From 7c581f62a95c8cd3e9618e45d0452432c01b3482 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Thu, 12 Mar 2020 09:32:14 +0000 Subject: [PATCH] 'web2i.sh' toevoegen --- web2i.sh | 546 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 546 insertions(+) create mode 100644 web2i.sh diff --git a/web2i.sh b/web2i.sh new file mode 100644 index 0000000..1f43256 --- /dev/null +++ b/web2i.sh @@ -0,0 +1,546 @@ +#!/bin/bash + +##--------------------## +# Legacy/Main Menu # +##--------------------## +sed -i -e 's/magenta/blue/g' /etc/newt/palette + +if [ "$1" != "-l" ]; then + echo "Normal mode" + PKGM="debconf-apt-progress -- apt" + OUTPUT='/dev/null' + IMODE=n +fi +if [ "$1" = "-l" ]; then + echo "Legacy mode"; + PKGM="apt" + OUTPUT='/dev/tty' + IMODE=l +fi + + +##---------------## +# Static-Vars # +##---------------## + +#Git-repo +repo=https://git.ictmaatwerk.com/bprieshof/UBU-Web-V2 +branch=master +#Installer-config +phpver=7.4 +sqlver=8.0 +cockpit=1 +PHPMyadmin=1 +TestMode=1 +#PackageManager-config +PKGA="add-apt-repository" +PKGI="${PKGM} install -y" +OUTPUT='/dev/null' + + +##-------------## +# Test-Vars # +##-------------## + +if [ $TestMode = 1 ]; then +domain=test.local +email=bram@test.local +password=MeiFerrieSekureTESTp@ssw0rd4213 +hostname=s1.serv.local +sslenable=0 +domainwww=0 +fi + + + +##---------------## +# Functions # +##---------------## + +msg () { +if [ $IMODE = n ]; then +TERM=ansi whiptail --title "Info" --infobox "$1" 8 52 +fi +if [ $IMODE = l ]; then +echo "$1" +fi +} + +function PasswordQuest { +passdiaone=$(whiptail --nocancel --passwordbox "Please enter your password (should contain at least 2 digits and 6 characters)" 11 82 --title "Config" 3>&1 1>&2 2>&3) +if [ -z $passdiaone ]; then PasswordQuest; fi +if [[ ${#passdiaone} -ge 8 && "$passdiaone" == *[[:lower:]]* && "$passdiaone" == *[[:upper:]]* && "$passdiaone" == *[0-9]* && "$passdiaone" == *['!'@#%^\&*()_+]* ]]; then + PasswordCheck +else + whiptail --ok-button Done --msgbox "Password is invalid!" 10 30 && PasswordQuest +fi +} +function PasswordCheck { +#Checking password +passdiatwo=$(whiptail --nocancel --passwordbox "Please re-enter your password" 11 82 --title "Config" 3>&1 1>&2 2>&3) +if [ -z $passdiatwo ]; then PasswordCheck; else +if [ $passdiaone != $passdiatwo ]; then whiptail --ok-button Done --msgbox "Password does not match!" 10 30 && PasswordQuest;else password="$passdiaone"; unset passdiaone passdiatwo; fi +fi +password="$passdiatwo" +} + +function LegacyPasswordQuest { +echo "Enter password (Requires: 8 chars, 1 capital and 1 num)" +read -s passdiaone +if [ -z $passdiaone ]; then PasswordQuest; fi +if [[ ${#passdiaone} -ge 8 && "$passdiaone" == *[[:lower:]]* && "$passdiaone" == *[[:upper:]]* && "$passdiaone" == *[0-9]* && "$passdiaone" == *['!'@#%^\&*()_+]* ]]; then + LegacyPasswordCheck +else + echo "Password is invalid!" 10 30 && LegacyPasswordQuest +fi +} + +function LegacyPasswordCheck { +#Checking password +echo "Please re-enter your password" +read -s passdiatwo +if [ -z $passdiatwo ]; then LegacyPasswordCheck; else +if [ $passdiaone != $passdiatwo ]; then echo "Password does not match!" && LegacyPasswordQuest; password="$passdiaone"; unset passdiaone passdiatwo; fi +fi +password="$passdiatwo" +} + + +##--------------------------## +# Installer-Requirements # +##--------------------------## + +msg "Starting installer." 8 78 +$PKGM update > $OUTPUT 2>&1 +$PKGI curl > $OUTPUT 2>&1 + + +##--------## +# Menu # +##--------## + +if [ $IMODE = n ]; then +if [ $TestMode = 0 ]; then +domain=$(whiptail --nocancel --inputbox " Enter the domain without WWW " 11 82 --title "Config" 3>&1 1>&2 2>&3) +if (whiptail --title "Config" --yesno "Does www.${domain} exist in DNS" 8 78); then domainwww=1; else domainwww=0; fi +if (whiptail --title "Config" --yesno "Hostname with nxdi.nl" 11 82); then + hostname=$(whiptail --nocancel --inputbox " SystemID (eg: VCH001) without ".nxdi.nl" " 11 82 --title "Config" 3>&1 1>&2 2>&3) + hostname=$hostname".nxdi.nl" +else + hostname=$(whiptail --nocancel --inputbox " Hostname " 11 82 --title "Config" 3>&1 1>&2 2>&3) +fi +if (whiptail --title "Config" --yesno "Enable SSL on installation?" 11 82); then + sslenable=1 +else + sslenable=0 +fi +PasswordQuest +email=$(whiptail --nocancel --inputbox " Enter the administrator e-mail" 11 82 --title "Config" 3>&1 1>&2 2>&3) +fi +webserv=$(whiptail --title "Select Webserver" --radiolist "WebServer" 11 53 5 "Nginx:" "Will install NGINX Webserver." ON "Apache:" "Will install Apache Webserver." OFF 3>&1 1>&2 2>&3) +esws=$? +[[ "$esws" = 1 ]] && msg "Quiting installer." 8 78 && exit; +fi + +if [ $IMODE = l ]; then +echo "" >/dev/null +if [ $TestMode = 0 ]; then +echo "Enter the domain without WWW:" +read domain +while true; do + read -p "Does www.${domain} exist in DNS -> yes/no?" yn + case $yn in + [Yy]* ) domainwww=1 + break;; + [Nn]* ) domainwww=0 + break;; + * ) echo "Choose yes of no.";; + esac +done +while true; do + read -p "Hostname with nxdi.nl -> yes/no?" yn + case $yn in + [Nn]* ) + echo 'Enter full hostname:' + read hostname + break;; + [Yy]* ) + echo 'Hostname (eg: VCH001) without ".nxdi.nl":' + read hostname + hostname=$hostname".nxdi.nl" + break;; + * )echo "Choose yes or no.";; + esac +done +while true; do + read -p "Enable SSL on installation? -> yes/no?" yn + case $yn in + [Yy]* ) sslenable=1 + break;; + [Nn]* ) sslenable=0 + break;; + * ) echo "Choose yes of no.";; + esac +done +LegacyPasswordQuest +echo "Administrator E-mail:" +read email +fi + +echo "Select Webserver:" +PS3='Selected:' +options=("Nginx" "Apache" "Quit") +select opt in "${options[@]}" +do +case $opt in +"Nginx") +webserv=Nginx: +break;; +"Apache") +webserv=Apache: +break;; +"Quit") +exit;; +*) echo "$REPLY is not a valid option!";; +esac +done + +fi + +webserv="${webserv//:}" && webserv="${webserv,,}" + +echo "Generating apt list for Generic" +curl "$repo"/raw/branch/"$branch"/CoreModules/generic/apt.list >>/tmp/apt.list +printf " " >>/tmp/apt.list + +echo "Generating apt list for Webserver" +curl "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/apt.list >>/tmp/apt.list +printf " " >>/tmp/apt.list + + +##----------## +# Addons # +##----------## + +if [[ $webserv = "nginx" ]]; then +#NGINX Addon menu +if [ $IMODE = n ]; then +option=$(whiptail --nocancel --title "Which Nginx addons should be installed?" --checklist "Features" 11 110 5 "Memcached:" "Memcached is an open source, high-performance, distributed memory caching system." OFF "Redis Cache:" "Redis is an open source BSD licensed, in-memory data structure store." OFF 3>&1 1>&2 2>&3) +fi +if [ $IMODE = l ]; then +choice () { +local choice=$1 +if [[ ${opts[choice]} ]] # toggle +then +opts[choice]= +else +opts[choice]=+ +fi +} + +PS3='Which Nginx addons should be installed?' +while : +do +echo "" +options=("Memcached ${opts[1]}" "Redis Cache ${opts[2]}" "Done") +select opt in "${options[@]}" +do +case $opt in +"Memcached ${opts[1]}") +choice 1 +option="$option Memcache:" +break +;; +"Redis Cache ${opts[2]}") +choice 2 +option="$option Redis Cache:" +break +;; +"Done") +break 2 +;; +*) printf '%s\n' 'invalid option';; +esac +done +done +fi +fi + +if [[ $webserv = "apache" ]]; then +#Apache Addon menu +if [ $IMODE = n ]; then +option=$(whiptail --nocancel --title "Which Apache addons should be installed?" --checklist "Features" 11 110 5 "Memcached:" "Memcached is an open source, high-performance, distributed memory caching system." OFF "Redis Cache:" "Redis is an open source BSD licensed, in-memory data structure store." OFF 3>&1 1>&2 2>&3) +fi +if [ $IMODE = l ]; then +choice () { +local choice=$1 +if [[ ${opts[choice]} ]] # toggle +then +opts[choice]= +else +opts[choice]=+ +fi +} + +PS3='Which Apache addons should be installed?' +while : +do +clear +options=("Memcached ${opts[1]}" "Redis Cache ${opts[2]}" "Done") +select opt in "${options[@]}" +do +case $opt in +"Memcached ${opts[1]}") +choice 1 +option="$option Memcache:" +break +;; +"Redis Cache ${opts[2]}") +choice 2 +option="$option Redis Cache:" +break +;; +"Done") +break 2 +;; +*) printf '%s\n' 'invalid option';; +esac +done +done +fi +fi + +#Cleaning options from menu +option="${option,,}" && option="${option// /}" +#Always on option modules +option="$option /MySQL/" +option="$option /Unattended-Security-Updates/" +#Cleaning all options +option="${option/:/ }" && option="${option//:}" && option="${option//'"'}" + +echo "Generating apt list for Options" +for val1 in ${option[*]}; do + echo "$val1" #TMP + modListed=$(wget -t7 -qO - "$repo"/raw/branch/master/extModules.txt|grep "$val1") + #Checking + if test -z "$modListed" + then + #Fetching from local repo + if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/apt.list; then + curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/apt.list >>/tmp/apt.list + printf " " >>/tmp/apt.list + fi + if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-apt.list; then + curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-apt.list >>/tmp/apt.list + printf " " >>/tmp/apt.list + fi + else + #Fetching from remote repo + if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"apt.list; then + curl --retry 7 --retry-delay 5 -s "$modListed"apt.list >>/tmp/apt.list + printf " " >>/tmp/apt.list + fi + if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$webserv"-apt.list; then + curl "$modListed""$webserv"-apt.list >>/tmp/apt.list + printf " " >>/tmp/apt.list + fi + fi +done + +##-------## +# CMS # +##-------## + +if [ $IMODE = n ]; then +function CMSM { +CMS=$(whiptail --nocancel --title "What CMS should be installed?" --radiolist "Features" 11 118 5 "Nextcloud:" "Nextcloud is a suite of client-server software for creating and using file hosting services." OFF "Wordpress:" "WordPress is a content management system based on PHP." OFF "None:" "A plain webserver will be setup." OFF 3>&1 1>&2 2>&3) +if [ -z $CMS ]; then CMSM; fi +} +CMSM +fi + +if [ $IMODE = l ]; then +echo "What CMS should be installed?" +PS3='Selected:' +options=("Nextcloud" "Wordpress" "None") +select opt in "${options[@]}" +do +case $opt in +"Nextcloud") +CMS=Nextcloud: +break;; +"Wordpress") +CMS=Wordpress: +break;; +"None") +CMS=None: +break;; + +*) echo "$REPLY is not a valid option!";; +esac +done +fi + +CMS="${CMS//:}" && CMS="${CMS,,}" + +echo "Generating Apt List for CMS" + +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/apt.list >>/tmp/apt.list; then + curl "$repo"/raw/branch/"$branch"/CMS/"$CMS"/apt.list >>/tmp/apt.list + printf " " >>/tmp/apt.list +fi + +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-apt.list; then + curl "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-apt.list >>/tmp/apt.list + printf " " >>/tmp/apt.list + +fi + + +##--------------------## +# Pre-Requirements # +##--------------------## + +sed -i '/Port 22/c\Port 4242' /etc/ssh/sshd_config + +msg "Preconfiguring." +$PKGI software-properties-common gnupg > $OUTPUT 2>&1 +$PKGA universe -y > $OUTPUT 2>&1 +$PKGA ppa:ondrej/php -y > $OUTPUT 2>&1 +$PKGA ppa:certbot/certbot -y > $OUTPUT 2>&1 +$PKGA ppa:chris-lea/redis-server -y > $OUTPUT 2>&1 +$PKGM update +$PKGM upgrade -y + + +##-------------------## +# Pre-configuring # +##-------------------## + +echo "Running preconf for generic" +source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/generic/preconf.sh) + +echo "Running preconf for Webserv" +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/preconf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/preconf.sh) +fi + +echo "Running preconf for Options" +for val1 in ${option[*]}; do + echo "$val1" #TMP + modListed=$(wget -t7 -qO - "$repo"/raw/branch/master/extModules.txt|grep "$val1") + #Checking + if test -z "$modListed" + then + #Fetching from local repo + if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/preconf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/preconf.sh) + fi + if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-preconf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-preconf.sh) + fi + else + #Fetching from remote repo + if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"preconf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$modListed"preconf.sh) + fi + if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$webserv"-preconf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$modListed""$webserv"-preconf.sh) + fi + fi +done + +echo "Running preconf for CMS" +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/preconf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/preconf.sh) +fi + +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-preconf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-preconf.sh) +fi + + +##-------------## +# Installer # +##-------------## + +$PKGM update +sed -i 's/PHPver/'$phpver'/g' /tmp/apt.list +cat /tmp/apt.list | xargs $PKGI + + +##---------------## +# Configuring # +##---------------## + +echo "Running conf for generic" +source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/generic/conf.sh) + +echo "Running conf for Webserv" +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/conf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/conf.sh) +fi + +echo "Running conf for Options" +for val1 in ${option[*]}; do + echo "$val1" #TMP + modListed=$(wget -t7 -qO - "$repo"/raw/branch/master/extModules.txt|grep "$val1") + #Checking + if test -z "$modListed" + then + #Fetching from local repo + if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/conf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/conf.sh) + fi + if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-conf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-conf.sh) + fi + else + #Fetching from remote repo + if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"conf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$modListed"conf.sh) + fi + if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$webserv"-conf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$modListed""$webserv"-conf.sh) + fi + fi +done + +echo "Setting up SSL" +if [ $sslenable = 1 ]; then +if [ $domainwww = 1 ]; then + certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos +elif [ $domainwww = 0 ]; then + certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos +fi + certbot --"$webserv" -n -d "$hostname" -m "$email" --hsts --redirect --no-eff-email --agree-tos +fi + +wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/EnableSSL.sh -O ~/activateSSL-$domain.sh +sed -i -e 's/DOMAINname/'$domain'/' -e 's/CONFname/'$domain'/' -e 's/DomainWWW/'$domainwww'/' -e 's/Email/'$email'/' -e 's/WebServer/'$webserv'/' ~/activateSSL-$domain.sh + +wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/EnableSSL.sh -O ~/activateSSL-Backend.sh +sed -i -e 's/DOMAINname/'$hostname'/' -e 's/CONFname/'Backend'/' -e 's/DomainWWW/'0'/' -e 's/Email/'$email'/' -e 's/WebServer/'$webserv'/' ~/activateSSL-Backend.sh + + +echo "Running conf for CMS" + +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/conf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/conf.sh) +fi + +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-conf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-conf.sh) +fi + +echo "Running conf for Backend" +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/Backend/"$webserv"-conf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/Backend/"$webserv"-conf.sh) +fi + + +##------------## +# Services # +##------------## + +systemctl restart sshd \ No newline at end of file