authorized_keys @@ -83,6 +225,8 @@ grep -Poi 'ssh\-.*' $ANSIUSERDIR/.ssh/authorized_keys | awk '{ print $1, substr( echo "-----------------------" echo "" -echo "Restarting SSH server and ending script" +echo "Restarting SSH server in 10 seconds and ending script" +sleep 10 +systemctl enable sshd systemctl restart sshd