servnest-mkosi/mkosi.postinst

92 lines
2.4 KiB
Bash
Executable File

#!/usr/bin/bash
source /etc/os-release
# Create system users
useradd -U -r -s /usr/sbin/nologin nginx
useradd -U -r -s /usr/sbin/nologin niver
useradd -U -r -s /usr/sbin/nologin sftpgo
# Set proper permissions
chown -R knot:knot /var/lib/knot/confdb
chmod -R u=rwX,g=rwX,o= /var/lib/knot/confdb
usermod -aG knot niver
chown -R knot:knot /var/log/knot
chmod -R u=rwX,g=,o= /var/log/knot
chown -R niver:knot /srv/niver/ns
chmod -R u=rwX,g=rwX,o= /srv/niver/ns
chown -R niver:knot /srv/niver/reg
chmod -R u=rwX,g=rwX,o= /srv/niver/reg
chown -R niver:nginx /srv/niver/nginx
chmod -R u=rwX,g=rX,o= /srv/niver/nginx
chown -R sftpgo:sftpgo /etc/sftpgo
chmod -R u=rX,g=rX,o=rX /etc/sftpgo
chmod u=r,g=,o= /etc/sftpgo/ed25519
chown -R niver:sftpgo /srv/niver/ht
chmod -R u=rwX,g=rwX,o=rX /srv/niver/ht
if [[ $ID = "debian" ]]; then
chown -R niver:debian-tor /srv/niver/tor-config
chown -R debian-tor:debian-tor /srv/niver/tor-keys
else
chown -R niver:tor /srv/niver/tor-config
chown -R tor:tor /srv/niver/tor-keys
fi
chmod -R u=rwX,g=rX,o= /srv/niver/tor-config
chmod -R u=rwX,g=,o= /srv/niver/tor-keys
chown -R niver:nginx /srv/niver/core /srv/niver/errors
chmod -R u=rX,g=rX,o= /srv/niver/core /srv/niver/errors
chown -R niver:niver /srv/niver/core/db
chmod -R u=rwX,g=,o= /srv/niver/core/db
# Load configuration in Knot database
sudo -u knot knotc conf-import /etc/knot/knot.conf
# PHP paths unification across distributions
export PHP_INI=/etc/php/php.ini
if [[ $ID = "debian" ]]; then
rm /etc/php/8.1/fpm/php-fpm.conf
ln -s /etc/php/php-fpm.conf /etc/php/8.1/fpm/php-fpm.conf
ln -s /etc/php/php-fpm.d/ /etc/php/8.1/fpm/pool.d
export PHP_INI=/etc/php/8.1/fpm/php.ini
fi
# Configure PHP-FPM properly
cat >> $PHP_INI << EOF
expose_php = Off
display_errors = On
extension = pdo_sqlite
EOF
# Configure Tor
if [[ $ID = "debian" ]]; then
sed -i 's/User tor/User debian-tor/' /etc/tor/torrc
sed -i 's/reload tor/reload tor@default/' /etc/sudoers.d/niver
sed -i 's/ALL=(tor)/ALL=(debian-tor)/' /etc/sudoers.d/niver
sed -i 's/tor_service = "tor"/tor_service = "tor@default"/' /srv/niver/core/config.ini
sed -i 's/tor_user = "tor"/tor_user = "debian-tor"/' /srv/niver/core/config.ini
fi
# Start SystemD services at startup
systemctl enable sftpgo
if [[ $ID = "arch" ]]; then
systemctl enable sshd
systemctl enable knot
systemctl enable nginx
systemctl enable tor
systemctl enable php-fpm
fi