#!/usr/bin/bash source /etc/os-release # Create system users useradd -U -r -s /usr/sbin/nologin nginx useradd -U -r -s /usr/sbin/nologin php-niver useradd -U -r -s /usr/sbin/nologin php-errors useradd -U -r -s /usr/sbin/nologin sftpgo # Set proper permissions chown -R knot:knot /var/lib/knot/confdb chmod -R u=rwX,g=rwX,o= /var/lib/knot/confdb usermod -aG knot php-niver chown -R knot:knot /var/log/knot chmod -R 700 /var/log/knot chown -R php-niver:knot /srv/ns chmod -R 770 /srv/ns chown -R php-niver:php-niver /etc/nginx/ht chown -R sftpgo:sftpgo /etc/sftpgo chmod -R u=rwX,g=,o= /etc/sftpgo chown -R php-niver:sftpgo /srv/ht chmod -R u=rwX,g=rwX,o=rX /srv/ht if [[ $ID = "debian" ]]; then chown -R php-niver:_tor-niver /etc/tor/instances/niver else chown -R php-niver:tor /etc/tor/instances/niver fi chmod -R u=rwX,g=rX,o= /etc/tor/instances/niver chmod u=rX,g=rX,o=rX /srv/php chown -R php-errors:nginx /srv/php/errors chmod -R u=rX,g=rX,o= /srv/php/errors chown -R php-niver:nginx /srv/php/niver chmod -R u=rX,g=rX,o=X /srv/php/niver chmod -R u=rwX,g=rX,o= /srv/php/niver/public/css/ chmod -R u=rwX,g=,o= /srv/php/niver/db /srv/php/niver/niver.log chown sftpgo:sftpgo /srv/php/niver/sftpgo-auth.php chmod -R u=rx,g=rx,o= /srv/php/niver/sftpgo-auth.php chown sftpgo:sftpgo /srv/php/niver/auth.log chmod -R u=rw,g=rw,o= /srv/php/niver/auth.log # Load configuration in Knot database sudo -u knot knotc conf-import /etc/knot/knot.conf # PHP paths unification across distributions export PHP_INI=/etc/php/php.ini if [[ $ID = "debian" ]]; then rm /etc/php/7.4/fpm/php-fpm.conf ln -s /etc/php/php-fpm.conf /etc/php/7.4/fpm/php-fpm.conf ln -s /etc/php/php-fpm.d/ /etc/php/7.4/fpm/pool.d export PHP_INI=/etc/php/7.4/fpm/php.ini fi # Configure PHP-FPM properly cat >> $PHP_INI << EOF expose_php = Off display_errors = On extension = pdo_sqlite EOF if [[ $ID = "arch" ]]; then ln -s /etc/tor/instances/niver/torrc /etc/tor/torrc fi # Start SystemD services at startup systemctl enable sftpgo if [[ $ID = "arch" ]]; then systemctl enable sshd systemctl enable knot systemctl enable nginx systemctl enable tor systemctl enable php-fpm fi