From a4d3c8e825903b55dc6583ddef59ce22643cb54b Mon Sep 17 00:00:00 2001
From: Chris <stofflees@gmail.com>
Date: Sun, 13 Dec 2020 16:38:14 +0000
Subject: [PATCH] Update bootstrap and enable firewall

---
 bootstrap.sh             | 38 +++++++++++++++++++++++---------------
 db/init/01-databases.sql |  1 -
 2 files changed, 23 insertions(+), 16 deletions(-)
 mode change 100644 => 100755 bootstrap.sh

diff --git a/bootstrap.sh b/bootstrap.sh
old mode 100644
new mode 100755
index 9b7b05b..b99c0c1
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -1,24 +1,19 @@
 #!/bin/bash
 
-# Update the package repositories
-pacman -Syu --noconfirm
-
-# Force the locale
-echo "LC_ALL=en_GB.UTF-8" >> /etc/default/locale
-locale-gen en_US.UTF-8
-
-# Install necessary packages
-pacman -S --needed --noconfirm sudo wget tmux htop vim docker docker-compose
-
-# Set the hostname
-echo "scarif.space" >> /etc/hostname
+source /opt/scarif/.env
 
 # Add me as a user and git for SSH passthrough to gitea (change passwords after finishing)
-useradd -m -psecret chris
-useradd -m -psecret -u1200 git
+useradd -m -p $(echo $USER_PASSWORD | openssl passwd -1 -stdin) chris
+useradd -m -p $(echo $GIT_PASSWORD | openssl passwd -1 -stdin) -u1200 git
+
+# Install necessary packages
+pacman -S --needed --noconfirm sudo wget tmux htop vim docker docker-compose git ufw
+
+# Set up privileges
+echo "chris ALL=(ALL) ALL" >> /etc/sudoers
 
 # Make files necessary for SSH passthrough (https://docs.gitea.io/en-us/install-with-docker/#ssh-container-passthrough)
-#mkdir -p /var/lib/gitea
+mkdir -p /var/lib/gitea
 mkdir -p /app/gitea
 tee /app/gitea/gitea <<END
 #!/bin/sh
@@ -35,6 +30,19 @@ sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key" -f/home/git/.ssh/id_rs
 
 sudo -u git touch /home/git/.ssh/authorized_keys
 echo "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $(cat /home/git/.ssh/id_rsa.pub)" >> /home/git/.ssh/authorized_keys
+echo $SSH_KEY >> /home/git/.ssh/authorized_keys
+
+sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config
+
+systemctl restart sshd
+
+# Set up firewall
+ufw default deny incoming
+ufw default allow outgoing
+ufw allow 22
+ufw allow 80
+ufw allow 443
+ufw --force enable
 
 # Start the docker service and build docker compose
 systemctl enable docker --now
diff --git a/db/init/01-databases.sql b/db/init/01-databases.sql
index 2297caf..b4e94f4 100644
--- a/db/init/01-databases.sql
+++ b/db/init/01-databases.sql
@@ -1,6 +1,5 @@
 CREATE DATABASE IF NOT EXISTS `monica`;
 CREATE DATABASE IF NOT EXISTS `gitea`;
-CREATE DATABASE IF NOT EXISTS `pinry`;
 # Nextcloud will automatically create a database on setup
 #CREATE DATABASE IF NOT EXISTS `nextcloud`;