From: Christian Heller <c.heller@plomlompom.de>
Date: Mon, 29 Sep 2025 07:40:54 +0000 (+0200)
Subject: Fix.
X-Git-Url: https://plomlompom.com/repos/%7B%7Bprefix%7D%7D/balance?a=commitdiff_plain;h=38551d7ffc2a7d212b4b849c9ff0dbfa1c169536;p=config

Fix.
---

diff --git a/bookworm/copy/server/etc/caddy/Caddyfile b/bookworm/copy/server/etc/caddy/Caddyfile
index 1eddd83..36e54b2 100644
--- a/bookworm/copy/server/etc/caddy/Caddyfile
+++ b/bookworm/copy/server/etc/caddy/Caddyfile
@@ -1,7 +1,10 @@
 REPLACE_WITH_FQDN {
-    root * /var/www/dump
-    basicauth /private/* {
-        user REPLACE_WITH_HASH
-    }
-    file_server browse
+	root * /var/www/dump
+	basicauth /private/* {
+		user REPLACE_WITH_HASH
+	}
+	header {
+		Content-Type application/octet-stream
+	}
+	file_server browse
 }
diff --git a/bookworm/scripts/setup_server.sh b/bookworm/scripts/setup_server.sh
index 09545d1..82c0b76 100755
--- a/bookworm/scripts/setup_server.sh
+++ b/bookworm/scripts/setup_server.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 set -e
 cd $(dirname "$0")
-. lib/apt_digested.sh
+. lib/apt_get_digested.sh
 . lib/constants_etc.sh  # PATH_ETC
 . lib/constants_ssh.sh  # PATH_REL_SSH, PATH_USER_SSH
 . lib/constants_user.sh  # USERNAME
@@ -9,6 +9,7 @@ cd $(dirname "$0")
 . lib/core_setup.sh
 . lib/expect_n_args.sh
 . lib/prefixed_msg.sh
+. lib/put_finished_marker.sh
 . lib/trapp.sh
 
 prefixed_msg_init
@@ -23,6 +24,7 @@ FQDN="$3"
 
 PATH_BORG_HOME=/home/borg
 PATH_CADDYFILE="${PATH_ETC}/caddy/Caddyfile"
+PATH_CADDY_REPO='https://dl.cloudsmith.io/public/caddy/stable'
 PATH_DUMP='/var/www/dump'
 
 prefixed_msg_no_nl 'Determining external IP â¦'
@@ -47,6 +49,26 @@ if [ ! -z "${FQDN}" ]; then
     fi
 fi
 
+prefixed_msg 'Ensure we have curl and gpg (for caddy installation preparation) â¦'
+apt_get_digested '-q -q install curl gpg'
+PATH_CURL_ERROR=$(mktemp)
+CMD_RM_CURL_ERROR="rm ${PATH_CURL_ERROR}"
+trapp "${CDM_RM_CURL_ERROR}"
+prefixed_msg 'Retrieve caddy repo key â¦'
+set +e
+curl -1Lf "${PATH_CADDY_REPO}/gpg.key" 2> "${PATH_CURL_ERROR}" | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+RESULT="$?"
+set -e
+if [ "${RESULT}" != '0' ]; then
+    cat "${PATH_CURL_ERROR}"
+    exit 1
+fi
+${CMD_RM_CURL_ERROR}
+trapp
+PATH_APT_CADDY_REPO='/etc/apt/sources.list.d/caddy-stable.list'
+prefixed_msg "Adding caddy repo to ${PATH_APT_CADDY_REPO} â¦"
+curl -1LfsS "${PATH_CADDY_REPO}/debian.deb.txt" > "${PATH_APT_CADDY_REPO}"
+
 core_setup "${HOSTNAME}" "${FQDN}" "${EXTERNAL_IP}" "${INSTALL_TAGS}"
 
 prefixed_msg 'Moving SSH data from root to user â¦'
diff --git a/trixie/copy/all/etc/hosts b/trixie/copy/all/etc/hosts
deleted file mode 120000
index bd0fd44..0000000
--- a/trixie/copy/all/etc/hosts
+++ /dev/null
@@ -1 +0,0 @@
-../../../../bookworm/copy/all/etc/hosts
\ No newline at end of file
diff --git a/trixie/scripts/lib/core_setup.sh b/trixie/scripts/lib/core_setup.sh
index 83a44cf..f871ed8 100644
--- a/trixie/scripts/lib/core_setup.sh
+++ b/trixie/scripts/lib/core_setup.sh
@@ -28,16 +28,6 @@ core_setup() {
     prefixed_msg 'Setting hostname â¦'
     hostnamectl hostname "${HOSTNAME}"
 
-    local PATH_HOSTS="${PATH_ETC}/hosts"
-    prefixed_msg "Adapting ${PATH_HOSTS} â¦"
-    if [ -z "${FQDN}" ]; then
-        sed -i 's/REPLACE_WITH_FQDN/REPLACE_WITH_HOSTNAME.local REPLACE_WITH_HOSTNAME.localdomain/g' "${PATH_HOSTS}"
-    else
-        sed -i 's/REPLACE_WITH_FQDN/'"${FQDN}"'/g' "${PATH_HOSTS}"
-        sed -i "s/#REPLACE_WITH_EXTERNAL_IP/${EXTERNAL_IP}/g" "${PATH_HOSTS}"
-    fi
-    sed -i 's/REPLACE_WITH_HOSTNAME/'"${HOSTNAME}"'/g' "${PATH_HOSTS}"
-
     prefixed_msg 'Syncing clock â¦'
     ntpdate-debian -s
 
diff --git a/trixie/scripts/setup_server.sh b/trixie/scripts/setup_server.sh
deleted file mode 120000
index d4eabff..0000000
--- a/trixie/scripts/setup_server.sh
+++ /dev/null
@@ -1 +0,0 @@
-../../bookworm/scripts/setup_server.sh
\ No newline at end of file
diff --git a/trixie/scripts/setup_server.sh b/trixie/scripts/setup_server.sh
new file mode 100755
index 0000000..09545d1
--- /dev/null
+++ b/trixie/scripts/setup_server.sh
@@ -0,0 +1,84 @@
+#!/bin/sh
+set -e
+cd $(dirname "$0")
+. lib/apt_digested.sh
+. lib/constants_etc.sh  # PATH_ETC
+. lib/constants_ssh.sh  # PATH_REL_SSH, PATH_USER_SSH
+. lib/constants_user.sh  # USERNAME
+. lib/copy_dirtrees_of_tags.sh
+. lib/core_setup.sh
+. lib/expect_n_args.sh
+. lib/prefixed_msg.sh
+. lib/trapp.sh
+
+prefixed_msg_init
+prefixed_msg 'starting (setting up basics of standard server)'
+
+INSTALL_TAGS='all server user keep_if_installed:systemd-resolved'
+
+expect_n_args 2 3 'CADDY_PASSWORD, HOSTNAME, [FQDN]' $@
+CADDY_PASSWORD="$1"
+HOSTNAME="$2"
+FQDN="$3"
+
+PATH_BORG_HOME=/home/borg
+PATH_CADDYFILE="${PATH_ETC}/caddy/Caddyfile"
+PATH_DUMP='/var/www/dump'
+
+prefixed_msg_no_nl 'Determining external IP â¦'
+for _CANDIDATE in $(hostname -I); do
+    _START=$(echo ${_CANDIDATE} | cut -d'.' -f1)
+    if [ "$(echo -n ${_START} | wc -c)" -gt 3 ]; then  # ignore IPv6
+        continue
+    fi 
+    if [ "${_START}" = "127" -o "${_START}" = "192" -o "${_START}" = "172" ]; then
+        continue
+    fi
+    EXTERNAL_IP="${_CANDIDATE}"
+    break
+done
+echo " it's: ${EXTERNAL_IP}"
+
+if [ ! -z "${FQDN}" ]; then
+    prefixed_msg "Ensuring provided FQDN ${FQDN} maps to it â¦"
+    IP_BY_DNS=$(getent ahostsv4 "${FQDN}" | head -1 | cut -d' ' -f1)
+    if [ ! "${IP_BY_DNS}" = "${EXTERNAL_IP}" ]; then
+        abort "DNS mapping provided FQDN '${FQDN}' to ${IP_BY_DNS} rather than this system's external IP ${EXTERNAL_IP}."
+    fi
+fi
+
+core_setup "${HOSTNAME}" "${FQDN}" "${EXTERNAL_IP}" "${INSTALL_TAGS}"
+
+prefixed_msg 'Moving SSH data from root to user â¦'
+mkdir -p "${PATH_USER_SSH}"
+mv "/root/${PATH_REL_SSH}/authorized_keys" "${PATH_USER_SSH}/"
+chown -R "${USERNAME}:${USERNAME}" "${PATH_USER_SSH}"
+
+prefixed_msg 'Setting up minimal borg user â¦'
+adduser --quiet --system --home "${PATH_BORG_HOME}" --shell /bin/sh borg
+cp -a "${PATH_USER_SSH}" "${PATH_BORG_HOME}/"
+chown -R borg:nogroup "${PATH_BORG_HOME}/${PATH_REL_SSH}"
+
+prefixed_msg 'Enabling firewall â¦'
+systemctl --quiet enable --now nftables
+
+prefixed_msg "Creating web-accessible directories â¦"
+mkdir -p "${PATH_DUMP}/private" "${PATH_DUMP}/public"
+
+prefixed_msg "Adapting ${PATH_CADDYFILE} â¦"
+CADDY_PW_HASH=$(caddy hash-password --plaintext "${CADDY_PASSWORD}")
+if [ -z "${FQDN}" ]; then
+    ADDRESS_TO_CADDY="${EXTERNAL_IP}"
+else
+    ADDRESS_TO_CADDY="${FQDN}"
+fi
+sed -i 's|REPLACE_WITH_HASH|'"${CADDY_PW_HASH}"'|g' "${PATH_CADDYFILE}"
+sed -i 's/REPLACE_WITH_FQDN/'"${ADDRESS_TO_CADDY}"'/g' "${PATH_CADDYFILE}"
+
+prefixed_msg "Restarting caddy â¦"
+systemctl reload caddy
+
+prefixed_msg "Asking for user pw so they can sudo â¦"
+passwd "${USERNAME}"
+
+prefixed_msg_exit