Move important scripts and configs to /install
This commit is contained in:
parent
26529e4c91
commit
216f747033
|
@ -1,6 +1,4 @@
|
|||
/mkosi.cache/*
|
||||
!/mkosi.cache/.gitkeep
|
||||
/mkosi.passphrase
|
||||
/mkosi.passwd
|
||||
/mkosi.skeleton/root/.ssh/authorized_keys
|
||||
/mkosi.skeleton/usr/local/bin/sftpgo
|
||||
/root/.ssh/authorized_keys
|
||||
/usr/local/bin/sftpgo
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm main
|
|
@ -0,0 +1,3 @@
|
|||
d /run/servnest 0555 root root - -
|
||||
d /run/knot 0755 knot knot - -
|
||||
d /run/php-fpm 0755 nginx nginx - -
|
|
@ -0,0 +1,24 @@
|
|||
# Set users and groups names
|
||||
export sftpgo='sftpgo'
|
||||
export servnest='servnest'
|
||||
export knot='knot'
|
||||
export nginx='nginx'
|
||||
export tor='tor'
|
||||
if [[ $OS = "debian" ]]; then
|
||||
export tor='debian-tor'
|
||||
fi
|
||||
|
||||
# Create system users and groups
|
||||
useradd -U -r -s $(which nologin) $nginx
|
||||
useradd -U -r -s $(which nologin) $servnest
|
||||
useradd -U -r -s $(which nologin) $sftpgo
|
||||
|
||||
# Execute installation steps
|
||||
source /install/sudo.sh
|
||||
source /install/tor.sh
|
||||
source /install/knot.sh
|
||||
source /install/servnest.sh
|
||||
source /install/php.sh
|
||||
source /install/nginx.sh
|
||||
source /install/sftpgo.sh
|
||||
source /install/permissions.sh
|
|
@ -6,7 +6,7 @@ server:
|
|||
listen: [ "::1@42053", "127.0.0.1@42053" ]
|
||||
|
||||
log:
|
||||
- target: "/var/log/knot/knot.log"
|
||||
- target: "syslog"
|
||||
any: "debug"
|
||||
|
||||
database:
|
|
@ -0,0 +1,5 @@
|
|||
#!/usr/bin/bash
|
||||
|
||||
# Load configuration in Knot database
|
||||
sudo -u $knot mkdir -p /var/lib/knot/confdb/
|
||||
sudo -u $knot knotc conf-import /install/knot.conf
|
|
@ -0,0 +1,7 @@
|
|||
#!/usr/bin/bash
|
||||
|
||||
# Generate default self-signed TLS key pair
|
||||
openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/servnest.key -out /etc/ssl/certs/servnest.crt
|
||||
|
||||
rm -r /etc/nginx/*
|
||||
cp -r /install/nginx/* /etc/nginx/
|
|
@ -0,0 +1,9 @@
|
|||
# Required by PHP-FPM
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
|
||||
# Required by ServNest
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
|
@ -0,0 +1,3 @@
|
|||
# This configuration file is included by dedicated Onion sites created by ServNest
|
||||
|
||||
include inc/ht.conf;
|
|
@ -0,0 +1,4 @@
|
|||
# This configuration file is included by dedicated DNS and TLS sites created by ServNest
|
||||
|
||||
include inc/ht.conf;
|
||||
include inc/tls.conf;
|
|
@ -1,8 +1,7 @@
|
|||
more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; font-src 'self' data:; media-src 'self' data:; frame-ancestors 'none'; form-action 'none';";
|
||||
|
||||
location / {
|
||||
index index.html index.md index.gmi;
|
||||
try_files $uri $uri/ =404;
|
||||
try_files $uri $uri/index.html $uri/index.md $uri/index.gmi =404;
|
||||
}
|
||||
|
||||
include inc/errors.conf;
|
|
@ -27,8 +27,8 @@ http {
|
|||
|
||||
# Logging
|
||||
map $http_cookie $loggable {
|
||||
"" 0;
|
||||
default 1;
|
||||
"" 0;
|
||||
default 1;
|
||||
}
|
||||
log_format servnest '|$time_local| [$remote_addr]@$server_name {$ssl_protocol $ssl_cipher} $status $body_bytes_sent "$request" "$http_user_agent"';
|
||||
error_log /var/log/nginx/error.log notice;
|
|
@ -1,3 +1,5 @@
|
|||
# This server block is reached only if no other server block can match, and displays some explanations
|
||||
|
||||
server {
|
||||
listen [::1]:42443 ssl http2 default_server;
|
||||
listen 127.0.0.1:42443 ssl http2 default_server;
|
|
@ -1,3 +1,5 @@
|
|||
# This server block should listen on port 80 to warn users they tried to make an unsecure connection
|
||||
|
||||
server {
|
||||
listen [::1]:42080 default_server;
|
||||
listen 127.0.0.1:42080 default_server;
|
|
@ -1,3 +1,5 @@
|
|||
# This server block is the publicly exposed ServNest control interface
|
||||
|
||||
server {
|
||||
listen [::1]:42443 ssl http2;
|
||||
listen 127.0.0.1:42443 ssl http2;
|
||||
|
@ -10,6 +12,7 @@ server {
|
|||
|
||||
more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self'; frame-ancestors 'none'; form-action 'self';";
|
||||
|
||||
# Main ServNest interface
|
||||
location / {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass unix:/run/php-fpm/servnest.sock;
|
||||
|
@ -17,6 +20,7 @@ server {
|
|||
try_files /router.php =500;
|
||||
}
|
||||
|
||||
# The router doesn't manage CSS files
|
||||
location /css {
|
||||
alias /srv/servnest/core/css;
|
||||
}
|
||||
|
@ -25,6 +29,7 @@ server {
|
|||
alias /srv/servnest/docs;
|
||||
}
|
||||
|
||||
# For a public server, these should point to a Let's Encrypt-trusted key pair
|
||||
ssl_certificate /etc/ssl/certs/servnest.crt;
|
||||
ssl_certificate_key /etc/ssl/private/servnest.key;
|
||||
}
|
|
@ -1,5 +1,7 @@
|
|||
# This server block and the PHP script it maps make ServNest authentication available to the SFTPGo external authenticator
|
||||
|
||||
server {
|
||||
listen [::1]:8055;
|
||||
listen [::1]:8055; # It's meant to stay a private IP
|
||||
|
||||
root /srv/servnest/core;
|
||||
|
|
@ -1,3 +1,5 @@
|
|||
# Maps subdomain to filesystem subpath
|
||||
|
||||
server {
|
||||
listen [::1]:42443 ssl http2;
|
||||
listen 127.0.0.1:42443 ssl http2;
|
|
@ -1,3 +1,5 @@
|
|||
# Maps HTTP subpath to filesystem subpath
|
||||
|
||||
server {
|
||||
listen [::1]:42443 ssl http2;
|
||||
listen 127.0.0.1:42443 ssl http2;
|
|
@ -0,0 +1,35 @@
|
|||
#!/usr/bin/bash
|
||||
|
||||
# We need servnest to be allowed to configure Knot
|
||||
usermod -aG $knot $servnest # Add user servnest to group knot
|
||||
chown -R $knot: /var/lib/knot/confdb
|
||||
chmod -R u=rwX,g=rwX,o= /var/lib/knot/confdb
|
||||
|
||||
chown -R $knot: /var/log/knot
|
||||
chmod -R u=rwX,g=,o= /var/log/knot
|
||||
|
||||
chown -R $servnest:$knot /srv/servnest/ns
|
||||
chmod -R u=rwX,g=rwX,o= /srv/servnest/ns
|
||||
chown -R $servnest:$knot /srv/servnest/reg
|
||||
chmod -R u=rwX,g=rwX,o= /srv/servnest/reg
|
||||
|
||||
chown -R $servnest:$nginx /srv/servnest/nginx /srv/servnest/subpath /srv/servnest/subdomain
|
||||
chmod -R u=rwX,g=rX,o= /srv/servnest/nginx /srv/servnest/subpath /srv/servnest/subdomain
|
||||
|
||||
usermod -aG $sftpgo $servnest
|
||||
chown -R $nginx:$sftpgo /srv/servnest/ht
|
||||
chmod -R u=rX,g=rwX,o= /srv/servnest/ht
|
||||
|
||||
chown -R $sftpgo: /etc/sftpgo
|
||||
chmod -R u=rX,g=rX,o= /etc/sftpgo
|
||||
chmod u=r,g=,o= /etc/sftpgo/ed25519
|
||||
|
||||
chown -R $servnest:$tor /srv/servnest/tor-config
|
||||
chmod -R u=rwX,g=rX,o= /srv/servnest/tor-config
|
||||
chown -R $tor: /srv/servnest/tor-keys
|
||||
chmod -R u=rwX,g=,o= /srv/servnest/tor-keys
|
||||
|
||||
chown -R $servnest:$nginx /srv/servnest/core /srv/servnest/errors
|
||||
chmod -R u=rX,g=rX,o= /srv/servnest/core /srv/servnest/errors
|
||||
chown -R $servnest: /srv/servnest/core/db
|
||||
chmod -R u=rwX,g=,o= /srv/servnest/core/db
|
|
@ -1,3 +1,5 @@
|
|||
; https://www.php.net/manual/install.fpm.configuration.php
|
||||
|
||||
[servnest]
|
||||
|
||||
user = $pool
|
|
@ -0,0 +1,14 @@
|
|||
extension = pdo
|
||||
extension = pdo_sqlite
|
||||
extension = sodium
|
||||
extension = gettext
|
||||
|
||||
expose_php = Off
|
||||
zend_extension = opcache
|
||||
opcache.jit_buffer_size = 32M
|
||||
|
||||
output_buffering = 4096
|
||||
short_open_tag = Off
|
||||
|
||||
; Set this to Off for a public setup
|
||||
display_errors = On
|
|
@ -0,0 +1,18 @@
|
|||
#!/usr/bin/bash
|
||||
|
||||
rm -r /etc/php/*
|
||||
cp /install/php-fpm.conf /etc/php/
|
||||
|
||||
export PHP_INI=/etc/php/php.ini
|
||||
|
||||
if [[ $OS = "debian" ]]; then
|
||||
mkdir -p /etc/php/8.2/fpm/
|
||||
mv /etc/php/php-fpm.conf /etc/php/8.2/fpm/
|
||||
export PHP_INI=/etc/php/8.2/fpm/php.ini
|
||||
fi
|
||||
|
||||
cp /install/php.ini $PHP_INI
|
||||
|
||||
# For systemd
|
||||
mkdir /etc/systemd/system/php-fpm.service.d
|
||||
cp /install/php-fpm.service.override.conf /etc/systemd/system/php-fpm.service.d/
|
|
@ -0,0 +1,9 @@
|
|||
#!/usr/bin/bash
|
||||
|
||||
# Create database
|
||||
sqlite3 /srv/servnest/core/db/servnest.db < /srv/servnest/core/db/schema.sql
|
||||
|
||||
sqlite3 /srv/servnest/core/db/servnest.db <<< "UPDATE params SET value = '$(openssl rand -hex 16)' WHERE name = 'username_salt';"
|
||||
|
||||
# Create translation Machine Objects files
|
||||
msgfmt /srv/servnest/core/locales/fr/C/LC_MESSAGES/messages.po -o /srv/servnest/core/locales/fr/C/LC_MESSAGES/messages.mo
|
|
@ -0,0 +1,21 @@
|
|||
#!/usr/bin/bash
|
||||
|
||||
chmod +x /usr/local/bin/sftpgo
|
||||
|
||||
mkdir /etc/sftpgo
|
||||
|
||||
# Generate SFTPGo key pair
|
||||
ssh-keygen -f /etc/sftpgo/ed25519 -t ed25519 -N "" -C ""
|
||||
# Generate fingerprints
|
||||
fp=($(ssh-keygen -l -f /etc/sftpgo/ed25519))
|
||||
echo ${fp[1]} > /etc/sftpgo/ed25519.fp
|
||||
ssh-keygen -lv -f /etc/sftpgo/ed25519 | tail -n +2 > /etc/sftpgo/ed25519.asciiart
|
||||
# Generate SSHFP record
|
||||
echo ht.servnest.test. 86400 SSHFP 4 2 $(cut -d ' ' -f 2 /etc/sftpgo/ed25519.pub | base64 -d | sha256sum | cut -d ' ' -f 1) >> /srv/servnest/reg/servnest.test.zone
|
||||
|
||||
cp /install/sftpgo.toml /etc/sftpgo/
|
||||
touch /etc/sftpgo/banner.txt
|
||||
|
||||
# For systemd
|
||||
cp /install/sftpgo.service /etc/systemd/system/
|
||||
systemctl enable sftpgo
|
|
@ -0,0 +1,3 @@
|
|||
#!/usr/bin/bash
|
||||
|
||||
cp /install/sudoers /etc/sudoers.d/servnest
|
|
@ -0,0 +1,14 @@
|
|||
rm -r /etc/tor/*
|
||||
cp /install/torrc /etc/tor/
|
||||
|
||||
mkdir /etc/systemd/system/tor.service.d
|
||||
cp /install/tor.service.override.conf /etc/systemd/system/tor.service.d/
|
||||
|
||||
if [[ $OS = "debian" ]]; then
|
||||
mv /etc/systemd/system/tor.service.d/ /etc/systemd/system/tor@default.service.d/
|
||||
sed -i 's/User tor/User debian-tor/' /etc/tor/torrc
|
||||
sed -i 's/reload tor/reload tor@default/' /etc/sudoers.d/servnest
|
||||
sed -i 's/ALL=(tor)/ALL=(debian-tor)/' /etc/sudoers.d/servnest
|
||||
sed -i 's/systemctl reload tor"/systemctl reload tor@default"/' /srv/servnest/core/config.ini
|
||||
sed -i 's/tor_user = "tor"/tor_user = "debian-tor"/' /srv/servnest/core/config.ini
|
||||
fi
|
|
@ -2,7 +2,4 @@ User tor
|
|||
SocksPort 0
|
||||
DataDirectory /var/lib/tor
|
||||
|
||||
HiddenServiceNonAnonymousMode 1
|
||||
HiddenServiceSingleHopMode 1
|
||||
|
||||
%include /srv/servnest/tor-config/*
|
|
@ -6,6 +6,9 @@ Format = directory
|
|||
Hostname = servnest.test
|
||||
|
||||
[Content]
|
||||
RemoveFiles = /.git,/.gitignore,/mkosi.*,/*.md
|
||||
Cache = ../mkosi.cache/
|
||||
ExtraTree = ./
|
||||
BasePackages = yes
|
||||
WithDocs = yes
|
||||
WithNetwork = yes
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bullseye main
|
||||
deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bullseye-backports main
|
||||
deb tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bullseye-security main
|
|
@ -1,26 +0,0 @@
|
|||
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param DOCUMENT_URI $document_uri;
|
||||
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param REQUEST_SCHEME $scheme;
|
||||
fastcgi_param HTTPS $https if_not_empty;
|
||||
|
||||
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
||||
|
||||
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
fastcgi_param REMOTE_PORT $remote_port;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
||||
fastcgi_param REDIRECT_STATUS 200;
|
|
@ -1 +0,0 @@
|
|||
include inc/ht.conf;
|
|
@ -1,2 +0,0 @@
|
|||
include inc/ht.conf;
|
||||
include inc/tls.conf;
|
|
@ -1,3 +0,0 @@
|
|||
[global]
|
||||
|
||||
include = /etc/php/php-fpm.d/*.conf
|
|
@ -1,24 +0,0 @@
|
|||
[servnest]
|
||||
|
||||
user = $pool
|
||||
group = knot
|
||||
|
||||
listen = /run/php-fpm/$pool.sock
|
||||
|
||||
listen.owner = nginx
|
||||
listen.group = nginx
|
||||
|
||||
pm = dynamic
|
||||
pm.max_children = 5
|
||||
pm.start_servers = 2
|
||||
pm.min_spare_servers = 1
|
||||
pm.max_spare_servers = 3
|
||||
|
||||
access.log = /var/log/php/$pool-access.log
|
||||
|
||||
catch_workers_output = yes
|
||||
decorate_workers_output = yes
|
||||
|
||||
clear_env = yes
|
||||
|
||||
security.limit_extensions = .php
|
|
@ -1 +0,0 @@
|
|||
d /run/php-fpm 755 nginx nginx
|
|
@ -1,93 +1,14 @@
|
|||
#!/usr/bin/bash
|
||||
source /etc/os-release
|
||||
export OS=$ID
|
||||
|
||||
# Create system users
|
||||
useradd -U -r -s /usr/sbin/nologin nginx
|
||||
useradd -U -r -s /usr/sbin/nologin servnest
|
||||
useradd -U -r -s /usr/sbin/nologin sftpgo
|
||||
# Generate OpenSSH server key pair
|
||||
ssh-keygen -f /etc/ssh/ed25519 -t ed25519 -N ""
|
||||
ssh-keygen -lvf /etc/ssh/ed25519 > /etc/ssh/ed25519.fp
|
||||
|
||||
# Set proper permissions
|
||||
source /install/install.sh
|
||||
|
||||
chown -R knot:knot /var/lib/knot/confdb
|
||||
chmod -R u=rwX,g=rwX,o= /var/lib/knot/confdb
|
||||
usermod -aG knot servnest
|
||||
|
||||
chown -R knot:knot /var/log/knot
|
||||
chmod -R u=rwX,g=,o= /var/log/knot
|
||||
|
||||
chown -R servnest:knot /srv/servnest/ns
|
||||
chmod -R u=rwX,g=rwX,o= /srv/servnest/ns
|
||||
chown -R servnest:knot /srv/servnest/reg
|
||||
chmod -R u=rwX,g=rwX,o= /srv/servnest/reg
|
||||
|
||||
chown -R servnest:nginx /srv/servnest/nginx /srv/servnest/subpath /srv/servnest/subdomain
|
||||
chmod -R u=rwX,g=rX,o= /srv/servnest/nginx /srv/servnest/subpath /srv/servnest/subdomain
|
||||
|
||||
chown -R sftpgo:sftpgo /etc/sftpgo
|
||||
chmod -R u=rX,g=rX,o=rX /etc/sftpgo
|
||||
chmod u=r,g=,o= /etc/sftpgo/ed25519
|
||||
|
||||
chown -R servnest:sftpgo /srv/servnest/ht
|
||||
chmod -R u=rwX,g=rwX,o=rX /srv/servnest/ht
|
||||
|
||||
if [[ $ID = "debian" ]]; then
|
||||
chown -R servnest:debian-tor /srv/servnest/tor-config
|
||||
chown -R debian-tor:debian-tor /srv/servnest/tor-keys
|
||||
else
|
||||
chown -R servnest:tor /srv/servnest/tor-config
|
||||
chown -R tor:tor /srv/servnest/tor-keys
|
||||
fi
|
||||
chmod -R u=rwX,g=rX,o= /srv/servnest/tor-config
|
||||
chmod -R u=rwX,g=,o= /srv/servnest/tor-keys
|
||||
|
||||
chown -R servnest:nginx /srv/servnest/core /srv/servnest/errors
|
||||
chmod -R u=rX,g=rX,o= /srv/servnest/core /srv/servnest/errors
|
||||
chown -R servnest:servnest /srv/servnest/core/db
|
||||
chmod -R u=rwX,g=,o= /srv/servnest/core/db
|
||||
|
||||
# Load configuration in Knot database
|
||||
sudo -u knot knotc conf-import /etc/knot/knot.conf
|
||||
|
||||
# PHP paths unification across distributions
|
||||
|
||||
export PHP_INI=/etc/php/php.ini
|
||||
|
||||
if [[ $ID = "debian" ]]; then
|
||||
rm /etc/php/8.2/fpm/php-fpm.conf
|
||||
ln -s /etc/php/php-fpm.conf /etc/php/8.2/fpm/php-fpm.conf
|
||||
ln -s /etc/php/php-fpm.d/ /etc/php/8.2/fpm/pool.d
|
||||
|
||||
export PHP_INI=/etc/php/8.2/fpm/php.ini
|
||||
fi
|
||||
|
||||
# Configure PHP-FPM properly
|
||||
|
||||
cat >> $PHP_INI << EOF
|
||||
expose_php = Off
|
||||
display_errors = On
|
||||
extension = pdo_sqlite
|
||||
extension = sodium
|
||||
extension = gettext
|
||||
zend_extension = opcache
|
||||
opcache.jit_buffer_size = 32M
|
||||
EOF
|
||||
|
||||
# Configure Tor
|
||||
|
||||
if [[ $ID = "debian" ]]; then
|
||||
mv /etc/systemd/system/tor.service.d/ /etc/systemd/system/tor@default.service.d/
|
||||
sed -i 's/User tor/User debian-tor/' /etc/tor/torrc
|
||||
sed -i 's/reload tor/reload tor@default/' /etc/sudoers.d/servnest
|
||||
sed -i 's/ALL=(tor)/ALL=(debian-tor)/' /etc/sudoers.d/servnest
|
||||
sed -i 's/systemctl reload tor"/systemctl reload tor@default"/' /srv/servnest/core/config.ini
|
||||
sed -i 's/tor_user = "tor"/tor_user = "debian-tor"/' /srv/servnest/core/config.ini
|
||||
fi
|
||||
|
||||
# Start SystemD services at startup
|
||||
|
||||
systemctl enable sftpgo
|
||||
|
||||
if [[ $ID = "arch" ]]; then
|
||||
if [[ $OS = "arch" ]]; then
|
||||
systemctl enable sshd
|
||||
systemctl enable knot
|
||||
systemctl enable nginx
|
||||
|
|
|
@ -1,40 +0,0 @@
|
|||
#!/usr/bin/bash
|
||||
source /etc/os-release
|
||||
|
||||
chmod +x /usr/local/bin/sftpgo
|
||||
|
||||
# Clear configuration (will be filled with mkosi.extra/)
|
||||
rm -r /etc/nginx/*
|
||||
rm -r /etc/ssh/*
|
||||
rm /etc/tor/torrc
|
||||
if [[ $ID = "debian" ]]; then
|
||||
rm -r /etc/php/8.2/fpm/pool.d
|
||||
rm /usr/lib/tmpfiles.d/php8.2-fpm.conf
|
||||
fi
|
||||
if [[ $ID = "arch" ]]; then
|
||||
rm /etc/php/php-fpm.d/*
|
||||
fi
|
||||
|
||||
# Generate default self-signed TLS key pair
|
||||
openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/servnest.key -out /etc/ssl/certs/servnest.crt
|
||||
|
||||
# Generate OpenSSH server key pair
|
||||
ssh-keygen -f /etc/ssh/ed25519 -t ed25519 -N ""
|
||||
ssh-keygen -lvf /etc/ssh/ed25519 > /etc/ssh/ed25519.fp
|
||||
|
||||
# Generate SFTPGo key pair
|
||||
ssh-keygen -f /etc/sftpgo/ed25519 -t ed25519 -N "" -C ""
|
||||
# Generate fingerprints
|
||||
fp=($(ssh-keygen -l -f /etc/sftpgo/ed25519))
|
||||
echo ${fp[1]} > /etc/sftpgo/ed25519.fp
|
||||
ssh-keygen -lv -f /etc/sftpgo/ed25519 | tail -n +2 > /etc/sftpgo/ed25519.asciiart
|
||||
# Generate SSHFP record
|
||||
echo ht.servnest.test. 86400 SSHFP 4 2 $(cut -d ' ' -f 2 /etc/sftpgo/ed25519.pub | base64 -d | sha256sum | cut -d ' ' -f 1) >> /srv/servnest/reg/servnest.test.zone
|
||||
|
||||
# Create database
|
||||
sqlite3 /srv/servnest/core/db/servnest.db < /srv/servnest/core/db/schema.sql
|
||||
|
||||
sqlite3 /srv/servnest/core/db/servnest.db <<< "UPDATE params SET value = '$(openssl rand -hex 16)' WHERE name = 'username_salt';"
|
||||
|
||||
# Create translation Machine Objects files
|
||||
msgfmt /srv/servnest/core/locales/fr/C/LC_MESSAGES/messages.po -o /srv/servnest/core/locales/fr/C/LC_MESSAGES/messages.mo
|
|
@ -1,3 +0,0 @@
|
|||
d /run/servnest 0555 root root - -
|
||||
d /run/knot 0755 knot knot - -
|
||||
d /var/lib/knot 0770 knot knot - -
|
|
@ -1,12 +1,12 @@
|
|||
#!/usr/bin/bash
|
||||
|
||||
source /etc/os-release
|
||||
|
||||
export GO=/usr/bin/go
|
||||
if [[ $ID = "debian" ]]; then
|
||||
if [[ $OS = "debian" ]]; then
|
||||
export GO=/usr/lib/go-1.19/bin/go
|
||||
fi
|
||||
|
||||
git clone https://github.com/drakkan/sftpgo /root/sftpgo-src
|
||||
cd /root/sftpgo-src
|
||||
git checkout v2.4.0
|
||||
git checkout $(git tag | tail -n 1)
|
||||
$GO build -o /usr/local/bin/sftpgo
|
|
@ -0,0 +1 @@
|
|||
Subproject commit ac6d311ada4cbc0557d1c56bd61d81a543d7f767
|
|
@ -0,0 +1 @@
|
|||
Subproject commit fbe714909c09701253c3f7e6254a2fab42b35161
|
|
@ -0,0 +1 @@
|
|||
|
Loading…
Reference in New Issue