50 lines
No EOL
1.5 KiB
Bash
50 lines
No EOL
1.5 KiB
Bash
#!/bin/bash
|
|
set -euo pipefail
|
|
|
|
# Check for root privileges
|
|
if [ "$(id -u)" -ne 0 ]; then
|
|
echo "[✗] Dieses Skript muss als root oder via sudo ausgeführt werden." >&2
|
|
exit 1
|
|
fi
|
|
|
|
USERNAME="skulladmin"
|
|
SSH_KEY_URL="https://skulldev.de/kevinheyer/trusted-ssh-keys/raw/branch/main/trusted_ssh_keys"
|
|
SSH_DIR="/home/$USERNAME/.ssh"
|
|
|
|
echo "[+] Creating user '$USERNAME' if it doesn't exist..."
|
|
if ! id "$USERNAME" &>/dev/null; then
|
|
useradd -m -s /bin/bash "$USERNAME"
|
|
fi
|
|
|
|
echo "[+] Setting up SSH directory..."
|
|
mkdir -p "$SSH_DIR"
|
|
curl -fsSL "$SSH_KEY_URL" -o "$SSH_DIR/authorized_keys"
|
|
chown -R "$USERNAME:$USERNAME" "$SSH_DIR"
|
|
chmod 700 "$SSH_DIR"
|
|
chmod 600 "$SSH_DIR/authorized_keys"
|
|
|
|
echo "[+] Adding user to sudo group..."
|
|
usermod -aG sudo "$USERNAME"
|
|
|
|
echo "[+] Configuring passwordless sudo for $USERNAME..."
|
|
mkdir -p /etc/sudoers.d
|
|
echo "$USERNAME ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/$USERNAME"
|
|
chmod 440 "/etc/sudoers.d/$USERNAME"
|
|
|
|
echo "[+] Disabling SSH root login..."
|
|
sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
|
|
systemctl restart sshd
|
|
|
|
echo "[+] Setting timezone to Europe/Berlin..."
|
|
timedatectl set-timezone Europe/Berlin
|
|
|
|
echo "[+] Waiting for dpkg lock to be released..."
|
|
while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do
|
|
sleep 3
|
|
done
|
|
|
|
echo "[+] Updating package list and installing essential packages..."
|
|
apt-get update -y
|
|
apt-get install -y sudo curl wget gnupg lsb-release software-properties-common
|
|
|
|
echo "[✓] Bootstrap complete." |