Bash scripts to facilitate creation of web pages, sites, applications. https://keybored.co
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

109 lines
5.3 KiB

init_conf () {
printf "No config file found. Initialize one interactively? \r \n"
read -p "[Y/n]:" -n1
[[ $REPLY =~ ^[Yy]$ ]] || (echo "Please copy config.template to config and fill out with your preferences" && exit 1)
while [[ -z ${ssh_port_pass} ]]; do
read -p "New SSH port? Select a number between 1024-49151" ssh_port
[[ ${ssh_port} -ge 1024 ]] && [[ ${ssh_port} -le 49151 ]] || ( echo "Not a valid port value. Please try again" ; continue )
if command -v lsof > /dev/null; then
[[ -z $(lsof -i -P -n | grep LISTEN | cut -d":" -f2 | grep ${ssh_port}) ]] && export ssh_port_pass="1" || (echo "Port selected appears to be in use. Please try again" ; continue)
elif command -v netstat > /dev/null; then
[[ -z $(netstat -tulpn | grep LISTEN | awk {'print $4'} | cut -d":" -f2) ]] && export ssh_port_pass="1" || (echo "Port selected appears to be in use. Please try again" ; continue)
else echo "No command appears to exist to check ports in use. Enter L to install lsof, N to install netstat, C to continue with port entered (POTENTIALLY DANGEROUS), E to exit."
read -p "[L/N/C/E]: " -n1 ssh_port_inuse
case ${ssh_port_inuse} in
L|l) apt update && apt install -y lsof;;
N|n) apt update && apt install -y net-tools;;
C|c) break;;
E|e) return 2;;
*) echo "Command not understood. Restarting..." ;;
esac
fi
done
read -p "Email recipient for notifications? " notify_to
read -p "Email sender for notifications? " notify_from
printf "Use SMTP for email notifications? \r \n "
read -p "[y/N]:" -n1
if [[ $REPLY =~ ^[Yy]$ ]]; then
read -p "SMTP Host? " smtp_host
read -p "SMTP User? " smtp_user
read -s -p "SMTP Password? " smtp_pass
fi
sed -e "s/ssh_port=\"\"/ssh_port=\"${ssh_port}/" -e "s/notify_to=\"\"/notify_to=\"${notify_to}\"/" -e "s/notify_from=\"\"/notify_from=\"${notify_from}\"/" -e "s/smtp_host=\"\"/smtp_host=\"${smtp_host}\"/" -e "s/smtp_user=\"\"/smtp_user=\"${smtp_user}\"/" -e "s/smtp_pass=\"\"/smtp_pass=\"${smtp_pass}\"/" ${DIR}/config.template > ${DIR}/config
echo "Current hostname is ${HOSTNAME} - change this?"
read -p "[y/N]:" -n1
if [[ $REPLY =~ ^[Yy]$ ]]; then
read -p "New hostname? " new_hostname
command -v hostnamectl > /dev/null && hostnamectl set-hostname
hostname ${new_hostname}
echo "${new_hostname}" > /etc/hostname
fi
echo "Deploy DNS server?"
read -p "[Y/n]:" -n1
[[ $REPLY =~ ^[Nn]$ ]] && export no_knot="true"
echo "Deploy PHP & Database? This is required for most webapps."
read -p "[Y/n]:" -n1
[[ $REPLY =~ ^[Nn]$ ]] && export no_php="true"
if [[ $REPLY =~ ^[Yy]$ ]]; then
echo "Default database is PostgresSQL. Change to MariaDB?"
read -p "[y/N]:" -n1
[[ $REPLY =~ ^[Yy]$ ]] && sed -i -e "s/psql/mariadb/" ${DIR}/config
}
create_swap () { ## followed by number of 1M chunks, eg 512, 1024, 2048, etc }
local swap_size="${1}"
if [[ -z $(free | grep Swap | awk {'print $2'}) ]] ; then
touch /var/spool/swap.img
chmod 600 /var/spool/swap.img
dd if=/dev/zero of=/var/spool/swap.img bs=1024k count=${swap_size}
mkswap /var/spool/swap.img
swapon /var/spool/swap.img
echo "/var/spool/swap.img none swap sw 0 0" >> /etc/fstab
echo "30" > /proc/sys/vm/swappiness
sysctl -w vm.swappiness=30
fi
}
ssh_harden () {
local ssh_port="${1}"
sed -e "s/#Port 22/Port ${sshport}/" -e "s/#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/" /etc/ssh/sshd_config
systemctl restart sshd
}
install_core () {
apt-get -y install apt-transport-https lsb-release ca-certificates curl zip gnupg
touch /etc/apt/sources.list.d/php.list /etc/apt/sources.list.d/psql.list
echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main" > /etc/apt/sources.list.d/psql.list
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
apt update > /dev/null
apt install -y nginx-full postgresql certbot
}
install_php () {
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list
apt install -y php${cur_version}-ctype php${cur_version}-curl php${cur_version}-dom php${cur_version}-gd php${cur_version}-iconv php${cur_version}-json php${cur_version}-libxml php${cur_version}-mbstring php${cur_version}-openssl php${cur_version}-openssl php${cur_version}-posix php${cur_version}-fpm
}
install_knot () {
}
knot_keygen () {
usage() { echo "${0} <key_id> <update|transfer|notify> <zone_id> <0|1>(apply template[default].acl)"; }
[[ $# == 4 ]] || (usage ; return 1)
[[ -d /var/lib/knot/keys ]] || return 2
keymgr -t ${1} > /var/lib/knot/keys/${1}.key
if [[ -n "$(knotc conf-read zone[${3}].acl)" ]]; then
export CUR_ACL="$(knotc conf-read zone[${3}].acl | cut -d'=' -f2)"
elif [[ ${4} == 1 ]]; then
export CUR_ACL="$(knotc conf-read template[default].acl | cut -d'=' -f2)"
fi
knotc conf-begin
knotc conf-set key.id ${1}
knotc conf-set key[${1}].algorithm $(grep algorithm /var/lib/knot/keys/${1}.key | awk {'print $2'})
knotc conf-set key[${1}].secret $(grep secret /var/lib/knot/keys/${1}.key | awk {'print $2'})
knotc conf-set acl.id acl_${1}
knotc conf-set acl[acl_${1}].key ${1}
knotc conf-set acl[acl_${1}].action ${2}
if [[ -n "${CUR_ACL}" ]]; then
knotc conf-set zone[${3}].acl ${CUR_ACL} acl_${1}
else knotc conf-set zone[${3}].acl acl_${1}
fi
knotc conf-commit
}