diff --git a/assets/deploy-drupal.sh b/assets/deploy-drupal.sh new file mode 100755 index 0000000..4252a03 --- /dev/null +++ b/assets/deploy-drupal.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +echo "updating drupal 8" +echo "Switching to project docroot." +cd ./public_html +echo "" +echo "Pulling down latest code." +git pull --ff-only origin prod +echo "" +echo "Clearing drush caches." +drush cache-clear drush +echo "" +echo "Composer install." +composer install --no-dev +echo "" +echo "Running database updates." +drush updb -y +echo "" +echo "Importing configuration." +drush config-import -y +echo "" +echo "Clearing caches." +drush cr +echo "" +echo "Deployment complete." diff --git a/assets/deploy-simple.sh b/assets/deploy-simple.sh new file mode 100644 index 0000000..eea862e --- /dev/null +++ b/assets/deploy-simple.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +echo "updating" +echo "Switching to project docroot." +cd ./public_html +echo "" +echo "Pulling down latest code." +git pull --ff-only origin prod +echo "" +echo "Deployment complete." diff --git a/assets/git-post-reveive b/assets/git-post-reveive index 75cafc9..c68b0df 100644 --- a/assets/git-post-reveive +++ b/assets/git-post-reveive @@ -10,9 +10,11 @@ if [ $refname = "refs/heads/prod" ]; then unset GIT_DIR cd ~ cd $PRODDIR - git pull --ff-only origin prod + # git pull --ff-only origin prod + # run deploy script instead + . deploy.sh echo $? echo "====== OK =====" else echo "Warning Commit not deployed, please use prod branch" -fi \ No newline at end of file +fi diff --git a/assets/git-pre-receive b/assets/git-pre-receive index b378b39..9e0be09 100644 --- a/assets/git-pre-receive +++ b/assets/git-pre-receive @@ -1,6 +1,7 @@ #!/bin/bash #hook/pre-receive #CONFIG + PRODDIR="www" read oldrev newrev refname @@ -14,4 +15,4 @@ if [ $refname = "refs/heads/prod" ]; then echo "====== OK =====" else echo "Warning Commit not deployed, please use prod branch" -fi \ No newline at end of file +fi diff --git a/assets/knockd.conf b/assets/knockd.conf index 36f961a..5103028 100644 --- a/assets/knockd.conf +++ b/assets/knockd.conf @@ -4,6 +4,7 @@ [SSH] sequence = 7000,8000,9000 seq_timeout = 5 + # TODO do not limit port 22 to the ip as it don't work with 4G connection start_command = ufw allow from %IP% to any port 22 tcpflags = syn cmd_timeout = 10 diff --git a/bin/gitbarrerepos.sh b/bin/gitbarrerepos.sh index ae2467c..e5487d2 100755 --- a/bin/gitbarrerepos.sh +++ b/bin/gitbarrerepos.sh @@ -7,7 +7,7 @@ _cwd="$(pwd)" while [ "$_bare_name" = "" ] do -read -p "enter the bare repos folder name ? " _host_name +read -p "enter the bare repos folder name ? " _bare_name if [ "$_bare_name" != "" ]; then read -p "is bare folder name $_bare_name correcte [y|n] " validated if [ "$validated" = "y" ]; then @@ -18,11 +18,11 @@ if [ "$_bare_name" != "" ]; then fi done - while [ "$_prod_folder_path" = "" ] do -read -p "enter the prod folder path folder name ? " _host_name -if [ "$_bare_name" != "" ]; then +read -p "enter the prod folder path (must be a public_html parent's) ? " _prod_folder_path +if [ "$_prod_folder_path" != "" ]; then + # TODO check if path exists read -p "is prod folder path $_prod_folder_path correcte [y|n] " validated if [ "$validated" = "y" ]; then break @@ -32,14 +32,26 @@ if [ "$_bare_name" != "" ]; then fi done +# ask for simple php conf or drupal conf +while [ "$_drupal" != "yes" ] && [ "$_drupal" != "no" ] +do + echo -n "Is your site is a drupal one? [yes|no] " + read _drupal +done # setup bare repositorie to push to - mkdir ~/git-repositories mkdir ~/git-repositories/"$_bare_name".git cd ~/git-repositories/"$_bare_name".git git init --bare +# add deploy script +if [ "$_drupal" = "yes" ]; then + cp "$_cwd"/assets/deploy-drupal.sh "$_prod_folder_path"/deploy.sh +else + cp "$_cwd"/assets/deploy-simple.sh "$_prod_folder_path"/deploy.sh +fi + # setup git repo on site folder cd "$_prod_folder_path" git init @@ -51,14 +63,14 @@ cd ~ cp "$_cwd"/assets/git-pre-receive /home/"$USER"/git-repositories/"$_bare_name".git/hooks/pre-receive cp "$_cwd"/assets/git-post-receive /home/"$USER"/git-repositories/"$_bare_name".git/hooks/post-receive -sed -ir "s/PRODDIR=\"www\"/PRODDIR=\/srv\/www\/$_bare_name\/public_html/g" /home/"$USER"/git-repositories/"$_bare_name".git/hooks/pre-receive -sed -ir "s/PRODDIR=\"www\"/PRODDIR=\/srv\/www\/$_bare_name\/public_html/g" /home/"$USER"/git-repositories/"$_bare_name".git/hooks/post-receive +sed -ir "s/PRODDIR=\"www\"/PRODDIR=$_prod_folder_path/g" /home/"$USER"/git-repositories/"$_bare_name".git/hooks/pre-receive +sed -ir "s/PRODDIR=\"www\"/PRODDIR=$_prod_folder_path/g" /home/"$USER"/git-repositories/"$_bare_name".git/hooks/post-receive cd /home/"$USER"/git-repositories/"$_bare_name".git/hooks/ chmod +x post-receive pre-receive # done echo "git repos for $_bare_name install succeed" -echo "your site stay now to /home/$USER/www/$_bare_name" +echo "your site stay now to $_prod_folder_path" echo "you can push updates on prod branch through $USER@IP.IP.IP.IP:git-repositories/$_bare_name.git" echo "* * *" diff --git a/bin/knockd.sh b/bin/knockd.sh index fe2c698..f48ee73 100755 --- a/bin/knockd.sh +++ b/bin/knockd.sh @@ -25,7 +25,11 @@ echo -n "define a sequence number for opening ssh (as 7000,8000,9000) : " read sq sed -i "s/7000,8000,9000/$sq/g" /etc/knockd.conf sed -i 's/START_KNOCKD=0/START_KNOCKD=1/g' /etc/default/knockd -/etc/init.d/knockd start +# /etc/init.d/knockd start +systemctl start knockd +# patch https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868015 +# systemctl enable knockd + echo "\033[92;1mknockd installed and configured\033[Om" echo "\033[92;1mplease note this sequence for future ssh knocking\033[Om" echo "$sq1" diff --git a/bin/lemp.sh b/bin/lemp.sh index fd6490f..6197bff 100755 --- a/bin/lemp.sh +++ b/bin/lemp.sh @@ -154,103 +154,6 @@ chmod +x /usr/local/bin/drush echo "\033[92;1mDrush and DrupalConsoleinstalled\033[Om" -echo '\033[35m - __ __ - _ __/ /_ ____ _____/ /_ -| | / / __ \/ __ \/ ___/ __/ -| |/ / / / / /_/ (__ ) /_ -|___/_/ /_/\____/____/\__/ -\033[0m' -echo "\033[35;1mVHOST install \033[0m" -while [ "$vh" != "y" ] && [ "$vh" != "n" ] -do -echo -n "Should we install a vhost? [y|n] " -read vh -# vh=${vh:-y} -done -if [ "$vh" = "y" ]; then - - while [ "$_domain" = "" ] - do - read -p "enter a hostname ? " _domain - if [ "$_domain" != "" ]; then - read -p "is hostname $_domain correcte [y|n] " validated - if [ "$validated" = "y" ]; then - break - else - _domain="" - fi - fi - done - # ask for simple php conf or drupal conf - while [ "$_drupal" != "yes" ] && [ "$_drupal" != "no" ] - do - echo -n "Is your site is a drupal one? [yes|no] " - read _drupal - done - # ask for let's encrypt - while [ "$_letsencrypt" != "yes" ] && [ "$_letsencrypt" != "no" ] - do - echo "Let's encrypt" - echo "Let's encrypt needs a public registered domain name with proper DNS records ( A records or CNAME records for subdomains pointing to your server)." - echo -n "Should we install let's encrypt certificate with $_domain? [yes|no] " - read _letsencrypt - done - - # lets'encrypt - # https://certbot.eff.org/lets-encrypt/debianstretch-nginx - if [ "$_letsencrypt" = "yes" ]; then - apt-get install certbot - certbot certonly --cert-name "$_domain" --standalone –d "$_domain" - openssl dhparam –out /etc/nginx/dhparam.pem 2048 - # TODO renewing - touch /var/spool/crontab/root - crontab -l > mycron - echo "0 3 * * * certbot renew --pre-hook 'systemctl stop nginx' --post-hook 'systemctl start nginx' --cert-name $_domain" >> mycron - crontab mycron - rm mycron - fi - - if [ "$_drupal" = "yes" ]; then - if [ "$_letsencrypt" = "yes" ]; then - _conffile = "drupal-ssl.nginxconf" - else - _conffile = "drupal.nginxconf" - fi - else - if [ "$_letsencrypt" = "yes" ]; then - _conffile = "simple-phpfpm-ssl.nginxconf" - else - _conffile = "simple-phpfpm.nginxconf" - fi - fi - - cp "$_cwd"/assets/"$_conffile" /etc/nginx/sites-available/"$_domain".conf - sed -ir "s/DOMAIN\.LTD/$_domain/g" /etc/nginx/sites-available/"$_domain".conf - - mkdir -p /var/www/"$_domain"/public_html - mkdir /var/www/"$_domain"/logs - #set proper right to user will handle the app - chown -R root:admin /var/www/"$_domain"/ - chmod -R g+w /var/www/"$_domain"/ - chmod -R g+r /var/www/"$_domain"/ - - # create a shortcut to the site - # TODO ask for $user name if not existing - mkdir /home/"$user"/www/ - chown "$user":admin /home/"$user"/www/ - ln -s /var/www/"$_domain" /home/"$user"/www/"$_domain" - - # activate the vhost - ln -s /etc/nginx/sites-available/"$_domain".conf /etc/nginx/sites-enabled/"$_domain".conf - - # restart nginx - systemctl restart nginx - echo "\033[92;1mvhost $_domain configured\033[Om" -else - echo "Vhost installation aborted" -fi - # TODO supervising # echo '\033[35m diff --git a/bin/vhost.sh b/bin/vhost.sh new file mode 100644 index 0000000..d51de8a --- /dev/null +++ b/bin/vhost.sh @@ -0,0 +1,99 @@ + +echo '\033[35m + __ __ + _ __/ /_ ____ _____/ /_ +| | / / __ \/ __ \/ ___/ __/ +| |/ / / / / /_/ (__ ) /_ +|___/_/ /_/\____/____/\__/ +\033[0m' +echo "\033[35;1mNginx VHOST install \033[0m" +while [ "$vh" != "y" ] && [ "$vh" != "n" ] +do +echo -n "Should we install a vhost? [y|n] " +read vh +# vh=${vh:-y} +done +if [ "$vh" = "y" ]; then + + while [ "$_domain" = "" ] + do + read -p "enter a hostname ? " _domain + if [ "$_domain" != "" ]; then + read -p "is hostname $_domain correcte [y|n] " validated + if [ "$validated" = "y" ]; then + break + else + _domain="" + fi + fi + done + + # ask for simple php conf or drupal conf + while [ "$_drupal" != "yes" ] && [ "$_drupal" != "no" ] + do + echo -n "Is your site is a drupal one? [yes|no] " + read _drupal + done + + # ask for let's encrypt + while [ "$_letsencrypt" != "yes" ] && [ "$_letsencrypt" != "no" ] + do + echo "Let's encrypt" + echo "Let's encrypt needs a public registered domain name with proper DNS records ( A records or CNAME records for subdomains pointing to your server)." + echo -n "Should we install let's encrypt certificate with $_domain? [yes|no] " + read _letsencrypt + done + + # lets'encrypt + # https://certbot.eff.org/lets-encrypt/debianstretch-nginx + if [ "$_letsencrypt" = "yes" ]; then + apt-get install certbot + certbot certonly --cert-name "$_domain" --standalone –d "$_domain" + openssl dhparam –out /etc/nginx/dhparam.pem 2048 + # TODO renewing + touch /var/spool/crontab/root + crontab -l > mycron + echo "0 3 * * * certbot renew --pre-hook 'systemctl stop nginx' --post-hook 'systemctl start nginx' --cert-name $_domain" >> mycron + crontab mycron + rm mycron + fi + + if [ "$_drupal" = "yes" ]; then + if [ "$_letsencrypt" = "yes" ]; then + _conffile = "drupal-ssl.nginxconf" + else + _conffile = "drupal.nginxconf" + fi + else + if [ "$_letsencrypt" = "yes" ]; then + _conffile = "simple-phpfpm-ssl.nginxconf" + else + _conffile = "simple-phpfpm.nginxconf" + fi + fi + + cp "$_cwd"/assets/"$_conffile" /etc/nginx/sites-available/"$_domain".conf + sed -ir "s/DOMAIN\.LTD/$_domain/g" /etc/nginx/sites-available/"$_domain".conf + + mkdir -p /var/www/"$_domain"/public_html + mkdir /var/www/"$_domain"/logs + #set proper right to user will handle the app + chown -R root:admin /var/www/"$_domain"/ + chmod -R g+w /var/www/"$_domain"/ + chmod -R g+r /var/www/"$_domain"/ + + # create a shortcut to the site + # TODO ask for $user name if not existing + mkdir /home/"$user"/www/ + chown "$user":admin /home/"$user"/www/ + ln -s /var/www/"$_domain" /home/"$user"/www/"$_domain" + + # activate the vhost + ln -s /etc/nginx/sites-available/"$_domain".conf /etc/nginx/sites-enabled/"$_domain".conf + + # restart nginx + systemctl restart nginx + echo "\033[92;1mvhost $_domain configured\033[Om" +else + echo "Vhost installation aborted" +fi diff --git a/install-debian-server.sh b/install-debian-server.sh index 7c3195c..3821d94 100755 --- a/install-debian-server.sh +++ b/install-debian-server.sh @@ -72,6 +72,8 @@ else echo 'lemp server not installed' fi +. bin/vhost.sh + . bin/dotfiles.sh . bin/autoupdate.sh