deployment-dcdn/install.sh

171 lines
4.8 KiB
Bash
Raw Normal View History

2024-02-23 14:28:42 +01:00
#!/bin/bash
2024-02-23 15:46:03 +01:00
PURPLE='\033[35m'
2024-02-23 15:38:12 +01:00
BOLD='\033[1m'
RESET='\033[0m'
2024-02-23 18:05:07 +01:00
install_expect() {
if ! command -v expect &> /dev/null; then
2024-02-23 18:11:57 +01:00
apt install -y expect
2024-02-23 18:05:07 +01:00
echo -e "${PURPLE}${BOLD}expect installed${RESET}"
else
echo -e "${PURPLE}${BOLD}expect already installed${RESET}"
fi
}
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}"
2024-02-23 14:28:42 +01:00
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit
fi
#
# USER
#
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}Create a user ? (y/n) ${RESET}"
2024-02-23 15:38:12 +01:00
read answer
2024-02-23 15:14:36 +01:00
if [[ "$answer" == "y" ]]; then
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}Create user${RESET}"
2024-02-23 14:28:42 +01:00
2024-02-23 15:14:36 +01:00
read -p "Enter username: " username
2024-02-23 14:28:42 +01:00
2024-02-23 15:14:36 +01:00
if id "$username" &>/dev/null; then
echo "User '$username' already exists."
exit 1
fi
2024-02-23 14:28:42 +01:00
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}"
2024-02-23 15:14:36 +01:00
read -s -p "Enter password: " password
echo
useradd -m "$username"
chsh -s /bin/bash $username
echo "$username:$password" | chpasswd
2024-02-23 14:28:42 +01:00
2024-02-23 15:14:36 +01:00
usermod -aG sudo $username
2024-02-23 14:28:42 +01:00
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}User '$username' created with password successfully.${RESET}"
2024-02-23 15:14:36 +01:00
fi
2024-02-23 14:28:42 +01:00
#
# SSH
#
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}Setup SSH ? (y/n) ${RESET}"
2024-02-23 15:38:12 +01:00
read answer
2024-02-23 15:14:36 +01:00
if [[ "$answer" == "y" ]]; then
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}Setup SSH${RESET}"
2024-02-23 15:14:36 +01:00
touch /etc/ssh/sshd_config.d/custom.conf
echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf
echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config.d/custom.conf
systemctl reload ssh
fi
#
# FIREWALL AND FAIL2BAN
#
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban ? (y/n) ${RESET}"
2024-02-23 15:38:12 +01:00
read answer
2024-02-23 15:14:36 +01:00
if [[ "$answer" == "y" ]]; then
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban${RESET}"
2024-02-23 15:14:36 +01:00
apt install -y ufw fail2ban
systemctl enable fail2ban
ufw allow ssh
ufw allow http
ufw allow https
fi
#
# TODO : ZABBIX AND URBACKUP
#
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}TODO : Zabbix and Urbackup${RESET}"
#
# CADDY
#
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}Install Caddy webserver ? (y/n) ${RESET}"
2024-02-23 15:38:12 +01:00
read answer
2024-02-23 15:14:36 +01:00
if [[ "$answer" == "y" ]]; then
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}Install Caddy Webserver${RESET}"
2024-02-23 15:14:36 +01:00
apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
apt update
apt install -y caddy
2024-02-23 15:38:12 +01:00
fi
2024-02-23 15:46:03 +01:00
#
# MARIADB
#
echo -e "${PURPLE}${BOLD}Install MariaDB ? (y/n) ${RESET}"
read answer
if [[ "$answer" == "y" ]]; then
apt install -y mariadb-server
echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}"
echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}"
read -s db_root_password
echo
2024-02-23 18:05:07 +01:00
install_expect
2024-02-23 16:21:55 +01:00
SECURE_MYSQL=$(expect -c "
set timeout 3
spawn mysql_secure_installation
expect \"Enter current password for root (enter for none):\"
send \"\r\"
2024-02-23 16:34:56 +01:00
expect \"Switch to unix_socket authentication \\[Y/n\\]\"
2024-02-23 16:30:50 +01:00
send \"n\r\"
2024-02-23 16:34:56 +01:00
expect \"Change the root password? \\[Y/n\\]\"
2024-02-23 16:21:55 +01:00
send \"y\r\"
expect \"New password:\"
2024-02-23 17:07:19 +01:00
send \"$db_root_password\r\"
2024-02-23 16:21:55 +01:00
expect \"Re-enter new password:\"
2024-02-23 17:07:19 +01:00
send \"$db_root_password\r\"
2024-02-23 16:21:55 +01:00
expect \"Remove anonymous users?\"
send \"y\r\"
expect \"Disallow root login remotely?\"
send \"y\r\"
expect \"Remove test database and access to it?\"
send \"y\r\"
expect \"Reload privilege tables now?\"
send \"y\r\"
expect eof
")
echo "${SECURE_MYSQL}"
# https://gist.github.com/coderua/5592d95970038944d099
2024-02-23 15:46:03 +01:00
fi
2024-02-23 17:07:19 +01:00
#
# DIRECTUS DB
#
2024-02-23 15:46:03 +01:00
echo -e "${PURPLE}${BOLD}Setup Directus database ? (y/n) ${RESET}"
read answer
if [[ "$answer" == "y" ]]; then
2024-02-23 17:07:19 +01:00
echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}"
echo -e "${PURPLE}${BOLD}Enter the MariaDB Directus password : ${RESET}"
read -s db_directus_password
echo
2024-02-23 18:05:07 +01:00
if [[ -z "$db_root_password" ]]; then
echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}"
read -s db_root_password
echo
fi
install_expect
2024-02-23 18:10:27 +01:00
CREATE_DIRECTUS_DB=$(expect -c "
spawn mariadb -u root -p
expect \"Enter password:\"
send \"$db_root_password\r\"
expect \"mysql>\"
send \"CREATE USER 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r\"
send \"CREATE DATABASE directus;\r\"
send \"GRANT ALL PRIVILEGES ON directus.* TO 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r\"
send \"FLUSH PRIVILEGES;\r\"
expect \"mysql>\"
2024-02-23 18:17:38 +01:00
send \"quit;\r\"
2024-02-23 18:10:27 +01:00
")
echo "${CREATE_DIRECTUS_DB}"
2024-02-23 18:05:07 +01:00
fi
# TODO REMOVE EXPECT IF IT IS INSTALLED