#!/bin/bash

sudo clear
echo "Installing firewall and remote access tools..."
sudo apt install -y --ignore-missing ssh openssh-server openssl xrdp cockpit ufw fail2ban portsentry libapache2-mod-security2 snort remmina avahi-daemon #guacamole
wget https://servzero.net/arc/tools/f2b/jail.local; sudo mv jail.local /etc/fail2ban/
wget https://servzero.net/arc/tools/f2b/ufw.f2b.conf; sudo mv ufw.f2b.conf /etc/fail2ban/filter.d/
sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf; sudo sh -c 'echo "SecRuleEngine On" >> /etc/modsecurity/modsecurity.conf'
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw allow 9090
sudo ufw enable
echo "DONE."
read -n1

echo 'Installing webstack (LAMP)...'
sudo apt update
sudo apt install -y --ignore-missing apache2 mariadb-server php libapache2-mod-php php-mysql php-sqlite3 phpmyadmin snap snapd  #adminer
#sudo apt install -y certbot python3-certbot-apache
sudo snap install certbot --classic
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo service apache2 start
sudo service mariadb start
sudo mysql_secure_installation
#sudo echo 'Include /etc/phpmyadmin/apache.conf' >> /etc/apache2/apache2.conf
sudo mysql -u root -p<< CMD
CREATE USER 'webroot'@'localhost' IDENTIFIED BY 'w3bp4ssw0rd';
GRANT ALL PRIVILEGES ON *.* TO 'webroot'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
CMD
echo ''
echo 'LOGIN PAGE:'
echo 'http://127.0.0.1/phpmyadmin'
echo 'http://localhost/phpmyadmin'
echo 'USER: webroot'
echo 'PASSWORD: w3bp4ssw0rd'
echo ''
echo 'Done.'
read -n1

echo 'Installing Mumble and ejabberd...'
sudo apt install -y --ignore-missing mumble mumble-server ejabberd
echo 'Done.'
read -n1
