diff --git a/README.md b/README.md index ce51f2a..60f323f 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,9 @@ Deployment [**D**ebian](https://www.debian.org/) (os) + [**C**addy](https://cadd ## Installation -On a fresh install as root user +On a fresh install as root user using + +`su - root` 1. Upgrade diff --git a/install.sh b/install.sh index 942f791..e77c941 100644 --- a/install.sh +++ b/install.sh @@ -29,6 +29,12 @@ get_ip() { fi } +get_ssh_port() { + if [[ -z "$ssh_port" ]]; then + ssh_port=$(cat /etc/ssh/sshd_config.d/custom.conf | grep "Port " | sed 's/^Port //') + fi +} + echo -e "${PURPLE}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}" if [ "$EUID" -ne 0 ]; then @@ -45,6 +51,10 @@ systemctl disable --now apache2 echo -e "${PURPLE}${BOLD}Create a user ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then + if id "debian" &>/dev/null; then + sudo deluser --remove-home "debian" + fi + echo -e "${PURPLE}${BOLD}Create user${RESET}" read -p "Enter username: " username @@ -74,10 +84,15 @@ read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Setup SSH${RESET}" + ssh_port=$((RANDOM % (65536 - 1024 + 1) + 1024)) + touch /etc/ssh/sshd_config.d/custom.conf echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config.d/custom.conf + echo "Port ${ssh_port}" >> /etc/ssh/sshd_config.d/custom.conf systemctl reload ssh + + echo -e "${ORANGE}${BOLD}Store the ssh port ${ssh_port} somewhere safe${RESET}" fi # @@ -244,62 +259,135 @@ if [[ "$answer" == "y" ]]; then echo fi - echo -e "${ORANGE}${BOLD}Generate and store the credentials somewhere safe${RESET}" - echo -e "${PURPLE}${BOLD}Enter the Directus admin email : ${RESET}" - read directus_admin_email - echo -e "${PURPLE}${BOLD}Enter the Directus admin password : ${RESET}" - read -s directus_admin_password - env_file="${cms_directory}/.env" - port=8055 - key=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') - secret=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') + + + + + echo "set -g default-shell /bin/sh" >> /etc/tmux.conf + su -s /bin/bash -c "mkdir ${cms_directory}" www-data - su -s /bin/bash -c "mkdir ${cms_directory} &&\ - mkdir ${cms_directory}/uploads &&\ - echo \"HOST='${ip}'\" >> ${env_file} &&\ - echo \"PORT=${port}\" >> ${env_file} &&\ - echo \"PUBLIC_URL='https://cms.${domain_name}'\" >> ${env_file} &&\ - echo \"DB_CLIENT='mysql'\" >> ${env_file} &&\ - echo \"DB_HOST='127.0.0.1'\" >> ${env_file} &&\ - echo \"DB_PORT='3306'\" >> ${env_file} &&\ - echo \"DB_DATABASE='directus'\" >> ${env_file} &&\ - echo \"DB_USER='directus'\" >> ${env_file} &&\ - echo \"DB_PASSWORD='${db_directus_password}'\" >> ${env_file} &&\ - echo \"SECRET='${secret}'\" >> ${env_file} &&\ - echo \"KEY='${key}'\" >> ${env_file} &&\ - echo \"CORS_ENABLED='true'\" >> ${env_file} &&\ - echo \"CORS_ORIGIN='true'\" >> ${env_file} &&\ - cd ${cms_directory} &&\ - npm init -y &&\ - npx directus bootstrap --skipAdminInit &&\ - tmux new-session -d -s directus &&\ - tmux send-keys -t directus \"cd ${cms_directory} && npx directus start\" C-m &&\ - npx directus roles create --role Administrator --admin true &&\ - npx directus roles create --role Website &&\ - npx directus roles create --role User" www-data + echo -e "${PURPLE}${BOLD}Import the Directus database ? (y/N) ${RESET}" + read answer + if [[ "$answer" == "y" ]]; then + get_ssh_port + get_username + get_ip - admin_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \ - -e "SELECT id FROM directus.directus_roles WHERE name='Administrator'") | awk '{print $2}') - website_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \ - -e "SELECT id FROM directus.directus_roles WHERE name='Website'") | awk '{print $2}') - user_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \ - -e "SELECT id FROM directus.directus_roles WHERE name='User'") | awk '{print $2}') - - website_password=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') + echo -e "${PURPLE}${BOLD}Import the .tar.gz archive from your local storage${RESET}" + echo -e "${PURPLE}The archive should contain the sql dump, the upload directory and the .env file${RESET}" + echo -e "${BLUE}scp -P ${ssh_port} /local/path/to/archive.tar.gz ${username}@${ip}:/home/${username}/${RESET}" + echo -e "${PURPLE}${BOLD}Press any key when done${RESET}" + read - su -s /bin/bash -c "cd ${cms_directory} &&\ - npx directus users create --email \"${directus_admin_email}\" \ - --password \"${directus_admin_password}\" --role \"${admin_role_uuid}\" &&\ - npx directus users create --email \"website@${domain_name}\" --password \"${website_password}\" --role \"${website_role_uuid}\"" www-data + tar -xzf "/home/${username}/*.tar.gz" -C "${cms_directory}" + rm "/home/${username}/*.tar.gz" - website_token=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') - mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_roles SET icon='robot' WHERE name='Website'"; - mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_roles SET app_access='0' WHERE name='Website'"; - mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_users SET token=\"${website_token}\" WHERE email=\"website@${domain_name}\""; + sed -i "s/^\(DB_PASSWORD=\)'.*'$/\1'$db_directus_password'/" "${cms_directory}/.env" + + port=$(cat ${cms_directory}/.env | grep "^PORT=" | sed 's/^PORT=//') + sql_dump=$(ls ${cms_directory}/*.sql) + + install_pkg expect + LOAD_DIRECTUS_DB=$(expect -c " + spawn mariadb -u directus -p directus < $sql_dump + expect \"Enter password:\" + send \"$db_directus_password\r\" + expect eof + ") + echo "${LOAD_DIRECTUS_DB}" >& /dev/null + rm $sql_dump + chown -R www-data:www-data $cms_directory + + su -s /bin/bash -c "cd ${cms_directory} &&\ + npm init -y &&\ + npx directus bootstrap --skipAdminInit &&\ + npx directus database migrate:latest + tmux new-session -d -s directus &&\ + tmux send-keys -t directus \"cd ${cms_directory} && npx directus start\" C-m" www-data + + echo -e "${PURPLE}${BOLD}Directus migration complete${RESET}" + else + echo -e "${ORANGE}${BOLD}Generate and store the credentials somewhere safe${RESET}" + echo -e "${PURPLE}${BOLD}Enter the Directus admin email : ${RESET}" + read directus_admin_email + echo -e "${PURPLE}${BOLD}Enter the Directus admin password : ${RESET}" + read -s directus_admin_password + + env_file="${cms_directory}/.env" + port=8055 + + key=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') + secret=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') + + su -s /bin/bash -c "mkdir ${cms_directory} &&\ + mkdir ${cms_directory}/uploads &&\ + echo \"HOST='${ip}'\" >> ${env_file} &&\ + echo \"PORT=${port}\" >> ${env_file} &&\ + echo \"PUBLIC_URL='https://cms.${domain_name}'\" >> ${env_file} &&\ + echo \"DB_CLIENT='mysql'\" >> ${env_file} &&\ + echo \"DB_HOST='127.0.0.1'\" >> ${env_file} &&\ + echo \"DB_PORT='3306'\" >> ${env_file} &&\ + echo \"DB_DATABASE='directus'\" >> ${env_file} &&\ + echo \"DB_USER='directus'\" >> ${env_file} &&\ + echo \"DB_PASSWORD='${db_directus_password}'\" >> ${env_file} &&\ + echo \"SECRET='${secret}'\" >> ${env_file} &&\ + echo \"KEY='${key}'\" >> ${env_file} &&\ + echo \"CORS_ENABLED='true'\" >> ${env_file} &&\ + echo \"CORS_ORIGIN='true'\" >> ${env_file} &&\ + cd ${cms_directory} &&\ + npm init -y &&\ + npx directus bootstrap --skipAdminInit &&\ + tmux new-session -d -s directus &&\ + tmux send-keys -t directus \"cd ${cms_directory} && npx directus start\" C-m &&\ + npx directus roles create --role Administrator --admin true &&\ + npx directus roles create --role Website &&\ + npx directus roles create --role User" www-data + + admin_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \ + -e "SELECT id FROM directus.directus_roles WHERE name='Administrator'") | awk '{print $2}') + website_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \ + -e "SELECT id FROM directus.directus_roles WHERE name='Website'") | awk '{print $2}') + user_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \ + -e "SELECT id FROM directus.directus_roles WHERE name='User'") | awk '{print $2}') + + website_password=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') + + su -s /bin/bash -c "cd ${cms_directory} &&\ + npx directus users create --email \"${directus_admin_email}\" \ + --password \"${directus_admin_password}\" --role \"${admin_role_uuid}\" &&\ + npx directus users create --email \"website@${domain_name}\" --password \"${website_password}\" --role \"${website_role_uuid}\"" www-data + + website_token=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') + mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_roles SET icon='robot' WHERE name='Website'"; + mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_roles SET app_access='0' WHERE name='Website'"; + mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_users SET token=\"${website_token}\" WHERE email=\"website@${domain_name}\""; + + echo -e "${PURPLE}${BOLD}Import Directus data model ? (y/N) ${RESET}" + read answer + if [[ "$answer" == "y" ]]; then + get_username + get_ip + get_ssh_port + + echo -e "${PURPLE}${BOLD}Import local Directus data model${RESET}" + echo -e "${BLUE}npx directus schema snapshot ./snapshot.yaml${RESET}" + echo -e "${BLUE}scp -P ${ssh_port} /local/path/to/snapshot.yaml ${username}@${ip}:/home/${username}/snapshot.yaml${RESET}" + echo -e "${PURPLE}${BOLD}Press any key when done${RESET}" + read + + su -s /bin/bash -c "cd ${cms_directory} &&\ + npx directus schema apply --yes /home/${username}/snapshot.yaml" www-data + fi + + echo -e "${PURPLE}${BOLD}You can now add some content${RESET}" + echo -e "${ORANGE}${BOLD}Do not forget to set the permissions${RESET}" + echo -e "${ORANGE}${BOLD}Website role ${RESET}${ORANGE}Read content collections and directus_files${RESET}" + echo -e "${ORANGE}${BOLD}User role ${RESET}${ORANGE}All permissions on content collections, directus_files and directus_folders${RESET}" + fi caddyfile="/etc/caddy/Caddyfile" echo "cms.${domain_name} {" >> $caddyfile @@ -308,27 +396,6 @@ if [[ "$answer" == "y" ]]; then caddy fmt $caddyfile -w caddy reload -c $caddyfile - echo -e "${PURPLE}${BOLD}Import Directus data model ? (y/N) ${RESET}" - read answer - if [[ "$answer" == "y" ]]; then - get_username - - echo -e "${PURPLE}${BOLD}Import local Directus data model${RESET}" - echo -e "${BLUE}npx directus schema snapshot ./snapshot.yaml${RESET}" - echo -e "${BLUE}scp /local/path/to/snapshot.yaml ${username}@${ip}:/home/${username}/snapshot.yaml${RESET}" - echo -e "${PURPLE}${BOLD}Press any key when done${RESET}" - read - - su -s /bin/bash -c "cd ${cms_directory} &&\ - npx directus schema apply --yes /home/${username}/snapshot.yaml" www-data - - fi - - echo -e "${PURPLE}${BOLD}You can now add some content${RESET}" - echo -e "${ORANGE}${BOLD}Do not forget to set the permissions${RESET}" - echo -e "${ORANGE}${BOLD}Website role ${RESET}${ORANGE}Read content collections and directus_files${RESET}" - echo -e "${ORANGE}${BOLD}User role ${RESET}${ORANGE}All permissions on content collections, directus_files and directus_folders${RESET}" - echo -e "${PURPLE}${BOLD}Access Directus ${RESET}${PURPLE}https://cms.${domain_name}${RESET}" fi diff --git a/utils/export-content.sh b/utils/export-content.sh index d9c9f9f..242905d 100644 --- a/utils/export-content.sh +++ b/utils/export-content.sh @@ -6,7 +6,6 @@ if [ "$EUID" -ne 0 ]; then fi PURPLE='\033[35m' -ORANGE='\033[33m' BLUE='\033[34m' BOLD='\033[1m' RESET='\033[0m' @@ -14,13 +13,14 @@ RESET='\033[0m' echo -e "${PURPLE}${BOLD}Export Directus Database and files ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then - user=$(getent passwd 1001 | awk -F: '{print $1}') + user=$(getent passwd 1000 | awk -F: '{print $1}') site_name=$(ls /var/www/repositories/ | grep -v '^cms') db_password=$(cat /var/www/repositories/cms*/.env | grep DB_PASSWORD | sed "s/[^']*'\([^']*\)'.*/\1/") current_date=$(date +'%d-%m-%y_%H-%M') export_base_folder="/home/${user}/content_exports" export_folder="${export_base_folder}/${site_name}_export_${current_date}" + mkdir -p "${export_folder}" mysqldump -u directus -p"${db_password}" directus > "${export_folder}/db_${site_name}_${current_date}.sql" cp -r /var/www/repositories/cms*/uploads "${export_folder}" @@ -29,7 +29,7 @@ if [[ "$answer" == "y" ]]; then rm -r "${export_folder}" chown -R "${user}:${user}" "${export_base_folder}" - ssh_port=$(cat /etc/ssh/sshd_config | grep "Port " | sed 's/^Port //') + ssh_port=$(cat /etc/ssh/sshd_config.d/custom.conf | grep "Port " | sed 's/^Port //') ip=$(hostname -I) if [[ "${ip: -1}" == " " ]]; then ip="${ip%?}"