From 93837baacdda5d9c98539096a04574e399cf087d Mon Sep 17 00:00:00 2001
From: Decaded <12958507+Decaded@users.noreply.github.com>
Date: Sun, 23 Jul 2023 00:20:22 +0200
Subject: [PATCH 1/4] disable password authentication

---
 README.md  |  3 +++
 install.sh | 27 +++++++++++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/README.md b/README.md
index 1f4df04..aff1a04 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,9 @@
     - After installation will open provided SSH port
   - [fail2ban](https://github.com/fail2ban/fail2ban)
 
+- Option to disable password authentication and leave key-based only (as requested in [issue #1](https://github.com/Decaded/install-script/issues/1))
+  - asks for public key that will be inserted into `$HOME/.ssh/authorized_keys`
+
 - Option to install basic web server ([nginx](https://www.nginx.com/) & [php8.1](https://www.php.net/releases/8_1_0.php)-fpm)
   - opens 80 and 443 TCP/UDP ports in firewall 
   - removes [Apache2](https://httpd.apache.org/) if exist
diff --git a/install.sh b/install.sh
index 3bc83c5..f2c1b41 100644
--- a/install.sh
+++ b/install.sh
@@ -43,6 +43,33 @@ echo "fail2ban config is located in /etc/fail2ban/jail.local"
 echo "#######################################################"
 echo "\n"
 
+echo -n "Do you want to set up SSH key-based authentication? (y/n) "
+read ssh_option
+
+if [ "$ssh_option" != "${ssh_option#[Yy]}" ]; then
+  echo "Please provide your public key below or press 'Ctrl + C' to abort."
+
+  # Read the user-provided public key and save it to a variable
+  read -r user_public_key
+
+  # Create the ~/.ssh directory if it doesn't exist
+  mkdir -p "$HOME/.ssh"
+
+  # Save the public key to the authorized_keys file
+  echo "$user_public_key" >>"$HOME/.ssh/authorized_keys"
+
+  # Enable key-based authentication and disable password-based authentication for SSH
+  sudo sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
+  sudo sed -i 's/^#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
+
+  # Restart the SSH service for changes to take effect
+  sudo service ssh restart
+
+  echo "SSH key-based authentication has been enabled, and password-based authentication has been disabled."
+else
+  echo "SSH key-based authentication will not be set up."
+fi
+
 echo -n "Install NGINX and PHP? (y/n) "
 read answer
 if [ "$answer" != "${answer#[Yy]}" ]; then

From f6868f9c8c740e2b9981633194a98519c43cc146 Mon Sep 17 00:00:00 2001
From: Decaded <12958507+Decaded@users.noreply.github.com>
Date: Sun, 23 Jul 2023 00:34:53 +0200
Subject: [PATCH 2/4] bump php to 8.2

---
 README.md  | 10 +++++-----
 install.sh | 30 ++++++++++++++++++------------
 2 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/README.md b/README.md
index aff1a04..ba87ad1 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,7 @@
 - Option to disable password authentication and leave key-based only (as requested in [issue #1](https://github.com/Decaded/install-script/issues/1))
   - asks for public key that will be inserted into `$HOME/.ssh/authorized_keys`
 
-- Option to install basic web server ([nginx](https://www.nginx.com/) & [php8.1](https://www.php.net/releases/8_1_0.php)-fpm)
+- Option to install basic web server ([nginx](https://www.nginx.com/) & [php8.2](https://www.php.net/releases/8_2_0.php)-fpm)
   - opens 80 and 443 TCP/UDP ports in firewall 
   - removes [Apache2](https://httpd.apache.org/) if exist
 - Option to install [Node Version Manager](https://github.com/nvm-sh/nvm)
@@ -23,19 +23,19 @@
 ### Usage
 Download:
 ```bash
-$ wget https://raw.githubusercontent.com/Decaded/install-script/main/install.sh
+wget https://raw.githubusercontent.com/Decaded/install-script/main/install.sh
 ```
 Add permissions to run:
 ```bash
-$ sudo chmod +x install.sh
+sudo chmod +x install.sh
 ```
 Run script:
 ```bash
-$ ./install.sh
+./install.sh
 ```
 You can remove `install.sh` after installation is complete
 ```bash
-$ rm install.sh
+rm install.sh
 ```
 
 ### Disclaimer
diff --git a/install.sh b/install.sh
index f2c1b41..c8fb944 100644
--- a/install.sh
+++ b/install.sh
@@ -1,7 +1,9 @@
 #!/bin/sh
+# Check if the script has sudo privileges, exit if not
 sudo -n true
 test $? -eq 0 || exit 1 "You need sudo privilege to run this script"
 
+# List of essential apps to be installed
 APPS="htop screen nload nano firewalld fail2ban"
 
 echo "\n"
@@ -11,12 +13,15 @@ echo "Hit Ctrl+C now to abort"
 echo "#######################################################"
 sleep 6
 
+# Update package lists
 echo "Updating package lists"
 sudo apt update # get the latest package lists
 
+# Install essential apps
 sudo apt install $APPS -y       # do the magic
 sudo systemctl enable firewalld # enable firewall on boot
-# download customized fail2ban config
+
+# Download customized fail2ban config
 sudo wget -O /etc/fail2ban/jail.local https://gist.githubusercontent.com/Decaded/4a2b37853afb82ecd91da2971726234a/raw/be9aa897e0fa7ed267b75bd5110c837f7a39000c/jail.local
 sudo service fail2ban restart
 
@@ -28,9 +33,9 @@ echo "## THIS CAN CUT YOU OUT OF THE SERVER ##"
 echo "## CHECK TWICE BEFORE PROCEEDING ##"
 echo "## YOU HAVE BEEN WARNED ##"
 echo "\n"
-echo "Please provide your current SSH port (defalut is 22):"
+echo "Please provide your current SSH port (default is 22):"
 read sshPort
-echo "Openning port $sshPort TCP..."
+echo "Opening port $sshPort TCP..."
 sudo firewall-cmd --permanent --zone=public --add-port=$sshPort/tcp
 echo "Reload configuration..."
 sudo firewall-cmd --reload
@@ -73,11 +78,10 @@ fi
 echo -n "Install NGINX and PHP? (y/n) "
 read answer
 if [ "$answer" != "${answer#[Yy]}" ]; then
-  sudo apt install nginx php8.1 php8.1-fpm -y
+  sudo apt install nginx php8.2 php8.2-fpm -y
 
-  # remove apache2 if exist
-  # why?
-  # because I hate it
+  # Remove apache2 if it exists
+  # Reason: The script author prefers NGINX over Apache
   if [ "$(dpkg -l | awk '/apache2/ {print }' | wc -l)" -ge 1 ]; then
     echo "Apache2 is installed. Removing."
     sudo service apache2 stop
@@ -91,7 +95,7 @@ if [ "$answer" != "${answer#[Yy]}" ]; then
   echo "#######################################################"
   echo "Firewall configuration"
   echo "#######################################################"
-  echo "Oppening ports for 80 and 443 [TCP and UDP]"
+  echo "Opening ports for 80 and 443 [TCP and UDP]"
   echo "80 UDP..."
   sudo firewall-cmd --permanent --zone=public --add-port=80/udp
   echo "80 TCP..."
@@ -104,6 +108,7 @@ if [ "$answer" != "${answer#[Yy]}" ]; then
   sudo firewall-cmd --reload
   echo "\n"
 
+  # Create a directory for SSL certs if it doesn't exist
   if [ -d "/etc/nginx/cert" ]; then
     echo "Directory /etc/nginx/cert exists, skipping."
   else
@@ -112,8 +117,8 @@ if [ "$answer" != "${answer#[Yy]}" ]; then
   fi
 
   echo "\n"
-  echo "Finished setting up default web server."
-  echo "You can upload ssl certificates into /etc/nginx/cert"
+  echo "Finished setting up the default web server."
+  echo "You can upload SSL certificates into /etc/nginx/cert"
   echo "\n"
 
 else
@@ -124,14 +129,15 @@ fi
 echo -n "Install Node Version Manager? (y/n) "
 read answer
 if [ "$answer" != "${answer#[Yy]}" ]; then
+  # Install Node Version Manager (NVM)
   wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh | bash
   export NVM_DIR="$HOME/.nvm"
   [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
   [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"
   nvm ls-remote
   echo "\n"
-  echo "Above you can see list of all availble NodeJS versions."
-  echo "Choose NodeJS version to install (eg: 16.19.0):"
+  echo "Above you can see a list of all available NodeJS versions."
+  echo "Choose NodeJS version to install (e.g., 16.19.0):"
   read versionToInstall
   nvm install $versionToInstall
   echo "\n"

From fb5436fef29df5b40443a095a2dd25f85416feaf Mon Sep 17 00:00:00 2001
From: Decaded <12958507+Decaded@users.noreply.github.com>
Date: Sun, 23 Jul 2023 01:22:29 +0200
Subject: [PATCH 3/4] feat: passwordless sudo

---
 README.md  |  4 +++-
 install.sh | 52 +++++++++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 52 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index ba87ad1..88cda14 100644
--- a/README.md
+++ b/README.md
@@ -11,9 +11,11 @@
     - After installation will open provided SSH port
   - [fail2ban](https://github.com/fail2ban/fail2ban)
 
+
 - Option to disable password authentication and leave key-based only (as requested in [issue #1](https://github.com/Decaded/install-script/issues/1))
   - asks for public key that will be inserted into `$HOME/.ssh/authorized_keys`
-
+- Option to enable passwordless sudo access for user using this script
+  - won't do anything if user already has this enabled
 - Option to install basic web server ([nginx](https://www.nginx.com/) & [php8.2](https://www.php.net/releases/8_2_0.php)-fpm)
   - opens 80 and 443 TCP/UDP ports in firewall 
   - removes [Apache2](https://httpd.apache.org/) if exist
diff --git a/install.sh b/install.sh
index c8fb944..9e491a9 100644
--- a/install.sh
+++ b/install.sh
@@ -1,4 +1,5 @@
 #!/bin/sh
+
 # Check if the script has sudo privileges, exit if not
 sudo -n true
 test $? -eq 0 || exit 1 "You need sudo privilege to run this script"
@@ -52,7 +53,10 @@ echo -n "Do you want to set up SSH key-based authentication? (y/n) "
 read ssh_option
 
 if [ "$ssh_option" != "${ssh_option#[Yy]}" ]; then
-  echo "Please provide your public key below or press 'Ctrl + C' to abort."
+  echo "#######################################################"
+  echo "SSH configuration"
+  echo "Please provide your public key below."
+  echo "#######################################################"
 
   # Read the user-provided public key and save it to a variable
   read -r user_public_key
@@ -61,7 +65,7 @@ if [ "$ssh_option" != "${ssh_option#[Yy]}" ]; then
   mkdir -p "$HOME/.ssh"
 
   # Save the public key to the authorized_keys file
-  echo "$user_public_key" >>"$HOME/.ssh/authorized_keys"
+  echo "$user_public_key" >> "$HOME/.ssh/authorized_keys"
 
   # Enable key-based authentication and disable password-based authentication for SSH
   sudo sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
@@ -70,15 +74,57 @@ if [ "$ssh_option" != "${ssh_option#[Yy]}" ]; then
   # Restart the SSH service for changes to take effect
   sudo service ssh restart
 
+  echo "\n"
+  echo "#######################################################"
   echo "SSH key-based authentication has been enabled, and password-based authentication has been disabled."
+  echo "#######################################################"
+  echo "\n"
 else
   echo "SSH key-based authentication will not be set up."
+  echo "#######################################################"
+  echo "\n"
+fi
+
+# Function to check if passwordless sudo is already enabled for the user
+is_passwordless_sudo_enabled() {
+  # Check if the line with NOPASSWD:ALL exists in the sudoers file for the current user
+  sudo grep -qE "^\s*$USER\s+ALL=\(ALL\) NOPASSWD:ALL\s*$" /etc/sudoers
+}
+
+# Function to enable passwordless sudo access for the user running the script
+enable_passwordless_sudo() {
+  # Add an entry to the sudoers file for passwordless sudo access for the current user
+  echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers
+}
+
+# Check if passwordless sudo is already enabled for the user
+if is_passwordless_sudo_enabled; then
+  echo "Passwordless sudo access is already enabled for your user."
+else
+  # Prompt the user if they want to enable passwordless sudo access
+  echo -n "Do you want to enable passwordless sudo access for your user? (y/n): "
+  read enable_sudo_option
+
+  if [ "$enable_sudo_option" != "${enable_sudo_option#[Yy]}" ]; then
+    enable_passwordless_sudo
+    echo "\n"
+    echo "#######################################################"
+    echo "\n"
+    echo "Passwordless sudo access has been enabled for your user."
+    echo "Please log out and log back in for the changes to take effect."
+    echo "#######################################################"
+    echo "\n"
+  else
+    echo "Passwordless sudo access will not be enabled."
+    echo "#######################################################"
+    echo "\n"
+  fi
 fi
 
 echo -n "Install NGINX and PHP? (y/n) "
 read answer
 if [ "$answer" != "${answer#[Yy]}" ]; then
-  sudo apt install nginx php8.2 php8.2-fpm -y
+  sudo apt install nginx php8.1 php8.1-fpm -y
 
   # Remove apache2 if it exists
   # Reason: The script author prefers NGINX over Apache

From bea02bb70548db046e25fceafdc564299f659edb Mon Sep 17 00:00:00 2001
From: Decaded <12958507+Decaded@users.noreply.github.com>
Date: Sun, 23 Jul 2023 01:23:58 +0200
Subject: [PATCH 4/4] revert php to 8.1

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 88cda14..17daae0 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@
   - asks for public key that will be inserted into `$HOME/.ssh/authorized_keys`
 - Option to enable passwordless sudo access for user using this script
   - won't do anything if user already has this enabled
-- Option to install basic web server ([nginx](https://www.nginx.com/) & [php8.2](https://www.php.net/releases/8_2_0.php)-fpm)
+- Option to install basic web server ([nginx](https://www.nginx.com/) & [php8.1](https://www.php.net/releases/8_1_0.php)-fpm)
   - opens 80 and 443 TCP/UDP ports in firewall 
   - removes [Apache2](https://httpd.apache.org/) if exist
 - Option to install [Node Version Manager](https://github.com/nvm-sh/nvm)