#!/bin/bash PURPLE='\033[35m' BOLD='\033[1m' RESET='\033[0m' install_pkg() { pkg="$1" if ! command -v "$pkg" &> /dev/null; then apt install -y "$pkg" echo -e "${PURPLE}${BOLD}expect installed${RESET}" fi } get_username() { if [[ -z "$username" ]]; then username=$(getent passwd 1000 | cut -d: -f1) echo $username fi } echo -e "${PURPLE}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}" if [ "$EUID" -ne 0 ]; then echo "Please run as root" exit fi # # USER # echo -e "${PURPLE}${BOLD}Create a user ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Create user${RESET}" read -p "Enter username: " username if id "$username" &>/dev/null; then echo "User '$username' already exists." exit 1 fi echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}" read -s -p "Enter password: " password echo useradd -m "$username" chsh -s /bin/bash $username echo "$username:$password" | chpasswd usermod -aG sudo $username echo -e "${PURPLE}${BOLD}User '$username' created with password successfully.${RESET}" fi # # SSH # echo -e "${PURPLE}${BOLD}Setup SSH ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Setup SSH${RESET}" touch /etc/ssh/sshd_config.d/custom.conf echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config.d/custom.conf systemctl reload ssh fi # # FIREWALL AND FAIL2BAN # echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban${RESET}" apt install -y ufw fail2ban systemctl enable fail2ban ufw allow ssh ufw allow http ufw allow https fi # # TODO : ZABBIX AND URBACKUP # echo -e "${PURPLE}${BOLD}TODO : Zabbix and Urbackup${RESET}" # # CADDY # echo -e "${PURPLE}${BOLD}Install Caddy webserver ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Install Caddy Webserver${RESET}" apt install -y debian-keyring debian-archive-keyring apt-transport-https curl curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list apt update apt install -y caddy fi # # MARIADB # echo -e "${PURPLE}${BOLD}Install MariaDB ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then apt install -y mariadb-server echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}" echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}" read -s db_root_password echo install_pkg expect SECURE_MYSQL=$(expect -c " set timeout 3 spawn mysql_secure_installation expect \"Enter current password for root (enter for none):\" send \"\r\" expect \"Switch to unix_socket authentication \\[Y/n\\]\" send \"n\r\" expect \"Change the root password? \\[Y/n\\]\" send \"y\r\" expect \"New password:\" send \"$db_root_password\r\" expect \"Re-enter new password:\" send \"$db_root_password\r\" expect \"Remove anonymous users?\" send \"y\r\" expect \"Disallow root login remotely?\" send \"y\r\" expect \"Remove test database and access to it?\" send \"y\r\" expect \"Reload privilege tables now?\" send \"y\r\" expect eof ") echo "${SECURE_MYSQL}" # https://gist.github.com/coderua/5592d95970038944d099 fi # # DIRECTUS DB # echo -e "${PURPLE}${BOLD}Setup Directus database ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}" echo -e "${PURPLE}${BOLD}Enter the MariaDB Directus password : ${RESET}" read -s db_directus_password echo if [[ -z "$db_root_password" ]]; then echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}" read -s db_root_password echo fi install_pkg expect CREATE_DIRECTUS_DB=$(expect -c " spawn mariadb -u root -p expect \"Enter password:\" send \"$db_root_password\r\" expect \"mysql>\" send \"CREATE USER 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r\" send \"CREATE DATABASE directus;\r\" send \"GRANT ALL PRIVILEGES ON directus.* TO 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r\" send \"FLUSH PRIVILEGES;\r\" expect \"mysql>\" send \"quit;\r\" expect eof ") echo "${CREATE_DIRECTUS_DB}" >& /dev/null echo -e "${PURPLE}${BOLD}Directus database created${RESET}" fi # # NODE # echo -e "${PURPLE}${BOLD}Install Node ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then get_username su -c 'curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash &&\ export NVM_DIR="$HOME/.nvm" &&\ [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" &&\ [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" &&\ nvm install v18' $username echo "${PURPLE}${BOLD}Node installed${RESET}"; fi # # SET THE URL # echo -e "${PURPLE}${BOLD}Enter the domain name of the website${RESET}" read domain_name ip=$(hostname -I) echo -e "${PURPLE}${BOLD}Configure the ${domain_name} DNS ZONE as the following${RESET}" echo -e "${PURPLE}Domain : ${domain_name} | Type : A | Target : ${ip}${RESET}" echo -e "${PURPLE}Domain : cms.${domain_name} | Type : A | Target : ${ip}${RESET}" echo -e "${PURPLE}Domain : www.${domain_name} | Type : A | Target : ${ip}${RESET}" echo -e "${PURPLE}${BOLD}Press any key when done${RESET}" read # # DIRECTUS # echo -e "${PURPLE}${BOLD}Install Directus ? (y/n) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo "yooo" # get_username # su -c 'cd &&\ # ' $username fi # TODO REMOVE EXPECT IF IT IS INSTALLED