#!/bin/bash
#source="/drives/x/sync/onedrive/iSystems Consulting e.K/iSystems Support - SAP/Customers/+++Internal/Support/Zabbix/prepTrixie.sh";
#destin="root@100.76.48.116:/mnt/files/iso/etc/prepTrixie.sh"
#scp "$source" "$destin"
#alias prepTrixieGet='wget -qN - https://files.jezz.systems/etc/prepTrixie.sh' && alias prepTrixie='bash prepTrixie.sh' && clear && echo "use 'prepTrixieGet' and 'prepTrixie'"
checkOS() {
 if ! grep -q "VERSION_CODENAME=trixie" /etc/os-release; then
  echo
  echo "ERROR: This script is intended for Debian 13 (Trixie)."
  echo
  exit 1
 fi
}
prepHostname() {
 DefaultHostname="zabbixproxy.test.local"
 read -e -p "Enter Your New Hostname:" -i "$DefaultHostname" DefaultHostname
 hostnamectl set-hostname "$DefaultHostname"
 if grep -q "^127.0.1.1" /etc/hosts; then
  sed -i "s/^127.0.1.1.*/127.0.1.1 $DefaultHostname/" /etc/hosts
 else
  echo "127.0.1.1 $DefaultHostname" >> /etc/hosts
 fi
 echo "$DefaultHostname" > /etc/mailname
}
prepUpdates() {
CONT=""
read -p "Install Updates? (y/n) " CONT
if [ "$CONT" = "y" ]; then
 echo "Installing Updates"
 apt update
 apt upgrade -y
 apt auto-clean -y
 apt autoremove -y
else
 echo "Skipping Updates"
fi
}
prepKeys() {
CONT=""
read -p "Install Keys? (y/n) " CONT
if [ "$CONT" = "y" ]; then
 echo "Installing Keys"
 cat >> /root/.ssh/authorized_keys <<'EOF'
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDClquILDs6oqokrkNS4WjKt3mh0rBuXM6VOpjKT5WV3cqiogZ8AP7tHQAIYjEPdkqDi9i7nSLEHsYV8t+Lc7W5A5DBeiSG27Fhf5H/RVbXY1TMmoMpnqAHbFVRiOY1rv9gp7j9Vu7uOYSKnVQnH7dra1N4HdBaGo/uuM3mPZCaOgqLl3RBATb0dU8mTW/eznrb69rYK3gw9U1/u0v6SopPLLBMkYQSx/jadr/L7gAIRa9yu+5sngt4jewAsqC4puU7xunjJndKGnWseYcyOzmYub2p5ce7Gia/j1RbPOF3++vwpiZAfi4clny+Ra8fwlgb9TLU+CS3bVBlBUIlfZjd klaus@Lenovo-P310 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz2BbQyhA75M+goDLoQeQqhqQkyoYduweOxxndza8dPhCoWIF2tZFie0SPae8TFOspQ0OMHrwxCNyWsUomSxYmRi7u24+gAcV19/ZN3USlGObJ1tscx1QIucUJ2iikNuAo8pu5PpHvRBvqQ13ZZvRXidLTRK60UkQMOPhCviNIRLn9kh5iOI6NxAbaiojPaMdyr5SS0ExUX0PBXpdFcYeLXfBNA4RMyNBC3vWGalEMcbTvQ+KtMY55oSg+69+jhGPccuY2MmwNdP1aFpBxhSuyIu/wa/lD//zHSraY0QgxuTFzw1oTWlvXApeFNT3WJydrpc1TnEvJ6EZiMooDhjet klaus@X349m 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIEJTbMPJbwO4mrllHoshZSEz3TSqkVlAI0d/N1+Jxrwt3E3z98w9kMMc7XkINtN9THBTkmXi2MJorABzLtk6wiDivTfBHTp27BaGkeBYfa9XM6c6I4LSYouiTG3TcGRhd0imtQnTvosGXYJOerrlVcZlBpOz9XEcmjD4Fgfy3n/jRJHkWGgt07f8P+SBEIkeDIsf8DJQ9Bm5Ap04A0JKlJ7NenmBieQNJ0ZKCrfN5L2AdQ1fONBpiet0WnSGqUZnbL7MonwMhLdFusSEbj3eSGOmPxWM9cl9DX2KRqxDwWZfcumBomX01nxyelx9mIPgsFJDRCl43NN+TTUumG/E7 root@dcdus-hcc03
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiCpHdqyjOlGLAjEpYqhH+Hdrd71e6gRxJN3h1DWgubK0ygP2oltEaO5isFnsw31K4oQJly86XaxiWpBDGYuDawiUTWS4HpLMBJROqiUo3sGGis6/1hxJdsA5aBo99mnVedqLWSOzaGf3gEBMMpaUlI6IlHrQYbAB8IEd8AklqGb8eOv/0eGqPdBzTbcWQF93O/2RDux09aMfDcNaCT3i0pVGKE9eG4n/KTdp7FkwRwEPIhCwc3+Y8KX7B4PzIGlGIQ+wLUG94ebTtItgV2C65g/iXSM6Njg8nBs+whlO+zxpU4i0wy4KWDdt9GfMJedLgfLClLR9K0I3dSheT339H steffen
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4EhIIhIf0hyGjDOQMTVWYdcUHqrklNKVX5ldGEg7OJ0SuwWJbZJeAcqgkGVAh7GRchgHC3RrIurITcOQO6Tdpj8Fy7K48oN8AlMd3yAACchuDeXY8ADSSd4mfcsRjdoepif8JMoVATE2fRvyrqHD+KYwppv+zcvb+Dp6kCxDuuwx/3gsUiBlOUQRcQAeK51OQvdxAicxewS95qYFoqVfMNm04zf436XNEyWHo2Fpn/DGzn3m/onBSu5zjcG4xc2LA3yBFmrr0Ba2+1Z0MmZRiCo7JEbK4AjGW68+L8s0h4wyrIh/o0g8NWacFq4pJBtzUh3w+XSJCEP104lOvDMM3 samuel
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwJwbJABC/O7RJ7WUdrLaON23ec3GfU7HpzVPng3HAvc9+VkuGYPVhZ7nmbcrYkBjwNbRVL0vDzvz965/60w4VRlKuQIoOJm73/bz9U0dYAMYeyADmU1SM7JVX1cdFTNCEvJ6EnRSlNrCxZF8Gr1IP6R+ecL77xCBhuDDzkFr6JRBTMGsNRqQVIoRtQznbAIc4noBCs7yBbonucXwKoIbFtpShMHcuesdcddhtKkW7kVecKlGwVZM21HVdezI5pdGZuA0rOOTkt9vRAmG7uOHTiWQLQDciHRZp9xByaz3l83qx1cuLtKdd6QoIj/lMf9GDC9Am4zoeBv8zC9IT01wP zabbix
EOF
else
 echo "Skipping Keys"
fi
}
prepTailscale() {
CONT=""
read -p "Install Tailscale? (y/n) " CONT
if [ "$CONT" = "y" ]; then
 echo "Installing Tailscale"
 read -p "Enter hostname (example: hostname-partner-customer): " tailscale_hostname
 read -p "Enter routes (example: 192.168.0.0/24,192.168.1.0/24): " tailscale_routes
 read -s -p "Enter decryption password for authkey (Hint: I think I spider): " tailscale_password
 #echo 'tskey-XYZ' | openssl enc -aes-256-cbc -md sha512 -a -pbkdf2 -iter 100000 -salt -pass pass:$tailscale_password
 encrypted_authkey="U2FsdGVkX1/ivWcFiL9K3g8BHVfQextwCgbRl8ORASHpbO6GC8f1GFjbqKyc0zGI"
 authkey=$(echo "$encrypted_authkey" | openssl enc -aes-256-cbc -md sha512 -a -pbkdf2 -iter 100000 -salt -pass pass:"$tailscale_password" -d)
 if [ $? -ne 0 ]; then
  echo "Wrong Password. Exiting."
  return 1
 fi
 echo 
 echo 
 echo "Password OK. Enabling Tailscale Service."
 systemctl enable --now tailscaled
 echo 
 tailscale up --authkey="$authkey" --hostname="$tailscale_hostname" --advertise-routes="$tailscale_routes" --accept-routes=false --accept-dns=false
 echo
 echo "Once up, open admin panel and disable key expiry for host: $tailscale_hostname"
 echo 
 echo "Please remember to disable subnet routes at all times."
 echo
else
 echo "Skipping Tailscale"
fi
}
prepPassword() {
CONT=""
read -p "Change Password? (y/n) " CONT
if [ "$CONT" = "y" ]; then
 echo "Changing Password"
 passwd
else
 echo "Keeping Password"
fi
}
prepZabbix() {
CONT=""
read -p "Install Zabbix Proxy? (y/n) " CONT
if [ "$CONT" = "y" ]; then
 echo "Installing Zabbix Proxy"
 ZABBIX_SERVER_ADDRESS="100.72.241.63,192.168.191.250"
 read -e -p "Enter Zabbix Remote Server IP:" -i "$ZABBIX_SERVER_ADDRESS" ZABBIX_SERVER_ADDRESS
 ZABBIX_SERVER_HOSTNAME="zabbixproxy.test.local"
 read -e -p "Enter Zabbix Proxy Fqdn:" -i "$ZABBIX_SERVER_HOSTNAME" ZABBIX_SERVER_HOSTNAME
 read -s -p "Enter Zabbix Proxy Database Password: " ZABBIX_DB_PASSWORD
 echo
 wget https://repo.zabbix.com/zabbix/7.0/debian/pool/main/z/zabbix-release/zabbix-release_latest+debian13_all.deb
 dpkg -i zabbix-release_latest+debian13_all.deb
 apt update
 apt install -y mariadb-server
 apt install -y zabbix-proxy-mysql zabbix-sql-scripts
 systemctl enable mariadb
 systemctl start mariadb
 if ! mysql -uroot -e "SELECT VERSION();" >/dev/null 2>&1
 then
  echo
  echo "ERROR: Unable to connect to MariaDB as root."
  echo
  return 1
 fi
 mysql -uroot -e "CREATE DATABASE zabbix_proxy CHARACTER SET utf8mb4 COLLATE utf8mb4_bin;"
 mysql -uroot -e "CREATE USER zabbix@localhost IDENTIFIED BY '$ZABBIX_DB_PASSWORD';"
 mysql -uroot -e "GRANT ALL PRIVILEGES ON zabbix_proxy.* TO zabbix@localhost;"
 mysql -uroot -e "SET GLOBAL log_bin_trust_function_creators = 1;"
 cat /usr/share/zabbix-sql-scripts/mysql/proxy.sql | mysql \
  --default-character-set=utf8mb4 \
  -uzabbix \
  -p$ZABBIX_DB_PASSWORD \
  zabbix_proxy
 mysql -uroot -e "SET GLOBAL log_bin_trust_function_creators = 0;"
 conf="/etc/zabbix/zabbix_proxy.conf"
 back="$conf"".bak"
 cp "$conf" "$back"
 sed -i "s/Server=127.0.0.1/Server=$ZABBIX_SERVER_ADDRESS/g" "$conf"
 sed -i "s/Hostname=Zabbix proxy/Hostname=$ZABBIX_SERVER_HOSTNAME/g" "$conf"
 sed -i "s/# DBPassword=/DBPassword=$ZABBIX_DB_PASSWORD/g" "$conf"
 echo TLSConnect=psk >> /etc/zabbix/zabbix_proxy.conf
 echo TLSAccept=psk >> /etc/zabbix/zabbix_proxy.conf
 echo TLSPSKIdentity=$ZABBIX_SERVER_HOSTNAME >> /etc/zabbix/zabbix_proxy.conf
 echo TLSPSKFile=/etc/zabbix/proxy.psk >> /etc/zabbix/zabbix_proxy.conf
 echo EnableRemoteCommands=1 >> /etc/zabbix/zabbix_proxy.conf
 openssl rand -hex 256 > /etc/zabbix/proxy.psk
 chmod 400 /etc/zabbix/proxy.psk
 chown zabbix.zabbix /etc/zabbix/proxy.psk
 systemctl enable zabbix-proxy
 systemctl restart zabbix-proxy
 echo
 echo "This is the PSK"
 echo
 cat /etc/zabbix/proxy.psk
else
 echo "Skipping Zabbix Proxy"
fi
}
prepKeysRegenerate() {
CONT=""
read -p "Regenerate SSH Keys? [Note: when asked, keep the current ssh config] (y/n) " CONT
if [ "$CONT" = "y" ]; then
 echo "Regenerating SSH Keys"
 rm -v /etc/ssh/ssh_host_*
 dpkg-reconfigure openssh-server
else
 echo "Keeping SSH Keys"
fi
}
prepFinishUp() {
echo >/root/.bash_history
history -c
systemctl poweroff
}
prepMenu() {
echo '# MENU'
local funcs
local choice
local count=0
local column_count=1
funcs=($(grep -oE '^[a-zA-Z_]+[a-zA-Z_0-9]*\(\)' "$0" | awk -F'(' '{ print $1 }'));
for (( i=0; i<${#funcs[@]}; i++ )); do
 printf "%3d|%-20s" $((i+1)) ${funcs[$i]};
 count=$((count+1)) 
 if [[ $count -eq $column_count ]]; then
  echo
  count=0
 fi
done
if [[ $count -ne 0 ]]; then
 echo
fi
read -p "Enter your choice (1-${#funcs[@]}): " choice
if [[ $choice -ge 1 && $choice -le ${#funcs[@]} ]]; then
 ${funcs[$((choice-1))]}
else
 echo "Invalid choice"
fi
}
clear
checkOS
prepMenu