From f4594c90b360db005edb340571399e4bc5ad667e Mon Sep 17 00:00:00 2001 From: Andrew Hurley Date: Sun, 6 Nov 2022 04:37:09 +1100 Subject: [PATCH] many --- Taskfile.yml | 12 --- mailu-f2b/fail2ban-bad-auth-jail.conf | 4 +- mailu-f2b/fail2ban-sshd-jail.conf | 4 +- nextcloud/install.sh | 18 +++-- piwigo/install.sh | 110 ++++++++++++++++++++++++++ 5 files changed, 127 insertions(+), 21 deletions(-) create mode 100755 piwigo/install.sh diff --git a/Taskfile.yml b/Taskfile.yml index b296622..3a9209a 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -50,18 +50,6 @@ tasks: - sudo cp mailu-f2b/fail2ban-override.conf /etc/systemd/system/fail2ban.service.d/override.conf - sudo sudo systemctl daemon-reload - sudo systemctl restart fail2ban - sources: - - mailu-f2b/fail2ban-bad-auth-filter.conf - - mailu-f2b/fail2ban-bad-auth-jail.conf - - mailu-f2b/fail2ban-sshd-jail.conf - - mailu-f2b/fail2ban-docker-action.conf - - mailu-f2b/fail2ban-override.conf - generates: - - /etc/fail2ban/filter.d/bad-auth.conf - - /etc/fail2ban/jail.d/bad-auth.conf - - /etc/fail2ban/jail.d/sshd.conf - - /etc/fail2ban/action.d/docker-action.conf - - /etc/systemd/system/fail2ban.service.d/override.conf preconditions: - sh: 'command -v fail2ban-server' diff --git a/mailu-f2b/fail2ban-bad-auth-jail.conf b/mailu-f2b/fail2ban-bad-auth-jail.conf index d2c76a7..ae1ebce 100644 --- a/mailu-f2b/fail2ban-bad-auth-jail.conf +++ b/mailu-f2b/fail2ban-bad-auth-jail.conf @@ -2,10 +2,10 @@ enabled = true backend = systemd filter = bad-auth -bantime = 1w +bantime = 1h bantime.increment = true bantime.factor = 2 bantime.maxtime = 128w -findtime = 86400 +findtime = 3600 maxretry = 3 action = docker-action diff --git a/mailu-f2b/fail2ban-sshd-jail.conf b/mailu-f2b/fail2ban-sshd-jail.conf index c43f118..2bf060a 100644 --- a/mailu-f2b/fail2ban-sshd-jail.conf +++ b/mailu-f2b/fail2ban-sshd-jail.conf @@ -1,8 +1,8 @@ [sshd] enabled = true -bantime = 1w +bantime = 1h bantime.increment = true bantime.factor = 2 bantime.maxtime = 128w -findtime = 86400 +findtime = 3600 maxretry = 3 diff --git a/nextcloud/install.sh b/nextcloud/install.sh index 3551622..4344091 100755 --- a/nextcloud/install.sh +++ b/nextcloud/install.sh @@ -7,6 +7,8 @@ if [[ ! -f docker-compose.yml ]]; then exit 1 fi +INSTALL="nextc-install.log" + source .env P1="sudo docker compose exec -u 1000" @@ -19,8 +21,8 @@ if [[ $? -eq 0 && -n $RE ]]; then if [[ -d $DATA/ncdata/$USERNAME ]]; then printf "Files exist for user $USERNAME\n"; exit 1; fi LOG="" - if [[ -f install.log ]]; then - LOG=$(cat install.log) + if [[ -f "${INSTALL}" ]]; then + LOG=$(cat "${INSTALL}") ROOTPASS="${LOG#*: }" printf "Found existing database password\n" else @@ -40,7 +42,7 @@ if [[ $? -eq 0 && -n $RE ]]; then RE=$($P1 nextc-db bash -c "mysqladmin -u root password $ROOTPASS") if [[ $? -eq 0 ]]; then printf "Root password changed\n" - printf "ROOTPASS: $ROOTPASS\n" > install.log + printf "ROOTPASS: $ROOTPASS\n" > "${INSTALL}" else printf "Error trying to set password\n" exit 1 @@ -51,16 +53,22 @@ if [[ $? -eq 0 && -n $RE ]]; then --database-host nextc-db --database-name ncdb --database-user root \ --database-pass $ROOTPASS --admin-user $USERNAME --admin-pass $USERPASS --data-dir /ncdata") if [[ $? -eq 0 ]]; then - printf "USERNAME: $USERNAME\nUSERPASS: $USERPASS\n" >> install.log + printf "USERNAME: $USERNAME\nUSERPASS: $USERPASS\n" >> "${INSTALL}" printf "Install success\n" else - printf "Error installing nextcloud\n" + printf "Error installing nextcloud: $RE\n" exit 1; fi fi read -p "Enter Trusted domain: " DOMAIN +RE=$($P1 nextc bash -c "$P2 config:system:set trusted_domains 1 --value=nextc") +if [[ $? -eq 0 ]]; then + printf "Trusted Domain nextc set\n" +else + exit 1; +fi RE=$($P1 nextc bash -c "$P2 config:system:set trusted_domains 2 --value=$DOMAIN") if [[ $? -eq 0 ]]; then printf "Trusted Domain $DOMAIN set\n" diff --git a/piwigo/install.sh b/piwigo/install.sh new file mode 100755 index 0000000..5d0dd5a --- /dev/null +++ b/piwigo/install.sh @@ -0,0 +1,110 @@ +#!/bin/bash + +set -o xtrace + +if [[ ! -f docker-compose.yml ]]; then + printf "Needs to be run from compose directory\n" + exit 1 +fi + +INSTALL="piwigo-install.log" + +source .env + +P1="sudo docker compose exec -u 1000" +P2="cd /gallery && REMOTE_ADDR=127.0.0.1 php --run=\"parse_str(\$argv[1], \$_POST); include('install.php');\"" + +#RE=$($P1 nextc bash -c "$P2 status" |grep "installed: false") +#if [[ $? -ne 0 || -z $RE ]]; then +# printf " +# exit +#fi + + LOG="" + if [[ -f "${INSTALL}" ]]; then + readarray -t LOG < "${INSTALL}" + if [[ -n "${LOG[0]}" ]]; then + ROOTPASS="${LOG[0]#*: }" + printf "Found existing database password\n" + fi + else + ROOTPASS="$(LC_ALL=C "${INSTALL}" + + ARGV1A="language=en_GB&dbhost=piwigo-db&dbuser=root&dbpasswd=${ROOTPASS}&dbname=piwigo&prefix=piwigo_&" + ARGV1B="admin_name=${USERNAME}&admin_pass1=${USERPASS}&admin_pass2=${USERPASS}&admin_mail=${USERMAIL}&install=Start%20installation" + ARG="${ARGV1A}${ARGV1B}" + printf "$P1 piwigo bash -c \"$P2 '${ARG}'\"\n" + read -r -s -N 1 -p "Press 'Enter' to continue " ENTER + if [[ $ENTER != $'\n' ]]; then exit; fi + printf "\n" + + RE=$($P1 piwigo bash -c "$P2 '${ARG}'" > /dev/null) + if [[ $? -eq 0 ]]; then + printf "USERNAME: $USERNAME\nUSERPASS: $USERPASS\nUSERMAIL: $USERMAIL\n" >> "${INSTALL}" + printf "Install success\n" + else + printf "Error installing piwigo: $RE\n" + exit 1; + fi +#fi + +#read -p "Enter Trusted domain: " DOMAIN + +#RE=$($P1 nextc bash -c "$P2 config:system:set trusted_domains 1 --value=nextc") +#if [[ $? -eq 0 ]]; then +# printf "Trusted Domain nextc set\n" +#else +# exit 1; +#fi +#RE=$($P1 nextc bash -c "$P2 config:system:set trusted_domains 2 --value=$DOMAIN") +#if [[ $? -eq 0 ]]; then +# printf "Trusted Domain $DOMAIN set\n" +#else +# exit 1; +#fi + +set +o xtrace +