#!/usr/bin/env pwsh # LemonSec Setup Script # Run this script to initialize the security stack $ErrorActionPreference = "Stop" Write-Host "========================================" -ForegroundColor Cyan Write-Host " LemonSec Security Stack Setup" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan Write-Host "" # Check if running as administrator (not required for Docker Desktop) # if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { # Write-Warning "This script should be run as Administrator for some features." # } # Create necessary directories Write-Host "[1/7] Creating directories..." -ForegroundColor Green $dirs = @( "traefik/logs", "secrets", "crowdsec-data", "uptime-kuma-data" ) foreach ($dir in $dirs) { if (!(Test-Path $dir)) { New-Item -ItemType Directory -Path $dir -Force | Out-Null } } # Generate secrets Write-Host "[2/7] Generating secrets..." -ForegroundColor Green function Generate-Secret { $bytes = New-Object byte[] 32 $rng = [System.Security.Cryptography.RandomNumberGenerator]::Create() $rng.GetBytes($bytes) return [BitConverter]::ToString($bytes).Replace("-", "").ToLower() } if (!(Test-Path "secrets/authelia_jwt_secret.txt")) { Generate-Secret | Set-Content -Path "secrets/authelia_jwt_secret.txt" -NoNewline Write-Host " ✓ Created authelia_jwt_secret.txt" -ForegroundColor Gray } if (!(Test-Path "secrets/authelia_session_secret.txt")) { Generate-Secret | Set-Content -Path "secrets/authelia_session_secret.txt" -NoNewline Write-Host " ✓ Created authelia_session_secret.txt" -ForegroundColor Gray } if (!(Test-Path "secrets/authelia_storage_key.txt")) { Generate-Secret | Set-Content -Path "secrets/authelia_storage_key.txt" -NoNewline Write-Host " ✓ Created authelia_storage_key.txt" -ForegroundColor Gray } # Set permissions (Windows doesn't have the same permission model, but we can set ACLs) Write-Host "[3/7] Setting permissions..." -ForegroundColor Green # Note: On Windows, Docker Desktop handles permissions differently # Check if .env exists Write-Host "[4/7] Checking configuration..." -ForegroundColor Green if (!(Test-Path ".env")) { Write-Host " ⚠ .env file not found!" -ForegroundColor Yellow Write-Host " Copy .env.example to .env and fill in your values:" -ForegroundColor Yellow Write-Host " cp .env.example .env" -ForegroundColor Yellow Write-Host " nano .env # or your preferred editor" -ForegroundColor Yellow exit 1 } # Pull images Write-Host "[5/7] Pulling Docker images..." -ForegroundColor Green docker-compose pull # Create external network if it doesn't exist Write-Host "[6/7] Setting up Docker networks..." -ForegroundColor Green $networks = docker network ls --format "{{.Name}}" if ($networks -notcontains "traefik-external") { docker network create traefik-external } Write-Host "[7/7] Setup complete!" -ForegroundColor Green Write-Host "" Write-Host "Next steps:" -ForegroundColor Cyan Write-Host " 1. Ensure .env is configured with your Cloudflare credentials" -ForegroundColor White Write-Host " 2. Update authelia/users_database.yml with your users" -ForegroundColor White Write-Host " 3. Start the stack: docker-compose up -d" -ForegroundColor White Write-Host " 4. Check logs: docker-compose logs -f traefik" -ForegroundColor White Write-Host " 5. Generate CrowdSec API key: docker-compose exec crowdsec cscli bouncers add traefik-bouncer" -ForegroundColor White Write-Host " 6. Add the key to .env and restart: docker-compose up -d" -ForegroundColor White Write-Host "" Write-Host "Access points:" -ForegroundColor Cyan Write-Host " - External: https://auth.lemonlink.eu (after DNS setup)" -ForegroundColor White Write-Host " - Internal: https://traefik.local.lemonlink.eu:8443 (via Tailscale)" -ForegroundColor White