andrew
/
install-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

many

This commit is contained in:
Andrew Hurley 2022-11-06 04:37:09 +11:00
parent fee08bdd59
commit f4594c90b3
5 changed files with 127 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Taskfile.yml
View File

@ -50,18 +50,6 @@ tasks:
- sudo cp mailu-f2b/fail2ban-override.conf /etc/systemd/system/fail2ban.service.d/override.conf - sudo cp mailu-f2b/fail2ban-override.conf /etc/systemd/system/fail2ban.service.d/override.conf
- sudo sudo systemctl daemon-reload - sudo sudo systemctl daemon-reload
- sudo systemctl restart fail2ban - sudo systemctl restart fail2ban
sources:
- mailu-f2b/fail2ban-bad-auth-filter.conf
- mailu-f2b/fail2ban-bad-auth-jail.conf
- mailu-f2b/fail2ban-sshd-jail.conf
- mailu-f2b/fail2ban-docker-action.conf
- mailu-f2b/fail2ban-override.conf
generates:
- /etc/fail2ban/filter.d/bad-auth.conf
- /etc/fail2ban/jail.d/bad-auth.conf
- /etc/fail2ban/jail.d/sshd.conf
- /etc/fail2ban/action.d/docker-action.conf
- /etc/systemd/system/fail2ban.service.d/override.conf
preconditions: preconditions:
- sh: 'command -v fail2ban-server' - sh: 'command -v fail2ban-server'

4
mailu-f2b/fail2ban-bad-auth-jail.conf
View File

@ -2,10 +2,10 @@
enabled = true enabled = true
backend = systemd backend = systemd
filter = bad-auth filter = bad-auth
bantime = 1w bantime = 1h
bantime.increment = true bantime.increment = true
bantime.factor = 2 bantime.factor = 2
bantime.maxtime = 128w bantime.maxtime = 128w
findtime = 86400 findtime = 3600
maxretry = 3 maxretry = 3
action = docker-action action = docker-action

4
mailu-f2b/fail2ban-sshd-jail.conf
View File

@ -1,8 +1,8 @@
[sshd] [sshd]
enabled = true enabled = true
bantime = 1w bantime = 1h
bantime.increment = true bantime.increment = true
bantime.factor = 2 bantime.factor = 2
bantime.maxtime = 128w bantime.maxtime = 128w
findtime = 86400 findtime = 3600
maxretry = 3 maxretry = 3

18
nextcloud/install.sh
View File

@ -7,6 +7,8 @@ if [[ ! -f docker-compose.yml ]]; then
exit 1 exit 1
fi fi
INSTALL="nextc-install.log"
source .env source .env
P1="sudo docker compose exec -u 1000" P1="sudo docker compose exec -u 1000"
@ -19,8 +21,8 @@ if [[ $? -eq 0 && -n $RE ]]; then
if [[ -d $DATA/ncdata/$USERNAME ]]; then printf "Files exist for user $USERNAME\n"; exit 1; fi if [[ -d $DATA/ncdata/$USERNAME ]]; then printf "Files exist for user $USERNAME\n"; exit 1; fi
LOG="" LOG=""
if [[ -f install.log ]]; then if [[ -f "${INSTALL}" ]]; then
LOG=$(cat install.log) LOG=$(cat "${INSTALL}")
ROOTPASS="${LOG#*: }" ROOTPASS="${LOG#*: }"
printf "Found existing database password\n" printf "Found existing database password\n"
else else
@ -40,7 +42,7 @@ if [[ $? -eq 0 && -n $RE ]]; then
RE=$($P1 nextc-db bash -c "mysqladmin -u root password $ROOTPASS") RE=$($P1 nextc-db bash -c "mysqladmin -u root password $ROOTPASS")
if [[ $? -eq 0 ]]; then if [[ $? -eq 0 ]]; then
printf "Root password changed\n" printf "Root password changed\n"
printf "ROOTPASS: $ROOTPASS\n" > install.log printf "ROOTPASS: $ROOTPASS\n" > "${INSTALL}"
else else
printf "Error trying to set password\n" printf "Error trying to set password\n"
exit 1 exit 1
@ -51,16 +53,22 @@ if [[ $? -eq 0 && -n $RE ]]; then
--database-host nextc-db --database-name ncdb --database-user root \ --database-host nextc-db --database-name ncdb --database-user root \
--database-pass $ROOTPASS --admin-user $USERNAME --admin-pass $USERPASS --data-dir /ncdata") --database-pass $ROOTPASS --admin-user $USERNAME --admin-pass $USERPASS --data-dir /ncdata")
if [[ $? -eq 0 ]]; then if [[ $? -eq 0 ]]; then
printf "USERNAME: $USERNAME\nUSERPASS: $USERPASS\n" >> install.log printf "USERNAME: $USERNAME\nUSERPASS: $USERPASS\n" >> "${INSTALL}"
printf "Install success\n" printf "Install success\n"
else else
printf "Error installing nextcloud\n" printf "Error installing nextcloud: $RE\n"
exit 1; exit 1;
fi fi
fi fi
read -p "Enter Trusted domain: " DOMAIN read -p "Enter Trusted domain: " DOMAIN
RE=$($P1 nextc bash -c "$P2 config:system:set trusted_domains 1 --value=nextc")
if [[ $? -eq 0 ]]; then
printf "Trusted Domain nextc set\n"
else
exit 1;
fi
RE=$($P1 nextc bash -c "$P2 config:system:set trusted_domains 2 --value=$DOMAIN") RE=$($P1 nextc bash -c "$P2 config:system:set trusted_domains 2 --value=$DOMAIN")
if [[ $? -eq 0 ]]; then if [[ $? -eq 0 ]]; then
printf "Trusted Domain $DOMAIN set\n" printf "Trusted Domain $DOMAIN set\n"

110
piwigo/install.sh Executable file
View File

@ -0,0 +1,110 @@
#!/bin/bash
set -o xtrace
if [[ ! -f docker-compose.yml ]]; then
printf "Needs to be run from compose directory\n"
exit 1
fi
INSTALL="piwigo-install.log"
source .env
P1="sudo docker compose exec -u 1000"
P2="cd /gallery && REMOTE_ADDR=127.0.0.1 php --run=\"parse_str(\$argv[1], \$_POST); include('install.php');\""
#RE=$($P1 nextc bash -c "$P2 status" |grep "installed: false")
#if [[ $? -ne 0 || -z $RE ]]; then
# printf "
# exit
#fi
LOG=""
if [[ -f "${INSTALL}" ]]; then
readarray -t LOG < "${INSTALL}"
if [[ -n "${LOG[0]}" ]]; then
ROOTPASS="${LOG[0]#*: }"
printf "Found existing database password\n"
fi
else
ROOTPASS="$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 | head -c 10)"
fi
if [[ -f "${INSTALL}" ]]; then
readarray -t LOG < "${INSTALL}"
if [[ -n "${LOG[1]}" && -n "${LOG[2]}" && -n "${LOG[3]}" ]]; then
USERNAME="${LOG[1]#*: }"
USERPASS="${LOG[2]#*: }"
USERMAIL="${LOG[3]#*: }"
else
read -p "Enter Admin name: " USERNAME
if [[ -z $USERNAME ]]; then printf "Nothing in username\n"; exit; fi
read -p "Enter Amdin email: " USERMAIL
if [[ -z $USERMAIL ]]; then printf "Nothing in email\n"; exit; fi
USERPASS="$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 | head -c 4)"
fi
fi
printf "Admin Name: $USERNAME\n"
printf "Admin Pass: $USERPASS\n"
printf "Admin Email: $USERMAIL\n"
printf "Database Password: $ROOTPASS\n"
printf "\n"
read -r -s -N 1 -p "Press 'Enter' to continue " ENTER
if [[ $ENTER != $'\n' ]]; then exit; fi
printf "\n"
if [[ -z $LOG ]]; then
RE=$($P1 piwigo-db bash -c "mysqladmin -u root password $ROOTPASS")
if [[ $? -eq 0 ]]; then
printf "Root password changed\n"
else
printf "Error trying to set password\n"
exit 1
fi
RE=$($P1 piwigo-db bash -c "mysql -u root p$ROOTPASS < \"create database piwigo;\"")
if [[ $? -eq 0 ]]; then
printf "Database created.\n"
else
printf "Error trying to create database\n"
exit 1
fi
fi
printf "ROOTPASS: $ROOTPASS\n" > "${INSTALL}"
ARGV1A="language=en_GB&dbhost=piwigo-db&dbuser=root&dbpasswd=${ROOTPASS}&dbname=piwigo&prefix=piwigo_&"
ARGV1B="admin_name=${USERNAME}&admin_pass1=${USERPASS}&admin_pass2=${USERPASS}&admin_mail=${USERMAIL}&install=Start%20installation"
ARG="${ARGV1A}${ARGV1B}"
printf "$P1 piwigo bash -c \"$P2 '${ARG}'\"\n"
read -r -s -N 1 -p "Press 'Enter' to continue " ENTER
if [[ $ENTER != $'\n' ]]; then exit; fi
printf "\n"
RE=$($P1 piwigo bash -c "$P2 '${ARG}'" > /dev/null)
if [[ $? -eq 0 ]]; then
printf "USERNAME: $USERNAME\nUSERPASS: $USERPASS\nUSERMAIL: $USERMAIL\n" >> "${INSTALL}"
printf "Install success\n"
else
printf "Error installing piwigo: $RE\n"
exit 1;
fi
#fi
#read -p "Enter Trusted domain: " DOMAIN
#RE=$($P1 nextc bash -c "$P2 config:system:set trusted_domains 1 --value=nextc")
#if [[ $? -eq 0 ]]; then
# printf "Trusted Domain nextc set\n"
#else
# exit 1;
#fi
#RE=$($P1 nextc bash -c "$P2 config:system:set trusted_domains 2 --value=$DOMAIN")
#if [[ $? -eq 0 ]]; then
# printf "Trusted Domain $DOMAIN set\n"
#else
# exit 1;
#fi
set +o xtrace