andrew
/
install-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ooh

This commit is contained in:
guest 2022-10-24 02:44:00 +11:00
parent 786596d5cf
commit 458796c78b
19 changed files with 138 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.task/checksum/f2b Normal file
View File

@ -0,0 +1 @@
6a228d1f7a874abb131df909a27910f4

1
.task/checksum/mailu Normal file
View File

@ -0,0 +1 @@
1e5b6349bfe1b1bef4c2859219c92b11

37
Taskfile.yml
View File

@ -7,24 +7,14 @@ tasks:
- if command -v task; then task -l else go-task -l; fi - if command -v task; then task -l else go-task -l; fi
silent: true silent: true
install:
desc: Install software
cmds:
- mkdir -p ~/.local/bin
- stat ~/.local/bin/task > /dev/null || cp go-task/task ~/.local/bin
- sudo cp go-task/task.bash /etc/bash_completion.d
- sudo cp zerotier/zerotier.repo /etc/yum.repos.d
- sudo cp zerotier/zt-gpg-key /etc/pki/rpm-gpg
- sudo cp docker/docker-ce.repo /etc/yum.repos.d
- sudo rpm-ostree install --idempotent fail2ban zerotier-one docker-compose-plugin
folders: folders:
desc: Make folders for server desc: Make folders for server
cmds: cmds:
- sudo mkdir -p /srv/{config,backup,gotask,rpdata,secret,srvtls,server,_pack_} - sudo mkdir -p ../{config,backup,srvtls}
- sudo chmod 700 /srv/{config,backup,gotask,rpdata,secret,srvtls,server,_pack_} - sudo chmod 700 ../{config,backup,srvtls,server}
- sudo chown 1000 /srv/{config,backup,gotask,rpdata,secret,srvtls,server,_pack_} - sudo chown 1000 ../{config,backup,srvtls,server}
- cp -rn * /srv/server preconditions:
- sh: "test ${PWD##*/} = 'server'"
status: status:
desc: Server Status desc: Server Status
@ -35,9 +25,9 @@ tasks:
f2bs: f2bs:
cmds: cmds:
- #sudo fail2ban-client get sshd banip --with-time - sudo fail2ban-client get sshd banip --with-time
- sudo fail2ban-client get bad-auth banip --with-time - sudo fail2ban-client get bad-auth banip --with-time
- df - tail -n 20 /var/log/fail2ban.log
preconditions: preconditions:
- sh: 'command -v fail2ban-client' - sh: 'command -v fail2ban-client'
@ -54,21 +44,24 @@ tasks:
- sudo systemctl enable --now fail2ban - sudo systemctl enable --now fail2ban
- sudo cp mailu-f2b/fail2ban-bad-auth-filter.conf /etc/fail2ban/filter.d/bad-auth.conf - sudo cp mailu-f2b/fail2ban-bad-auth-filter.conf /etc/fail2ban/filter.d/bad-auth.conf
- sudo cp mailu-f2b/fail2ban-bad-auth-jail.conf /etc/fail2ban/jail.d/bad-auth.conf - sudo cp mailu-f2b/fail2ban-bad-auth-jail.conf /etc/fail2ban/jail.d/bad-auth.conf
- sudo cp mailu-f2b/fail2ban-sshd-jail.conf /etc/fail2ban/jail.d/sshd.conf
- sudo cp mailu-f2b/fail2ban-docker-action.conf /etc/fail2ban/action.d/docker-action.conf - sudo cp mailu-f2b/fail2ban-docker-action.conf /etc/fail2ban/action.d/docker-action.conf
- sudo mkdir -p /etc/systemd/system/fail2ban.service.d - sudo mkdir -p /etc/systemd/system/fail2ban.service.d
- sudo cp mailu-f2b/fail2ban-override.conf /etc/systemd/system/fail2ban.service.d/override.conf - sudo cp mailu-f2b/fail2ban-override.conf /etc/systemd/system/fail2ban.service.d/override.conf
- sudo sudo systemctl daemon-reload - sudo sudo systemctl daemon-reload
- sudo systemctl restart fail2ban - sudo systemctl restart fail2ban
sources: sources:
- fmailu-f2b/ail2ban-bad-auth-filter.conf - mailu-f2b/fail2ban-bad-auth-filter.conf
- fmailu-f2b/ail2ban-bad-auth-jail.conf - mailu-f2b/fail2ban-bad-auth-jail.conf
- fmailu-f2b/ail2ban-docker-action.conf - mailu-f2b/fail2ban-sshd-jail.conf
- fmailu-f2b/ail2ban-override.conf - mailu-f2b/fail2ban-docker-action.conf
- mailu-f2b/fail2ban-override.conf
generates: generates:
- /etc/fail2ban/filter.d/bad-auth.conf - /etc/fail2ban/filter.d/bad-auth.conf
- /etc/fail2ban/jail.d/bad-auth.conf - /etc/fail2ban/jail.d/bad-auth.conf
- /etc/fail2ban/jail.d/sshd.conf
- /etc/fail2ban/action.d/docker-action.conf - /etc/fail2ban/action.d/docker-action.conf
- /etc/systemd/system/fail2ban.service.d/override.conf - /etc/systemd/system/fail2ban.service.d/override.conf
preconditions: preconditions:
- sh: 'commmand -v fail2ban-server' - sh: 'command -v fail2ban-server'

18
cockpit/install-debian.sh Executable file
View File

@ -0,0 +1,18 @@
#!/bin/bash
. /etc/os-release
echo "deb http://deb.debian.org/debian ${VERSION_CODENAME}-backports main" > \
/etc/apt/sources.list.d/backports.list
apt update
apt install -t ${VERSION_CODENAME}-backports cockpit
exit
ROOT="_cpt_"
HOST="z-$(hostname)"
cat << EOT | sudo tee /etc/cockpit/cockpit.conf
[WebService]
Origins = https://cor.cherished.me wss://cor.cherished.me https://${HOST}.cherished.me wss://${HOST}.cherished.me
ProtocolHeader = X-Forwarded-Proto
UrlRoot=/${ROOT}
EOT
sudo systemctl restart cockpit.socket

10
cockpit/install-fedora.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/bash
cat << EOT | sudo tee /etc/cockpit/cockpit.conf
[WebService]
Origins = https://cor.cherished.me wss://cor.cherished.me
ProtocolHeader = X-Forwarded-Proto
UrlRoot=/cpt-$(hostname)
EOT
sudo systemctl restart cockpit.socket

15
cockpit/install-ubuntu.sh Executable file
View File

@ -0,0 +1,15 @@
#!/bin/bash
. /etc/os-release
sudo apt install -t ${VERSION_CODENAME}-backports cockpit
exit
ROOT="_cpt_"
HOST="z-$(hostname)"
cat << EOT | sudo tee /etc/cockpit/cockpit.conf
[WebService]
Origins = https://cor.cherished.me wss://cor.cherished.me https://${HOST}.cherished.me wss://${HOST}.cherished.me
ProtocolHeader = X-Forwarded-Proto
UrlRoot=/${ROOT}
EOT
sudo systemctl restart cockpit.socket

0
docker/docker-ce.repo → coreos/docker-ce.repo
View File

7
coreos/install.sh Normal file
View File

@ -0,0 +1,7 @@
#!/bin/bash
sudo cp zerotier/zerotier.repo /etc/yum.repos.d \
sudo cp zerotier/zt-gpg-key /etc/pki/rpm-gpg \
sudo cp docker/docker-ce.repo /etc/yum.repos.d \
sudo rpm-ostree install --idempotent fail2ban zerotier-one docker-compose-plugin \

0
zerotier/zerotier.repo → coreos/zerotier.repo
View File

0
zerotier/zt-gpg-key → coreos/zt-gpg-key
View File

17
docker/install-debian.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
sudo apt-get remove docker docker-engine docker.io containerd runc
sudo apt-get update
sudo apt-get install -y \
ca-certificates \
curl \
gnupg \
lsb-release
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin

17
docker/install-fedora.sh Executable file
View File

@ -0,0 +1,17 @@
sudo dnf remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine
sudo dnf -y install dnf-plugins-core
sudo dnf config-manager \
--add-repo \
https://download.docker.com/linux/fedora/docker-ce.repo
sudo dnf install docker-ce docker-ce-cli containerd.io docker-compose-plugin

17
docker/install-ubuntu.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
sudo apt-get remove docker docker-engine docker.io containerd runc
sudo apt-get update
sudo apt-get install -y \
ca-certificates \
curl \
gnupg \
lsb-release
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin

5
go-task/install.sh Normal file
View File

@ -0,0 +1,5 @@
#!/bin/bash
mkdir -p ~/.local/bin
stat ~/.local/bin/task > /dev/null || cp task ~/.local/bin
stat /etc/bash_completion.d/task.bash || sudo cp task.bash /etc/bash_completion.d/task.bash

2
mailu-f2b/fail2ban-bad-auth-filter.conf
View File

@ -2,4 +2,4 @@
[Definition] [Definition]
failregex = .* client login failed: .+ client:\ <HOST> failregex = .* client login failed: .+ client:\ <HOST>
ignoreregex = ignoreregex =
journalmatch = CONTAINER_TAG=mailu-front journalmatch = CONTAINER_TAG=docker-front

4
mailu-f2b/fail2ban-bad-auth-jail.conf
View File

@ -6,6 +6,6 @@ bantime = 1w
bantime.increment = true bantime.increment = true
bantime.factor = 2 bantime.factor = 2
bantime.maxtime = 128w bantime.maxtime = 128w
findtime = 300 findtime = 86400
maxretry = 5 maxretry = 3
action = docker-action action = docker-action

8
mailu-f2b/fail2ban-sshd-jail.conf Normal file
View File

@ -0,0 +1,8 @@
[sshd]
enabled = true
bantime = 1w
bantime.increment = true
bantime.factor = 2
bantime.maxtime = 128w
findtime = 86400
maxretry = 3

2
zerotier/install-debian.sh Normal file
View File

@ -0,0 +1,2 @@
curl -s 'https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg' | gpg --import && \
if z=$(curl -s 'https://install.zerotier.com/' | gpg); then echo "$z" | sudo bash; fi

2
zerotier/install-fedora.sh Normal file
View File

@ -0,0 +1,2 @@
curl -s 'https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg' | gpg --import && \
if z=$(curl -s 'https://install.zerotier.com/' | gpg); then echo "$z" | sudo bash; fi