splitted vhost, added gitbarerepo creation

assets/deploy-drupal.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+echo "updating drupal 8"
+echo "Switching to project docroot."
+cd ./public_html
+echo ""
+echo "Pulling down latest code."
+git pull --ff-only origin prod
+echo ""
+echo "Clearing drush caches."
+drush cache-clear drush
+echo ""
+echo "Composer install."
+composer install --no-dev
+echo ""
+echo "Running database updates."
+drush updb -y
+echo ""
+echo "Importing configuration."
+drush config-import -y
+echo ""
+echo "Clearing caches."
+drush cr
+echo ""
+echo "Deployment complete."

assets/deploy-simple.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+echo "updating"
+echo "Switching to project docroot."
+cd ./public_html
+echo ""
+echo "Pulling down latest code."
+git pull --ff-only origin prod
+echo ""
+echo "Deployment complete."

assets/git-post-reveive

@@ -10,9 +10,11 @@ if [ $refname = "refs/heads/prod" ]; then
   unset GIT_DIR
   cd ~
   cd $PRODDIR
-  git pull --ff-only origin prod
+  # git pull --ff-only origin prod
+  # run deploy script instead
+  . deploy.sh
   echo $?
   echo "====== OK ====="
 else
   echo "Warning Commit not deployed, please use prod branch"
-fi
+fi

assets/git-pre-receive

@@ -1,6 +1,7 @@
 #!/bin/bash
 #hook/pre-receive
 #CONFIG
+
 PRODDIR="www"
 
 read oldrev newrev refname
@@ -14,4 +15,4 @@ if [ $refname = "refs/heads/prod" ]; then
   echo "====== OK ====="
 else
   echo "Warning Commit not deployed, please use prod branch"
-fi
+fi

assets/knockd.conf

@@ -4,6 +4,7 @@
 [SSH]
       sequence    = 7000,8000,9000
       seq_timeout = 5
+      # TODO do not limit port 22 to the ip as it don't work with 4G connection 
       start_command = ufw allow from %IP% to any port 22
       tcpflags    = syn
       cmd_timeout   = 10

bin/gitbarrerepos.sh

@@ -7,7 +7,7 @@ _cwd="$(pwd)"
 
 while [ "$_bare_name" = "" ]
 do
-read -p "enter the bare repos folder name ? " _host_name
+read -p "enter the bare repos folder name ? " _bare_name
 if [ "$_bare_name" != "" ]; then
   read -p "is bare folder name $_bare_name correcte [y|n] " validated
   if [ "$validated" = "y" ]; then
@@ -18,11 +18,11 @@ if [ "$_bare_name" != "" ]; then
 fi
 done
 
-
 while [ "$_prod_folder_path" = "" ]
 do
-read -p "enter the prod folder path folder name ? " _host_name
-if [ "$_bare_name" != "" ]; then
+read -p "enter the prod folder path (must be a public_html parent's) ? " _prod_folder_path
+if [ "$_prod_folder_path" != "" ]; then
+  # TODO check if path exists
   read -p "is prod folder path $_prod_folder_path correcte [y|n] " validated
   if [ "$validated" = "y" ]; then
     break
@@ -32,14 +32,26 @@ if [ "$_bare_name" != "" ]; then
 fi
 done
 
+# ask for simple php conf or drupal conf
+while [ "$_drupal" != "yes" ] && [ "$_drupal" != "no" ]
+do
+  echo -n "Is your site is a drupal one? [yes|no] "
+  read _drupal
+done
 
 # setup bare repositorie to push to
-
 mkdir ~/git-repositories
 mkdir ~/git-repositories/"$_bare_name".git
 cd ~/git-repositories/"$_bare_name".git
 git init --bare
 
+# add deploy script
+if [ "$_drupal" = "yes" ]; then
+  cp "$_cwd"/assets/deploy-drupal.sh "$_prod_folder_path"/deploy.sh
+else
+  cp "$_cwd"/assets/deploy-simple.sh "$_prod_folder_path"/deploy.sh
+fi
+
 # setup git repo on site folder
 cd "$_prod_folder_path"
 git init
@@ -51,14 +63,14 @@ cd ~
 cp "$_cwd"/assets/git-pre-receive /home/"$USER"/git-repositories/"$_bare_name".git/hooks/pre-receive
 cp "$_cwd"/assets/git-post-receive /home/"$USER"/git-repositories/"$_bare_name".git/hooks/post-receive
 
-sed -ir "s/PRODDIR=\"www\"/PRODDIR=\/srv\/www\/$_bare_name\/public_html/g" /home/"$USER"/git-repositories/"$_bare_name".git/hooks/pre-receive
-sed -ir "s/PRODDIR=\"www\"/PRODDIR=\/srv\/www\/$_bare_name\/public_html/g" /home/"$USER"/git-repositories/"$_bare_name".git/hooks/post-receive
+sed -ir "s/PRODDIR=\"www\"/PRODDIR=$_prod_folder_path/g" /home/"$USER"/git-repositories/"$_bare_name".git/hooks/pre-receive
+sed -ir "s/PRODDIR=\"www\"/PRODDIR=$_prod_folder_path/g" /home/"$USER"/git-repositories/"$_bare_name".git/hooks/post-receive
 
 cd /home/"$USER"/git-repositories/"$_bare_name".git/hooks/
 chmod +x post-receive pre-receive
 
 # done
 echo "git repos for $_bare_name install succeed"
-echo "your site stay now to /home/$USER/www/$_bare_name"
+echo "your site stay now to $_prod_folder_path"
 echo "you can push updates on prod branch through $USER@IP.IP.IP.IP:git-repositories/$_bare_name.git"
 echo "* * *"

bin/knockd.sh

@@ -25,7 +25,11 @@ echo -n "define a sequence number for opening ssh (as 7000,8000,9000) : "
 read sq
 sed -i "s/7000,8000,9000/$sq/g" /etc/knockd.conf
 sed -i 's/START_KNOCKD=0/START_KNOCKD=1/g' /etc/default/knockd
-/etc/init.d/knockd start
+# /etc/init.d/knockd start
+systemctl start knockd
+# patch https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868015
+# systemctl enable knockd
+
 echo "\033[92;1mknockd installed and configured\033[Om"
 echo "\033[92;1mplease note this sequence for future ssh knocking\033[Om"
 echo "$sq1"

bin/lemp.sh

@@ -154,103 +154,6 @@ chmod +x /usr/local/bin/drush
 echo "\033[92;1mDrush and DrupalConsoleinstalled\033[Om"
 
 
-echo '\033[35m
-        __               __
- _   __/ /_  ____  _____/ /_
-| | / / __ \/ __ \/ ___/ __/
-| |/ / / / / /_/ (__  ) /_
-|___/_/ /_/\____/____/\__/
-\033[0m'
-echo "\033[35;1mVHOST install \033[0m"
-while [ "$vh" != "y" ] && [ "$vh" != "n" ]
-do
-echo -n "Should we install a vhost? [y|n] "
-read vh
-# vh=${vh:-y}
-done
-if [ "$vh" = "y" ]; then
-
-  while [ "$_domain" = "" ]
-  do
-  read -p "enter a hostname ? " _domain
-  if [ "$_domain" != "" ]; then
-    read -p "is hostname $_domain correcte [y|n] " validated
-    if [ "$validated" = "y" ]; then
-      break
-    else
-      _domain=""
-    fi
-  fi
-  done
-  # ask for simple php conf or drupal conf
-  while [ "$_drupal" != "yes" ] && [ "$_drupal" != "no" ]
-  do
-    echo -n "Is your site is a drupal one? [yes|no] "
-    read _drupal
-  done
-  # ask for let's encrypt
-  while [ "$_letsencrypt" != "yes" ] && [ "$_letsencrypt" != "no" ]
-  do
-    echo "Let's encrypt"
-    echo "Let's encrypt needs a public registered domain name with proper DNS records ( A records or CNAME records for subdomains pointing to your server)."
-    echo -n "Should we install let's encrypt certificate with $_domain? [yes|no] "
-    read _letsencrypt
-  done
-
-  # lets'encrypt
-  # https://certbot.eff.org/lets-encrypt/debianstretch-nginx
-  if [ "$_letsencrypt" = "yes" ]; then
-    apt-get install certbot
-    certbot certonly --cert-name "$_domain" --standalone –d "$_domain"
-    openssl dhparam –out /etc/nginx/dhparam.pem 2048
-    # TODO renewing
-    touch /var/spool/crontab/root
-    crontab -l > mycron
-    echo "0 3 * * * certbot renew --pre-hook 'systemctl stop nginx' --post-hook 'systemctl start nginx' --cert-name $_domain" >> mycron
-    crontab mycron
-    rm mycron
-  fi
-
-  if [ "$_drupal" = "yes" ]; then
-    if [ "$_letsencrypt" = "yes" ]; then
-      _conffile = "drupal-ssl.nginxconf"
-    else
-      _conffile = "drupal.nginxconf"
-    fi
-  else
-    if [ "$_letsencrypt" = "yes" ]; then
-      _conffile = "simple-phpfpm-ssl.nginxconf"
-    else
-      _conffile = "simple-phpfpm.nginxconf"
-    fi
-  fi
-
-  cp "$_cwd"/assets/"$_conffile" /etc/nginx/sites-available/"$_domain".conf
-  sed -ir "s/DOMAIN\.LTD/$_domain/g" /etc/nginx/sites-available/"$_domain".conf
-
-  mkdir -p /var/www/"$_domain"/public_html
-  mkdir /var/www/"$_domain"/logs
-  #set proper right to user will handle the app
-  chown -R root:admin  /var/www/"$_domain"/
-  chmod -R g+w /var/www/"$_domain"/
-  chmod -R g+r /var/www/"$_domain"/
-
-  # create a shortcut to the site
-  # TODO ask for $user name if not existing
-  mkdir /home/"$user"/www/
-  chown "$user":admin /home/"$user"/www/
-  ln -s /var/www/"$_domain" /home/"$user"/www/"$_domain"
-
-  # activate the vhost
-  ln -s /etc/nginx/sites-available/"$_domain".conf /etc/nginx/sites-enabled/"$_domain".conf
-
-  # restart nginx
-  systemctl restart nginx
-  echo "\033[92;1mvhost $_domain configured\033[Om"
-else
-  echo "Vhost installation aborted"
-fi
-
 
 # TODO supervising
 # echo '\033[35m

bin/vhost.sh

@@ -0,0 +1,99 @@
+
+echo '\033[35m
+        __               __
+ _   __/ /_  ____  _____/ /_
+| | / / __ \/ __ \/ ___/ __/
+| |/ / / / / /_/ (__  ) /_
+|___/_/ /_/\____/____/\__/
+\033[0m'
+echo "\033[35;1mNginx VHOST install \033[0m"
+while [ "$vh" != "y" ] && [ "$vh" != "n" ]
+do
+echo -n "Should we install a vhost? [y|n] "
+read vh
+# vh=${vh:-y}
+done
+if [ "$vh" = "y" ]; then
+
+  while [ "$_domain" = "" ]
+  do
+  read -p "enter a hostname ? " _domain
+  if [ "$_domain" != "" ]; then
+    read -p "is hostname $_domain correcte [y|n] " validated
+    if [ "$validated" = "y" ]; then
+      break
+    else
+      _domain=""
+    fi
+  fi
+  done
+
+  # ask for simple php conf or drupal conf
+  while [ "$_drupal" != "yes" ] && [ "$_drupal" != "no" ]
+  do
+    echo -n "Is your site is a drupal one? [yes|no] "
+    read _drupal
+  done
+
+  # ask for let's encrypt
+  while [ "$_letsencrypt" != "yes" ] && [ "$_letsencrypt" != "no" ]
+  do
+    echo "Let's encrypt"
+    echo "Let's encrypt needs a public registered domain name with proper DNS records ( A records or CNAME records for subdomains pointing to your server)."
+    echo -n "Should we install let's encrypt certificate with $_domain? [yes|no] "
+    read _letsencrypt
+  done
+
+  # lets'encrypt
+  # https://certbot.eff.org/lets-encrypt/debianstretch-nginx
+  if [ "$_letsencrypt" = "yes" ]; then
+    apt-get install certbot
+    certbot certonly --cert-name "$_domain" --standalone –d "$_domain"
+    openssl dhparam –out /etc/nginx/dhparam.pem 2048
+    # TODO renewing
+    touch /var/spool/crontab/root
+    crontab -l > mycron
+    echo "0 3 * * * certbot renew --pre-hook 'systemctl stop nginx' --post-hook 'systemctl start nginx' --cert-name $_domain" >> mycron
+    crontab mycron
+    rm mycron
+  fi
+
+  if [ "$_drupal" = "yes" ]; then
+    if [ "$_letsencrypt" = "yes" ]; then
+      _conffile = "drupal-ssl.nginxconf"
+    else
+      _conffile = "drupal.nginxconf"
+    fi
+  else
+    if [ "$_letsencrypt" = "yes" ]; then
+      _conffile = "simple-phpfpm-ssl.nginxconf"
+    else
+      _conffile = "simple-phpfpm.nginxconf"
+    fi
+  fi
+
+  cp "$_cwd"/assets/"$_conffile" /etc/nginx/sites-available/"$_domain".conf
+  sed -ir "s/DOMAIN\.LTD/$_domain/g" /etc/nginx/sites-available/"$_domain".conf
+
+  mkdir -p /var/www/"$_domain"/public_html
+  mkdir /var/www/"$_domain"/logs
+  #set proper right to user will handle the app
+  chown -R root:admin  /var/www/"$_domain"/
+  chmod -R g+w /var/www/"$_domain"/
+  chmod -R g+r /var/www/"$_domain"/
+
+  # create a shortcut to the site
+  # TODO ask for $user name if not existing
+  mkdir /home/"$user"/www/
+  chown "$user":admin /home/"$user"/www/
+  ln -s /var/www/"$_domain" /home/"$user"/www/"$_domain"
+
+  # activate the vhost
+  ln -s /etc/nginx/sites-available/"$_domain".conf /etc/nginx/sites-enabled/"$_domain".conf
+
+  # restart nginx
+  systemctl restart nginx
+  echo "\033[92;1mvhost $_domain configured\033[Om"
+else
+  echo "Vhost installation aborted"
+fi

install-debian-server.sh

@@ -72,6 +72,8 @@ else
   echo 'lemp server not installed'
 fi
 
+. bin/vhost.sh
+
 . bin/dotfiles.sh
 . bin/autoupdate.sh