jungaretti · May 7, 2023 20:13
diff --git a/linode-base-arch.bash b/linode-base-arch.bash
 # Start by creating a new Linode
 # https://cloud.linode.com/linodes/create

 # Update all packages and install important packages
 pacman -Syu ntp sudo ufw

 # Configure ntp
 systemctl enable ntpd.service
 timedatectl set-ntp 1

 # Set hostname
 HOSTNAME='galileo'
 echo $HOSTNAME >/etc/hostname
 hostname -F /etc/hostname

 # Edit /etc/locale.gen if not using en_US.UTF-8
 locale-gen

 # Create new user with superpowers
 USERNAME='jungaretti'
 USERPASS='nicetry!'
 useradd -m -G wheel $USERNAME
 echo "$USERNAME:$USERPASS" | chpasswd
 sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' /etc/sudoers

 # Force SSH2 protocol
 sed -i 's/^[# ]*Protocol \([0-9],\?\)\+/Protocol 2/' /etc/ssh/sshd_config

 # Disable root login
 sed -i 's/^[# ]*PermitRootLogin \(yes\|no\)/PermitRootLogin no/' /etc/ssh/sshd_config

 # Allow user login
 echo "AllowUsers $USERNAME" >>/etc/ssh/sshd_config

 USERPUBKEY=''
 if [ -n "$USERPUBKEY" ]; then
    # Add authorized key
    sed -i 's/^[# ]*PubkeyAuthentication \(yes\|no\)/PubkeyAuthentication yes/' /etc/ssh/sshd_config
    mkdir -p /home/$USERNAME/.ssh
    echo "$USERPUBKEY" >>/home/$USERNAME/.ssh/authorized_keys
    chown -R "$USERNAME" /home/$USERNAME/.ssh
    # Disable password authentication
    sed -i 's/^[# ]*PasswordAuthentication \(yes\|no\)/PasswordAuthentication no/' /etc/ssh/sshd_config
 fi
 systemctl restart sshd

 # Reboot the server
 reboot now

 # Configure firewall (from user account)
 sudo systemctl enable ufw.service
 sudo ufw default deny
 sudo ufw allow ssh
 sudo ufw enable
 sudo ufw status
	# Start by creating a new Linode
	# https://cloud.linode.com/linodes/create

	# Update all packages and install important packages
	pacman -Syu ntp sudo ufw

	# Configure ntp
	systemctl enable ntpd.service
	timedatectl set-ntp 1

	# Set hostname
	HOSTNAME='galileo'
	echo $HOSTNAME >/etc/hostname
	hostname -F /etc/hostname

	# Edit /etc/locale.gen if not using en_US.UTF-8
	locale-gen

	# Create new user with superpowers
	USERNAME='jungaretti'
	USERPASS='nicetry!'
	useradd -m -G wheel $USERNAME
	echo "$USERNAME:$USERPASS" \| chpasswd
	sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' /etc/sudoers

	# Force SSH2 protocol
	sed -i 's/^[# ]*Protocol \([0-9],\?\)\+/Protocol 2/' /etc/ssh/sshd_config

	# Disable root login
	sed -i 's/^[# ]*PermitRootLogin \(yes\\|no\)/PermitRootLogin no/' /etc/ssh/sshd_config

	# Allow user login
	echo "AllowUsers $USERNAME" >>/etc/ssh/sshd_config

	USERPUBKEY=''
	if [ -n "$USERPUBKEY" ]; then
	# Add authorized key
	sed -i 's/^[# ]*PubkeyAuthentication \(yes\\|no\)/PubkeyAuthentication yes/' /etc/ssh/sshd_config
	mkdir -p /home/$USERNAME/.ssh
	echo "$USERPUBKEY" >>/home/$USERNAME/.ssh/authorized_keys
	chown -R "$USERNAME" /home/$USERNAME/.ssh
	# Disable password authentication
	sed -i 's/^[# ]*PasswordAuthentication \(yes\\|no\)/PasswordAuthentication no/' /etc/ssh/sshd_config
	fi
	systemctl restart sshd

	# Reboot the server
	reboot now

	# Configure firewall (from user account)
	sudo systemctl enable ufw.service
	sudo ufw default deny
	sudo ufw allow ssh
	sudo ufw enable
	sudo ufw status