212 lines
6.6 KiB
Bash
212 lines
6.6 KiB
Bash
#!/bin/bash
|
|
###============================================================
|
|
## Ubuntu 18.04 Gitea Installer
|
|
###============================================================
|
|
## Zet comments hieronder:
|
|
#
|
|
#
|
|
#
|
|
##=============================================================
|
|
|
|
##----------##
|
|
# Menu #
|
|
##----------##
|
|
|
|
echo "Ubuntu 18.04 Gitea installatie script."
|
|
|
|
echo "Domein"
|
|
read domain
|
|
|
|
while true; do
|
|
read -p "Hostname with ictmaatwerk-cs.nl -> yes/no?" yn
|
|
case $yn in
|
|
[Nn]* )
|
|
echo 'Enter full hostname:'
|
|
read hostname
|
|
break;;
|
|
[Yy]* )
|
|
echo 'Hostname (eg: VCH001) zonder ".ictmaatwerk-cs.nl":'
|
|
read hostname
|
|
hostname=$hostname".ictmaatwerk-cs.nl"
|
|
break;;
|
|
* )echo "Choose yes or no.";;
|
|
esac
|
|
done
|
|
|
|
|
|
echo "Algemeen wachtwoord:"
|
|
read password
|
|
echo "Administrator email:"
|
|
read email
|
|
echo "Instance name"
|
|
read InstName
|
|
|
|
##-----------------##
|
|
# Static-Vars #
|
|
##-----------------##
|
|
|
|
phpver=7.3
|
|
sqlver=8.0
|
|
cockpit=1
|
|
PHPMyadmin=0
|
|
giteaver=1.9.4
|
|
|
|
##----------------##
|
|
# Pre-Config #
|
|
##----------------##
|
|
|
|
if [ ! -d ~/.ssh ]
|
|
then
|
|
mkdir ~/.ssh
|
|
fi
|
|
sed -i '/Port 22/c\Port 4242' /etc/ssh/sshd_config
|
|
service sshd restart
|
|
echo "root:$password" | chpasswd
|
|
apt update
|
|
apt install -y software-properties-common
|
|
add-apt-repository -y ppa:certbot/certbot
|
|
add-apt-repository -y ppa:ondrej/php
|
|
apt update
|
|
apt upgrade -y
|
|
apt dist-upgrade -y
|
|
apt install -y rsync grsync sshpass
|
|
apt clean
|
|
apt autoremove -y
|
|
hostnamectl set-hostname $hostname
|
|
sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud.cfg
|
|
timedatectl set-timezone Europe/Amsterdam
|
|
if free | awk '/^Swap:/ {exit !$2}'; then
|
|
echo "swap enabled"
|
|
else
|
|
fallocate -l 1G /swapfile
|
|
chmod 600 /swapfile
|
|
mkswap /swapfile
|
|
swapon /swapfile
|
|
echo '/swapfile swap swap defaults 0 0' >> /etc/fstab
|
|
fi
|
|
sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf
|
|
sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf
|
|
|
|
sed -i 's/IPV6=yes/IPV6=no/g' /etc/default/ufw
|
|
sed -i "\$a0 3 * * 1 root apt update >/dev/null 2>&1&& apt upgrade -y >/dev/null 2>&1" /etc/crontab
|
|
systemctl restart cron
|
|
ufw allow 443/tcp
|
|
ufw allow 80/tcp
|
|
ufw limit 4242/tcp
|
|
|
|
echo "y" | ufw enable
|
|
|
|
mkdir /root/.ssh
|
|
|
|
apt install fail2ban -y
|
|
|
|
|
|
##-------------------##
|
|
# Install-Cockpit #
|
|
##-------------------##
|
|
|
|
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Cockpit/raw/branch/master/Slave-installer.sh -O Slave-Installer.sh
|
|
source Slave-Installer.sh
|
|
|
|
|
|
##-------------------##
|
|
# Install-Nginx #
|
|
##-------------------##
|
|
|
|
apt install -y nginx
|
|
systemctl stop nginx
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/nginx-default.conf -O /etc/nginx/nginx.conf
|
|
mkdir -p /var/www/"$domain"
|
|
chmod -R 755 /var/www
|
|
chown -R www-data:www-data /var/www/"$domain"
|
|
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/Gitea-unconfigured -O /etc/nginx/sites-available/"$domain"
|
|
sed -i 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$domain"
|
|
ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/
|
|
|
|
|
|
##-------------------##
|
|
# Install-Mysql #
|
|
##-------------------##
|
|
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/MySQL/raw/branch/master/mysql-${sqlver}.sh -O Mysql-Installer.sh
|
|
source Mysql-Installer.sh
|
|
|
|
db_name="giteaDB1"
|
|
db_user="giteaDB1"
|
|
db_pass=$(date +%s|sha256sum|base64|head -c 32)
|
|
mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
|
|
mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
|
|
mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';"
|
|
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
|
|
|
|
|
|
##-------------------##
|
|
# Install Gitea #
|
|
##-------------------##
|
|
|
|
apt install -y git
|
|
|
|
adduser --system --shell /bin/bash --gecos 'Git Version Control' --group --disabled-password --home /home/git git
|
|
|
|
mkdir -p /var/lib/gitea/{custom,data,log}
|
|
mkdir /etc/gitea
|
|
mkdir /usr/local/bin
|
|
|
|
wget -q -t7 https://dl.gitea.io/gitea/"$giteaver"/gitea-"$giteaver"-linux-amd64 -O /usr/local/bin/gitea
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Gitea/raw/branch/master/config/systemd-system/gitea.service -O /etc/systemd/system/gitea.service
|
|
chmod +x /etc/systemd/system/gitea.service
|
|
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Gitea/raw/branch/master/config/gitea/app.ini -O /etc/gitea/app.ini
|
|
|
|
chmod +x /usr/local/bin/gitea
|
|
chown git:git /var/lib/gitea/
|
|
chown -R git:git /var/lib/gitea/
|
|
chmod -R 750 /var/lib/gitea/
|
|
chown root:git /etc/gitea
|
|
chmod 750 /etc/gitea
|
|
chmod 640 /etc/gitea/app.ini
|
|
|
|
IntToken=$(/usr/local/bin/gitea generate secret INTERNAL_TOKEN)
|
|
SecKey=$(/usr/local/bin/gitea generate secret SECRET_KEY)
|
|
JWTSectet=$(/usr/local/bin/gitea generate secret JWT_SECRET)
|
|
LFSSecret=$(/usr/local/bin/gitea generate secret LFS_JWT_SECRET)
|
|
|
|
sed -i -e 's/DBName/'$db_name'/' -e 's/DBUser/'$db_user'/' -e 's/DBPass/'$db_pass'/' -e 's/DOMAINname/'$domain'/' -e 's/IstName/'$IstName'/' -e 's/IntToken/'$IntToken'/' -e 's/SecKey/'$SecKey'/' -e 's/JWTSectet/'$JWTSectet'/' -e 's/JWTSectet/'$JWTSectet'/' -e 's/LFSSecret/'$LFSSecret'/' /etc/gitea/app.ini
|
|
|
|
|
|
##--------------------##
|
|
# Install Postfix #
|
|
##--------------------##
|
|
|
|
debconf-set-selections <<< "postfix postfix/mailname string $hostname"
|
|
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
|
|
apt install -y mailutils
|
|
sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
|
|
sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
|
|
sed -i 's/relayhost =/mydestination = '$hostname', localhost.'$hostname', '$hostname'/g' /etc/postfix/main.cf
|
|
cat <<EOF > /etc/aliases
|
|
# See man 5 aliases for format
|
|
postmaster: root
|
|
root: $email
|
|
EOF
|
|
newaliases
|
|
|
|
|
|
##--------------------##
|
|
# Install Certbot #
|
|
##--------------------##
|
|
|
|
apt install -y python-certbot-nginx
|
|
certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
|
echo "certbot --nginx -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh
|
|
|
|
sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
|
|
sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
|
|
sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
|
|
|
|
##---------------##
|
|
# finalizing #
|
|
##---------------##
|
|
systemctl enable gitea
|
|
systemctl start nginx gitea
|