forked from cohabit/server_config
Compare commits
35 commits
Author | SHA1 | Date | |
---|---|---|---|
Julien Oculi | 3942706da5 | ||
Julien Oculi | 78e02a6452 | ||
Julien Oculi | f3a1437a62 | ||
Julien Oculi | 59b91cc04e | ||
Julien Oculi | 0aa7787ced | ||
Julien Oculi | 364183b7f9 | ||
Julien Oculi | 65eb50f72e | ||
Julien Oculi | 1b38e01784 | ||
Julien Oculi | 807917338e | ||
Julien Oculi | cf998be24c | ||
Julien Oculi | f8295b6045 | ||
Julien Oculi | 86896228b0 | ||
Julien Oculi | 671779aac3 | ||
Julien Oculi | f61bdbb50a | ||
Julien Oculi | 9ac5cc0de0 | ||
Julien Oculi | 42f25ece18 | ||
Julien Oculi | 67f80dca18 | ||
Julien Oculi | 142064f9fc | ||
Julien Oculi | d6ded7deee | ||
Julien Oculi | c267db48e8 | ||
Julien Oculi | 80f608e6f1 | ||
Julien Oculi | e0f7c68e3c | ||
Julien Oculi | 7c452507fe | ||
julien.oculi | 6dd94237f8 | ||
leo.comeres | d54663a25a | ||
leo.comeres | 3280e30c7f | ||
julien.oculi | f38a467247 | ||
leo.comeres | 9e16b7e7fb | ||
leo.comeres | eb9b51691b | ||
leo.comeres | e4038f2734 | ||
leo.comeres | a46992a22d | ||
leo.comeres | aed20e6267 | ||
julien.oculi | a5d177fabe | ||
leo.comeres | 23334c686d | ||
Julien Oculi | bb76bd82c5 |
6
Dockerfile
Normal file
6
Dockerfile
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
FROM debian
|
||||||
|
|
||||||
|
RUN apt update
|
||||||
|
RUN apt install -y git
|
||||||
|
RUN apt install -y gpg
|
||||||
|
RUN apt install -y vim
|
27
README.md
27
README.md
|
@ -14,12 +14,16 @@ cd server_config
|
||||||
# Decrypt secrets
|
# Decrypt secrets
|
||||||
gpg -d .env.gpg > .env
|
gpg -d .env.gpg > .env
|
||||||
|
|
||||||
|
# Switch to sudo
|
||||||
|
sudo su
|
||||||
|
|
||||||
# Allow execute scripts
|
# Allow execute scripts
|
||||||
sudo chmod +x ./install.sh
|
chmod +x ./install.sh
|
||||||
sudo chmod +x ./deploy.sh
|
chmod +x ./deploy.sh
|
||||||
|
|
||||||
# Install and deploy services
|
# Install and deploy services
|
||||||
sudo ./install.sh --all && sudo ./deploy.sh --all
|
./install.sh --all | tee install.log && \
|
||||||
|
./deploy.sh --all | tee deploy.log
|
||||||
```
|
```
|
||||||
|
|
||||||
> [!WARNING]
|
> [!WARNING]
|
||||||
|
@ -73,3 +77,20 @@ sudo (bash|sh|zsh) ./deploy.sh [SERVICES...]
|
||||||
```sh
|
```sh
|
||||||
sudo ./deploy.sh -a
|
sudo ./deploy.sh -a
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Tests
|
||||||
|
|
||||||
|
Pour tester la config avant déploiement un [`Dockerfile`]('./Dockerfile') est
|
||||||
|
disponible. Le helper [`test_scripts.sh`](./test_scripts.sh) build et lance le
|
||||||
|
conteneur (shell: `bash`, point d'entrée: `/`).
|
||||||
|
|
||||||
|
> [!NOTE]
|
||||||
|
>
|
||||||
|
> Le helper utilise `docker`, pour utiliser `podman` vous pouvez taper
|
||||||
|
> `docker="podman" bash ./test_scripts.sh`.
|
||||||
|
|
||||||
|
## Ajout de service
|
||||||
|
|
||||||
|
S'il y a le besoin de rajouter des services, il faudra penser à ajouter leurs
|
||||||
|
configurations dans le projet ainsi que les liens vers leurs installations dans
|
||||||
|
le script d'installation.
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Install nala
|
# Install nala
|
||||||
apt update
|
apt update
|
||||||
apt upgrade -y
|
apt upgrade -y
|
||||||
apt install -y nala
|
apt install -y nala # Good front-end for "apt-*" cli
|
||||||
|
|
||||||
# Install base utilities
|
# Install base utilities
|
||||||
echo "[server_config] > Installing required utilities (base)"
|
echo "[server_config] > Installing required utilities (base)"
|
||||||
|
@ -19,6 +19,10 @@ nala install -y \
|
||||||
lsb-release \
|
lsb-release \
|
||||||
nmap \
|
nmap \
|
||||||
xxd \
|
xxd \
|
||||||
|
inxi \
|
||||||
|
# nmap (network viewer/utility)
|
||||||
|
# xxd (bin to hexa etc...)
|
||||||
|
# inxi (system/hardware config viewer)
|
||||||
|
|
||||||
# Install comfort utilities
|
# Install comfort utilities
|
||||||
echo "[server_config] > Installing required utilities (comfort)"
|
echo "[server_config] > Installing required utilities (comfort)"
|
||||||
|
@ -28,9 +32,15 @@ nala install -y \
|
||||||
fzf \
|
fzf \
|
||||||
tmux \
|
tmux \
|
||||||
tmate \
|
tmate \
|
||||||
|
# bat (better cat)
|
||||||
|
# btop (TUI htop alternative)
|
||||||
|
# fzf (fuzzy finder)
|
||||||
|
# tmux (terminal multiplexer)
|
||||||
|
# tmate (tmux over ssh)
|
||||||
|
|
||||||
# Install zoxide through webinstall (see zoxide install instruction on debian)
|
# Install zoxide through webinstall (see zoxide install instruction on debian)
|
||||||
curl -sS https://webi.sh/zoxide | sh
|
curl -sS https://webi.sh/zoxide | sh
|
||||||
|
# zoxide (smartter cd)
|
||||||
|
|
||||||
# Install really necessary utilities
|
# Install really necessary utilities
|
||||||
echo "[server_config] > Installing required utilities (really necessary)"
|
echo "[server_config] > Installing required utilities (really necessary)"
|
||||||
|
@ -41,5 +51,4 @@ nala install -y \
|
||||||
|
|
||||||
# Install useful deb installer
|
# Install useful deb installer
|
||||||
echo "[server_config] > Installing required utilites (useful .deb installer)"
|
echo "[server_config] > Installing required utilites (useful .deb installer)"
|
||||||
nala install -y lsb-release
|
|
||||||
curl -sL https://raw.githubusercontent.com/wimpysworld/deb-get/main/deb-get | bash -s install deb-get
|
curl -sL https://raw.githubusercontent.com/wimpysworld/deb-get/main/deb-get | bash -s install deb-get
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
# Setup caddy config
|
# Setup caddy config
|
||||||
mkdir -p /etc/caddy
|
mkdir -p /etc/caddy
|
||||||
cp -a ./caddy/caddy/. /etc/caddy/
|
cp -a ./caddy/caddy/. /etc/caddy/
|
||||||
|
# Set directory owner
|
||||||
|
chown -R caddy:caddy /etc/caddy
|
||||||
|
|
||||||
# Setup caddy service
|
# Setup caddy service
|
||||||
cp ./caddy/systemd/caddy.service /etc/systemd/system
|
cp ./caddy/systemd/caddy.service /etc/systemd/system
|
||||||
|
|
|
@ -2,6 +2,9 @@
|
||||||
echo "[server_config] > Writting secrets to source files"
|
echo "[server_config] > Writting secrets to source files"
|
||||||
source ./load_secrets.sh
|
source ./load_secrets.sh
|
||||||
|
|
||||||
|
# Make sure default owner of config files is root
|
||||||
|
chown -R root:root .
|
||||||
|
|
||||||
# Deploy services
|
# Deploy services
|
||||||
APPS=$@
|
APPS=$@
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,12 @@
|
||||||
# Fail2Ban
|
# Fail2Ban
|
||||||
|
|
||||||
Prison pour bots. Gardien des connection ssh.
|
Prison pour bots. Gardien des connection ssh.
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
|
||||||
|
/etc/fail2ban/
|
||||||
|
|
||||||
|
## Plus d'informations
|
||||||
|
|
||||||
|
https://github.com/fail2ban/fail2ban
|
||||||
|
|
||||||
|
|
9
fastfetch/README.md
Normal file
9
fastfetch/README.md
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
# Fastfetch c'est quoi ?
|
||||||
|
Fastfetch est un outil similaire à neofetch permettant de récupérer les informations systèmes et de les afficher agréablement à son utilisateur. Il est écrit principalement en C avec comme intention principale la performance et la personnalisation.
|
||||||
|
|
||||||
|
## Emplacements
|
||||||
|
~/. config/fastfetch/config.jsonc
|
||||||
|
|
||||||
|
## Plus d'informations
|
||||||
|
https://github.com/fastfetch-cli/fastfetch
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Setup forgejo config
|
# Setup forgejo config
|
||||||
cp -a ./forgejo/forgejo/. /etc/forgejo/
|
cp -a ./forgejo/forgejo/. /etc/forgejo/
|
||||||
chown -R root:forgejo /etc/forgejo && chmod -R 540 /etc/forgejo
|
chown -R forgejo:forgejo /etc/forgejo && chmod -R a-rwx,ug+r /etc/forgejo
|
||||||
|
|
||||||
# Setup forgejo service
|
# Setup forgejo service
|
||||||
cp ./forgejo/systemd/forgejo.service /etc/systemd/system
|
cp ./forgejo/systemd/forgejo.service /etc/systemd/system
|
||||||
|
|
12
git/README.md
Normal file
12
git/README.md
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
# Git
|
||||||
|
|
||||||
|
Git est un logiciel de gestion de versions décentralisé. C'est un logiciel libre et gratuit, créé en 2005 par Linus Torvalds, auteur du noyau Linux, et distribué selon les termes de la licence publique générale GNU version 2.
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
|
||||||
|
/etc/gitconfig
|
||||||
|
|
||||||
|
## Plus d'informations
|
||||||
|
|
||||||
|
https://github.com/git/git
|
||||||
|
|
|
@ -2,6 +2,9 @@
|
||||||
echo "[server_config] > Installing required utilities"
|
echo "[server_config] > Installing required utilities"
|
||||||
source ./_requirements.sh
|
source ./_requirements.sh
|
||||||
|
|
||||||
|
# Make sure default owner of config files is root
|
||||||
|
chown -R root:root .
|
||||||
|
|
||||||
# Install services
|
# Install services
|
||||||
APPS=$@
|
APPS=$@
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,12 @@
|
||||||
# Configuration des `iptables`
|
# Configuration des `iptables`
|
||||||
|
|
||||||
Règles de parfeux/routage du serveur cohabit.
|
Règles de parfeux/routage du serveur cohabit.
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
|
||||||
|
iptables -S
|
||||||
|
|
||||||
|
## Plus d'informations
|
||||||
|
|
||||||
|
man iptables ou https://doc.ubuntu-fr.org/iptables
|
||||||
|
|
||||||
|
|
|
@ -17,7 +17,12 @@ else
|
||||||
--comment "Deno js engine" \
|
--comment "Deno js engine" \
|
||||||
deno
|
deno
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Clone website repo
|
# Remove old files if exists
|
||||||
|
rm -rf /srv/portfolio
|
||||||
|
# Create fs tree is missing
|
||||||
mkdir -p /srv/portfolio
|
mkdir -p /srv/portfolio
|
||||||
|
# Set directory owner
|
||||||
|
chown -R deno:deno /srv/portfolio
|
||||||
|
# Clone website repo
|
||||||
git clone -b main --depth 1 https://git.cohabit.fr/cohabit/portfolio_server.git /srv/portfolio
|
git clone -b main --depth 1 https://git.cohabit.fr/cohabit/portfolio_server.git /srv/portfolio
|
||||||
|
|
|
@ -1,3 +1,11 @@
|
||||||
# SSHD
|
# SSHD
|
||||||
|
|
||||||
Démon SSH de cohabit.
|
Démon SSH de cohabit.
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
/etc/ssh/sshd_config
|
||||||
|
|
||||||
|
## Plus d'informations
|
||||||
|
https://fr.wikipedia.org/wiki/SSHD
|
||||||
|
|
||||||
|
|
||||||
|
|
5
test_scripts.sh
Normal file
5
test_scripts.sh
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
# Build or update container image
|
||||||
|
docker built -t cohabit_server_config_test .
|
||||||
|
|
||||||
|
# Run image in bash mode
|
||||||
|
docker run --rm -it cohabit_server_config_test bash
|
|
@ -1,5 +1,6 @@
|
||||||
# Install or upgrade caddy
|
# Install or upgrade vim
|
||||||
nala install -y caddy
|
nala install -y vim
|
||||||
|
|
||||||
# Install or upgrade vundle
|
# Install or upgrade vundle
|
||||||
|
rm -rf /root/.vim/bundle/Vundle.vim
|
||||||
git clone https://github.com/VundleVim/Vundle.vim.git /root/.vim/bundle/Vundle.vim
|
git clone https://github.com/VundleVim/Vundle.vim.git /root/.vim/bundle/Vundle.vim
|
||||||
|
|
|
@ -26,6 +26,9 @@ Plugin 'junegunn/fzf.vim'
|
||||||
call vundle#end() " required
|
call vundle#end() " required
|
||||||
filetype plugin indent on " required
|
filetype plugin indent on " required
|
||||||
|
|
||||||
|
" Sudo write (écrire un fichier en sudo si ouvert en user)
|
||||||
|
command W :execute ':silent w !sudo tee % > /dev/null' | :edit!
|
||||||
|
|
||||||
" Active les raccourcis clavier pour fzf
|
" Active les raccourcis clavier pour fzf
|
||||||
nnoremap <C-p> :FZF<CR>
|
nnoremap <C-p> :FZF<CR>
|
||||||
nnoremap <S-f> :Rg<CR>
|
nnoremap <S-f> :Rg<CR>
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
|
# Setup website service
|
||||||
|
cp ./website/systemd/website.service /etc/systemd/system
|
||||||
|
|
||||||
# Pull website sources
|
# Pull website sources
|
||||||
cd /srv/www
|
cd /srv/www
|
||||||
git pull origin main
|
git pull origin main
|
||||||
|
|
||||||
# Setup website service
|
|
||||||
cp /srv/www/website.service /etc/systemd/system
|
|
||||||
|
|
||||||
# Start website
|
# Start website
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
systemctl enable website
|
systemctl enable website
|
||||||
|
|
|
@ -17,7 +17,12 @@ else
|
||||||
--comment "Deno js engine" \
|
--comment "Deno js engine" \
|
||||||
deno
|
deno
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Clone website repo
|
# Remove old existing files
|
||||||
|
rm -rf /srv/www
|
||||||
|
# Create fs structure
|
||||||
mkdir -p /srv/www
|
mkdir -p /srv/www
|
||||||
|
# Set directory owner
|
||||||
|
chown -R deno:deno /srv/www
|
||||||
|
# Clone website repo
|
||||||
git clone -b main --depth 1 https://git.cohabit.fr/cohabit/website.git /srv/www
|
git clone -b main --depth 1 https://git.cohabit.fr/cohabit/website.git /srv/www
|
||||||
|
|
17
website/systemd/website.service
Normal file
17
website/systemd/website.service
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Website Deno 1.1.1 service
|
||||||
|
Documentation=http://deno.land
|
||||||
|
Wants=network-online.target
|
||||||
|
After=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
User=deno
|
||||||
|
WorkingDirectory=/srv/www
|
||||||
|
ExecStartPre=/usr/local/bin/deno task build
|
||||||
|
Environment=PORT=6060
|
||||||
|
ExecStart=/usr/local/bin/deno task serve
|
||||||
|
Restart=on-failure
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -3,7 +3,11 @@ cp -a ./zsh/zsh/. /root
|
||||||
chsh -s /usr/bin/zsh
|
chsh -s /usr/bin/zsh
|
||||||
|
|
||||||
# Install zsh-autosuggestions plugin
|
# Install zsh-autosuggestions plugin
|
||||||
git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
|
PATH=${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
|
||||||
|
/usr/bin/rm -rf $PATH
|
||||||
|
/usr/bin/git clone https://github.com/zsh-users/zsh-autosuggestions $PATH
|
||||||
|
|
||||||
# Install zsh-syntax-highlighting
|
# Install zsh-syntax-highlighting
|
||||||
git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting
|
PATH=${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting
|
||||||
|
/usr/bin/rm -rf $PATH
|
||||||
|
/usr/bin/git clone https://github.com/zsh-users/zsh-syntax-highlighting $PATH
|
||||||
|
|
|
@ -12,4 +12,4 @@ fi
|
||||||
nala install -y zsh eza
|
nala install -y zsh eza
|
||||||
|
|
||||||
# Check if Oh-My-ZSH already installed
|
# Check if Oh-My-ZSH already installed
|
||||||
which omz &> /dev/null || sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended
|
test -d /root/.oh-my-zsh/ || sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended
|
||||||
|
|
|
@ -8,6 +8,8 @@ case $- in
|
||||||
*) return;;
|
*) return;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
PATH=$PATH:/usr/games
|
||||||
|
|
||||||
# don't put duplicate lines or lines starting with space in the history.
|
# don't put duplicate lines or lines starting with space in the history.
|
||||||
# See bash(1) for more options
|
# See bash(1) for more options
|
||||||
HISTCONTROL=ignoreboth
|
HISTCONTROL=ignoreboth
|
||||||
|
|
|
@ -6,6 +6,12 @@ autoload -Uz compinit
|
||||||
compinit
|
compinit
|
||||||
# End of lines added by compinstall
|
# End of lines added by compinstall
|
||||||
|
|
||||||
|
################################
|
||||||
|
# Update path
|
||||||
|
################################
|
||||||
|
|
||||||
|
PATH=$PATH:/usr/games
|
||||||
|
|
||||||
################################
|
################################
|
||||||
# Webinstall.dev install
|
# Webinstall.dev install
|
||||||
################################
|
################################
|
||||||
|
|
Loading…
Reference in a new issue