#!/bin/bash PURPLE='\033[35m' BOLD='\033[1m' RESET='\033[0m' install_pkg() { pkg="$1" if ! command -v "$pkg" &> /dev/null; then apt install -y "$pkg" echo -e "${PURPLE}${BOLD}${pkg} installed${RESET}" fi } get_username() { if [[ -z "$username" ]]; then username=$(getent passwd 1000 | cut -d: -f1) fi } echo -e "${PURPLE}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}" if [ "$EUID" -ne 0 ]; then echo "Please run as root" exit fi # # USER # echo -e "${PURPLE}${BOLD}Create a user ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Create user${RESET}" read -p "Enter username: " username if id "$username" &>/dev/null; then echo "User '$username' already exists." exit 1 fi echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}" read -s -p "Enter password: " password echo useradd -m "$username" chsh -s /bin/bash $username echo "$username:$password" | chpasswd usermod -aG sudo $username echo -e "${PURPLE}${BOLD}User '$username' created with password successfully.${RESET}" fi # # SSH # echo -e "${PURPLE}${BOLD}Setup SSH ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Setup SSH${RESET}" touch /etc/ssh/sshd_config.d/custom.conf echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config.d/custom.conf systemctl reload ssh fi # # FIREWALL AND FAIL2BAN # echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban${RESET}" apt install -y ufw fail2ban systemctl enable fail2ban ufw allow ssh ufw allow http ufw allow https fi # # TODO : ZABBIX AND URBACKUP # echo -e "${PURPLE}${BOLD}TODO : Zabbix and Urbackup${RESET}" # # CADDY # echo -e "${PURPLE}${BOLD}Install Caddy webserver ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Install Caddy Webserver${RESET}" apt install -y debian-keyring debian-archive-keyring apt-transport-https curl curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list apt update apt install -y caddy > /etc/caddy/Caddyfile fi # # MARIADB # echo -e "${PURPLE}${BOLD}Install MariaDB ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then apt install -y mariadb-server echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}" echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}" read -s db_root_password echo install_pkg expect SECURE_MYSQL=$(expect -c " set timeout 3 spawn mysql_secure_installation expect \"Enter current password for root (enter for none):\" send \"\r\" expect \"Switch to unix_socket authentication \\[Y/n\\]\" send \"n\r\" expect \"Change the root password? \\[Y/n\\]\" send \"y\r\" expect \"New password:\" send \"$db_root_password\r\" expect \"Re-enter new password:\" send \"$db_root_password\r\" expect \"Remove anonymous users?\" send \"y\r\" expect \"Disallow root login remotely?\" send \"y\r\" expect \"Remove test database and access to it?\" send \"y\r\" expect \"Reload privilege tables now?\" send \"y\r\" expect eof ") echo "${SECURE_MYSQL}" # https://gist.github.com/coderua/5592d95970038944d099 fi # # DIRECTUS DB # echo -e "${PURPLE}${BOLD}Setup Directus database ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}" echo -e "${PURPLE}${BOLD}Enter the MariaDB Directus password : ${RESET}" read -s db_directus_password echo if [[ -z "$db_root_password" ]]; then echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}" read -s db_root_password echo fi install_pkg expect CREATE_DIRECTUS_DB=$(expect -c " spawn mariadb -u root -p expect \"Enter password:\" send \"$db_root_password\r\" expect \"mysql>\" send \"CREATE USER 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r\" send \"CREATE DATABASE directus;\r\" send \"GRANT ALL PRIVILEGES ON directus.* TO 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r\" send \"FLUSH PRIVILEGES;\r\" expect \"mysql>\" send \"quit;\r\" expect eof ") echo "${CREATE_DIRECTUS_DB}" >& /dev/null echo -e "${PURPLE}${BOLD}Directus database created${RESET}" fi # # NODE # echo -e "${PURPLE}${BOLD}Install Node ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then get_username su -c 'curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash &&\ export NVM_DIR="$HOME/.nvm" &&\ [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" &&\ [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" &&\ nvm install v18' $username ln -sf /home/$username/.nvm/versions/node/v18.19.1/bin/node /usr/bin/node ln -sf /home/$username/.nvm/versions/node/v18.19.1/bin/npm /usr/bin/npm ln -sf /home/$username/.nvm/versions/node/v18.19.1/bin/npx /usr/bin/npx echo -e "${PURPLE}${BOLD}Node installed${RESET}"; fi # # SET THE URL # echo -e "${PURPLE}${BOLD}Enter the domain name of the website${RESET}" read domain_name ip=$(hostname -I) if [[ "${ip: -1}" == " " ]]; then ip="${ip%?}" fi echo -e "${PURPLE}${BOLD}Configure the ${domain_name} DNS ZONE as the following${RESET}" echo -e "${PURPLE}Domain : ${domain_name} | Type : A | Target : ${ip}${RESET}" echo -e "${PURPLE}Domain : cms.${domain_name} | Type : A | Target : ${ip}${RESET}" echo -e "${PURPLE}Domain : www.${domain_name} | Type : A | Target : ${ip}${RESET}" echo -e "${PURPLE}${BOLD}Press any key when done${RESET}" read # # DIRECTUS # echo -e "${PURPLE}${BOLD}Install Directus ? (y/N) ${RESET}" read answer if [[ "$answer" == "y" ]]; then install_pkg tmux get_username if [[ -z "$db_directus_password" ]]; then echo -e "${PURPLE}${BOLD}Enter the MariaDB Directus password : ${RESET}" read -s db_directus_password echo fi echo -e "${PURPLE}${BOLD}Generate and store the credentials somewhere safe${RESET}" echo -e "${PURPLE}${BOLD}Enter the Directus admin email : ${RESET}" read directus_admin_email echo -e "${PURPLE}${BOLD}Enter the Directus admin password : ${RESET}" read -s directus_admin_password cms_folder="cms_${domain_name}" env_file="${cms_folder}/.env" port=8055 key=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') secret=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') su -c "cd &&\ mkdir ${cms_folder} &&\ mkdir ${cms_folder}/uploads &&\ echo \"HOST='${ip}'\" >> ${env_file} &&\ echo \"PORT=${port}\" >> ${env_file} &&\ echo \"PUBLIC_URL='https://cms.${domain_name}'\" >> ${env_file} &&\ echo \"DB_CLIENT='mysql'\" >> ${env_file} &&\ echo \"DB_HOST='127.0.0.1'\" >> ${env_file} &&\ echo \"DB_PORT='3306'\" >> ${env_file} &&\ echo \"DB_DATABASE='directus'\" >> ${env_file} &&\ echo \"DB_USER='directus'\" >> ${env_file} &&\ echo \"DB_PASSWORD='${db_directus_password}'\" >> ${env_file} &&\ echo \"SECRET='${secret}'\" >> ${env_file} &&\ echo \"KEY='${key}'\" >> ${env_file} &&\ echo \"ADMIN_EMAIL='${directus_admin_email}'\" >> ${env_file} &&\ echo \"ADMIN_PASSWORD='${directus_admin_password}'\" >> ${env_file} &&\ echo \"CORS_ENABLED='true'\" >> ${env_file} &&\ echo \"CORS_ORIGIN='true'\" >> ${env_file} &&\ cd ${cms_folder} &&\ npm init -y &&\ npx directus bootstrap" $username chown -R caddy:caddy "/home/${username}/${cms_folder}" session="directus" su -c "tmux new-session -d -s ${session} &&\ tmux send-keys -t ${session} \"cd /home/${username}/${cms_folder} && npx directus start\" C-m" $username caddyfile="/etc/caddy/Caddyfile" echo "cms.${domain_name} {" >> $caddyfile echo "reverse_proxy ${ip}:${port}" >> $caddyfile echo "}" >> $caddyfile caddy fmt $caddyfile -w caddy reload -c $caddyfile fi # TODO # REMOVE EXPECT AT THE END IF IT IS INSTALLED # CREATE AN ASSETS FOLDER WITH THE DIRECTUS ENV # LOGING DE TOUT