useradd -m -s /bin/bash USER usermod -G sudo USER passwd USER

userdel -f ubuntu

echo "rpi" > /etc/hostname echo "IP rpi" >> /etc/hosts

set tabsize 4 set autoindent set smooth set linenumbers set nohelp set softwrap

echo "Defaults timestamp_timeout=0" >> /etc/sudoers

apt update -y && apt install -y sysstat htop ncdu mlocate bat cifs-utils \  tmux p7zip-full p7zip-rar zip unzip tree fail2ban \  apache2-utils firefox python3 && \  curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py && \ python get-pip.py && rm get-pip.py

echo "alias cat='batcat'" >> $HOME/.bashrc

PasswordAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys AllowUsers USER AllowTcpForwarding yes GatewayPorts yes X11Forwarding yes AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server

systemctl enable ssh && systemctl restart ssh

su - USER mkdir -p -m 700 ~/.ssh touch ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys (install -m 600 /dev/null ~/.ssh/authorized_keys)

USER@rpi:~$ tree -pugah ├── [drwx------ USER USER 4.0K] .ssh │   └── [-rw------- USER USER 398] authorized_keys └── [lrwxrwxrwx root root 14] sharedrpi -> /mnt/sharedrpi

ignoreip = 127.0.0.1/8 ::1 <MY_NETWORK_IP>/<CIDR> [sshd] port = ssh logpath = %(sshd_log)s backend = %(sshd_backend)s bantime = 172800 findtime = 600 maxretry = 3

systemctl enable fail2ban && systemctl restart fail2ban

mkdir /mnt/sharedrpi ln -s /mnt/sharedrpi /home/USER/sharedrpi mkdir /scripts && cd /scripts git clone https://github.com/adrianlois/rpi-config-nginx-proxy-letsencrypt-duckdns-owncloud.git mv rpi-config-nginx-proxy-letsencrypt-duckdns-owncloud/* . && mv scripts/* . && mv scripts/.[!.]* . rm -rf rpi-config-nginx-proxy-letsencrypt-duckdns-owncloud/ docker/nginx/htpasswd scripts/ LICENSE README.md chmod 600 .smbcredentials docker/.env cp -r docker/nginx/.nginx-error-pages /home/USER/sharedrpi/

chmod 700 /scripts/sharedrpi.sh

# @reboot sleep 30 && /scripts/sharedrpi.sh */1 * * * * root /scripts/sharedrpi.sh

htpasswd -c /scripts/docker/nginx/htpasswd USER chmod 644 /scripts/docker/nginx/htpasswd

mkdir -m 777 /media/owncloud fdisk -l mkfs.ext4 /dev/sdaX lsblk -o NAME,FSTYPE,SIZE /dev/sdaX blkid -o list (ls -l /dev/disk/by-uuid) echo -e "\nUUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /media/owncloud ext4 defaults 0 0" >> /etc/fstab mount -a

curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py && sudo python3 get-pip.py apt install -y python3-pip libffi-dev curl -sSL https://get.docker.com | sh pip3 install docker-compose

sudo usermod -aG docker ${USER} id -nG

sudo systemctl edit docker.service [Service] ExecStartPre=/bin/sleep 90

cd /scripts/docker docker-compose up -d

[global] workgroup = WORKGROUP usershare allow guests = yes # Shared resource with anonymous access without password [sharedrpi] comment = Shared rpi path = /mnt/sharedrpi browseable = Yes writeable = Yes public = yes security = SHARE

systemctl disable smbd systemctl stop smbd

apt install -y apache2 # Update latest version apache2 apt install --only-upgrade apache2

apache2 -M ls /etc/apache2/mods-available/ a2enmod auth_basic a2enmod authn_file a2enmod authz_user a2enmod authn_core a2enmod authz_core

DocumentRoot /var/www/sharedrpi <Directory "/var/www/sharedrpi"> AuthType Basic AuthName "Restricted access" AuthUserFile /var/www/htpasswd Require user USER </Directory>

# Hide Apache2 server info from Index Of / ServerSignature Off ServerTokens Prod

MaxInstances 3 User proftpd Group nogroup AllowOverwrite on ServerName "FTP Server" DefaultRoot /mnt/sharedrpi Include /etc/proftpd/conf.d/ # Limit connection to only one user, jailed in their directory DefaultRoot /mnt/ftp <Limit LOGIN> AllowUser USER DenyAll </Limit>

mkdir /var/sftpusers groupadd sftp_users useradd -d /var/sftpusers -G sftp_users sftpuser1 chown -R root:sftp_users /var/sftpusers/ chmod -R 770 /var/sftpusers/

#Subsystem sftp /usr/libexec/openssh/sftp-server Subsystem sftp internal-sftp Match Group sftp_users ChrootDirectory /var/sftpusers ForceCommand internal-sftp X11Forwarding no AllowTcpForwarding no