valentin_le_moign
/
deployment-dcdn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
deployment-dcdn/install.sh

283 lines
8.6 KiB
Bash
Raw Blame History

#!/bin/bash
PURPLE='\033[35m'
BOLD='\033[1m'
RESET='\033[0m'
install_pkg() {
pkg="$1"
if ! command -v "$pkg" &> /dev/null; then
apt install -y "$pkg"
echo -e "${PURPLE}${BOLD}${pkg} installed${RESET}"
fi
}
get_username() {
if [[ -z "$username" ]]; then
username=$(getent passwd 1000 | cut -d: -f1)
fi
}
echo -e "${PURPLE}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}"
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit
fi
#
# USER
#
echo -e "${PURPLE}${BOLD}Create a user ? (y/N) ${RESET}"
read answer
if [[ "$answer" == "y" ]]; then
echo -e "${PURPLE}${BOLD}Create user${RESET}"
read -p "Enter username: " username
if id "$username" &>/dev/null; then
echo "User '$username' already exists."
exit 1
fi
echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}"
read -s -p "Enter password: " password
echo
useradd -m "$username"
chsh -s /bin/bash $username
echo "$username:$password" | chpasswd
usermod -aG sudo $username
echo -e "${PURPLE}${BOLD}User '$username' created with password successfully.${RESET}"
fi
#
# SSH
#
echo -e "${PURPLE}${BOLD}Setup SSH ? (y/N) ${RESET}"
read answer
if [[ "$answer" == "y" ]]; then
echo -e "${PURPLE}${BOLD}Setup SSH${RESET}"
touch /etc/ssh/sshd_config.d/custom.conf
echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf
echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config.d/custom.conf
systemctl reload ssh
fi
#
# FIREWALL AND FAIL2BAN
#
echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban ? (y/N) ${RESET}"
read answer
if [[ "$answer" == "y" ]]; then
echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban${RESET}"
apt install -y ufw fail2ban
systemctl enable fail2ban
ufw allow ssh
ufw allow http
ufw allow https
fi
#
# TODO : ZABBIX AND URBACKUP
#
echo -e "${PURPLE}${BOLD}TODO : Zabbix and Urbackup${RESET}"
#
# CADDY
#
echo -e "${PURPLE}${BOLD}Install Caddy webserver ? (y/N) ${RESET}"
read answer
if [[ "$answer" == "y" ]]; then
echo -e "${PURPLE}${BOLD}Install Caddy Webserver${RESET}"
apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
apt update
apt install -y caddy
> /etc/caddy/Caddyfile
fi
#
# MARIADB
#
echo -e "${PURPLE}${BOLD}Install MariaDB ? (y/N) ${RESET}"
read answer
if [[ "$answer" == "y" ]]; then
apt install -y mariadb-server
echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}"
echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}"
read -s db_root_password
echo
install_pkg expect
SECURE_MYSQL=$(expect -c "
set timeout 3
spawn mysql_secure_installation
expect \"Enter current password for root (enter for none):\"
send \"\r\"
expect \"Switch to unix_socket authentication \\[Y/n\\]\"
send \"n\r\"
expect \"Change the root password? \\[Y/n\\]\"
send \"y\r\"
expect \"New password:\"
send \"$db_root_password\r\"
expect \"Re-enter new password:\"
send \"$db_root_password\r\"
expect \"Remove anonymous users?\"
send \"y\r\"
expect \"Disallow root login remotely?\"
send \"y\r\"
expect \"Remove test database and access to it?\"
send \"y\r\"
expect \"Reload privilege tables now?\"
send \"y\r\"
expect eof
")
echo "${SECURE_MYSQL}"
# https://gist.github.com/coderua/5592d95970038944d099
fi
#
# DIRECTUS DB
#
echo -e "${PURPLE}${BOLD}Setup Directus database ? (y/N) ${RESET}"
read answer
if [[ "$answer" == "y" ]]; then
echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}"
echo -e "${PURPLE}${BOLD}Enter the MariaDB Directus password : ${RESET}"
read -s db_directus_password
echo
if [[ -z "$db_root_password" ]]; then
echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}"
read -s db_root_password
echo
fi
install_pkg expect
CREATE_DIRECTUS_DB=$(expect -c "
spawn mariadb -u root -p
expect \"Enter password:\"
send \"$db_root_password\r\"
expect \"mysql>\"
send \"CREATE USER 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r\"
send \"CREATE DATABASE directus;\r\"
send \"GRANT ALL PRIVILEGES ON directus.* TO 'directus'@'localhost' IDENTIFIED BY '${db_directus_password}';\r\"
send \"FLUSH PRIVILEGES;\r\"
expect \"mysql>\"
send \"quit;\r\"
expect eof
")
echo "${CREATE_DIRECTUS_DB}" >& /dev/null
echo -e "${PURPLE}${BOLD}Directus database created${RESET}"
fi
#
# NODE
#
echo -e "${PURPLE}${BOLD}Install Node ? (y/N) ${RESET}"
read answer
if [[ "$answer" == "y" ]]; then
get_username
su -c 'curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash &&\
export NVM_DIR="$HOME/.nvm" &&\
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" &&\
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" &&\
nvm install v18' $username
ln -sf /home/$username/.nvm/versions/node/v18.19.1/bin/node /usr/bin/node
ln -sf /home/$username/.nvm/versions/node/v18.19.1/bin/npm /usr/bin/npm
ln -sf /home/$username/.nvm/versions/node/v18.19.1/bin/npx /usr/bin/npx
echo -e "${PURPLE}${BOLD}Node installed${RESET}";
fi
#
# SET THE URL
#
echo -e "${PURPLE}${BOLD}Enter the domain name of the website${RESET}"
read domain_name
ip=$(hostname -I)
if [[ "${ip: -1}" == " " ]]; then
ip="${ip%?}"
fi
echo -e "${PURPLE}${BOLD}Configure the ${domain_name} DNS ZONE as the following${RESET}"
echo -e "${PURPLE}Domain : ${domain_name} | Type : A | Target : ${ip}${RESET}"
echo -e "${PURPLE}Domain : cms.${domain_name} | Type : A | Target : ${ip}${RESET}"
echo -e "${PURPLE}Domain : www.${domain_name} | Type : A | Target : ${ip}${RESET}"
echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
read
#
# DIRECTUS
#
echo -e "${PURPLE}${BOLD}Install Directus ? (y/N) ${RESET}"
read answer
if [[ "$answer" == "y" ]]; then
install_pkg tmux
get_username
if [[ -z "$db_directus_password" ]]; then
echo -e "${PURPLE}${BOLD}Enter the MariaDB Directus password : ${RESET}"
read -s db_directus_password
echo
fi
echo -e "${PURPLE}${BOLD}Generate and store the credentials somewhere safe${RESET}"
echo -e "${PURPLE}${BOLD}Enter the Directus admin email : ${RESET}"
read directus_admin_email
echo -e "${PURPLE}${BOLD}Enter the Directus admin password : ${RESET}"
read -s directus_admin_password
cms_folder="cms_${domain_name}"
env_file="${cms_folder}/.env"
port=8055
key=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
secret=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
su -c "cd &&\
mkdir ${cms_folder} &&\
mkdir ${cms_folder}/uploads &&\
echo \"HOST='${ip}'\" >> ${env_file} &&\
echo \"PORT=${port}\" >> ${env_file} &&\
echo \"PUBLIC_URL='https://cms.${domain_name}'\" >> ${env_file} &&\
echo \"DB_CLIENT='mysql'\" >> ${env_file} &&\
echo \"DB_HOST='127.0.0.1'\" >> ${env_file} &&\
echo \"DB_PORT='3306'\" >> ${env_file} &&\
echo \"DB_DATABASE='directus'\" >> ${env_file} &&\
echo \"DB_USER='directus'\" >> ${env_file} &&\
echo \"DB_PASSWORD='${db_directus_password}'\" >> ${env_file} &&\
echo \"SECRET='${secret}'\" >> ${env_file} &&\
echo \"KEY='${key}'\" >> ${env_file} &&\
echo \"ADMIN_EMAIL='${directus_admin_email}'\" >> ${env_file} &&\
echo \"ADMIN_PASSWORD='${directus_admin_password}'\" >> ${env_file} &&\
echo \"CORS_ENABLED='true'\" >> ${env_file} &&\
echo \"CORS_ORIGIN='true'\" >> ${env_file} &&\
cd ${cms_folder} &&\
npm init -y &&\
npx directus bootstrap" $username
chown -R caddy:caddy "/home/${username}/${cms_folder}"
session="directus"
su -c "tmux new-session -d -s ${session} &&\
tmux send-keys -t ${session} \"cd /home/${username}/${cms_folder} && npx directus start\" C-m" $username
caddyfile="/etc/caddy/Caddyfile"
echo "cms.${domain_name} {" >> $caddyfile
echo "reverse_proxy ${ip}:${port}" >> $caddyfile
echo "}" >> $caddyfile
caddy fmt $caddyfile -w
caddy reload -c $caddyfile
fi
# TODO
# REMOVE EXPECT AT THE END IF IT IS INSTALLED
# CREATE AN ASSETS FOLDER WITH THE DIRECTUS ENV
# LOGING DE TOUT
Reference in New Issue View Git Blame Copy Permalink