#!/bin/sh
set -e
cd $(dirname "$0")
-. lib/apt_digested.sh
+. lib/apt_get_digested.sh
. lib/constants_etc.sh # PATH_ETC
. lib/constants_ssh.sh # PATH_REL_SSH, PATH_USER_SSH
. lib/constants_user.sh # USERNAME
. lib/core_setup.sh
. lib/expect_n_args.sh
. lib/prefixed_msg.sh
+. lib/put_finished_marker.sh
. lib/trapp.sh
prefixed_msg_init
PATH_BORG_HOME=/home/borg
PATH_CADDYFILE="${PATH_ETC}/caddy/Caddyfile"
+PATH_CADDY_REPO='https://dl.cloudsmith.io/public/caddy/stable'
PATH_DUMP='/var/www/dump'
prefixed_msg_no_nl 'Determining external IP …'
fi
fi
+prefixed_msg 'Ensure we have curl and gpg (for caddy installation preparation) …'
+apt_get_digested '-q -q install curl gpg'
+PATH_CURL_ERROR=$(mktemp)
+CMD_RM_CURL_ERROR="rm ${PATH_CURL_ERROR}"
+trapp "${CDM_RM_CURL_ERROR}"
+prefixed_msg 'Retrieve caddy repo key …'
+set +e
+curl -1Lf "${PATH_CADDY_REPO}/gpg.key" 2> "${PATH_CURL_ERROR}" | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+RESULT="$?"
+set -e
+if [ "${RESULT}" != '0' ]; then
+ cat "${PATH_CURL_ERROR}"
+ exit 1
+fi
+${CMD_RM_CURL_ERROR}
+trapp
+PATH_APT_CADDY_REPO='/etc/apt/sources.list.d/caddy-stable.list'
+prefixed_msg "Adding caddy repo to ${PATH_APT_CADDY_REPO} …"
+curl -1LfsS "${PATH_CADDY_REPO}/debian.deb.txt" > "${PATH_APT_CADDY_REPO}"
+
core_setup "${HOSTNAME}" "${FQDN}" "${EXTERNAL_IP}" "${INSTALL_TAGS}"
prefixed_msg 'Moving SSH data from root to user …'
prefixed_msg 'Setting hostname …'
hostnamectl hostname "${HOSTNAME}"
- local PATH_HOSTS="${PATH_ETC}/hosts"
- prefixed_msg "Adapting ${PATH_HOSTS} …"
- if [ -z "${FQDN}" ]; then
- sed -i 's/REPLACE_WITH_FQDN/REPLACE_WITH_HOSTNAME.local REPLACE_WITH_HOSTNAME.localdomain/g' "${PATH_HOSTS}"
- else
- sed -i 's/REPLACE_WITH_FQDN/'"${FQDN}"'/g' "${PATH_HOSTS}"
- sed -i "s/#REPLACE_WITH_EXTERNAL_IP/${EXTERNAL_IP}/g" "${PATH_HOSTS}"
- fi
- sed -i 's/REPLACE_WITH_HOSTNAME/'"${HOSTNAME}"'/g' "${PATH_HOSTS}"
-
prefixed_msg 'Syncing clock …'
ntpdate-debian -s
--- /dev/null
+#!/bin/sh
+set -e
+cd $(dirname "$0")
+. lib/apt_digested.sh
+. lib/constants_etc.sh # PATH_ETC
+. lib/constants_ssh.sh # PATH_REL_SSH, PATH_USER_SSH
+. lib/constants_user.sh # USERNAME
+. lib/copy_dirtrees_of_tags.sh
+. lib/core_setup.sh
+. lib/expect_n_args.sh
+. lib/prefixed_msg.sh
+. lib/trapp.sh
+
+prefixed_msg_init
+prefixed_msg 'starting (setting up basics of standard server)'
+
+INSTALL_TAGS='all server user keep_if_installed:systemd-resolved'
+
+expect_n_args 2 3 'CADDY_PASSWORD, HOSTNAME, [FQDN]' $@
+CADDY_PASSWORD="$1"
+HOSTNAME="$2"
+FQDN="$3"
+
+PATH_BORG_HOME=/home/borg
+PATH_CADDYFILE="${PATH_ETC}/caddy/Caddyfile"
+PATH_DUMP='/var/www/dump'
+
+prefixed_msg_no_nl 'Determining external IP …'
+for _CANDIDATE in $(hostname -I); do
+ _START=$(echo ${_CANDIDATE} | cut -d'.' -f1)
+ if [ "$(echo -n ${_START} | wc -c)" -gt 3 ]; then # ignore IPv6
+ continue
+ fi
+ if [ "${_START}" = "127" -o "${_START}" = "192" -o "${_START}" = "172" ]; then
+ continue
+ fi
+ EXTERNAL_IP="${_CANDIDATE}"
+ break
+done
+echo " it's: ${EXTERNAL_IP}"
+
+if [ ! -z "${FQDN}" ]; then
+ prefixed_msg "Ensuring provided FQDN ${FQDN} maps to it …"
+ IP_BY_DNS=$(getent ahostsv4 "${FQDN}" | head -1 | cut -d' ' -f1)
+ if [ ! "${IP_BY_DNS}" = "${EXTERNAL_IP}" ]; then
+ abort "DNS mapping provided FQDN '${FQDN}' to ${IP_BY_DNS} rather than this system's external IP ${EXTERNAL_IP}."
+ fi
+fi
+
+core_setup "${HOSTNAME}" "${FQDN}" "${EXTERNAL_IP}" "${INSTALL_TAGS}"
+
+prefixed_msg 'Moving SSH data from root to user …'
+mkdir -p "${PATH_USER_SSH}"
+mv "/root/${PATH_REL_SSH}/authorized_keys" "${PATH_USER_SSH}/"
+chown -R "${USERNAME}:${USERNAME}" "${PATH_USER_SSH}"
+
+prefixed_msg 'Setting up minimal borg user …'
+adduser --quiet --system --home "${PATH_BORG_HOME}" --shell /bin/sh borg
+cp -a "${PATH_USER_SSH}" "${PATH_BORG_HOME}/"
+chown -R borg:nogroup "${PATH_BORG_HOME}/${PATH_REL_SSH}"
+
+prefixed_msg 'Enabling firewall …'
+systemctl --quiet enable --now nftables
+
+prefixed_msg "Creating web-accessible directories …"
+mkdir -p "${PATH_DUMP}/private" "${PATH_DUMP}/public"
+
+prefixed_msg "Adapting ${PATH_CADDYFILE} …"
+CADDY_PW_HASH=$(caddy hash-password --plaintext "${CADDY_PASSWORD}")
+if [ -z "${FQDN}" ]; then
+ ADDRESS_TO_CADDY="${EXTERNAL_IP}"
+else
+ ADDRESS_TO_CADDY="${FQDN}"
+fi
+sed -i 's|REPLACE_WITH_HASH|'"${CADDY_PW_HASH}"'|g' "${PATH_CADDYFILE}"
+sed -i 's/REPLACE_WITH_FQDN/'"${ADDRESS_TO_CADDY}"'/g' "${PATH_CADDYFILE}"
+
+prefixed_msg "Restarting caddy …"
+systemctl reload caddy
+
+prefixed_msg "Asking for user pw so they can sudo …"
+passwd "${USERNAME}"
+
+prefixed_msg_exit
projects / config / commitdiff