2024-02-23 14:28:42 +01:00
|
|
|
#!/bin/bash
|
|
|
|
|
2024-02-23 15:46:03 +01:00
|
|
|
PURPLE='\033[35m'
|
2024-02-23 15:38:12 +01:00
|
|
|
BOLD='\033[1m'
|
|
|
|
RESET='\033[0m'
|
|
|
|
|
2024-02-23 20:04:32 +01:00
|
|
|
install_pkg() {
|
|
|
|
pkg="$1"
|
|
|
|
if ! command -v "$pkg" &> /dev/null; then
|
|
|
|
apt install -y "$pkg"
|
2024-02-23 20:15:32 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}${pkg} installed${RESET}"
|
2024-02-23 18:05:07 +01:00
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2024-02-23 20:04:32 +01:00
|
|
|
get_username() {
|
|
|
|
if [[ -z "$username" ]]; then
|
|
|
|
username=$(getent passwd 1000 | cut -d: -f1)
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}"
|
2024-02-23 14:28:42 +01:00
|
|
|
|
|
|
|
if [ "$EUID" -ne 0 ]; then
|
|
|
|
echo "Please run as root"
|
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
|
|
|
#
|
|
|
|
# USER
|
|
|
|
#
|
2024-02-23 20:15:32 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Create a user ? (y/N) ${RESET}"
|
2024-02-23 15:38:12 +01:00
|
|
|
read answer
|
2024-02-23 15:14:36 +01:00
|
|
|
if [[ "$answer" == "y" ]]; then
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Create user${RESET}"
|
2024-02-23 14:28:42 +01:00
|
|
|
|
2024-02-23 15:14:36 +01:00
|
|
|
read -p "Enter username: " username
|
2024-02-23 14:28:42 +01:00
|
|
|
|
2024-02-23 15:14:36 +01:00
|
|
|
if id "$username" &>/dev/null; then
|
|
|
|
echo "User '$username' already exists."
|
|
|
|
exit 1
|
|
|
|
fi
|
2024-02-23 14:28:42 +01:00
|
|
|
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}"
|
2024-02-23 15:14:36 +01:00
|
|
|
read -s -p "Enter password: " password
|
|
|
|
echo
|
|
|
|
useradd -m "$username"
|
|
|
|
chsh -s /bin/bash $username
|
|
|
|
echo "$username:$password" | chpasswd
|
2024-02-23 14:28:42 +01:00
|
|
|
|
2024-02-23 15:14:36 +01:00
|
|
|
usermod -aG sudo $username
|
2024-02-23 14:28:42 +01:00
|
|
|
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}User '$username' created with password successfully.${RESET}"
|
2024-02-23 15:14:36 +01:00
|
|
|
fi
|
2024-02-23 14:28:42 +01:00
|
|
|
|
|
|
|
#
|
|
|
|
# SSH
|
|
|
|
#
|
2024-02-23 20:15:32 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Setup SSH ? (y/N) ${RESET}"
|
2024-02-23 15:38:12 +01:00
|
|
|
read answer
|
2024-02-23 15:14:36 +01:00
|
|
|
if [[ "$answer" == "y" ]]; then
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Setup SSH${RESET}"
|
2024-02-23 15:14:36 +01:00
|
|
|
|
|
|
|
touch /etc/ssh/sshd_config.d/custom.conf
|
|
|
|
echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf
|
|
|
|
echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config.d/custom.conf
|
|
|
|
systemctl reload ssh
|
|
|
|
fi
|
2024-02-23 15:01:45 +01:00
|
|
|
|
|
|
|
#
|
|
|
|
# FIREWALL AND FAIL2BAN
|
|
|
|
#
|
2024-02-23 20:15:32 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban ? (y/N) ${RESET}"
|
2024-02-23 15:38:12 +01:00
|
|
|
read answer
|
2024-02-23 15:14:36 +01:00
|
|
|
if [[ "$answer" == "y" ]]; then
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban${RESET}"
|
2024-02-23 15:14:36 +01:00
|
|
|
apt install -y ufw fail2ban
|
|
|
|
systemctl enable fail2ban
|
|
|
|
ufw allow ssh
|
|
|
|
ufw allow http
|
|
|
|
ufw allow https
|
|
|
|
fi
|
2024-02-23 15:01:45 +01:00
|
|
|
|
|
|
|
#
|
|
|
|
# TODO : ZABBIX AND URBACKUP
|
|
|
|
#
|
|
|
|
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}TODO : Zabbix and Urbackup${RESET}"
|
2024-02-23 15:01:45 +01:00
|
|
|
|
|
|
|
#
|
|
|
|
# CADDY
|
|
|
|
#
|
2024-02-23 20:15:32 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Install Caddy webserver ? (y/N) ${RESET}"
|
2024-02-23 15:38:12 +01:00
|
|
|
read answer
|
2024-02-23 15:14:36 +01:00
|
|
|
if [[ "$answer" == "y" ]]; then
|
2024-02-23 15:46:03 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Install Caddy Webserver${RESET}"
|
2024-02-23 15:14:36 +01:00
|
|
|
apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
|
|
|
|
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
|
|
|
|
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
|
|
|
|
apt update
|
|
|
|
apt install -y caddy
|
2024-02-23 15:38:12 +01:00
|
|
|
fi
|
|
|
|
|
2024-02-23 15:46:03 +01:00
|
|
|
#
|
|
|
|
# MARIADB
|
|
|
|
#
|
|
|
|
|
2024-02-23 20:15:32 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Install MariaDB ? (y/N) ${RESET}"
|
2024-02-23 15:46:03 +01:00
|
|
|
read answer
|
|
|
|
if [[ "$answer" == "y" ]]; then
|
|
|
|
apt install -y mariadb-server
|
|
|
|
echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}"
|
|
|
|
echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}"
|
|
|
|
read -s db_root_password
|
|
|
|
echo
|
2024-02-23 20:04:32 +01:00
|
|
|
install_pkg expect
|
2024-02-23 16:21:55 +01:00
|
|
|
SECURE_MYSQL=$(expect -c "
|
|
|
|
set timeout 3
|
|
|
|
spawn mysql_secure_installation
|
|
|
|
expect \"Enter current password for root (enter for none):\"
|
|
|
|
send \"\r\"
|
2024-02-23 16:34:56 +01:00
|
|
|
expect \"Switch to unix_socket authentication \\[Y/n\\]\"
|
2024-02-23 16:30:50 +01:00
|
|
|
send \"n\r\"
|
2024-02-23 16:34:56 +01:00
|
|
|
expect \"Change the root password? \\[Y/n\\]\"
|
2024-02-23 16:21:55 +01:00
|
|
|
send \"y\r\"
|
|
|
|
expect \"New password:\"
|
2024-02-23 17:07:19 +01:00
|
|
|
send \"$db_root_password\r\"
|
2024-02-23 16:21:55 +01:00
|
|
|
expect \"Re-enter new password:\"
|
2024-02-23 17:07:19 +01:00
|
|
|
send \"$db_root_password\r\"
|
2024-02-23 16:21:55 +01:00
|
|
|
expect \"Remove anonymous users?\"
|
|
|
|
send \"y\r\"
|
|
|
|
expect \"Disallow root login remotely?\"
|
|
|
|
send \"y\r\"
|
|
|
|
expect \"Remove test database and access to it?\"
|
|
|
|
send \"y\r\"
|
|
|
|
expect \"Reload privilege tables now?\"
|
|
|
|
send \"y\r\"
|
|
|
|
expect eof
|
|
|
|
")
|
|
|
|
echo "${SECURE_MYSQL}"
|
|
|
|
# https://gist.github.com/coderua/5592d95970038944d099
|
2024-02-23 15:46:03 +01:00
|
|
|
fi
|
|
|
|
|
2024-02-23 17:07:19 +01:00
|
|
|
#
|
|
|
|
# DIRECTUS DB
|
|
|
|
#
|
|
|
|
|
2024-02-23 20:15:32 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Setup Directus database ? (y/N) ${RESET}"
|
2024-02-23 15:46:03 +01:00
|
|
|
read answer
|
|
|
|
if [[ "$answer" == "y" ]]; then
|
2024-02-23 17:07:19 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}"
|
|
|
|
echo -e "${PURPLE}${BOLD}Enter the MariaDB Directus password : ${RESET}"
|
|
|
|
read -s db_directus_password
|
|
|
|
echo
|
2024-02-23 18:05:07 +01:00
|
|
|
if [[ -z "$db_root_password" ]]; then
|
|
|
|
echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}"
|
|
|
|
read -s db_root_password
|
|
|
|
echo
|
|
|
|
fi
|
2024-02-23 20:04:32 +01:00
|
|
|
install_pkg expect
|
2024-02-23 18:10:27 +01:00
|
|
|
CREATE_DIRECTUS_DB=$(expect -c "
|
2024-02-23 18:28:14 +01:00
|
|
|
spawn mariadb -u root -p
|
2024-02-23 18:10:27 +01:00
|
|
|
expect \"Enter password:\"
|
|
|
|
send \"$db_root_password\r\"
|
2024-02-23 18:26:16 +01:00
|
|
|
expect \"mysql>\"
|
|
|
|
send \"CREATE USER 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r\"
|
|
|
|
send \"CREATE DATABASE directus;\r\"
|
|
|
|
send \"GRANT ALL PRIVILEGES ON directus.* TO 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r\"
|
|
|
|
send \"FLUSH PRIVILEGES;\r\"
|
|
|
|
expect \"mysql>\"
|
|
|
|
send \"quit;\r\"
|
|
|
|
expect eof
|
2024-02-23 18:10:27 +01:00
|
|
|
")
|
2024-02-23 18:40:03 +01:00
|
|
|
echo "${CREATE_DIRECTUS_DB}" >& /dev/null
|
|
|
|
echo -e "${PURPLE}${BOLD}Directus database created${RESET}"
|
|
|
|
fi
|
|
|
|
|
2024-02-23 20:04:32 +01:00
|
|
|
#
|
|
|
|
# NODE
|
|
|
|
#
|
|
|
|
|
2024-02-23 20:15:32 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Install Node ? (y/N) ${RESET}"
|
2024-02-23 18:40:03 +01:00
|
|
|
read answer
|
|
|
|
if [[ "$answer" == "y" ]]; then
|
2024-02-23 20:04:32 +01:00
|
|
|
get_username
|
2024-02-23 19:09:09 +01:00
|
|
|
su -c 'curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash &&\
|
2024-02-23 19:19:36 +01:00
|
|
|
export NVM_DIR="$HOME/.nvm" &&\
|
2024-02-23 19:09:09 +01:00
|
|
|
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" &&\
|
|
|
|
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" &&\
|
2024-02-23 21:36:05 +01:00
|
|
|
nvm install v18' $username
|
|
|
|
ln -sf /home/$username/.nvm/versions/node/v18.19.1/bin/node /usr/bin/node
|
|
|
|
ln -sf /home/$username/.nvm/versions/node/v18.19.1/bin/npm /usr/bin/npm
|
2024-02-23 21:28:20 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Node installed${RESET}";
|
2024-02-23 18:05:07 +01:00
|
|
|
fi
|
|
|
|
|
2024-02-23 20:04:32 +01:00
|
|
|
#
|
|
|
|
# SET THE URL
|
|
|
|
#
|
|
|
|
|
|
|
|
echo -e "${PURPLE}${BOLD}Enter the domain name of the website${RESET}"
|
|
|
|
read domain_name
|
2024-02-23 20:06:37 +01:00
|
|
|
ip=$(hostname -I)
|
2024-02-23 20:04:32 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Configure the ${domain_name} DNS ZONE as the following${RESET}"
|
|
|
|
echo -e "${PURPLE}Domain : ${domain_name} | Type : A | Target : ${ip}${RESET}"
|
|
|
|
echo -e "${PURPLE}Domain : cms.${domain_name} | Type : A | Target : ${ip}${RESET}"
|
|
|
|
echo -e "${PURPLE}Domain : www.${domain_name} | Type : A | Target : ${ip}${RESET}"
|
|
|
|
echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
|
|
|
|
read
|
2024-02-23 18:05:07 +01:00
|
|
|
|
2024-02-23 20:04:32 +01:00
|
|
|
#
|
|
|
|
# DIRECTUS
|
|
|
|
#
|
|
|
|
|
2024-02-23 20:15:32 +01:00
|
|
|
echo -e "${PURPLE}${BOLD}Install Directus ? (y/N) ${RESET}"
|
2024-02-23 20:04:32 +01:00
|
|
|
read answer
|
|
|
|
if [[ "$answer" == "y" ]]; then
|
2024-02-23 20:15:32 +01:00
|
|
|
install_pkg tmux
|
|
|
|
get_username
|
2024-02-23 22:32:51 +01:00
|
|
|
|
|
|
|
if [[ -z "$db_directus_password" ]]; then
|
|
|
|
echo -e "${PURPLE}${BOLD}Enter the MariaDB Directus password : ${RESET}"
|
|
|
|
read -s db_directus_password
|
|
|
|
echo
|
|
|
|
fi
|
|
|
|
|
|
|
|
echo -e "${PURPLE}${BOLD}Generate and store the credentials somewhere safe${RESET}"
|
|
|
|
echo -e "${PURPLE}${BOLD}Enter the Directus admin email : ${RESET}"
|
|
|
|
read -s directus_admin_email
|
|
|
|
echo -e "${PURPLE}${BOLD}Enter the Directus admin password : ${RESET}"
|
|
|
|
read -s directus_admin_password
|
|
|
|
|
|
|
|
cms_folder="cms.${domain_name}"
|
|
|
|
env_file="${cms_folder}/.env"
|
|
|
|
|
|
|
|
key=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
|
|
|
|
secret=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
|
|
|
|
|
2024-02-23 20:55:36 +01:00
|
|
|
su -c "cd &&\
|
2024-02-23 22:36:55 +01:00
|
|
|
mkdir ${cms_folder} &&\
|
|
|
|
mkdir ${cms_folder}/uploads &&\
|
|
|
|
echo \"HOST='${ip}'\" >> ${env_file} &&\
|
|
|
|
echo \"PUBLIC_URL='cms.${domain_name}'\" >> ${env_file} &&\
|
2024-02-23 22:32:51 +01:00
|
|
|
echo \"PORT=8055\" >> ${env_file} &&\
|
2024-02-23 22:36:55 +01:00
|
|
|
echo \"DB_CLIENT='mysql'\" >> ${env_file} &&\
|
|
|
|
echo \"DB_HOST='127.0.0.1'\" >> ${env_file} &&\
|
|
|
|
echo \"DB_PORT='3306'\" >> ${env_file} &&\
|
|
|
|
echo \"DB_DATABASE='directus'\" >> ${env_file} &&\
|
|
|
|
echo \"DB_USER='directus'\" >> ${env_file} &&\
|
|
|
|
echo \"DB_PASSWORD='${db_directus_password}'\" >> ${env_file} &&\
|
|
|
|
echo \"SECRET='${secret}'\" >> ${env_file} &&\
|
|
|
|
echo \"KEY='${key}'\" >> ${env_file} &&\
|
|
|
|
echo \"ADMIN_EMAIL='${directus_admin_email}'\" >> ${env_file} &&\
|
|
|
|
echo \"ADMIN_PASSWORD='${directus_admin_password}'\" >> ${env_file} &&\
|
2024-02-23 22:32:51 +01:00
|
|
|
npx directus bootstrap" $username
|
2024-02-23 20:04:32 +01:00
|
|
|
fi
|
2024-02-23 22:32:51 +01:00
|
|
|
|
2024-02-23 18:05:07 +01:00
|
|
|
# TODO REMOVE EXPECT IF IT IS INSTALLED
|