This is a menu-driven server utility script for Ubuntu and other Debian-based systems. It helps automate common setup tasks without forcing one fixed stack. You choose what to install or configure: essential tools, Nginx, PHP, MySQL, NVM, SSH hardening, Fail2ban, static IP profiles, and more.
Ubuntu is the primary target environment. Other Debian derivatives should work, but some minimal images, SBC images, and custom kernels may need extra care. If you encounter an issue, open an issue and include your OS, kernel version, and the menu option that failed.
-
Download the script:
wget https://raw.githubusercontent.com/Decaded/install-script/main/install.sh
-
Make it executable:
sudo chmod +x install.sh
-
Run it:
./install.sh
The script requires sudo privileges and checks for them on startup. A menu will appear with the available actions.
- Install selected essential apps
- Install a web server stack
- Install Node Version Manager (NVM)
- Enable passwordless sudo
- Configure SSH key-only authentication
- Configure a static IP address
- Configure Fail2ban
- Revert static IP configuration to DHCP
- Check for script updates
- Restore SSH configuration when a backup exists
Install any combination of common utilities from a checklist:
- htop and btop - process viewers
- screen and tmux - terminal multiplexers
- nload - network traffic monitor
- nano and Neovim - text editors
- firewalld - firewall management
- fail2ban - intrusion prevention
- git - version control
- unattended-upgrades - automatic security updates
- Pi-hole - ad blocker and optional DHCP server
When selected, some tools offer follow-up configuration. Firewalld asks for the current SSH port, opens that port, and checks for working netfilter/nftables support before trying to start
the service. Fail2ban can use the default setup or a custom jail.local URL. Git can configure global name, email, and default branch.
Switch to key-only SSH authentication. The script:
- Disables password-based logins
- Enables public key authentication
- Adds the provided public key to
~/.ssh/authorized_keys - Creates a backup of your SSH config
- Provides a restore option when a backup exists
Backup file location:
/etc/ssh/sshd_config_decoscript.backup.*The script keeps the five most recent SSH config backups.
Enables password-free sudo access if desired. If your system already uses this configuration, the script leaves it unchanged.
Choose one of three web server paths:
The web server setup can:
- Remove Apache2 if it is installed, to avoid port conflicts
- Enable and start Nginx
- Install common PHP/FPM packages and configure Nginx for PHP
- Create
/etc/nginx/certfor SSL certificates - Create a simple default page if the web root is empty
- Open HTTP and HTTPS ports when firewalld is available
Installs the latest NVM version and lets you choose a Node.js version to install:
- Lists recent remote Node.js versions
- Installs the version you enter
Configure a static IP address using Netplan.
Supports:
- IP address
- Subnet
- Gateway
- DNS servers
If Netplan is not present, the script installs netplan.io before writing the configuration. It also installs net-tools when needed to list network interfaces.
Before changing an existing Netplan file, the script creates a backup under:
/etc/netplan/backups_decoscript/A revert option is available from the main menu to switch an interface back to DHCP.
- Firewalld depends on working kernel netfilter/nftables support. On some minimal Armbian or SBC images, firewalld may not be usable until the kernel is updated and the system is rebooted.
- SSH and network changes can disconnect you from a remote server if incorrect values are entered. Keep another access path available when possible.
If you notice unexpected behavior or have a suggestion, open an issue.
Pull requests are welcome.
This project is available under the MIT License.
This script performs operations that modify system configuration. Use it responsibly, review options before applying them, and keep backups of important files.
This script comes as is, without any guarantees. It's your adventure, so be mindful.
