Add Debian 11 scripts
This commit is contained in:
parent
d496861741
commit
8b08184b54
27
debian-11/apps/apt-cacher-ng/apt-cacher-ng.sh
Normal file
27
debian-11/apps/apt-cacher-ng/apt-cacher-ng.sh
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [ -d "/var/cache/apt-cacher-ng" ]; then
|
||||||
|
chown apt-cacher-ng:apt-cacher-ng apt-cacher-ng
|
||||||
|
fi
|
||||||
|
|
||||||
|
apt install -y rinetd apt-cacher-ng
|
||||||
|
|
||||||
|
cat > /etc/apt-cacher-ng/backend_archlx << "EOF"
|
||||||
|
#### HTTPS not supported ####
|
||||||
|
|
||||||
|
http://archlinux.puzzle.ch/
|
||||||
|
EOF
|
||||||
|
systemctl restart apt-cacher-ng
|
||||||
|
|
||||||
|
sed -i '/^# bindadress.*/a 0.0.0.0 8080 127.0.0.1 3142' /etc/rinetd.conf
|
||||||
|
sed -i '/^# bindadress.*/a 0.0.0.0 80 127.0.0.1 3142' /etc/rinetd.conf
|
||||||
|
systemctl restart rinetd
|
||||||
|
|
||||||
|
echo "Acquire::http { Proxy \"http://127.0.0.1\"; };" > /etc/apt/apt.conf.d/02proxy
|
||||||
|
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # apt-cacher-ng' /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
10
debian-11/apps/bind9/bind9.sh
Normal file
10
debian-11/apps/bind9/bind9.sh
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
apt install -y bind9
|
||||||
|
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # DNS' /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
23
debian-11/apps/docker/docker.sh
Normal file
23
debian-11/apps/docker/docker.sh
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
swapoff -a
|
||||||
|
sed -i "/swap/d" /etc/fstab
|
||||||
|
|
||||||
|
apt remove -y iptables-persistent
|
||||||
|
apt autoremove -y
|
||||||
|
apt install -y ca-certificates curl gnupg lsb-release
|
||||||
|
|
||||||
|
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
|
||||||
|
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian bullseye stable" > /etc/apt/sources.list.d/docker.list
|
||||||
|
|
||||||
|
sysctl -w net/netfilter/nf_conntrack_max=131072
|
||||||
|
|
||||||
|
apt update
|
||||||
|
apt dist-upgrade
|
||||||
|
apt install -y docker-ce
|
||||||
|
apt install -y docker-compose
|
||||||
|
|
||||||
|
systemctl enable docker.service
|
||||||
|
systemctl start docker.service
|
||||||
|
|
||||||
|
sleep 3
|
64
debian-11/apps/dokuwiki/dokuwiki.sh
Normal file
64
debian-11/apps/dokuwiki/dokuwiki.sh
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
apt install -y php libapache2-mod-php php-xml
|
||||||
|
|
||||||
|
a2dissite 000-default
|
||||||
|
a2dissite default-ssl.conf
|
||||||
|
a2enmod ssl
|
||||||
|
|
||||||
|
mkdir /opt/dokuwiki
|
||||||
|
mkdir /var/www/dokuwiki
|
||||||
|
|
||||||
|
wget -O dokuwiki.tgz https://download.dokuwiki.org/src/dokuwiki/dokuwiki-rc.tgz
|
||||||
|
|
||||||
|
mkdir tmp-dokuwiki
|
||||||
|
|
||||||
|
tar xzvf dokuwiki.tgz -C ./tmp-dokuwiki/
|
||||||
|
|
||||||
|
mv ./tmp-dokuwiki/*/* /var/www/dokuwiki
|
||||||
|
mv ./tmp-dokuwiki/*/.* /var/www/dokuwiki
|
||||||
|
mv /var/www/dokuwiki/data /opt/dokuwiki/
|
||||||
|
|
||||||
|
rm -R ./tmp-dokuwiki
|
||||||
|
|
||||||
|
cp /var/www/dokuwiki/conf/local.php.dist /var/www/dokuwiki/conf/local.php
|
||||||
|
cp /var/www/dokuwiki/conf/acl.auth.php.dist /var/www/dokuwiki/conf/acl.auth.php
|
||||||
|
cp /var/www/dokuwiki/conf/users.auth.php.dist /var/www/dokuwiki/conf/users.auth.php
|
||||||
|
|
||||||
|
chown -R www-data:www-data /opt/dokuwiki
|
||||||
|
chown -R www-data:www-data /var/www/dokuwiki
|
||||||
|
|
||||||
|
sed -i 's|./data|/opt/dokuwiki/data|g' /var/www/dokuwiki/conf/dokuwiki.php
|
||||||
|
echo "\$conf['useacl'] = 1;" >> /var/www/dokuwiki/conf/local.php
|
||||||
|
echo "\$conf['superuser'] = '@admin';" >> /var/www/dokuwiki/conf/local.php
|
||||||
|
echo "$(echo "admin" | htpasswd -n -i -B admin):admin:admin@local.lan:admin" >> /var/www/dokuwiki/conf/users.auth.php
|
||||||
|
|
||||||
|
cat > /etc/apache2/sites-available/dokuwiki.conf << "EOF"
|
||||||
|
<IfModule mod_ssl.c>
|
||||||
|
<VirtualHost _default_:443>
|
||||||
|
ServerAdmin webmaster@localhost
|
||||||
|
DocumentRoot /var/www/dokuwiki
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||||
|
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
|
||||||
|
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
||||||
|
SSLOptions +StdEnvVars
|
||||||
|
</FilesMatch>
|
||||||
|
<Directory /usr/lib/cgi-bin>
|
||||||
|
SSLOptions +StdEnvVars
|
||||||
|
</Directory>
|
||||||
|
</VirtualHost>
|
||||||
|
</IfModule>
|
||||||
|
EOF
|
||||||
|
|
||||||
|
systemctl reload apache2
|
||||||
|
a2ensite dokuwiki
|
||||||
|
systemctl restart apache2
|
||||||
|
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # Matomo' /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
10
debian-11/apps/iperf3/iperf3.sh
Normal file
10
debian-11/apps/iperf3/iperf3.sh
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
apt install -y iperf3
|
||||||
|
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # IPERF' /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
52
debian-11/apps/matomo/matomo.sh
Normal file
52
debian-11/apps/matomo/matomo.sh
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
apt install -y mariadb-server apache2 unzip
|
||||||
|
apt install -y php7.4 php7.4-gd php7.4-mbstring php7.4-mysql php7.4-opcache php7.4-readline php7.4-xml php-geoip
|
||||||
|
# apt install php php-curl php-gd php-cli php-mysql php-xml php-mbstring
|
||||||
|
|
||||||
|
DBNAME=$(whiptail --title "DB" --inputbox "DB Name :" 0 30 "matomo" 3>&1 1>&2 2>&3)
|
||||||
|
DBUSER=$(whiptail --title "DB" --inputbox "DB User :" 0 30 "matomo" 3>&1 1>&2 2>&3)
|
||||||
|
DBPASS=$(whiptail --title "DB" --inputbox "DB Pass :" 0 30 "matomo" 3>&1 1>&2 2>&3)
|
||||||
|
mysql -e "CREATE DATABASE ${DBNAME};CREATE USER '${DBUSER}'@'localhost' IDENTIFIED BY '${DBPASS}';GRANT ALL ON ${DBNAME}.* TO '${DBUSER}'@'localhost' WITH GRANT OPTION;FLUSH PRIVILEGES;"
|
||||||
|
|
||||||
|
a2dissite 000-default
|
||||||
|
a2dissite default-ssl.conf
|
||||||
|
a2enmod ssl
|
||||||
|
|
||||||
|
mkdir matomo
|
||||||
|
cd matomo
|
||||||
|
wget https://builds.matomo.org/matomo.zip && unzip matomo.zip
|
||||||
|
mv matomo /var/www
|
||||||
|
chown -R www-data:www-data /var/www/matomo
|
||||||
|
cd ..
|
||||||
|
rm -R matomo
|
||||||
|
|
||||||
|
cat > /etc/apache2/sites-available/matomo.conf << "EOF"
|
||||||
|
<IfModule mod_ssl.c>
|
||||||
|
<VirtualHost _default_:443>
|
||||||
|
ServerAdmin webmaster@localhost
|
||||||
|
DocumentRoot /var/www/matomo
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||||
|
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
|
||||||
|
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
||||||
|
SSLOptions +StdEnvVars
|
||||||
|
</FilesMatch>
|
||||||
|
<Directory /usr/lib/cgi-bin>
|
||||||
|
SSLOptions +StdEnvVars
|
||||||
|
</Directory>
|
||||||
|
</VirtualHost>
|
||||||
|
</IfModule>
|
||||||
|
EOF
|
||||||
|
|
||||||
|
systemctl reload apache2
|
||||||
|
a2ensite matomo
|
||||||
|
systemctl restart apache2
|
||||||
|
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # Matomo' /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
15
debian-11/apps/mongodb-4.4/mongodb-4.4.sh
Normal file
15
debian-11/apps/mongodb-4.4/mongodb-4.4.sh
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | apt-key add -
|
||||||
|
echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main"> /etc/apt/sources.list.d/mongodb-org-4.4.list
|
||||||
|
apt update
|
||||||
|
apt install -y mongodb-org
|
||||||
|
|
||||||
|
DBPATH=/srv/mongodb
|
||||||
|
mkdir -p ${DBPATH}
|
||||||
|
chown mongodb:mongodb ${DBPATH}
|
||||||
|
chmod 700 ${DBPATH}
|
||||||
|
sed -i "/dbPath/c\ dbPath: ${DBPATH}" /etc/mongod.conf
|
||||||
|
|
||||||
|
systemctl enable mongod.service
|
||||||
|
systemctl restart mongod.service
|
15
debian-11/apps/mongodb-5.0/mongodb-5.0.sh
Normal file
15
debian-11/apps/mongodb-5.0/mongodb-5.0.sh
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | apt-key add -
|
||||||
|
echo "deb http://repo.mongodb.org/apt/debian bullseye/mongodb-org/5.0 main"> /etc/apt/sources.list.d/mongodb-org-5.0.list
|
||||||
|
apt update
|
||||||
|
apt install -y mongodb-org
|
||||||
|
|
||||||
|
DBPATH=/srv/mongodb
|
||||||
|
mkdir -p ${DBPATH}
|
||||||
|
chown mongodb:mongodb ${DBPATH}
|
||||||
|
chmod 700 ${DBPATH}
|
||||||
|
sed -i "/dbPath/c\ dbPath: ${DBPATH}" /etc/mongod.conf
|
||||||
|
|
||||||
|
systemctl enable mongod.service
|
||||||
|
systemctl restart mongod.service
|
15
debian-11/apps/mongodb-6.0/mongodb-6.0.sh
Normal file
15
debian-11/apps/mongodb-6.0/mongodb-6.0.sh
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | apt-key add -
|
||||||
|
echo "deb http://repo.mongodb.org/apt/debian bullseye/mongodb-org/6.0 main" > /etc/apt/sources.list.d/mongodb-org-6.0.list
|
||||||
|
apt update
|
||||||
|
apt install -y mongodb-org
|
||||||
|
|
||||||
|
DBPATH=/srv/mongodb
|
||||||
|
mkdir -p ${DBPATH}
|
||||||
|
chown mongodb:mongodb ${DBPATH}
|
||||||
|
chmod 700 ${DBPATH}
|
||||||
|
sed -i "/dbPath/c\ dbPath: ${DBPATH}" /etc/mongod.conf
|
||||||
|
|
||||||
|
systemctl enable mongod.service
|
||||||
|
systemctl restart mongod.service
|
109
debian-11/apps/nagios-pnp4/nagios-pnp4.sh
Normal file
109
debian-11/apps/nagios-pnp4/nagios-pnp4.sh
Normal file
@ -0,0 +1,109 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
apt -y install rrdtool librrds-perl php-gd php-xml gcc make
|
||||||
|
|
||||||
|
cd
|
||||||
|
wget -O pnp4nagios.tar.gz https://github.com/lingej/pnp4nagios/archive/refs/tags/0.6.26.tar.gz
|
||||||
|
tar xzf pnp4nagios.tar.gz
|
||||||
|
cd pnp4nagios-0.*
|
||||||
|
./configure
|
||||||
|
make all
|
||||||
|
make install
|
||||||
|
make install-webconf
|
||||||
|
make install-config
|
||||||
|
make install-init
|
||||||
|
cd
|
||||||
|
|
||||||
|
cat > /etc/apache2/sites-available/pnp4nagios.conf << EOF
|
||||||
|
Alias /pnp4nagios "/usr/local/pnp4nagios/share"
|
||||||
|
|
||||||
|
<Directory "/usr/local/pnp4nagios/share">
|
||||||
|
AllowOverride None
|
||||||
|
Order allow,deny
|
||||||
|
Allow from all
|
||||||
|
AuthDigestDomain "Nagios4"
|
||||||
|
AuthDigestProvider file
|
||||||
|
AuthUserFile "/etc/nagios4/htdigest.users"
|
||||||
|
AuthGroupFile "/etc/group"
|
||||||
|
AuthName "Nagios4"
|
||||||
|
AuthType Digest
|
||||||
|
Require valid-user
|
||||||
|
<IfModule mod_rewrite.c>
|
||||||
|
RewriteEngine On
|
||||||
|
Options symLinksIfOwnerMatch
|
||||||
|
RewriteBase /pnp4nagios/
|
||||||
|
RewriteRule "^(?:application|modules|system)/" - [F]
|
||||||
|
RewriteCond "%{REQUEST_FILENAME}" !-f
|
||||||
|
RewriteCond "%{REQUEST_FILENAME}" !-d
|
||||||
|
RewriteRule "^.*$" "index.php/\$0" [PT]
|
||||||
|
</IfModule>
|
||||||
|
</Directory>
|
||||||
|
EOF
|
||||||
|
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl enable npcd
|
||||||
|
systemctl start npcd
|
||||||
|
systemctl reload apache2
|
||||||
|
a2ensite pnp4nagios.conf
|
||||||
|
systemctl restart apache2
|
||||||
|
|
||||||
|
sed -i 's/process_performance_data=0/process_performance_data=1/g' /etc/nagios4/nagios.cfg
|
||||||
|
sed -i 's/#host_perfdata_file=/host_perfdata_file=/g' /etc/nagios4/nagios.cfg
|
||||||
|
sed -i 's/^host_perfdata_file=.*/host_perfdata_file=\/usr\/local\/pnp4nagios\/var\/service-perfdata/g' /etc/nagios4/nagios.cfg
|
||||||
|
sed -i 's/^#host_perfdata_file_template=.*/host_perfdata_file_template=DATATYPE::HOSTPERFDATA\\tTIMET::$TIMET$\\tHOSTNAME::$HOSTNAME$\\tHOSTPERFDATA::$HOSTPERFDATA$\\tHOSTCHECKCOMMAND::$HOSTCHECKCOMMAND$\\tHOSTSTATE::$HOSTSTATE$\\tHOSTSTATETYPE::$HOSTSTATETYPE$/g' /etc/nagios4/nagios.cfg
|
||||||
|
sed -i 's/#host_perfdata_file_mode=/host_perfdata_file_mode=/g' /etc/nagios4/nagios.cfg
|
||||||
|
sed -i 's/^#host_perfdata_file_processing_interval=.*/host_perfdata_file_processing_interval=15/g' /etc/nagios4/nagios.cfg
|
||||||
|
sed -i 's/^#host_perfdata_file_processing_command=.*/host_perfdata_file_processing_command=process-host-perfdata-file-bulk-npcd/g' /etc/nagios4/nagios.cfg
|
||||||
|
sed -i 's/#service_perfdata_file=/service_perfdata_file=/g' /etc/nagios4/nagios.cfg
|
||||||
|
sed -i 's/^service_perfdata_file=.*/service_perfdata_file=\/usr\/local\/pnp4nagios\/var\/service-perfdata/g' /etc/nagios4/nagios.cfg
|
||||||
|
sed -i 's/^#service_perfdata_file_template=.*/service_perfdata_file_template=DATATYPE::SERVICEPERFDATA\\tTIMET::$TIMET$\\tHOSTNAME::$HOSTNAME$\\tSERVICEDESC::$SERVICEDESC$\\tSERVICEPERFDATA::$SERVICEPERFDATA$\\tSERVICECHECKCOMMAND::$SERVICECHECKCOMMAND$\\tHOSTSTATE::$HOSTSTATE$\\tHOSTSTATETYPE::$HOSTSTATETYPE$\\tSERVICESTATE::$SERVICESTATE$\\tSERVICESTATETYPE::$SERVICESTATETYPE$/g' /etc/nagios4/nagios.cfg
|
||||||
|
sed -i 's/#service_perfdata_file_mode=/service_perfdata_file_mode=/g' /etc/nagios4/nagios.cfg
|
||||||
|
sed -i 's/^#service_perfdata_file_processing_interval=.*/service_perfdata_file_processing_interval=15/g' /etc/nagios4/nagios.cfg
|
||||||
|
sed -i 's/^#service_perfdata_file_processing_command=.*/service_perfdata_file_processing_command=process-service-perfdata-file-bulk-npcd/g' /etc/nagios4/nagios.cfg
|
||||||
|
|
||||||
|
echo '' >> /etc/nagios4/objects/commands.cfg
|
||||||
|
echo 'define command {' >> /etc/nagios4/objects/commands.cfg
|
||||||
|
echo ' command_name process-host-perfdata-file-bulk-npcd' >> /etc/nagios4/objects/commands.cfg
|
||||||
|
echo ' command_line /bin/mv /usr/local/pnp4nagios/var/host-perfdata /usr/local/pnp4nagios/var/spool/host-perfdata.$TIMET$' >> /etc/nagios4/objects/commands.cfg
|
||||||
|
echo ' }' >> /etc/nagios4/objects/commands.cfg
|
||||||
|
echo '' >> /etc/nagios4/objects/commands.cfg
|
||||||
|
echo 'define command {' >> /etc/nagios4/objects/commands.cfg
|
||||||
|
echo ' command_name process-service-perfdata-file-bulk-npcd' >> /etc/nagios4/objects/commands.cfg
|
||||||
|
echo ' command_line /bin/mv /usr/local/pnp4nagios/var/service-perfdata /usr/local/pnp4nagios/var/spool/service-perfdata.$TIMET$' >> /etc/nagios4/objects/commands.cfg
|
||||||
|
echo ' }' >> /etc/nagios4/objects/commands.cfg
|
||||||
|
echo '' >> /etc/nagios4/objects/commands.cfg
|
||||||
|
|
||||||
|
rm -f /usr/local/pnp4nagios/share/install.php
|
||||||
|
|
||||||
|
echo '' >> /etc/nagios4/objects/templates.cfg
|
||||||
|
echo 'define host {' >> /etc/nagios4/objects/templates.cfg
|
||||||
|
echo ' name host-pnp' >> /etc/nagios4/objects/templates.cfg
|
||||||
|
echo ' action_url /pnp4nagios/index.php/graph?host=$HOSTNAME$&srv=_HOST_' >> /etc/nagios4/objects/templates.cfg
|
||||||
|
echo ' register 0' >> /etc/nagios4/objects/templates.cfg
|
||||||
|
echo '}' >> /etc/nagios4/objects/templates.cfg
|
||||||
|
echo '' >> /etc/nagios4/objects/templates.cfg
|
||||||
|
echo 'define service {' >> /etc/nagios4/objects/templates.cfg
|
||||||
|
echo ' name service-pnp' >> /etc/nagios4/objects/templates.cfg
|
||||||
|
echo ' action_url /pnp4nagios/index.php/graph?host=$HOSTNAME$&srv=$SERVICEDESC$' >> /etc/nagios4/objects/templates.cfg
|
||||||
|
echo ' register 0' >> /etc/nagios4/objects/templates.cfg
|
||||||
|
echo '}' >> /etc/nagios4/objects/templates.cfg
|
||||||
|
echo '' >> /etc/nagios4/objects/templates.cfg
|
||||||
|
|
||||||
|
sed -i '/name.*generic-host/a\ use host-pnp' /etc/nagios4/objects/templates.cfg
|
||||||
|
sed -i '/name.*generic-service/a\ use service-pnp' /etc/nagios4/objects/templates.cfg
|
||||||
|
|
||||||
|
|
||||||
|
# Patch 1
|
||||||
|
wget https://patch-diff.githubusercontent.com/raw/lingej/pnp4nagios/pull/168.diff
|
||||||
|
wget https://patch-diff.githubusercontent.com/raw/lingej/pnp4nagios/pull/169.diff
|
||||||
|
patch /usr/local/pnp4nagios/lib/kohana/system/libraries/Input.php 168.diff
|
||||||
|
patch /usr/local/pnp4nagios/lib/kohana/system/libraries/Input.php 169.diff
|
||||||
|
rm 168.diff
|
||||||
|
rm 169.diff
|
||||||
|
|
||||||
|
# Patch 2
|
||||||
|
sed -i 's/if(sizeof($pages) > 0 ){/if(is_array($pages)\&\&sizeof($pages) > 0){/' /usr/local/pnp4nagios/share/application/models/data.php
|
||||||
|
|
||||||
|
|
||||||
|
systemctl restart apache2
|
||||||
|
systemctl restart nagios4
|
71
debian-11/apps/nagios/nagios.sh
Normal file
71
debian-11/apps/nagios/nagios.sh
Normal file
@ -0,0 +1,71 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
sed -i 's/main/main non-free/' /etc/apt/sources.list
|
||||||
|
apt update
|
||||||
|
apt -y install nagios4 snmp-mibs-downloader
|
||||||
|
|
||||||
|
chmod u+s /bin/ping
|
||||||
|
|
||||||
|
a2dissite 000-default.conf
|
||||||
|
a2disconf nagios4-cgi
|
||||||
|
a2enmod rewrite cgi ssl
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "Set nagiosadmin password :"
|
||||||
|
while :
|
||||||
|
do
|
||||||
|
htdigest -c /etc/nagios4/htdigest.users Nagios4 nagiosadmin
|
||||||
|
if [ ${?} == 0 ]; then break; fi
|
||||||
|
done
|
||||||
|
|
||||||
|
cat > /etc/apache2/sites-available/nagios.conf << "EOF"
|
||||||
|
<IfModule mod_ssl.c>
|
||||||
|
<VirtualHost _default_:443>
|
||||||
|
ServerAdmin webmaster@localhost
|
||||||
|
DocumentRoot /usr/share/nagios4/htdocs
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||||
|
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
|
||||||
|
|
||||||
|
ScriptAlias /cgi-bin/nagios4 /usr/lib/cgi-bin/nagios4
|
||||||
|
ScriptAlias /nagios4/cgi-bin /usr/lib/cgi-bin/nagios4
|
||||||
|
ScriptAlias /cgi-bin /usr/lib/cgi-bin/nagios4
|
||||||
|
Alias /stylesheets /etc/nagios4/stylesheets
|
||||||
|
Alias /nagios4/stylesheets /etc/nagios4/stylesheets
|
||||||
|
Alias /nagios4 /usr/share/nagios4/htdocs
|
||||||
|
<DirectoryMatch (/usr/share/nagios4/htdocs|/usr/lib/cgi-bin/nagios4|/etc/nagios4/stylesheets)>
|
||||||
|
Options FollowSymLinks
|
||||||
|
DirectoryIndex index.php index.html
|
||||||
|
# AllowOverride AuthConfig
|
||||||
|
# Require ip ::1/128 fc00::/7 fe80::/10 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16
|
||||||
|
AuthDigestDomain "Nagios4"
|
||||||
|
AuthDigestProvider file
|
||||||
|
AuthUserFile "/etc/nagios4/htdigest.users"
|
||||||
|
AuthGroupFile "/etc/group"
|
||||||
|
AuthName "Nagios4"
|
||||||
|
AuthType Digest
|
||||||
|
Require valid-user
|
||||||
|
</DirectoryMatch>
|
||||||
|
<Directory /usr/share/nagios4/htdocs>
|
||||||
|
Options +ExecCGI
|
||||||
|
</Directory>
|
||||||
|
</VirtualHost>
|
||||||
|
</IfModule>
|
||||||
|
EOF
|
||||||
|
|
||||||
|
systemctl reload apache2
|
||||||
|
a2ensite nagios
|
||||||
|
systemctl restart apache2
|
||||||
|
|
||||||
|
sed -i s/use_authentication=0/use_authentication=1/ /etc/nagios4/cgi.cfg
|
||||||
|
|
||||||
|
systemctl enable nagios4
|
||||||
|
systemctl start nagios4
|
||||||
|
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # Apache' /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
112
debian-11/apps/nextcloud-23/nextcloud-23.sh
Normal file
112
debian-11/apps/nextcloud-23/nextcloud-23.sh
Normal file
@ -0,0 +1,112 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html
|
||||||
|
|
||||||
|
IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
|
||||||
|
DBNAME=$(whiptail --title "DB" --inputbox "DB Name :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
|
||||||
|
DBUSER=$(whiptail --title "DB" --inputbox "DB User :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
|
||||||
|
DBPASS=$(whiptail --title "DB" --inputbox "DB Pass :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
|
||||||
|
DATAPATH=$(whiptail --title "DATA" --inputbox "DATA Path :" 0 30 "/srv/nextcloud/data" 3>&1 1>&2 2>&3)
|
||||||
|
NCUSER=$(whiptail --title "NextCloud" --inputbox "Admin Name :" 0 30 "admin" 3>&1 1>&2 2>&3)
|
||||||
|
NCPASS=$(whiptail --title "NextCloud" --inputbox "Admin Pass :" 0 30 "admin" 3>&1 1>&2 2>&3)
|
||||||
|
|
||||||
|
|
||||||
|
apt install -y sudo apache2 coturn
|
||||||
|
apt install -y php7.4 php7.4-curl php7.4-gd php7.4-mbstring php7.4-zip php-xml php-bz2 php7.4-intl php7.4-fpm php-apcu php-memcached php-redis php-imagick php7.4-bcmath php7.4-gmp libapache2-mod-php7.4
|
||||||
|
apt install -y php7.4-mysql mariadb-server
|
||||||
|
apt install -y smbclient ffmpeg libmagickcore-6.q16-6-extra
|
||||||
|
|
||||||
|
a2dissite 000-default
|
||||||
|
a2dissite default-ssl.conf
|
||||||
|
a2enmod rewrite
|
||||||
|
a2enmod headers
|
||||||
|
a2enmod env
|
||||||
|
a2enmod dir
|
||||||
|
a2enmod mime
|
||||||
|
a2enmod ssl
|
||||||
|
|
||||||
|
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/apache2/php.ini
|
||||||
|
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/fpm/php.ini
|
||||||
|
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/cli/php.ini
|
||||||
|
echo "apc.enable_cli=1" >> /etc/php/7.4/cli/php.ini
|
||||||
|
|
||||||
|
mysql -e "CREATE DATABASE ${DBNAME};CREATE USER '${DBUSER}'@'localhost' IDENTIFIED BY '${DBPASS}';GRANT ALL ON ${DBNAME}.* TO '${DBUSER}'@'localhost' WITH GRANT OPTION;FLUSH PRIVILEGES;"
|
||||||
|
|
||||||
|
wget https://download.nextcloud.com/server/releases/latest-23.tar.bz2
|
||||||
|
tar -xvf latest-23.tar.bz2
|
||||||
|
mv nextcloud /var/www
|
||||||
|
chown -R www-data:www-data /var/www/nextcloud
|
||||||
|
mkdir -p ${DATAPATH}
|
||||||
|
chown -R www-data:www-data ${DATAPATH}
|
||||||
|
|
||||||
|
cat > /etc/apache2/sites-available/nextcloud.conf << "EOF"
|
||||||
|
<VirtualHost *:443>
|
||||||
|
Protocols h2 http:/1.1
|
||||||
|
DocumentRoot "/var/www/nextcloud"
|
||||||
|
#ServerName nextcloud.your-domain.com
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||||
|
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||||
|
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
|
||||||
|
SSLCertificateChainFile /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||||
|
SSLProtocol TLSv1.2
|
||||||
|
|
||||||
|
<Directory /var/www/nextcloud/>
|
||||||
|
Options +FollowSymlinks
|
||||||
|
AllowOverride All
|
||||||
|
<IfModule mod_dav.c>
|
||||||
|
Dav off
|
||||||
|
</IfModule>
|
||||||
|
SetEnv HOME /var/www/nextcloud
|
||||||
|
SetEnv HTTP_HOME /var/www/nextcloud
|
||||||
|
Satisfy Any
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
</VirtualHost>
|
||||||
|
EOF
|
||||||
|
|
||||||
|
a2ensite nextcloud
|
||||||
|
systemctl restart apache2
|
||||||
|
|
||||||
|
cd /var/www/nextcloud/
|
||||||
|
sudo -u www-data php occ maintenance:install \
|
||||||
|
--database "mysql" \
|
||||||
|
--database-name "${DBNAME}" \
|
||||||
|
--database-user "${DBUSER}" \
|
||||||
|
--database-pass "${DBPASS}" \
|
||||||
|
--admin-user "${NCUSER}" \
|
||||||
|
--admin-pass "${NCPASS}" \
|
||||||
|
--data-dir "${DATAPATH}"
|
||||||
|
sed -i "s/0 => 'localhost/0 => '${IPV4}/" /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "s/\/\/localhost/\/\/${IPV4}/" /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "s/http:/https:/" /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "/^);*/i\ \ 'memcache.local' => '\\\\OC\\\\Memcache\\\\APCu'," /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "/^);*/i\ \ 'default_phone_region' => 'CH'," /var/www/nextcloud/config/config.php
|
||||||
|
echo "*/5 * * * * php -f /var/www/nextcloud/cron.php" | crontab -u www-data -
|
||||||
|
sudo -u www-data php occ background:cron
|
||||||
|
|
||||||
|
cat >> /etc/turnserver.conf << "EOF"
|
||||||
|
listening-port=8080
|
||||||
|
listening-ip=0.0.0.0
|
||||||
|
fingerprint
|
||||||
|
use-auth-secret
|
||||||
|
static-auth-secret=AUTHSECRET
|
||||||
|
# realm=nextcloud.dom.lan
|
||||||
|
total-quota=0
|
||||||
|
bps-capacity=0
|
||||||
|
stale-nonce
|
||||||
|
no-multicast-peers
|
||||||
|
EOF
|
||||||
|
AUTHSECRET=$(openssl rand -hex 32)
|
||||||
|
sed "s/AUTHSECRET/${AUTHSECRET}/" turnserver.conf
|
||||||
|
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NextCloud' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # TurnServer' /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
112
debian-11/apps/nextcloud-24/nextcloud-24.sh
Normal file
112
debian-11/apps/nextcloud-24/nextcloud-24.sh
Normal file
@ -0,0 +1,112 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html
|
||||||
|
|
||||||
|
IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
|
||||||
|
DBNAME=$(whiptail --title "DB" --inputbox "DB Name :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
|
||||||
|
DBUSER=$(whiptail --title "DB" --inputbox "DB User :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
|
||||||
|
DBPASS=$(whiptail --title "DB" --inputbox "DB Pass :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
|
||||||
|
DATAPATH=$(whiptail --title "DATA" --inputbox "DATA Path :" 0 30 "/srv/nextcloud/data" 3>&1 1>&2 2>&3)
|
||||||
|
NCUSER=$(whiptail --title "NextCloud" --inputbox "Admin Name :" 0 30 "admin" 3>&1 1>&2 2>&3)
|
||||||
|
NCPASS=$(whiptail --title "NextCloud" --inputbox "Admin Pass :" 0 30 "admin" 3>&1 1>&2 2>&3)
|
||||||
|
|
||||||
|
|
||||||
|
apt install -y sudo apache2 coturn
|
||||||
|
apt install -y php7.4 php7.4-curl php7.4-gd php7.4-mbstring php7.4-zip php-xml php-bz2 php7.4-intl php7.4-fpm php-apcu php-memcached php-redis php-imagick php7.4-bcmath php7.4-gmp libapache2-mod-php7.4
|
||||||
|
apt install -y php7.4-mysql mariadb-server
|
||||||
|
apt install -y smbclient ffmpeg libmagickcore-6.q16-6-extra
|
||||||
|
|
||||||
|
a2dissite 000-default
|
||||||
|
a2dissite default-ssl.conf
|
||||||
|
a2enmod rewrite
|
||||||
|
a2enmod headers
|
||||||
|
a2enmod env
|
||||||
|
a2enmod dir
|
||||||
|
a2enmod mime
|
||||||
|
a2enmod ssl
|
||||||
|
|
||||||
|
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/apache2/php.ini
|
||||||
|
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/fpm/php.ini
|
||||||
|
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/cli/php.ini
|
||||||
|
echo "apc.enable_cli=1" >> /etc/php/7.4/cli/php.ini
|
||||||
|
|
||||||
|
mysql -e "CREATE DATABASE ${DBNAME};CREATE USER '${DBUSER}'@'localhost' IDENTIFIED BY '${DBPASS}';GRANT ALL ON ${DBNAME}.* TO '${DBUSER}'@'localhost' WITH GRANT OPTION;FLUSH PRIVILEGES;"
|
||||||
|
|
||||||
|
wget https://download.nextcloud.com/server/releases/latest-24.tar.bz2
|
||||||
|
tar -xvf latest-24.tar.bz2
|
||||||
|
mv nextcloud /var/www
|
||||||
|
chown -R www-data:www-data /var/www/nextcloud
|
||||||
|
mkdir -p ${DATAPATH}
|
||||||
|
chown -R www-data:www-data ${DATAPATH}
|
||||||
|
|
||||||
|
cat > /etc/apache2/sites-available/nextcloud.conf << "EOF"
|
||||||
|
<VirtualHost *:443>
|
||||||
|
Protocols h2 http:/1.1
|
||||||
|
DocumentRoot "/var/www/nextcloud"
|
||||||
|
#ServerName nextcloud.your-domain.com
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||||
|
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||||
|
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
|
||||||
|
SSLCertificateChainFile /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||||
|
SSLProtocol TLSv1.2
|
||||||
|
|
||||||
|
<Directory /var/www/nextcloud/>
|
||||||
|
Options +FollowSymlinks
|
||||||
|
AllowOverride All
|
||||||
|
<IfModule mod_dav.c>
|
||||||
|
Dav off
|
||||||
|
</IfModule>
|
||||||
|
SetEnv HOME /var/www/nextcloud
|
||||||
|
SetEnv HTTP_HOME /var/www/nextcloud
|
||||||
|
Satisfy Any
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
</VirtualHost>
|
||||||
|
EOF
|
||||||
|
|
||||||
|
a2ensite nextcloud
|
||||||
|
systemctl restart apache2
|
||||||
|
|
||||||
|
cd /var/www/nextcloud/
|
||||||
|
sudo -u www-data php occ maintenance:install \
|
||||||
|
--database "mysql" \
|
||||||
|
--database-name "${DBNAME}" \
|
||||||
|
--database-user "${DBUSER}" \
|
||||||
|
--database-pass "${DBPASS}" \
|
||||||
|
--admin-user "${NCUSER}" \
|
||||||
|
--admin-pass "${NCPASS}" \
|
||||||
|
--data-dir "${DATAPATH}"
|
||||||
|
sed -i "s/0 => 'localhost/0 => '${IPV4}/" /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "s/\/\/localhost/\/\/${IPV4}/" /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "s/http:/https:/" /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "/^);*/i\ \ 'memcache.local' => '\\\\OC\\\\Memcache\\\\APCu'," /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "/^);*/i\ \ 'default_phone_region' => 'CH'," /var/www/nextcloud/config/config.php
|
||||||
|
echo "*/5 * * * * php -f /var/www/nextcloud/cron.php" | crontab -u www-data -
|
||||||
|
sudo -u www-data php occ background:cron
|
||||||
|
|
||||||
|
cat >> /etc/turnserver.conf << "EOF"
|
||||||
|
listening-port=8080
|
||||||
|
listening-ip=0.0.0.0
|
||||||
|
fingerprint
|
||||||
|
use-auth-secret
|
||||||
|
static-auth-secret=AUTHSECRET
|
||||||
|
# realm=nextcloud.dom.lan
|
||||||
|
total-quota=0
|
||||||
|
bps-capacity=0
|
||||||
|
stale-nonce
|
||||||
|
no-multicast-peers
|
||||||
|
EOF
|
||||||
|
AUTHSECRET=$(openssl rand -hex 32)
|
||||||
|
sed "s/AUTHSECRET/${AUTHSECRET}/" turnserver.conf
|
||||||
|
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NextCloud' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # TurnServer' /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
112
debian-11/apps/nextcloud-25/nextcloud-25.sh
Normal file
112
debian-11/apps/nextcloud-25/nextcloud-25.sh
Normal file
@ -0,0 +1,112 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html
|
||||||
|
|
||||||
|
IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
|
||||||
|
DBNAME=$(whiptail --title "DB" --inputbox "DB Name :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
|
||||||
|
DBUSER=$(whiptail --title "DB" --inputbox "DB User :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
|
||||||
|
DBPASS=$(whiptail --title "DB" --inputbox "DB Pass :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
|
||||||
|
DATAPATH=$(whiptail --title "DATA" --inputbox "DATA Path :" 0 30 "/srv/nextcloud/data" 3>&1 1>&2 2>&3)
|
||||||
|
NCUSER=$(whiptail --title "NextCloud" --inputbox "Admin Name :" 0 30 "admin" 3>&1 1>&2 2>&3)
|
||||||
|
NCPASS=$(whiptail --title "NextCloud" --inputbox "Admin Pass :" 0 30 "admin" 3>&1 1>&2 2>&3)
|
||||||
|
|
||||||
|
|
||||||
|
apt install -y sudo apache2 coturn
|
||||||
|
apt install -y php7.4 php7.4-curl php7.4-gd php7.4-mbstring php7.4-zip php-xml php-bz2 php7.4-intl php7.4-fpm php-apcu php-memcached php-redis php-imagick php7.4-bcmath php7.4-gmp libapache2-mod-php7.4
|
||||||
|
apt install -y php7.4-mysql mariadb-server
|
||||||
|
apt install -y smbclient ffmpeg libmagickcore-6.q16-6-extra
|
||||||
|
|
||||||
|
a2dissite 000-default
|
||||||
|
a2dissite default-ssl.conf
|
||||||
|
a2enmod rewrite
|
||||||
|
a2enmod headers
|
||||||
|
a2enmod env
|
||||||
|
a2enmod dir
|
||||||
|
a2enmod mime
|
||||||
|
a2enmod ssl
|
||||||
|
|
||||||
|
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/apache2/php.ini
|
||||||
|
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/fpm/php.ini
|
||||||
|
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/cli/php.ini
|
||||||
|
echo "apc.enable_cli=1" >> /etc/php/7.4/cli/php.ini
|
||||||
|
|
||||||
|
mysql -e "CREATE DATABASE ${DBNAME};CREATE USER '${DBUSER}'@'localhost' IDENTIFIED BY '${DBPASS}';GRANT ALL ON ${DBNAME}.* TO '${DBUSER}'@'localhost' WITH GRANT OPTION;FLUSH PRIVILEGES;"
|
||||||
|
|
||||||
|
wget https://download.nextcloud.com/server/releases/latest-25.tar.bz2
|
||||||
|
tar -xvf latest-25.tar.bz2
|
||||||
|
mv nextcloud /var/www
|
||||||
|
chown -R www-data:www-data /var/www/nextcloud
|
||||||
|
mkdir -p ${DATAPATH}
|
||||||
|
chown -R www-data:www-data ${DATAPATH}
|
||||||
|
|
||||||
|
cat > /etc/apache2/sites-available/nextcloud.conf << "EOF"
|
||||||
|
<VirtualHost *:443>
|
||||||
|
Protocols h2 http:/1.1
|
||||||
|
DocumentRoot "/var/www/nextcloud"
|
||||||
|
#ServerName nextcloud.your-domain.com
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||||
|
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||||
|
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
|
||||||
|
SSLCertificateChainFile /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||||
|
SSLProtocol TLSv1.2
|
||||||
|
|
||||||
|
<Directory /var/www/nextcloud/>
|
||||||
|
Options +FollowSymlinks
|
||||||
|
AllowOverride All
|
||||||
|
<IfModule mod_dav.c>
|
||||||
|
Dav off
|
||||||
|
</IfModule>
|
||||||
|
SetEnv HOME /var/www/nextcloud
|
||||||
|
SetEnv HTTP_HOME /var/www/nextcloud
|
||||||
|
Satisfy Any
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
</VirtualHost>
|
||||||
|
EOF
|
||||||
|
|
||||||
|
a2ensite nextcloud
|
||||||
|
systemctl restart apache2
|
||||||
|
|
||||||
|
cd /var/www/nextcloud/
|
||||||
|
sudo -u www-data php occ maintenance:install \
|
||||||
|
--database "mysql" \
|
||||||
|
--database-name "${DBNAME}" \
|
||||||
|
--database-user "${DBUSER}" \
|
||||||
|
--database-pass "${DBPASS}" \
|
||||||
|
--admin-user "${NCUSER}" \
|
||||||
|
--admin-pass "${NCPASS}" \
|
||||||
|
--data-dir "${DATAPATH}"
|
||||||
|
sed -i "s/0 => 'localhost/0 => '${IPV4}/" /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "s/\/\/localhost/\/\/${IPV4}/" /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "s/http:/https:/" /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "/^);*/i\ \ 'memcache.local' => '\\\\OC\\\\Memcache\\\\APCu'," /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "/^);*/i\ \ 'default_phone_region' => 'CH'," /var/www/nextcloud/config/config.php
|
||||||
|
echo "*/5 * * * * php -f /var/www/nextcloud/cron.php" | crontab -u www-data -
|
||||||
|
sudo -u www-data php occ background:cron
|
||||||
|
|
||||||
|
cat >> /etc/turnserver.conf << "EOF"
|
||||||
|
listening-port=8080
|
||||||
|
listening-ip=0.0.0.0
|
||||||
|
fingerprint
|
||||||
|
use-auth-secret
|
||||||
|
static-auth-secret=AUTHSECRET
|
||||||
|
# realm=nextcloud.dom.lan
|
||||||
|
total-quota=0
|
||||||
|
bps-capacity=0
|
||||||
|
stale-nonce
|
||||||
|
no-multicast-peers
|
||||||
|
EOF
|
||||||
|
AUTHSECRET=$(openssl rand -hex 32)
|
||||||
|
sed "s/AUTHSECRET/${AUTHSECRET}/" turnserver.conf
|
||||||
|
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NextCloud' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # TurnServer' /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
115
debian-11/apps/nextcloud-26/nextcloud-26.sh
Normal file
115
debian-11/apps/nextcloud-26/nextcloud-26.sh
Normal file
@ -0,0 +1,115 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html
|
||||||
|
|
||||||
|
IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
|
||||||
|
DBNAME=$(whiptail --title "DB" --inputbox "DB Name :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
|
||||||
|
DBUSER=$(whiptail --title "DB" --inputbox "DB User :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
|
||||||
|
DBPASS=$(whiptail --title "DB" --inputbox "DB Pass :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
|
||||||
|
DATAPATH=$(whiptail --title "DATA" --inputbox "DATA Path :" 0 30 "/srv/nextcloud/data" 3>&1 1>&2 2>&3)
|
||||||
|
NCUSER=$(whiptail --title "NextCloud" --inputbox "Admin Name :" 0 30 "admin" 3>&1 1>&2 2>&3)
|
||||||
|
NCPASS=$(whiptail --title "NextCloud" --inputbox "Admin Pass :" 0 30 "admin" 3>&1 1>&2 2>&3)
|
||||||
|
|
||||||
|
curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg
|
||||||
|
echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ bullseye main" > /etc/apt/sources.list.d/php-8.1.list
|
||||||
|
apt update -y
|
||||||
|
|
||||||
|
apt install -y sudo apache2 coturn
|
||||||
|
apt install -y php8.1 php8.1-curl php8.1-gd php8.1-mbstring php8.1-zip php8.1-xml php8.1-bz2 php8.1-intl php8.1-fpm php8.1-apcu php8.1-memcached php8.1-redis php8.1-imagick php8.1-bcmath php8.1-gmp libapache2-mod-php8.1
|
||||||
|
apt install -y php8.1-mysql mariadb-server
|
||||||
|
apt install -y smbclient ffmpeg libmagickcore-6.q16-6-extra
|
||||||
|
|
||||||
|
a2dissite 000-default
|
||||||
|
a2dissite default-ssl.conf
|
||||||
|
a2enmod rewrite
|
||||||
|
a2enmod headers
|
||||||
|
a2enmod env
|
||||||
|
a2enmod dir
|
||||||
|
a2enmod mime
|
||||||
|
a2enmod ssl
|
||||||
|
|
||||||
|
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/8.1/apache2/php.ini
|
||||||
|
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/8.1/fpm/php.ini
|
||||||
|
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/8.1/cli/php.ini
|
||||||
|
echo "apc.enable_cli=1" >> /etc/php/8.1/cli/php.ini
|
||||||
|
|
||||||
|
mysql -e "CREATE DATABASE ${DBNAME};CREATE USER '${DBUSER}'@'localhost' IDENTIFIED BY '${DBPASS}';GRANT ALL ON ${DBNAME}.* TO '${DBUSER}'@'localhost' WITH GRANT OPTION;FLUSH PRIVILEGES;"
|
||||||
|
|
||||||
|
wget https://download.nextcloud.com/server/releases/latest-26.tar.bz2
|
||||||
|
tar -xvf latest-26.tar.bz2
|
||||||
|
mv nextcloud /var/www
|
||||||
|
chown -R www-data:www-data /var/www/nextcloud
|
||||||
|
mkdir -p ${DATAPATH}
|
||||||
|
chown -R www-data:www-data ${DATAPATH}
|
||||||
|
|
||||||
|
cat > /etc/apache2/sites-available/nextcloud.conf << "EOF"
|
||||||
|
<VirtualHost *:443>
|
||||||
|
Protocols h2 http:/1.1
|
||||||
|
DocumentRoot "/var/www/nextcloud"
|
||||||
|
#ServerName nextcloud.your-domain.com
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||||
|
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||||
|
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
|
||||||
|
SSLCertificateChainFile /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||||
|
SSLProtocol TLSv1.2
|
||||||
|
|
||||||
|
<Directory /var/www/nextcloud/>
|
||||||
|
Options +FollowSymlinks
|
||||||
|
AllowOverride All
|
||||||
|
<IfModule mod_dav.c>
|
||||||
|
Dav off
|
||||||
|
</IfModule>
|
||||||
|
SetEnv HOME /var/www/nextcloud
|
||||||
|
SetEnv HTTP_HOME /var/www/nextcloud
|
||||||
|
Satisfy Any
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
</VirtualHost>
|
||||||
|
EOF
|
||||||
|
|
||||||
|
a2ensite nextcloud
|
||||||
|
systemctl restart apache2
|
||||||
|
|
||||||
|
cd /var/www/nextcloud/
|
||||||
|
sudo -u www-data php occ maintenance:install \
|
||||||
|
--database "mysql" \
|
||||||
|
--database-name "${DBNAME}" \
|
||||||
|
--database-user "${DBUSER}" \
|
||||||
|
--database-pass "${DBPASS}" \
|
||||||
|
--admin-user "${NCUSER}" \
|
||||||
|
--admin-pass "${NCPASS}" \
|
||||||
|
--data-dir "${DATAPATH}"
|
||||||
|
sed -i "s/0 => 'localhost/0 => '${IPV4}/" /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "s/\/\/localhost/\/\/${IPV4}/" /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "s/http:/https:/" /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "/^);*/i\ \ 'memcache.local' => '\\\\OC\\\\Memcache\\\\APCu'," /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "/^);*/i\ \ 'default_phone_region' => 'CH'," /var/www/nextcloud/config/config.php
|
||||||
|
echo "*/5 * * * * php -f /var/www/nextcloud/cron.php" | crontab -u www-data -
|
||||||
|
sudo -u www-data php occ background:cron
|
||||||
|
|
||||||
|
cat >> /etc/turnserver.conf << "EOF"
|
||||||
|
listening-port=8080
|
||||||
|
listening-ip=0.0.0.0
|
||||||
|
fingerprint
|
||||||
|
use-auth-secret
|
||||||
|
static-auth-secret=AUTHSECRET
|
||||||
|
# realm=nextcloud.dom.lan
|
||||||
|
total-quota=0
|
||||||
|
bps-capacity=0
|
||||||
|
stale-nonce
|
||||||
|
no-multicast-peers
|
||||||
|
EOF
|
||||||
|
AUTHSECRET=$(openssl rand -hex 32)
|
||||||
|
sed "s/AUTHSECRET/${AUTHSECRET}/" turnserver.conf
|
||||||
|
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NextCloud' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # TurnServer' /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
112
debian-11/apps/nextcloud-latest/nextcloud-latest.sh
Normal file
112
debian-11/apps/nextcloud-latest/nextcloud-latest.sh
Normal file
@ -0,0 +1,112 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html
|
||||||
|
|
||||||
|
IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
|
||||||
|
DBNAME=$(whiptail --title "DB" --inputbox "DB Name :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
|
||||||
|
DBUSER=$(whiptail --title "DB" --inputbox "DB User :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
|
||||||
|
DBPASS=$(whiptail --title "DB" --inputbox "DB Pass :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
|
||||||
|
DATAPATH=$(whiptail --title "DATA" --inputbox "DATA Path :" 0 30 "/srv/nextcloud/data" 3>&1 1>&2 2>&3)
|
||||||
|
NCUSER=$(whiptail --title "NextCloud" --inputbox "Admin Name :" 0 30 "admin" 3>&1 1>&2 2>&3)
|
||||||
|
NCPASS=$(whiptail --title "NextCloud" --inputbox "Admin Pass :" 0 30 "admin" 3>&1 1>&2 2>&3)
|
||||||
|
|
||||||
|
|
||||||
|
apt install -y sudo apache2 coturn
|
||||||
|
apt install -y php7.4 php7.4-curl php7.4-gd php7.4-mbstring php7.4-zip php-xml php-bz2 php7.4-intl php7.4-fpm php-apcu php-memcached php-redis php-imagick php7.4-bcmath php7.4-gmp libapache2-mod-php7.4
|
||||||
|
apt install -y php7.4-mysql mariadb-server
|
||||||
|
apt install -y smbclient ffmpeg libmagickcore-6.q16-6-extra
|
||||||
|
|
||||||
|
a2dissite 000-default
|
||||||
|
a2dissite default-ssl.conf
|
||||||
|
a2enmod rewrite
|
||||||
|
a2enmod headers
|
||||||
|
a2enmod env
|
||||||
|
a2enmod dir
|
||||||
|
a2enmod mime
|
||||||
|
a2enmod ssl
|
||||||
|
|
||||||
|
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/apache2/php.ini
|
||||||
|
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/fpm/php.ini
|
||||||
|
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/cli/php.ini
|
||||||
|
echo "apc.enable_cli=1" >> /etc/php/7.4/cli/php.ini
|
||||||
|
|
||||||
|
mysql -e "CREATE DATABASE ${DBNAME};CREATE USER '${DBUSER}'@'localhost' IDENTIFIED BY '${DBPASS}';GRANT ALL ON ${DBNAME}.* TO '${DBUSER}'@'localhost' WITH GRANT OPTION;FLUSH PRIVILEGES;"
|
||||||
|
|
||||||
|
wget https://download.nextcloud.com/server/releases/latest.tar.bz2
|
||||||
|
tar -xvf latest.tar.bz2
|
||||||
|
mv nextcloud /var/www
|
||||||
|
chown -R www-data:www-data /var/www/nextcloud
|
||||||
|
mkdir -p ${DATAPATH}
|
||||||
|
chown -R www-data:www-data ${DATAPATH}
|
||||||
|
|
||||||
|
cat > /etc/apache2/sites-available/nextcloud.conf << "EOF"
|
||||||
|
<VirtualHost *:443>
|
||||||
|
Protocols h2 http:/1.1
|
||||||
|
DocumentRoot "/var/www/nextcloud"
|
||||||
|
#ServerName nextcloud.your-domain.com
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||||
|
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||||
|
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
|
||||||
|
SSLCertificateChainFile /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||||
|
SSLProtocol TLSv1.2
|
||||||
|
|
||||||
|
<Directory /var/www/nextcloud/>
|
||||||
|
Options +FollowSymlinks
|
||||||
|
AllowOverride All
|
||||||
|
<IfModule mod_dav.c>
|
||||||
|
Dav off
|
||||||
|
</IfModule>
|
||||||
|
SetEnv HOME /var/www/nextcloud
|
||||||
|
SetEnv HTTP_HOME /var/www/nextcloud
|
||||||
|
Satisfy Any
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
</VirtualHost>
|
||||||
|
EOF
|
||||||
|
|
||||||
|
a2ensite nextcloud
|
||||||
|
systemctl restart apache2
|
||||||
|
|
||||||
|
cd /var/www/nextcloud/
|
||||||
|
sudo -u www-data php occ maintenance:install \
|
||||||
|
--database "mysql" \
|
||||||
|
--database-name "${DBNAME}" \
|
||||||
|
--database-user "${DBUSER}" \
|
||||||
|
--database-pass "${DBPASS}" \
|
||||||
|
--admin-user "${NCUSER}" \
|
||||||
|
--admin-pass "${NCPASS}" \
|
||||||
|
--data-dir "${DATAPATH}"
|
||||||
|
sed -i "s/0 => 'localhost/0 => '${IPV4}/" /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "s/\/\/localhost/\/\/${IPV4}/" /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "s/http:/https:/" /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "/^);*/i\ \ 'memcache.local' => '\\\\OC\\\\Memcache\\\\APCu'," /var/www/nextcloud/config/config.php
|
||||||
|
sed -i "/^);*/i\ \ 'default_phone_region' => 'CH'," /var/www/nextcloud/config/config.php
|
||||||
|
echo "*/5 * * * * php -f /var/www/nextcloud/cron.php" | crontab -u www-data -
|
||||||
|
sudo -u www-data php occ background:cron
|
||||||
|
|
||||||
|
cat >> /etc/turnserver.conf << "EOF"
|
||||||
|
listening-port=8080
|
||||||
|
listening-ip=0.0.0.0
|
||||||
|
fingerprint
|
||||||
|
use-auth-secret
|
||||||
|
static-auth-secret=AUTHSECRET
|
||||||
|
# realm=nextcloud.dom.lan
|
||||||
|
total-quota=0
|
||||||
|
bps-capacity=0
|
||||||
|
stale-nonce
|
||||||
|
no-multicast-peers
|
||||||
|
EOF
|
||||||
|
AUTHSECRET=$(openssl rand -hex 32)
|
||||||
|
sed "s/AUTHSECRET/${AUTHSECRET}/" turnserver.conf
|
||||||
|
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NextCloud' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # TurnServer' /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
43
debian-11/apps/nodejs-14/nodejs-14.sh
Normal file
43
debian-11/apps/nodejs-14/nodejs-14.sh
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
mkdir /srv/node
|
||||||
|
curl -sL https://deb.nodesource.com/setup_14.x | bash -
|
||||||
|
apt install -y nodejs
|
||||||
|
npm i -g nodemon
|
||||||
|
|
||||||
|
cat > /etc/systemd/system/nodejs.service << EOF
|
||||||
|
[Service]
|
||||||
|
ExecStart=/usr/bin/node app.js
|
||||||
|
WorkingDirectory=/srv/node
|
||||||
|
Restart=always
|
||||||
|
StandardOutput=syslog
|
||||||
|
StandardError=syslog
|
||||||
|
SyslogIdentifier=node
|
||||||
|
#User=websites
|
||||||
|
#Group=websites
|
||||||
|
Environment=NODE_ENV=production
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat > /srv/node/app.js << "EOF"
|
||||||
|
var http = require('http')
|
||||||
|
|
||||||
|
http.createServer(function (req, res) {
|
||||||
|
res.writeHead(200, {'Content-Type': 'text/plain'})
|
||||||
|
res.write('Hello World!')
|
||||||
|
res.end()
|
||||||
|
}).listen(80)
|
||||||
|
EOF
|
||||||
|
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl enable nodejs.service
|
||||||
|
systemctl start nodejs.service
|
||||||
|
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NodeJS' /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
43
debian-11/apps/nodejs-16/nodejs-16.sh
Normal file
43
debian-11/apps/nodejs-16/nodejs-16.sh
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
mkdir /srv/node
|
||||||
|
curl -sL https://deb.nodesource.com/setup_16.x | bash -
|
||||||
|
apt install -y nodejs
|
||||||
|
npm i -g nodemon
|
||||||
|
|
||||||
|
cat > /etc/systemd/system/nodejs.service << EOF
|
||||||
|
[Service]
|
||||||
|
ExecStart=/usr/bin/node app.js
|
||||||
|
WorkingDirectory=/srv/node
|
||||||
|
Restart=always
|
||||||
|
StandardOutput=syslog
|
||||||
|
StandardError=syslog
|
||||||
|
SyslogIdentifier=node
|
||||||
|
#User=websites
|
||||||
|
#Group=websites
|
||||||
|
Environment=NODE_ENV=production
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat > /srv/node/app.js << "EOF"
|
||||||
|
var http = require('http')
|
||||||
|
|
||||||
|
http.createServer(function (req, res) {
|
||||||
|
res.writeHead(200, {'Content-Type': 'text/plain'})
|
||||||
|
res.write('Hello World!')
|
||||||
|
res.end()
|
||||||
|
}).listen(80)
|
||||||
|
EOF
|
||||||
|
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl enable nodejs.service
|
||||||
|
systemctl start nodejs.service
|
||||||
|
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NodeJS' /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
43
debian-11/apps/nodejs-18/nodejs-18.sh
Normal file
43
debian-11/apps/nodejs-18/nodejs-18.sh
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
mkdir /srv/node
|
||||||
|
curl -sL https://deb.nodesource.com/setup_18.x | bash -
|
||||||
|
apt install -y nodejs
|
||||||
|
npm i -g nodemon
|
||||||
|
|
||||||
|
cat > /etc/systemd/system/nodejs.service << EOF
|
||||||
|
[Service]
|
||||||
|
ExecStart=/usr/bin/node app.js
|
||||||
|
WorkingDirectory=/srv/node
|
||||||
|
Restart=always
|
||||||
|
StandardOutput=syslog
|
||||||
|
StandardError=syslog
|
||||||
|
SyslogIdentifier=node
|
||||||
|
#User=websites
|
||||||
|
#Group=websites
|
||||||
|
Environment=NODE_ENV=production
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat > /srv/node/app.js << "EOF"
|
||||||
|
var http = require('http')
|
||||||
|
|
||||||
|
http.createServer(function (req, res) {
|
||||||
|
res.writeHead(200, {'Content-Type': 'text/plain'})
|
||||||
|
res.write('Hello World!')
|
||||||
|
res.end()
|
||||||
|
}).listen(80)
|
||||||
|
EOF
|
||||||
|
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl enable nodejs.service
|
||||||
|
systemctl start nodejs.service
|
||||||
|
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NodeJS' /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
43
debian-11/apps/nodejs-19/nodejs-19.sh
Normal file
43
debian-11/apps/nodejs-19/nodejs-19.sh
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
mkdir /srv/node
|
||||||
|
curl -sL https://deb.nodesource.com/setup_19.x | bash -
|
||||||
|
apt install -y nodejs
|
||||||
|
npm i -g nodemon
|
||||||
|
|
||||||
|
cat > /etc/systemd/system/nodejs.service << EOF
|
||||||
|
[Service]
|
||||||
|
ExecStart=/usr/bin/node app.js
|
||||||
|
WorkingDirectory=/srv/node
|
||||||
|
Restart=always
|
||||||
|
StandardOutput=syslog
|
||||||
|
StandardError=syslog
|
||||||
|
SyslogIdentifier=node
|
||||||
|
#User=websites
|
||||||
|
#Group=websites
|
||||||
|
Environment=NODE_ENV=production
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat > /srv/node/app.js << "EOF"
|
||||||
|
var http = require('http')
|
||||||
|
|
||||||
|
http.createServer(function (req, res) {
|
||||||
|
res.writeHead(200, {'Content-Type': 'text/plain'})
|
||||||
|
res.write('Hello World!')
|
||||||
|
res.end()
|
||||||
|
}).listen(80)
|
||||||
|
EOF
|
||||||
|
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl enable nodejs.service
|
||||||
|
systemctl start nodejs.service
|
||||||
|
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NodeJS' /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
43
debian-11/apps/nodejs-20/nodejs-20.sh
Normal file
43
debian-11/apps/nodejs-20/nodejs-20.sh
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
mkdir /srv/node
|
||||||
|
curl -sL https://deb.nodesource.com/setup_20.x | bash -
|
||||||
|
apt install -y nodejs
|
||||||
|
npm i -g nodemon
|
||||||
|
|
||||||
|
cat > /etc/systemd/system/nodejs.service << EOF
|
||||||
|
[Service]
|
||||||
|
ExecStart=/usr/bin/node app.js
|
||||||
|
WorkingDirectory=/srv/node
|
||||||
|
Restart=always
|
||||||
|
StandardOutput=syslog
|
||||||
|
StandardError=syslog
|
||||||
|
SyslogIdentifier=node
|
||||||
|
#User=websites
|
||||||
|
#Group=websites
|
||||||
|
Environment=NODE_ENV=production
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat > /srv/node/app.js << "EOF"
|
||||||
|
var http = require('http')
|
||||||
|
|
||||||
|
http.createServer(function (req, res) {
|
||||||
|
res.writeHead(200, {'Content-Type': 'text/plain'})
|
||||||
|
res.write('Hello World!')
|
||||||
|
res.end()
|
||||||
|
}).listen(80)
|
||||||
|
EOF
|
||||||
|
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl enable nodejs.service
|
||||||
|
systemctl start nodejs.service
|
||||||
|
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NodeJS' /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
3
debian-11/apps/portainer/portainer.sh
Normal file
3
debian-11/apps/portainer/portainer.sh
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
docker run -d --name="portainer" --restart=unless-stopped -p 8000:8000 -p 9000:9000 -p 9443:9443 -v /var/run/docker.sock:/var/run/docker.sock -v /srv/portainer/data:/data portainer/portainer-ce
|
45
debian-11/apps/proxmox-7/proxmox-7.sh
Normal file
45
debian-11/apps/proxmox-7/proxmox-7.sh
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
HOSTNAME=$(hostname -s)
|
||||||
|
FQDN=$(hostname)
|
||||||
|
IPV4INT=$(ip addr | grep '<BROADCAST' | head -n1 | awk '{print $2}' | cut -f1 -d :)
|
||||||
|
NETFILE=/etc/network/interfaces.d/${IPV4INT}
|
||||||
|
if test -f "${NETFILE}"; then
|
||||||
|
IPV4=$(cat ${NETFILE} | grep address | awk '{print $2}')
|
||||||
|
IPV4MASK=24
|
||||||
|
IPV4GW=$(cat ${NETFILE} | grep gateway | awk '{print $2}')
|
||||||
|
else
|
||||||
|
IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
|
||||||
|
IPV4MASK=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f2 -d /)
|
||||||
|
IPV4GW=$(ip route | grep default | awk '{print $3}')
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
|
||||||
|
echo "${IPV4} ${FQDN} ${HOSTNAME}" >> /etc/hosts
|
||||||
|
|
||||||
|
apt remove -y iptables-persistent
|
||||||
|
rm -R /etc/iptables
|
||||||
|
|
||||||
|
echo "deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription" >> /etc/apt/sources.list
|
||||||
|
wget http://download.proxmox.com/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg
|
||||||
|
|
||||||
|
apt update
|
||||||
|
apt -y full-upgrade
|
||||||
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
|
apt install -y proxmox-ve postfix open-iscsi ifupdown2
|
||||||
|
apt remove -y os-prober linux-image-*
|
||||||
|
update-grub
|
||||||
|
|
||||||
|
echo "# deb https://enterprise.proxmox.com/debian/pve bullseye pve-enterprise" > /etc/apt/sources.list.d/pve-enterprise.list
|
||||||
|
|
||||||
|
NETFILE=/etc/network/interfaces.new
|
||||||
|
echo "" >> ${NETFILE}
|
||||||
|
echo "auto vmbr0" >> ${NETFILE}
|
||||||
|
echo "iface vmbr0 inet static" >> ${NETFILE}
|
||||||
|
echo " address ${IPV4}/${IPV4MASK}" >> ${NETFILE}
|
||||||
|
echo " gateway ${IPV4GW}" >> ${NETFILE}
|
||||||
|
echo " bridge-ports ${IPV4INT}" >> ${NETFILE}
|
||||||
|
echo " bridge-stp off" >> ${NETFILE}
|
||||||
|
echo " bridge-fd 0" >> ${NETFILE}
|
||||||
|
|
||||||
|
rm /etc/network/interfaces.d/*
|
12
debian-11/apps/rinetd/rinetd.sh
Normal file
12
debian-11/apps/rinetd/rinetd.sh
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
apt install -y rinetd
|
||||||
|
|
||||||
|
nano /etc/rinetd.conf
|
||||||
|
systemctl restart rinetd
|
||||||
|
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # RINETD' /etc/iptables/rules.v4
|
||||||
|
nano /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
14
debian-11/apps/tang/tang.sh
Normal file
14
debian-11/apps/tang/tang.sh
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
apt install -y tang
|
||||||
|
|
||||||
|
# systemctl edit tangd.socket
|
||||||
|
# systemctl daemon-reload
|
||||||
|
systemctl enable tangd.socket
|
||||||
|
systemctl start tangd.socket
|
||||||
|
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # TANGD' /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
42
debian-11/apps/tor-gw/tor-gw.sh
Normal file
42
debian-11/apps/tor-gw/tor-gw.sh
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
apt install -y tor
|
||||||
|
|
||||||
|
echo "nameserver 127.0.0.1" > /etc/resolv.conf
|
||||||
|
|
||||||
|
cat >> /etc/tor/torrc << EOF
|
||||||
|
VirtualAddrNetwork 10.192.0.0/10
|
||||||
|
AutomapHostsSuffixes .onion,.exit
|
||||||
|
AutomapHostsOnResolve 1
|
||||||
|
TransPort 0.0.0.0:9040
|
||||||
|
DNSPort 0.0.0.0:53
|
||||||
|
EOF
|
||||||
|
|
||||||
|
service tor restart
|
||||||
|
|
||||||
|
cat > /etc/iptables/rules.v4 << EOF
|
||||||
|
*filter
|
||||||
|
:INPUT ACCEPT [0:0]
|
||||||
|
:FORWARD ACCEPT [0:0]
|
||||||
|
:OUTPUT ACCEPT [0:0]
|
||||||
|
COMMIT
|
||||||
|
EOF
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
|
||||||
|
iptables -t nat -A PREROUTING ! -i lo -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 22
|
||||||
|
iptables -t nat -A PREROUTING ! -i lo -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
|
||||||
|
iptables -t nat -A PREROUTING ! -i lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
|
||||||
|
iptables-save > /etc/iptables/rules.v4
|
||||||
|
|
||||||
|
sed -i '/net.ipv4.ip_forward/s/^#//g' /etc/sysctl.conf
|
||||||
|
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo ""
|
||||||
|
echo ""
|
||||||
|
ip a | grep "inet "
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "Note for Firefox :"
|
||||||
|
echo "You need to enable dot onion in about:config."
|
||||||
|
echo "network.dns.blockDotOnion = False"
|
257
debian-11/apps/traefik/traefik.sh
Normal file
257
debian-11/apps/traefik/traefik.sh
Normal file
@ -0,0 +1,257 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
RELEASE=$(whiptail --title "Traefik" --inputbox "Release :" 0 30 "2.7.1" 3>&1 1>&2 2>&3)
|
||||||
|
ACCOUNT=$(whiptail --title "Traefik" --inputbox "ACME E-Mail :" 0 30 "" 3>&1 1>&2 2>&3)
|
||||||
|
|
||||||
|
main() {
|
||||||
|
Traefik-etc-certs-selfsigned
|
||||||
|
Traefik-etc-services
|
||||||
|
Traefik-etc-config
|
||||||
|
Traefik-etc-iptable
|
||||||
|
Traefik-bin-update-traefik
|
||||||
|
Traefik-service
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
Traefik-etc-certs-selfsigned() {
|
||||||
|
mkdir -p /etc/traefik/certs
|
||||||
|
openssl ecparam -name secp256r1 -genkey -out /etc/traefik/certs/self.key
|
||||||
|
openssl req -new -x509 -key /etc/traefik/certs/self.key -sha256 -nodes -out /etc/traefik/certs/self.crt -days 3650
|
||||||
|
}
|
||||||
|
|
||||||
|
Traefik-etc-services() {
|
||||||
|
mkdir -p /etc/traefik/services
|
||||||
|
Traefik-etc-services-shared
|
||||||
|
Traefik-etc-services-default
|
||||||
|
}
|
||||||
|
|
||||||
|
Traefik-etc-services-shared() {
|
||||||
|
cat >> /etc/traefik/services/_shared.yaml << "EOF"
|
||||||
|
tls:
|
||||||
|
stores:
|
||||||
|
default:
|
||||||
|
defaultCertificate:
|
||||||
|
certFile: "/etc/traefik/certs/self.crt"
|
||||||
|
keyFile: "/etc/traefik/certs/self.key"
|
||||||
|
|
||||||
|
options:
|
||||||
|
default:
|
||||||
|
minVersion: "VersionTLS12"
|
||||||
|
# sniStrict: true
|
||||||
|
cipherSuites:
|
||||||
|
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||||
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||||
|
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||||
|
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||||
|
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
|
||||||
|
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
||||||
|
|
||||||
|
mintls13:
|
||||||
|
minVersion: "VersionTLS13"
|
||||||
|
|
||||||
|
http:
|
||||||
|
middlewares:
|
||||||
|
to-https:
|
||||||
|
redirectScheme:
|
||||||
|
scheme: "https"
|
||||||
|
permanent: true
|
||||||
|
to-no-www:
|
||||||
|
redirectRegex:
|
||||||
|
regex: "^https://www.(.*)"
|
||||||
|
replacement: "https://${1}"
|
||||||
|
permanent: true
|
||||||
|
|
||||||
|
hsts-min:
|
||||||
|
headers:
|
||||||
|
sslRedirect: true
|
||||||
|
stsIncludeSubdomains: false
|
||||||
|
stsPreload: true
|
||||||
|
stsSeconds: 63072000
|
||||||
|
contentTypeNosniff: true
|
||||||
|
accessControlMaxAge: 100
|
||||||
|
addVaryheader: true
|
||||||
|
hsts_light:
|
||||||
|
headers:
|
||||||
|
sslRedirect: true
|
||||||
|
frameDeny: true
|
||||||
|
stsIncludeSubdomains: false
|
||||||
|
stsPreload: true
|
||||||
|
stsSeconds: 63072000
|
||||||
|
contentTypeNosniff: true
|
||||||
|
accessControlMaxAge: 100
|
||||||
|
addVaryheader: true
|
||||||
|
hsts:
|
||||||
|
headers:
|
||||||
|
sslRedirect: true
|
||||||
|
frameDeny: true
|
||||||
|
stsIncludeSubdomains: false
|
||||||
|
stsPreload: true
|
||||||
|
stsSeconds: 63072000
|
||||||
|
contentTypeNosniff: true
|
||||||
|
accessControlMaxAge: 100
|
||||||
|
addVaryheader: true
|
||||||
|
referrerPolicy: "origin-when-cross-origin"
|
||||||
|
hsts-strict:
|
||||||
|
headers:
|
||||||
|
sslRedirect: true
|
||||||
|
frameDeny: true
|
||||||
|
stsIncludeSubdomains: false
|
||||||
|
stsPreload: true
|
||||||
|
stsSeconds: 63072000
|
||||||
|
contentTypeNosniff: true
|
||||||
|
accessControlMaxAge: 100
|
||||||
|
addVaryheader: true
|
||||||
|
contentSecurityPolicy: "script-src 'self'"
|
||||||
|
referrerPolicy: "origin-when-cross-origin"
|
||||||
|
|
||||||
|
services:
|
||||||
|
dummy:
|
||||||
|
loadBalancer:
|
||||||
|
servers:
|
||||||
|
- url: "https://127.0.0.1:2"
|
||||||
|
|
||||||
|
# matomo:
|
||||||
|
# loadBalancer:
|
||||||
|
# servers:
|
||||||
|
# - url: "https://x.x.x.x:xxx"
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
Traefik-etc-services-default() {
|
||||||
|
cat >> /etc/traefik/services/_default.yaml << "EOF"
|
||||||
|
http:
|
||||||
|
routers:
|
||||||
|
_default:
|
||||||
|
entryPoints:
|
||||||
|
- http
|
||||||
|
rule: "PathPrefix(`/`)"
|
||||||
|
# priority: 100
|
||||||
|
# service: _default-matomo
|
||||||
|
service: _default
|
||||||
|
|
||||||
|
_default-secure:
|
||||||
|
entryPoints:
|
||||||
|
- https
|
||||||
|
rule: "PathPrefix(`/`)"
|
||||||
|
# priority: 100
|
||||||
|
# service: _default-matomo
|
||||||
|
service: _default
|
||||||
|
tls:
|
||||||
|
acmev2-staging
|
||||||
|
|
||||||
|
services:
|
||||||
|
# _default-matomo:
|
||||||
|
# mirroring:
|
||||||
|
# service: _default
|
||||||
|
# maxBodySize: 1024
|
||||||
|
# mirrors:
|
||||||
|
# - name: matomo
|
||||||
|
# percent: 100
|
||||||
|
|
||||||
|
_default:
|
||||||
|
loadBalancer:
|
||||||
|
servers:
|
||||||
|
- url: https://127.0.0.1:2
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
Traefik-etc-config() {
|
||||||
|
cat >> /etc/traefik/traefik.yaml << "EOF"
|
||||||
|
entryPoints:
|
||||||
|
http:
|
||||||
|
address: ":80"
|
||||||
|
https:
|
||||||
|
address: ":443"
|
||||||
|
traefik:
|
||||||
|
address: ":8099"
|
||||||
|
|
||||||
|
api:
|
||||||
|
dashboard: true
|
||||||
|
insecure: true
|
||||||
|
|
||||||
|
serversTransport:
|
||||||
|
insecureSkipVerify: true
|
||||||
|
|
||||||
|
providers:
|
||||||
|
file:
|
||||||
|
directory: "/etc/traefik/services/"
|
||||||
|
watch: true
|
||||||
|
|
||||||
|
certificatesResolvers:
|
||||||
|
acmev2:
|
||||||
|
acme:
|
||||||
|
email: "X{ACCOUNT}"
|
||||||
|
caserver: "https://acme-v02.api.letsencrypt.org/directory"
|
||||||
|
storage: "/etc/traefik/certs/acmev2.json"
|
||||||
|
keyType: "EC384"
|
||||||
|
tlsChallenge: {}
|
||||||
|
acmev2-staging:
|
||||||
|
acme:
|
||||||
|
email: "X{ACCOUNT}"
|
||||||
|
caserver: "https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||||
|
storage: "/etc/traefik/certs/acmev2-staging.json"
|
||||||
|
keyType: "EC384"
|
||||||
|
tlsChallenge: {}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
sed -i "s/X{ACCOUNT}/${ACCOUNT}/g" /etc/traefik/traefik.yaml
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
Traefik-etc-iptable() {
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8099 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # Traefik' /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
Traefik-bin-update-traefik() {
|
||||||
|
cat >> /usr/local/bin/update-traefik << "EOF"
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [[ -z ${1} ]]; then
|
||||||
|
echo "update-traefik version"
|
||||||
|
echo "version : x.x.x"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
version=${1}
|
||||||
|
mkdir -p /tmp/traefik
|
||||||
|
cd /tmp/traefik
|
||||||
|
wget https://github.com/traefik/traefik/releases/download/v${version}/traefik_v${version}_linux_amd64.tar.gz
|
||||||
|
tar -xf traefik_v${version}_linux_amd64.tar.gz
|
||||||
|
systemctl stop traefik
|
||||||
|
cp traefik /usr/local/bin
|
||||||
|
systemctl start traefik
|
||||||
|
cd
|
||||||
|
rm -R /tmp/traefik
|
||||||
|
EOF
|
||||||
|
chmod 755 /usr/local/bin/update-traefik
|
||||||
|
update-traefik ${RELEASE}
|
||||||
|
}
|
||||||
|
|
||||||
|
Traefik-service() {
|
||||||
|
cat >> /etc/systemd/system/traefik.service << "EOF"
|
||||||
|
[Unit]
|
||||||
|
Description=Traefik
|
||||||
|
After=network.target auditd.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/usr/local/bin/traefik -configFile /etc/traefik/traefik.yaml
|
||||||
|
ExecReload=/bin/killall traefik
|
||||||
|
KillMode=process
|
||||||
|
Restart=on-failure
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
EOF
|
||||||
|
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl enable traefik
|
||||||
|
systemctl restart traefik
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
main
|
17
debian-11/apps/webmin/webmin.sh
Normal file
17
debian-11/apps/webmin/webmin.sh
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
echo "deb https://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list
|
||||||
|
wget https://download.webmin.com/jcameron-key.asc
|
||||||
|
cat jcameron-key.asc | gpg --dearmor >/etc/apt/trusted.gpg.d/jcameron-key.gpg
|
||||||
|
|
||||||
|
apt update
|
||||||
|
apt-get -y install webmin
|
||||||
|
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl start webmin
|
||||||
|
|
||||||
|
if [ -f "/etc/iptables/rules.v4" ]; then
|
||||||
|
sed -i '/^COMMIT.*/i # Webmin' /etc/iptables/rules.v4
|
||||||
|
sed -i '/^COMMIT.*/i -A INPUT -p tcp -m tcp --dport 10000 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
fi
|
11
debian-11/files/alias.sh
Normal file
11
debian-11/files/alias.sh
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
alias ls='ls --color=auto -hl --time-style long-iso'
|
||||||
|
alias l='ls --color=auto -hlA --time-style long-iso'
|
||||||
|
alias ll='ls --color=auto -hla --time-style long-iso'
|
||||||
|
alias cd..='cd ..'
|
||||||
|
alias ff='find / -name'
|
||||||
|
alias f='find . -name'
|
||||||
|
alias fif='grep -rnw . -e'
|
||||||
|
alias grep='grep --color=auto'
|
||||||
|
alias ip='ip -c'
|
||||||
|
alias vdir='vdir --color=auto'
|
||||||
|
alias watch='watch --color'
|
21
debian-11/files/issue
Normal file
21
debian-11/files/issue
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
\v \r \l
|
||||||
|
|
||||||
|
.o oOOOOOOOo OOOo
|
||||||
|
Ob.OOOOOOOo OOOo. oOOo. .adOOOOOOO
|
||||||
|
OboO"""""""""""".OOo. .oOOOOOo. OOOo.oOOOOOo.."""""""""'OO
|
||||||
|
OOP.oOOOOOOOOOOO "POOOOOOOOOOOo. `"OOOOOOOOOP,OOOOOOOOOOOB'
|
||||||
|
`O'OOOO' `OOOOo"OOOOOOOOOOO` .adOOOOOOOOO"oOOO' `OOOOo
|
||||||
|
.OOOO' `OOOOOOOOOOOOOOOOOOOOOOOOOO' `OO
|
||||||
|
OOOOO '"OOOOOOOOOOOOOOOO"` oOO
|
||||||
|
oOOOOOba. .adOOOOOOOOOOba .adOOOOo.
|
||||||
|
oOOOOOOOOOOOOOba. .adOOOOOOOOOO@^OOOOOOOba. .adOOOOOOOOOOOO
|
||||||
|
OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO"` '"OOOOOOOOOOOOO.OOOOOOOOOOOOOO
|
||||||
|
"OOOO" "YOoOOOOMOIONODOO"` . '"OOROAOPOEOOOoOY" "OOO"
|
||||||
|
Y 'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?' :`
|
||||||
|
: .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO? .
|
||||||
|
. oOOP"%OOOOOOOOoOOOOOOO?oOOOOO?OOOO"OOo
|
||||||
|
'%o OOOO"%OOOO%"%OOOOO"OOOOOO"OOO':
|
||||||
|
`$" `OOOO' `O"Y ' `OOOO' o .
|
||||||
|
. . OP" : o .
|
||||||
|
:
|
||||||
|
.
|
5
debian-11/files/ps1.sh
Normal file
5
debian-11/files/ps1.sh
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
clrreset='\e[0m'
|
||||||
|
clrwhite='\e[1;37m'
|
||||||
|
clrgreen='\e[1;32m'
|
||||||
|
clrred='\e[1;31m'
|
||||||
|
export PS1="\[$clrred\][$USER@$HOSTNAME]\[$clrwhite\] \w \`if [ \$? = 0 ]; then echo -e '\[$clrgreen\]'; else echo -e '\[$clrred\]'; fi\`\\$ \[$clrreset\]"
|
13
debian-11/files/rules.v4
Normal file
13
debian-11/files/rules.v4
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
*filter
|
||||||
|
:INPUT DROP [0:0]
|
||||||
|
:FORWARD DROP [0:0]
|
||||||
|
:OUTPUT ACCEPT [0:0]
|
||||||
|
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||||
|
-A INPUT -i lo -j ACCEPT
|
||||||
|
# Ping
|
||||||
|
-A INPUT -p icmp -j ACCEPT
|
||||||
|
# SSH
|
||||||
|
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
|
||||||
|
# SNMPD
|
||||||
|
-A INPUT -p udp -m udp --dport 161 -m state --state NEW -j ACCEPT
|
||||||
|
COMMIT
|
7
debian-11/files/rules.v6
Normal file
7
debian-11/files/rules.v6
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
*filter
|
||||||
|
:INPUT DROP [0:0]
|
||||||
|
:FORWARD DROP [0:0]
|
||||||
|
:OUTPUT ACCEPT [0:0]
|
||||||
|
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||||
|
-A INPUT -i lo -j ACCEPT
|
||||||
|
COMMIT
|
346
debian-11/init.sh
Normal file
346
debian-11/init.sh
Normal file
@ -0,0 +1,346 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
|
||||||
|
declare DIR_URL=debian-11
|
||||||
|
IPV4=127.0.0.1
|
||||||
|
ISLXC=0
|
||||||
|
ISPVE=0
|
||||||
|
|
||||||
|
showHelp() {
|
||||||
|
echo "init.sh"
|
||||||
|
echo ""
|
||||||
|
echo "usage :"
|
||||||
|
echo "bash init.sh [options]"
|
||||||
|
echo " -b | --base-url url"
|
||||||
|
}
|
||||||
|
|
||||||
|
InitConst() {
|
||||||
|
IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
|
||||||
|
|
||||||
|
grep -q -v -a lxc /proc/1/environ
|
||||||
|
ISLXC=$?
|
||||||
|
|
||||||
|
if [[ -d "/etc/pve" ]]; then
|
||||||
|
ISPVE=1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
Main() {
|
||||||
|
InitConst
|
||||||
|
if [[ ${ISLXC} == 0 ]]; then
|
||||||
|
if [[ ${ISPVE} == 0 ]]; then
|
||||||
|
NetSetHostname
|
||||||
|
NetIPConfig
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
APTCleanupLXCPackage
|
||||||
|
fi
|
||||||
|
if [[ ${ISPVE} == 0 ]]; then
|
||||||
|
NetCleanUpSystemdResolved
|
||||||
|
fi
|
||||||
|
APTSetProxy
|
||||||
|
APTUpdateDist
|
||||||
|
APTInstallBase
|
||||||
|
APTCleanAll
|
||||||
|
BashSetAlias
|
||||||
|
BashSetPS
|
||||||
|
NanoSetConfig
|
||||||
|
if [[ ${ISPVE} == 0 ]]; then
|
||||||
|
IssueSetContent
|
||||||
|
fi
|
||||||
|
SSHEnableRootLogin
|
||||||
|
GrubSetConfig
|
||||||
|
if [[ ${ISPVE} == 0 ]]; then
|
||||||
|
InstApps
|
||||||
|
fi
|
||||||
|
Reboot
|
||||||
|
}
|
||||||
|
|
||||||
|
NetSetHostname() {
|
||||||
|
hostname=$(hostname)
|
||||||
|
hostname=$(whiptail --title "Hostname + Domain" --inputbox "" 0 30 "${hostname}" 3>&1 1>&2 2>&3)
|
||||||
|
if [ "$?" = "0" ] && [ "${hostname}" != "" ]; then
|
||||||
|
hostnamectl set-hostname "${hostname}"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
NetIPConfig() {
|
||||||
|
options=()
|
||||||
|
options+=("DHCP" "")
|
||||||
|
options+=("Static" "")
|
||||||
|
sel=$(whiptail --title "Network" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
|
||||||
|
if [ "$?" = "0" ]; then
|
||||||
|
case ${sel} in
|
||||||
|
"Static") NetIPConfigStatic;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
NetIPConfigStatic() {
|
||||||
|
netif="$(ip a | grep ens | head -n1 | cut -d: -f2)"
|
||||||
|
netif=${netif:1}
|
||||||
|
netip="${IPV4}"
|
||||||
|
netmask="255.255.255.0"
|
||||||
|
netgw="$(echo "${IPV4}" | cut -d. -f1-3).1"
|
||||||
|
netdns="$(echo "${IPV4}" | cut -d. -f1-3).1"
|
||||||
|
netip=$(whiptail --title "Network" --inputbox "IP" 0 30 "${netip}" 3>&1 1>&2 2>&3)
|
||||||
|
if [ "$?" = "0" ] && [ "${netip}" != "" ]; then
|
||||||
|
netmask=$(whiptail --title "Network" --inputbox "Mask" 0 30 "${netmask}" 3>&1 1>&2 2>&3)
|
||||||
|
if [ "$?" = "0" ] && [ "${netmask}" != "" ]; then
|
||||||
|
netgw=$(whiptail --title "Network" --inputbox "Route" 0 30 "${netgw}" 3>&1 1>&2 2>&3)
|
||||||
|
if [ "$?" = "0" ] && [ "${netgw}" != "" ]; then
|
||||||
|
netdns=$(whiptail --title "Network" --inputbox "DNS" 0 30 "${netdns}" 3>&1 1>&2 2>&3)
|
||||||
|
if [ "$?" = "0" ] && [ "${netdns}" != "" ]; then
|
||||||
|
echo "allow-hotplug ${netif}" > /etc/network/interfaces.d/${netif}
|
||||||
|
echo "iface ${netif} inet static" >> /etc/network/interfaces.d/${netif}
|
||||||
|
echo -e "\taddress ${netip}" >> /etc/network/interfaces.d/${netif}
|
||||||
|
echo -e "\tnetmask ${netmask}" >> /etc/network/interfaces.d/${netif}
|
||||||
|
echo -e "\tgateway ${netgw}" >> /etc/network/interfaces.d/${netif}
|
||||||
|
sed -i "/${netif}/d" /etc/network/interfaces
|
||||||
|
echo "nameserver ${netdns}" > /etc/resolv.conf
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
NetCleanUpSystemdResolved() {
|
||||||
|
sed -i s/#LLMNR=yes/LLMNR=no/ /etc/systemd/resolved.conf
|
||||||
|
sed -i s/#DNSStubListener=yes/DNSStubListener=no/ /etc/systemd/resolved.conf
|
||||||
|
systemctl restart systemd-resolved
|
||||||
|
}
|
||||||
|
|
||||||
|
APTSetProxy() {
|
||||||
|
proxy=""
|
||||||
|
proxy=$(whiptail --title "Proxy" --inputbox "ex : http://192.168.1.200/ or leave empty for none" 0 30 "${proxy}" 3>&1 1>&2 2>&3)
|
||||||
|
if [ "$?" = "0" ]; then
|
||||||
|
if [ "${proxy}" != "" ]; then
|
||||||
|
echo "Acquire::http { Proxy \"${proxy}\"; };" > /etc/apt/apt.conf.d/02proxy
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
APTCleanupLXCPackage() {
|
||||||
|
apt remove -y bind9-host debian-faq doc-debian postfix x11-common fontconfig-config fonts-dejavu-core gdbm-l10n python-apt-common
|
||||||
|
}
|
||||||
|
APTUpdateDist() {
|
||||||
|
apt update -y
|
||||||
|
apt dist-upgrade -y
|
||||||
|
}
|
||||||
|
APTInstallBase() {
|
||||||
|
options=()
|
||||||
|
options+=("curl" "" on)
|
||||||
|
options+=("wget" "" on)
|
||||||
|
options+=("lsof" "" on)
|
||||||
|
options+=("acpi" "" on)
|
||||||
|
options+=("bash-completion" "" on)
|
||||||
|
if [[ ${ISPVE} == 0 ]]; then
|
||||||
|
options+=("iptables" "" on)
|
||||||
|
options+=("iptables-persistent" "" on)
|
||||||
|
else
|
||||||
|
options+=("iptables" "" off)
|
||||||
|
options+=("iptables-persistent" "" off)
|
||||||
|
fi
|
||||||
|
options+=("openssh-server" "" on)
|
||||||
|
options+=("gnupg" "" on)
|
||||||
|
options+=("rsync" "" on)
|
||||||
|
options+=("nmon" "" on)
|
||||||
|
options+=("snmpd" "" on)
|
||||||
|
options+=("clevis-net" "" off)
|
||||||
|
sel=$(whiptail --title "Basic Install" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
|
||||||
|
if [ "$?" = "0" ]; then
|
||||||
|
pkg=""
|
||||||
|
for itm in ${sel}; do
|
||||||
|
case ${itm} in
|
||||||
|
'"iptables-persistent"')
|
||||||
|
pkg="${pkg} $(echo ${itm} | sed 's/"//g')"
|
||||||
|
IPTablesPostInstall;;
|
||||||
|
'"clevis-net"')
|
||||||
|
pkg="${pkg} clevis clevis-luks clevis-systemd clevis-initramfs clevis-tpm2";;
|
||||||
|
*)
|
||||||
|
pkg="${pkg} $(echo ${itm} | sed 's/"//g')";;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
apt install -y ${pkg}
|
||||||
|
for itm in ${sel}; do
|
||||||
|
case ${itm} in
|
||||||
|
'"iptables-persistent"')
|
||||||
|
IPTablesConfig;;
|
||||||
|
'"snmpd"')
|
||||||
|
SNMPDConfig;;
|
||||||
|
'"clevis-net"')
|
||||||
|
ClevisNetInit;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
APTCleanAll() {
|
||||||
|
apt-get autoremove -y
|
||||||
|
apt-get autoclean -y
|
||||||
|
}
|
||||||
|
|
||||||
|
BashSetAlias() {
|
||||||
|
wget -O /etc/profile.d/alias.sh "${BASE_URL}"/"${DIR_URL}"/files/alias.sh
|
||||||
|
}
|
||||||
|
BashSetPS() {
|
||||||
|
wget -O /etc/profile.d/ps1.sh "${BASE_URL}"/"${DIR_URL}"/files/ps1.sh
|
||||||
|
}
|
||||||
|
|
||||||
|
NanoSetConfig() {
|
||||||
|
sed -i "/tabsize/c\set tabsize 2" /etc/nanorc
|
||||||
|
{
|
||||||
|
echo "set numbercolor brightwhite"
|
||||||
|
echo "set statuscolor brightwhite,green"
|
||||||
|
echo "set keycolor cyan"
|
||||||
|
echo "set functioncolor green"
|
||||||
|
} >> /etc/nanorc
|
||||||
|
{
|
||||||
|
echo "set titlecolor brightwhite,red"
|
||||||
|
echo "set statuscolor brightwhite,red"
|
||||||
|
} > /root/.nanorc
|
||||||
|
}
|
||||||
|
|
||||||
|
IssueSetContent() {
|
||||||
|
wget -O /etc/issue "${BASE_URL}"/"${DIR_URL}"/files/issue
|
||||||
|
}
|
||||||
|
|
||||||
|
IPTablesPostInstall() {
|
||||||
|
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
|
||||||
|
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
|
||||||
|
}
|
||||||
|
IPTablesConfig() {
|
||||||
|
wget -O /etc/iptables/rules.v4 "${BASE_URL}"/"${DIR_URL}"/files/rules.v4
|
||||||
|
wget -O /etc/iptables/rules.v6 "${BASE_URL}"/"${DIR_URL}"/files/rules.v6
|
||||||
|
iptables-restore /etc/iptables/rules.v4
|
||||||
|
ip6tables-restore /etc/iptables/rules.v6
|
||||||
|
}
|
||||||
|
|
||||||
|
SNMPDConfig() {
|
||||||
|
cummunityname=public
|
||||||
|
cummunityname=$(whiptail --title "SNMP Community name" --inputbox "" 0 30 "${cummunityname}" 3>&1 1>&2 2>&3)
|
||||||
|
sed -i "s/public/${cummunityname}/" /etc/snmp/snmpd.conf
|
||||||
|
sed -i "s/127.0.0.1,\[::1\]/0.0.0.0/" /etc/snmp/snmpd.conf
|
||||||
|
systemctl restart snmpd
|
||||||
|
}
|
||||||
|
|
||||||
|
ClevisNetInit() {
|
||||||
|
LUKSPARTS=$(lsblk -p -l --fs |grep LUKS |cut -d " " -f1)
|
||||||
|
options=()
|
||||||
|
IFS_ORIG=$IFS
|
||||||
|
IFS=$'\n'
|
||||||
|
for LUKSPART in ${LUKSPARTS}
|
||||||
|
do
|
||||||
|
options+=("${LUKSPART}" "")
|
||||||
|
done
|
||||||
|
IFS=$IFS_ORIG
|
||||||
|
DEV=$(whiptail --title "Select root LUKS part" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
|
||||||
|
# shellcheck disable=SC2181
|
||||||
|
if [ "$?" = "0" ]; then
|
||||||
|
TANGURL=$(whiptail --title "Tang Server" --inputbox "URL" 0 30 "" 3>&1 1>&2 2>&3)
|
||||||
|
if [ "$?" = "0" ]; then
|
||||||
|
clevis luks bind -d ${DEV} tang "{\"url\": \"${TANGURL}\"}"
|
||||||
|
systemctl enable clevis-luks-askpass.path
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
SSHEnableRootLogin() {
|
||||||
|
sed -i "/PermitRootLogin prohibit-password/c\PermitRootLogin yes #prohibit-password" /etc/ssh/sshd_config
|
||||||
|
systemctl restart sshd
|
||||||
|
}
|
||||||
|
|
||||||
|
GrubSetConfig() {
|
||||||
|
if [ -f "/etc/default/grub" ]; then
|
||||||
|
sed -i "/GRUB_TIMEOUT/c\GRUB_TIMEOUT=1" /etc/default/grub
|
||||||
|
update-grub
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
InstApps() {
|
||||||
|
options=()
|
||||||
|
options+=("nodejs-18" "" off)
|
||||||
|
options+=("nodejs-19" "" off)
|
||||||
|
options+=("nodejs-20" "" off)
|
||||||
|
options+=("mongodb-6.0" "" off)
|
||||||
|
options+=("traefik" "" off)
|
||||||
|
options+=("apt-cacher-ng" "" off)
|
||||||
|
options+=("matomo" "" off)
|
||||||
|
options+=("nextcloud-26" "" off)
|
||||||
|
options+=("nextcloud-25" "" off)
|
||||||
|
options+=("proxmox-7" "" off)
|
||||||
|
if [[ ${ISLXC} == 0 ]]; then
|
||||||
|
options+=("docker" "" off)
|
||||||
|
options+=("portainer" "" off)
|
||||||
|
fi
|
||||||
|
options+=("misc-apps" "..." off)
|
||||||
|
options+=("archived-apps" "..." off)
|
||||||
|
SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
|
||||||
|
# shellcheck disable=SC2181
|
||||||
|
if [ "$?" = "0" ]; then
|
||||||
|
for ITM in ${SEL}; do
|
||||||
|
case ${ITM//\"/} in
|
||||||
|
misc-apps)
|
||||||
|
InstMiscApps;;
|
||||||
|
archived-apps)
|
||||||
|
InstArchivedApps;;
|
||||||
|
*)
|
||||||
|
cd /tmp || exit
|
||||||
|
wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
|
||||||
|
bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}";;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
InstMiscApps() {
|
||||||
|
options=()
|
||||||
|
options+=("bind9" "" off)
|
||||||
|
options+=("iperf3" "" off)
|
||||||
|
options+=("webmin" "" off)
|
||||||
|
options+=("tang" "" off)
|
||||||
|
options+=("rinetd" "" off)
|
||||||
|
options+=("tor-gw" "" off)
|
||||||
|
options+=("nextcloud-latest" "unsafe" off)
|
||||||
|
SEL=$(whiptail --title "Misc Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
|
||||||
|
# shellcheck disable=SC2181
|
||||||
|
if [ "$?" = "0" ]; then
|
||||||
|
for ITM in ${SEL}; do
|
||||||
|
cd /tmp || exit
|
||||||
|
wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
|
||||||
|
bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
InstArchivedApps() {
|
||||||
|
options=()
|
||||||
|
options+=("mongodb-5.0" "" off)
|
||||||
|
options+=("mongodb-4.4" "" off)
|
||||||
|
options+=("nodejs-16" "" off)
|
||||||
|
options+=("nodejs-14" "" off)
|
||||||
|
options+=("nextcloud-24" "" off)
|
||||||
|
options+=("nextcloud-23" "" off)
|
||||||
|
options+=("nagios" "" off)
|
||||||
|
options+=("nagios-pnp4" "pnp4nagios" off)
|
||||||
|
options+=("dokuwiki" "" off)
|
||||||
|
options+=("xwiki" "" off)
|
||||||
|
SEL=$(whiptail --title "Archived Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
|
||||||
|
# shellcheck disable=SC2181
|
||||||
|
if [ "$?" = "0" ]; then
|
||||||
|
for ITM in ${SEL}; do
|
||||||
|
cd /tmp || exit
|
||||||
|
wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
|
||||||
|
bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
Reboot() {
|
||||||
|
if whiptail --yesno "Reboot ?" 0 0 3>&1 1>&2 2>&3; then
|
||||||
|
reboot
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
while [ ${#} -gt 0 ]; do
|
||||||
|
case ${1} in
|
||||||
|
--help) showHelp; exit 0;;
|
||||||
|
-b | --base-url) BASE_URL="${2}"; shift;;
|
||||||
|
*) shift;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
Main
|
@ -243,6 +243,7 @@ ClevisNetInit() {
|
|||||||
done
|
done
|
||||||
IFS=$IFS_ORIG
|
IFS=$IFS_ORIG
|
||||||
DEV=$(whiptail --title "Select root LUKS part" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
|
DEV=$(whiptail --title "Select root LUKS part" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" = "0" ]; then
|
if [ "$?" = "0" ]; then
|
||||||
TANGURL=$(whiptail --title "Tang Server" --inputbox "URL" 0 30 "" 3>&1 1>&2 2>&3)
|
TANGURL=$(whiptail --title "Tang Server" --inputbox "URL" 0 30 "" 3>&1 1>&2 2>&3)
|
||||||
if [ "$?" = "0" ]; then
|
if [ "$?" = "0" ]; then
|
||||||
@ -341,4 +342,12 @@ Reboot() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
while [ ${#} -gt 0 ]; do
|
||||||
|
case ${1} in
|
||||||
|
--help) showHelp; exit 0;;
|
||||||
|
-b | --base-url) BASE_URL="${2}"; shift;;
|
||||||
|
*) shift;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
Main
|
Main
|
||||||
|
Loading…
Reference in New Issue
Block a user