deployment-dcdn/install.sh

487 lines
17 KiB
Bash
Raw Normal View History

2024-02-23 14:28:42 +01:00
#!/bin/bash
2024-02-23 15:46:03 +01:00
PURPLE='\033[35m'
2024-02-25 00:38:41 +01:00
ORANGE='\033[33m'
2024-02-25 19:17:44 +01:00
BLUE='\033[34m'
2024-02-23 15:38:12 +01:00
BOLD='\033[1m'
RESET='\033[0m'
2024-02-23 20:04:32 +01:00
install_pkg() {
pkg="$1"
if ! command -v "$pkg" &> /dev/null; then
apt install -y "$pkg"
2024-02-23 20:15:32 +01:00
echo -e "${PURPLE}${BOLD}${pkg} installed${RESET}"
2024-02-23 18:05:07 +01:00
fi
}
2024-02-23 20:04:32 +01:00
get_username() {
if [[ -z "$username" ]]; then
username=$(getent passwd 1001 | cut -d: -f1)
2024-02-23 20:04:32 +01:00
fi
}
2024-02-25 01:55:30 +01:00
get_ip() {
if [[ -z "$ip" ]]; then
ip=$(hostname -I | cut -d' ' -f1)
2024-02-25 01:55:30 +01:00
fi
}
2024-04-17 16:48:16 +02:00
get_ssh_port() {
if [[ -z "$ssh_port" ]]; then
ssh_port=$(cat /etc/ssh/sshd_config.d/custom.conf | grep "Port " | sed 's/^Port //')
fi
}
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}"
2024-02-23 14:28:42 +01:00
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit
fi
2024-02-25 22:18:51 +01:00
apt install -y php php-fpm
2024-02-25 22:59:12 +01:00
systemctl disable --now apache2
2024-02-25 22:18:51 +01:00
2024-02-23 14:28:42 +01:00
#
# USER
#
2024-02-23 20:15:32 +01:00
echo -e "${PURPLE}${BOLD}Create a user ? (y/N) ${RESET}"
2024-02-23 15:38:12 +01:00
read answer
2024-02-23 15:14:36 +01:00
if [[ "$answer" == "y" ]]; then
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}Create user${RESET}"
2024-02-23 14:28:42 +01:00
2024-02-23 15:14:36 +01:00
read -p "Enter username: " username
2024-02-23 14:28:42 +01:00
2024-02-23 15:14:36 +01:00
if id "$username" &>/dev/null; then
echo "User '$username' already exists."
exit 1
fi
2024-02-23 14:28:42 +01:00
2024-02-25 00:38:41 +01:00
echo -e "${ORANGE}${BOLD}Generate and store the password somewhere safe${RESET}"
2024-02-23 15:14:36 +01:00
read -s -p "Enter password: " password
echo
useradd -m "$username"
chsh -s /bin/bash $username
echo "$username:$password" | chpasswd
2024-02-23 14:28:42 +01:00
2024-02-23 15:14:36 +01:00
usermod -aG sudo $username
2024-02-23 14:28:42 +01:00
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}User '$username' created with password successfully.${RESET}"
2024-02-23 15:14:36 +01:00
fi
2024-02-23 14:28:42 +01:00
#
# SSH
#
2024-02-23 20:15:32 +01:00
echo -e "${PURPLE}${BOLD}Setup SSH ? (y/N) ${RESET}"
2024-02-23 15:38:12 +01:00
read answer
2024-02-23 15:14:36 +01:00
if [[ "$answer" == "y" ]]; then
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}Setup SSH${RESET}"
2024-02-23 15:14:36 +01:00
2024-04-17 16:48:16 +02:00
ssh_port=$((RANDOM % (65536 - 1024 + 1) + 1024))
2024-02-23 15:14:36 +01:00
touch /etc/ssh/sshd_config.d/custom.conf
echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf
echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config.d/custom.conf
2024-04-17 16:48:16 +02:00
echo "Port ${ssh_port}" >> /etc/ssh/sshd_config.d/custom.conf
2024-02-23 15:14:36 +01:00
systemctl reload ssh
2024-04-17 16:48:16 +02:00
echo -e "${ORANGE}${BOLD}Store the ssh port ${ssh_port} somewhere safe${RESET}"
2024-02-23 15:14:36 +01:00
fi
#
# FIREWALL AND FAIL2BAN
#
2024-02-23 20:15:32 +01:00
echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban ? (y/N) ${RESET}"
2024-02-23 15:38:12 +01:00
read answer
2024-02-23 15:14:36 +01:00
if [[ "$answer" == "y" ]]; then
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban${RESET}"
2024-02-23 15:14:36 +01:00
apt install -y ufw fail2ban
systemctl enable fail2ban
get_ssh_port
ufw allow $ssh_port
2024-02-23 15:14:36 +01:00
ufw allow http
ufw allow https
fi
#
# CADDY
#
2024-02-23 20:15:32 +01:00
echo -e "${PURPLE}${BOLD}Install Caddy webserver ? (y/N) ${RESET}"
2024-02-23 15:38:12 +01:00
read answer
2024-02-23 15:14:36 +01:00
if [[ "$answer" == "y" ]]; then
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}Install Caddy Webserver${RESET}"
2024-02-23 15:14:36 +01:00
apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
apt update
apt install -y caddy
2024-02-24 13:11:47 +01:00
> /etc/caddy/Caddyfile
2024-02-23 15:38:12 +01:00
fi
2024-02-23 15:46:03 +01:00
#
# MARIADB
#
2024-02-23 20:15:32 +01:00
echo -e "${PURPLE}${BOLD}Install MariaDB ? (y/N) ${RESET}"
2024-02-23 15:46:03 +01:00
read answer
if [[ "$answer" == "y" ]]; then
apt install -y mariadb-server
2024-02-25 00:38:41 +01:00
echo -e "${ORANGE}${BOLD}Generate and store the password somewhere safe${RESET}"
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}"
read -s db_root_password
echo
2024-02-23 20:04:32 +01:00
install_pkg expect
2024-02-23 16:21:55 +01:00
SECURE_MYSQL=$(expect -c "
set timeout 3
spawn mysql_secure_installation
expect \"Enter current password for root (enter for none):\"
send \"\r\"
2024-02-23 16:34:56 +01:00
expect \"Switch to unix_socket authentication \\[Y/n\\]\"
2024-02-23 16:30:50 +01:00
send \"n\r\"
2024-02-23 16:34:56 +01:00
expect \"Change the root password? \\[Y/n\\]\"
2024-02-23 16:21:55 +01:00
send \"y\r\"
expect \"New password:\"
2024-02-23 17:07:19 +01:00
send \"$db_root_password\r\"
2024-02-23 16:21:55 +01:00
expect \"Re-enter new password:\"
2024-02-23 17:07:19 +01:00
send \"$db_root_password\r\"
2024-02-23 16:21:55 +01:00
expect \"Remove anonymous users?\"
send \"y\r\"
expect \"Disallow root login remotely?\"
send \"y\r\"
expect \"Remove test database and access to it?\"
send \"y\r\"
expect \"Reload privilege tables now?\"
send \"y\r\"
expect eof
")
echo "${SECURE_MYSQL}"
# https://gist.github.com/coderua/5592d95970038944d099
2024-02-23 15:46:03 +01:00
fi
2024-02-23 17:07:19 +01:00
#
# DIRECTUS DB
#
2024-02-23 20:15:32 +01:00
echo -e "${PURPLE}${BOLD}Setup Directus database ? (y/N) ${RESET}"
2024-02-23 15:46:03 +01:00
read answer
if [[ "$answer" == "y" ]]; then
2024-02-25 00:38:41 +01:00
echo -e "${ORANGE}${BOLD}Generate and store the password somewhere safe${RESET}"
2024-02-23 17:07:19 +01:00
echo -e "${PURPLE}${BOLD}Enter the MariaDB Directus password : ${RESET}"
read -s db_directus_password
echo
2024-02-23 18:05:07 +01:00
if [[ -z "$db_root_password" ]]; then
echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}"
read -s db_root_password
echo
fi
2024-02-23 20:04:32 +01:00
install_pkg expect
2024-02-23 18:10:27 +01:00
CREATE_DIRECTUS_DB=$(expect -c "
2024-02-23 18:28:14 +01:00
spawn mariadb -u root -p
2024-02-23 18:10:27 +01:00
expect \"Enter password:\"
send \"$db_root_password\r\"
2024-02-23 18:26:16 +01:00
expect \"mysql>\"
send \"CREATE USER 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r\"
send \"CREATE DATABASE directus;\r\"
send \"GRANT ALL PRIVILEGES ON directus.* TO 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r\"
send \"FLUSH PRIVILEGES;\r\"
expect \"mysql>\"
send \"quit;\r\"
expect eof
2024-02-23 18:10:27 +01:00
")
2024-02-23 18:40:03 +01:00
echo "${CREATE_DIRECTUS_DB}" >& /dev/null
echo -e "${PURPLE}${BOLD}Directus database created${RESET}"
fi
2024-02-23 20:04:32 +01:00
#
# NODE
#
2024-02-23 20:15:32 +01:00
echo -e "${PURPLE}${BOLD}Install Node ? (y/N) ${RESET}"
2024-02-23 18:40:03 +01:00
read answer
if [[ "$answer" == "y" ]]; then
2024-02-26 13:14:54 +01:00
touch /var/www/.bashrc
chown www-data:www-data /var/www/.bashrc
mkdir /var/www/.nvm
chown www-data:www-data /var/www/.nvm
mkdir /var/www/.npm
chown www-data:www-data /var/www/.npm
2024-02-26 13:14:54 +01:00
su -s /bin/bash -c 'curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash &&\
export NVM_DIR="$HOME/.nvm" &&\
2024-02-23 19:09:09 +01:00
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" &&\
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" &&\
2024-02-26 13:14:54 +01:00
nvm install v18' www-data
2024-04-17 18:55:54 +02:00
ln -sf /var/www/.nvm/versions/node/v18.*/bin/node /usr/bin/node
ln -sf /var/www/.nvm/versions/node/v18.*/bin/npm /usr/bin/npm
ln -sf /var/www/.nvm/versions/node/v18.*/bin/npx /usr/bin/npx
2024-02-23 21:28:20 +01:00
echo -e "${PURPLE}${BOLD}Node installed${RESET}";
2024-02-23 18:05:07 +01:00
fi
2024-02-23 20:04:32 +01:00
#
# SET THE URL
#
echo -e "${PURPLE}${BOLD}Enter the domain name of the website${RESET}"
read domain_name
2024-02-25 01:55:30 +01:00
get_ip
2024-02-23 20:04:32 +01:00
echo -e "${PURPLE}${BOLD}Configure the ${domain_name} DNS ZONE as the following${RESET}"
2024-02-25 19:17:44 +01:00
echo -e "${BLUE}Domain : ${domain_name} | Type : A | Target : ${ip}${RESET}"
echo -e "${BLUE}Domain : cms.${domain_name} | Type : A | Target : ${ip}${RESET}"
echo -e "${BLUE}Domain : www.${domain_name} | Type : A | Target : ${ip}${RESET}"
2024-02-23 20:04:32 +01:00
echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
read
2024-02-23 18:05:07 +01:00
2024-02-26 13:14:54 +01:00
repo_directory="/var/www/repositories"
mkdir $repo_directory
chown www-data:www-data $repo_directory
cms_directory="${repo_directory}/cms_${domain_name}"
2024-02-23 20:04:32 +01:00
#
# DIRECTUS
#
2024-02-23 20:15:32 +01:00
echo -e "${PURPLE}${BOLD}Install Directus ? (y/N) ${RESET}"
2024-02-23 20:04:32 +01:00
read answer
if [[ "$answer" == "y" ]]; then
2024-02-23 20:15:32 +01:00
install_pkg tmux
2024-02-23 22:32:51 +01:00
if [[ -z "$db_directus_password" ]]; then
echo -e "${PURPLE}${BOLD}Enter the MariaDB Directus password : ${RESET}"
read -s db_directus_password
echo
fi
2024-04-17 16:48:16 +02:00
echo "set -g default-shell /bin/sh" >> /etc/tmux.conf
su -s /bin/bash -c "mkdir ${cms_directory}" www-data
echo -e "${PURPLE}${BOLD}Import the Directus database ? (y/N) ${RESET}"
2024-02-25 17:14:22 +01:00
read answer
if [[ "$answer" == "y" ]]; then
2024-04-17 16:48:16 +02:00
get_ssh_port
2024-02-26 13:14:54 +01:00
get_username
2024-04-17 16:48:16 +02:00
get_ip
2024-02-25 17:14:22 +01:00
2024-04-17 16:48:16 +02:00
echo -e "${PURPLE}${BOLD}Import the .tar.gz archive from your local storage${RESET}"
echo -e "${PURPLE}The archive should contain the sql dump, the upload directory and the .env file${RESET}"
echo -e "${BLUE}scp -P ${ssh_port} /local/path/to/archive.tar.gz ${username}@${ip}:/home/${username}/${RESET}"
2024-02-25 17:14:22 +01:00
echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
read
2024-04-17 17:44:10 +02:00
directus_archive=$(ls /home/${username}/*.tar.gz);
2024-04-17 18:02:20 +02:00
tar -xzf "${directus_archive}" -C "${cms_directory}" --strip-components=2
2024-04-17 17:45:40 +02:00
rm "${directus_archive}"
2024-04-17 16:48:16 +02:00
sed -i "s/^\(DB_PASSWORD=\)'.*'$/\1'$db_directus_password'/" "${cms_directory}/.env"
port=$(cat ${cms_directory}/.env | grep "^PORT=" | sed 's/^PORT=//')
sql_dump=$(ls ${cms_directory}/*.sql)
install_pkg expect
2024-04-17 18:24:40 +02:00
mariadb -u directus -p"$db_directus_password" directus < "$sql_dump"
2024-04-17 16:48:16 +02:00
rm $sql_dump
chown -R www-data:www-data $cms_directory
2024-02-26 13:14:54 +01:00
su -s /bin/bash -c "cd ${cms_directory} &&\
2024-04-17 16:48:16 +02:00
npm init -y &&\
npx directus bootstrap --skipAdminInit &&\
npx directus database migrate:latest
tmux new-session -d -s directus &&\
tmux send-keys -t directus \"cd ${cms_directory} && npx directus start\" C-m" www-data
echo -e "${PURPLE}${BOLD}Directus migration complete${RESET}"
else
echo -e "${ORANGE}${BOLD}Generate and store the credentials somewhere safe${RESET}"
echo -e "${PURPLE}${BOLD}Enter the Directus admin email : ${RESET}"
read directus_admin_email
echo -e "${PURPLE}${BOLD}Enter the Directus admin password : ${RESET}"
read -s directus_admin_password
env_file="${cms_directory}/.env"
port=8055
key=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
secret=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
su -s /bin/bash -c "mkdir ${cms_directory} &&\
mkdir ${cms_directory}/uploads &&\
echo \"HOST='${ip}'\" >> ${env_file} &&\
echo \"PORT=${port}\" >> ${env_file} &&\
echo \"PUBLIC_URL='https://cms.${domain_name}'\" >> ${env_file} &&\
echo \"DB_CLIENT='mysql'\" >> ${env_file} &&\
echo \"DB_HOST='127.0.0.1'\" >> ${env_file} &&\
echo \"DB_PORT='3306'\" >> ${env_file} &&\
echo \"DB_DATABASE='directus'\" >> ${env_file} &&\
echo \"DB_USER='directus'\" >> ${env_file} &&\
echo \"DB_PASSWORD='${db_directus_password}'\" >> ${env_file} &&\
echo \"SECRET='${secret}'\" >> ${env_file} &&\
echo \"KEY='${key}'\" >> ${env_file} &&\
echo \"CORS_ENABLED='true'\" >> ${env_file} &&\
echo \"CORS_ORIGIN='true'\" >> ${env_file} &&\
cd ${cms_directory} &&\
npm init -y &&\
npx directus bootstrap --skipAdminInit &&\
tmux new-session -d -s directus &&\
tmux send-keys -t directus \"cd ${cms_directory} && npx directus start\" C-m &&\
npx directus roles create --role Administrator --admin true &&\
npx directus roles create --role Website &&\
npx directus roles create --role User" www-data
admin_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \
-e "SELECT id FROM directus.directus_roles WHERE name='Administrator'") | awk '{print $2}')
website_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \
-e "SELECT id FROM directus.directus_roles WHERE name='Website'") | awk '{print $2}')
user_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \
-e "SELECT id FROM directus.directus_roles WHERE name='User'") | awk '{print $2}')
website_password=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
2024-02-25 17:14:22 +01:00
2024-04-17 16:48:16 +02:00
su -s /bin/bash -c "cd ${cms_directory} &&\
npx directus users create --email \"${directus_admin_email}\" \
--password \"${directus_admin_password}\" --role \"${admin_role_uuid}\" &&\
npx directus users create --email \"website@${domain_name}\" --password \"${website_password}\" --role \"${website_role_uuid}\"" www-data
website_token=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_roles SET icon='robot' WHERE name='Website'";
mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_roles SET app_access='0' WHERE name='Website'";
mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_users SET token=\"${website_token}\" WHERE email=\"website@${domain_name}\"";
echo -e "${PURPLE}${BOLD}Import Directus data model ? (y/N) ${RESET}"
read answer
if [[ "$answer" == "y" ]]; then
get_username
get_ip
get_ssh_port
echo -e "${PURPLE}${BOLD}Import local Directus data model${RESET}"
echo -e "${BLUE}npx directus schema snapshot ./snapshot.yaml${RESET}"
echo -e "${BLUE}scp -P ${ssh_port} /local/path/to/snapshot.yaml ${username}@${ip}:/home/${username}/snapshot.yaml${RESET}"
echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
read
su -s /bin/bash -c "cd ${cms_directory} &&\
npx directus schema apply --yes /home/${username}/snapshot.yaml" www-data
fi
echo -e "${PURPLE}${BOLD}You can now add some content${RESET}"
echo -e "${ORANGE}${BOLD}Do not forget to set the permissions${RESET}"
echo -e "${ORANGE}${BOLD}Website role ${RESET}${ORANGE}Read content collections and directus_files${RESET}"
echo -e "${ORANGE}${BOLD}User role ${RESET}${ORANGE}All permissions on content collections, directus_files and directus_folders${RESET}"
2024-02-25 17:14:22 +01:00
fi
2024-04-17 16:48:16 +02:00
caddyfile="/etc/caddy/Caddyfile"
echo "cms.${domain_name} {" >> $caddyfile
echo "reverse_proxy ${ip}:${port}" >> $caddyfile
echo "}" >> $caddyfile
caddy fmt $caddyfile -w
caddy reload -c $caddyfile
2024-02-25 17:14:22 +01:00
echo -e "${PURPLE}${BOLD}Access Directus ${RESET}${PURPLE}https://cms.${domain_name}${RESET}"
2024-02-23 20:04:32 +01:00
fi
2024-02-23 22:32:51 +01:00
2024-02-25 01:55:30 +01:00
#
2024-02-25 17:14:22 +01:00
# NUXT
2024-02-25 01:55:30 +01:00
#
2024-02-25 17:14:22 +01:00
echo -e "${PURPLE}${BOLD}Install the front-end ? (y/N) ${RESET}"
2024-02-25 01:55:30 +01:00
read answer
if [[ "$answer" == "y" ]]; then
2024-02-25 17:18:43 +01:00
get_ip
2024-02-25 01:55:30 +01:00
2024-02-25 17:14:22 +01:00
echo -e "${PURPLE}${BOLD}Create and push a prod branch on the repo${RESET}"
2024-04-18 12:47:12 +02:00
echo -e "${BLUE}git fetch . main:prod${RESET}"
2024-02-25 19:17:44 +01:00
echo -e "${BLUE}git push origin prod${RESET}"
2024-02-25 23:20:03 +01:00
echo -e "${PURPLE}${BOLD}Enter the .git url of the repo${RESET}"
2024-02-25 17:14:22 +01:00
read repo_url
2024-02-26 13:27:39 +01:00
front_repo_name=$(echo "$repo_url" | sed 's#.*/\([^/]*\)\.git#\1#')
front_directory="${repo_directory}/${front_repo_name}"
2024-02-25 17:14:22 +01:00
if [[ -z "$website_token" ]]; then
echo -e "${PURPLE}${BOLD}Enter the Directus Website user static token${RESET}"
2024-02-25 17:34:14 +01:00
read -s website_token
2024-02-25 17:14:22 +01:00
fi
touch /var/www/.nuxtrc
echo "telemetry.consent=0" > /var/www/.nuxtrc
2024-02-27 13:16:17 +01:00
echo "telemetry.enabled=false" >> /var/www/.nuxtrc
2024-02-26 13:27:39 +01:00
chown -R www-data:www-data /var/www/.nuxtrc
2024-04-18 12:47:12 +02:00
rm /var/www/html/*
chown www-data:www-data /var/www/html
2024-02-26 13:27:39 +01:00
su -s /bin/bash -c "cd ${repo_directory} &&\
2024-02-25 17:14:22 +01:00
git clone ${repo_url} &&\
2024-02-26 13:27:39 +01:00
cd ${front_directory} &&\
2024-02-25 17:14:22 +01:00
git checkout prod &&\
echo \"DIRECTUS_API_TOKEN=${website_token}\" > .env &&\
echo \"URL=https://${domain_name}\" >> .env &&\
2024-02-26 13:27:39 +01:00
echo \"DIRECTUS_URL=https://cms.${domain_name}\" >> .env &&\
tmux send-keys -t directus C-c &&\
2024-02-26 15:16:53 +01:00
npm install -y &&\
2024-04-18 12:47:12 +02:00
npm run generate --prerender" www-data
cp -r "${front_directory}/.output/public" /var/www/html
2024-02-25 17:14:22 +01:00
2024-02-25 17:18:43 +01:00
caddyfile="/etc/caddy/Caddyfile"
echo "www.${domain_name} {" >> $caddyfile
echo "redir ${domain_name}{uri} permanent" >> $caddyfile
echo "}" >> $caddyfile
echo "${domain_name} {" >> $caddyfile
2024-04-18 12:47:12 +02:00
echo "root * /var/www/html/public" >> $caddyfile
echo "file_server" >> $caddyfile
2024-02-25 17:18:43 +01:00
echo "}" >> $caddyfile
caddy fmt $caddyfile -w
caddy reload -c $caddyfile
2024-02-25 17:14:22 +01:00
echo -e "${PURPLE}${BOLD}Setup a webhook ? (y/N) ${RESET}"
read answer
if [[ "$answer" == "y" ]]; then
2024-02-25 19:17:44 +01:00
echo -e "${PURPLE}${BOLD}If it does not already exists, create a webhook at the following url${RESET}"
2024-02-25 22:18:51 +01:00
echo -e "${PURPLE}${BOLD}${repo_url}/settings/hooks/gitea/new${RESET}"
2024-02-25 19:17:44 +01:00
echo -e "${BLUE}${BOLD}Target URL ${RESET}${BLUE}https://${domain_name}/webhook.php${RESET}"
echo -e "${BLUE}${BOLD}Branch filter ${RESET}${BLUE}prod${RESET}"
echo -e "${BLUE}${BOLD}Authorization Header ${RESET}${ORANGE}Generate a safe string using \`openssl rand -base64 32\`${RESET}"
echo -e "${PURPLE}${BOLD}Enter the Authorization Header${RESET}"
read -s auth_header
2024-04-16 16:03:33 +02:00
apt install -y jq
2024-02-25 19:17:44 +01:00
rm /var/www/html/index.html
cp ./assets/webhook.php /var/www/html/
mkdir /var/www/webhook
2024-02-25 22:18:51 +01:00
cp ./assets/webhook.sh /var/www/webhook
2024-02-25 19:17:44 +01:00
chown www-data:www-data /var/www/webhook/webhook.sh
chmod u+x /var/www/webhook/webhook.sh
2024-02-27 16:57:10 +01:00
touch /var/www/webhook/webhook.log
chown www-data:www-data /var/www/webhook/webhook.log
2024-02-25 19:17:44 +01:00
2024-02-25 22:18:51 +01:00
head -n $(($(wc -l < $caddyfile) - 2)) $caddyfile > temp_Caddyfile && mv temp_Caddyfile $caddyfile
2024-02-25 19:17:44 +01:00
echo "handle /webhook.php {" >> $caddyfile
2024-02-25 22:18:51 +01:00
echo "@unauthorized not header Authorization \"${auth_header}\"" >> $caddyfile
echo "respond @unauthorized \"Unauthorized access\"" >> $caddyfile
2024-02-25 19:17:44 +01:00
echo "root * /var/www/html" >> $caddyfile
echo "php_fastcgi unix//run/php/php8.2-fpm.sock" >> $caddyfile
echo "file_server" >> $caddyfile
echo "}" >> $caddyfile
2024-02-25 22:18:51 +01:00
echo "handle {" >> $caddyfile
echo "reverse_proxy ${ip}:3000" >> $caddyfile
echo "}" >> $caddyfile
2024-02-25 19:17:44 +01:00
echo "}" >> $caddyfile
caddy fmt $caddyfile -w
caddy reload -c $caddyfile
2024-02-25 17:14:22 +01:00
fi
2024-02-25 01:55:30 +01:00
fi
2024-02-26 18:00:57 +01:00
apt purge expect
2024-02-25 17:14:22 +01:00
2024-02-24 12:58:37 +01:00
# TODO
2024-02-25 19:17:44 +01:00
#
2024-02-25 01:55:30 +01:00
# DIRECTUS EMAIL
# DIRECTUS REDIS
2024-02-24 13:18:10 +01:00
# LOGING DE TOUT
2024-02-25 19:17:44 +01:00
# CADDYFILE EN JSON
# MÀJ
2024-02-27 13:16:17 +01:00
# reboot a running system
2024-04-18 12:47:12 +02:00
# MATOMO
# NODE EXPORTER