I expected something different.

harden

@@ -231,10 +231,14 @@ function firewallInit {
             sudo ufw default allow outgoing # Allow outgoing connections
             sudo ufw default deny incoming  # Deny incoming connections
             sudo ufw allow 22100/tcp        # Allow ssh connections on port 22100
+            sudo ufw allow 8000/tcp         # Allow portainer connections on port 8000
+            sudo ufw allow 9443/tcp         # Allow portainer connections on port 9443
         ;;
         firewalld)
             sudo systemctl enable firewalld # Enable the firewall on boot
             sudo firewall-cmd --permanent --add-port=22100/tcp # Allow ssh connections on port 22100
+            sudo firewall-cmd --permanent --add-port=8000/tcp # Allow portainer connections on port 8000
+            sudo firewall-cmd --permanent --add-port=9443/tcp # Allow portainer connections on port 9443
         ;;
         *)
             printf "%s" "Unsupported firewall"
@@ -332,13 +336,10 @@ EOF
         done
     fi
     # Portainer is a docker image that provides a web interface for docker
-    # which will be installed and run on port 9000 by default to make it easier to manage docker
+    # which will be installed and run on port 9443 by default to make it easier to manage docker
-    # CMD1="docker volume create portainer_data # Create a docker volume for portainer"
+    # url to follow after the installation is complete: https://vps_ip:9443
-    # CMD2="docker run -d -p 9000:9000 --name=portainer --restart=unless-stopped -v /home/secdep/.docker/run/docker.sock:/home/secdep/.docker/run/docker.sock -v portainer_data:/data portainer/portainer-ce"
+    # the https:// part is important as portainer will not work without it
-    # CMD2="docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /$XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock -v ~/.local/share/docker/volumes:/var/lib/docker/volumes -v portainer_data:/data portainer/portainer-ce"
+    sudo -E runuser - secdep -c 'docker run -d -p 8000:8000 -p 9443:9443 --name=portainer --restart=always -v /run/user/$UID/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce'
-    # sudo -u secdep bash -c "$CMD1" # Create a docker volume for portainer
-    # sudo -u secdep bash -c "$CMD2" # Run portainer
-    # sudo machinectl shell secdep@ /bin/bash -c "docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /$XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock -v ~/.local/share/docker/volumes:/var/lib/docker/volumes -v portainer_data:/data portainer/portainer-ce"
     # Check if the dockerImages array is empty and return 0 if it is
     [[ "${#dockerImages[@]}" -eq 0 ]] && return 0
     # Loop through the dockerImages array
@@ -375,7 +376,7 @@ EOF
 # }
 
 # Fix banaction ufw with iptables
-# Does not always persist after reboot
+# Does not always persist after reboot.
 function configureFail2ban {
 FAIL2BAN_LOCAL=$(cat <<'EOF'
 [Definition]
@@ -471,8 +472,9 @@ EOF
     sudo at now + 1 minute <<< "bash /root/delete_users.sh"
 }
 
-# The main function will call the check_dependencies function and exit if it fails.
+# The main function will call the declared functions in order and exit if any of them fails.
-# It will also output a message to the user to let them know that the script has finished.
+# It will also pass any arguments passed to the script to the dockerInit function.
+# Then it will output a message to the user and reboot the system in 2 minutes.
 function main {
     printf "%s" "$SCRIPT_NAME script started"
 	check_dependencies || exit 1                    # Check dependencies and exit if it fails
@@ -492,7 +494,8 @@ function main {
     deleteRemainingUsers || exit 1
 	printf "%s" "$SCRIPT_NAME script finished"      # Output message to the user
 	printf "%s" "System will reboot momentarily"    # Output message to the user
-    sudo at now + 2 minute <<< "reboot"
+    # Reboot the system in 2 minutes
+    sudo shutdown -r +2
 }
 
 # Call the main function