scarif/bootstrap.sh

#!/bin/bash

source /opt/scarif/.env

# Add me as a user and git for SSH passthrough to gitea (change passwords after finishing)
useradd -m -p $(echo $USER_PASSWORD | openssl passwd -1 -stdin) chris
useradd -m -p $(echo $GIT_PASSWORD | openssl passwd -1 -stdin) -u1200 git

# Install necessary packages
pacman -S --needed --noconfirm sudo wget tmux htop vim docker docker-compose git ufw

# Set up privileges
echo "chris ALL=(ALL) ALL" >> /etc/sudoers

# Make files necessary for SSH passthrough (https://docs.gitea.io/en-us/install-with-docker/#ssh-container-passthrough)
mkdir -p /var/lib/gitea
mkdir -p /app/gitea
tee /app/gitea/gitea <<END
#!/bin/sh
ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\\"\$SSH_ORIGINAL_COMMAND\\" \$0 \$@"
END

chmod +x /app/gitea/gitea

chown -R git /app/gitea/gitea
chown -R git /var/lib/gitea
rm -f /home/git/.ssh/*

sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key" -f/home/git/.ssh/id_rsa -q -N ""

sudo -u git touch /home/git/.ssh/authorized_keys
echo "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $(cat /home/git/.ssh/id_rsa.pub)" >> /home/git/.ssh/authorized_keys
echo $SSH_KEY >> /home/git/.ssh/authorized_keys

sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config

systemctl restart sshd

# Set up firewall
ufw default deny incoming
ufw default allow outgoing
ufw allow 22
ufw allow 80
ufw allow 443
ufw --force enable

# Start the docker service and build docker compose
systemctl enable docker --now

docker-compose -f "/opt/scarif/docker-compose.yml" --env-file "/opt/scarif/.env" up -d

docker exec -it scarif_pinry_1 python manage.py createsuperuser --settings=pinry.settings.docker
Move to VM and allow ssh to gitea through host 2020-12-05 15:46:40 +00:00			`#!/bin/bash`

Update bootstrap and enable firewall 2020-12-13 16:38:14 +00:00			`source /opt/scarif/.env`
Move to VM and allow ssh to gitea through host 2020-12-05 15:46:40 +00:00
Update bootstrap and enable firewall 2020-12-13 16:38:14 +00:00			`# Add me as a user and git for SSH passthrough to gitea (change passwords after finishing)`
			`useradd -m -p $(echo $USER_PASSWORD \| openssl passwd -1 -stdin) chris`
			`useradd -m -p $(echo $GIT_PASSWORD \| openssl passwd -1 -stdin) -u1200 git`
Move to VM and allow ssh to gitea through host 2020-12-05 15:46:40 +00:00
			`# Install necessary packages`
Update bootstrap and enable firewall 2020-12-13 16:38:14 +00:00			`pacman -S --needed --noconfirm sudo wget tmux htop vim docker docker-compose git ufw`
Move to VM and allow ssh to gitea through host 2020-12-05 15:46:40 +00:00
Update bootstrap and enable firewall 2020-12-13 16:38:14 +00:00			`# Set up privileges`
			`echo "chris ALL=(ALL) ALL" >> /etc/sudoers`
Move to VM and allow ssh to gitea through host 2020-12-05 15:46:40 +00:00
			`# Make files necessary for SSH passthrough (https://docs.gitea.io/en-us/install-with-docker/#ssh-container-passthrough)`
Update bootstrap and enable firewall 2020-12-13 16:38:14 +00:00			`mkdir -p /var/lib/gitea`
Move to VM and allow ssh to gitea through host 2020-12-05 15:46:40 +00:00			`mkdir -p /app/gitea`
			`tee /app/gitea/gitea <<END`
			`#!/bin/sh`
			`ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\\"\$SSH_ORIGINAL_COMMAND\\" \$0 \$@"`
			`END`

			`chmod +x /app/gitea/gitea`

			`chown -R git /app/gitea/gitea`
			`chown -R git /var/lib/gitea`
			`rm -f /home/git/.ssh/*`

			`sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key" -f/home/git/.ssh/id_rsa -q -N ""`

			`sudo -u git touch /home/git/.ssh/authorized_keys`
			`echo "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $(cat /home/git/.ssh/id_rsa.pub)" >> /home/git/.ssh/authorized_keys`
Update bootstrap and enable firewall 2020-12-13 16:38:14 +00:00			`echo $SSH_KEY >> /home/git/.ssh/authorized_keys`

			`sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config`

			`systemctl restart sshd`

			`# Set up firewall`
			`ufw default deny incoming`
			`ufw default allow outgoing`
			`ufw allow 22`
			`ufw allow 80`
			`ufw allow 443`
			`ufw --force enable`
Move to VM and allow ssh to gitea through host 2020-12-05 15:46:40 +00:00
			`# Start the docker service and build docker compose`
			`systemctl enable docker --now`

			`docker-compose -f "/opt/scarif/docker-compose.yml" --env-file "/opt/scarif/.env" up -d`
Install Pinry 2020-12-13 16:37:09 +00:00
			`docker exec -it scarif_pinry_1 python manage.py createsuperuser --settings=pinry.settings.docker`