www-data lance les serveurs tmux
This commit is contained in:
Valentin
parent
5ef8f2271d
commit
394c2dfb21
|
|
@ -23,23 +23,6 @@ if (empty($payload)) {
|
|||
exit();
|
||||
}
|
||||
|
||||
// get header signature
|
||||
$header_signature = isset($_SERVER['HTTP_X_GITEA_SIGNATURE']) ? $_SERVER['HTTP_X_GITEA_SIGNATURE'] : '';
|
||||
|
||||
if (empty($header_signature)) {
|
||||
error_log('FAILED - header signature missing');
|
||||
exit();
|
||||
}
|
||||
|
||||
// calculate payload signature
|
||||
$payload_signature = hash_hmac('sha256', $payload, $secret_key, false);
|
||||
|
||||
// check payload signature against header signature
|
||||
if ($header_signature !== $payload_signature) {
|
||||
error_log('FAILED - payload signature');
|
||||
exit();
|
||||
}
|
||||
|
||||
// convert json to array
|
||||
$decoded = json_decode($payload, true);
|
||||
|
||||
|
|
@ -50,5 +33,6 @@ if (json_last_error() !== JSON_ERROR_NONE) {
|
|||
}
|
||||
|
||||
// success, do something
|
||||
shell_exec('sh ../webhook/webhook.sh')
|
||||
echo "launching hook script ";
|
||||
shell_exec('sh ../webhook/webhook.sh 2>&1');
|
||||
?>
|
||||
|
|
@ -1,3 +1,15 @@
|
|||
#!/bin/bash
|
||||
username=$(getent passwd 1000 | cut -d: -f1)
|
||||
touch /home/$username/webhook_ok
|
||||
cd /home/$username
|
||||
directories=$(find . -maxdepth 1 -type d -printf "%f\n")
|
||||
for dir in $directories; do
|
||||
if [[ ! "$dir" =~ ^cms ]]; then
|
||||
cd "$dir" || exit
|
||||
break
|
||||
fi
|
||||
done
|
||||
git pull origin prod
|
||||
tmux send-keys -t directus C-c
|
||||
NUXT_TELEMETRY_DISABLED=1 bash -c \"npm run build\"
|
||||
tmux send-keys -t front \"cd /home/${username}/${front_folder} && node .output/server/index.mjs\" C-m
|
||||
tmux send-keys -t directus \"npx directus start\" C-m
|
||||
|
|
|
|||
40
install.sh
40
install.sh
|
|
@ -36,6 +36,8 @@ if [ "$EUID" -ne 0 ]; then
|
|||
exit
|
||||
fi
|
||||
|
||||
apt install -y php php-fpm
|
||||
|
||||
#
|
||||
# USER
|
||||
#
|
||||
|
|
@ -263,13 +265,16 @@ if [[ "$answer" == "y" ]]; then
|
|||
npm init -y &&\
|
||||
npx directus bootstrap --skipAdminInit" $username
|
||||
|
||||
echo "set -g default-shell /bin/sh" >> /etc/tmux.conf
|
||||
chown www-data:www-data /home/$username/$cms_folder
|
||||
|
||||
su -c "tmux new-session -d -s directus &&\
|
||||
tmux send-keys -t directus \"cd /home/${username}/${cms_folder} && npx directus start\" C-m" $username
|
||||
tmux send-keys -t directus \"cd /home/${username}/${cms_folder} && npx directus start\" C-m" www-data
|
||||
|
||||
su -c "cd /home/${username}/${cms_folder} &&\
|
||||
npx directus roles create --role Administrator --admin true &&\
|
||||
npx directus roles create --role Website &&\
|
||||
npx directus roles create --role User" $username
|
||||
npx directus roles create --role User" www-data
|
||||
|
||||
admin_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \
|
||||
-e "SELECT id FROM directus.directus_roles WHERE name='Administrator'") | awk '{print $2}')
|
||||
|
|
@ -279,10 +284,11 @@ if [[ "$answer" == "y" ]]; then
|
|||
-e "SELECT id FROM directus.directus_roles WHERE name='User'") | awk '{print $2}')
|
||||
|
||||
website_password=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
|
||||
|
||||
su -c "cd /home/${username}/${cms_folder} &&\
|
||||
npx directus users create --email \"${directus_admin_email}\" \
|
||||
--password \"${directus_admin_password}\" --role \"${admin_role_uuid}\" &&\
|
||||
npx directus users create --email \"website@${domain_name}\" --password \"${website_password}\" --role \"${website_role_uuid}\"" $username
|
||||
npx directus users create --email \"website@${domain_name}\" --password \"${website_password}\" --role \"${website_role_uuid}\"" www-data
|
||||
|
||||
website_token=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
|
||||
mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_roles SET icon='robot' WHERE name='Website'";
|
||||
|
|
@ -307,7 +313,7 @@ if [[ "$answer" == "y" ]]; then
|
|||
read
|
||||
|
||||
su -c "cd /home/${username}/${cms_folder} &&\
|
||||
npx directus schema apply --yes ../snapshot.yaml" $username
|
||||
npx directus schema apply --yes ../snapshot.yaml" www-data
|
||||
|
||||
echo -e "${PURPLE}${BOLD}You can now add some content${RESET}"
|
||||
echo -e "${ORANGE}${BOLD}Do not forget to set the permissions${RESET}"
|
||||
|
|
@ -346,13 +352,17 @@ if [[ "$answer" == "y" ]]; then
|
|||
git checkout prod &&\
|
||||
echo \"DIRECTUS_API_TOKEN=${website_token}\" > .env &&\
|
||||
echo \"URL=https://${domain_name}\" >> .env &&\
|
||||
echo \"DIRECTUS_URL=https://cms.${domain_name}\" >> .env &&\
|
||||
npm install &&\
|
||||
echo \"DIRECTUS_URL=https://cms.${domain_name}\" >> .env" $username
|
||||
|
||||
chown -R www-data:www-data /home/$username/$front_folder
|
||||
|
||||
su -c "cd /home/${username} &&\
|
||||
tmux send-keys -t directus C-c &&\
|
||||
npm run build &&\
|
||||
npm install &&\
|
||||
NUXT_TELEMETRY_DISABLED=1 bash -c \"npm run build\" &&\
|
||||
tmux new-session -d -s front &&\
|
||||
tmux send-keys -t front \"cd /home/${username}/${front_folder} && node .output/server/index.mjs\" C-m &&\
|
||||
tmux send-keys -t directus \"npx directus start\" C-m" $username
|
||||
tmux send-keys -t directus \"npx directus start\" C-m" www-data
|
||||
|
||||
caddyfile="/etc/caddy/Caddyfile"
|
||||
echo "www.${domain_name} {" >> $caddyfile
|
||||
|
|
@ -368,29 +378,31 @@ if [[ "$answer" == "y" ]]; then
|
|||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
echo -e "${PURPLE}${BOLD}If it does not already exists, create a webhook at the following url${RESET}"
|
||||
echo -e "${PURPLE}${BOLD}https://${repo_url}/settings/hooks/gitea/new${RESET}"
|
||||
echo -e "${PURPLE}${BOLD}${repo_url}/settings/hooks/gitea/new${RESET}"
|
||||
echo -e "${BLUE}${BOLD}Target URL ${RESET}${BLUE}https://${domain_name}/webhook.php${RESET}"
|
||||
echo -e "${BLUE}${BOLD}Branch filter ${RESET}${BLUE}prod${RESET}"
|
||||
echo -e "${BLUE}${BOLD}Authorization Header ${RESET}${ORANGE}Generate a safe string using \`openssl rand -base64 32\`${RESET}"
|
||||
echo -e "${PURPLE}${BOLD}Enter the Authorization Header${RESET}"
|
||||
read -s auth_header
|
||||
|
||||
apt install -y php php-fpm
|
||||
rm /var/www/html/index.html
|
||||
cp ./assets/webhook.php /var/www/html/
|
||||
mkdir /var/www/webhook
|
||||
cp .assets/webhook.sh /var/www/webhook
|
||||
cp ./assets/webhook.sh /var/www/webhook
|
||||
chown www-data:www-data /var/www/webhook/webhook.sh
|
||||
chmod u+x /var/www/webhook/webhook.sh
|
||||
|
||||
sed -i '$ d' $caddyfile
|
||||
head -n $(($(wc -l < $caddyfile) - 2)) $caddyfile > temp_Caddyfile && mv temp_Caddyfile $caddyfile
|
||||
echo "handle /webhook.php {" >> $caddyfile
|
||||
echo "@unauthorized not header Authorization ${auth_header}" >> $caddyfile
|
||||
echo "respond @unauthorized "Unauthorized access"" >> $caddyfile
|
||||
echo "@unauthorized not header Authorization \"${auth_header}\"" >> $caddyfile
|
||||
echo "respond @unauthorized \"Unauthorized access\"" >> $caddyfile
|
||||
echo "root * /var/www/html" >> $caddyfile
|
||||
echo "php_fastcgi unix//run/php/php8.2-fpm.sock" >> $caddyfile
|
||||
echo "file_server" >> $caddyfile
|
||||
echo "}" >> $caddyfile
|
||||
echo "handle {" >> $caddyfile
|
||||
echo "reverse_proxy ${ip}:3000" >> $caddyfile
|
||||
echo "}" >> $caddyfile
|
||||
echo "}" >> $caddyfile
|
||||
caddy fmt $caddyfile -w
|
||||
caddy reload -c $caddyfile
|
||||
|
|
|
|||
Loading…
Reference in New Issue