splitted vhost, added gitbarerepo creation

2018-04-07 12:27:55 +02:00 · 2018-04-07 12:27:55 +02:00 · 6e5433b041
commit 6e5433b041
parent e15e231cc5
10 changed files with 168 additions and 109 deletions
--- a/assets/deploy-drupal.sh
+++ b/assets/deploy-drupal.sh
@ -0,0 +1,25 @@
 #!/bin/bash
 echo "updating drupal 8"
 echo "Switching to project docroot."
 cd ./public_html
 echo ""
 echo "Pulling down latest code."
 git pull --ff-only origin prod
 echo ""
 echo "Clearing drush caches."
 drush cache-clear drush
 echo ""
 echo "Composer install."
 composer install --no-dev
 echo ""
 echo "Running database updates."
 drush updb -y
 echo ""
 echo "Importing configuration."
 drush config-import -y
 echo ""
 echo "Clearing caches."
 drush cr
 echo ""
 echo "Deployment complete."
--- a/assets/deploy-simple.sh
+++ b/assets/deploy-simple.sh
@ -0,0 +1,10 @@
 #!/bin/bash
 echo "updating"
 echo "Switching to project docroot."
 cd ./public_html
 echo ""
 echo "Pulling down latest code."
 git pull --ff-only origin prod
 echo ""
 echo "Deployment complete."
--- a/assets/git-post-reveive
+++ b/assets/git-post-reveive
@ -10,9 +10,11 @@ if [ $refname = "refs/heads/prod" ]; then
  unset GIT_DIR
  cd ~
  cd $PRODDIR
-  git pull --ff-only origin prod
+  # git pull --ff-only origin prod
  # run deploy script instead
  . deploy.sh
  echo $?
  echo "====== OK ====="
 else
  echo "Warning Commit not deployed, please use prod branch"
-fi
+fi
--- a/assets/git-pre-receive
+++ b/assets/git-pre-receive
@ -1,6 +1,7 @@
 #!/bin/bash
 #hook/pre-receive
 #CONFIG
 PRODDIR="www"
 read oldrev newrev refname
@ -14,4 +15,4 @@ if [ $refname = "refs/heads/prod" ]; then
  echo "====== OK ====="
 else
  echo "Warning Commit not deployed, please use prod branch"
-fi
+fi
--- a/assets/knockd.conf
+++ b/assets/knockd.conf
@ -4,6 +4,7 @@
 [SSH]
      sequence    = 7000,8000,9000
      seq_timeout = 5
      # TODO do not limit port 22 to the ip as it don't work with 4G connection 
      start_command = ufw allow from %IP% to any port 22
      tcpflags    = syn
      cmd_timeout   = 10
--- a/bin/gitbarrerepos.sh
+++ b/bin/gitbarrerepos.sh
@ -7,7 +7,7 @@ _cwd="$(pwd)"
 while [ "$_bare_name" = "" ]
 do
-read -p "enter the bare repos folder name ? " _host_name
+read -p "enter the bare repos folder name ? " _bare_name
 if [ "$_bare_name" != "" ]; then
  read -p "is bare folder name $_bare_name correcte [y|n] " validated
  if [ "$validated" = "y" ]; then
@ -18,11 +18,11 @@ if [ "$_bare_name" != "" ]; then
 fi
 done
 while [ "$_prod_folder_path" = "" ]
 do
-read -p "enter the prod folder path folder name ? " _host_name
+read -p "enter the prod folder path (must be a public_html parent's) ? " _prod_folder_path
-if [ "$_bare_name" != "" ]; then
+if [ "$_prod_folder_path" != "" ]; then
  # TODO check if path exists
  read -p "is prod folder path $_prod_folder_path correcte [y|n] " validated
  if [ "$validated" = "y" ]; then
    break
@ -32,14 +32,26 @@ if [ "$_bare_name" != "" ]; then
 fi
 done
 # ask for simple php conf or drupal conf
 while [ "$_drupal" != "yes" ] && [ "$_drupal" != "no" ]
 do
  echo -n "Is your site is a drupal one? [yes|no] "
  read _drupal
 done
 # setup bare repositorie to push to
 mkdir ~/git-repositories
 mkdir ~/git-repositories/"$_bare_name".git
 cd ~/git-repositories/"$_bare_name".git
 git init --bare
 # add deploy script
 if [ "$_drupal" = "yes" ]; then
  cp "$_cwd"/assets/deploy-drupal.sh "$_prod_folder_path"/deploy.sh
 else
  cp "$_cwd"/assets/deploy-simple.sh "$_prod_folder_path"/deploy.sh
 fi
 # setup git repo on site folder
 cd "$_prod_folder_path"
 git init
@ -51,14 +63,14 @@ cd ~
 cp "$_cwd"/assets/git-pre-receive /home/"$USER"/git-repositories/"$_bare_name".git/hooks/pre-receive
 cp "$_cwd"/assets/git-post-receive /home/"$USER"/git-repositories/"$_bare_name".git/hooks/post-receive
-sed -ir "s/PRODDIR=\"www\"/PRODDIR=\/srv\/www\/$_bare_name\/public_html/g" /home/"$USER"/git-repositories/"$_bare_name".git/hooks/pre-receive
+sed -ir "s/PRODDIR=\"www\"/PRODDIR=$_prod_folder_path/g" /home/"$USER"/git-repositories/"$_bare_name".git/hooks/pre-receive
-sed -ir "s/PRODDIR=\"www\"/PRODDIR=\/srv\/www\/$_bare_name\/public_html/g" /home/"$USER"/git-repositories/"$_bare_name".git/hooks/post-receive
+sed -ir "s/PRODDIR=\"www\"/PRODDIR=$_prod_folder_path/g" /home/"$USER"/git-repositories/"$_bare_name".git/hooks/post-receive
 cd /home/"$USER"/git-repositories/"$_bare_name".git/hooks/
 chmod +x post-receive pre-receive
 # done
 echo "git repos for $_bare_name install succeed"
-echo "your site stay now to /home/$USER/www/$_bare_name"
+echo "your site stay now to $_prod_folder_path"
 echo "you can push updates on prod branch through $USER@IP.IP.IP.IP:git-repositories/$_bare_name.git"
 echo "* * *"
--- a/bin/knockd.sh
+++ b/bin/knockd.sh
@ -25,7 +25,11 @@ echo -n "define a sequence number for opening ssh (as 7000,8000,9000) : "
 read sq
 sed -i "s/7000,8000,9000/$sq/g" /etc/knockd.conf
 sed -i 's/START_KNOCKD=0/START_KNOCKD=1/g' /etc/default/knockd
-/etc/init.d/knockd start
+# /etc/init.d/knockd start
 systemctl start knockd
 # patch https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868015
 # systemctl enable knockd
 echo "\033[92;1mknockd installed and configured\033[Om"
 echo "\033[92;1mplease note this sequence for future ssh knocking\033[Om"
 echo "$sq1"
--- a/bin/lemp.sh
+++ b/bin/lemp.sh
@ -154,103 +154,6 @@ chmod +x /usr/local/bin/drush
 echo "\033[92;1mDrush and DrupalConsoleinstalled\033[Om"
 echo '\033[35m
        __               __
 _   __/ /_  ____  _____/ /_
 | | / / __ \/ __ \/ ___/ __/
 | |/ / / / / /_/ (__  ) /_
 |___/_/ /_/\____/____/\__/
 \033[0m'
 echo "\033[35;1mVHOST install \033[0m"
 while [ "$vh" != "y" ] && [ "$vh" != "n" ]
 do
 echo -n "Should we install a vhost? [y|n] "
 read vh
 # vh=${vh:-y}
 done
 if [ "$vh" = "y" ]; then
  while [ "$_domain" = "" ]
  do
  read -p "enter a hostname ? " _domain
  if [ "$_domain" != "" ]; then
    read -p "is hostname $_domain correcte [y|n] " validated
    if [ "$validated" = "y" ]; then
      break
    else
      _domain=""
    fi
  fi
  done
  # ask for simple php conf or drupal conf
  while [ "$_drupal" != "yes" ] && [ "$_drupal" != "no" ]
  do
    echo -n "Is your site is a drupal one? [yes|no] "
    read _drupal
  done
  # ask for let's encrypt
  while [ "$_letsencrypt" != "yes" ] && [ "$_letsencrypt" != "no" ]
  do
    echo "Let's encrypt"
    echo "Let's encrypt needs a public registered domain name with proper DNS records ( A records or CNAME records for subdomains pointing to your server)."
    echo -n "Should we install let's encrypt certificate with $_domain? [yes|no] "
    read _letsencrypt
  done
  # lets'encrypt
  # https://certbot.eff.org/lets-encrypt/debianstretch-nginx
  if [ "$_letsencrypt" = "yes" ]; then
    apt-get install certbot
    certbot certonly --cert-name "$_domain" --standalone –d "$_domain"
    openssl dhparam –out /etc/nginx/dhparam.pem 2048
    # TODO renewing
    touch /var/spool/crontab/root
    crontab -l > mycron
    echo "0 3 * * * certbot renew --pre-hook 'systemctl stop nginx' --post-hook 'systemctl start nginx' --cert-name $_domain" >> mycron
    crontab mycron
    rm mycron
  fi
  if [ "$_drupal" = "yes" ]; then
    if [ "$_letsencrypt" = "yes" ]; then
      _conffile = "drupal-ssl.nginxconf"
    else
      _conffile = "drupal.nginxconf"
    fi
  else
    if [ "$_letsencrypt" = "yes" ]; then
      _conffile = "simple-phpfpm-ssl.nginxconf"
    else
      _conffile = "simple-phpfpm.nginxconf"
    fi
  fi
  cp "$_cwd"/assets/"$_conffile" /etc/nginx/sites-available/"$_domain".conf
  sed -ir "s/DOMAIN\.LTD/$_domain/g" /etc/nginx/sites-available/"$_domain".conf
  mkdir -p /var/www/"$_domain"/public_html
  mkdir /var/www/"$_domain"/logs
  #set proper right to user will handle the app
  chown -R root:admin  /var/www/"$_domain"/
  chmod -R g+w /var/www/"$_domain"/
  chmod -R g+r /var/www/"$_domain"/
  # create a shortcut to the site
  # TODO ask for $user name if not existing
  mkdir /home/"$user"/www/
  chown "$user":admin /home/"$user"/www/
  ln -s /var/www/"$_domain" /home/"$user"/www/"$_domain"
  # activate the vhost
  ln -s /etc/nginx/sites-available/"$_domain".conf /etc/nginx/sites-enabled/"$_domain".conf
  # restart nginx
  systemctl restart nginx
  echo "\033[92;1mvhost $_domain configured\033[Om"
 else
  echo "Vhost installation aborted"
 fi
 # TODO supervising
 # echo '\033[35m
--- a/bin/vhost.sh
+++ b/bin/vhost.sh
@ -0,0 +1,99 @@
 echo '\033[35m
        __               __
 _   __/ /_  ____  _____/ /_
 | | / / __ \/ __ \/ ___/ __/
 | |/ / / / / /_/ (__  ) /_
 |___/_/ /_/\____/____/\__/
 \033[0m'
 echo "\033[35;1mNginx VHOST install \033[0m"
 while [ "$vh" != "y" ] && [ "$vh" != "n" ]
 do
 echo -n "Should we install a vhost? [y|n] "
 read vh
 # vh=${vh:-y}
 done
 if [ "$vh" = "y" ]; then
  while [ "$_domain" = "" ]
  do
  read -p "enter a hostname ? " _domain
  if [ "$_domain" != "" ]; then
    read -p "is hostname $_domain correcte [y|n] " validated
    if [ "$validated" = "y" ]; then
      break
    else
      _domain=""
    fi
  fi
  done
  # ask for simple php conf or drupal conf
  while [ "$_drupal" != "yes" ] && [ "$_drupal" != "no" ]
  do
    echo -n "Is your site is a drupal one? [yes|no] "
    read _drupal
  done
  # ask for let's encrypt
  while [ "$_letsencrypt" != "yes" ] && [ "$_letsencrypt" != "no" ]
  do
    echo "Let's encrypt"
    echo "Let's encrypt needs a public registered domain name with proper DNS records ( A records or CNAME records for subdomains pointing to your server)."
    echo -n "Should we install let's encrypt certificate with $_domain? [yes|no] "
    read _letsencrypt
  done
  # lets'encrypt
  # https://certbot.eff.org/lets-encrypt/debianstretch-nginx
  if [ "$_letsencrypt" = "yes" ]; then
    apt-get install certbot
    certbot certonly --cert-name "$_domain" --standalone –d "$_domain"
    openssl dhparam –out /etc/nginx/dhparam.pem 2048
    # TODO renewing
    touch /var/spool/crontab/root
    crontab -l > mycron
    echo "0 3 * * * certbot renew --pre-hook 'systemctl stop nginx' --post-hook 'systemctl start nginx' --cert-name $_domain" >> mycron
    crontab mycron
    rm mycron
  fi
  if [ "$_drupal" = "yes" ]; then
    if [ "$_letsencrypt" = "yes" ]; then
      _conffile = "drupal-ssl.nginxconf"
    else
      _conffile = "drupal.nginxconf"
    fi
  else
    if [ "$_letsencrypt" = "yes" ]; then
      _conffile = "simple-phpfpm-ssl.nginxconf"
    else
      _conffile = "simple-phpfpm.nginxconf"
    fi
  fi
  cp "$_cwd"/assets/"$_conffile" /etc/nginx/sites-available/"$_domain".conf
  sed -ir "s/DOMAIN\.LTD/$_domain/g" /etc/nginx/sites-available/"$_domain".conf
  mkdir -p /var/www/"$_domain"/public_html
  mkdir /var/www/"$_domain"/logs
  #set proper right to user will handle the app
  chown -R root:admin  /var/www/"$_domain"/
  chmod -R g+w /var/www/"$_domain"/
  chmod -R g+r /var/www/"$_domain"/
  # create a shortcut to the site
  # TODO ask for $user name if not existing
  mkdir /home/"$user"/www/
  chown "$user":admin /home/"$user"/www/
  ln -s /var/www/"$_domain" /home/"$user"/www/"$_domain"
  # activate the vhost
  ln -s /etc/nginx/sites-available/"$_domain".conf /etc/nginx/sites-enabled/"$_domain".conf
  # restart nginx
  systemctl restart nginx
  echo "\033[92;1mvhost $_domain configured\033[Om"
 else
  echo "Vhost installation aborted"
 fi
--- a/install-debian-server.sh
+++ b/install-debian-server.sh
@ -72,6 +72,8 @@ else
  echo 'lemp server not installed'
 fi
 . bin/vhost.sh
 . bin/dotfiles.sh
 . bin/autoupdate.sh