Update bootstrap and enable firewall
This commit is contained in:
38
bootstrap.sh
Normal file → Executable file
38
bootstrap.sh
Normal file → Executable file
@@ -1,24 +1,19 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
# Update the package repositories
|
source /opt/scarif/.env
|
||||||
pacman -Syu --noconfirm
|
|
||||||
|
|
||||||
# Force the locale
|
|
||||||
echo "LC_ALL=en_GB.UTF-8" >> /etc/default/locale
|
|
||||||
locale-gen en_US.UTF-8
|
|
||||||
|
|
||||||
# Install necessary packages
|
|
||||||
pacman -S --needed --noconfirm sudo wget tmux htop vim docker docker-compose
|
|
||||||
|
|
||||||
# Set the hostname
|
|
||||||
echo "scarif.space" >> /etc/hostname
|
|
||||||
|
|
||||||
# Add me as a user and git for SSH passthrough to gitea (change passwords after finishing)
|
# Add me as a user and git for SSH passthrough to gitea (change passwords after finishing)
|
||||||
useradd -m -psecret chris
|
useradd -m -p $(echo $USER_PASSWORD | openssl passwd -1 -stdin) chris
|
||||||
useradd -m -psecret -u1200 git
|
useradd -m -p $(echo $GIT_PASSWORD | openssl passwd -1 -stdin) -u1200 git
|
||||||
|
|
||||||
|
# Install necessary packages
|
||||||
|
pacman -S --needed --noconfirm sudo wget tmux htop vim docker docker-compose git ufw
|
||||||
|
|
||||||
|
# Set up privileges
|
||||||
|
echo "chris ALL=(ALL) ALL" >> /etc/sudoers
|
||||||
|
|
||||||
# Make files necessary for SSH passthrough (https://docs.gitea.io/en-us/install-with-docker/#ssh-container-passthrough)
|
# Make files necessary for SSH passthrough (https://docs.gitea.io/en-us/install-with-docker/#ssh-container-passthrough)
|
||||||
#mkdir -p /var/lib/gitea
|
mkdir -p /var/lib/gitea
|
||||||
mkdir -p /app/gitea
|
mkdir -p /app/gitea
|
||||||
tee /app/gitea/gitea <<END
|
tee /app/gitea/gitea <<END
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
@@ -35,6 +30,19 @@ sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key" -f/home/git/.ssh/id_rs
|
|||||||
|
|
||||||
sudo -u git touch /home/git/.ssh/authorized_keys
|
sudo -u git touch /home/git/.ssh/authorized_keys
|
||||||
echo "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $(cat /home/git/.ssh/id_rsa.pub)" >> /home/git/.ssh/authorized_keys
|
echo "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $(cat /home/git/.ssh/id_rsa.pub)" >> /home/git/.ssh/authorized_keys
|
||||||
|
echo $SSH_KEY >> /home/git/.ssh/authorized_keys
|
||||||
|
|
||||||
|
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config
|
||||||
|
|
||||||
|
systemctl restart sshd
|
||||||
|
|
||||||
|
# Set up firewall
|
||||||
|
ufw default deny incoming
|
||||||
|
ufw default allow outgoing
|
||||||
|
ufw allow 22
|
||||||
|
ufw allow 80
|
||||||
|
ufw allow 443
|
||||||
|
ufw --force enable
|
||||||
|
|
||||||
# Start the docker service and build docker compose
|
# Start the docker service and build docker compose
|
||||||
systemctl enable docker --now
|
systemctl enable docker --now
|
||||||
|
|||||||
@@ -1,6 +1,5 @@
|
|||||||
CREATE DATABASE IF NOT EXISTS `monica`;
|
CREATE DATABASE IF NOT EXISTS `monica`;
|
||||||
CREATE DATABASE IF NOT EXISTS `gitea`;
|
CREATE DATABASE IF NOT EXISTS `gitea`;
|
||||||
CREATE DATABASE IF NOT EXISTS `pinry`;
|
|
||||||
# Nextcloud will automatically create a database on setup
|
# Nextcloud will automatically create a database on setup
|
||||||
#CREATE DATABASE IF NOT EXISTS `nextcloud`;
|
#CREATE DATABASE IF NOT EXISTS `nextcloud`;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user