valentin_le_moign
/
deployment-dcdn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

www-data lance les serveurs tmux

This commit is contained in:
Valentin 2024-02-25 22:18:51 +01:00
parent 5ef8f2271d
commit 394c2dfb21
3 changed files with 41 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
assets/webhook.php
View File

@ -23,23 +23,6 @@ if (empty($payload)) {
exit(); exit();
} }
// get header signature
$header_signature = isset($_SERVER['HTTP_X_GITEA_SIGNATURE']) ? $_SERVER['HTTP_X_GITEA_SIGNATURE'] : '';
if (empty($header_signature)) {
error_log('FAILED - header signature missing');
exit();
}
// calculate payload signature
$payload_signature = hash_hmac('sha256', $payload, $secret_key, false);
// check payload signature against header signature
if ($header_signature !== $payload_signature) {
error_log('FAILED - payload signature');
exit();
}
// convert json to array // convert json to array
$decoded = json_decode($payload, true); $decoded = json_decode($payload, true);
@ -50,5 +33,6 @@ if (json_last_error() !== JSON_ERROR_NONE) {
} }
// success, do something // success, do something
shell_exec('sh ../webhook/webhook.sh') echo "launching hook script ";
shell_exec('sh ../webhook/webhook.sh 2>&1');
?> ?>

14
assets/webhook.sh
View File

@ -1,3 +1,15 @@
#!/bin/bash #!/bin/bash
username=$(getent passwd 1000 | cut -d: -f1) username=$(getent passwd 1000 | cut -d: -f1)
touch /home/$username/webhook_ok cd /home/$username
directories=$(find . -maxdepth 1 -type d -printf "%f\n")
for dir in $directories; do
if [[ ! "$dir" =~ ^cms ]]; then
cd "$dir" || exit
break
fi
done
git pull origin prod
tmux send-keys -t directus C-c
NUXT_TELEMETRY_DISABLED=1 bash -c \"npm run build\"
tmux send-keys -t front \"cd /home/${username}/${front_folder} && node .output/server/index.mjs\" C-m
tmux send-keys -t directus \"npx directus start\" C-m

40
install.sh
View File

@ -36,6 +36,8 @@ if [ "$EUID" -ne 0 ]; then
exit exit
fi fi
apt install -y php php-fpm
# #
# USER # USER
# #
@ -263,13 +265,16 @@ if [[ "$answer" == "y" ]]; then
npm init -y &&\ npm init -y &&\
npx directus bootstrap --skipAdminInit" $username npx directus bootstrap --skipAdminInit" $username
echo "set -g default-shell /bin/sh" >> /etc/tmux.conf
chown www-data:www-data /home/$username/$cms_folder
su -c "tmux new-session -d -s directus &&\ su -c "tmux new-session -d -s directus &&\
tmux send-keys -t directus \"cd /home/${username}/${cms_folder} && npx directus start\" C-m" $username tmux send-keys -t directus \"cd /home/${username}/${cms_folder} && npx directus start\" C-m" www-data
su -c "cd /home/${username}/${cms_folder} &&\ su -c "cd /home/${username}/${cms_folder} &&\
npx directus roles create --role Administrator --admin true &&\ npx directus roles create --role Administrator --admin true &&\
npx directus roles create --role Website &&\ npx directus roles create --role Website &&\
npx directus roles create --role User" $username npx directus roles create --role User" www-data
admin_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \ admin_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \
-e "SELECT id FROM directus.directus_roles WHERE name='Administrator'") | awk '{print $2}') -e "SELECT id FROM directus.directus_roles WHERE name='Administrator'") | awk '{print $2}')
@ -279,10 +284,11 @@ if [[ "$answer" == "y" ]]; then
-e "SELECT id FROM directus.directus_roles WHERE name='User'") | awk '{print $2}') -e "SELECT id FROM directus.directus_roles WHERE name='User'") | awk '{print $2}')
website_password=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') website_password=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
su -c "cd /home/${username}/${cms_folder} &&\ su -c "cd /home/${username}/${cms_folder} &&\
npx directus users create --email \"${directus_admin_email}\" \ npx directus users create --email \"${directus_admin_email}\" \
--password \"${directus_admin_password}\" --role \"${admin_role_uuid}\" &&\ --password \"${directus_admin_password}\" --role \"${admin_role_uuid}\" &&\
npx directus users create --email \"website@${domain_name}\" --password \"${website_password}\" --role \"${website_role_uuid}\"" $username npx directus users create --email \"website@${domain_name}\" --password \"${website_password}\" --role \"${website_role_uuid}\"" www-data
website_token=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') website_token=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_roles SET icon='robot' WHERE name='Website'"; mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_roles SET icon='robot' WHERE name='Website'";
@ -307,7 +313,7 @@ if [[ "$answer" == "y" ]]; then
read read
su -c "cd /home/${username}/${cms_folder} &&\ su -c "cd /home/${username}/${cms_folder} &&\
npx directus schema apply --yes ../snapshot.yaml" $username npx directus schema apply --yes ../snapshot.yaml" www-data
echo -e "${PURPLE}${BOLD}You can now add some content${RESET}" echo -e "${PURPLE}${BOLD}You can now add some content${RESET}"
echo -e "${ORANGE}${BOLD}Do not forget to set the permissions${RESET}" echo -e "${ORANGE}${BOLD}Do not forget to set the permissions${RESET}"
@ -346,13 +352,17 @@ if [[ "$answer" == "y" ]]; then
git checkout prod &&\ git checkout prod &&\
echo \"DIRECTUS_API_TOKEN=${website_token}\" > .env &&\ echo \"DIRECTUS_API_TOKEN=${website_token}\" > .env &&\
echo \"URL=https://${domain_name}\" >> .env &&\ echo \"URL=https://${domain_name}\" >> .env &&\
echo \"DIRECTUS_URL=https://cms.${domain_name}\" >> .env &&\ echo \"DIRECTUS_URL=https://cms.${domain_name}\" >> .env" $username
npm install &&\
chown -R www-data:www-data /home/$username/$front_folder
su -c "cd /home/${username} &&\
tmux send-keys -t directus C-c &&\ tmux send-keys -t directus C-c &&\
npm run build &&\ npm install &&\
NUXT_TELEMETRY_DISABLED=1 bash -c \"npm run build\" &&\
tmux new-session -d -s front &&\ tmux new-session -d -s front &&\
tmux send-keys -t front \"cd /home/${username}/${front_folder} && node .output/server/index.mjs\" C-m &&\ tmux send-keys -t front \"cd /home/${username}/${front_folder} && node .output/server/index.mjs\" C-m &&\
tmux send-keys -t directus \"npx directus start\" C-m" $username tmux send-keys -t directus \"npx directus start\" C-m" www-data
caddyfile="/etc/caddy/Caddyfile" caddyfile="/etc/caddy/Caddyfile"
echo "www.${domain_name} {" >> $caddyfile echo "www.${domain_name} {" >> $caddyfile
@ -368,29 +378,31 @@ if [[ "$answer" == "y" ]]; then
read answer read answer
if [[ "$answer" == "y" ]]; then if [[ "$answer" == "y" ]]; then
echo -e "${PURPLE}${BOLD}If it does not already exists, create a webhook at the following url${RESET}" echo -e "${PURPLE}${BOLD}If it does not already exists, create a webhook at the following url${RESET}"
echo -e "${PURPLE}${BOLD}https://${repo_url}/settings/hooks/gitea/new${RESET}" echo -e "${PURPLE}${BOLD}${repo_url}/settings/hooks/gitea/new${RESET}"
echo -e "${BLUE}${BOLD}Target URL ${RESET}${BLUE}https://${domain_name}/webhook.php${RESET}" echo -e "${BLUE}${BOLD}Target URL ${RESET}${BLUE}https://${domain_name}/webhook.php${RESET}"
echo -e "${BLUE}${BOLD}Branch filter ${RESET}${BLUE}prod${RESET}" echo -e "${BLUE}${BOLD}Branch filter ${RESET}${BLUE}prod${RESET}"
echo -e "${BLUE}${BOLD}Authorization Header ${RESET}${ORANGE}Generate a safe string using \`openssl rand -base64 32\`${RESET}" echo -e "${BLUE}${BOLD}Authorization Header ${RESET}${ORANGE}Generate a safe string using \`openssl rand -base64 32\`${RESET}"
echo -e "${PURPLE}${BOLD}Enter the Authorization Header${RESET}" echo -e "${PURPLE}${BOLD}Enter the Authorization Header${RESET}"
read -s auth_header read -s auth_header
apt install -y php php-fpm
rm /var/www/html/index.html rm /var/www/html/index.html
cp ./assets/webhook.php /var/www/html/ cp ./assets/webhook.php /var/www/html/
mkdir /var/www/webhook mkdir /var/www/webhook
cp .assets/webhook.sh /var/www/webhook cp ./assets/webhook.sh /var/www/webhook
chown www-data:www-data /var/www/webhook/webhook.sh chown www-data:www-data /var/www/webhook/webhook.sh
chmod u+x /var/www/webhook/webhook.sh chmod u+x /var/www/webhook/webhook.sh
sed -i '$ d' $caddyfile head -n $(($(wc -l < $caddyfile) - 2)) $caddyfile > temp_Caddyfile && mv temp_Caddyfile $caddyfile
echo "handle /webhook.php {" >> $caddyfile echo "handle /webhook.php {" >> $caddyfile
echo "@unauthorized not header Authorization ${auth_header}" >> $caddyfile echo "@unauthorized not header Authorization \"${auth_header}\"" >> $caddyfile
echo "respond @unauthorized "Unauthorized access"" >> $caddyfile echo "respond @unauthorized \"Unauthorized access\"" >> $caddyfile
echo "root * /var/www/html" >> $caddyfile echo "root * /var/www/html" >> $caddyfile
echo "php_fastcgi unix//run/php/php8.2-fpm.sock" >> $caddyfile echo "php_fastcgi unix//run/php/php8.2-fpm.sock" >> $caddyfile
echo "file_server" >> $caddyfile echo "file_server" >> $caddyfile
echo "}" >> $caddyfile echo "}" >> $caddyfile
echo "handle {" >> $caddyfile
echo "reverse_proxy ${ip}:3000" >> $caddyfile
echo "}" >> $caddyfile
echo "}" >> $caddyfile echo "}" >> $caddyfile
caddy fmt $caddyfile -w caddy fmt $caddyfile -w
caddy reload -c $caddyfile caddy reload -c $caddyfile