From 47262649a570992bf913e2468b42d17f7f7d881a Mon Sep 17 00:00:00 2001
From: Andrea Rogers <targetdisk1394@gmail.com>
Date: Tue, 7 Nov 2023 16:48:50 -0600
Subject: [PATCH] [NEW] setup-server: Initial deployment scripts

---
 .gitignore           |  1 +
 .gitmodules          |  3 ++
 scripts/certbot.bash | 56 ++++++++++++++++++++++++++++++
 scripts/setup-server | 81 ++++++++++++++++++++++++++++++++++++++++++++
 scripts/util         |  1 +
 5 files changed, 142 insertions(+)
 create mode 100644 .gitmodules
 create mode 100644 scripts/certbot.bash
 create mode 100755 scripts/setup-server
 create mode 160000 scripts/util

diff --git a/.gitignore b/.gitignore
index 9bc46fc..dfded64 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,7 @@ art
 crud
 blob
 media
+/*root
 
 blog/20*.html
 blog.html
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..4c9b874
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "scripts/util"]
+	path = scripts/util
+	url = https://github.com/targetdisk/bash-util
diff --git a/scripts/certbot.bash b/scripts/certbot.bash
new file mode 100644
index 0000000..f3561a5
--- /dev/null
+++ b/scripts/certbot.bash
@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+
+DOMAIN='targetdisk.io'
+CLOUDFLARE_SECRET_INI='/root/.super-secret/cloudflare.ini'
+
+install_certbot() {
+	[ "$1" == help ] && echo -n "Install certbot via Pip." && return 0
+	[ $UID -ne 0 ] && die "ERROR: must be root!"
+
+	mkdir -p ~/src
+
+	pip install --user --upgrade pip
+	pip install --upgrade certbot
+
+	git clone --recurse-submodules \
+		https://github.com/cloudflare/certbot-dns-cloudflare \
+		~/src/certbot-dns-cloudflare
+
+	pushd ~/src/certbot-dns-cloudflare
+	python3 setup.py install
+	popd  # ~/src/certbot-dns-cloudflare
+}
+
+setup_certbot() {
+	[ "$1" == help ] && echo -n "Setup certbot with Cloudflare DNS." && return 0
+	[ $UID -ne 0 ] && die "ERROR: must be root!"
+
+	[ -f "$CLOUDFLARE_SECRET_INI" ] \
+		|| dedcat  "ERROR: Please ensure you have a \"$CLOUDFLARE_SECRET_INI\" file!"$'\n' \
+			  $'  For more information see here:\n' \
+			  $'      https://developers.cloudflare.com/fundamentals/api/get-started/\n\n' \
+			  $'  And here:\n' \
+			   '      https://labzilla.io/blog/cloudflare-certbot'
+
+	certbot certonly --dns-cloudflare \
+		--dns-cloudflare-credentials "$CLOUDFLARE_SECRET_INI" \
+		-d "$DOMAIN,*.$DOMAIN" \
+		--preferred-challenges dns-01
+}
+
+# TODO: Check back when Go/Cloudflare get their heads our of their arses
+install_cloudflared() {
+	[ "$1" == help ] && echo -n "Setup cloudflared." && return 0
+	[ $UID -ne 0 ] && die "ERROR: must be root!"
+
+	# Alpine+Cloudflare+Go made me do this
+	wget -O /usr/local/bin/cloudflared \
+		'https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64'
+
+	# We really should be checking a checksum/sig before doing this...
+	# Oh well...
+	chmod +x /usr/local/bin/cloudflared
+
+	# If you hack Cloudflare's GitHub/devs you honestly deserve the keys to my little
+	# kingdom... ¯\_(ツ)_/¯
+}
diff --git a/scripts/setup-server b/scripts/setup-server
new file mode 100755
index 0000000..6cab169
--- /dev/null
+++ b/scripts/setup-server
@@ -0,0 +1,81 @@
+#!/usr/bin/env bash
+
+. "$(dirname $0)/util/logging.bash"
+. "$(dirname $0)/certbot.bash"
+
+fns=(
+	add_deps
+	setup_rust
+	install_srv
+	install_certbot
+	setup_certbot
+	install_cloudflared
+	start_srv
+	show_help
+)
+
+show_help() {
+	[ "$1" == help ] && echo -n "Display this help." && return 0
+
+	cat <<<"$HELPSTR"
+}
+
+# Don't forget to add musl-dev!
+add_deps() {
+	[ "$1" == help ] && echo -n "Install deps for building static-web-server." && return 0
+	[ $UID -ne 0 ] && die "ERROR: must be root!"
+
+	if [ -e /etc/debian_version ]; then
+		sudo apt install build-essential python3-pip socat
+	elif [ -e /etc/alpine-release ]; then
+		apk add gcc make musl-dev rustup py3-pip # clang gcc-libs libgcc
+		#apk add git
+	else
+		die "ERROR: Unsupported.  Get the dependencies yourself!"
+	fi
+}
+
+setup_rust() {
+	[ "$1" == help ] && echo -n "Configure rustup for user." && return 0
+
+	if [ -e /etc/debian_version ]; then
+		wget "https://static.rust-lang.org/rustup/dist/$(uname -m)-unknown-linux-gnu/rustup-init"
+		# TODO: verify sigs
+		chmod +x rustup-init
+		./rustup-init <<<$'1\n'
+	else
+		rustup-init <<<$'1\n'
+	fi
+}
+
+install_srv() {
+	[ "$1" == help ] && echo -n "Install static-web-server." && return 0
+
+	mkdir -p ~/src
+	git clone --recurse-submodules \
+		https://github.com/static-web-server/static-web-server.git \
+		~/src/static-web-server
+
+	cargo install --path ~/src/static-web-server
+}
+
+start_srv() {
+	[ "$1" == help ] && echo -n "Start local static-web-server." && return 0
+
+	local httproot
+	[ -n "$1" ] && httproot="$1" || httproot="$HOME/httproot"
+
+	static-web-server \
+		--port 1337 \
+		--host 127.0.0.1 \
+		--root "$httproot"
+}
+
+read -d '' EXTRA_NOTE <<EONOTE
+
+Note: You will need to run some operations as different users for security and
+      practicality.
+
+EONOTE
+
+. "$(dirname $0)/util/dynamic_main.bash"
diff --git a/scripts/util b/scripts/util
new file mode 160000
index 0000000..282c2f5
--- /dev/null
+++ b/scripts/util
@@ -0,0 +1 @@
+Subproject commit 282c2f5b04eabb95b40f3c9c6f05e2e660233d6d