fichiers séparés

README.md

@@ -4,7 +4,11 @@ Deployment [**D**ebian](https://www.debian.org/) (os) + [**C**addy](https://cadd
 
 ## Installation
 
-On a fresh install as root user
+On a fresh install as root user using
+
+`sudo passwd root`
+
+`su - root`
 
 1. Upgrade
 
@@ -42,6 +46,10 @@ On a fresh install as root user
 
 ## Post-install
 
+0. Delete unix Debian account
+
+`userdel --remove-home debian`
+
 1. Configure DNS Zone
 ```
 Domain : <domain_name>     | Type : A | Target : <ip>

assets/webhook.php

@@ -1,5 +1,5 @@
 <?php
-# https://docs.gitea.com/usage/webhooks
+// https://docs.gitea.com/usage/webhooks
 
 // check for POST request
 if ($_SERVER['REQUEST_METHOD'] != 'POST') {
@@ -33,7 +33,38 @@ if (json_last_error() !== JSON_ERROR_NONE) {
 }
 
 // success, do something
-$repo_name = $decoded['repository']['name'];
+$current_date = date('d-m-y_H-i-s', time());
-echo "launching hook script    ";
+$log_directory = '../webhook/logs';
-echo shell_exec('bash ../webhook/webhook.sh ' . $repo_name  . ' >> ../webhook/webhook.log 2>&1');
+
+// create the log folder if needed
+if (!file_exists($log_directory)) {
+    mkdir($log_directory, 0777, true);
+}
+
+// clean the log folder if needed
+if (count(scandir($log_directory)) > 10) {
+    $files = scandir($log_directory);
+    $log_files = array_diff($files, array('.', '..'));
+    usort($files, function($a, $b) use ($log_directory) {
+        return filemtime("$log_directory/$a") - filemtime("$log_directory/$b");
+    });
+    for ($i = 0; $i < 5; $i++) {
+        unlink("$log_directory/{$files[$i]}");
+    }
+}
+
+if (isset($decoded['repository'])) {
+    // git hook
+    echo shell_exec('bash ../webhook/webhook.sh ' . 'git' . ' >> ' . $log_directory . '/webhook_' . $current_date . '.log 2>&1');
+} else {
+   // directus hook
+   $debounce_delay = 1 * 60;
+   file_put_contents("debounce_hook", time());
+   sleep($debounce_delay);
+
+   if (time() >= intval(file_get_contents('debounce_hook')) + $debounce_delay) {
+
+       echo shell_exec('bash ../webhook/webhook.sh ' . 'directus' . ' >> ' . $log_directory . '/webhook_' . $current_date . '.log 2>&1');
+   }
+}
 ?>

assets/webhook.sh

@@ -1,17 +1,19 @@
 #!/bin/bash
-repo_name=$1
+hook_origin=$1
-cms_dir=$(ls -d /var/www/repositories/cms*/)
+repo_name=$(ls /var/www/repositories/ | grep -v '^cms')
-
-tmux send-keys -t directus C-c
-tmux send-keys -t front C-c
 
 cd /var/www/repositories/$repo_name
-git pull origin prod
+
+echo "Trigger : ${hook_origin}"
+
+if [[ "$hook_origin" == "git" ]]; then
+    git pull origin prod
+fi
 
 jq '.scripts |= with_entries(.value |= gsub("\\bnuxt \\b"; "./node_modules/nuxt/bin/nuxt.mjs "))' package.json > temp.json && mv temp.json package.json
 
-NUXT_TELEMETRY_DISABLED=1 ; npm install -y
+node --max-old-space-size=250 `which npm` install -y
-npm run build
+node --max-old-space-size=250 `which npm` run generate --prerender
 
-tmux send-keys -t front "cd /var/www/repositories/${repo_name} && node .output/server/index.mjs" C-m
+rm -r /var/www/html/public
-tmux send-keys -t directus "cd ${cms_dir} && npx directus start" C-m
+cp -r "/var/www/repositories/${repo_name}/.output/public" /var/www/html

bin/create_user.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+. bin/variables.sh
+
+echo -e "${PURPLE}${BOLD}Create user${RESET}"
+
+read -p "Enter username: " username
+
+if id "$username" &>/dev/null; then
+    echo "User '$username' already exists."
+    exit 1
+fi
+
+echo -e "${ORANGE}${BOLD}Generate and store the password somewhere safe${RESET}"
+read -s -p "Enter password: " password
+echo
+useradd -m "$username"
+chsh -s /bin/bash $username
+echo "$username:$password" | chpasswd
+
+usermod -aG sudo $username
+
+echo -e "${PURPLE}${BOLD}User '$username' created with password successfully.${RESET}"

bin/functions.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+install_pkg() {
+    pkg="$1"
+    if ! dpkg -s "$pkg" >/dev/null 2>&1; then
+        apt update && apt install -y "$pkg"
+        echo -e "${PURPLE}${BOLD}${pkg} installed${RESET}"
+    fi
+}
+
+get_username() {
+    if [[ -z "$username" ]]; then
+        username=$(getent passwd 1001 | cut -d: -f1)
+    fi
+}
+
+get_ip() {
+    if [[ -z "$ip" ]]; then
+        ip=$(hostname -I | cut -d' ' -f1)
+    fi
+}
+
+get_ssh_port() {
+    if [[ -z "$ssh_port" ]]; then
+        ssh_port=$(cat /etc/ssh/sshd_config.d/custom.conf | grep "Port " | sed 's/^Port //')
+    fi
+}

bin/import_directus_db.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+
+. bin/variables.sh
+. bin/functions.sh
+
+get_ssh_port
+get_username
+get_ip
+
+echo -e "${PURPLE}${BOLD}Import the .tar.gz archive from your local storage${RESET}"
+echo -e "${PURPLE}The archive should contain the sql dump, the upload directory and the .env file${RESET}"
+echo -e "${BLUE}scp -P ${ssh_port} /local/path/to/archive.tar.gz ${username}@${ip}:/home/${username}/${RESET}"
+echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
+read
+
+directus_archive=$(ls /home/${username}/*.tar.gz);
+
+tar -xzf "${directus_archive}" -C "${CMS_DIRECTORY}" --strip-components=2
+rm "${directus_archive}"
+
+sed -i "s/^\(DB_PASSWORD=\)'.*'$/\1'$DB_DIRECTUS_PASSWORD'/" "${CMS_DIRECTORY}/.env"
+
+port=$(cat ${CMS_DIRECTORY}/.env | grep "^PORT=" | sed 's/^PORT=//')
+sql_dump=$(ls ${CMS_DIRECTORY}/*.sql)
+
+install_pkg expect
+mariadb -u directus -p"$DB_DIRECTUS_PASSWORD" directus < "$sql_dump"
+rm $sql_dump
+chown -R www-data:www-data $CMS_DIRECTORY
+
+su -s /bin/bash -c "cd ${CMS_DIRECTORY} &&\
+    npm init -y &&\
+    npx directus bootstrap --skipAdminInit &&\
+    npx directus database migrate:latest
+    tmux new-session -d -s directus &&\
+    tmux send-keys -t directus \"cd ${CMS_DIRECTORY} && npx directus start\" C-m" www-data
+
+echo -e "${PURPLE}Directus launched with imported database${RESET}"

bin/import_directus_schema.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+. bin/variables.sh
+. bin/functions.sh
+
+get_username
+get_ip
+get_ssh_port
+
+echo -e "${PURPLE}${BOLD}Import local Directus data model${RESET}"
+echo -e "${BLUE}npx directus schema snapshot ./snapshot.yaml${RESET}"
+echo -e "${BLUE}scp -P ${ssh_port} /local/path/to/snapshot.yaml ${username}@${ip}:/home/${username}/snapshot.yaml${RESET}"
+echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
+read
+
+su -s /bin/bash -c "cd ${CMS_DIRECTORY} &&\
+npx directus schema apply --yes /home/${username}/snapshot.yaml" www-data

bin/install_caddy.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+. bin/variables.sh
+. bin/functions.sh
+
+if systemctl is-enabled apache2 >/dev/null 2>&1; then
+    systemctl disable --now apache2
+fi
+
+install_pkg debian-keyring
+install_pkg debian-archive-keyring
+install_pkg apt-transport-https
+install_pkg curl
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
+install_pkg caddy
+> /etc/caddy/Caddyfile
+
+echo -e "${PURPLE}${BOLD}Caddy Webserver installed${RESET}"

bin/install_directus.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+. bin/variables.sh
+. bin/functions.sh
+
+install_pkg tmux
+
+if [[ -z "$DB_DIRECTUS_PASSWORD" ]]; then
+    echo -e "${PURPLE}${BOLD}Enter the MariaDB Directus password : ${RESET}"
+    read -s DB_DIRECTUS_PASSWORD
+    echo
+fi
+
+if [[ -z "$CMS_DIRECTORY" ]]; then
+    . bin/set_url.sh
+fi
+
+echo "set -g default-shell /bin/sh" >> /etc/tmux.conf
+su -s /bin/bash -c "mkdir ${CMS_DIRECTORY}" www-data
+
+echo -e "${PURPLE}${BOLD}Import the Directus database ? (y/N) ${RESET}"
+read answer
+if [[ "$answer" == "y" ]]; then
+    . bin/import_directus_db.sh
+else
+    . bin/setup_directus.sh
+
+    echo -e "${PURPLE}${BOLD}Import Directus data model ? (y/N) ${RESET}"
+    read answer
+    if [[ "$answer" == "y" ]]; then
+        . bin/import_directus_schema.sh
+    fi
+
+    echo -e "${PURPLE}${BOLD}You can now add some content${RESET}"
+    echo -e "${ORANGE}${BOLD}Do not forget to set the permissions${RESET}"
+    echo -e "${ORANGE}${BOLD}Website role ${RESET}${ORANGE}Read content collections and directus_files${RESET}"
+    echo -e "${ORANGE}${BOLD}User role ${RESET}${ORANGE}All permissions on content collections, directus_files and directus_folders${RESET}"
+fi
+
+echo "cms.${DOMAIN_NAME} {" >> $CADDYFILE
+echo "reverse_proxy ${ip}:${port}" >> $CADDYFILE
+echo "}" >> $CADDYFILE
+caddy fmt $CADDYFILE -w
+caddy reload -c $CADDYFILE
+
+echo -e "${PURPLE}${BOLD}Access Directus ${RESET}${PURPLE}https://cms.${DOMAIN_NAME}${RESET}"

bin/install_mariadb.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# Automate mysql secure installation for debian-based systems
+# https://gist.github.com/coderua/5592d95970038944d099
+
+. bin/variables.sh
+. bin/functions.sh
+
+install_pkg mariadb-server
+echo -e "${ORANGE}${BOLD}Generate and store the password somewhere safe${RESET}"
+echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}"
+read -s DB_ROOT_PASSWORD
+echo
+install_pkg expect
+secure_mysql=$(expect -c "
+    set timeout 3
+    spawn mysql_secure_installation
+    expect \"Enter current password for root (enter for none):\"
+    send \"\r\"
+    expect \"Switch to unix_socket authentication \\[Y/n\\]\"
+    send \"n\r\"
+    expect \"Change the root password? \\[Y/n\\]\"
+    send \"y\r\"
+    expect \"New password:\"
+    send \"$DB_ROOT_PASSWORD\r\"
+    expect \"Re-enter new password:\"
+    send \"$DB_ROOT_PASSWORD\r\"
+    expect \"Remove anonymous users?\"
+    send \"y\r\"
+    expect \"Disallow root login remotely?\"
+    send \"y\r\"
+    expect \"Remove test database and access to it?\"
+    send \"y\r\"
+    expect \"Reload privilege tables now?\"
+    send \"y\r\"
+    expect eof
+")
+echo "${secure_mysql}"
+
+echo -e "${PURPLE}MariaDB is installed and secure${RESET}"

bin/install_node.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+. bin/variables.sh
+. bin/functions.sh
+
+touch /var/www/.bashrc
+mkdir /var/www/.nvm
+mkdir /var/www/.npm
+chown -R www-data:www-data /var/www
+
+install_pkg build-essential
+
+su -s /bin/bash -c 'curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash &&\
+export NVM_DIR="$HOME/.nvm" &&\
+[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" &&\
+[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" &&\
+nvm install v18' www-data 
+ln -sf /var/www/.nvm/versions/node/v18.*/bin/node /usr/bin/node
+ln -sf /var/www/.nvm/versions/node/v18.*/bin/npm /usr/bin/npm
+ln -sf /var/www/.nvm/versions/node/v18.*/bin/npx /usr/bin/npx
+
+echo -e "${PURPLE}Node installed${RESET}";

bin/install_nuxt_front.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+
+. bin/variables.sh
+. bin/functions.sh
+
+get_ip
+
+echo -e "${PURPLE}${BOLD}Create and push a prod branch on the repo${RESET}"
+echo -e "${BLUE}git fetch . main:prod${RESET}"
+echo -e "${BLUE}git push origin prod${RESET}"
+echo -e "${PURPLE}${BOLD}Enter the .git url of the repo${RESET}"
+read repo_url
+
+front_repo_name=$(echo "$repo_url" | sed 's#.*/\([^/]*\)\.git#\1#')
+front_directory="${REPO_DIRECTORY}/${front_repo_name}"
+if [[ -z "$WEBSITE_TOKEN" ]]; then
+    echo -e "${PURPLE}${BOLD}Enter the Directus Website user static token${RESET}"
+    read -s WEBSITE_TOKEN
+fi
+
+touch /var/www/.nuxtrc
+echo "telemetry.consent=0" > /var/www/.nuxtrc
+echo "telemetry.enabled=false" >> /var/www/.nuxtrc
+chown -R www-data:www-data /var/www/.nuxtrc
+
+rm /var/www/html/*
+chown www-data:www-data /var/www/html
+
+su -s /bin/bash -c "cd ${REPO_DIRECTORY} &&\
+git clone ${repo_url} &&\
+cd ${front_directory} &&\
+git checkout prod &&\
+echo \"DIRECTUS_API_TOKEN=${WEBSITE_TOKEN}\" > .env &&\
+echo \"URL=https://${DOMAIN_NAME}\" >> .env &&\
+echo \"DIRECTUS_URL=https://cms.${DOMAIN_NAME}\" >> .env &&\
+node --max-old-space-size=250 `which npm` install -y &&\
+node --max-old-space-size=250 `which npm` run generate --prerender" www-data
+
+cp -r "${front_directory}/.output/public" /var/www/html
+chown -R www-data:www-data /var/www/html/public
+
+echo "www.${DOMAIN_NAME} {" >> $CADDYFILE
+echo "redir ${DOMAIN_NAME}{uri} permanent" >> $CADDYFILE
+echo "}" >> $CADDYFILE
+echo "${DOMAIN_NAME} {" >> $CADDYFILE
+echo "root * /var/www/html/public" >> $CADDYFILE
+echo "file_server" >> $CADDYFILE
+echo "}" >> $CADDYFILE
+caddy fmt $CADDYFILE -w
+caddy reload -c $CADDYFILE

bin/set_url.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+. bin/variables.sh
+. bin/functions.sh
+
+echo -e "${PURPLE}${BOLD}Enter the domain name of the website${RESET}"
+read DOMAIN_NAME
+get_ip
+
+echo -e "${PURPLE}${BOLD}Configure the ${DOMAIN_NAME} DNS ZONE as the following${RESET}"
+echo -e "${BLUE}Domain : ${DOMAIN_NAME} | Type : A | Target : ${ip}${RESET}"
+echo -e "${BLUE}Domain : cms.${DOMAIN_NAME} | Type : A | Target : ${ip}${RESET}"
+echo -e "${BLUE}Domain : www.${DOMAIN_NAME} | Type : A | Target : ${ip}${RESET}"
+echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
+read
+
+REPO_DIRECTORY="/var/www/repositories"
+mkdir $repo_directory
+chown www-data:www-data $repo_directory
+CMS_DIRECTORY="${repo_directory}/cms_${DOMAIN_NAME}"

bin/setup_directus.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+
+. bin/variables.sh
+. bin/functions.sh
+
+echo -e "${ORANGE}${BOLD}Generate and store the credentials somewhere safe${RESET}"
+echo -e "${PURPLE}${BOLD}Enter the Directus admin email : ${RESET}"
+read directus_admin_email
+echo -e "${PURPLE}${BOLD}Enter the Directus admin password : ${RESET}"
+read -s directus_admin_password
+
+env_file="${CMS_DIRECTORY}/.env"
+port=8055
+
+key=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
+secret=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
+
+su -s /bin/bash -c "mkdir ${CMS_DIRECTORY} &&\
+mkdir ${CMS_DIRECTORY}/uploads &&\
+echo \"HOST='${ip}'\" >> ${env_file} &&\
+echo \"PORT=${port}\" >> ${env_file} &&\
+echo \"PUBLIC_URL='https://cms.${DOMAIN_NAME}'\" >> ${env_file} &&\
+echo \"DB_CLIENT='mysql'\" >> ${env_file} &&\
+echo \"DB_HOST='127.0.0.1'\" >> ${env_file} &&\
+echo \"DB_PORT='3306'\" >> ${env_file} &&\
+echo \"DB_DATABASE='directus'\" >> ${env_file} &&\
+echo \"DB_USER='directus'\" >> ${env_file} &&\
+echo \"DB_PASSWORD='${DB_DIRECTUS_PASSWORD}'\" >> ${env_file} &&\
+echo \"SECRET='${secret}'\" >> ${env_file} &&\
+echo \"KEY='${key}'\" >> ${env_file} &&\
+echo \"CORS_ENABLED='true'\" >> ${env_file} &&\
+echo \"CORS_ORIGIN='true'\" >> ${env_file} &&\
+echo \"IMPORT_IP_DENY_LIST=\" >> ${env_file} &&\
+cd ${CMS_DIRECTORY} &&\
+npm init -y &&\
+npx directus bootstrap --skipAdminInit &&\
+tmux new-session -d -s directus &&\
+tmux send-keys -t directus \"cd ${CMS_DIRECTORY} && npx directus start\" C-m &&\
+npx directus roles create --role Administrator --admin true &&\
+npx directus roles create --role Website &&\
+npx directus roles create --role User" www-data
+
+admin_role_uuid=$(echo $(mariadb -u directus -p${DB_DIRECTUS_PASSWORD} \
+-e "SELECT id FROM directus.directus_roles WHERE name='Administrator'") | awk '{print $2}')
+website_role_uuid=$(echo $(mariadb -u directus -p${DB_DIRECTUS_PASSWORD} \
+-e "SELECT id FROM directus.directus_roles WHERE name='Website'") | awk '{print $2}')
+user_role_uuid=$(echo $(mariadb -u directus -p${DB_DIRECTUS_PASSWORD} \
+-e "SELECT id FROM directus.directus_roles WHERE name='User'") | awk '{print $2}')
+
+website_password=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
+
+su -s /bin/bash -c "cd ${CMS_DIRECTORY} &&\
+npx directus users create --email \"${directus_admin_email}\" \
+--password \"${directus_admin_password}\" --role \"${admin_role_uuid}\" &&\
+npx directus users create --email \"website@${DOMAIN_NAME}\" --password \"${website_password}\" --role \"${website_role_uuid}\"" www-data
+
+WEBSITE_TOKEN=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
+mariadb -u directus -p${DB_DIRECTUS_PASSWORD} -e "UPDATE directus.directus_roles SET icon='robot' WHERE name='Website'";
+mariadb -u directus -p${DB_DIRECTUS_PASSWORD} -e "UPDATE directus.directus_roles SET app_access='0' WHERE name='Website'";
+mariadb -u directus -p${DB_DIRECTUS_PASSWORD} -e "UPDATE directus.directus_users SET token=\"${WEBSITE_TOKEN}\" WHERE email=\"website@${DOMAIN_NAME}\"";

bin/setup_directus_db.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+
+. bin/variables.sh
+. bin/functions.sh
+
+if ! dpkg -s mariadb-server >/dev/null 2>&1; then
+    . bin/install_mariadb.sh
+fi
+
+echo -e "${ORANGE}${BOLD}Generate and store the password somewhere safe${RESET}"
+echo -e "${PURPLE}${BOLD}Enter the MariaDB Directus password : ${RESET}"
+read -s DB_DIRECTUS_PASSWORD
+echo
+if [[ -z "$DB_ROOT_PASSWORD" ]]; then
+    echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}"
+    read -s DB_ROOT_PASSWORD
+    echo
+fi
+install_pkg expect
+create_directus_db=$(expect -c "
+    spawn mariadb -u root -p
+    expect \"Enter password:\"
+    send \"$DB_ROOT_PASSWORD\r\"
+    expect \"mysql>\"
+    send \"CREATE USER 'directus'@'localhost' IDENTIFIED BY '${DB_DIRECTUS_PASSWORD}';\r\"
+    send \"CREATE DATABASE directus;\r\"
+    send \"GRANT ALL PRIVILEGES ON directus.* TO 'directus'@'localhost' IDENTIFIED BY '${DB_DIRECTUS_PASSWORD}';\r\"
+    send \"FLUSH PRIVILEGES;\r\"
+    expect \"mysql>\"
+    send \"quit;\r\"
+    expect eof
+")
+echo "${create_directus_db}" >& /dev/null
+
+echo -e "${PURPLE}Directus database created${RESET}"

bin/setup_firewall_fail2ban.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+. bin/variables.sh
+. bin/functions.sh
+
+echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban${RESET}"
+install_pkg ufw
+install_pkg fail2ban
+systemctl enable fail2ban
+get_ssh_port
+ufw allow $ssh_port
+ufw allow http
+ufw allow https
+
+echo -e "${PURPLE}Firewall and Fail2ban are setup${RESET}"

bin/setup_ssh.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+. bin/variables.sh
+
+echo -e "${PURPLE}${BOLD}Setup SSH${RESET}"
+
+ssh_port=$((RANDOM % (65536 - 1024 + 1) + 1024))
+
+touch /etc/ssh/sshd_config.d/custom.conf
+echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf
+echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config.d/custom.conf
+echo "Port ${ssh_port}" >> /etc/ssh/sshd_config.d/custom.conf
+systemctl reload ssh
+
+echo -e "${ORANGE}${BOLD}Store the ssh port ${ssh_port} somewhere safe${RESET}"

bin/setup_webhook.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+
+. bin/variables.sh
+. bin/functions.sh
+
+echo -e "${PURPLE}${BOLD}If it does not already exists, create a webhook at the following url${RESET}"
+echo -e "${PURPLE}${BOLD}${repo_url}/settings/hooks/gitea/new${RESET}"
+echo -e "${BLUE}${BOLD}Target URL ${RESET}${BLUE}https://${domain_name}/webhook.php${RESET}"
+echo -e "${BLUE}${BOLD}Branch filter ${RESET}${BLUE}prod${RESET}"
+echo -e "${BLUE}${BOLD}Authorization Header ${RESET}${ORANGE}Generate a safe string using \`openssl rand -base64 32\`${RESET}"
+echo -e "${PURPLE}${BOLD}Enter the Authorization Header${RESET}"
+read -s auth_header
+
+install_pkg php
+install_pkg php-fpm
+install_pkg jq
+
+rm /var/www/html/index.html
+cp ./assets/webhook.php /var/www/html/
+mkdir /var/www/webhook
+cp ./assets/webhook.sh /var/www/webhook
+chown www-data:www-data /var/www/webhook/webhook.sh
+chmod u+x /var/www/webhook/webhook.sh
+mkdir /var/www/webhook/logs
+chown www-data:www-data /var/www/webhook/logs
+
+get_ip
+
+head -n $(($(wc -l < $CADDYFILE) - 2)) $CADDYFILE > temp_Caddyfile && mv temp_Caddyfile $CADDYFILE
+echo "handle /webhook.php {" >> $CADDYFILE
+echo "@unauthorized not header Authorization \"${auth_header}\"" >> $CADDYFILE
+echo "respond @unauthorized \"Unauthorized access\"" >> $CADDYFILE
+echo "root * /var/www/html" >> $CADDYFILE
+echo "php_fastcgi unix//run/php/php8.2-fpm.sock" >> $CADDYFILE
+echo "file_server" >> $CADDYFILE
+echo "}" >> $CADDYFILE
+echo "handle {" >> $CADDYFILE
+echo "reverse_proxy ${ip}:3000" >> $CADDYFILE
+echo "}" >> $CADDYFILE
+echo "}" >> $CADDYFILE
+caddy fmt $CADDYFILE -w
+caddy reload -c $CADDYFILE

bin/variables.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Texts layout
+PURPLE='\033[35m'
+ORANGE='\033[33m'
+BLUE='\033[34m'
+BOLD='\033[1m'
+RESET='\033[0m'
+
+DB_ROOT_PASSWORD=""
+DB_DIRECTUS_PASSWORD=""
+
+DOMAIN_NAME=""
+CMS_DIRECTORY=""
+REPO_DIRECTORY=""
+
+WEBSITE_TOKEN=""
+
+CADDYFILE="/etc/caddy/Caddyfile"

install.sh

@@ -1,33 +1,18 @@
 #!/bin/bash
 
-PURPLE='\033[35m'
-ORANGE='\033[33m'
-BLUE='\033[34m'
-BOLD='\033[1m'
-RESET='\033[0m'
 
-install_pkg() {
+# TODO
-    pkg="$1"
+## DIRECTUS EMAIL
-    if ! command -v "$pkg" &> /dev/null; then
+## DIRECTUS REDIS
-        apt install -y "$pkg"
+## LOGING DE TOUT
-        echo -e "${PURPLE}${BOLD}${pkg} installed${RESET}"
+## CADDYFILE EN JSON
-    fi
+## MÀJ
-}
+## reboot a running system
+## MATOMO
+## NODE EXPORTER
 
-get_username() {
+. bin/functions.sh
-    if [[ -z "$username" ]]; then
+. bin/variables.sh
-        username=$(getent passwd 1000 | cut -d: -f1)
-    fi
-}
-
-get_ip() {
-    if [[ -z "$ip" ]]; then
-        ip=$(hostname -I)
-        if [[ "${ip: -1}" == " " ]]; then
-            ip="${ip%?}"
-        fi
-    fi
-}
 
 echo -e "${PURPLE}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}"
 
@@ -36,402 +21,83 @@ if [ "$EUID" -ne 0 ]; then
   exit
 fi
 
-apt install -y php php-fpm
+if [ "$(dirname "$0")" != "$(pwd)" ]; then
-systemctl disable --now apache2
+    echo "Please run this script from its directory."
+    exit
+fi
 
-#
 # USER
-#
 echo -e "${PURPLE}${BOLD}Create a user ? (y/N) ${RESET}"
 read answer
 if [[ "$answer" == "y" ]]; then
-    echo -e "${PURPLE}${BOLD}Create user${RESET}"
+    . bin/create_user.sh
-
-    read -p "Enter username: " username
-
-    if id "$username" &>/dev/null; then
-        echo "User '$username' already exists."
-        exit 1
-    fi
-
-    echo -e "${ORANGE}${BOLD}Generate and store the password somewhere safe${RESET}"
-    read -s -p "Enter password: " password
-    echo
-    useradd -m "$username"
-    chsh -s /bin/bash $username
-    echo "$username:$password" | chpasswd
-
-    usermod -aG sudo $username
-
-    echo -e "${PURPLE}${BOLD}User '$username' created with password successfully.${RESET}"
 fi
 
-#
 # SSH
-#
 echo -e "${PURPLE}${BOLD}Setup SSH ? (y/N) ${RESET}"
 read answer
 if [[ "$answer" == "y" ]]; then
-    echo -e "${PURPLE}${BOLD}Setup SSH${RESET}"
+    . bin/setup_ssh.sh
-
-    touch /etc/ssh/sshd_config.d/custom.conf
-    echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf
-    echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config.d/custom.conf
-    systemctl reload ssh
 fi
 
-#
 # FIREWALL AND FAIL2BAN
-#
 echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban ? (y/N) ${RESET}"
 read answer
 if [[ "$answer" == "y" ]]; then
-    echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban${RESET}"
+    . bin/setup_firewall_fail2ban.sh
-    apt install -y ufw fail2ban
-    systemctl enable fail2ban
-    ufw allow ssh
-    ufw allow http
-    ufw allow https
 fi
 
-#
 # CADDY
-#
 echo -e "${PURPLE}${BOLD}Install Caddy webserver ? (y/N) ${RESET}"
 read answer
 if [[ "$answer" == "y" ]]; then
-    echo -e "${PURPLE}${BOLD}Install Caddy Webserver${RESET}"
+    . bin/install_caddy.sh
-    apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
-    curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
-    curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
-    apt update
-    apt install -y caddy
-    > /etc/caddy/Caddyfile
 fi
 
-#
 # MARIADB
-#
-
 echo -e "${PURPLE}${BOLD}Install MariaDB ? (y/N) ${RESET}"
 read answer
 if [[ "$answer" == "y" ]]; then
-    apt install -y mariadb-server
+    . bin/install_mariadb.sh
-    echo -e "${ORANGE}${BOLD}Generate and store the password somewhere safe${RESET}"
-    echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}"
-    read -s db_root_password
-    echo
-    install_pkg expect
-    SECURE_MYSQL=$(expect -c "
-        set timeout 3
-        spawn mysql_secure_installation
-        expect \"Enter current password for root (enter for none):\"
-        send \"\r\"
-        expect \"Switch to unix_socket authentication \\[Y/n\\]\"
-        send \"n\r\"
-        expect \"Change the root password? \\[Y/n\\]\"
-        send \"y\r\"
-        expect \"New password:\"
-        send \"$db_root_password\r\"
-        expect \"Re-enter new password:\"
-        send \"$db_root_password\r\"
-        expect \"Remove anonymous users?\"
-        send \"y\r\"
-        expect \"Disallow root login remotely?\"
-        send \"y\r\"
-        expect \"Remove test database and access to it?\"
-        send \"y\r\"
-        expect \"Reload privilege tables now?\"
-        send \"y\r\"
-        expect eof
-    ")
-    echo "${SECURE_MYSQL}"
-    # https://gist.github.com/coderua/5592d95970038944d099
 fi
 
-#
 # DIRECTUS DB
-#
-
 echo -e "${PURPLE}${BOLD}Setup Directus database ? (y/N) ${RESET}"
 read answer
 if [[ "$answer" == "y" ]]; then
-    echo -e "${ORANGE}${BOLD}Generate and store the password somewhere safe${RESET}"
+    . bin/setup_directus_db.sh
-    echo -e "${PURPLE}${BOLD}Enter the MariaDB Directus password : ${RESET}"
-    read -s db_directus_password
-    echo
-    if [[ -z "$db_root_password" ]]; then
-        echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}"
-        read -s db_root_password
-        echo
-    fi
-    install_pkg expect
-    CREATE_DIRECTUS_DB=$(expect -c "
-        spawn mariadb -u root -p
-        expect \"Enter password:\"
-        send \"$db_root_password\r\"
-        expect \"mysql>\"
-        send \"CREATE USER 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r\"
-        send \"CREATE DATABASE directus;\r\"
-        send \"GRANT ALL PRIVILEGES ON directus.* TO 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r\"
-        send \"FLUSH PRIVILEGES;\r\"
-        expect \"mysql>\"
-        send \"quit;\r\"
-        expect eof
-    ")
-    echo "${CREATE_DIRECTUS_DB}" >& /dev/null
-    echo -e "${PURPLE}${BOLD}Directus database created${RESET}"
 fi
 
-#
 # NODE
-#
-
 echo -e "${PURPLE}${BOLD}Install Node ? (y/N) ${RESET}"
 read answer
 if [[ "$answer" == "y" ]]; then
-    touch /var/www/.bashrc
+    . bin/install_node.sh
-    chown www-data:www-data /var/www/.bashrc
-    mkdir /var/www/.nvm
-    chown www-data:www-data /var/www/.nvm
-    mkdir /var/www/.npm
-    chown www-data:www-data /var/www/.npm 
-
-    su -s /bin/bash -c 'curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash &&\
-    export NVM_DIR="$HOME/.nvm" &&\
-    [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" &&\
-    [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" &&\
-    nvm install v18' www-data 
-    ln -sf /var/www/.nvm/versions/node/v18.19.1/bin/node /usr/bin/node
-    ln -sf /var/www/.nvm/versions/node/v18.19.1/bin/npm /usr/bin/npm
-    ln -sf /var/www/.nvm/versions/node/v18.19.1/bin/npx /usr/bin/npx
-
-    echo -e "${PURPLE}${BOLD}Node installed${RESET}";
 fi
 
-#
+# SET URL
-# SET THE URL
+echo -e "${PURPLE}${BOLD}Set url ? (y/N) ${RESET}"
-#
+read answer
-
+if [[ "$answer" == "y" ]]; then
-echo -e "${PURPLE}${BOLD}Enter the domain name of the website${RESET}"
+    . bin/set_url.sh
-read domain_name
+fi
-get_ip
-
-echo -e "${PURPLE}${BOLD}Configure the ${domain_name} DNS ZONE as the following${RESET}"
-echo -e "${BLUE}Domain : ${domain_name} | Type : A | Target : ${ip}${RESET}"
-echo -e "${BLUE}Domain : cms.${domain_name} | Type : A | Target : ${ip}${RESET}"
-echo -e "${BLUE}Domain : www.${domain_name} | Type : A | Target : ${ip}${RESET}"
-echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
-read
-
-repo_directory="/var/www/repositories"
-mkdir $repo_directory
-chown www-data:www-data $repo_directory
-cms_directory="${repo_directory}/cms_${domain_name}"
-
-#
-# DIRECTUS
-#
 
+# INSTALL DIRECTUS
 echo -e "${PURPLE}${BOLD}Install Directus ? (y/N) ${RESET}"
 read answer
 if [[ "$answer" == "y" ]]; then
-    install_pkg tmux
+    . bin/install_directus.sh
-
-    if [[ -z "$db_directus_password" ]]; then
-        echo -e "${PURPLE}${BOLD}Enter the MariaDB Directus password : ${RESET}"
-        read -s db_directus_password
-        echo
-    fi
-
-    echo -e "${ORANGE}${BOLD}Generate and store the credentials somewhere safe${RESET}"
-    echo -e "${PURPLE}${BOLD}Enter the Directus admin email : ${RESET}"
-    read directus_admin_email
-    echo -e "${PURPLE}${BOLD}Enter the Directus admin password : ${RESET}"
-    read -s directus_admin_password
-
-    env_file="${cms_directory}/.env"
-    port=8055
-
-    key=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
-    secret=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
-
-    echo "set -g default-shell /bin/sh" >> /etc/tmux.conf
-
-    su -s /bin/bash -c "mkdir ${cms_directory} &&\
-    mkdir ${cms_directory}/uploads &&\
-    echo \"HOST='${ip}'\" >> ${env_file} &&\
-    echo \"PORT=${port}\" >> ${env_file} &&\
-    echo \"PUBLIC_URL='https://cms.${domain_name}'\" >> ${env_file} &&\
-    echo \"DB_CLIENT='mysql'\" >> ${env_file} &&\
-    echo \"DB_HOST='127.0.0.1'\" >> ${env_file} &&\
-    echo \"DB_PORT='3306'\" >> ${env_file} &&\
-    echo \"DB_DATABASE='directus'\" >> ${env_file} &&\
-    echo \"DB_USER='directus'\" >> ${env_file} &&\
-    echo \"DB_PASSWORD='${db_directus_password}'\" >> ${env_file} &&\
-    echo \"SECRET='${secret}'\" >> ${env_file} &&\
-    echo \"KEY='${key}'\" >> ${env_file} &&\
-    echo \"CORS_ENABLED='true'\" >> ${env_file} &&\
-    echo \"CORS_ORIGIN='true'\" >> ${env_file} &&\
-    cd ${cms_directory} &&\
-    npm init -y &&\
-    npx directus bootstrap --skipAdminInit &&\
-    tmux new-session -d -s directus &&\
-    tmux send-keys -t directus \"cd ${cms_directory} && npx directus start\" C-m &&\
-    npx directus roles create --role Administrator --admin true &&\
-    npx directus roles create --role Website &&\
-    npx directus roles create --role User" www-data
-
-    admin_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \
-    -e "SELECT id FROM directus.directus_roles WHERE name='Administrator'") | awk '{print $2}')
-    website_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \
-    -e "SELECT id FROM directus.directus_roles WHERE name='Website'") | awk '{print $2}')
-    user_role_uuid=$(echo $(mariadb -u directus -p${db_directus_password} \
-    -e "SELECT id FROM directus.directus_roles WHERE name='User'") | awk '{print $2}')
-    
-    website_password=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
-
-    su -s /bin/bash -c "cd ${cms_directory} &&\
-    npx directus users create --email \"${directus_admin_email}\" \
-    --password \"${directus_admin_password}\" --role \"${admin_role_uuid}\" &&\
-    npx directus users create --email \"website@${domain_name}\" --password \"${website_password}\" --role \"${website_role_uuid}\"" www-data
-
-    website_token=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
-    mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_roles SET icon='robot' WHERE name='Website'";
-    mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_roles SET app_access='0' WHERE name='Website'";
-    mariadb -u directus -p${db_directus_password} -e "UPDATE directus.directus_users SET token=\"${website_token}\" WHERE email=\"website@${domain_name}\"";
-
-    caddyfile="/etc/caddy/Caddyfile"
-    echo "cms.${domain_name} {" >> $caddyfile
-    echo "reverse_proxy ${ip}:${port}" >> $caddyfile
-    echo "}" >> $caddyfile
-    caddy fmt $caddyfile -w
-    caddy reload -c $caddyfile
-
-    echo -e "${PURPLE}${BOLD}Import Directus data model ? (y/N) ${RESET}"
-    read answer
-    if [[ "$answer" == "y" ]]; then
-        get_username
-
-        echo -e "${PURPLE}${BOLD}Import local Directus data model${RESET}"
-        echo -e "${BLUE}npx directus schema snapshot ./snapshot.yaml${RESET}"
-        echo -e "${BLUE}scp /local/path/to/snapshot.yaml ${username}@${ip}:/home/${username}/snapshot.yaml${RESET}"
-        echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
-        read
-
-        su -s /bin/bash -c "cd ${cms_directory} &&\
-        npx directus schema apply --yes /home/${username}/snapshot.yaml" www-data
-
-    fi
-    
-    echo -e "${PURPLE}${BOLD}You can now add some content${RESET}"
-    echo -e "${ORANGE}${BOLD}Do not forget to set the permissions${RESET}"
-    echo -e "${ORANGE}${BOLD}Website role ${RESET}${ORANGE}Read content collections and directus_files${RESET}"
-    echo -e "${ORANGE}${BOLD}User role ${RESET}${ORANGE}All permissions on content collections, directus_files and directus_folders${RESET}"
-
-    echo -e "${PURPLE}${BOLD}Access Directus ${RESET}${PURPLE}https://cms.${domain_name}${RESET}"
 fi
 
-#
+# NUXT STATIC
-# NUXT
-#
 echo -e "${PURPLE}${BOLD}Install the front-end ? (y/N) ${RESET}"
 read answer
 if [[ "$answer" == "y" ]]; then
-    get_ip
+    . bin/install_nuxt_front.sh
-
-    echo -e "${PURPLE}${BOLD}Create and push a prod branch on the repo${RESET}"
-    echo -e "${BLUE}git checkout -b prod${RESET}"
-    echo -e "${BLUE}git add . && git commit -m "first commit to prod"${RESET}"
-    echo -e "${BLUE}git push origin prod${RESET}"
-    echo -e "${PURPLE}${BOLD}Enter the .git url of the repo${RESET}"
-    read repo_url
-
-    front_repo_name=$(echo "$repo_url" | sed 's#.*/\([^/]*\)\.git#\1#')
-    front_directory="${repo_directory}/${front_repo_name}"
-    if [[ -z "$website_token" ]]; then
-        echo -e "${PURPLE}${BOLD}Enter the Directus Website user static token${RESET}"
-        read -s website_token
-    fi
-
-    touch /var/www/.nuxtrc
-    echo "telemetry.consent=0" > /var/www/.nuxtrc
-    echo "telemetry.enabled=false" >> /var/www/.nuxtrc
-    chown -R www-data:www-data /var/www/.nuxtrc
-
-    su -s /bin/bash -c "cd ${repo_directory} &&\
-    git clone ${repo_url} &&\
-    cd ${front_directory} &&\
-    git checkout prod &&\
-    echo \"DIRECTUS_API_TOKEN=${website_token}\" > .env &&\
-    echo \"URL=https://${domain_name}\" >> .env &&\
-    echo \"DIRECTUS_URL=https://cms.${domain_name}\" >> .env &&\
-    tmux send-keys -t directus C-c &&\
-    npm install -y &&\
-    NUXT_TELEMETRY_DISABLED=1 bash -c \"npm run build\" &&\
-    tmux new-session -d -s front &&\
-    tmux send-keys -t front \"cd ${front_directory} && node .output/server/index.mjs\" C-m &&\
-    tmux send-keys -t directus \"npx directus start\" C-m" www-data
-
-    caddyfile="/etc/caddy/Caddyfile"
-    echo "www.${domain_name} {" >> $caddyfile
-    echo "redir ${domain_name}{uri} permanent" >> $caddyfile
-    echo "}" >> $caddyfile
-    echo "${domain_name} {" >> $caddyfile
-    echo "reverse_proxy ${ip}:3000" >> $caddyfile
-    echo "}" >> $caddyfile
-    caddy fmt $caddyfile -w
-    caddy reload -c $caddyfile
 
     echo -e "${PURPLE}${BOLD}Setup a webhook ? (y/N) ${RESET}"
     read answer
     if [[ "$answer" == "y" ]]; then
-        echo -e "${PURPLE}${BOLD}If it does not already exists, create a webhook at the following url${RESET}"
+        . bin/setup_webhook.sh
-        echo -e "${PURPLE}${BOLD}${repo_url}/settings/hooks/gitea/new${RESET}"
-        echo -e "${BLUE}${BOLD}Target URL ${RESET}${BLUE}https://${domain_name}/webhook.php${RESET}"
-        echo -e "${BLUE}${BOLD}Branch filter ${RESET}${BLUE}prod${RESET}"
-        echo -e "${BLUE}${BOLD}Authorization Header ${RESET}${ORANGE}Generate a safe string using \`openssl rand -base64 32\`${RESET}"
-        echo -e "${PURPLE}${BOLD}Enter the Authorization Header${RESET}"
-        read -s auth_header
-
-        apt install -y jq
-
-        rm /var/www/html/index.html
-        cp ./assets/webhook.php /var/www/html/
-        mkdir /var/www/webhook
-        cp ./assets/webhook.sh /var/www/webhook
-        chown www-data:www-data /var/www/webhook/webhook.sh
-        chmod u+x /var/www/webhook/webhook.sh
-        touch /var/www/webhook/webhook.log
-        chown www-data:www-data /var/www/webhook/webhook.log
-
-        head -n $(($(wc -l < $caddyfile) - 2)) $caddyfile > temp_Caddyfile && mv temp_Caddyfile $caddyfile
-        echo "handle /webhook.php {" >> $caddyfile
-        echo "@unauthorized not header Authorization \"${auth_header}\"" >> $caddyfile
-        echo "respond @unauthorized \"Unauthorized access\"" >> $caddyfile
-        echo "root * /var/www/html" >> $caddyfile
-        echo "php_fastcgi unix//run/php/php8.2-fpm.sock" >> $caddyfile
-        echo "file_server" >> $caddyfile
-        echo "}" >> $caddyfile
-        echo "handle {" >> $caddyfile
-        echo "reverse_proxy ${ip}:3000" >> $caddyfile
-        echo "}" >> $caddyfile
-        echo "}" >> $caddyfile
-        caddy fmt $caddyfile -w
-        caddy reload -c $caddyfile
     fi
 fi
-
-apt purge expect
-
-# TODO
-#
-# ZABBIX
-# URBACKUP
-# DIRECTUS EMAIL
-# DIRECTUS REDIS
-# LOGING DE TOUT
-# IMPORT DIRECTUS FULL DB
-# CADDYFILE EN JSON
-# MÀJ
-# reboot a running system

utils/export-content.sh

@@ -6,7 +6,6 @@ if [ "$EUID" -ne 0 ]; then
 fi
 
 PURPLE='\033[35m'
-ORANGE='\033[33m'
 BLUE='\033[34m'
 BOLD='\033[1m'
 RESET='\033[0m'
@@ -21,6 +20,7 @@ if [[ "$answer" == "y" ]]; then
     current_date=$(date +'%d-%m-%y_%H-%M')
     export_base_folder="/home/${user}/content_exports"
     export_folder="${export_base_folder}/${site_name}_export_${current_date}"
+    
     mkdir -p "${export_folder}"
     mysqldump -u directus -p"${db_password}" directus > "${export_folder}/db_${site_name}_${current_date}.sql"
     cp -r /var/www/repositories/cms*/uploads "${export_folder}"
@@ -29,7 +29,7 @@ if [[ "$answer" == "y" ]]; then
     rm -r "${export_folder}"
     chown -R "${user}:${user}" "${export_base_folder}"
 
-    ssh_port=$(cat /etc/ssh/sshd_config | grep "Port " | sed 's/^Port //')
+    ssh_port=$(cat /etc/ssh/sshd_config.d/custom.conf | grep "Port " | sed 's/^Port //')
     ip=$(hostname -I)
     if [[ "${ip: -1}" == " " ]]; then
         ip="${ip%?}"