plomlompom.com Git - config/blob - buster/setup_scripts/setup_dumpsite.sh

   1 #!/bin/sh
   2 set -e
   3 set -x
   4
   5 if [ "$#" -ne 2 ]; then
   6     echo 'Need domain name and mail.'
   7     false
   8 fi
   9 domain="$1"
  10 mail="$2"
  11
  12 # Install configs, set up firewall.
  13 config_tree_prefix="${HOME}/config/buster"
  14 ./install_for_target.sh web dumpsite
  15 ./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web dumpsite
  16 nft -f /etc/nftables.conf
  17
  18 # Set up letsencrypt certificate. TODO: Is it auto-renewed?
  19 ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
  20 certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
  21 rm /etc/nginx/sites-enabled/default
  22
  23 # Set up dump dirs.
  24 mkdir /var/www-dump
  25 chown plom:plom /var/www-dump
  26 dump_dir=dump
  27 geheim_dir=geheim
  28 su -lc "mkdir ${dump_dir} ${geheim_dir}" plom
  29 su -lc "ln -s /home/plom/${dump_dir} /var/www-dump/${dump_dir}" plom
  30 su -lc "ln -s /home/plom/${geheim_dir} /var/www-dump/${geheim_dir}" plom
  31 password_geheim=$(pwgen -1)
  32 echo "foo:{PLAIN}${password_geheim}" > /var/www-dump/password_geheim
  33 echo "geheim password is: ${password_geheim}"
  34
  35 # Prepare NGINX.
  36 sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/dumpsite.nginx
  37 ln -s /etc/nginx/sites-available/dumpsite.nginx /etc/nginx/sites-enabled/dumpsite.nginx
  38
  39 service nginx restart