chris/scarif
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update bootstrap and enable firewall

Browse Source
This commit is contained in:
Chris
2020-12-13 16:38:14 +00:00
parent f4d7ef9e8c
commit a4d3c8e825
2 changed files with 23 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
bootstrap.sh Normal file → Executable file
View File

@@ -1,24 +1,19 @@
#!/bin/bash
# Update the package repositories
pacman -Syu --noconfirm
# Force the locale
echo "LC_ALL=en_GB.UTF-8" >> /etc/default/locale
locale-gen en_US.UTF-8
# Install necessary packages
pacman -S --needed --noconfirm sudo wget tmux htop vim docker docker-compose
# Set the hostname
echo "scarif.space" >> /etc/hostname
source /opt/scarif/.env
# Add me as a user and git for SSH passthrough to gitea (change passwords after finishing)
useradd -m -psecret chris
useradd -m -psecret -u1200 git
useradd -m -p $(echo $USER_PASSWORD | openssl passwd -1 -stdin) chris
useradd -m -p $(echo $GIT_PASSWORD | openssl passwd -1 -stdin) -u1200 git
# Install necessary packages
pacman -S --needed --noconfirm sudo wget tmux htop vim docker docker-compose git ufw
# Set up privileges
echo "chris ALL=(ALL) ALL" >> /etc/sudoers
# Make files necessary for SSH passthrough (https://docs.gitea.io/en-us/install-with-docker/#ssh-container-passthrough)
#mkdir -p /var/lib/gitea
mkdir -p /var/lib/gitea
mkdir -p /app/gitea
tee /app/gitea/gitea <<END
#!/bin/sh
@@ -35,6 +30,19 @@ sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key" -f/home/git/.ssh/id_rs
sudo -u git touch /home/git/.ssh/authorized_keys
echo "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $(cat /home/git/.ssh/id_rsa.pub)" >> /home/git/.ssh/authorized_keys
echo $SSH_KEY >> /home/git/.ssh/authorized_keys
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config
systemctl restart sshd
# Set up firewall
ufw default deny incoming
ufw default allow outgoing
ufw allow 22
ufw allow 80
ufw allow 443
ufw --force enable
# Start the docker service and build docker compose
systemctl enable docker --now

1
db/init/01-databases.sql
View File

@@ -1,6 +1,5 @@
CREATE DATABASE IF NOT EXISTS `monica`;
CREATE DATABASE IF NOT EXISTS `gitea`;
CREATE DATABASE IF NOT EXISTS `pinry`;
# Nextcloud will automatically create a database on setup
#CREATE DATABASE IF NOT EXISTS `nextcloud`;