servnest-mkosi/mkosi.prepare

#!/usr/bin/bash
source /etc/os-release

chmod +x /usr/local/bin/sftpgo

# Clear configuration (will be filled with mkosi.extra/)
rm -r /etc/nginx/*
rm -r /etc/ssh/*
rm /etc/tor/torrc
if [[ $ID = "debian" ]]; then
	rm -r /etc/php/8.2/fpm/pool.d
	rm /usr/lib/tmpfiles.d/php8.2-fpm.conf
fi
if [[ $ID = "arch" ]]; then
	rm /etc/php/php-fpm.d/*
fi

# Generate default self-signed TLS key pair
openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/servnest.key -out /etc/ssl/certs/servnest.crt

# Generate OpenSSH server key pair
ssh-keygen -f /etc/ssh/ed25519 -t ed25519 -N ""
ssh-keygen -lvf /etc/ssh/ed25519 > /etc/ssh/ed25519.fp

# Generate SFTPGo key pair
ssh-keygen -f /etc/sftpgo/ed25519 -t ed25519 -N "" -C ""
# Generate fingerprints
fp=($(ssh-keygen -l -f /etc/sftpgo/ed25519))
echo ${fp[1]} > /etc/sftpgo/ed25519.fp
ssh-keygen -lv -f /etc/sftpgo/ed25519 | tail -n +2 > /etc/sftpgo/ed25519.asciiart
# Generate SSHFP record
echo ht.servnest.test. 86400 SSHFP 4 2 $(cut -d ' ' -f 2 /etc/sftpgo/ed25519.pub | base64 -d | sha256sum | cut -d ' ' -f 1) >> /srv/servnest/reg/servnest.test.zone

# Create database
sqlite3 /srv/servnest/core/db/servnest.db < /srv/servnest/core/db/schema.sql

sqlite3 /srv/servnest/core/db/servnest.db <<< "UPDATE params SET value = '$(openssl rand -hex 16)' WHERE name = 'username_salt';"

# Create translation Machine Objects files
msgfmt /srv/servnest/core/locales/fr/C/LC_MESSAGES/messages.po -o /srv/servnest/core/locales/fr/C/LC_MESSAGES/messages.mo
Initial commit 2022-04-20 00:29:47 +02:00			`#!/usr/bin/bash`
Add sudoers.d/niver, among other things 2022-05-03 15:41:14 +02:00			`source /etc/os-release`
Initial commit 2022-04-20 00:29:47 +02:00
chmod +x /usr/local/bin/sftpgo 2022-11-27 00:13:05 +01:00			`chmod +x /usr/local/bin/sftpgo`

Tor setup 2 2022-05-05 02:03:01 +02:00			`# Clear configuration (will be filled with mkosi.extra/)`
Initial commit 2022-04-20 00:29:47 +02:00			`rm -r /etc/nginx/*`
			`rm -r /etc/ssh/*`
Tor setup 2 2022-05-05 02:03:01 +02:00			`rm /etc/tor/torrc`
Initial commit 2022-04-20 00:29:47 +02:00			`if [[ $ID = "debian" ]]; then`
Niver > ServNest 2023-01-29 21:14:36 +01:00			`rm -r /etc/php/8.2/fpm/pool.d`
			`rm /usr/lib/tmpfiles.d/php8.2-fpm.conf`
Add sudoers.d/niver, among other things 2022-05-03 15:41:14 +02:00			`fi`
			`if [[ $ID = "arch" ]]; then`
			`rm /etc/php/php-fpm.d/*`
Initial commit 2022-04-20 00:29:47 +02:00			`fi`

			`# Generate default self-signed TLS key pair`
Niver > ServNest 2023-01-29 21:14:36 +01:00			`openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/servnest.key -out /etc/ssl/certs/servnest.crt`
Initial commit 2022-04-20 00:29:47 +02:00
Better SFTPGo + remove maniver 2022-05-08 21:44:06 +02:00			`# Generate OpenSSH server key pair`
Initial commit 2022-04-20 00:29:47 +02:00			`ssh-keygen -f /etc/ssh/ed25519 -t ed25519 -N ""`
			`ssh-keygen -lvf /etc/ssh/ed25519 > /etc/ssh/ed25519.fp`
Better SFTPGo + remove maniver 2022-05-08 21:44:06 +02:00
			`# Generate SFTPGo key pair`
Generate SFTPGo fingerprints 2022-05-31 23:56:38 +02:00			`ssh-keygen -f /etc/sftpgo/ed25519 -t ed25519 -N "" -C ""`
			`# Generate fingerprints`
			`fp=($(ssh-keygen -l -f /etc/sftpgo/ed25519))`
			`echo ${fp[1]} > /etc/sftpgo/ed25519.fp`
			`ssh-keygen -lv -f /etc/sftpgo/ed25519 \| tail -n +2 > /etc/sftpgo/ed25519.asciiart`
Generate SSHFP records 2022-06-09 03:28:39 +02:00			`# Generate SSHFP record`
Niver > ServNest 2023-01-29 21:14:36 +01:00			`echo ht.servnest.test. 86400 SSHFP 4 2 $(cut -d ' ' -f 2 /etc/sftpgo/ed25519.pub \| base64 -d \| sha256sum \| cut -d ' ' -f 1) >> /srv/servnest/reg/servnest.test.zone`
Update Nginx config + SFTP http authentication + SQLite db from sql 2022-05-20 16:31:40 +02:00
			`# Create database`
Niver > ServNest 2023-01-29 21:14:36 +01:00			`sqlite3 /srv/servnest/core/db/servnest.db < /srv/servnest/core/db/schema.sql`

			`sqlite3 /srv/servnest/core/db/servnest.db <<< "UPDATE params SET value = '$(openssl rand -hex 16)' WHERE name = 'username_salt';"`

			`# Create translation Machine Objects files`
			`msgfmt /srv/servnest/core/locales/fr/C/LC_MESSAGES/messages.po -o /srv/servnest/core/locales/fr/C/LC_MESSAGES/messages.mo`