servnest
/
servnest-mkosi
1
1
Fork 0
Code Issues Pull Requests Releases Activity
servnest-mkosi/mkosi.postinst

100 lines
2.8 KiB
Plaintext
Raw Normal View History

Initial commit
2022-04-20 00:29:47 +02:00
#!/usr/bin/bash
source /etc/os-release
Add sudoers.d/niver, among other things
2022-05-03 15:41:14 +02:00
# Create system users
useradd -U -r -s /usr/sbin/nologin nginx
Niver > ServNest
2023-01-29 21:14:36 +01:00
useradd -U -r -s /usr/sbin/nologin servnest
Add sudoers.d/niver, among other things
2022-05-03 15:41:14 +02:00
useradd -U -r -s /usr/sbin/nologin sftpgo
# Set proper permissions
Fix Knot permissions
2022-05-03 19:18:09 +02:00
chown -R knot:knot /var/lib/knot/confdb
chmod -R u=rwX,g=rwX,o= /var/lib/knot/confdb
Niver > ServNest
2023-01-29 21:14:36 +01:00
usermod -aG knot servnest
Add sudoers.d/niver, among other things
2022-05-03 15:41:14 +02:00
chown -R knot:knot /var/log/knot
Move everything in /srv/niver
2022-06-23 19:50:50 +02:00
chmod -R u=rwX,g=,o= /var/log/knot
Add sudoers.d/niver, among other things
2022-05-03 15:41:14 +02:00
Niver > ServNest
2023-01-29 21:14:36 +01:00
chown -R servnest:knot /srv/servnest/ns
chmod -R u=rwX,g=rwX,o= /srv/servnest/ns
chown -R servnest:knot /srv/servnest/reg
chmod -R u=rwX,g=rwX,o= /srv/servnest/reg
Add sudoers.d/niver, among other things
2022-05-03 15:41:14 +02:00
Niver > ServNest
2023-01-29 21:14:36 +01:00
chown -R servnest:nginx /srv/servnest/nginx /srv/servnest/subpath /srv/servnest/subdomain
chmod -R u=rwX,g=rX,o= /srv/servnest/nginx /srv/servnest/subpath /srv/servnest/subdomain
Add sudoers.d/niver, among other things
2022-05-03 15:41:14 +02:00
chown -R sftpgo:sftpgo /etc/sftpgo
Generate SFTPGo fingerprints
2022-05-31 23:56:38 +02:00
chmod -R u=rX,g=rX,o=rX /etc/sftpgo
chmod u=r,g=,o= /etc/sftpgo/ed25519
Add sudoers.d/niver, among other things
2022-05-03 15:41:14 +02:00
Niver > ServNest
2023-01-29 21:14:36 +01:00
chown -R servnest:sftpgo /srv/servnest/ht
chmod -R u=rwX,g=rwX,o=rX /srv/servnest/ht
Add sudoers.d/niver, among other things
2022-05-03 15:41:14 +02:00
Adaptative permissions
2022-05-06 14:08:38 +02:00
if [[ $ID = "debian" ]]; then
Niver > ServNest
2023-01-29 21:14:36 +01:00
chown -R servnest:debian-tor /srv/servnest/tor-config
chown -R debian-tor:debian-tor /srv/servnest/tor-keys
Adaptative permissions
2022-05-06 14:08:38 +02:00
else
Niver > ServNest
2023-01-29 21:14:36 +01:00
chown -R servnest:tor /srv/servnest/tor-config
chown -R tor:tor /srv/servnest/tor-keys
Adaptative permissions
2022-05-06 14:08:38 +02:00
fi
Niver > ServNest
2023-01-29 21:14:36 +01:00
chmod -R u=rwX,g=rX,o= /srv/servnest/tor-config
chmod -R u=rwX,g=,o= /srv/servnest/tor-keys
Tor setup 2
2022-05-05 02:03:01 +02:00
Niver > ServNest
2023-01-29 21:14:36 +01:00
chown -R servnest:nginx /srv/servnest/core /srv/servnest/errors
chmod -R u=rX,g=rX,o= /srv/servnest/core /srv/servnest/errors
chown -R servnest:servnest /srv/servnest/core/db
chmod -R u=rwX,g=,o= /srv/servnest/core/db
Add sudoers.d/niver, among other things
2022-05-03 15:41:14 +02:00
# Load configuration in Knot database
sudo -u knot knotc conf-import /etc/knot/knot.conf
Tor setup 2
2022-05-05 02:03:01 +02:00
# PHP paths unification across distributions
Add sudoers.d/niver, among other things
2022-05-03 15:41:14 +02:00
export PHP_INI=/etc/php/php.ini
if [[ $ID = "debian" ]]; then
Niver > ServNest
2023-01-29 21:14:36 +01:00
rm /etc/php/8.2/fpm/php-fpm.conf
ln -s /etc/php/php-fpm.conf /etc/php/8.2/fpm/php-fpm.conf
ln -s /etc/php/php-fpm.d/ /etc/php/8.2/fpm/pool.d
Add sudoers.d/niver, among other things
2022-05-03 15:41:14 +02:00
Niver > ServNest
2023-01-29 21:14:36 +01:00
export PHP_INI=/etc/php/8.2/fpm/php.ini
Add sudoers.d/niver, among other things
2022-05-03 15:41:14 +02:00
fi
# Configure PHP-FPM properly
cat >> $PHP_INI << EOF
expose_php = Off
display_errors = On
extension = pdo_sqlite
Enable sodium, opcache and JIT
2022-12-13 19:39:34 +01:00
extension = sodium
Niver > ServNest
2023-01-29 21:14:36 +01:00
extension = gettext
Enable sodium, opcache and JIT
2022-12-13 19:39:34 +01:00
zend_extension = opcache
opcache.jit_buffer_size = 32M
Add sudoers.d/niver, among other things
2022-05-03 15:41:14 +02:00
EOF
Use default Tor instead of instances
2022-06-10 03:20:19 +02:00
# Configure Tor
tor-instances for Debian, tor for Arch Linux
2022-06-09 03:29:41 +02:00
if [[ $ID = "debian" ]]; then
Fix tor on debian + use unix sockets for tor<=>nginx
2023-01-29 23:31:51 +01:00
mv /etc/systemd/system/tor.service.d/ /etc/systemd/system/tor@default.service.d/
Use default Tor instead of instances
2022-06-10 03:20:19 +02:00
sed -i 's/User tor/User debian-tor/' /etc/tor/torrc
Niver > ServNest
2023-01-29 21:14:36 +01:00
sed -i 's/reload tor/reload tor@default/' /etc/sudoers.d/servnest
sed -i 's/ALL=(tor)/ALL=(debian-tor)/' /etc/sudoers.d/servnest
Fix tor on debian + use unix sockets for tor<=>nginx
2023-01-29 23:31:51 +01:00
sed -i 's/systemctl reload tor"/systemctl reload tor@default"/' /srv/servnest/core/config.ini
Niver > ServNest
2023-01-29 21:14:36 +01:00
sed -i 's/tor_user = "tor"/tor_user = "debian-tor"/' /srv/servnest/core/config.ini
Tor setup 2
2022-05-05 02:03:01 +02:00
fi
# Start SystemD services at startup
Add sudoers.d/niver, among other things
2022-05-03 15:41:14 +02:00
systemctl enable sftpgo
Initial commit
2022-04-20 00:29:47 +02:00
if [[ $ID = "arch" ]]; then
systemctl enable sshd
systemctl enable knot
systemctl enable nginx
Tor setup
2022-05-04 17:45:05 +02:00
systemctl enable tor
Initial commit
2022-04-20 00:29:47 +02:00
systemctl enable php-fpm
Fix Arch for latest mkosi + absolute_redirect off;
2022-07-20 20:06:29 +02:00
pacman-key --init
pacman-key --populate
Initial commit
2022-04-20 00:29:47 +02:00
fi