#!/bin/bash ###============================================================ ## Ubuntu 18.04 Gitea Installer ###============================================================ ## Zet comments hieronder: # # # ##============================================================= ##----------## # Menu # ##----------## echo "Ubuntu 18.04 Gitea installatie script." echo "Domein" read domain while true; do read -p "Hostname with ictmaatwerk-cs.nl -> yes/no?" yn case $yn in [Nn]* ) echo 'Enter full hostname:' read hostname break;; [Yy]* ) echo 'Hostname (eg: VCH001) zonder ".ictmaatwerk-cs.nl":' read hostname hostname=$hostname".ictmaatwerk-cs.nl" break;; * )echo "Choose yes or no.";; esac done echo "Algemeen wachtwoord:" read password echo "Administrator email:" read email echo "Instance name" read InstName ##-----------------## # Static-Vars # ##-----------------## phpver=7.3 sqlver=8.0 cockpit=1 PHPMyadmin=0 giteaver=1.9.4 ##----------------## # Pre-Config # ##----------------## if [ ! -d ~/.ssh ] then mkdir ~/.ssh fi sed -i '/Port 22/c\Port 4242' /etc/ssh/sshd_config service sshd restart echo "root:$password" | chpasswd apt update apt install -y software-properties-common add-apt-repository -y ppa:certbot/certbot add-apt-repository -y ppa:ondrej/php apt update apt upgrade -y apt dist-upgrade -y apt install -y rsync grsync sshpass apt clean apt autoremove -y hostnamectl set-hostname $hostname sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud.cfg timedatectl set-timezone Europe/Amsterdam if free | awk '/^Swap:/ {exit !$2}'; then echo "swap enabled" else fallocate -l 1G /swapfile chmod 600 /swapfile mkswap /swapfile swapon /swapfile echo '/swapfile swap swap defaults 0 0' >> /etc/fstab fi sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf sed -i 's/IPV6=yes/IPV6=no/g' /etc/default/ufw sed -i "\$a0 3 * * 1 root apt update >/dev/null 2>&1&& apt upgrade -y >/dev/null 2>&1" /etc/crontab systemctl restart cron ufw allow 443/tcp ufw allow 80/tcp ufw limit 4242/tcp echo "y" | ufw enable mkdir /root/.ssh apt install fail2ban -y ##-------------------## # Install-Nginx # ##-------------------## apt install -y nginx systemctl stop nginx wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/nginx-default.conf -O /etc/nginx/nginx.conf mkdir -p /var/www/"$domain" chmod -R 755 /var/www chown -R www-data:www-data /var/www/"$domain" wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/Gitea-unconfigured -O /etc/nginx/sites-available/"$domain" sed -i 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$domain" ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/ ##-------------------## # Install-Mysql # ##-------------------## wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/MySQL/raw/branch/master/mysql-${sqlver}.sh -O Mysql-Installer.sh source Mysql-Installer.sh db_name="giteaDB1" db_user="giteaDB1" db_pass=$(date +%s|sha256sum|base64|head -c 32) mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';" mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" ##-------------------## # Install Gitea # ##-------------------## apt install -y git adduser --system --shell /bin/bash --gecos 'Git Version Control' --group --disabled-password --home /home/git git mkdir -p /var/lib/gitea/{custom,data,log} mkdir /etc/gitea mkdir /usr/local/bin wget -q -t7 https://dl.gitea.io/gitea/"$giteaver"/gitea-"$giteaver"-linux-amd64 -O /usr/local/bin/gitea chmod +x /usr/local/bin/gitea chown git:git /var/lib/gitea/ chown -R git:git /var/lib/gitea/ chmod -R 750 /var/lib/gitea/ chown root:git /etc/gitea chmod 750 /etc/gitea chmod 640 /etc/gitea/app.ini IntToken=$(/usr/local/bin/gitea generate secret INTERNAL_TOKEN) SecKey=$(/usr/local/bin/gitea generate secret SECRET_KEY) JWTSectet=$(/usr/local/bin/gitea generate secret JWT_SECRET) LFSSecret=$(/usr/local/bin/gitea generate secret LFS_JWT_SECRET) sed -i -e 's/DBName/'$db_name'/' -e 's/DBUser/'$db_user'/' -e 's/DBPass/'$db_pass'/' -e 's/DOMAINname/'$domain'/' -e 's/IstName/'$IstName'/' -e 's/IntToken/'$IntToken'/' -e 's/SecKey/'$SecKey'/' -e 's/JWTSectet/'$JWTSectet'/' -e 's/JWTSectet/'$JWTSectet'/' -e 's/LFSSecret/'$LFSSecret'/' /etc/gitea/app.ini ##--------------------## # Install Postfix # ##--------------------## debconf-set-selections <<< "postfix postfix/mailname string $hostname" debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" apt install -y mailutils sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf sed -i 's/relayhost =/mydestination = '$hostname', localhost.'$hostname', '$hostname'/g' /etc/postfix/main.cf cat < /etc/aliases # See man 5 aliases for format postmaster: root root: $email EOF newaliases ##--------------------## # Install Certbot # ##--------------------## apt install -y python-certbot-nginx certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos echo "certbot --nginx -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain" sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain" sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain" ##---------------## # finalizing # ##---------------## systemctl enable gitea systemctl start nginx gitea