Compare commits
No commits in common. "main" and "main" have entirely different histories.
|
@ -1,6 +0,0 @@
|
||||||
FROM debian
|
|
||||||
|
|
||||||
RUN apt update
|
|
||||||
RUN apt install -y git
|
|
||||||
RUN apt install -y gpg
|
|
||||||
RUN apt install -y vim
|
|
27
README.md
27
README.md
|
@ -14,16 +14,12 @@ cd server_config
|
||||||
# Decrypt secrets
|
# Decrypt secrets
|
||||||
gpg -d .env.gpg > .env
|
gpg -d .env.gpg > .env
|
||||||
|
|
||||||
# Switch to sudo
|
|
||||||
sudo su
|
|
||||||
|
|
||||||
# Allow execute scripts
|
# Allow execute scripts
|
||||||
chmod +x ./install.sh
|
sudo chmod +x ./install.sh
|
||||||
chmod +x ./deploy.sh
|
sudo chmod +x ./deploy.sh
|
||||||
|
|
||||||
# Install and deploy services
|
# Install and deploy services
|
||||||
./install.sh --all | tee install.log && \
|
sudo ./install.sh --all && sudo ./deploy.sh --all
|
||||||
./deploy.sh --all | tee deploy.log
|
|
||||||
```
|
```
|
||||||
|
|
||||||
> [!WARNING]
|
> [!WARNING]
|
||||||
|
@ -77,20 +73,3 @@ sudo (bash|sh|zsh) ./deploy.sh [SERVICES...]
|
||||||
```sh
|
```sh
|
||||||
sudo ./deploy.sh -a
|
sudo ./deploy.sh -a
|
||||||
```
|
```
|
||||||
|
|
||||||
## Tests
|
|
||||||
|
|
||||||
Pour tester la config avant déploiement un [`Dockerfile`]('./Dockerfile') est
|
|
||||||
disponible. Le helper [`test_scripts.sh`](./test_scripts.sh) build et lance le
|
|
||||||
conteneur (shell: `bash`, point d'entrée: `/`).
|
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
>
|
|
||||||
> Le helper utilise `docker`, pour utiliser `podman` vous pouvez taper
|
|
||||||
> `docker="podman" bash ./test_scripts.sh`.
|
|
||||||
|
|
||||||
## Ajout de service
|
|
||||||
|
|
||||||
S'il y a le besoin de rajouter des services, il faudra penser à ajouter leurs
|
|
||||||
configurations dans le projet ainsi que les liens vers leurs installations dans
|
|
||||||
le script d'installation.
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Install nala
|
# Install nala
|
||||||
apt update
|
apt update
|
||||||
apt upgrade -y
|
apt upgrade -y
|
||||||
apt install -y nala # Good front-end for "apt-*" cli
|
apt install -y nala
|
||||||
|
|
||||||
# Install base utilities
|
# Install base utilities
|
||||||
echo "[server_config] > Installing required utilities (base)"
|
echo "[server_config] > Installing required utilities (base)"
|
||||||
|
@ -19,10 +19,6 @@ nala install -y \
|
||||||
lsb-release \
|
lsb-release \
|
||||||
nmap \
|
nmap \
|
||||||
xxd \
|
xxd \
|
||||||
inxi \
|
|
||||||
# nmap (network viewer/utility)
|
|
||||||
# xxd (bin to hexa etc...)
|
|
||||||
# inxi (system/hardware config viewer)
|
|
||||||
|
|
||||||
# Install comfort utilities
|
# Install comfort utilities
|
||||||
echo "[server_config] > Installing required utilities (comfort)"
|
echo "[server_config] > Installing required utilities (comfort)"
|
||||||
|
@ -32,15 +28,9 @@ nala install -y \
|
||||||
fzf \
|
fzf \
|
||||||
tmux \
|
tmux \
|
||||||
tmate \
|
tmate \
|
||||||
# bat (better cat)
|
|
||||||
# btop (TUI htop alternative)
|
|
||||||
# fzf (fuzzy finder)
|
|
||||||
# tmux (terminal multiplexer)
|
|
||||||
# tmate (tmux over ssh)
|
|
||||||
|
|
||||||
# Install zoxide through webinstall (see zoxide install instruction on debian)
|
# Install zoxide through webinstall (see zoxide install instruction on debian)
|
||||||
curl -sS https://webi.sh/zoxide | sh
|
curl -sS https://webi.sh/zoxide | sh
|
||||||
# zoxide (smartter cd)
|
|
||||||
|
|
||||||
# Install really necessary utilities
|
# Install really necessary utilities
|
||||||
echo "[server_config] > Installing required utilities (really necessary)"
|
echo "[server_config] > Installing required utilities (really necessary)"
|
||||||
|
@ -51,4 +41,5 @@ nala install -y \
|
||||||
|
|
||||||
# Install useful deb installer
|
# Install useful deb installer
|
||||||
echo "[server_config] > Installing required utilites (useful .deb installer)"
|
echo "[server_config] > Installing required utilites (useful .deb installer)"
|
||||||
|
nala install -y lsb-release
|
||||||
curl -sL https://raw.githubusercontent.com/wimpysworld/deb-get/main/deb-get | bash -s install deb-get
|
curl -sL https://raw.githubusercontent.com/wimpysworld/deb-get/main/deb-get | bash -s install deb-get
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
# Setup caddy config
|
# Setup caddy config
|
||||||
mkdir -p /etc/caddy
|
mkdir -p /etc/caddy
|
||||||
cp -a ./caddy/caddy/. /etc/caddy/
|
cp -a ./caddy/caddy/. /etc/caddy/
|
||||||
# Set directory owner
|
|
||||||
chown -R caddy:caddy /etc/caddy
|
|
||||||
|
|
||||||
# Setup caddy service
|
# Setup caddy service
|
||||||
cp ./caddy/systemd/caddy.service /etc/systemd/system
|
cp ./caddy/systemd/caddy.service /etc/systemd/system
|
||||||
|
|
|
@ -2,9 +2,6 @@
|
||||||
echo "[server_config] > Writting secrets to source files"
|
echo "[server_config] > Writting secrets to source files"
|
||||||
source ./load_secrets.sh
|
source ./load_secrets.sh
|
||||||
|
|
||||||
# Make sure default owner of config files is root
|
|
||||||
chown -R root:root .
|
|
||||||
|
|
||||||
# Deploy services
|
# Deploy services
|
||||||
APPS=$@
|
APPS=$@
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,3 @@
|
||||||
# Fail2Ban
|
# Fail2Ban
|
||||||
|
|
||||||
Prison pour bots. Gardien des connection ssh.
|
Prison pour bots. Gardien des connection ssh.
|
||||||
|
|
||||||
## Configuration
|
|
||||||
|
|
||||||
/etc/fail2ban/
|
|
||||||
|
|
||||||
## Plus d'informations
|
|
||||||
|
|
||||||
https://github.com/fail2ban/fail2ban
|
|
||||||
|
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
# Fastfetch c'est quoi ?
|
|
||||||
Fastfetch est un outil similaire à neofetch permettant de récupérer les informations systèmes et de les afficher agréablement à son utilisateur. Il est écrit principalement en C avec comme intention principale la performance et la personnalisation.
|
|
||||||
|
|
||||||
## Emplacements
|
|
||||||
~/. config/fastfetch/config.jsonc
|
|
||||||
|
|
||||||
## Plus d'informations
|
|
||||||
https://github.com/fastfetch-cli/fastfetch
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Setup forgejo config
|
# Setup forgejo config
|
||||||
cp -a ./forgejo/forgejo/. /etc/forgejo/
|
cp -a ./forgejo/forgejo/. /etc/forgejo/
|
||||||
chown -R forgejo:forgejo /etc/forgejo && chmod -R a-rwx,ug+r /etc/forgejo
|
chown -R root:forgejo /etc/forgejo && chmod -R 540 /etc/forgejo
|
||||||
|
|
||||||
# Setup forgejo service
|
# Setup forgejo service
|
||||||
cp ./forgejo/systemd/forgejo.service /etc/systemd/system
|
cp ./forgejo/systemd/forgejo.service /etc/systemd/system
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
# Git
|
|
||||||
|
|
||||||
Git est un logiciel de gestion de versions décentralisé. C'est un logiciel libre et gratuit, créé en 2005 par Linus Torvalds, auteur du noyau Linux, et distribué selon les termes de la licence publique générale GNU version 2.
|
|
||||||
|
|
||||||
## Configuration
|
|
||||||
|
|
||||||
/etc/gitconfig
|
|
||||||
|
|
||||||
## Plus d'informations
|
|
||||||
|
|
||||||
https://github.com/git/git
|
|
||||||
|
|
|
@ -2,9 +2,6 @@
|
||||||
echo "[server_config] > Installing required utilities"
|
echo "[server_config] > Installing required utilities"
|
||||||
source ./_requirements.sh
|
source ./_requirements.sh
|
||||||
|
|
||||||
# Make sure default owner of config files is root
|
|
||||||
chown -R root:root .
|
|
||||||
|
|
||||||
# Install services
|
# Install services
|
||||||
APPS=$@
|
APPS=$@
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,3 @@
|
||||||
# Configuration des `iptables`
|
# Configuration des `iptables`
|
||||||
|
|
||||||
Règles de parfeux/routage du serveur cohabit.
|
Règles de parfeux/routage du serveur cohabit.
|
||||||
|
|
||||||
## Configuration
|
|
||||||
|
|
||||||
iptables -S
|
|
||||||
|
|
||||||
## Plus d'informations
|
|
||||||
|
|
||||||
man iptables ou https://doc.ubuntu-fr.org/iptables
|
|
||||||
|
|
||||||
|
|
|
@ -17,12 +17,7 @@ else
|
||||||
--comment "Deno js engine" \
|
--comment "Deno js engine" \
|
||||||
deno
|
deno
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Remove old files if exists
|
|
||||||
rm -rf /srv/portfolio
|
|
||||||
# Create fs tree is missing
|
|
||||||
mkdir -p /srv/portfolio
|
|
||||||
# Set directory owner
|
|
||||||
chown -R deno:deno /srv/portfolio
|
|
||||||
# Clone website repo
|
# Clone website repo
|
||||||
|
mkdir -p /srv/portfolio
|
||||||
git clone -b main --depth 1 https://git.cohabit.fr/cohabit/portfolio_server.git /srv/portfolio
|
git clone -b main --depth 1 https://git.cohabit.fr/cohabit/portfolio_server.git /srv/portfolio
|
||||||
|
|
|
@ -1,11 +1,3 @@
|
||||||
# SSHD
|
# SSHD
|
||||||
|
|
||||||
Démon SSH de cohabit.
|
Démon SSH de cohabit.
|
||||||
|
|
||||||
## Configuration
|
|
||||||
/etc/ssh/sshd_config
|
|
||||||
|
|
||||||
## Plus d'informations
|
|
||||||
https://fr.wikipedia.org/wiki/SSHD
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
# Build or update container image
|
|
||||||
docker built -t cohabit_server_config_test .
|
|
||||||
|
|
||||||
# Run image in bash mode
|
|
||||||
docker run --rm -it cohabit_server_config_test bash
|
|
|
@ -1,6 +1,5 @@
|
||||||
# Install or upgrade vim
|
# Install or upgrade caddy
|
||||||
nala install -y vim
|
nala install -y caddy
|
||||||
|
|
||||||
# Install or upgrade vundle
|
# Install or upgrade vundle
|
||||||
rm -rf /root/.vim/bundle/Vundle.vim
|
|
||||||
git clone https://github.com/VundleVim/Vundle.vim.git /root/.vim/bundle/Vundle.vim
|
git clone https://github.com/VundleVim/Vundle.vim.git /root/.vim/bundle/Vundle.vim
|
||||||
|
|
|
@ -26,9 +26,6 @@ Plugin 'junegunn/fzf.vim'
|
||||||
call vundle#end() " required
|
call vundle#end() " required
|
||||||
filetype plugin indent on " required
|
filetype plugin indent on " required
|
||||||
|
|
||||||
" Sudo write (écrire un fichier en sudo si ouvert en user)
|
|
||||||
command W :execute ':silent w !sudo tee % > /dev/null' | :edit!
|
|
||||||
|
|
||||||
" Active les raccourcis clavier pour fzf
|
" Active les raccourcis clavier pour fzf
|
||||||
nnoremap <C-p> :FZF<CR>
|
nnoremap <C-p> :FZF<CR>
|
||||||
nnoremap <S-f> :Rg<CR>
|
nnoremap <S-f> :Rg<CR>
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
# Setup website service
|
|
||||||
cp ./website/systemd/website.service /etc/systemd/system
|
|
||||||
|
|
||||||
# Pull website sources
|
# Pull website sources
|
||||||
cd /srv/www
|
cd /srv/www
|
||||||
git pull origin main
|
git pull origin main
|
||||||
|
|
||||||
|
# Setup website service
|
||||||
|
cp /srv/www/website.service /etc/systemd/system
|
||||||
|
|
||||||
# Start website
|
# Start website
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
systemctl enable website
|
systemctl enable website
|
||||||
|
|
|
@ -17,12 +17,7 @@ else
|
||||||
--comment "Deno js engine" \
|
--comment "Deno js engine" \
|
||||||
deno
|
deno
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Remove old existing files
|
|
||||||
rm -rf /srv/www
|
|
||||||
# Create fs structure
|
|
||||||
mkdir -p /srv/www
|
|
||||||
# Set directory owner
|
|
||||||
chown -R deno:deno /srv/www
|
|
||||||
# Clone website repo
|
# Clone website repo
|
||||||
|
mkdir -p /srv/www
|
||||||
git clone -b main --depth 1 https://git.cohabit.fr/cohabit/website.git /srv/www
|
git clone -b main --depth 1 https://git.cohabit.fr/cohabit/website.git /srv/www
|
||||||
|
|
|
@ -1,17 +0,0 @@
|
||||||
[Unit]
|
|
||||||
Description=Website Deno 1.1.1 service
|
|
||||||
Documentation=http://deno.land
|
|
||||||
Wants=network-online.target
|
|
||||||
After=network-online.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=simple
|
|
||||||
User=deno
|
|
||||||
WorkingDirectory=/srv/www
|
|
||||||
ExecStartPre=/usr/local/bin/deno task build
|
|
||||||
Environment=PORT=6060
|
|
||||||
ExecStart=/usr/local/bin/deno task serve
|
|
||||||
Restart=on-failure
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
|
@ -3,11 +3,7 @@ cp -a ./zsh/zsh/. /root
|
||||||
chsh -s /usr/bin/zsh
|
chsh -s /usr/bin/zsh
|
||||||
|
|
||||||
# Install zsh-autosuggestions plugin
|
# Install zsh-autosuggestions plugin
|
||||||
PATH=${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
|
git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
|
||||||
/usr/bin/rm -rf $PATH
|
|
||||||
/usr/bin/git clone https://github.com/zsh-users/zsh-autosuggestions $PATH
|
|
||||||
|
|
||||||
# Install zsh-syntax-highlighting
|
# Install zsh-syntax-highlighting
|
||||||
PATH=${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting
|
git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting
|
||||||
/usr/bin/rm -rf $PATH
|
|
||||||
/usr/bin/git clone https://github.com/zsh-users/zsh-syntax-highlighting $PATH
|
|
||||||
|
|
|
@ -12,4 +12,4 @@ fi
|
||||||
nala install -y zsh eza
|
nala install -y zsh eza
|
||||||
|
|
||||||
# Check if Oh-My-ZSH already installed
|
# Check if Oh-My-ZSH already installed
|
||||||
test -d /root/.oh-my-zsh/ || sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended
|
which omz &> /dev/null || sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended
|
||||||
|
|
|
@ -8,8 +8,6 @@ case $- in
|
||||||
*) return;;
|
*) return;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
PATH=$PATH:/usr/games
|
|
||||||
|
|
||||||
# don't put duplicate lines or lines starting with space in the history.
|
# don't put duplicate lines or lines starting with space in the history.
|
||||||
# See bash(1) for more options
|
# See bash(1) for more options
|
||||||
HISTCONTROL=ignoreboth
|
HISTCONTROL=ignoreboth
|
||||||
|
|
|
@ -6,12 +6,6 @@ autoload -Uz compinit
|
||||||
compinit
|
compinit
|
||||||
# End of lines added by compinstall
|
# End of lines added by compinstall
|
||||||
|
|
||||||
################################
|
|
||||||
# Update path
|
|
||||||
################################
|
|
||||||
|
|
||||||
PATH=$PATH:/usr/games
|
|
||||||
|
|
||||||
################################
|
################################
|
||||||
# Webinstall.dev install
|
# Webinstall.dev install
|
||||||
################################
|
################################
|
||||||
|
|
Loading…
Reference in a new issue