forked from cohabit/server_config
Compare commits
35 commits
Author | SHA1 | Date | |
---|---|---|---|
Julien Oculi | 3942706da5 | ||
Julien Oculi | 78e02a6452 | ||
Julien Oculi | f3a1437a62 | ||
Julien Oculi | 59b91cc04e | ||
Julien Oculi | 0aa7787ced | ||
Julien Oculi | 364183b7f9 | ||
Julien Oculi | 65eb50f72e | ||
Julien Oculi | 1b38e01784 | ||
Julien Oculi | 807917338e | ||
Julien Oculi | cf998be24c | ||
Julien Oculi | f8295b6045 | ||
Julien Oculi | 86896228b0 | ||
Julien Oculi | 671779aac3 | ||
Julien Oculi | f61bdbb50a | ||
Julien Oculi | 9ac5cc0de0 | ||
Julien Oculi | 42f25ece18 | ||
Julien Oculi | 67f80dca18 | ||
Julien Oculi | 142064f9fc | ||
Julien Oculi | d6ded7deee | ||
Julien Oculi | c267db48e8 | ||
Julien Oculi | 80f608e6f1 | ||
Julien Oculi | e0f7c68e3c | ||
Julien Oculi | 7c452507fe | ||
julien.oculi | 6dd94237f8 | ||
leo.comeres | d54663a25a | ||
leo.comeres | 3280e30c7f | ||
julien.oculi | f38a467247 | ||
leo.comeres | 9e16b7e7fb | ||
leo.comeres | eb9b51691b | ||
leo.comeres | e4038f2734 | ||
leo.comeres | a46992a22d | ||
leo.comeres | aed20e6267 | ||
julien.oculi | a5d177fabe | ||
leo.comeres | 23334c686d | ||
Julien Oculi | bb76bd82c5 |
6
Dockerfile
Normal file
6
Dockerfile
Normal file
|
@ -0,0 +1,6 @@
|
|||
FROM debian
|
||||
|
||||
RUN apt update
|
||||
RUN apt install -y git
|
||||
RUN apt install -y gpg
|
||||
RUN apt install -y vim
|
27
README.md
27
README.md
|
@ -14,12 +14,16 @@ cd server_config
|
|||
# Decrypt secrets
|
||||
gpg -d .env.gpg > .env
|
||||
|
||||
# Switch to sudo
|
||||
sudo su
|
||||
|
||||
# Allow execute scripts
|
||||
sudo chmod +x ./install.sh
|
||||
sudo chmod +x ./deploy.sh
|
||||
chmod +x ./install.sh
|
||||
chmod +x ./deploy.sh
|
||||
|
||||
# Install and deploy services
|
||||
sudo ./install.sh --all && sudo ./deploy.sh --all
|
||||
./install.sh --all | tee install.log && \
|
||||
./deploy.sh --all | tee deploy.log
|
||||
```
|
||||
|
||||
> [!WARNING]
|
||||
|
@ -73,3 +77,20 @@ sudo (bash|sh|zsh) ./deploy.sh [SERVICES...]
|
|||
```sh
|
||||
sudo ./deploy.sh -a
|
||||
```
|
||||
|
||||
## Tests
|
||||
|
||||
Pour tester la config avant déploiement un [`Dockerfile`]('./Dockerfile') est
|
||||
disponible. Le helper [`test_scripts.sh`](./test_scripts.sh) build et lance le
|
||||
conteneur (shell: `bash`, point d'entrée: `/`).
|
||||
|
||||
> [!NOTE]
|
||||
>
|
||||
> Le helper utilise `docker`, pour utiliser `podman` vous pouvez taper
|
||||
> `docker="podman" bash ./test_scripts.sh`.
|
||||
|
||||
## Ajout de service
|
||||
|
||||
S'il y a le besoin de rajouter des services, il faudra penser à ajouter leurs
|
||||
configurations dans le projet ainsi que les liens vers leurs installations dans
|
||||
le script d'installation.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# Install nala
|
||||
apt update
|
||||
apt upgrade -y
|
||||
apt install -y nala
|
||||
apt install -y nala # Good front-end for "apt-*" cli
|
||||
|
||||
# Install base utilities
|
||||
echo "[server_config] > Installing required utilities (base)"
|
||||
|
@ -19,6 +19,10 @@ nala install -y \
|
|||
lsb-release \
|
||||
nmap \
|
||||
xxd \
|
||||
inxi \
|
||||
# nmap (network viewer/utility)
|
||||
# xxd (bin to hexa etc...)
|
||||
# inxi (system/hardware config viewer)
|
||||
|
||||
# Install comfort utilities
|
||||
echo "[server_config] > Installing required utilities (comfort)"
|
||||
|
@ -28,9 +32,15 @@ nala install -y \
|
|||
fzf \
|
||||
tmux \
|
||||
tmate \
|
||||
# bat (better cat)
|
||||
# btop (TUI htop alternative)
|
||||
# fzf (fuzzy finder)
|
||||
# tmux (terminal multiplexer)
|
||||
# tmate (tmux over ssh)
|
||||
|
||||
# Install zoxide through webinstall (see zoxide install instruction on debian)
|
||||
curl -sS https://webi.sh/zoxide | sh
|
||||
# zoxide (smartter cd)
|
||||
|
||||
# Install really necessary utilities
|
||||
echo "[server_config] > Installing required utilities (really necessary)"
|
||||
|
@ -41,5 +51,4 @@ nala install -y \
|
|||
|
||||
# Install useful deb installer
|
||||
echo "[server_config] > Installing required utilites (useful .deb installer)"
|
||||
nala install -y lsb-release
|
||||
curl -sL https://raw.githubusercontent.com/wimpysworld/deb-get/main/deb-get | bash -s install deb-get
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
# Setup caddy config
|
||||
mkdir -p /etc/caddy
|
||||
cp -a ./caddy/caddy/. /etc/caddy/
|
||||
# Set directory owner
|
||||
chown -R caddy:caddy /etc/caddy
|
||||
|
||||
# Setup caddy service
|
||||
cp ./caddy/systemd/caddy.service /etc/systemd/system
|
||||
|
|
|
@ -2,6 +2,9 @@
|
|||
echo "[server_config] > Writting secrets to source files"
|
||||
source ./load_secrets.sh
|
||||
|
||||
# Make sure default owner of config files is root
|
||||
chown -R root:root .
|
||||
|
||||
# Deploy services
|
||||
APPS=$@
|
||||
|
||||
|
|
|
@ -1,3 +1,12 @@
|
|||
# Fail2Ban
|
||||
|
||||
Prison pour bots. Gardien des connection ssh.
|
||||
|
||||
## Configuration
|
||||
|
||||
/etc/fail2ban/
|
||||
|
||||
## Plus d'informations
|
||||
|
||||
https://github.com/fail2ban/fail2ban
|
||||
|
||||
|
|
9
fastfetch/README.md
Normal file
9
fastfetch/README.md
Normal file
|
@ -0,0 +1,9 @@
|
|||
# Fastfetch c'est quoi ?
|
||||
Fastfetch est un outil similaire à neofetch permettant de récupérer les informations systèmes et de les afficher agréablement à son utilisateur. Il est écrit principalement en C avec comme intention principale la performance et la personnalisation.
|
||||
|
||||
## Emplacements
|
||||
~/. config/fastfetch/config.jsonc
|
||||
|
||||
## Plus d'informations
|
||||
https://github.com/fastfetch-cli/fastfetch
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
# Setup forgejo config
|
||||
cp -a ./forgejo/forgejo/. /etc/forgejo/
|
||||
chown -R root:forgejo /etc/forgejo && chmod -R 540 /etc/forgejo
|
||||
chown -R forgejo:forgejo /etc/forgejo && chmod -R a-rwx,ug+r /etc/forgejo
|
||||
|
||||
# Setup forgejo service
|
||||
cp ./forgejo/systemd/forgejo.service /etc/systemd/system
|
||||
|
|
12
git/README.md
Normal file
12
git/README.md
Normal file
|
@ -0,0 +1,12 @@
|
|||
# Git
|
||||
|
||||
Git est un logiciel de gestion de versions décentralisé. C'est un logiciel libre et gratuit, créé en 2005 par Linus Torvalds, auteur du noyau Linux, et distribué selon les termes de la licence publique générale GNU version 2.
|
||||
|
||||
## Configuration
|
||||
|
||||
/etc/gitconfig
|
||||
|
||||
## Plus d'informations
|
||||
|
||||
https://github.com/git/git
|
||||
|
|
@ -2,6 +2,9 @@
|
|||
echo "[server_config] > Installing required utilities"
|
||||
source ./_requirements.sh
|
||||
|
||||
# Make sure default owner of config files is root
|
||||
chown -R root:root .
|
||||
|
||||
# Install services
|
||||
APPS=$@
|
||||
|
||||
|
|
|
@ -1,3 +1,12 @@
|
|||
# Configuration des `iptables`
|
||||
|
||||
Règles de parfeux/routage du serveur cohabit.
|
||||
|
||||
## Configuration
|
||||
|
||||
iptables -S
|
||||
|
||||
## Plus d'informations
|
||||
|
||||
man iptables ou https://doc.ubuntu-fr.org/iptables
|
||||
|
||||
|
|
|
@ -18,6 +18,11 @@ else
|
|||
deno
|
||||
fi
|
||||
|
||||
# Clone website repo
|
||||
# Remove old files if exists
|
||||
rm -rf /srv/portfolio
|
||||
# Create fs tree is missing
|
||||
mkdir -p /srv/portfolio
|
||||
# Set directory owner
|
||||
chown -R deno:deno /srv/portfolio
|
||||
# Clone website repo
|
||||
git clone -b main --depth 1 https://git.cohabit.fr/cohabit/portfolio_server.git /srv/portfolio
|
||||
|
|
|
@ -1,3 +1,11 @@
|
|||
# SSHD
|
||||
|
||||
Démon SSH de cohabit.
|
||||
|
||||
## Configuration
|
||||
/etc/ssh/sshd_config
|
||||
|
||||
## Plus d'informations
|
||||
https://fr.wikipedia.org/wiki/SSHD
|
||||
|
||||
|
||||
|
|
5
test_scripts.sh
Normal file
5
test_scripts.sh
Normal file
|
@ -0,0 +1,5 @@
|
|||
# Build or update container image
|
||||
docker built -t cohabit_server_config_test .
|
||||
|
||||
# Run image in bash mode
|
||||
docker run --rm -it cohabit_server_config_test bash
|
|
@ -1,5 +1,6 @@
|
|||
# Install or upgrade caddy
|
||||
nala install -y caddy
|
||||
# Install or upgrade vim
|
||||
nala install -y vim
|
||||
|
||||
# Install or upgrade vundle
|
||||
rm -rf /root/.vim/bundle/Vundle.vim
|
||||
git clone https://github.com/VundleVim/Vundle.vim.git /root/.vim/bundle/Vundle.vim
|
||||
|
|
|
@ -26,6 +26,9 @@ Plugin 'junegunn/fzf.vim'
|
|||
call vundle#end() " required
|
||||
filetype plugin indent on " required
|
||||
|
||||
" Sudo write (écrire un fichier en sudo si ouvert en user)
|
||||
command W :execute ':silent w !sudo tee % > /dev/null' | :edit!
|
||||
|
||||
" Active les raccourcis clavier pour fzf
|
||||
nnoremap <C-p> :FZF<CR>
|
||||
nnoremap <S-f> :Rg<CR>
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
# Setup website service
|
||||
cp ./website/systemd/website.service /etc/systemd/system
|
||||
|
||||
# Pull website sources
|
||||
cd /srv/www
|
||||
git pull origin main
|
||||
|
||||
# Setup website service
|
||||
cp /srv/www/website.service /etc/systemd/system
|
||||
|
||||
# Start website
|
||||
systemctl daemon-reload
|
||||
systemctl enable website
|
||||
|
|
|
@ -18,6 +18,11 @@ else
|
|||
deno
|
||||
fi
|
||||
|
||||
# Clone website repo
|
||||
# Remove old existing files
|
||||
rm -rf /srv/www
|
||||
# Create fs structure
|
||||
mkdir -p /srv/www
|
||||
# Set directory owner
|
||||
chown -R deno:deno /srv/www
|
||||
# Clone website repo
|
||||
git clone -b main --depth 1 https://git.cohabit.fr/cohabit/website.git /srv/www
|
||||
|
|
17
website/systemd/website.service
Normal file
17
website/systemd/website.service
Normal file
|
@ -0,0 +1,17 @@
|
|||
[Unit]
|
||||
Description=Website Deno 1.1.1 service
|
||||
Documentation=http://deno.land
|
||||
Wants=network-online.target
|
||||
After=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=deno
|
||||
WorkingDirectory=/srv/www
|
||||
ExecStartPre=/usr/local/bin/deno task build
|
||||
Environment=PORT=6060
|
||||
ExecStart=/usr/local/bin/deno task serve
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -3,7 +3,11 @@ cp -a ./zsh/zsh/. /root
|
|||
chsh -s /usr/bin/zsh
|
||||
|
||||
# Install zsh-autosuggestions plugin
|
||||
git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
|
||||
PATH=${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
|
||||
/usr/bin/rm -rf $PATH
|
||||
/usr/bin/git clone https://github.com/zsh-users/zsh-autosuggestions $PATH
|
||||
|
||||
# Install zsh-syntax-highlighting
|
||||
git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting
|
||||
PATH=${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting
|
||||
/usr/bin/rm -rf $PATH
|
||||
/usr/bin/git clone https://github.com/zsh-users/zsh-syntax-highlighting $PATH
|
||||
|
|
|
@ -12,4 +12,4 @@ fi
|
|||
nala install -y zsh eza
|
||||
|
||||
# Check if Oh-My-ZSH already installed
|
||||
which omz &> /dev/null || sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended
|
||||
test -d /root/.oh-my-zsh/ || sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended
|
||||
|
|
|
@ -8,6 +8,8 @@ case $- in
|
|||
*) return;;
|
||||
esac
|
||||
|
||||
PATH=$PATH:/usr/games
|
||||
|
||||
# don't put duplicate lines or lines starting with space in the history.
|
||||
# See bash(1) for more options
|
||||
HISTCONTROL=ignoreboth
|
||||
|
|
|
@ -6,6 +6,12 @@ autoload -Uz compinit
|
|||
compinit
|
||||
# End of lines added by compinstall
|
||||
|
||||
################################
|
||||
# Update path
|
||||
################################
|
||||
|
||||
PATH=$PATH:/usr/games
|
||||
|
||||
################################
|
||||
# Webinstall.dev install
|
||||
################################
|
||||
|
|
Loading…
Reference in a new issue