fix(forgejo/deploy): update owner and permissions of config files

Reviewed-on: cohabit/server_config#8

Dockerfile

@@ -0,0 +1,6 @@
+FROM debian
+
+RUN apt update
+RUN apt install -y git
+RUN apt install -y gpg
+RUN apt install -y vim

README.md

@@ -14,12 +14,16 @@ cd server_config
 # Decrypt secrets
 gpg -d .env.gpg > .env
 
+# Switch to sudo
+sudo su
+
 # Allow execute scripts
-sudo chmod +x ./install.sh
+chmod +x ./install.sh
-sudo chmod +x ./deploy.sh
+chmod +x ./deploy.sh
 
 # Install and deploy services
-sudo ./install.sh --all && sudo ./deploy.sh --all
+./install.sh --all | tee install.log && \
+./deploy.sh --all | tee deploy.log
 ```
 
 > [!WARNING]
@@ -73,10 +77,20 @@ sudo (bash|sh|zsh) ./deploy.sh [SERVICES...]
   ```sh
   sudo ./deploy.sh -a
   ```
-  
+
+## Tests
+
+Pour tester la config avant déploiement un [`Dockerfile`]('./Dockerfile') est
+disponible. Le helper [`test_scripts.sh`](./test_scripts.sh) build et lance le
+conteneur (shell: `bash`, point d'entrée: `/`).
+
+> [!NOTE]
+>
+> Le helper utilise `docker`, pour utiliser `podman` vous pouvez taper
+> `docker="podman" bash ./test_scripts.sh`.
+
 ## Ajout de service
 
-S'il y a le besoin de rajouter des services, il faudra penser à ajouter leurs configurations dans le projet ainsi que les liens vers leurs installations dans le script d'installation.
+S'il y a le besoin de rajouter des services, il faudra penser à ajouter leurs
-
+configurations dans le projet ainsi que les liens vers leurs installations dans
-
+le script d'installation.
-  

_requirements.sh

@@ -1,7 +1,7 @@
 # Install nala
 apt update
 apt upgrade -y
-apt install -y nala
+apt install -y nala # Good front-end for "apt-*" cli
 
 # Install base utilities
 echo "[server_config] > Installing required utilities (base)"
@@ -19,6 +19,10 @@ nala install -y \
   lsb-release \
   nmap \
   xxd \
+  inxi \
+  # nmap (network viewer/utility)
+  # xxd (bin to hexa etc...)
+  # inxi (system/hardware config viewer)
 
 # Install comfort utilities
 echo "[server_config] > Installing required utilities (comfort)"
@@ -28,9 +32,15 @@ nala install -y \
   fzf \
   tmux \
   tmate \
+  # bat (better cat)
+  # btop (TUI htop alternative)
+  # fzf (fuzzy finder)
+  # tmux (terminal multiplexer)
+  # tmate (tmux over ssh)
 
 # Install zoxide through webinstall (see zoxide install instruction on debian)
 curl -sS https://webi.sh/zoxide | sh
+# zoxide (smartter cd)
 
 # Install really necessary utilities
 echo "[server_config] > Installing required utilities (really necessary)"
@@ -41,5 +51,4 @@ nala install -y \
 
 # Install useful deb installer
 echo "[server_config] > Installing required utilites (useful .deb installer)"
-nala install -y lsb-release
 curl -sL https://raw.githubusercontent.com/wimpysworld/deb-get/main/deb-get | bash -s install deb-get

caddy/_deploy.sh

@@ -1,6 +1,8 @@
 # Setup caddy config
 mkdir -p /etc/caddy
 cp -a ./caddy/caddy/. /etc/caddy/
+# Set directory owner
+chown -R caddy:caddy /etc/caddy
 
 # Setup caddy service
 cp ./caddy/systemd/caddy.service /etc/systemd/system

deploy.sh

@@ -2,6 +2,9 @@
 echo "[server_config] > Writting secrets to source files"
 source ./load_secrets.sh
 
+# Make sure default owner of config files is root
+chown -R root:root .
+
 # Deploy services
 APPS=$@
 

forgejo/_deploy.sh

@@ -1,6 +1,6 @@
 # Setup forgejo config
 cp -a ./forgejo/forgejo/. /etc/forgejo/
-chown -R root:forgejo /etc/forgejo && chmod -R 540 /etc/forgejo
+chown -R forgejo:forgejo /etc/forgejo && chmod -R a-rwx,ug+r /etc/forgejo
 
 # Setup forgejo service
 cp ./forgejo/systemd/forgejo.service /etc/systemd/system

install.sh

@@ -2,6 +2,9 @@
 echo "[server_config] > Installing required utilities"
 source ./_requirements.sh
 
+# Make sure default owner of config files is root
+chown -R root:root .
+
 # Install services
 APPS=$@
 

portfolio_server/_install.sh

@@ -17,7 +17,12 @@ else
     --comment "Deno js engine" \
     deno
 fi
-  
+
-# Clone website repo
+# Remove old files if exists
+rm -rf /srv/portfolio
+# Create fs tree is missing
 mkdir -p /srv/portfolio
+# Set directory owner
+chown -R deno:deno /srv/portfolio
+# Clone website repo
 git clone -b main --depth 1 https://git.cohabit.fr/cohabit/portfolio_server.git /srv/portfolio

test_scripts.sh

@@ -0,0 +1,5 @@
+# Build or update container image
+docker built -t cohabit_server_config_test .
+
+# Run image in bash mode
+docker run --rm -it cohabit_server_config_test bash

vim/_install.sh

@@ -1,5 +1,6 @@
-# Install or upgrade caddy
+# Install or upgrade vim
-nala install -y caddy
+nala install -y vim
 
 # Install or upgrade vundle
+rm -rf /root/.vim/bundle/Vundle.vim
 git clone https://github.com/VundleVim/Vundle.vim.git /root/.vim/bundle/Vundle.vim

website/_deploy.sh

@@ -1,10 +1,10 @@
+# Setup website service
+cp ./website/systemd/website.service /etc/systemd/system
+
 # Pull website sources
 cd /srv/www
 git pull origin main
 
-# Setup website service
-cp /srv/www/website.service /etc/systemd/system
-
 # Start website
 systemctl daemon-reload
 systemctl enable website

website/_install.sh

@@ -17,7 +17,12 @@ else
     --comment "Deno js engine" \
     deno
 fi
-  
+
-# Clone website repo
+# Remove old existing files
+rm -rf /srv/www
+# Create fs structure
 mkdir -p /srv/www
+# Set directory owner
+chown -R deno:deno /srv/www
+# Clone website repo
 git clone -b main --depth 1 https://git.cohabit.fr/cohabit/website.git /srv/www

website/systemd/website.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=Website Deno 1.1.1 service
+Documentation=http://deno.land
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=simple
+User=deno
+WorkingDirectory=/srv/www
+ExecStartPre=/usr/local/bin/deno task build
+Environment=PORT=6060
+ExecStart=/usr/local/bin/deno task serve
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target

zsh/_deploy.sh

@@ -3,7 +3,11 @@ cp -a ./zsh/zsh/. /root
 chsh -s /usr/bin/zsh
 
 # Install zsh-autosuggestions plugin
-git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
+PATH=${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
+/usr/bin/rm -rf $PATH
+/usr/bin/git clone https://github.com/zsh-users/zsh-autosuggestions $PATH
 
 # Install zsh-syntax-highlighting
-git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting
+PATH=${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting
+/usr/bin/rm -rf $PATH
+/usr/bin/git clone https://github.com/zsh-users/zsh-syntax-highlighting $PATH

zsh/_install.sh

@@ -12,4 +12,4 @@ fi
 nala install -y zsh eza
 
 # Check if Oh-My-ZSH already installed
-which omz &> /dev/null || sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended
+test -d /root/.oh-my-zsh/ || sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended

zsh/zsh/.bashrc

@@ -8,6 +8,8 @@ case $- in
       *) return;;
 esac
 
+PATH=$PATH:/usr/games
+
 # don't put duplicate lines or lines starting with space in the history.
 # See bash(1) for more options
 HISTCONTROL=ignoreboth

zsh/zsh/.zshrc

@@ -6,6 +6,12 @@ autoload -Uz compinit
 compinit
 # End of lines added by compinstall
 
+################################
+# Update path
+################################
+
+PATH=$PATH:/usr/games
+
 ################################
 # Webinstall.dev install
 ################################