myvemail/mail-aio.sh

#!/usr/bin/env bash
set -a
set -e

# Script is meant for Debian
hostnamectl | grep -q 'Debian' || exit 1

# Insert SSH keys here
sshkeys=''

# Backup mailservers
backup_mailserver=''

# Exit function
function die
{
    read -n 1 -s -p $'\n\e[1;33mError encountered, exiting...\e[0m\n'
    exit 1
}

# Grab options
while [ ${1} != "" ]
do
    case ${1} in
        -u | --user )
            if [ ${2} != "" ]
            then
                username=${2}
                shift
            fi
            ;;
        -p | --port )
            if [ ${2} != "" ]
            then
                ssh_port=${2}
                shift
            fi
        ;;
        -d | --domain )
            if [ ${2} != "" ]
            then
                domain=${2}
                shift
            fi
        ;;
        -? | -h | --help )
            cat <<HELP
    Parameters:
      -u, --user                Unix username
      -p, --port                SSH port
      -d, --domain              Domain name (eg, mail.web.com)
      -?, -h, --help            This help
HELP
            exit 0
        ;;
        * )
            echo "Unknown parameter ${1}" 1>&2
            exit 1
        ;;
    esac
    shift
done

clear

# Assign random alternate SSH port
if [ -z ${ssh_port} ]
then
    ssh_port=$(shuf -i 10027-65000 -n 1)
fi

# Random username
if [ -z ${username} ]
then
    username=$(cat /dev/urandom | tr -d -c 'a-z' | fold -w 8 | head -n 1)
fi

# Domain
if [ -z ${domain} ]
then
    echo -e '\e[1;34mType in your full mail domain name (eg. mael.elgoog.com)\e[0m'
    until [ "${domain}" ]
    do
        read -r -p 'Domain name: ' domain
        [ "${domain}" ] || echo -e '\n\e[1;31mDomain name cannot be empty, try again\e[0m'
    done
    echo
fi

# Superuser password
echo -e '\e[1;34mCreate a root superuser password\e[0m'
until [ "${rootpass}" = "${rootpass2}" -a "${rootpass}" ]
do
    read -s -r -p 'Superuser password: ' rootpass
    read -s -r -p $'\nVerify superuser password: ' rootpass2
    if [ -z "${rootpass}" ]
    then
        echo -e '\n\n\e[1;31mPassword field cannot be empty, try again\e[0m'
    elif [ "${rootpass}" != "${rootpass2}" ]
    then
        echo -e '\n\n\e[1;31mPasswords did not match, try again\e[0m'
    fi
done
printf '%s\n' "${rootpass}" "${rootpass}" | passwd &>/dev/null
echo -e '\n\n\e[1;32mRoot superuser password has been saved\e[0m\n'
unset rootpass rootpass2

# User password
echo -e '\e[1;34mSet a password for '"${username}"'\e[0m'
until [ "${userpass}" = "${userpass2}" -a "${userpass}" ]
do
    read -s -r -p 'User password: ' userpass
    read -s -r -p $'\nVerify user password: ' userpass2
    if [ -z "${userpass}" ]
    then
        echo -e '\n\n\e[1;31mPassword field cannot be empty, try again\e[0m'
    elif [ "${userpass}" != "${userpass2}" ]
    then
        echo -e '\n\n\e[1;31mPasswords did not match, try again\e[0m'
    fi
done
printf '%s\n' "${userpass}" "${userpass}" "" "" "" "" "" | adduser ${username} &>/dev/null
echo -e '\n\n\e[1;32mPassword for '${username}'@'${domain}' -p' ${ssh_port}' has been saved\e[0m\n'
unset userpass userpass2

echo -e '\e[1;34mUpgrading system...\e[0m'
apt remove -y nano exim* &>/dev/null
apt update -y || die
apt upgrade -y || die
apt dist-upgrade -y || die

apt install -y sudo ufw vim fail2ban wget telnet dnsutils rsyslog zram-tools \
    || die 'Apt failed'

# cron rsyslog
sed -i 's/#cron/cron/' /etc/rsyslog.conf

# ufw firewall
ufw allow ${ssh_port}/tcp >/dev/null
yes | ufw enable >/dev/null
systemctl -q enable --now ufw fail2ban

# fail2ban
tee /etc/fail2ban/jail.d/sshd.conf >/dev/null <<'SSHD'
[sshd]
enabled = true
filter = sshd
backend = systemd
maxretry = 5
findtime = 1d
bantime = 4w
ignoreip = 127.0.0.1/8
SSHD
install /dev/stdin /usr/local/bin/fail2ban-jails <<'ALL-JAILS'
#!/bin/bash
JAILS=$(sudo fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g')
for JAIL in $JAILS
do
    sudo fail2ban-client status $JAIL
done
ALL-JAILS

# zram swap
echo -e "ALGO=zstd\nPERCENT=60" >>/etc/default/zramswap

# Shut up fstrim
rm -f /etc/cron.weekly/fstrim &>/dev/null

# Hostname and unix users
hostnamectl set-hostname ${domain}
sed -i '/127.0.0.1/ s/$/ '${domain}'/' /etc/hosts
adduser ${username} sudo &>/dev/null

# SSH settings
echo "Port ${ssh_port}
PermitRootLogin no
PasswordAuthentication no
Protocol 2" >/etc/ssh/sshd_config.d/zz-ssh.conf

# Disable history saving
cat >>~/.bashrc <<EOF

if [ -f ~/.bash_history ]
then
    rm -f ~/.bash_history
fi

unset HISTFILE
history -c
EOF

if hostname | grep -q "${domain}" && grep -q "${domain}" /etc/hosts
then
    install /dev/stdin /usr/local/bin/mail-server <<MAILSERVER
#!/usr/bin/env bash

# Backup mailservers
backup_mailserver=(${backup_mailserver})
MAILSERVER

    wget -q4O- https://git.myvelabs.com/lab/linux/raw/branch/master/mail-user.sh >>/usr/local/bin/mail-server

    su ${username} <<"CHANGEUSER"
        # SSH
        yes | ssh-keygen -t ed25519 -q -f ~/.ssh/id_ed25519 -P ""
        echo "${sshkeys}" >~/.ssh/authorized_keys
CHANGEUSER

    echo -e '\n\e[1m\t## Run "mail-server" immediately\n\e[0m'
    su ${username}

    clear

    cat <<END
###
### Login ssh as new user
###
while :
do
    clear
    if ssh ${username}@${domain} -p ${ssh_port} exit
    then
        echo -e '\e[1m## Run "~/dhparam" upon logging in\n\e[0m'
        ssh ${username}@${domain} -p ${ssh_port}
        break
    else
        sleep 1
    fi
done

END

    . ~/.bashrc
    reboot
fi
Add mail-aio.sh 2024-03-24 19:22:26 -06:00			`#!/usr/bin/env bash`
			`set -a`
			`set -e`

			`# Script is meant for Debian`
			`hostnamectl \| grep -q 'Debian' \|\| exit 1`

			`# Insert SSH keys here`
			`sshkeys=''`

			`# Backup mailservers`
			`backup_mailserver=''`

			`# Exit function`
			`function die`
			`{`
			`read -n 1 -s -p $'\n\e[1;33mError encountered, exiting...\e[0m\n'`
			`exit 1`
			`}`

			`# Grab options`
			`while [ ${1} != "" ]`
			`do`
			`case ${1} in`
			`-u \| --user )`
			`if [ ${2} != "" ]`
			`then`
			`username=${2}`
			`shift`
			`fi`
			`;;`
			`-p \| --port )`
			`if [ ${2} != "" ]`
			`then`
			`ssh_port=${2}`
			`shift`
			`fi`
			`;;`
			`-d \| --domain )`
			`if [ ${2} != "" ]`
			`then`
			`domain=${2}`
			`shift`
			`fi`
			`;;`
			`-? \| -h \| --help )`
			`cat <<HELP`
			`Parameters:`
			`-u, --user Unix username`
			`-p, --port SSH port`
			`-d, --domain Domain name (eg, mail.web.com)`
			`-?, -h, --help This help`
			`HELP`
			`exit 0`
			`;;`
			`* )`
			`echo "Unknown parameter ${1}" 1>&2`
			`exit 1`
			`;;`
			`esac`
			`shift`
			`done`

			`clear`

			`# Assign random alternate SSH port`
			`if [ -z ${ssh_port} ]`
			`then`
			`ssh_port=$(shuf -i 10027-65000 -n 1)`
			`fi`

			`# Random username`
			`if [ -z ${username} ]`
			`then`
			`username=$(cat /dev/urandom \| tr -d -c 'a-z' \| fold -w 8 \| head -n 1)`
			`fi`

			`# Domain`
			`if [ -z ${domain} ]`
			`then`
			`echo -e '\e[1;34mType in your full mail domain name (eg. mael.elgoog.com)\e[0m'`
			`until [ "${domain}" ]`
			`do`
			`read -r -p 'Domain name: ' domain`
			`[ "${domain}" ] \|\| echo -e '\n\e[1;31mDomain name cannot be empty, try again\e[0m'`
			`done`
			`echo`
			`fi`

			`# Superuser password`
			`echo -e '\e[1;34mCreate a root superuser password\e[0m'`
			`until [ "${rootpass}" = "${rootpass2}" -a "${rootpass}" ]`
			`do`
			`read -s -r -p 'Superuser password: ' rootpass`
			`read -s -r -p $'\nVerify superuser password: ' rootpass2`
			`if [ -z "${rootpass}" ]`
			`then`
			`echo -e '\n\n\e[1;31mPassword field cannot be empty, try again\e[0m'`
			`elif [ "${rootpass}" != "${rootpass2}" ]`
			`then`
			`echo -e '\n\n\e[1;31mPasswords did not match, try again\e[0m'`
			`fi`
			`done`
			`printf '%s\n' "${rootpass}" "${rootpass}" \| passwd &>/dev/null`
			`echo -e '\n\n\e[1;32mRoot superuser password has been saved\e[0m\n'`
			`unset rootpass rootpass2`

			`# User password`
			`echo -e '\e[1;34mSet a password for '"${username}"'\e[0m'`
			`until [ "${userpass}" = "${userpass2}" -a "${userpass}" ]`
			`do`
			`read -s -r -p 'User password: ' userpass`
			`read -s -r -p $'\nVerify user password: ' userpass2`
			`if [ -z "${userpass}" ]`
			`then`
			`echo -e '\n\n\e[1;31mPassword field cannot be empty, try again\e[0m'`
			`elif [ "${userpass}" != "${userpass2}" ]`
			`then`
			`echo -e '\n\n\e[1;31mPasswords did not match, try again\e[0m'`
			`fi`
			`done`
			`printf '%s\n' "${userpass}" "${userpass}" "" "" "" "" "" \| adduser ${username} &>/dev/null`
			`echo -e '\n\n\e[1;32mPassword for '${username}'@'${domain}' -p' ${ssh_port}' has been saved\e[0m\n'`
			`unset userpass userpass2`

			`echo -e '\e[1;34mUpgrading system...\e[0m'`
			`apt remove -y nano exim* &>/dev/null`
			`apt update -y \|\| die`
			`apt upgrade -y \|\| die`
			`apt dist-upgrade -y \|\| die`

			`apt install -y sudo ufw vim fail2ban wget telnet dnsutils rsyslog zram-tools \`
			`\|\| die 'Apt failed'`

			`# cron rsyslog`
			`sed -i 's/#cron/cron/' /etc/rsyslog.conf`

			`# ufw firewall`
			`ufw allow ${ssh_port}/tcp >/dev/null`
			`yes \| ufw enable >/dev/null`
			`systemctl -q enable --now ufw fail2ban`

			`# fail2ban`
			`tee /etc/fail2ban/jail.d/sshd.conf >/dev/null <<'SSHD'`
			`[sshd]`
			`enabled = true`
			`filter = sshd`
			`backend = systemd`
			`maxretry = 5`
			`findtime = 1d`
			`bantime = 4w`
			`ignoreip = 127.0.0.1/8`
			`SSHD`
			`install /dev/stdin /usr/local/bin/fail2ban-jails <<'ALL-JAILS'`
			`#!/bin/bash`
			`JAILS=$(sudo fail2ban-client status \| grep "Jail list" \| sed -E 's/^[^:]+:[ \t]+//' \| sed 's/,//g')`
			`for JAIL in $JAILS`
			`do`
			`sudo fail2ban-client status $JAIL`
			`done`
			`ALL-JAILS`

			`# zram swap`
			`echo -e "ALGO=zstd\nPERCENT=60" >>/etc/default/zramswap`

			`# Shut up fstrim`
			`rm -f /etc/cron.weekly/fstrim &>/dev/null`

			`# Hostname and unix users`
			`hostnamectl set-hostname ${domain}`
			`sed -i '/127.0.0.1/ s/$/ '${domain}'/' /etc/hosts`
			`adduser ${username} sudo &>/dev/null`

			`# SSH settings`
			`echo "Port ${ssh_port}`
			`PermitRootLogin no`
			`PasswordAuthentication no`
			`Protocol 2" >/etc/ssh/sshd_config.d/zz-ssh.conf`

			`# Disable history saving`
			`cat >>~/.bashrc <<EOF`

			`if [ -f ~/.bash_history ]`
			`then`
			`rm -f ~/.bash_history`
			`fi`

			`unset HISTFILE`
			`history -c`
			`EOF`

			`if hostname \| grep -q "${domain}" && grep -q "${domain}" /etc/hosts`
			`then`
			`install /dev/stdin /usr/local/bin/mail-server <<MAILSERVER`
			`#!/usr/bin/env bash`

			`# Backup mailservers`
			`backup_mailserver=(${backup_mailserver})`
			`MAILSERVER`

			`wget -q4O- https://git.myvelabs.com/lab/linux/raw/branch/master/mail-user.sh >>/usr/local/bin/mail-server`

			`su ${username} <<"CHANGEUSER"`
			`# SSH`
			`yes \| ssh-keygen -t ed25519 -q -f ~/.ssh/id_ed25519 -P ""`
			`echo "${sshkeys}" >~/.ssh/authorized_keys`
			`CHANGEUSER`

			`echo -e '\n\e[1m\t## Run "mail-server" immediately\n\e[0m'`
			`su ${username}`

			`clear`

			`cat <<END`
			`###`
			`### Login ssh as new user`
			`###`
			`while :`
			`do`
			`clear`
			`if ssh ${username}@${domain} -p ${ssh_port} exit`
			`then`
			`echo -e '\e[1m## Run "~/dhparam" upon logging in\n\e[0m'`
			`ssh ${username}@${domain} -p ${ssh_port}`
			`break`
			`else`
			`sleep 1`
			`fi`
			`done`

			`END`

			`. ~/.bashrc`
			`reboot`
			`fi`