Compare commits
4 Commits
d3dd02206d
...
2d06663a3c
| Author | SHA1 | Date | |
|---|---|---|---|
|
2d06663a3c | ||
|
|
3aae380de4 | ||
|
|
628f355a42 | ||
|
|
5e54517122 |
58
BashScripts/add-openvpn-client.sh
Normal file
58
BashScripts/add-openvpn-client.sh
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
# Make sure script is ran as root
|
||||||
|
if [[ $EUID -ne 0 ]]; then
|
||||||
|
exec sudo /bin/bash "$0" "$@"
|
||||||
|
fi
|
||||||
|
|
||||||
|
DIR=$(pwd)
|
||||||
|
for i in {1..255}; do
|
||||||
|
CLIENT_NAME="client$i"
|
||||||
|
if [ ! -f "/etc/openvpn/easy-rsa/pki/issued/$CLIENT_NAME.crt" ]; then
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
read -e -p "Enter client name: " -i "$CLIENT_NAME" CLIENT_NAME
|
||||||
|
if [ -f "/etc/openvpn/easy-rsa/pki/issued/$CLIENT_NAME.crt" ]; then
|
||||||
|
echo Client $CLIENT_NAME already exists...
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd /etc/openvpn/easy-rsa
|
||||||
|
./easyrsa gen-req $CLIENT_NAME nopass
|
||||||
|
./easyrsa sign-req client $CLIENT_NAME
|
||||||
|
|
||||||
|
CA_CERT=$(cat "/etc/openvpn/ca.crt")
|
||||||
|
CLIENT_CERT=$(cat "/etc/openvpn/easy-rsa/pki/issued/$CLIENT_NAME.crt")
|
||||||
|
CLIENT_KEY=$(cat "/etc/openvpn/easy-rsa/pki/private/$CLIENT_NAME.key")
|
||||||
|
TA_KEY=$(cat "/etc/openvpn/ta.key")
|
||||||
|
|
||||||
|
cd "$DIR"
|
||||||
|
cat > $CLIENT_NAME.conf <<EOL
|
||||||
|
dev tun
|
||||||
|
persist-tun
|
||||||
|
persist-key
|
||||||
|
cipher AES-256-CBC
|
||||||
|
ncp-ciphers AES-256-GCM:AES-128-GCM
|
||||||
|
auth SHA1
|
||||||
|
# tls-client
|
||||||
|
client
|
||||||
|
resolv-retry infinite
|
||||||
|
remote home.myspace.nu 1294 udp
|
||||||
|
# remote-cert-tls server
|
||||||
|
float
|
||||||
|
verb 3
|
||||||
|
|
||||||
|
<ca>
|
||||||
|
$CA_CERT
|
||||||
|
</ca>
|
||||||
|
<cert>
|
||||||
|
$CLIENT_CERT
|
||||||
|
</cert>
|
||||||
|
<key>
|
||||||
|
$CLIENT_KEY
|
||||||
|
</key>
|
||||||
|
key-direction 1
|
||||||
|
<tls-auth>
|
||||||
|
$TA_KEY
|
||||||
|
</tls-auth>
|
||||||
|
EOL
|
||||||
|
|
||||||
81
BashScripts/install-openvpn-server.sh
Normal file
81
BashScripts/install-openvpn-server.sh
Normal file
@ -0,0 +1,81 @@
|
|||||||
|
# Install using: sudo su -c "bash <(wget -qO- /url/to/install-openvpn-server.sh)"
|
||||||
|
|
||||||
|
# Make sure script is ran as root
|
||||||
|
if [[ $EUID -ne 0 ]]; then
|
||||||
|
exec sudo /bin/bash "$0" "$@"
|
||||||
|
fi
|
||||||
|
read -e -p "Enter lan NIC: " -i $(ip route | grep default | sed -e 's/^.*dev.//' -e 's/.proto.*//') NIC_NAME
|
||||||
|
read -e -p "Enter VPN subnet: " -i "172.19.100" VPN_SUBNET
|
||||||
|
read -e -p "Enter LAN subnet: " -i "192.168.0" LAN_SUBNET
|
||||||
|
read -e -p "Enter VPN public hostname: " -i "home.myspace.nu" VPN_PUBLIC_HOST
|
||||||
|
read -e -p "Enter VPN public portnumber: " -i "1194" VPN_PUBLIC_PORT
|
||||||
|
|
||||||
|
if [ $(dpkg-query -W -f='${Status}' openvpn 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
|
||||||
|
echo "Installing OpenVPN..."
|
||||||
|
apt install openvpn easy-rsa -y
|
||||||
|
fi
|
||||||
|
if [ ! -d /etc/openvpn/easy-rsa ]; then
|
||||||
|
echo "Setting up Certificate Authority"
|
||||||
|
make-cadir /etc/openvpn/easy-rsa
|
||||||
|
cd /etc/openvpn/easy-rsa
|
||||||
|
./easyrsa init-pki
|
||||||
|
./easyrsa build-ca
|
||||||
|
./easyrsa gen-req myservername nopass
|
||||||
|
./easyrsa gen-dh
|
||||||
|
./easyrsa sign-req server myservername
|
||||||
|
cp pki/dh.pem pki/ca.crt pki/issued/myservername.crt pki/private/myservername.key /etc/openvpn/
|
||||||
|
fi
|
||||||
|
if [ ! -d /var/log/openvpn ]; then
|
||||||
|
mkdir -p /var/log/openvpn
|
||||||
|
fi
|
||||||
|
if ufw status | grep -q "Status: active"; then
|
||||||
|
echo Adding firewall rules...
|
||||||
|
ufw allow $VPN_PUBLIC_PORT/udp
|
||||||
|
ufw allow OpenSSH
|
||||||
|
ufw enable
|
||||||
|
ufw status verbose
|
||||||
|
echo You might need to enable NAT / MASQUERADE forwarding in /etc/ufw/before.rules
|
||||||
|
systemctl restart ufw
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f /etc/openvpn/myserver.conf ]; then
|
||||||
|
tee /etc/openvpn/myserver.conf > /dev/null <<EOL
|
||||||
|
|
||||||
|
port $VPN_PUBLIC_PORT
|
||||||
|
proto udp
|
||||||
|
dev tun
|
||||||
|
|
||||||
|
ca ca.crt
|
||||||
|
cert myservername.crt
|
||||||
|
key myservername.key
|
||||||
|
dh dh.pem
|
||||||
|
|
||||||
|
server $VPN_SUBNET.0 255.255.255.0
|
||||||
|
ifconfig-pool-persist /var/log/openvpn/ipp.txt
|
||||||
|
push "route $LAN_SUBNET.0 255.255.255.0"
|
||||||
|
|
||||||
|
keepalive 10 120
|
||||||
|
tls-auth ta.key 0
|
||||||
|
cipher AES-256-CBC
|
||||||
|
persist-key
|
||||||
|
persist-tun
|
||||||
|
status /var/log/openvpn/openvpn-status.log
|
||||||
|
verb 3
|
||||||
|
explicit-exit-notify 1
|
||||||
|
EOL
|
||||||
|
fi
|
||||||
|
if [ ! -f /etc/openvpn/ta.key ]; then
|
||||||
|
openvpn --genkey secret /etc/openvpn/ta.key
|
||||||
|
fi
|
||||||
|
|
||||||
|
sed -i -e 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
|
||||||
|
sudo sysctl -p /etc/sysctl.conf
|
||||||
|
systemctl start openvpn@myserver
|
||||||
|
|
||||||
|
echo Settings up NAT rules...
|
||||||
|
iptables -t nat -A POSTROUTING -s $VPN_SUBNET.0/24 -o $NIC_NAME -j MASQUERADE
|
||||||
|
iptables -A FORWARD -i tun0 -o $NIC_NAME -j ACCEPT
|
||||||
|
iptables -A FORWARD -i $NIC_NAME -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||||
|
apt install iptables-persistent -y
|
||||||
|
netfilter-persistent save
|
||||||
|
|
||||||
54
Docker/backupContainer.sh
Normal file
54
Docker/backupContainer.sh
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
CONTAINER_NAME="$1"
|
||||||
|
BACKUP_DIR="$2"
|
||||||
|
VOLUME_NAME="$3"
|
||||||
|
|
||||||
|
if [ -z "$BACKUP_DIR" ]; then
|
||||||
|
echo "Usage: $0 <container_name> <backup_directory> <volume_name>"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ ! -d "$BACKUP_DIR" ]; then
|
||||||
|
echo "Directory $BACKUP_DIR does not exist"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
#docker stop "$CONTAINER_NAME"
|
||||||
|
#docker commit "$CONTAINER_NAME" "${CONTAINER_NAME}_backup"
|
||||||
|
#docker save -o "$BACKUP_DIR/${CONTAINER_NAME}_backup.tar" "${CONTAINER_NAME}_backup"
|
||||||
|
#docker start "$CONTAINER_NAME"
|
||||||
|
#docker image rm -f "${CONTAINER_NAME}_backup"
|
||||||
|
|
||||||
|
# Backup volume
|
||||||
|
if [ "$VOLUME_NAME" ]; then
|
||||||
|
echo "Backup up volume $VOLUME_NAME"
|
||||||
|
docker run --rm -v "$VOLUME_NAME":/data -v "$BACKUP_DIR":/backup busybox tar czf /backup/"$VOLUME_NAME".tar.gz -C /data .
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Extract image name
|
||||||
|
# IMAGE=$(docker inspect --format '{{.Config.Image}}' "$CONTAINER_NAME")
|
||||||
|
IMAGE="${CONTAINER_NAME}_backup"
|
||||||
|
# Extract ports
|
||||||
|
PORTS=$(docker inspect --format '{{json .HostConfig.PortBindings}}' "$CONTAINER_NAME" | jq -r 'to_entries | map("-p \(.value[0].HostPort):\(.key | sub("/tcp|/udp"; ""))") | join(" ")')
|
||||||
|
# Extract volumes
|
||||||
|
VOLUMES=$(docker inspect --format '{{json .Mounts}}' "$CONTAINER_NAME" | jq -r '.[] | select(.Type == "bind" or .Type == "volume") | "-v " + .Source + ":" + .Destination' | xargs)
|
||||||
|
# Extract environment variables
|
||||||
|
ENV_VARS=$(docker inspect --format '{{json .Config.Env}}' "$CONTAINER_NAME" | jq -r 'map("-e " + .) | join(" ")')
|
||||||
|
# Extract network mode
|
||||||
|
NETWORK_MODE=$(docker inspect --format '{{.HostConfig.NetworkMode}}' "$CONTAINER_NAME")
|
||||||
|
[ "$NETWORK_MODE" != "default" ] && NETWORK="--network=$NETWORK_MODE" || NETWORK=""
|
||||||
|
# Extract restart policy
|
||||||
|
RESTART_POLICY=$(docker inspect --format '{{.HostConfig.RestartPolicy.Name}}' "$CONTAINER_NAME")
|
||||||
|
[ "$RESTART_POLICY" != "no" ] && RESTART="--restart=$RESTART_POLICY" || RESTART=""
|
||||||
|
# Extract privileged mode
|
||||||
|
PRIVILEGED=$(docker inspect --format '{{.HostConfig.Privileged}}' "$CONTAINER_NAME")
|
||||||
|
[ "$PRIVILEGED" == "true" ] && PRIV="--privileged" || PRIV=""
|
||||||
|
# Extract entrypoint (if set)
|
||||||
|
ENTRYPOINT=$(docker inspect --format '{{json .Config.Entrypoint}}' "$CONTAINER_NAME" | jq -r 'if . != null then "--entrypoint \"" + join(" ") + "\"" else "" end')
|
||||||
|
# Extract command (CMD)
|
||||||
|
CMD=$(docker inspect --format '{{json .Config.Cmd}}' "$CONTAINER_NAME" | jq -r 'if . != null then join(" ") else "" end')
|
||||||
|
# Construct final `docker run` command
|
||||||
|
RUN_COMMAND="docker run -d --name $CONTAINER_NAME $PORTS $VOLUMES $ENV_VARS $NETWORK $RESTART $PRIV $ENTRYPOINT $IMAGE $CMD"
|
||||||
|
|
||||||
|
# echo "$RUN_COMMAND"
|
||||||
|
echo "$RUN_COMMAND" > "$BACKUP_DIR/${CONTAINER_NAME}_deploy.sh"
|
||||||
40
Docker/installPortainer.sh
Normal file
40
Docker/installPortainer.sh
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
PRIMARY_NIC=$(ip route | awk '/default/ {print $5}')
|
||||||
|
IP_ADDRESS=$(ip -4 addr show "$PRIMARY_NIC" | awk '/inet / {print $2}' | cut -d/ -f1)
|
||||||
|
|
||||||
|
if ! [ -x "$(command -v docker)" ]; then
|
||||||
|
read -p "Docker not detected. Do you want to install it?" -n 1 -r
|
||||||
|
echo
|
||||||
|
if [[ $REPLY =~ ^[Yy]$ ]]; then
|
||||||
|
echo "Installing docker"
|
||||||
|
# https://docs.docker.com/engine/install/ubuntu/
|
||||||
|
# Add Docker's official GPG key:
|
||||||
|
sudo apt-get update
|
||||||
|
sudo apt-get install ca-certificates curl
|
||||||
|
sudo install -m 0755 -d /etc/apt/keyrings
|
||||||
|
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
|
||||||
|
sudo chmod a+r /etc/apt/keyrings/docker.asc
|
||||||
|
|
||||||
|
# Add the repository to Apt sources:
|
||||||
|
echo \
|
||||||
|
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
|
||||||
|
$(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
|
||||||
|
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||||
|
sudo apt-get update
|
||||||
|
|
||||||
|
sudo apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
|
||||||
|
else
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ ! "$(docker ps -a -q -f name=portainer)" ]; then
|
||||||
|
echo "Installing portainer"
|
||||||
|
if ! (docker volume ls --format "{{.Name}}" | grep -q "^portainer_data$"); then
|
||||||
|
echo "Create portainer volume"
|
||||||
|
docker volume create portainer_data
|
||||||
|
fi
|
||||||
|
docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:lts
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "You can now access Portainer on https://$IP_ADDRESS:9443"
|
||||||
25
Docker/restoreContainer.sh
Normal file
25
Docker/restoreContainer.sh
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
CONTAINER_NAME="$1"
|
||||||
|
BACKUP_DIR="$2"
|
||||||
|
VOLUME_NAME="$3"
|
||||||
|
|
||||||
|
if [ -z "$BACKUP_DIR" ]; then
|
||||||
|
echo "Usage: $0 <container_name> <backup_directory> <volume_name>"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ ! -d "$BACKUP_DIR" ]; then
|
||||||
|
echo "Directory $BACKUP_DIR does not exist"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Load image
|
||||||
|
docker load -i "$BACKUP_DIR/${CONTAINER_NAME}_backup.tar"
|
||||||
|
|
||||||
|
if [ ! -f "${BACKUP_DIR}/${VOLUME_NAME}".tar.gz ]; then
|
||||||
|
echo "Restoring volume ${VOLUME_NAME}"
|
||||||
|
docker volume create "$VOLUME_NAME"
|
||||||
|
docker run --rm -v "$VOLUME_NAME":/data -v "$BACKUP_DIR":/backup busybox tar xzf /backup/"$VOLUME_NAME".tar.gz -C /data
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Restore complete. Deploy using: ${BACKUP_DIR}/${CONTAINER_NAME}_deploy.sh"
|
||||||
@ -39,3 +39,9 @@ Sök efter uppdateringar för bara production
|
|||||||
<pre><code>npm install -g npm-check-updates
|
<pre><code>npm install -g npm-check-updates
|
||||||
ncu -u
|
ncu -u
|
||||||
npm install</code></pre>
|
npm install</code></pre>
|
||||||
|
|
||||||
|
### Rensa npm cache
|
||||||
|
|
||||||
|
Detta ska normalt inte behövas då npm detekterar fel automatiskt.
|
||||||
|
|
||||||
|
<pre><code>npm cache clean --force</code></pre>
|
||||||
|
|||||||
@ -43,6 +43,11 @@ REG ADD HKEY_CLASSES_ROOT\Directory\background\shell\cmd /v "Extended" /d "" /F
|
|||||||
REG ADD HKEY_CLASSES_ROOT\Directory\shell\Powershell /v "Extended" /d "" /F >nul 2>&1
|
REG ADD HKEY_CLASSES_ROOT\Directory\shell\Powershell /v "Extended" /d "" /F >nul 2>&1
|
||||||
REG ADD HKEY_CLASSES_ROOT\Directory\background\shell\Powershell /v "Extended" /d "" /F >nul 2>&1
|
REG ADD HKEY_CLASSES_ROOT\Directory\background\shell\Powershell /v "Extended" /d "" /F >nul 2>&1
|
||||||
|
|
||||||
|
echo Enabling numlock during login screen
|
||||||
|
reg add "HKEY_USERS\.DEFAULT\Control Panel\Keyboard" /v InitialKeyboardIndicators /t REG_SZ /d 2 /f
|
||||||
|
echo Enabling numlock when logged in
|
||||||
|
reg add "HKEY_CURRENT_USER\Control Panel\Keyboard" /v InitialKeyboardIndicators /t REG_SZ /d 2 /f
|
||||||
|
|
||||||
echo Disabling password complexity.
|
echo Disabling password complexity.
|
||||||
@rem secedit /export /cfg "%cd%\secconfig.cfg"
|
@rem secedit /export /cfg "%cd%\secconfig.cfg"
|
||||||
(
|
(
|
||||||
@ -82,6 +87,14 @@ if %ERRORLEVEL% EQU 1 (
|
|||||||
echo You must restart the computer before changes are in effect.
|
echo You must restart the computer before changes are in effect.
|
||||||
)
|
)
|
||||||
|
|
||||||
|
choice /C yn /M "Disable adds?"
|
||||||
|
if %ERRORLEVEL% EQU 1 (
|
||||||
|
echo Disabling adds
|
||||||
|
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Start_IrisRecommendations /t REG_DWORD /d 0 /f >nul 2>&1
|
||||||
|
echo Disabling Copilot
|
||||||
|
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot" /v TurnOffWindowsCopilot /t REG_DWORD /d 1 /f >nul 2>&1
|
||||||
|
)
|
||||||
|
|
||||||
echo.
|
echo.
|
||||||
echo All done!
|
echo All done!
|
||||||
popd
|
popd
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user