Shell scripts, ready to run
30 scripts· Ubuntu / Debian· MIT License· GitHub
// basics
init
rootubuntudebian
New server bootstrap — update mirrors, install common tools, set timezone, enable UFW.
$curl -sL runsh.de/init.sh | bash
what it does
  • apt-get update & install: curl wget git vim htop unzip net-tools ufw
  • Set timezone to Asia/Shanghai
  • UFW: deny incoming, allow SSH, enable
🔄
update
root
Update all packages, remove unused deps, clean apt cache, vacuum systemd logs.
$curl -sL runsh.de/update.sh | bash
what it does
  • apt-get update + upgrade (non-interactive)
  • autoremove, autoclean, clean
  • journalctl vacuum (keep 7 days)
  • Reports disk free and reboot requirement
💾
swap
root
Create a 2G swap file, persist across reboots, set swappiness=10.
$curl -sL runsh.de/swap.sh | bash
custom size: SWAP_SIZE=4G
what it does
  • Creates /swapfile via fallocate (dd fallback)
  • chmod 600, mkswap, swapon
  • Appends to /etc/fstab for persistence
  • Sets vm.swappiness=10
🚀
bbr
root
Enable BBR TCP congestion control for better throughput. Kernel ≥ 4.9.
$curl -sL runsh.de/bbr.sh | bash
what it does
  • Checks kernel version ≥ 4.9
  • modprobe tcp_bbr
  • Sets net.core.default_qdisc=fq
  • Sets net.ipv4.tcp_congestion_control=bbr
  • Persists via /etc/sysctl.conf
📊
info
System overview: OS, CPU, RAM, disk, network interfaces, public IP, Docker status.
$curl -sL runsh.de/info.sh | bash
what it does
  • OS, kernel, hostname, uptime
  • CPU model, cores, load average
  • Memory & swap usage
  • Disk usage per mount
  • Network interfaces + public IP
  • Docker version & running containers
bench
Quick benchmark: CPU speed, disk read/write (512MB), network download from multiple nodes.
$curl -sL runsh.de/bench.sh | bash
what it does
  • CPU: Python prime benchmark
  • Disk write: dd 512MB with fdatasync
  • Disk read: dd 512MB
  • Network: 100MB download from Tokyo / LA
🧹
cleanup
root
Deep clean: apt cache, old logs, temp files, Docker leftovers. Reports freed space.
$curl -sL runsh.de/cleanup.sh | bash
what it does
  • apt autoremove, autoclean, clean
  • journalctl vacuum (keep 7 days)
  • Deletes /var/log/*.gz >30 days
  • Deletes /tmp files not accessed in 3 days
  • docker system prune -f (if installed)
  • Lists top 10 large files in /var and /tmp
// security
🔒
ssh-harden
root
Disable root login & password auth, change SSH port to 22222.
$curl -sL runsh.de/ssh-harden.sh | bash
what it does
  • Verifies SSH key exists before proceeding
  • Backs up sshd_config
  • Port=22222, PermitRootLogin=no, PasswordAuthentication=no
  • MaxAuthTries=3, X11Forwarding=no
  • Updates UFW if installed
⚠ Ensure key auth works first. Test in a new terminal after!
🛡
ufw
root
Configure UFW: deny all incoming, allow SSH / HTTP / HTTPS.
$curl -sL runsh.de/ufw.sh | bash
custom SSH port: SSH_PORT=22222
what it does
  • ufw reset → deny incoming → allow outgoing
  • Allow SSH (22), HTTP (80), HTTPS (443)
  • ufw enable, shows final rules
🚫
fail2ban
root
Block brute-force. Bans IPs after 5 failed SSH attempts for 1 hour.
$curl -sL runsh.de/fail2ban.sh | bash
what it does
  • Installs fail2ban
  • SSH jail: maxretry=3, bantime=3600s
  • Nginx jails if Nginx is installed
  • Enables fail2ban service
// network
🔐
wireguard
root
WireGuard VPN server. Generates server + client config automatically.
$curl -sL runsh.de/wireguard.sh | bash
custom port: WG_PORT=51820
what it does
  • apt install wireguard
  • Generates server & client keypairs + PSK
  • Writes /etc/wireguard/wg0.conf
  • Enables IP forwarding + iptables NAT
  • Outputs client1.conf ready to import
🌐
caddy
root
Install Caddy web server. Automatic HTTPS — just point a domain and it works.
$curl -sL runsh.de/caddy.sh | bash
what it does
  • Adds official Caddy apt repository
  • Installs caddy, enables service
  • Writes minimal Caddyfile with gzip
  • UFW allow 80 + 443
🔀
frp
root
Fast reverse proxy for intranet penetration. Run as server or client.
$FRP_MODE=server curl -sL runsh.de/frp.sh | bash
client: FRP_MODE=client FRP_SERVER=ip FRP_TOKEN=secret
what it does
  • Downloads frp binary from GitHub releases
  • Server: writes frps.toml, creates systemd service
  • Client: writes frpc.toml with SSH proxy, creates systemd service
  • Auto-generates token if not provided
// runtime
🐳
docker
root
Install Docker Engine + Compose plugin from official repo.
$curl -sL runsh.de/docker.sh | bash
what it does
  • Removes old docker.io packages
  • Adds official Docker GPG key + apt repo
  • Installs docker-ce, cli, containerd, buildx, compose
  • Adds current user to docker group
node
Install Node.js via nvm. Defaults to LTS v22.
$curl -sL runsh.de/node.sh | bash
version: NODE_VERSION=20
what it does
  • Installs nvm via official script
  • Adds nvm init to .bashrc and .zshrc
  • nvm install + nvm alias default
🐍
python
Install Python via pyenv. Defaults to 3.13.
$curl -sL runsh.de/python.sh | bash
version: PYTHON_VERSION=3.12
what it does
  • Installs build dependencies
  • Installs pyenv via pyenv.run
  • Adds pyenv init to .bashrc and .zshrc
  • pyenv install + pyenv global + pip upgrade
🐹
go
Install latest Go from go.dev. Adds to PATH automatically.
$curl -sL runsh.de/go.sh | bash
version: GO_VERSION=1.23
what it does
  • Fetches latest version from go.dev (or uses GO_VERSION)
  • Downloads official tarball, extracts to /usr/local/go
  • Adds GOPATH + PATH to .bashrc and .zshrc
🦀
rust
Install Rust via rustup. Includes cargo, rustfmt, clippy.
$curl -sL runsh.de/rust.sh | bash
what it does
  • apt install build-essential gcc
  • curl sh.rustup.rs | sh -y
  • Adds cargo/env to .bashrc and .zshrc
java
root
Install OpenJDK. Defaults to Java 21 LTS.
$curl -sL runsh.de/java.sh | bash
version: JAVA_VERSION=17
what it does
  • apt install openjdk-21-jdk
  • Sets JAVA_HOME in .bashrc/.zshrc
🐘
php
root
Install PHP 8.3 + FPM + common extensions + Composer.
$curl -sL runsh.de/php.sh | bash
version: PHP_VERSION=8.2
what it does
  • Adds ondrej/php PPA for latest versions
  • Installs php-fpm, curl, mbstring, xml, zip, gd, mysql, pgsql, redis, opcache
  • Installs Composer globally
🐚
zsh
Install zsh + oh-my-zsh with autosuggestions and syntax highlighting.
$curl -sL runsh.de/zsh.sh | bash
what it does
  • apt install zsh
  • Installs oh-my-zsh (RUNZSH=no)
  • Clones autosuggestions + syntax-highlighting
  • Sets zsh as default shell via chsh
🌐
nginx
root
Install Nginx with gzip enabled, worker count tuned to CPU cores.
$curl -sL runsh.de/nginx.sh | bash
what it does
  • apt install nginx, enable + start
  • worker_processes = nproc
  • gzip on for text/css/js/json/svg
  • server_tokens off
  • UFW allow 'Nginx Full'
🔐
cert
root
Free SSL cert via acme.sh (Let's Encrypt). Auto-configures Nginx with HTTPS redirect.
$DOMAIN=example.com EMAIL=x@x.com curl -sL runsh.de/cert.sh | bash
what it does
  • Installs acme.sh
  • Issues cert (webroot or standalone mode)
  • Installs to /etc/ssl/<domain>/
  • Creates Nginx HTTP→HTTPS config
  • Auto-renewal via cron
// databases
🐘
postgres
root
Install PostgreSQL 17 from official repo. Creates user and database.
$curl -sL runsh.de/postgres.sh | bash
PG_VERSION=16 PG_USER=myuser PG_PASS=secret PG_DB=mydb
what it does
  • Adds official PostgreSQL apt repo
  • Installs postgresql-17
  • Creates user (default: dbuser) with random password
  • Creates database, grants all privileges
  • Prints connection info
🐬
mysql
root
Install MySQL (or MariaDB). Secures installation, creates user and database.
$curl -sL runsh.de/mysql.sh | bash
MariaDB: USE_MARIADB=1  |  DB_USER DB_PASS DB_NAME
what it does
  • apt install mysql-server (or mariadb-server)
  • Secures: removes test db, anonymous users
  • Sets root password
  • Creates user + database
redis
root
Install Redis, bind to localhost, LRU eviction policy. Optional password.
$curl -sL runsh.de/redis.sh | bash
with password: REDIS_PASSWORD=secret
what it does
  • apt install redis-server
  • Bind to 127.0.0.1 only
  • supervised=systemd, maxmemory-policy=allkeys-lru
  • Optional requirepass
  • Verifies with redis-cli ping
🍃
mongodb
root
Install MongoDB 8.0 from official repo. Creates user and database.
$curl -sL runsh.de/mongodb.sh | bash
MONGO_VERSION=7.0 MONGO_USER=myuser MONGO_DB=mydb
what it does
  • Adds official MongoDB apt repo
  • Installs mongodb-org
  • Creates user with readWrite role
  • Prints connection string
// monitoring
📡
netdata
root
Real-time server monitoring dashboard. 1000s of metrics out of the box.
$curl -sL runsh.de/netdata.sh | bash
what it does
  • Installs via official kickstart.sh
  • Enables netdata service
  • Opens port 19999 in UFW
  • Dashboard at :19999
⚠ Consider blocking port 19999 publicly and using SSH tunnel instead.
🔭
nezha
dockerroot
哪吒监控 — lightweight server monitor popular in CN community. Dashboard or agent mode.
$curl -sL runsh.de/nezha.sh | bash
agent: NZ_SERVER=ip:5555 NZ_KEY=yourkey
what it does
  • No args: deploys Dashboard via Docker Compose (:8008)
  • With NZ_SERVER+NZ_KEY: installs agent
  • Agent connects to your dashboard automatically
💚
uptime-kuma
docker
Self-hosted uptime monitor with status pages, alerts for HTTP/TCP/ping targets.
$curl -sL runsh.de/uptime-kuma.sh | bash
custom port: PORT=3001
what it does
  • docker run louislam/uptime-kuma
  • Persists data in Docker volume
  • Opens port in UFW
  • First visit: create admin account
// apps
🐋
portainer
docker
Docker GUI — manage containers, images, volumes and networks visually.
$curl -sL runsh.de/portainer.sh | bash
custom port: PORT=9000
what it does
  • docker run portainer/portainer-ce
  • Mounts /var/run/docker.sock
  • Persists data in Docker volume
  • First visit: create admin (5min window)
🍵
gitea
docker
Self-hosted Git service. Lightweight GitHub alternative with web UI and SSH.
$curl -sL runsh.de/gitea.sh | bash
GITEA_PORT=3000 GITEA_SSH_PORT=2222
what it does
  • Creates docker-compose.yml in /opt/gitea
  • docker compose up -d gitea/gitea:latest
  • Web UI on :3000, SSH on :2222
  • First visit: installation wizard
no scripts found for ""