You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
100 lines
2.8 KiB
Bash
100 lines
2.8 KiB
Bash
#!/usr/bin/bash
|
|
source /etc/os-release
|
|
|
|
# Create system users
|
|
useradd -U -r -s /usr/sbin/nologin nginx
|
|
useradd -U -r -s /usr/sbin/nologin servnest
|
|
useradd -U -r -s /usr/sbin/nologin sftpgo
|
|
|
|
# Set proper permissions
|
|
|
|
chown -R knot:knot /var/lib/knot/confdb
|
|
chmod -R u=rwX,g=rwX,o= /var/lib/knot/confdb
|
|
usermod -aG knot servnest
|
|
|
|
chown -R knot:knot /var/log/knot
|
|
chmod -R u=rwX,g=,o= /var/log/knot
|
|
|
|
chown -R servnest:knot /srv/servnest/ns
|
|
chmod -R u=rwX,g=rwX,o= /srv/servnest/ns
|
|
chown -R servnest:knot /srv/servnest/reg
|
|
chmod -R u=rwX,g=rwX,o= /srv/servnest/reg
|
|
|
|
chown -R servnest:nginx /srv/servnest/nginx /srv/servnest/subpath /srv/servnest/subdomain
|
|
chmod -R u=rwX,g=rX,o= /srv/servnest/nginx /srv/servnest/subpath /srv/servnest/subdomain
|
|
|
|
chown -R sftpgo:sftpgo /etc/sftpgo
|
|
chmod -R u=rX,g=rX,o=rX /etc/sftpgo
|
|
chmod u=r,g=,o= /etc/sftpgo/ed25519
|
|
|
|
chown -R servnest:sftpgo /srv/servnest/ht
|
|
chmod -R u=rwX,g=rwX,o=rX /srv/servnest/ht
|
|
|
|
if [[ $ID = "debian" ]]; then
|
|
chown -R servnest:debian-tor /srv/servnest/tor-config
|
|
chown -R debian-tor:debian-tor /srv/servnest/tor-keys
|
|
else
|
|
chown -R servnest:tor /srv/servnest/tor-config
|
|
chown -R tor:tor /srv/servnest/tor-keys
|
|
fi
|
|
chmod -R u=rwX,g=rX,o= /srv/servnest/tor-config
|
|
chmod -R u=rwX,g=,o= /srv/servnest/tor-keys
|
|
|
|
chown -R servnest:nginx /srv/servnest/core /srv/servnest/errors
|
|
chmod -R u=rX,g=rX,o= /srv/servnest/core /srv/servnest/errors
|
|
chown -R servnest:servnest /srv/servnest/core/db
|
|
chmod -R u=rwX,g=,o= /srv/servnest/core/db
|
|
|
|
# Load configuration in Knot database
|
|
sudo -u knot knotc conf-import /etc/knot/knot.conf
|
|
|
|
# PHP paths unification across distributions
|
|
|
|
export PHP_INI=/etc/php/php.ini
|
|
|
|
if [[ $ID = "debian" ]]; then
|
|
rm /etc/php/8.2/fpm/php-fpm.conf
|
|
ln -s /etc/php/php-fpm.conf /etc/php/8.2/fpm/php-fpm.conf
|
|
ln -s /etc/php/php-fpm.d/ /etc/php/8.2/fpm/pool.d
|
|
|
|
export PHP_INI=/etc/php/8.2/fpm/php.ini
|
|
fi
|
|
|
|
# Configure PHP-FPM properly
|
|
|
|
cat >> $PHP_INI << EOF
|
|
expose_php = Off
|
|
display_errors = On
|
|
extension = pdo_sqlite
|
|
extension = sodium
|
|
extension = gettext
|
|
zend_extension = opcache
|
|
opcache.jit_buffer_size = 32M
|
|
EOF
|
|
|
|
# Configure Tor
|
|
|
|
if [[ $ID = "debian" ]]; then
|
|
mv /etc/systemd/system/tor.service.d/ /etc/systemd/system/tor@default.service.d/
|
|
sed -i 's/User tor/User debian-tor/' /etc/tor/torrc
|
|
sed -i 's/reload tor/reload tor@default/' /etc/sudoers.d/servnest
|
|
sed -i 's/ALL=(tor)/ALL=(debian-tor)/' /etc/sudoers.d/servnest
|
|
sed -i 's/systemctl reload tor"/systemctl reload tor@default"/' /srv/servnest/core/config.ini
|
|
sed -i 's/tor_user = "tor"/tor_user = "debian-tor"/' /srv/servnest/core/config.ini
|
|
fi
|
|
|
|
# Start SystemD services at startup
|
|
|
|
systemctl enable sftpgo
|
|
|
|
if [[ $ID = "arch" ]]; then
|
|
systemctl enable sshd
|
|
systemctl enable knot
|
|
systemctl enable nginx
|
|
systemctl enable tor
|
|
systemctl enable php-fpm
|
|
|
|
pacman-key --init
|
|
pacman-key --populate
|
|
fi
|