-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathsetup.sh
68 lines (49 loc) · 1.5 KB
/
setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/bin/bash
while [[ $# -gt 0 ]]
do
key="$1"
case $key in
--hcloud-token)
TOKEN="$2"
shift
shift
;;
--whitelisted-ips)
WHITELIST_S="$2"
shift
shift
;;
--floating-ips)
FLOATING_IPS="--floating-ips"
shift
;;
*)
shift
;;
esac
done
FLOATING_IPS=${FLOATING_IPS:-""}
sed -i 's/[#]*PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
sed -i 's/[#]*PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
systemctl restart sshd
wget https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64
chmod +x jq-linux64
mv jq-linux64 /usr/local/bin/jq
curl -o /usr/local/bin/update-config.sh https://raw.githubusercontent.com/vitobotta/hetzner-cloud-init/master/update-config.sh
chmod +x /usr/local/bin/update-config.sh
ufw allow proto tcp from any to any port 22,80,443
IFS=', ' read -r -a WHITELIST <<< "$WHITELIST_S"
for IP in "${WHITELIST[@]}"; do
ufw allow from "$IP"
done
ufw allow from 10.43.0.0/16
ufw allow from 10.42.0.0/16
ufw allow from 10.0.0.0/16 # default private network cidr
ufw allow from 10.244.0.0/16 # in case we use the default cidr expected by the cloud controller manager
ufw -f default deny incoming
ufw -f default allow outgoing
ufw -f enable
cat <<EOF >> /etc/crontab
* * * * * root /usr/local/bin/update-config.sh --hcloud-token ${TOKEN} --whitelisted-ips ${WHITELIST_S} ${FLOATING_IPS}
EOF
/usr/local/bin/update-config.sh --hcloud-token ${TOKEN} --whitelisted-ips ${WHITELIST_S} ${FLOATING_IPS}