bashgen/README.md

# Bash Script Generator

A web-based tool for generating comprehensive Linux server setup scripts. This FastAPI application allows administrators to configure and download a single bash script that automates common server baseline setup tasks.

## Features

### System Setup
- Initial system update & upgrade
- Automatic security updates (unattended-upgrades)
- Timezone configuration
- Hostname setup
- NTP time synchronization
- Swap file configuration

### Security & Hardening
- SSH hardening (disable root login, strong ciphers, timeouts)
- Fail2ban intrusion prevention
- Pre-login and post-login banners
- SSH 2FA (Google Authenticator installation)

### Docker & Services
- Docker + Docker Compose installation
- Docker admin user creation with restricted permissions
- Custom Docker data directory with ACL permissions
- UFW firewall configuration
- Network bonding/bridging (netplan)

### User Management
- Admin user creation with sudo access
- SSH public key authentication setup

### Monitoring & Utilities
- Monitoring tools (htop, iotop, net-tools, etc.)
- Build tools (build-essential, git, etc.)

## Quick Start

### Using Docker (Recommended)

```bash
cd bashgen
docker-compose up -d
```

Access the web interface at `http://localhost:8083`

### Manual Setup

```bash
cd bashgen
python -m venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate
pip install -r requirements.txt
uvicorn app:app --host 0.0.0.0 --port 8080
```

## Usage

1. Open the web interface
2. Select the features you want to include
3. Configure parameters (hostname, timezone, ports, etc.)
4. Add system owner information
5. Paste SSH public keys (if creating admin user)
6. Download the generated `.sh` script
7. Run on your Ubuntu server: `sudo bash setup-server.sh`

## Project Structure

```
bashgen/
├── app.py                 # FastAPI backend
├── requirements.txt       # Python dependencies
├── Dockerfile            # Docker image definition
├── docker-compose.yml    # Docker Compose configuration
├── templates/
│   ├── index.html        # Web form frontend
│   ├── script.sh.j2      # Bash script Jinja2 template
│   ├── loginbanner.md.template      # Pre-login SSH banner template
│   └── postloginbanner.md.template  # Post-login MOTD banner template
└── README.md             # This file
```

## Banner Templates Setup

The application uses banner templates for SSH pre-login and post-login messages. These templates are included in the `templates/` directory.

### Using Default Templates

The application automatically uses the included templates:
- `templates/loginbanner.md.template` - Pre-login SSH banner
- `templates/postloginbanner.md.template` - Post-login MOTD banner

### Customizing Banners

1. **Edit the template files** in the `templates/` directory:
   - `loginbanner.md.template` - Customize your SSH pre-login warning banner
   - `postloginbanner.md.template` - Customize your post-login MOTD message

2. **Placeholder variables** you can use in templates:
   - `[OWNER_NAME]` - Will be replaced with the owner name from the form
   - `[OWNER_WEBSITE]` - Will be replaced with the owner website
   - `[OWNER_EMAIL]` - Will be replaced with the owner email

3. **Example template content:**
   ```markdown
   System Owner:
     Name:    [OWNER_NAME]
     Website: [OWNER_WEBSITE]
     Email:   [OWNER_EMAIL]
   ```

4. **For Docker deployment**, the templates are copied into the container during build.

### Local Development Setup

If running locally (not in Docker), create a `workingscope/` directory in the parent directory:

```bash
# From the bashgen directory
mkdir -p ../workingscope
cp templates/loginbanner.md.template ../workingscope/loginbanner.md
cp templates/postloginbanner.md.template ../workingscope/postloginbanner.md
```

The application will automatically detect and use these files.

## Requirements

- Python 3.11+
- Docker & Docker Compose (for containerized deployment)
- Ubuntu Server (for generated scripts)

## License

This project is licensed under the **MIT License** - see the [LICENSE](LICENSE) file for details.

The MIT License is a permissive open-source license that allows you to:
- ✅ Use the code commercially
- ✅ Modify the code
- ✅ Distribute the code
- ✅ Use privately
- ✅ Include license and copyright notice

## Creator

Created and maintained by **Avni Ademi** (@avni.ademi)

## Contributing

Contributions are welcome and encouraged! This project thrives on community involvement.

### How to Contribute

1. **Fork the repository** on GitLab
2. **Create a feature branch** (`git checkout -b feature/amazing-feature`)
3. **Make your changes** and test thoroughly
4. **Commit your changes** (`git commit -m 'Add some amazing feature'`)
5. **Push to the branch** (`git push origin feature/amazing-feature`)
6. **Open a Merge Request** on GitLab

### Contribution Ideas

- 🐛 Bug fixes and improvements
- ✨ New features and enhancements
- 📝 Documentation improvements
- 🎨 UI/UX improvements
- 🔒 Security enhancements
- 🧪 Test coverage
- 🌐 Translations
- 📦 Additional server setup options

### Code of Conduct

- Be respectful and inclusive
- Welcome newcomers and help them learn
- Focus on constructive feedback
- Celebrate diversity of ideas and backgrounds

### Questions?

Feel free to open an issue on GitLab or reach out to the maintainer.

## Planned Features

See [FEATURES.md](FEATURES.md) for a list of planned features and enhancements.

### Upcoming Features:
- 🔒 **Automated CVE-based Security Patching** - Monitor CVE databases and apply security patches automatically
- 🔐 **VPN Server Setup** - Configure WireGuard, OpenVPN, or IPSec VPN for organizations (with FIPS 140-2 support)
- 🛡️ **Central SIEM Server** - Set up centralized Security Information and Event Management (ELK, Wazuh, Graylog)
- 🐳 **FIPS-Hardened Docker Images** - Configure Docker with FIPS 140-2 validated images and crypto libraries
- 📊 **Enhanced Monitoring** - Integration with Prometheus, Grafana
- 🔐 **SSL/TLS Certificate Management** - Automated Let's Encrypt setup
- 💾 **Backup Automation** - Automated backup solutions
- 🌐 **Multi-Distribution Support** - Support for CentOS/RHEL, Debian, Alpine

---

**Thank you for contributing!** 🙏