From 795629b1c2ac0f16c1b9e373d96caec901b1521d Mon Sep 17 00:00:00 2001
From: CREATIVE_tg1 <creative_tg1@noreply.localhost>
Date: Mon, 13 Apr 2026 12:59:21 +0000
Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=B8=D1=82?=
 =?UTF-8?q?=D1=8C=20server/server-init.sh?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/server-init.sh | 55 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 server/server-init.sh

diff --git a/server/server-init.sh b/server/server-init.sh
new file mode 100644
index 0000000..375d6e0
--- /dev/null
+++ b/server/server-init.sh
@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+MARKER="/var/lib/first-boot-init.done"
+LOG="/var/log/first-boot-init.log"
+
+# Запускать только от root
+if [[ "${EUID}" -ne 0 ]]; then
+  echo "Run as root (sudo)." >&2
+  exit 1
+fi
+
+# Одноразовый запуск
+if [[ -f "$MARKER" ]]; then
+  echo "Already initialized. Marker exists: $MARKER"
+  exit 0
+fi
+
+exec > >(tee -a "$LOG") 2>&1
+
+echo "=== First boot init started at $(date -Is) ==="
+
+# 1) Обновление системы
+export DEBIAN_FRONTEND=noninteractive
+apt-get update
+apt-get -y upgrade
+apt-get -y autoremove --purge
+
+# 2) Установка UFW и Fail2ban
+apt-get -y install ufw fail2ban
+
+# 3) Настройка UFW (важно: не отрезать себе доступ по SSH)
+SSH_PORT="${SSH_PORT:-22}"
+
+ufw --force reset
+ufw default deny incoming
+ufw default allow outgoing
+ufw allow "${SSH_PORT}/tcp" comment "Allow SSH"
+ufw --force enable
+
+# 4) Fail2ban: включить и запустить
+systemctl enable fail2ban
+systemctl restart fail2ban
+
+# (Опционально) показать статус
+ufw status verbose || true
+systemctl --no-pager --full status fail2ban || true
+
+# 5) Маркер выполнения
+mkdir -p "$(dirname "$MARKER")"
+touch "$MARKER"
+
+echo "=== First boot init finished at $(date -Is) ==="
+echo "Marker created: $MARKER"
+echo "Log: $LOG"
\ No newline at end of file