fichiers séparés
This commit is contained in:
parent
41378a31c6
commit
9ddc7df6c4
|
@ -0,0 +1,17 @@
|
|||
#!/bin/bash
|
||||
|
||||
. bin/variables.sh
|
||||
. bin/functions.sh
|
||||
|
||||
get_username
|
||||
get_ip
|
||||
get_ssh_port
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Import local Directus data model${RESET}"
|
||||
echo -e "${BLUE}npx directus schema snapshot ./snapshot.yaml${RESET}"
|
||||
echo -e "${BLUE}scp -P ${ssh_port} /local/path/to/snapshot.yaml ${username}@${ip}:/home/${username}/snapshot.yaml${RESET}"
|
||||
echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
|
||||
read
|
||||
|
||||
su -s /bin/bash -c "cd ${CMS_DIRECTORY} &&\
|
||||
npx directus schema apply --yes /home/${username}/snapshot.yaml" www-data
|
|
@ -24,4 +24,23 @@ if [[ "$answer" == "y" ]]; then
|
|||
. bin/import_directus_db.sh
|
||||
else
|
||||
. bin/setup_directus.sh
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Import Directus data model ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
. bin/import_directus_schema.sh
|
||||
fi
|
||||
|
||||
echo -e "${PURPLE}${BOLD}You can now add some content${RESET}"
|
||||
echo -e "${ORANGE}${BOLD}Do not forget to set the permissions${RESET}"
|
||||
echo -e "${ORANGE}${BOLD}Website role ${RESET}${ORANGE}Read content collections and directus_files${RESET}"
|
||||
echo -e "${ORANGE}${BOLD}User role ${RESET}${ORANGE}All permissions on content collections, directus_files and directus_folders${RESET}"
|
||||
fi
|
||||
|
||||
echo "cms.${DOMAIN_NAME} {" >> $CADDYFILE
|
||||
echo "reverse_proxy ${ip}:${port}" >> $CADDYFILE
|
||||
echo "}" >> $CADDYFILE
|
||||
caddy fmt $CADDYFILE -w
|
||||
caddy reload -c $CADDYFILE
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Access Directus ${RESET}${PURPLE}https://cms.${DOMAIN_NAME}${RESET}"
|
||||
|
|
|
@ -0,0 +1,50 @@
|
|||
#!/bin/bash
|
||||
|
||||
. bin/variables.sh
|
||||
. bin/functions.sh
|
||||
|
||||
get_ip
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Create and push a prod branch on the repo${RESET}"
|
||||
echo -e "${BLUE}git fetch . main:prod${RESET}"
|
||||
echo -e "${BLUE}git push origin prod${RESET}"
|
||||
echo -e "${PURPLE}${BOLD}Enter the .git url of the repo${RESET}"
|
||||
read repo_url
|
||||
|
||||
front_repo_name=$(echo "$repo_url" | sed 's#.*/\([^/]*\)\.git#\1#')
|
||||
front_directory="${REPO_DIRECTORY}/${front_repo_name}"
|
||||
if [[ -z "$WEBSITE_TOKEN" ]]; then
|
||||
echo -e "${PURPLE}${BOLD}Enter the Directus Website user static token${RESET}"
|
||||
read -s WEBSITE_TOKEN
|
||||
fi
|
||||
|
||||
touch /var/www/.nuxtrc
|
||||
echo "telemetry.consent=0" > /var/www/.nuxtrc
|
||||
echo "telemetry.enabled=false" >> /var/www/.nuxtrc
|
||||
chown -R www-data:www-data /var/www/.nuxtrc
|
||||
|
||||
rm /var/www/html/*
|
||||
chown www-data:www-data /var/www/html
|
||||
|
||||
su -s /bin/bash -c "cd ${REPO_DIRECTORY} &&\
|
||||
git clone ${repo_url} &&\
|
||||
cd ${front_directory} &&\
|
||||
git checkout prod &&\
|
||||
echo \"DIRECTUS_API_TOKEN=${WEBSITE_TOKEN}\" > .env &&\
|
||||
echo \"URL=https://${DOMAIN_NAME}\" >> .env &&\
|
||||
echo \"DIRECTUS_URL=https://cms.${DOMAIN_NAME}\" >> .env &&\
|
||||
node --max-old-space-size=250 `which npm` install -y &&\
|
||||
node --max-old-space-size=250 `which npm` run generate --prerender" www-data
|
||||
|
||||
cp -r "${front_directory}/.output/public" /var/www/html
|
||||
chown -R www-data:www-data /var/www/html/public
|
||||
|
||||
echo "www.${DOMAIN_NAME} {" >> $CADDYFILE
|
||||
echo "redir ${DOMAIN_NAME}{uri} permanent" >> $CADDYFILE
|
||||
echo "}" >> $CADDYFILE
|
||||
echo "${DOMAIN_NAME} {" >> $CADDYFILE
|
||||
echo "root * /var/www/html/public" >> $CADDYFILE
|
||||
echo "file_server" >> $CADDYFILE
|
||||
echo "}" >> $CADDYFILE
|
||||
caddy fmt $CADDYFILE -w
|
||||
caddy reload -c $CADDYFILE
|
|
@ -14,7 +14,7 @@ echo -e "${BLUE}Domain : www.${DOMAIN_NAME} | Type : A | Target : ${ip}${RESET}"
|
|||
echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
|
||||
read
|
||||
|
||||
repo_directory="/var/www/repositories"
|
||||
REPO_DIRECTORY="/var/www/repositories"
|
||||
mkdir $repo_directory
|
||||
chown www-data:www-data $repo_directory
|
||||
CMS_DIRECTORY="${repo_directory}/cms_${DOMAIN_NAME}"
|
||||
|
|
|
@ -54,29 +54,7 @@ npx directus users create --email \"${directus_admin_email}\" \
|
|||
--password \"${directus_admin_password}\" --role \"${admin_role_uuid}\" &&\
|
||||
npx directus users create --email \"website@${DOMAIN_NAME}\" --password \"${website_password}\" --role \"${website_role_uuid}\"" www-data
|
||||
|
||||
website_token=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
|
||||
WEBSITE_TOKEN=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
|
||||
mariadb -u directus -p${DB_DIRECTUS_PASSWORD} -e "UPDATE directus.directus_roles SET icon='robot' WHERE name='Website'";
|
||||
mariadb -u directus -p${DB_DIRECTUS_PASSWORD} -e "UPDATE directus.directus_roles SET app_access='0' WHERE name='Website'";
|
||||
mariadb -u directus -p${DB_DIRECTUS_PASSWORD} -e "UPDATE directus.directus_users SET token=\"${website_token}\" WHERE email=\"website@${DOMAIN_NAME}\"";
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Import Directus data model ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
get_username
|
||||
get_ip
|
||||
get_ssh_port
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Import local Directus data model${RESET}"
|
||||
echo -e "${BLUE}npx directus schema snapshot ./snapshot.yaml${RESET}"
|
||||
echo -e "${BLUE}scp -P ${ssh_port} /local/path/to/snapshot.yaml ${username}@${ip}:/home/${username}/snapshot.yaml${RESET}"
|
||||
echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
|
||||
read
|
||||
|
||||
su -s /bin/bash -c "cd ${CMS_DIRECTORY} &&\
|
||||
npx directus schema apply --yes /home/${username}/snapshot.yaml" www-data
|
||||
fi
|
||||
|
||||
echo -e "${PURPLE}${BOLD}You can now add some content${RESET}"
|
||||
echo -e "${ORANGE}${BOLD}Do not forget to set the permissions${RESET}"
|
||||
echo -e "${ORANGE}${BOLD}Website role ${RESET}${ORANGE}Read content collections and directus_files${RESET}"
|
||||
echo -e "${ORANGE}${BOLD}User role ${RESET}${ORANGE}All permissions on content collections, directus_files and directus_folders${RESET}"
|
||||
mariadb -u directus -p${DB_DIRECTUS_PASSWORD} -e "UPDATE directus.directus_users SET token=\"${WEBSITE_TOKEN}\" WHERE email=\"website@${DOMAIN_NAME}\"";
|
|
@ -0,0 +1,42 @@
|
|||
#!/bin/bash
|
||||
|
||||
. bin/variables.sh
|
||||
. bin/functions.sh
|
||||
|
||||
echo -e "${PURPLE}${BOLD}If it does not already exists, create a webhook at the following url${RESET}"
|
||||
echo -e "${PURPLE}${BOLD}${repo_url}/settings/hooks/gitea/new${RESET}"
|
||||
echo -e "${BLUE}${BOLD}Target URL ${RESET}${BLUE}https://${domain_name}/webhook.php${RESET}"
|
||||
echo -e "${BLUE}${BOLD}Branch filter ${RESET}${BLUE}prod${RESET}"
|
||||
echo -e "${BLUE}${BOLD}Authorization Header ${RESET}${ORANGE}Generate a safe string using \`openssl rand -base64 32\`${RESET}"
|
||||
echo -e "${PURPLE}${BOLD}Enter the Authorization Header${RESET}"
|
||||
read -s auth_header
|
||||
|
||||
install_pkg php
|
||||
install_pkg php-fpm
|
||||
install_pkg jq
|
||||
|
||||
rm /var/www/html/index.html
|
||||
cp ./assets/webhook.php /var/www/html/
|
||||
mkdir /var/www/webhook
|
||||
cp ./assets/webhook.sh /var/www/webhook
|
||||
chown www-data:www-data /var/www/webhook/webhook.sh
|
||||
chmod u+x /var/www/webhook/webhook.sh
|
||||
mkdir /var/www/webhook/logs
|
||||
chown www-data:www-data /var/www/webhook/logs
|
||||
|
||||
get_ip
|
||||
|
||||
head -n $(($(wc -l < $CADDYFILE) - 2)) $CADDYFILE > temp_Caddyfile && mv temp_Caddyfile $CADDYFILE
|
||||
echo "handle /webhook.php {" >> $CADDYFILE
|
||||
echo "@unauthorized not header Authorization \"${auth_header}\"" >> $CADDYFILE
|
||||
echo "respond @unauthorized \"Unauthorized access\"" >> $CADDYFILE
|
||||
echo "root * /var/www/html" >> $CADDYFILE
|
||||
echo "php_fastcgi unix//run/php/php8.2-fpm.sock" >> $CADDYFILE
|
||||
echo "file_server" >> $CADDYFILE
|
||||
echo "}" >> $CADDYFILE
|
||||
echo "handle {" >> $CADDYFILE
|
||||
echo "reverse_proxy ${ip}:3000" >> $CADDYFILE
|
||||
echo "}" >> $CADDYFILE
|
||||
echo "}" >> $CADDYFILE
|
||||
caddy fmt $CADDYFILE -w
|
||||
caddy reload -c $CADDYFILE
|
|
@ -12,3 +12,8 @@ DB_DIRECTUS_PASSWORD=""
|
|||
|
||||
DOMAIN_NAME=""
|
||||
CMS_DIRECTORY=""
|
||||
REPO_DIRECTORY=""
|
||||
|
||||
WEBSITE_TOKEN=""
|
||||
|
||||
CADDYFILE="/etc/caddy/Caddyfile"
|
458
install.sh
458
install.sh
|
@ -1,36 +1,18 @@
|
|||
#!/bin/bash
|
||||
|
||||
PURPLE='\033[35m'
|
||||
ORANGE='\033[33m'
|
||||
BLUE='\033[34m'
|
||||
BOLD='\033[1m'
|
||||
RESET='\033[0m'
|
||||
|
||||
install_pkg() {
|
||||
pkg="$1"
|
||||
if ! command -v "$pkg" &> /dev/null; then
|
||||
apt install -y "$pkg"
|
||||
echo -e "${PURPLE}${BOLD}${pkg} installed${RESET}"
|
||||
fi
|
||||
}
|
||||
# TODO
|
||||
## DIRECTUS EMAIL
|
||||
## DIRECTUS REDIS
|
||||
## LOGING DE TOUT
|
||||
## CADDYFILE EN JSON
|
||||
## MÀJ
|
||||
## reboot a running system
|
||||
## MATOMO
|
||||
## NODE EXPORTER
|
||||
|
||||
get_username() {
|
||||
if [[ -z "$username" ]]; then
|
||||
username=$(getent passwd 1001 | cut -d: -f1)
|
||||
fi
|
||||
}
|
||||
|
||||
get_ip() {
|
||||
if [[ -z "$ip" ]]; then
|
||||
ip=$(hostname -I | cut -d' ' -f1)
|
||||
fi
|
||||
}
|
||||
|
||||
get_ssh_port() {
|
||||
if [[ -z "$ssh_port" ]]; then
|
||||
ssh_port=$(cat /etc/ssh/sshd_config.d/custom.conf | grep "Port " | sed 's/^Port //')
|
||||
fi
|
||||
}
|
||||
. bin/functions.sh
|
||||
. bin/variables.sh
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}"
|
||||
|
||||
|
@ -39,457 +21,83 @@ if [ "$EUID" -ne 0 ]; then
|
|||
exit
|
||||
fi
|
||||
|
||||
apt install -y php php-fpm
|
||||
systemctl disable --now apache2
|
||||
if [ "$(dirname "$0")" != "$(pwd)" ]; then
|
||||
echo "Please run this script from its directory."
|
||||
exit
|
||||
fi
|
||||
|
||||
#
|
||||
# USER
|
||||
#
|
||||
echo -e "${PURPLE}${BOLD}Create a user ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
echo -e "${PURPLE}${BOLD}Create user${RESET}"
|
||||
|
||||
read -p "Enter username: " username
|
||||
|
||||
if id "$username" &>/dev/null; then
|
||||
echo "User '$username' already exists."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo -e "${ORANGE}${BOLD}Generate and store the password somewhere safe${RESET}"
|
||||
read -s -p "Enter password: " password
|
||||
echo
|
||||
useradd -m "$username"
|
||||
chsh -s /bin/bash $username
|
||||
echo "$username:$password" | chpasswd
|
||||
|
||||
usermod -aG sudo $username
|
||||
|
||||
echo -e "${PURPLE}${BOLD}User '$username' created with password successfully.${RESET}"
|
||||
. bin/create_user.sh
|
||||
fi
|
||||
|
||||
#
|
||||
# SSH
|
||||
#
|
||||
echo -e "${PURPLE}${BOLD}Setup SSH ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
echo -e "${PURPLE}${BOLD}Setup SSH${RESET}"
|
||||
|
||||
ssh_port=$((RANDOM % (65536 - 1024 + 1) + 1024))
|
||||
|
||||
touch /etc/ssh/sshd_config.d/custom.conf
|
||||
echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf
|
||||
echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config.d/custom.conf
|
||||
echo "Port ${ssh_port}" >> /etc/ssh/sshd_config.d/custom.conf
|
||||
systemctl reload ssh
|
||||
|
||||
echo -e "${ORANGE}${BOLD}Store the ssh port ${ssh_port} somewhere safe${RESET}"
|
||||
. bin/setup_ssh.sh
|
||||
fi
|
||||
|
||||
#
|
||||
# FIREWALL AND FAIL2BAN
|
||||
#
|
||||
echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban${RESET}"
|
||||
apt install -y ufw fail2ban
|
||||
systemctl enable fail2ban
|
||||
get_ssh_port
|
||||
ufw allow $ssh_port
|
||||
ufw allow http
|
||||
ufw allow https
|
||||
. bin/setup_firewall_fail2ban.sh
|
||||
fi
|
||||
|
||||
#
|
||||
# CADDY
|
||||
#
|
||||
echo -e "${PURPLE}${BOLD}Install Caddy webserver ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
echo -e "${PURPLE}${BOLD}Install Caddy Webserver${RESET}"
|
||||
apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
|
||||
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
|
||||
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
|
||||
apt update
|
||||
apt install -y caddy
|
||||
> /etc/caddy/Caddyfile
|
||||
. bin/install_caddy.sh
|
||||
fi
|
||||
|
||||
#
|
||||
# MARIADB
|
||||
#
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Install MariaDB ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
apt install -y mariadb-server
|
||||
echo -e "${ORANGE}${BOLD}Generate and store the password somewhere safe${RESET}"
|
||||
echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}"
|
||||
read -s db_root_password
|
||||
echo
|
||||
install_pkg expect
|
||||
SECURE_MYSQL=$(expect -c "
|
||||
set timeout 3
|
||||
spawn mysql_secure_installation
|
||||
expect \"Enter current password for root (enter for none):\"
|
||||
send \"\r\"
|
||||
expect \"Switch to unix_socket authentication \\[Y/n\\]\"
|
||||
send \"n\r\"
|
||||
expect \"Change the root password? \\[Y/n\\]\"
|
||||
send \"y\r\"
|
||||
expect \"New password:\"
|
||||
send \"$db_root_password\r\"
|
||||
expect \"Re-enter new password:\"
|
||||
send \"$db_root_password\r\"
|
||||
expect \"Remove anonymous users?\"
|
||||
send \"y\r\"
|
||||
expect \"Disallow root login remotely?\"
|
||||
send \"y\r\"
|
||||
expect \"Remove test database and access to it?\"
|
||||
send \"y\r\"
|
||||
expect \"Reload privilege tables now?\"
|
||||
send \"y\r\"
|
||||
expect eof
|
||||
")
|
||||
echo "${SECURE_MYSQL}"
|
||||
# https://gist.github.com/coderua/5592d95970038944d099
|
||||
. bin/install_mariadb.sh
|
||||
fi
|
||||
|
||||
#
|
||||
# DIRECTUS DB
|
||||
#
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Setup Directus database ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
echo -e "${ORANGE}${BOLD}Generate and store the password somewhere safe${RESET}"
|
||||
echo -e "${PURPLE}${BOLD}Enter the MariaDB Directus password : ${RESET}"
|
||||
read -s db_directus_password
|
||||
echo
|
||||
if [[ -z "$db_root_password" ]]; then
|
||||
echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}"
|
||||
read -s db_root_password
|
||||
echo
|
||||
fi
|
||||
install_pkg expect
|
||||
CREATE_DIRECTUS_DB=$(expect -c "
|
||||
spawn mariadb -u root -p
|
||||
expect \"Enter password:\"
|
||||
send \"$db_root_password\r\"
|
||||
expect \"mysql>\"
|
||||
send \"CREATE USER 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r\"
|
||||
send \"CREATE DATABASE directus;\r\"
|
||||
send \"GRANT ALL PRIVILEGES ON directus.* TO 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r\"
|
||||
send \"FLUSH PRIVILEGES;\r\"
|
||||
expect \"mysql>\"
|
||||
send \"quit;\r\"
|
||||
expect eof
|
||||
")
|
||||
echo "${CREATE_DIRECTUS_DB}" >& /dev/null
|
||||
echo -e "${PURPLE}${BOLD}Directus database created${RESET}"
|
||||
. bin/setup_directus_db.sh
|
||||
fi
|
||||
|
||||
#
|
||||
# NODE
|
||||
#
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Install Node ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
touch /var/www/.bashrc
|
||||
chown www-data:www-data /var/www/.bashrc
|
||||
mkdir /var/www/.nvm
|
||||
chown www-data:www-data /var/www/.nvm
|
||||
mkdir /var/www/.npm
|
||||
chown www-data:www-data /var/www/.npm
|
||||
|
||||
install_pkg build-essential
|
||||
|
||||
su -s /bin/bash -c 'curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash &&\
|
||||
export NVM_DIR="$HOME/.nvm" &&\
|
||||
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" &&\
|
||||
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" &&\
|
||||
nvm install v18' www-data
|
||||
ln -sf /var/www/.nvm/versions/node/v18.*/bin/node /usr/bin/node
|
||||
ln -sf /var/www/.nvm/versions/node/v18.*/bin/npm /usr/bin/npm
|
||||
ln -sf /var/www/.nvm/versions/node/v18.*/bin/npx /usr/bin/npx
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Node installed${RESET}";
|
||||
. bin/install_node.sh
|
||||
fi
|
||||
|
||||
#
|
||||
# SET THE URL
|
||||
#
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Enter the domain name of the website${RESET}"
|
||||
read domain_name
|
||||
get_ip
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Configure the ${domain_name} DNS ZONE as the following${RESET}"
|
||||
echo -e "${BLUE}Domain : ${domain_name} | Type : A | Target : ${ip}${RESET}"
|
||||
echo -e "${BLUE}Domain : cms.${domain_name} | Type : A | Target : ${ip}${RESET}"
|
||||
echo -e "${BLUE}Domain : www.${domain_name} | Type : A | Target : ${ip}${RESET}"
|
||||
echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
|
||||
read
|
||||
|
||||
repo_directory="/var/www/repositories"
|
||||
mkdir $repo_directory
|
||||
chown www-data:www-data $repo_directory
|
||||
cms_directory="${repo_directory}/cms_${domain_name}"
|
||||
|
||||
#
|
||||
# DIRECTUS
|
||||
#
|
||||
# SET URL
|
||||
echo -e "${PURPLE}${BOLD}Set url ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
. bin/set_url.sh
|
||||
fi
|
||||
|
||||
# INSTALL DIRECTUS
|
||||
echo -e "${PURPLE}${BOLD}Install Directus ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
install_pkg tmux
|
||||
|
||||
if [[ -z "$db_directus_password" ]]; then
|
||||
echo -e "${PURPLE}${BOLD}Enter the MariaDB Directus password : ${RESET}"
|
||||
read -s db_directus_password
|
||||
echo
|
||||
fi
|
||||
|
||||
echo "set -g default-shell /bin/sh" >> /etc/tmux.conf
|
||||
su -s /bin/bash -c "mkdir ${cms_directory}" www-data
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Import the Directus database ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
get_ssh_port
|
||||
get_username
|
||||
get_ip
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Import the .tar.gz archive from your local storage${RESET}"
|
||||
echo -e "${PURPLE}The archive should contain the sql dump, the upload directory and the .env file${RESET}"
|
||||
echo -e "${BLUE}scp -P ${ssh_port} /local/path/to/archive.tar.gz ${username}@${ip}:/home/${username}/${RESET}"
|
||||
echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
|
||||
read
|
||||
|
||||
directus_archive=$(ls /home/${username}/*.tar.gz);
|
||||
|
||||
tar -xzf "${directus_archive}" -C "${cms_directory}" --strip-components=2
|
||||
rm "${directus_archive}"
|
||||
|
||||
sed -i "s/^\(DB_PASSWORD=\)'.*'$/\1'$db_directus_password'/" "${cms_directory}/.env"
|
||||
|
||||
port=$(cat ${cms_directory}/.env | grep "^PORT=" | sed 's/^PORT=//')
|
||||
sql_dump=$(ls ${cms_directory}/*.sql)
|
||||
|
||||
install_pkg expect
|
||||
mariadb -u directus -p"$db_directus_password" directus < "$sql_dump"
|
||||
rm $sql_dump
|
||||
chown -R www-data:www-data $cms_directory
|
||||
|
||||
su -s /bin/bash -c "cd ${cms_directory} &&\
|
||||
npm init -y &&\
|
||||
npx directus bootstrap --skipAdminInit &&\
|
||||
npx directus database migrate:latest
|
||||
tmux new-session -d -s directus &&\
|
||||
tmux send-keys -t directus \"cd ${cms_directory} && npx directus start\" C-m" www-data
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Directus migration complete${RESET}"
|
||||
else
|
||||
echo -e "${ORANGE}${BOLD}Generate and store the credentials somewhere safe${RESET}"
|
||||
echo -e "${PURPLE}${BOLD}Enter the Directus admin email : ${RESET}"
|
||||
read directus_admin_email
|
||||
echo -e "${PURPLE}${BOLD}Enter the Directus admin password : ${RESET}"
|
||||
read -s directus_admin_password
|
||||
|
||||
env_file="${cms_directory}/.env"
|
||||
port=8055
|
||||
|
||||
key=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
|
||||
secret=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
|
||||
|
||||
su -s /bin/bash -c "mkdir ${cms_directory} &&\
|
||||
mkdir ${cms_directory}/uploads &&\
|
||||
echo \"HOST='${ip}'\" >> ${env_file} &&\
|
||||
echo \"PORT=${port}\" >> ${env_file} &&\
|
||||
echo \"PUBLIC_URL='https://cms.${domain_name}'\" >> ${env_file} &&\
|
||||
echo \"DB_CLIENT='mysql'\" >> ${env_file} &&\
|
||||
echo \"DB_HOST='127.0.0.1'\" >> ${env_file} &&\
|
||||
echo \"DB_PORT='3306'\" >> ${env_file} &&\
|
||||
echo \"DB_DATABASE='directus'\" >> ${env_file} &&\
|
||||
echo \"DB_USER='directus'\" >> ${env_file} &&\
|
||||
echo \"DB_PASSWORD='${db_directus_password}'\" >> ${env_file} &&\
|
||||
echo \"SECRET='${secret}'\" >> ${env_file} &&\
|
||||
echo \"KEY='${key}'\" >> ${env_file} &&\
|
||||
echo \"CORS_ENABLED='true'\" >> ${env_file} &&\
|
||||
echo \"CORS_ORIGIN='true'\" >> ${env_file} &&\
|
||||
echo \"IMPORT_IP_DENY_LIST=\" >> ${env_file} &&\
|
||||
cd ${cms_directory} &&\
|
||||
npm init -y &&\
|
||||
npx directus bootstrap --skipAdminInit &&\
|
||||
tmux new-session -d -s directus &&\
|
||||
tmux send-keys -t directus \"cd ${cms_directory} && npx directus start\" C-m &&\
|
||||
npx directus roles create --role Administrator --admin true &&\
|
||||
npx directus roles create --role Website &&\
|
||||
npx directus roles create --role User" www-data
|
||||
|
||||
admin_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \
|
||||
-e "SELECT id FROM directus.directus_roles WHERE name='Administrator'") | awk '{print $2}')
|
||||
website_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \
|
||||
-e "SELECT id FROM directus.directus_roles WHERE name='Website'") | awk '{print $2}')
|
||||
user_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \
|
||||
-e "SELECT id FROM directus.directus_roles WHERE name='User'") | awk '{print $2}')
|
||||
|
||||
website_password=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
|
||||
|
||||
su -s /bin/bash -c "cd ${cms_directory} &&\
|
||||
npx directus users create --email \"${directus_admin_email}\" \
|
||||
--password \"${directus_admin_password}\" --role \"${admin_role_uuid}\" &&\
|
||||
npx directus users create --email \"website@${domain_name}\" --password \"${website_password}\" --role \"${website_role_uuid}\"" www-data
|
||||
|
||||
website_token=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
|
||||
mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_roles SET icon='robot' WHERE name='Website'";
|
||||
mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_roles SET app_access='0' WHERE name='Website'";
|
||||
mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_users SET token=\"${website_token}\" WHERE email=\"website@${domain_name}\"";
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Import Directus data model ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
get_username
|
||||
get_ip
|
||||
get_ssh_port
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Import local Directus data model${RESET}"
|
||||
echo -e "${BLUE}npx directus schema snapshot ./snapshot.yaml${RESET}"
|
||||
echo -e "${BLUE}scp -P ${ssh_port} /local/path/to/snapshot.yaml ${username}@${ip}:/home/${username}/snapshot.yaml${RESET}"
|
||||
echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
|
||||
read
|
||||
|
||||
su -s /bin/bash -c "cd ${cms_directory} &&\
|
||||
npx directus schema apply --yes /home/${username}/snapshot.yaml" www-data
|
||||
fi
|
||||
|
||||
echo -e "${PURPLE}${BOLD}You can now add some content${RESET}"
|
||||
echo -e "${ORANGE}${BOLD}Do not forget to set the permissions${RESET}"
|
||||
echo -e "${ORANGE}${BOLD}Website role ${RESET}${ORANGE}Read content collections and directus_files${RESET}"
|
||||
echo -e "${ORANGE}${BOLD}User role ${RESET}${ORANGE}All permissions on content collections, directus_files and directus_folders${RESET}"
|
||||
fi
|
||||
|
||||
caddyfile="/etc/caddy/Caddyfile"
|
||||
echo "cms.${domain_name} {" >> $caddyfile
|
||||
echo "reverse_proxy ${ip}:${port}" >> $caddyfile
|
||||
echo "}" >> $caddyfile
|
||||
caddy fmt $caddyfile -w
|
||||
caddy reload -c $caddyfile
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Access Directus ${RESET}${PURPLE}https://cms.${domain_name}${RESET}"
|
||||
. bin/install_directus.sh
|
||||
fi
|
||||
|
||||
#
|
||||
# NUXT
|
||||
#
|
||||
# NUXT STATIC
|
||||
echo -e "${PURPLE}${BOLD}Install the front-end ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
get_ip
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Create and push a prod branch on the repo${RESET}"
|
||||
echo -e "${BLUE}git fetch . main:prod${RESET}"
|
||||
echo -e "${BLUE}git push origin prod${RESET}"
|
||||
echo -e "${PURPLE}${BOLD}Enter the .git url of the repo${RESET}"
|
||||
read repo_url
|
||||
|
||||
front_repo_name=$(echo "$repo_url" | sed 's#.*/\([^/]*\)\.git#\1#')
|
||||
front_directory="${repo_directory}/${front_repo_name}"
|
||||
if [[ -z "$website_token" ]]; then
|
||||
echo -e "${PURPLE}${BOLD}Enter the Directus Website user static token${RESET}"
|
||||
read -s website_token
|
||||
fi
|
||||
|
||||
touch /var/www/.nuxtrc
|
||||
echo "telemetry.consent=0" > /var/www/.nuxtrc
|
||||
echo "telemetry.enabled=false" >> /var/www/.nuxtrc
|
||||
chown -R www-data:www-data /var/www/.nuxtrc
|
||||
|
||||
rm /var/www/html/*
|
||||
chown www-data:www-data /var/www/html
|
||||
|
||||
su -s /bin/bash -c "cd ${repo_directory} &&\
|
||||
git clone ${repo_url} &&\
|
||||
cd ${front_directory} &&\
|
||||
git checkout prod &&\
|
||||
echo \"DIRECTUS_API_TOKEN=${website_token}\" > .env &&\
|
||||
echo \"URL=https://${domain_name}\" >> .env &&\
|
||||
echo \"DIRECTUS_URL=https://cms.${domain_name}\" >> .env &&\
|
||||
node --max-old-space-size=250 `which npm` install -y &&\
|
||||
node --max-old-space-size=250 `which npm` run generate --prerender" www-data
|
||||
|
||||
cp -r "${front_directory}/.output/public" /var/www/html
|
||||
chown -R www-data:www-data /var/www/html/public
|
||||
|
||||
|
||||
caddyfile="/etc/caddy/Caddyfile"
|
||||
echo "www.${domain_name} {" >> $caddyfile
|
||||
echo "redir ${domain_name}{uri} permanent" >> $caddyfile
|
||||
echo "}" >> $caddyfile
|
||||
echo "${domain_name} {" >> $caddyfile
|
||||
echo "root * /var/www/html/public" >> $caddyfile
|
||||
echo "file_server" >> $caddyfile
|
||||
echo "}" >> $caddyfile
|
||||
caddy fmt $caddyfile -w
|
||||
caddy reload -c $caddyfile
|
||||
. bin/install_nuxt_front.sh
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Setup a webhook ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
echo -e "${PURPLE}${BOLD}If it does not already exists, create a webhook at the following url${RESET}"
|
||||
echo -e "${PURPLE}${BOLD}${repo_url}/settings/hooks/gitea/new${RESET}"
|
||||
echo -e "${BLUE}${BOLD}Target URL ${RESET}${BLUE}https://${domain_name}/webhook.php${RESET}"
|
||||
echo -e "${BLUE}${BOLD}Branch filter ${RESET}${BLUE}prod${RESET}"
|
||||
echo -e "${BLUE}${BOLD}Authorization Header ${RESET}${ORANGE}Generate a safe string using \`openssl rand -base64 32\`${RESET}"
|
||||
echo -e "${PURPLE}${BOLD}Enter the Authorization Header${RESET}"
|
||||
read -s auth_header
|
||||
|
||||
apt install -y jq
|
||||
|
||||
rm /var/www/html/index.html
|
||||
cp ./assets/webhook.php /var/www/html/
|
||||
mkdir /var/www/webhook
|
||||
cp ./assets/webhook.sh /var/www/webhook
|
||||
chown www-data:www-data /var/www/webhook/webhook.sh
|
||||
chmod u+x /var/www/webhook/webhook.sh
|
||||
mkdir /var/www/webhook/logs
|
||||
chown www-data:www-data /var/www/webhook/logs
|
||||
|
||||
head -n $(($(wc -l < $caddyfile) - 2)) $caddyfile > temp_Caddyfile && mv temp_Caddyfile $caddyfile
|
||||
echo "handle /webhook.php {" >> $caddyfile
|
||||
echo "@unauthorized not header Authorization \"${auth_header}\"" >> $caddyfile
|
||||
echo "respond @unauthorized \"Unauthorized access\"" >> $caddyfile
|
||||
echo "root * /var/www/html" >> $caddyfile
|
||||
echo "php_fastcgi unix//run/php/php8.2-fpm.sock" >> $caddyfile
|
||||
echo "file_server" >> $caddyfile
|
||||
echo "}" >> $caddyfile
|
||||
echo "handle {" >> $caddyfile
|
||||
echo "reverse_proxy ${ip}:3000" >> $caddyfile
|
||||
echo "}" >> $caddyfile
|
||||
echo "}" >> $caddyfile
|
||||
caddy fmt $caddyfile -w
|
||||
caddy reload -c $caddyfile
|
||||
. bin/setup_webhook.sh
|
||||
fi
|
||||
fi
|
||||
|
||||
apt purge expect
|
||||
|
||||
# TODO
|
||||
#
|
||||
# DIRECTUS EMAIL
|
||||
# DIRECTUS REDIS
|
||||
# LOGING DE TOUT
|
||||
# CADDYFILE EN JSON
|
||||
# MÀJ
|
||||
# reboot a running system
|
||||
# MATOMO
|
||||
# NODE EXPORTER
|
|
@ -1,78 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
. bin/functions.sh
|
||||
. bin/variables.sh
|
||||
|
||||
echo -e "${PURPLE}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}"
|
||||
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
echo "Please run as root"
|
||||
exit
|
||||
fi
|
||||
|
||||
# A ENVOYER AU WEBHOOK
|
||||
install_pkg php
|
||||
install_pkg php-fpm
|
||||
|
||||
# USER
|
||||
echo -e "${PURPLE}${BOLD}Create a user ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
. bin/create_user.sh
|
||||
fi
|
||||
|
||||
# SSH
|
||||
echo -e "${PURPLE}${BOLD}Setup SSH ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
. bin/setup_ssh.sh
|
||||
fi
|
||||
|
||||
# FIREWALL AND FAIL2BAN
|
||||
echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
. bin/setup_firewall_fail2ban.sh
|
||||
fi
|
||||
|
||||
# CADDY
|
||||
echo -e "${PURPLE}${BOLD}Install Caddy webserver ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
. bin/install_caddy.sh
|
||||
fi
|
||||
|
||||
# MARIADB
|
||||
echo -e "${PURPLE}${BOLD}Install MariaDB ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
. bin/install_mariadb.sh
|
||||
fi
|
||||
|
||||
# DIRECTUS DB
|
||||
echo -e "${PURPLE}${BOLD}Setup Directus database ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
. bin/setup_directus_db.sh
|
||||
fi
|
||||
|
||||
# NODE
|
||||
echo -e "${PURPLE}${BOLD}Install Node ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
. bin/install_node.sh
|
||||
fi
|
||||
|
||||
# SET URL
|
||||
echo -e "${PURPLE}${BOLD}Set url ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
. bin/set_url.sh
|
||||
fi
|
||||
|
||||
# INSTALL DIRECTUS
|
||||
echo -e "${PURPLE}${BOLD}Install Directus ? (y/N) ${RESET}"
|
||||
read answer
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
. bin/install_directus.sh
|
||||
fi
|
Loading…
Reference in New Issue