52 lines
1.4 KiB
Bash
Executable File
52 lines
1.4 KiB
Bash
Executable File
#!/usr/bin/bash
|
|
|
|
# Clean configuration directories (will be filled with mkosi.extra/)
|
|
rm -r /etc/nginx/*
|
|
rm -r /etc/ssh/*
|
|
source /etc/os-release
|
|
if [[ $ID = "debian" ]]; then
|
|
rm -r /etc/php/7.4/fpm/pool.d/*
|
|
fi
|
|
|
|
# Create system users
|
|
useradd -U -r -s /usr/sbin/nologin nginx
|
|
useradd -U -r -s /usr/sbin/nologin php-niver
|
|
useradd -U -r -s /usr/sbin/nologin php-errors
|
|
useradd -U -r -s /usr/sbin/nologin sftpgo
|
|
|
|
# Set proper permissions
|
|
|
|
chown -R knot:knot /var/log/knot
|
|
chmod -R 700 /var/log/knot
|
|
|
|
chown -R knot:php-niver /srv/ns
|
|
chmod -R 770 /srv/ns
|
|
|
|
chown -R php-niver:nginx /srv/ht
|
|
chmod -R 740 /srv/ht
|
|
|
|
chown -R php-niver:nginx /srv/php/niver/public/css/
|
|
chmod -R 750 /srv/php/niver/public/css/
|
|
|
|
chown -R php-niver:php-niver /srv/php/niver/db
|
|
chmod -R 700 /srv/php/niver/db
|
|
|
|
chown -R php-niver:php-niver /srv/php/niver/niver.log
|
|
chmod -R 600 /srv/php/niver/niver.log
|
|
|
|
# Load configuration in Knot database
|
|
systemctl stop knot
|
|
sudo -u knot knotc conf-import /etc/knot/knot.conf
|
|
systemctl start knot
|
|
|
|
# Generate default self-signed TLS key pair
|
|
openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/niver.key -out /etc/ssl/certs/niver.crt
|
|
|
|
# Generate SSH server key pair
|
|
ssh-keygen -f /etc/ssh/ed25519 -t ed25519 -N ""
|
|
ssh-keygen -lvf /etc/ssh/ed25519 > /etc/ssh/ed25519.fp
|
|
|
|
# Configure PHP-FPM properly
|
|
echo "display_errors = On" >> /etc/php/php.ini
|
|
echo "extension = pdo_sqlite" >> /etc/php/php.ini
|