From 6285afee3142f55eb71758e2eb4d63ba166456b1 Mon Sep 17 00:00:00 2001
From: bprieshof <bprieshof@noreply.example.org>
Date: Thu, 10 Oct 2019 11:41:42 +0200
Subject: [PATCH] Add 'Gitea-Installer.sh'

---
 Gitea-Installer.sh | 200 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 200 insertions(+)
 create mode 100644 Gitea-Installer.sh

diff --git a/Gitea-Installer.sh b/Gitea-Installer.sh
new file mode 100644
index 0000000..7c09c6a
--- /dev/null
+++ b/Gitea-Installer.sh
@@ -0,0 +1,200 @@
+#!/bin/bash
+###============================================================
+##      Ubuntu 18.04 Gitea Installer
+###============================================================
+## Zet comments hieronder:
+#
+#
+#
+##=============================================================
+
+##----------##
+#    Menu    #
+##----------##
+
+echo "Ubuntu 18.04 Gitea installatie script."
+
+echo "Domein"
+read domain
+
+while true; do
+    read -p "Hostname with ictmaatwerk-cs.nl -> yes/no?" yn
+    case $yn in
+        [Nn]* )
+        echo 'Enter full hostname:'
+        read hostname
+        break;;
+        [Yy]* )
+        echo 'Hostname (eg: VCH001) zonder ".ictmaatwerk-cs.nl":'
+        read hostname
+        hostname=$hostname".ictmaatwerk-cs.nl"
+        break;;
+        * )echo "Choose yes or no.";;
+    esac
+done
+
+
+echo "Algemeen wachtwoord:"
+read password
+echo "Administrator email:"
+read email
+echo "Instance name"
+read InstName
+
+##-----------------##
+#    Static-Vars    #
+##-----------------##
+
+phpver=7.3
+sqlver=8.0
+cockpit=1
+PHPMyadmin=0
+giteaver=1.9.4
+
+##----------------##
+#    Pre-Config    #
+##----------------##
+
+if [ ! -d ~/.ssh ]
+then
+   mkdir ~/.ssh
+fi
+sed -i '/Port 22/c\Port 4242' /etc/ssh/sshd_config
+service sshd restart
+echo "root:$password" | chpasswd
+apt update
+apt install -y software-properties-common
+add-apt-repository -y ppa:certbot/certbot
+add-apt-repository -y ppa:ondrej/php
+apt update
+apt upgrade -y
+apt dist-upgrade -y
+apt install -y rsync grsync sshpass
+apt clean
+apt autoremove -y
+hostnamectl set-hostname $hostname
+sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud.cfg
+timedatectl set-timezone Europe/Amsterdam
+if free | awk '/^Swap:/ {exit !$2}'; then
+    echo "swap enabled"
+else
+    fallocate -l 1G /swapfile
+    chmod 600 /swapfile
+    mkswap /swapfile
+    swapon /swapfile
+    echo '/swapfile swap swap defaults 0 0' >> /etc/fstab
+fi
+sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf
+sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf
+
+sed -i 's/IPV6=yes/IPV6=no/g'   /etc/default/ufw
+sed -i "\$a0 3 * * 1 root apt update >/dev/null 2>&1&& apt upgrade -y >/dev/null 2>&1" /etc/crontab
+systemctl restart cron
+ufw allow 443/tcp
+ufw allow 80/tcp
+ufw limit 4242/tcp
+
+echo "y" | ufw enable
+
+mkdir /root/.ssh
+
+apt install fail2ban -y
+
+
+##-------------------##
+#    Install-Nginx    #
+##-------------------##
+
+apt install -y nginx
+systemctl stop nginx 
+wget -q -t7  https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/nginx-default.conf -O /etc/nginx/nginx.conf
+mkdir -p /var/www/"$domain"
+chmod -R 755 /var/www
+chown -R www-data:www-data /var/www/"$domain"
+
+wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/Gitea-unconfigured -O /etc/nginx/sites-available/"$domain"
+sed -i 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$domain"
+ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/
+
+
+##-------------------##
+#    Install-Mysql    #
+##-------------------##
+
+wget -q -t7  https://git.ictmaatwerk.com/VPS-scripts/MySQL/raw/branch/master/mysql-${sqlver}.sh -O Mysql-Installer.sh
+source Mysql-Installer.sh
+
+db_name="giteaDB1"
+db_user="giteaDB1"
+db_pass=$(date +%s|sha256sum|base64|head -c 32)
+mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
+mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
+mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';"
+mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
+
+
+##-------------------##
+#    Install Gitea    #
+##-------------------##
+
+apt install -y git
+
+adduser --system --shell /bin/bash --gecos 'Git Version Control' --group --disabled-password --home /home/git git
+
+mkdir -p /var/lib/gitea/{custom,data,log}
+mkdir /etc/gitea
+mkdir /usr/local/bin
+
+wget -q -t7 https://dl.gitea.io/gitea/"$giteaver"/gitea-"$giteaver"-linux-amd64 -O /usr/local/bin/gitea
+
+chmod +x /usr/local/bin/gitea
+chown git:git /var/lib/gitea/
+chown -R git:git /var/lib/gitea/
+chmod -R 750 /var/lib/gitea/
+chown root:git /etc/gitea
+chmod 750 /etc/gitea
+chmod 640 /etc/gitea/app.ini
+
+IntToken=$(/usr/local/bin/gitea generate secret INTERNAL_TOKEN)
+SecKey=$(/usr/local/bin/gitea generate secret SECRET_KEY)
+JWTSectet=$(/usr/local/bin/gitea generate secret JWT_SECRET)
+LFSSecret=$(/usr/local/bin/gitea generate secret LFS_JWT_SECRET)
+
+sed -i -e 's/DBName/'$db_name'/' -e 's/DBUser/'$db_user'/' -e 's/DBPass/'$db_pass'/' -e 's/DOMAINname/'$domain'/' -e 's/IstName/'$IstName'/'  -e 's/IntToken/'$IntToken'/' -e 's/SecKey/'$SecKey'/' -e 's/JWTSectet/'$JWTSectet'/' -e 's/JWTSectet/'$JWTSectet'/' -e 's/LFSSecret/'$LFSSecret'/' /etc/gitea/app.ini
+
+
+##--------------------##
+#   Install Postfix    #
+##--------------------##
+
+debconf-set-selections <<< "postfix postfix/mailname string $hostname"
+debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
+apt install -y mailutils
+sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
+sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
+sed -i 's/relayhost =/mydestination = '$hostname', localhost.'$hostname', '$hostname'/g' /etc/postfix/main.cf
+cat <<EOF > /etc/aliases
+# See man 5 aliases for format
+postmaster:    root
+root:          $email
+EOF
+newaliases
+
+
+##--------------------##
+#   Install Certbot    #
+##--------------------##
+
+apt install -y python-certbot-nginx
+certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+echo "certbot --nginx -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh
+
+sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
+sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
+sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
+
+##---------------##
+#   finalizing    #
+##---------------##
+systemctl enable gitea
+systemctl start nginx gitea