servnest
/
servnest-mkosi
1
1
Fork 0
Code Issues Pull Requests Releases Activity
servnest-mkosi/mkosi.prepare

52 lines
1.4 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/bash
# Clean configuration directories (will be filled with mkosi.extra/)
rm -r /etc/nginx/*
rm -r /etc/ssh/*
source /etc/os-release
if [[ $ID = "debian" ]]; then
rm -r /etc/php/7.4/fpm/pool.d/*
fi
# Create system users
useradd -U -r -s /usr/sbin/nologin nginx
useradd -U -r -s /usr/sbin/nologin php-niver
useradd -U -r -s /usr/sbin/nologin php-errors
useradd -U -r -s /usr/sbin/nologin sftpgo
# Set proper permissions
chown -R knot:knot /var/log/knot
chmod -R 700 /var/log/knot
chown -R knot:php-niver /srv/ns
chmod -R 770 /srv/ns
chown -R php-niver:nginx /srv/ht
chmod -R 740 /srv/ht
chown -R php-niver:nginx /srv/php/niver/public/css/
chmod -R 750 /srv/php/niver/public/css/
chown -R php-niver:php-niver /srv/php/niver/db
chmod -R 700 /srv/php/niver/db
chown -R php-niver:php-niver /srv/php/niver/niver.log
chmod -R 600 /srv/php/niver/niver.log
# Load configuration in Knot database
systemctl stop knot
sudo -u knot knotc conf-import /etc/knot/knot.conf
systemctl start knot
# Generate default self-signed TLS key pair
openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/niver.key -out /etc/ssl/certs/niver.crt
# Generate SSH server key pair
ssh-keygen -f /etc/ssh/ed25519 -t ed25519 -N ""
ssh-keygen -lvf /etc/ssh/ed25519 > /etc/ssh/ed25519.fp
# Configure PHP-FPM properly
echo "display_errors = On" >> /etc/php/php.ini
echo "extension = pdo_sqlite" >> /etc/php/php.ini
Reference in New Issue View Git Blame Copy Permalink