From 9ddc7df6c436eb657d7fe6d36cdde4299a9deea3 Mon Sep 17 00:00:00 2001 From: Valentin Date: Fri, 3 May 2024 17:19:46 +0200 Subject: [PATCH] =?UTF-8?q?fichiers=20s=C3=A9par=C3=A9s?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bin/import_directus_schema.sh | 17 ++ bin/install_directus.sh | 21 +- bin/install_nuxt_front.sh | 50 ++++ bin/set_url.sh | 2 +- bin/setup_directus.sh | 26 +- bin/setup_webhook.sh | 42 ++++ bin/variables.sh | 7 +- install.sh | 460 +++------------------------------- install_modulaire.sh | 78 ------ 9 files changed, 172 insertions(+), 531 deletions(-) create mode 100644 bin/import_directus_schema.sh create mode 100644 bin/install_nuxt_front.sh create mode 100644 bin/setup_webhook.sh delete mode 100644 install_modulaire.sh diff --git a/bin/import_directus_schema.sh b/bin/import_directus_schema.sh new file mode 100644 index 0000000..e10bafe --- /dev/null +++ b/bin/import_directus_schema.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +. bin/variables.sh +. bin/functions.sh + +get_username +get_ip +get_ssh_port + +echo -e "${PURPLE}${BOLD}Import local Directus data model${RESET}" +echo -e "${BLUE}npx directus schema snapshot ./snapshot.yaml${RESET}" +echo -e "${BLUE}scp -P ${ssh_port} /local/path/to/snapshot.yaml ${username}@${ip}:/home/${username}/snapshot.yaml${RESET}" +echo -e "${PURPLE}${BOLD}Press any key when done${RESET}" +read + +su -s /bin/bash -c "cd ${CMS_DIRECTORY} &&\ +npx directus schema apply --yes /home/${username}/snapshot.yaml" www-data \ No newline at end of file diff --git a/bin/install_directus.sh b/bin/install_directus.sh index 1d5fadc..37de007 100644 --- a/bin/install_directus.sh +++ b/bin/install_directus.sh @@ -24,4 +24,23 @@ if [[ "$answer" == "y" ]]; then . bin/import_directus_db.sh else . bin/setup_directus.sh -fi \ No newline at end of file + + echo -e "${PURPLE}${BOLD}Import Directus data model ? (y/N) ${RESET}" + read answer + if [[ "$answer" == "y" ]]; then + . bin/import_directus_schema.sh + fi + + echo -e "${PURPLE}${BOLD}You can now add some content${RESET}" + echo -e "${ORANGE}${BOLD}Do not forget to set the permissions${RESET}" + echo -e "${ORANGE}${BOLD}Website role ${RESET}${ORANGE}Read content collections and directus_files${RESET}" + echo -e "${ORANGE}${BOLD}User role ${RESET}${ORANGE}All permissions on content collections, directus_files and directus_folders${RESET}" +fi + +echo "cms.${DOMAIN_NAME} {" >> $CADDYFILE +echo "reverse_proxy ${ip}:${port}" >> $CADDYFILE +echo "}" >> $CADDYFILE +caddy fmt $CADDYFILE -w +caddy reload -c $CADDYFILE + +echo -e "${PURPLE}${BOLD}Access Directus ${RESET}${PURPLE}https://cms.${DOMAIN_NAME}${RESET}" diff --git a/bin/install_nuxt_front.sh b/bin/install_nuxt_front.sh new file mode 100644 index 0000000..355a2a0 --- /dev/null +++ b/bin/install_nuxt_front.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +. bin/variables.sh +. bin/functions.sh + +get_ip + +echo -e "${PURPLE}${BOLD}Create and push a prod branch on the repo${RESET}" +echo -e "${BLUE}git fetch . main:prod${RESET}" +echo -e "${BLUE}git push origin prod${RESET}" +echo -e "${PURPLE}${BOLD}Enter the .git url of the repo${RESET}" +read repo_url + +front_repo_name=$(echo "$repo_url" | sed 's#.*/\([^/]*\)\.git#\1#') +front_directory="${REPO_DIRECTORY}/${front_repo_name}" +if [[ -z "$WEBSITE_TOKEN" ]]; then + echo -e "${PURPLE}${BOLD}Enter the Directus Website user static token${RESET}" + read -s WEBSITE_TOKEN +fi + +touch /var/www/.nuxtrc +echo "telemetry.consent=0" > /var/www/.nuxtrc +echo "telemetry.enabled=false" >> /var/www/.nuxtrc +chown -R www-data:www-data /var/www/.nuxtrc + +rm /var/www/html/* +chown www-data:www-data /var/www/html + +su -s /bin/bash -c "cd ${REPO_DIRECTORY} &&\ +git clone ${repo_url} &&\ +cd ${front_directory} &&\ +git checkout prod &&\ +echo \"DIRECTUS_API_TOKEN=${WEBSITE_TOKEN}\" > .env &&\ +echo \"URL=https://${DOMAIN_NAME}\" >> .env &&\ +echo \"DIRECTUS_URL=https://cms.${DOMAIN_NAME}\" >> .env &&\ +node --max-old-space-size=250 `which npm` install -y &&\ +node --max-old-space-size=250 `which npm` run generate --prerender" www-data + +cp -r "${front_directory}/.output/public" /var/www/html +chown -R www-data:www-data /var/www/html/public + +echo "www.${DOMAIN_NAME} {" >> $CADDYFILE +echo "redir ${DOMAIN_NAME}{uri} permanent" >> $CADDYFILE +echo "}" >> $CADDYFILE +echo "${DOMAIN_NAME} {" >> $CADDYFILE +echo "root * /var/www/html/public" >> $CADDYFILE +echo "file_server" >> $CADDYFILE +echo "}" >> $CADDYFILE +caddy fmt $CADDYFILE -w +caddy reload -c $CADDYFILE \ No newline at end of file diff --git a/bin/set_url.sh b/bin/set_url.sh index c9aa3b8..5eb97d6 100644 --- a/bin/set_url.sh +++ b/bin/set_url.sh @@ -14,7 +14,7 @@ echo -e "${BLUE}Domain : www.${DOMAIN_NAME} | Type : A | Target : ${ip}${RESET}" echo -e "${PURPLE}${BOLD}Press any key when done${RESET}" read -repo_directory="/var/www/repositories" +REPO_DIRECTORY="/var/www/repositories" mkdir $repo_directory chown www-data:www-data $repo_directory CMS_DIRECTORY="${repo_directory}/cms_${DOMAIN_NAME}" diff --git a/bin/setup_directus.sh b/bin/setup_directus.sh index abb2977..1ef279f 100644 --- a/bin/setup_directus.sh +++ b/bin/setup_directus.sh @@ -54,29 +54,7 @@ npx directus users create --email \"${directus_admin_email}\" \ --password \"${directus_admin_password}\" --role \"${admin_role_uuid}\" &&\ npx directus users create --email \"website@${DOMAIN_NAME}\" --password \"${website_password}\" --role \"${website_role_uuid}\"" www-data -website_token=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') +WEBSITE_TOKEN=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') mariadb -u directus -p${DB_DIRECTUS_PASSWORD} -e "UPDATE directus.directus_roles SET icon='robot' WHERE name='Website'"; mariadb -u directus -p${DB_DIRECTUS_PASSWORD} -e "UPDATE directus.directus_roles SET app_access='0' WHERE name='Website'"; -mariadb -u directus -p${DB_DIRECTUS_PASSWORD} -e "UPDATE directus.directus_users SET token=\"${website_token}\" WHERE email=\"website@${DOMAIN_NAME}\""; - -echo -e "${PURPLE}${BOLD}Import Directus data model ? (y/N) ${RESET}" -read answer -if [[ "$answer" == "y" ]]; then - get_username - get_ip - get_ssh_port - - echo -e "${PURPLE}${BOLD}Import local Directus data model${RESET}" - echo -e "${BLUE}npx directus schema snapshot ./snapshot.yaml${RESET}" - echo -e "${BLUE}scp -P ${ssh_port} /local/path/to/snapshot.yaml ${username}@${ip}:/home/${username}/snapshot.yaml${RESET}" - echo -e "${PURPLE}${BOLD}Press any key when done${RESET}" - read - - su -s /bin/bash -c "cd ${CMS_DIRECTORY} &&\ - npx directus schema apply --yes /home/${username}/snapshot.yaml" www-data -fi - -echo -e "${PURPLE}${BOLD}You can now add some content${RESET}" -echo -e "${ORANGE}${BOLD}Do not forget to set the permissions${RESET}" -echo -e "${ORANGE}${BOLD}Website role ${RESET}${ORANGE}Read content collections and directus_files${RESET}" -echo -e "${ORANGE}${BOLD}User role ${RESET}${ORANGE}All permissions on content collections, directus_files and directus_folders${RESET}" +mariadb -u directus -p${DB_DIRECTUS_PASSWORD} -e "UPDATE directus.directus_users SET token=\"${WEBSITE_TOKEN}\" WHERE email=\"website@${DOMAIN_NAME}\""; \ No newline at end of file diff --git a/bin/setup_webhook.sh b/bin/setup_webhook.sh new file mode 100644 index 0000000..5417755 --- /dev/null +++ b/bin/setup_webhook.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +. bin/variables.sh +. bin/functions.sh + +echo -e "${PURPLE}${BOLD}If it does not already exists, create a webhook at the following url${RESET}" +echo -e "${PURPLE}${BOLD}${repo_url}/settings/hooks/gitea/new${RESET}" +echo -e "${BLUE}${BOLD}Target URL ${RESET}${BLUE}https://${domain_name}/webhook.php${RESET}" +echo -e "${BLUE}${BOLD}Branch filter ${RESET}${BLUE}prod${RESET}" +echo -e "${BLUE}${BOLD}Authorization Header ${RESET}${ORANGE}Generate a safe string using \`openssl rand -base64 32\`${RESET}" +echo -e "${PURPLE}${BOLD}Enter the Authorization Header${RESET}" +read -s auth_header + +install_pkg php +install_pkg php-fpm +install_pkg jq + +rm /var/www/html/index.html +cp ./assets/webhook.php /var/www/html/ +mkdir /var/www/webhook +cp ./assets/webhook.sh /var/www/webhook +chown www-data:www-data /var/www/webhook/webhook.sh +chmod u+x /var/www/webhook/webhook.sh +mkdir /var/www/webhook/logs +chown www-data:www-data /var/www/webhook/logs + +get_ip + +head -n $(($(wc -l < $CADDYFILE) - 2)) $CADDYFILE > temp_Caddyfile && mv temp_Caddyfile $CADDYFILE +echo "handle /webhook.php {" >> $CADDYFILE +echo "@unauthorized not header Authorization \"${auth_header}\"" >> $CADDYFILE +echo "respond @unauthorized \"Unauthorized access\"" >> $CADDYFILE +echo "root * /var/www/html" >> $CADDYFILE +echo "php_fastcgi unix//run/php/php8.2-fpm.sock" >> $CADDYFILE +echo "file_server" >> $CADDYFILE +echo "}" >> $CADDYFILE +echo "handle {" >> $CADDYFILE +echo "reverse_proxy ${ip}:3000" >> $CADDYFILE +echo "}" >> $CADDYFILE +echo "}" >> $CADDYFILE +caddy fmt $CADDYFILE -w +caddy reload -c $CADDYFILE \ No newline at end of file diff --git a/bin/variables.sh b/bin/variables.sh index 2ae71cc..471b68b 100644 --- a/bin/variables.sh +++ b/bin/variables.sh @@ -11,4 +11,9 @@ DB_ROOT_PASSWORD="" DB_DIRECTUS_PASSWORD="" DOMAIN_NAME="" -CMS_DIRECTORY="" \ No newline at end of file +CMS_DIRECTORY="" +REPO_DIRECTORY="" + +WEBSITE_TOKEN="" + +CADDYFILE="/etc/caddy/Caddyfile" \ No newline at end of file diff --git a/install.sh b/install.sh index 0099691..29d892c 100644 --- a/install.sh +++ b/install.sh @@ -1,36 +1,18 @@ #!/bin/bash -PURPLE='\033[35m' -ORANGE='\033[33m' -BLUE='\033[34m' -BOLD='\033[1m' -RESET='\033[0m' -install_pkg() { - pkg="$1" - if ! command -v "$pkg" &> /dev/null; then - apt install -y "$pkg" - echo -e "${PURPLE}${BOLD}${pkg} installed${RESET}" - fi -} +# TODO +## DIRECTUS EMAIL +## DIRECTUS REDIS +## LOGING DE TOUT +## CADDYFILE EN JSON +## MÀJ +## reboot a running system +## MATOMO +## NODE EXPORTER -get_username() { - if [[ -z "$username" ]]; then - username=$(getent passwd 1001 | cut -d: -f1) - fi -} - -get_ip() { - if [[ -z "$ip" ]]; then - ip=$(hostname -I | cut -d' ' -f1) - fi -} - -get_ssh_port() { - if [[ -z "$ssh_port" ]]; then - ssh_port=$(cat /etc/ssh/sshd_config.d/custom.conf | grep "Port " | sed 's/^Port //') - fi -} +. bin/functions.sh +. bin/variables.sh echo -e "${PURPLE}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}" @@ -39,457 +21,83 @@ if [ "$EUID" -ne 0 ]; then exit fi -apt install -y php php-fpm -systemctl disable --now apache2 +if [ "$(dirname "$0")" != "$(pwd)" ]; then + echo "Please run this script from its directory." + exit +fi -# # USER -# echo -e "${PURPLE}${BOLD}Create a user ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then - echo -e "${PURPLE}${BOLD}Create user${RESET}" - - read -p "Enter username: " username - - if id "$username" &>/dev/null; then - echo "User '$username' already exists." - exit 1 - fi - - echo -e "${ORANGE}${BOLD}Generate and store the password somewhere safe${RESET}" - read -s -p "Enter password: " password - echo - useradd -m "$username" - chsh -s /bin/bash $username - echo "$username:$password" | chpasswd - - usermod -aG sudo $username - - echo -e "${PURPLE}${BOLD}User '$username' created with password successfully.${RESET}" + . bin/create_user.sh fi -# # SSH -# echo -e "${PURPLE}${BOLD}Setup SSH ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then - echo -e "${PURPLE}${BOLD}Setup SSH${RESET}" - - ssh_port=$((RANDOM % (65536 - 1024 + 1) + 1024)) - - touch /etc/ssh/sshd_config.d/custom.conf - echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf - echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config.d/custom.conf - echo "Port ${ssh_port}" >> /etc/ssh/sshd_config.d/custom.conf - systemctl reload ssh - - echo -e "${ORANGE}${BOLD}Store the ssh port ${ssh_port} somewhere safe${RESET}" + . bin/setup_ssh.sh fi -# # FIREWALL AND FAIL2BAN -# echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then - echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban${RESET}" - apt install -y ufw fail2ban - systemctl enable fail2ban - get_ssh_port - ufw allow $ssh_port - ufw allow http - ufw allow https + . bin/setup_firewall_fail2ban.sh fi -# # CADDY -# echo -e "${PURPLE}${BOLD}Install Caddy webserver ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then - echo -e "${PURPLE}${BOLD}Install Caddy Webserver${RESET}" - apt install -y debian-keyring debian-archive-keyring apt-transport-https curl - curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg - curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list - apt update - apt install -y caddy - > /etc/caddy/Caddyfile + . bin/install_caddy.sh fi -# # MARIADB -# - echo -e "${PURPLE}${BOLD}Install MariaDB ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then - apt install -y mariadb-server - echo -e "${ORANGE}${BOLD}Generate and store the password somewhere safe${RESET}" - echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}" - read -s db_root_password - echo - install_pkg expect - SECURE_MYSQL=$(expect -c " - set timeout 3 - spawn mysql_secure_installation - expect \"Enter current password for root (enter for none):\" - send \"\r\" - expect \"Switch to unix_socket authentication \\[Y/n\\]\" - send \"n\r\" - expect \"Change the root password? \\[Y/n\\]\" - send \"y\r\" - expect \"New password:\" - send \"$db_root_password\r\" - expect \"Re-enter new password:\" - send \"$db_root_password\r\" - expect \"Remove anonymous users?\" - send \"y\r\" - expect \"Disallow root login remotely?\" - send \"y\r\" - expect \"Remove test database and access to it?\" - send \"y\r\" - expect \"Reload privilege tables now?\" - send \"y\r\" - expect eof - ") - echo "${SECURE_MYSQL}" - # https://gist.github.com/coderua/5592d95970038944d099 + . bin/install_mariadb.sh fi -# # DIRECTUS DB -# - echo -e "${PURPLE}${BOLD}Setup Directus database ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then - echo -e "${ORANGE}${BOLD}Generate and store the password somewhere safe${RESET}" - echo -e "${PURPLE}${BOLD}Enter the MariaDB Directus password : ${RESET}" - read -s db_directus_password - echo - if [[ -z "$db_root_password" ]]; then - echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}" - read -s db_root_password - echo - fi - install_pkg expect - CREATE_DIRECTUS_DB=$(expect -c " - spawn mariadb -u root -p - expect \"Enter password:\" - send \"$db_root_password\r\" - expect \"mysql>\" - send \"CREATE USER 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r\" - send \"CREATE DATABASE directus;\r\" - send \"GRANT ALL PRIVILEGES ON directus.* TO 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r\" - send \"FLUSH PRIVILEGES;\r\" - expect \"mysql>\" - send \"quit;\r\" - expect eof - ") - echo "${CREATE_DIRECTUS_DB}" >& /dev/null - echo -e "${PURPLE}${BOLD}Directus database created${RESET}" + . bin/setup_directus_db.sh fi -# # NODE -# - echo -e "${PURPLE}${BOLD}Install Node ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then - touch /var/www/.bashrc - chown www-data:www-data /var/www/.bashrc - mkdir /var/www/.nvm - chown www-data:www-data /var/www/.nvm - mkdir /var/www/.npm - chown www-data:www-data /var/www/.npm - - install_pkg build-essential - - su -s /bin/bash -c 'curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash &&\ - export NVM_DIR="$HOME/.nvm" &&\ - [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" &&\ - [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" &&\ - nvm install v18' www-data - ln -sf /var/www/.nvm/versions/node/v18.*/bin/node /usr/bin/node - ln -sf /var/www/.nvm/versions/node/v18.*/bin/npm /usr/bin/npm - ln -sf /var/www/.nvm/versions/node/v18.*/bin/npx /usr/bin/npx - - echo -e "${PURPLE}${BOLD}Node installed${RESET}"; + . bin/install_node.sh fi -# -# SET THE URL -# - -echo -e "${PURPLE}${BOLD}Enter the domain name of the website${RESET}" -read domain_name -get_ip - -echo -e "${PURPLE}${BOLD}Configure the ${domain_name} DNS ZONE as the following${RESET}" -echo -e "${BLUE}Domain : ${domain_name} | Type : A | Target : ${ip}${RESET}" -echo -e "${BLUE}Domain : cms.${domain_name} | Type : A | Target : ${ip}${RESET}" -echo -e "${BLUE}Domain : www.${domain_name} | Type : A | Target : ${ip}${RESET}" -echo -e "${PURPLE}${BOLD}Press any key when done${RESET}" -read - -repo_directory="/var/www/repositories" -mkdir $repo_directory -chown www-data:www-data $repo_directory -cms_directory="${repo_directory}/cms_${domain_name}" - -# -# DIRECTUS -# +# SET URL +echo -e "${PURPLE}${BOLD}Set url ? (y/N) ${RESET}" +read answer +if [[ "$answer" == "y" ]]; then + . bin/set_url.sh +fi +# INSTALL DIRECTUS echo -e "${PURPLE}${BOLD}Install Directus ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then - install_pkg tmux - - if [[ -z "$db_directus_password" ]]; then - echo -e "${PURPLE}${BOLD}Enter the MariaDB Directus password : ${RESET}" - read -s db_directus_password - echo - fi - - echo "set -g default-shell /bin/sh" >> /etc/tmux.conf - su -s /bin/bash -c "mkdir ${cms_directory}" www-data - - - - - - echo -e "${PURPLE}${BOLD}Import the Directus database ? (y/N) ${RESET}" - read answer - if [[ "$answer" == "y" ]]; then - get_ssh_port - get_username - get_ip - - echo -e "${PURPLE}${BOLD}Import the .tar.gz archive from your local storage${RESET}" - echo -e "${PURPLE}The archive should contain the sql dump, the upload directory and the .env file${RESET}" - echo -e "${BLUE}scp -P ${ssh_port} /local/path/to/archive.tar.gz ${username}@${ip}:/home/${username}/${RESET}" - echo -e "${PURPLE}${BOLD}Press any key when done${RESET}" - read - - directus_archive=$(ls /home/${username}/*.tar.gz); - - tar -xzf "${directus_archive}" -C "${cms_directory}" --strip-components=2 - rm "${directus_archive}" - - sed -i "s/^\(DB_PASSWORD=\)'.*'$/\1'$db_directus_password'/" "${cms_directory}/.env" - - port=$(cat ${cms_directory}/.env | grep "^PORT=" | sed 's/^PORT=//') - sql_dump=$(ls ${cms_directory}/*.sql) - - install_pkg expect - mariadb -u directus -p"$db_directus_password" directus < "$sql_dump" - rm $sql_dump - chown -R www-data:www-data $cms_directory - - su -s /bin/bash -c "cd ${cms_directory} &&\ - npm init -y &&\ - npx directus bootstrap --skipAdminInit &&\ - npx directus database migrate:latest - tmux new-session -d -s directus &&\ - tmux send-keys -t directus \"cd ${cms_directory} && npx directus start\" C-m" www-data - - echo -e "${PURPLE}${BOLD}Directus migration complete${RESET}" - else - echo -e "${ORANGE}${BOLD}Generate and store the credentials somewhere safe${RESET}" - echo -e "${PURPLE}${BOLD}Enter the Directus admin email : ${RESET}" - read directus_admin_email - echo -e "${PURPLE}${BOLD}Enter the Directus admin password : ${RESET}" - read -s directus_admin_password - - env_file="${cms_directory}/.env" - port=8055 - - key=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') - secret=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') - - su -s /bin/bash -c "mkdir ${cms_directory} &&\ - mkdir ${cms_directory}/uploads &&\ - echo \"HOST='${ip}'\" >> ${env_file} &&\ - echo \"PORT=${port}\" >> ${env_file} &&\ - echo \"PUBLIC_URL='https://cms.${domain_name}'\" >> ${env_file} &&\ - echo \"DB_CLIENT='mysql'\" >> ${env_file} &&\ - echo \"DB_HOST='127.0.0.1'\" >> ${env_file} &&\ - echo \"DB_PORT='3306'\" >> ${env_file} &&\ - echo \"DB_DATABASE='directus'\" >> ${env_file} &&\ - echo \"DB_USER='directus'\" >> ${env_file} &&\ - echo \"DB_PASSWORD='${db_directus_password}'\" >> ${env_file} &&\ - echo \"SECRET='${secret}'\" >> ${env_file} &&\ - echo \"KEY='${key}'\" >> ${env_file} &&\ - echo \"CORS_ENABLED='true'\" >> ${env_file} &&\ - echo \"CORS_ORIGIN='true'\" >> ${env_file} &&\ - echo \"IMPORT_IP_DENY_LIST=\" >> ${env_file} &&\ - cd ${cms_directory} &&\ - npm init -y &&\ - npx directus bootstrap --skipAdminInit &&\ - tmux new-session -d -s directus &&\ - tmux send-keys -t directus \"cd ${cms_directory} && npx directus start\" C-m &&\ - npx directus roles create --role Administrator --admin true &&\ - npx directus roles create --role Website &&\ - npx directus roles create --role User" www-data - - admin_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \ - -e "SELECT id FROM directus.directus_roles WHERE name='Administrator'") | awk '{print $2}') - website_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \ - -e "SELECT id FROM directus.directus_roles WHERE name='Website'") | awk '{print $2}') - user_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \ - -e "SELECT id FROM directus.directus_roles WHERE name='User'") | awk '{print $2}') - - website_password=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') - - su -s /bin/bash -c "cd ${cms_directory} &&\ - npx directus users create --email \"${directus_admin_email}\" \ - --password \"${directus_admin_password}\" --role \"${admin_role_uuid}\" &&\ - npx directus users create --email \"website@${domain_name}\" --password \"${website_password}\" --role \"${website_role_uuid}\"" www-data - - website_token=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') - mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_roles SET icon='robot' WHERE name='Website'"; - mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_roles SET app_access='0' WHERE name='Website'"; - mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_users SET token=\"${website_token}\" WHERE email=\"website@${domain_name}\""; - - echo -e "${PURPLE}${BOLD}Import Directus data model ? (y/N) ${RESET}" - read answer - if [[ "$answer" == "y" ]]; then - get_username - get_ip - get_ssh_port - - echo -e "${PURPLE}${BOLD}Import local Directus data model${RESET}" - echo -e "${BLUE}npx directus schema snapshot ./snapshot.yaml${RESET}" - echo -e "${BLUE}scp -P ${ssh_port} /local/path/to/snapshot.yaml ${username}@${ip}:/home/${username}/snapshot.yaml${RESET}" - echo -e "${PURPLE}${BOLD}Press any key when done${RESET}" - read - - su -s /bin/bash -c "cd ${cms_directory} &&\ - npx directus schema apply --yes /home/${username}/snapshot.yaml" www-data - fi - - echo -e "${PURPLE}${BOLD}You can now add some content${RESET}" - echo -e "${ORANGE}${BOLD}Do not forget to set the permissions${RESET}" - echo -e "${ORANGE}${BOLD}Website role ${RESET}${ORANGE}Read content collections and directus_files${RESET}" - echo -e "${ORANGE}${BOLD}User role ${RESET}${ORANGE}All permissions on content collections, directus_files and directus_folders${RESET}" - fi - - caddyfile="/etc/caddy/Caddyfile" - echo "cms.${domain_name} {" >> $caddyfile - echo "reverse_proxy ${ip}:${port}" >> $caddyfile - echo "}" >> $caddyfile - caddy fmt $caddyfile -w - caddy reload -c $caddyfile - - echo -e "${PURPLE}${BOLD}Access Directus ${RESET}${PURPLE}https://cms.${domain_name}${RESET}" + . bin/install_directus.sh fi -# -# NUXT -# +# NUXT STATIC echo -e "${PURPLE}${BOLD}Install the front-end ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then - get_ip - - echo -e "${PURPLE}${BOLD}Create and push a prod branch on the repo${RESET}" - echo -e "${BLUE}git fetch . main:prod${RESET}" - echo -e "${BLUE}git push origin prod${RESET}" - echo -e "${PURPLE}${BOLD}Enter the .git url of the repo${RESET}" - read repo_url - - front_repo_name=$(echo "$repo_url" | sed 's#.*/\([^/]*\)\.git#\1#') - front_directory="${repo_directory}/${front_repo_name}" - if [[ -z "$website_token" ]]; then - echo -e "${PURPLE}${BOLD}Enter the Directus Website user static token${RESET}" - read -s website_token - fi - - touch /var/www/.nuxtrc - echo "telemetry.consent=0" > /var/www/.nuxtrc - echo "telemetry.enabled=false" >> /var/www/.nuxtrc - chown -R www-data:www-data /var/www/.nuxtrc - - rm /var/www/html/* - chown www-data:www-data /var/www/html - - su -s /bin/bash -c "cd ${repo_directory} &&\ - git clone ${repo_url} &&\ - cd ${front_directory} &&\ - git checkout prod &&\ - echo \"DIRECTUS_API_TOKEN=${website_token}\" > .env &&\ - echo \"URL=https://${domain_name}\" >> .env &&\ - echo \"DIRECTUS_URL=https://cms.${domain_name}\" >> .env &&\ - node --max-old-space-size=250 `which npm` install -y &&\ - node --max-old-space-size=250 `which npm` run generate --prerender" www-data - - cp -r "${front_directory}/.output/public" /var/www/html - chown -R www-data:www-data /var/www/html/public - - - caddyfile="/etc/caddy/Caddyfile" - echo "www.${domain_name} {" >> $caddyfile - echo "redir ${domain_name}{uri} permanent" >> $caddyfile - echo "}" >> $caddyfile - echo "${domain_name} {" >> $caddyfile - echo "root * /var/www/html/public" >> $caddyfile - echo "file_server" >> $caddyfile - echo "}" >> $caddyfile - caddy fmt $caddyfile -w - caddy reload -c $caddyfile + . bin/install_nuxt_front.sh echo -e "${PURPLE}${BOLD}Setup a webhook ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then - echo -e "${PURPLE}${BOLD}If it does not already exists, create a webhook at the following url${RESET}" - echo -e "${PURPLE}${BOLD}${repo_url}/settings/hooks/gitea/new${RESET}" - echo -e "${BLUE}${BOLD}Target URL ${RESET}${BLUE}https://${domain_name}/webhook.php${RESET}" - echo -e "${BLUE}${BOLD}Branch filter ${RESET}${BLUE}prod${RESET}" - echo -e "${BLUE}${BOLD}Authorization Header ${RESET}${ORANGE}Generate a safe string using \`openssl rand -base64 32\`${RESET}" - echo -e "${PURPLE}${BOLD}Enter the Authorization Header${RESET}" - read -s auth_header - - apt install -y jq - - rm /var/www/html/index.html - cp ./assets/webhook.php /var/www/html/ - mkdir /var/www/webhook - cp ./assets/webhook.sh /var/www/webhook - chown www-data:www-data /var/www/webhook/webhook.sh - chmod u+x /var/www/webhook/webhook.sh - mkdir /var/www/webhook/logs - chown www-data:www-data /var/www/webhook/logs - - head -n $(($(wc -l < $caddyfile) - 2)) $caddyfile > temp_Caddyfile && mv temp_Caddyfile $caddyfile - echo "handle /webhook.php {" >> $caddyfile - echo "@unauthorized not header Authorization \"${auth_header}\"" >> $caddyfile - echo "respond @unauthorized \"Unauthorized access\"" >> $caddyfile - echo "root * /var/www/html" >> $caddyfile - echo "php_fastcgi unix//run/php/php8.2-fpm.sock" >> $caddyfile - echo "file_server" >> $caddyfile - echo "}" >> $caddyfile - echo "handle {" >> $caddyfile - echo "reverse_proxy ${ip}:3000" >> $caddyfile - echo "}" >> $caddyfile - echo "}" >> $caddyfile - caddy fmt $caddyfile -w - caddy reload -c $caddyfile + . bin/setup_webhook.sh fi -fi - -apt purge expect - -# TODO -# -# DIRECTUS EMAIL -# DIRECTUS REDIS -# LOGING DE TOUT -# CADDYFILE EN JSON -# MÀJ -# reboot a running system -# MATOMO -# NODE EXPORTER \ No newline at end of file +fi \ No newline at end of file diff --git a/install_modulaire.sh b/install_modulaire.sh deleted file mode 100644 index 6f24a35..0000000 --- a/install_modulaire.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash - -. bin/functions.sh -. bin/variables.sh - -echo -e "${PURPLE}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}" - -if [ "$EUID" -ne 0 ]; then - echo "Please run as root" - exit -fi - -# A ENVOYER AU WEBHOOK -install_pkg php -install_pkg php-fpm - -# USER -echo -e "${PURPLE}${BOLD}Create a user ? (y/N) ${RESET}" -read answer -if [[ "$answer" == "y" ]]; then - . bin/create_user.sh -fi - -# SSH -echo -e "${PURPLE}${BOLD}Setup SSH ? (y/N) ${RESET}" -read answer -if [[ "$answer" == "y" ]]; then - . bin/setup_ssh.sh -fi - -# FIREWALL AND FAIL2BAN -echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban ? (y/N) ${RESET}" -read answer -if [[ "$answer" == "y" ]]; then - . bin/setup_firewall_fail2ban.sh -fi - -# CADDY -echo -e "${PURPLE}${BOLD}Install Caddy webserver ? (y/N) ${RESET}" -read answer -if [[ "$answer" == "y" ]]; then - . bin/install_caddy.sh -fi - -# MARIADB -echo -e "${PURPLE}${BOLD}Install MariaDB ? (y/N) ${RESET}" -read answer -if [[ "$answer" == "y" ]]; then - . bin/install_mariadb.sh -fi - -# DIRECTUS DB -echo -e "${PURPLE}${BOLD}Setup Directus database ? (y/N) ${RESET}" -read answer -if [[ "$answer" == "y" ]]; then - . bin/setup_directus_db.sh -fi - -# NODE -echo -e "${PURPLE}${BOLD}Install Node ? (y/N) ${RESET}" -read answer -if [[ "$answer" == "y" ]]; then - . bin/install_node.sh -fi - -# SET URL -echo -e "${PURPLE}${BOLD}Set url ? (y/N) ${RESET}" -read answer -if [[ "$answer" == "y" ]]; then - . bin/set_url.sh -fi - -# INSTALL DIRECTUS -echo -e "${PURPLE}${BOLD}Install Directus ? (y/N) ${RESET}" -read answer -if [[ "$answer" == "y" ]]; then - . bin/install_directus.sh -fi \ No newline at end of file