From f5864eb85436d52fe3e2670387744d5008003813 Mon Sep 17 00:00:00 2001
From: BWSTTVDEV <beer@bwsttv.com>
Date: Tue, 5 Aug 2025 04:21:16 +0000
Subject: [PATCH] Initial setup script for new machines

---
 setup.sh | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 setup.sh

diff --git a/setup.sh b/setup.sh
new file mode 100644
index 0000000..26f6a34
--- /dev/null
+++ b/setup.sh
@@ -0,0 +1,57 @@
+#!/bin/bash
+# Basic VM/LXC Setup Script for root environments
+# Creates 'beer' user if missing, sets up SSH, installs basic tools.
+
+# === CONFIGURE PUBLIC KEY ===
+SSH_PUBLIC_KEY="rsa-key-20250805
+AAAAB3NzaC1yc2EAAAADAQABAAABAQDUDI9pCxrSCAWGvfMvjIYrHragCCJwHj3f
+kMdpCVlf3d6rBu3VRSQHlVrcgb7sX+C4iuktCOBXFerV1XORuzWwpWq3047gPNDC
+fg9u96nmvrINXWgkpuSqTWPUBoU/xL2rnW3a+yKAHBpCpk6O2kY9DA9tAU/LER3n
+4tbu+vVe6CtRlrV3nZIMR6xYfnN7YLaVZWGIHwW+BPfRTxF09iLbrzSNCrenBWaG
+oSTgsdHCFFuYAStr/5vE7ssM4T6loVML+Cljz7DftmEul5YRBQA8uON77+a+MiGS
+dYLgpilGJ8bK77Bp0i+OwwY7icfQvtMw67aWaHXqauy/g3t0ji/L" # Paste your SSH public key here
+USERNAME="beer"
+
+# Ensure script runs as root
+if [ "$EUID" -ne 0 ]; then
+  echo "Please run as root."
+  exit 1
+fi
+
+# === UPDATE SYSTEM ===
+echo "Updating system..."
+apt update && apt upgrade -y
+
+# === CREATE USER IF NOT EXISTS ===
+if id "$USERNAME" &>/dev/null; then
+    echo "User '$USERNAME' already exists."
+else
+    echo "Creating user '$USERNAME'..."
+    adduser --disabled-password --gecos "" "$USERNAME"
+    usermod -aG sudo "$USERNAME"
+fi
+
+# === SET UP SSH FOR USER ===
+echo "Configuring SSH for '$USERNAME'..."
+mkdir -p /home/$USERNAME/.ssh
+echo "$SSH_PUBLIC_KEY" > /home/$USERNAME/.ssh/authorized_keys
+chmod 700 /home/$USERNAME/.ssh
+chmod 600 /home/$USERNAME/.ssh/authorized_keys
+chown -R $USERNAME:$USERNAME /home/$USERNAME/.ssh
+
+# === HARDEN SSH ===
+echo "Updating SSH security settings..."
+sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
+sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
+systemctl restart ssh || service ssh restart
+
+# === INSTALL BASIC UTILITIES ===
+echo "Installing base packages..."
+apt install -y curl wget vim git ufw
+
+# === FIREWALL CONFIGURATION ===
+echo "Configuring firewall..."
+ufw allow OpenSSH
+ufw --force enable
+
+echo "Setup complete! You can now SSH into the container/VM as '$USERNAME'."