Compare commits

...

35 commits
main ... main

Author SHA1 Message Date
Julien Oculi 3942706da5 fix(forgejo/deploy): update owner and permissions of config files 2024-07-17 17:01:59 +02:00
Julien Oculi 78e02a6452 fix: ensure owner of installed/deployed files are root or targeted service 2024-07-17 16:18:12 +02:00
Julien Oculi f3a1437a62 fix(zsh): missing path update in .zshrc 2024-07-17 16:04:34 +02:00
Julien Oculi 59b91cc04e revert(f61bdbb): reuse deb-get classic install 2024-07-11 15:55:51 +02:00
Julien Oculi 0aa7787ced fix(zsh/install): test if directory exists instead of which omz 2024-07-11 15:41:23 +02:00
Julien Oculi 364183b7f9 fix(zsh/config): missing /usr/games in $PATH 2024-07-11 15:34:22 +02:00
Julien Oculi 65eb50f72e doc(README): update general use example 2024-07-11 15:09:30 +02:00
Julien Oculi 1b38e01784 fix(zsh/deploy): use absolute path for cmd due to unknown broken $PATH 2024-07-11 14:59:58 +02:00
Julien Oculi 807917338e fix: remove base dir and not only files before git clone 2024-07-11 14:31:47 +02:00
Julien Oculi cf998be24c fix(website/install): remove old files before git clone 2024-07-11 14:28:23 +02:00
Julien Oculi f8295b6045 fix(requirements): missing $@ in deb-get invoke script 2024-07-11 14:23:28 +02:00
Julien Oculi 86896228b0 fix(requirements): missing -e in echo cmd 2024-07-11 14:15:29 +02:00
Julien Oculi 671779aac3 fix(vim/install): typo in vim install cmd 2024-07-11 14:14:34 +02:00
Julien Oculi f61bdbb50a fix(requirements): temp path for broken deb-get install 2024-07-11 13:43:10 +02:00
Julien Oculi 9ac5cc0de0 fix(zsh/deploy): clean plugins directories before cloning them 2024-07-11 12:59:19 +02:00
Julien Oculi 42f25ece18 fix(vim/install): remove old vundle sources before git clone 2024-07-11 12:47:42 +02:00
Julien Oculi 67f80dca18 fix(portfolio_server): remove old files before cloning sources 2024-07-11 12:44:33 +02:00
Julien Oculi 142064f9fc refactor: remove requirement duplicated install 2024-06-17 10:46:44 +02:00
Julien Oculi d6ded7deee doc: add descriptions to some requirements cli 2024-06-17 10:45:52 +02:00
Julien Oculi c267db48e8 feat: add inxi system config viewer to requirements 2024-06-17 10:24:17 +02:00
Julien Oculi 80f608e6f1 fix(website): use relative path cmd before cd 2024-06-06 16:07:33 +02:00
Julien Oculi e0f7c68e3c refactor: move website service from website repo to server_config 2024-06-06 15:58:35 +02:00
Julien Oculi 7c452507fe build: add test scripts for manual debugging 2024-06-06 15:46:50 +02:00
julien.oculi 6dd94237f8 Merge pull request 'doc: update main readme infos' (#8) from leo.comeres/server_config:main into main
Reviewed-on: cohabit/server_config#8
2024-06-06 15:35:07 +02:00
leo.comeres d54663a25a Update README.md 2024-06-06 15:27:40 +02:00
leo.comeres 3280e30c7f Update README.md 2024-06-06 15:24:25 +02:00
julien.oculi f38a467247 Merge pull request 'doc: add and update readme of several services' (#7) from leo.comeres/server_config:main into main
Reviewed-on: cohabit/server_config#7
2024-06-06 15:22:09 +02:00
leo.comeres 9e16b7e7fb Update sshd/README.md 2024-06-06 14:58:36 +02:00
leo.comeres eb9b51691b Update sshd/README.md 2024-06-06 14:57:02 +02:00
leo.comeres e4038f2734 Add git/README.md 2024-06-06 14:52:57 +02:00
leo.comeres a46992a22d Update iptables/README.md 2024-06-06 14:48:19 +02:00
leo.comeres aed20e6267 Update fail2ban/README.md 2024-06-06 14:41:02 +02:00
julien.oculi a5d177fabe Merge pull request 'Add fastfetch/README.md' (#6) from leo.comeres/server_config:main into main
Reviewed-on: cohabit/server_config#6
2024-06-06 14:22:03 +02:00
leo.comeres 23334c686d Add fastfetch/README.md 2024-06-06 14:14:40 +02:00
Julien Oculi bb76bd82c5 feat(vim): add :W command to "write as sudo" if opened as user 2024-06-06 13:23:47 +02:00
23 changed files with 157 additions and 18 deletions

6
Dockerfile Normal file
View file

@ -0,0 +1,6 @@
FROM debian
RUN apt update
RUN apt install -y git
RUN apt install -y gpg
RUN apt install -y vim

View file

@ -14,12 +14,16 @@ cd server_config
# Decrypt secrets # Decrypt secrets
gpg -d .env.gpg > .env gpg -d .env.gpg > .env
# Switch to sudo
sudo su
# Allow execute scripts # Allow execute scripts
sudo chmod +x ./install.sh chmod +x ./install.sh
sudo chmod +x ./deploy.sh chmod +x ./deploy.sh
# Install and deploy services # Install and deploy services
sudo ./install.sh --all && sudo ./deploy.sh --all ./install.sh --all | tee install.log && \
./deploy.sh --all | tee deploy.log
``` ```
> [!WARNING] > [!WARNING]
@ -73,3 +77,20 @@ sudo (bash|sh|zsh) ./deploy.sh [SERVICES...]
```sh ```sh
sudo ./deploy.sh -a sudo ./deploy.sh -a
``` ```
## Tests
Pour tester la config avant déploiement un [`Dockerfile`]('./Dockerfile') est
disponible. Le helper [`test_scripts.sh`](./test_scripts.sh) build et lance le
conteneur (shell: `bash`, point d'entrée: `/`).
> [!NOTE]
>
> Le helper utilise `docker`, pour utiliser `podman` vous pouvez taper
> `docker="podman" bash ./test_scripts.sh`.
## Ajout de service
S'il y a le besoin de rajouter des services, il faudra penser à ajouter leurs
configurations dans le projet ainsi que les liens vers leurs installations dans
le script d'installation.

View file

@ -1,7 +1,7 @@
# Install nala # Install nala
apt update apt update
apt upgrade -y apt upgrade -y
apt install -y nala apt install -y nala # Good front-end for "apt-*" cli
# Install base utilities # Install base utilities
echo "[server_config] > Installing required utilities (base)" echo "[server_config] > Installing required utilities (base)"
@ -19,6 +19,10 @@ nala install -y \
lsb-release \ lsb-release \
nmap \ nmap \
xxd \ xxd \
inxi \
# nmap (network viewer/utility)
# xxd (bin to hexa etc...)
# inxi (system/hardware config viewer)
# Install comfort utilities # Install comfort utilities
echo "[server_config] > Installing required utilities (comfort)" echo "[server_config] > Installing required utilities (comfort)"
@ -28,9 +32,15 @@ nala install -y \
fzf \ fzf \
tmux \ tmux \
tmate \ tmate \
# bat (better cat)
# btop (TUI htop alternative)
# fzf (fuzzy finder)
# tmux (terminal multiplexer)
# tmate (tmux over ssh)
# Install zoxide through webinstall (see zoxide install instruction on debian) # Install zoxide through webinstall (see zoxide install instruction on debian)
curl -sS https://webi.sh/zoxide | sh curl -sS https://webi.sh/zoxide | sh
# zoxide (smartter cd)
# Install really necessary utilities # Install really necessary utilities
echo "[server_config] > Installing required utilities (really necessary)" echo "[server_config] > Installing required utilities (really necessary)"
@ -41,5 +51,4 @@ nala install -y \
# Install useful deb installer # Install useful deb installer
echo "[server_config] > Installing required utilites (useful .deb installer)" echo "[server_config] > Installing required utilites (useful .deb installer)"
nala install -y lsb-release
curl -sL https://raw.githubusercontent.com/wimpysworld/deb-get/main/deb-get | bash -s install deb-get curl -sL https://raw.githubusercontent.com/wimpysworld/deb-get/main/deb-get | bash -s install deb-get

View file

@ -1,6 +1,8 @@
# Setup caddy config # Setup caddy config
mkdir -p /etc/caddy mkdir -p /etc/caddy
cp -a ./caddy/caddy/. /etc/caddy/ cp -a ./caddy/caddy/. /etc/caddy/
# Set directory owner
chown -R caddy:caddy /etc/caddy
# Setup caddy service # Setup caddy service
cp ./caddy/systemd/caddy.service /etc/systemd/system cp ./caddy/systemd/caddy.service /etc/systemd/system

View file

@ -2,6 +2,9 @@
echo "[server_config] > Writting secrets to source files" echo "[server_config] > Writting secrets to source files"
source ./load_secrets.sh source ./load_secrets.sh
# Make sure default owner of config files is root
chown -R root:root .
# Deploy services # Deploy services
APPS=$@ APPS=$@

View file

@ -1,3 +1,12 @@
# Fail2Ban # Fail2Ban
Prison pour bots. Gardien des connection ssh. Prison pour bots. Gardien des connection ssh.
## Configuration
/etc/fail2ban/
## Plus d'informations
https://github.com/fail2ban/fail2ban

9
fastfetch/README.md Normal file
View file

@ -0,0 +1,9 @@
# Fastfetch c'est quoi ?
Fastfetch est un outil similaire à neofetch permettant de récupérer les informations systèmes et de les afficher agréablement à son utilisateur. Il est écrit principalement en C avec comme intention principale la performance et la personnalisation.
## Emplacements
~/. config/fastfetch/config.jsonc
## Plus d'informations
https://github.com/fastfetch-cli/fastfetch

View file

@ -1,6 +1,6 @@
# Setup forgejo config # Setup forgejo config
cp -a ./forgejo/forgejo/. /etc/forgejo/ cp -a ./forgejo/forgejo/. /etc/forgejo/
chown -R root:forgejo /etc/forgejo && chmod -R 540 /etc/forgejo chown -R forgejo:forgejo /etc/forgejo && chmod -R a-rwx,ug+r /etc/forgejo
# Setup forgejo service # Setup forgejo service
cp ./forgejo/systemd/forgejo.service /etc/systemd/system cp ./forgejo/systemd/forgejo.service /etc/systemd/system

12
git/README.md Normal file
View file

@ -0,0 +1,12 @@
# Git
Git est un logiciel de gestion de versions décentralisé. C'est un logiciel libre et gratuit, créé en 2005 par Linus Torvalds, auteur du noyau Linux, et distribué selon les termes de la licence publique générale GNU version 2.
## Configuration
/etc/gitconfig
## Plus d'informations
https://github.com/git/git

View file

@ -2,6 +2,9 @@
echo "[server_config] > Installing required utilities" echo "[server_config] > Installing required utilities"
source ./_requirements.sh source ./_requirements.sh
# Make sure default owner of config files is root
chown -R root:root .
# Install services # Install services
APPS=$@ APPS=$@

View file

@ -1,3 +1,12 @@
# Configuration des `iptables` # Configuration des `iptables`
Règles de parfeux/routage du serveur cohabit. Règles de parfeux/routage du serveur cohabit.
## Configuration
iptables -S
## Plus d'informations
man iptables ou https://doc.ubuntu-fr.org/iptables

View file

@ -18,6 +18,11 @@ else
deno deno
fi fi
# Clone website repo # Remove old files if exists
rm -rf /srv/portfolio
# Create fs tree is missing
mkdir -p /srv/portfolio mkdir -p /srv/portfolio
# Set directory owner
chown -R deno:deno /srv/portfolio
# Clone website repo
git clone -b main --depth 1 https://git.cohabit.fr/cohabit/portfolio_server.git /srv/portfolio git clone -b main --depth 1 https://git.cohabit.fr/cohabit/portfolio_server.git /srv/portfolio

View file

@ -1,3 +1,11 @@
# SSHD # SSHD
Démon SSH de cohabit. Démon SSH de cohabit.
## Configuration
/etc/ssh/sshd_config
## Plus d'informations
https://fr.wikipedia.org/wiki/SSHD

5
test_scripts.sh Normal file
View file

@ -0,0 +1,5 @@
# Build or update container image
docker built -t cohabit_server_config_test .
# Run image in bash mode
docker run --rm -it cohabit_server_config_test bash

View file

@ -1,5 +1,6 @@
# Install or upgrade caddy # Install or upgrade vim
nala install -y caddy nala install -y vim
# Install or upgrade vundle # Install or upgrade vundle
rm -rf /root/.vim/bundle/Vundle.vim
git clone https://github.com/VundleVim/Vundle.vim.git /root/.vim/bundle/Vundle.vim git clone https://github.com/VundleVim/Vundle.vim.git /root/.vim/bundle/Vundle.vim

View file

@ -26,6 +26,9 @@ Plugin 'junegunn/fzf.vim'
call vundle#end() " required call vundle#end() " required
filetype plugin indent on " required filetype plugin indent on " required
" Sudo write (écrire un fichier en sudo si ouvert en user)
command W :execute ':silent w !sudo tee % > /dev/null' | :edit!
" Active les raccourcis clavier pour fzf " Active les raccourcis clavier pour fzf
nnoremap <C-p> :FZF<CR> nnoremap <C-p> :FZF<CR>
nnoremap <S-f> :Rg<CR> nnoremap <S-f> :Rg<CR>

View file

@ -1,10 +1,10 @@
# Setup website service
cp ./website/systemd/website.service /etc/systemd/system
# Pull website sources # Pull website sources
cd /srv/www cd /srv/www
git pull origin main git pull origin main
# Setup website service
cp /srv/www/website.service /etc/systemd/system
# Start website # Start website
systemctl daemon-reload systemctl daemon-reload
systemctl enable website systemctl enable website

View file

@ -18,6 +18,11 @@ else
deno deno
fi fi
# Clone website repo # Remove old existing files
rm -rf /srv/www
# Create fs structure
mkdir -p /srv/www mkdir -p /srv/www
# Set directory owner
chown -R deno:deno /srv/www
# Clone website repo
git clone -b main --depth 1 https://git.cohabit.fr/cohabit/website.git /srv/www git clone -b main --depth 1 https://git.cohabit.fr/cohabit/website.git /srv/www

View file

@ -0,0 +1,17 @@
[Unit]
Description=Website Deno 1.1.1 service
Documentation=http://deno.land
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
User=deno
WorkingDirectory=/srv/www
ExecStartPre=/usr/local/bin/deno task build
Environment=PORT=6060
ExecStart=/usr/local/bin/deno task serve
Restart=on-failure
[Install]
WantedBy=multi-user.target

View file

@ -3,7 +3,11 @@ cp -a ./zsh/zsh/. /root
chsh -s /usr/bin/zsh chsh -s /usr/bin/zsh
# Install zsh-autosuggestions plugin # Install zsh-autosuggestions plugin
git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions PATH=${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
/usr/bin/rm -rf $PATH
/usr/bin/git clone https://github.com/zsh-users/zsh-autosuggestions $PATH
# Install zsh-syntax-highlighting # Install zsh-syntax-highlighting
git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting PATH=${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting
/usr/bin/rm -rf $PATH
/usr/bin/git clone https://github.com/zsh-users/zsh-syntax-highlighting $PATH

View file

@ -12,4 +12,4 @@ fi
nala install -y zsh eza nala install -y zsh eza
# Check if Oh-My-ZSH already installed # Check if Oh-My-ZSH already installed
which omz &> /dev/null || sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended test -d /root/.oh-my-zsh/ || sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended

View file

@ -8,6 +8,8 @@ case $- in
*) return;; *) return;;
esac esac
PATH=$PATH:/usr/games
# don't put duplicate lines or lines starting with space in the history. # don't put duplicate lines or lines starting with space in the history.
# See bash(1) for more options # See bash(1) for more options
HISTCONTROL=ignoreboth HISTCONTROL=ignoreboth

View file

@ -6,6 +6,12 @@ autoload -Uz compinit
compinit compinit
# End of lines added by compinstall # End of lines added by compinstall
################################
# Update path
################################
PATH=$PATH:/usr/games
################################ ################################
# Webinstall.dev install # Webinstall.dev install
################################ ################################