You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

100 lines
2.8 KiB

source /etc/os-release
# Create system users
useradd -U -r -s /usr/sbin/nologin nginx
useradd -U -r -s /usr/sbin/nologin servnest
useradd -U -r -s /usr/sbin/nologin sftpgo
# Set proper permissions
chown -R knot:knot /var/lib/knot/confdb
chmod -R u=rwX,g=rwX,o= /var/lib/knot/confdb
usermod -aG knot servnest
chown -R knot:knot /var/log/knot
chmod -R u=rwX,g=,o= /var/log/knot
chown -R servnest:knot /srv/servnest/ns
chmod -R u=rwX,g=rwX,o= /srv/servnest/ns
chown -R servnest:knot /srv/servnest/reg
chmod -R u=rwX,g=rwX,o= /srv/servnest/reg
chown -R servnest:nginx /srv/servnest/nginx /srv/servnest/subpath /srv/servnest/subdomain
chmod -R u=rwX,g=rX,o= /srv/servnest/nginx /srv/servnest/subpath /srv/servnest/subdomain
chown -R sftpgo:sftpgo /etc/sftpgo
chmod -R u=rX,g=rX,o=rX /etc/sftpgo
chmod u=r,g=,o= /etc/sftpgo/ed25519
chown -R servnest:sftpgo /srv/servnest/ht
chmod -R u=rwX,g=rwX,o=rX /srv/servnest/ht
if [[ $ID = "debian" ]]; then
chown -R servnest:debian-tor /srv/servnest/tor-config
chown -R debian-tor:debian-tor /srv/servnest/tor-keys
chown -R servnest:tor /srv/servnest/tor-config
chown -R tor:tor /srv/servnest/tor-keys
chmod -R u=rwX,g=rX,o= /srv/servnest/tor-config
chmod -R u=rwX,g=,o= /srv/servnest/tor-keys
chown -R servnest:nginx /srv/servnest/core /srv/servnest/errors
chmod -R u=rX,g=rX,o= /srv/servnest/core /srv/servnest/errors
chown -R servnest:servnest /srv/servnest/core/db
chmod -R u=rwX,g=,o= /srv/servnest/core/db
# Load configuration in Knot database
sudo -u knot knotc conf-import /etc/knot/knot.conf
# PHP paths unification across distributions
export PHP_INI=/etc/php/php.ini
if [[ $ID = "debian" ]]; then
rm /etc/php/8.2/fpm/php-fpm.conf
ln -s /etc/php/php-fpm.conf /etc/php/8.2/fpm/php-fpm.conf
ln -s /etc/php/php-fpm.d/ /etc/php/8.2/fpm/pool.d
export PHP_INI=/etc/php/8.2/fpm/php.ini
# Configure PHP-FPM properly
cat >> $PHP_INI << EOF
expose_php = Off
display_errors = On
extension = pdo_sqlite
extension = sodium
extension = gettext
zend_extension = opcache
opcache.jit_buffer_size = 32M
# Configure Tor
if [[ $ID = "debian" ]]; then
mv /etc/systemd/system/tor.service.d/ /etc/systemd/system/tor@default.service.d/
sed -i 's/User tor/User debian-tor/' /etc/tor/torrc
sed -i 's/reload tor/reload tor@default/' /etc/sudoers.d/servnest
sed -i 's/ALL=(tor)/ALL=(debian-tor)/' /etc/sudoers.d/servnest
sed -i 's/systemctl reload tor"/systemctl reload tor@default"/' /srv/servnest/core/config.ini
sed -i 's/tor_user = "tor"/tor_user = "debian-tor"/' /srv/servnest/core/config.ini
# Start SystemD services at startup
systemctl enable sftpgo
if [[ $ID = "arch" ]]; then
systemctl enable sshd
systemctl enable knot
systemctl enable nginx
systemctl enable tor
systemctl enable php-fpm
pacman-key --init
pacman-key --populate