VPS-scripts_Ubuntu-Gitea/Gitea-Installer.sh

#!/bin/bash
###============================================================
##      Ubuntu 18.04 Gitea Installer
###============================================================
## Zet comments hieronder:
#
#
#
##=============================================================

##----------##
#    Menu    #
##----------##

echo "Ubuntu 18.04 Gitea installatie script."

echo "Domein"
read domain

while true; do
    read -p "Hostname with ictmaatwerk-cs.nl -> yes/no?" yn
    case $yn in
        [Nn]* )
        echo 'Enter full hostname:'
        read hostname
        break;;
        [Yy]* )
        echo 'Hostname (eg: VCH001) zonder ".ictmaatwerk-cs.nl":'
        read hostname
        hostname=$hostname".ictmaatwerk-cs.nl"
        break;;
        * )echo "Choose yes or no.";;
    esac
done


echo "Algemeen wachtwoord:"
read password
echo "Administrator email:"
read email
echo "Instance name"
read InstName

##-----------------##
#    Static-Vars    #
##-----------------##

phpver=7.3
sqlver=8.0
cockpit=1
PHPMyadmin=0
giteaver=1.9.4

##----------------##
#    Pre-Config    #
##----------------##

if [ ! -d ~/.ssh ]
then
   mkdir ~/.ssh
fi
sed -i '/Port 22/c\Port 4242' /etc/ssh/sshd_config
service sshd restart
echo "root:$password" | chpasswd
apt update
apt install -y software-properties-common
add-apt-repository -y ppa:certbot/certbot
add-apt-repository -y ppa:ondrej/php
apt update
apt upgrade -y
apt dist-upgrade -y
apt install -y rsync grsync sshpass
apt clean
apt autoremove -y
hostnamectl set-hostname $hostname
sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud.cfg
timedatectl set-timezone Europe/Amsterdam
if free | awk '/^Swap:/ {exit !$2}'; then
    echo "swap enabled"
else
    fallocate -l 1G /swapfile
    chmod 600 /swapfile
    mkswap /swapfile
    swapon /swapfile
    echo '/swapfile swap swap defaults 0 0' >> /etc/fstab
fi
sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf
sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf

sed -i 's/IPV6=yes/IPV6=no/g'   /etc/default/ufw
sed -i "\$a0 3 * * 1 root apt update >/dev/null 2>&1&& apt upgrade -y >/dev/null 2>&1" /etc/crontab
systemctl restart cron
ufw allow 443/tcp
ufw allow 80/tcp
ufw limit 4242/tcp

echo "y" | ufw enable

mkdir /root/.ssh

apt install fail2ban -y


##-------------------##
#    Install-Nginx    #
##-------------------##

apt install -y nginx
systemctl stop nginx 
wget -q -t7  https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/nginx-default.conf -O /etc/nginx/nginx.conf
mkdir -p /var/www/"$domain"
chmod -R 755 /var/www
chown -R www-data:www-data /var/www/"$domain"

wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/Gitea-unconfigured -O /etc/nginx/sites-available/"$domain"
sed -i 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$domain"
ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/


##-------------------##
#    Install-Mysql    #
##-------------------##

wget -q -t7  https://git.ictmaatwerk.com/VPS-scripts/MySQL/raw/branch/master/mysql-${sqlver}.sh -O Mysql-Installer.sh
source Mysql-Installer.sh

db_name="giteaDB1"
db_user="giteaDB1"
db_pass=$(date +%s|sha256sum|base64|head -c 32)
mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"


##-------------------##
#    Install Gitea    #
##-------------------##

apt install -y git

adduser --system --shell /bin/bash --gecos 'Git Version Control' --group --disabled-password --home /home/git git

mkdir -p /var/lib/gitea/{custom,data,log}
mkdir /etc/gitea
mkdir /usr/local/bin

wget -q -t7 https://dl.gitea.io/gitea/"$giteaver"/gitea-"$giteaver"-linux-amd64 -O /usr/local/bin/gitea

chmod +x /usr/local/bin/gitea
chown git:git /var/lib/gitea/
chown -R git:git /var/lib/gitea/
chmod -R 750 /var/lib/gitea/
chown root:git /etc/gitea
chmod 750 /etc/gitea
chmod 640 /etc/gitea/app.ini

IntToken=$(/usr/local/bin/gitea generate secret INTERNAL_TOKEN)
SecKey=$(/usr/local/bin/gitea generate secret SECRET_KEY)
JWTSectet=$(/usr/local/bin/gitea generate secret JWT_SECRET)
LFSSecret=$(/usr/local/bin/gitea generate secret LFS_JWT_SECRET)

sed -i -e 's/DBName/'$db_name'/' -e 's/DBUser/'$db_user'/' -e 's/DBPass/'$db_pass'/' -e 's/DOMAINname/'$domain'/' -e 's/IstName/'$IstName'/'  -e 's/IntToken/'$IntToken'/' -e 's/SecKey/'$SecKey'/' -e 's/JWTSectet/'$JWTSectet'/' -e 's/JWTSectet/'$JWTSectet'/' -e 's/LFSSecret/'$LFSSecret'/' /etc/gitea/app.ini


##--------------------##
#   Install Postfix    #
##--------------------##

debconf-set-selections <<< "postfix postfix/mailname string $hostname"
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
apt install -y mailutils
sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
sed -i 's/relayhost =/mydestination = '$hostname', localhost.'$hostname', '$hostname'/g' /etc/postfix/main.cf
cat <<EOF > /etc/aliases
# See man 5 aliases for format
postmaster:    root
root:          $email
EOF
newaliases


##--------------------##
#   Install Certbot    #
##--------------------##

apt install -y python-certbot-nginx
certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
echo "certbot --nginx -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh

sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"

##---------------##
#   finalizing    #
##---------------##
systemctl enable gitea
systemctl start nginx gitea