[NEW] setup-server: Initial deployment scripts
This commit is contained in:
parent
cb0aec6cad
commit
47262649a5
5 changed files with 142 additions and 0 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -2,6 +2,7 @@ art
|
||||||
crud
|
crud
|
||||||
blob
|
blob
|
||||||
media
|
media
|
||||||
|
/*root
|
||||||
|
|
||||||
blog/20*.html
|
blog/20*.html
|
||||||
blog.html
|
blog.html
|
||||||
|
|
|
||||||
3
.gitmodules
vendored
Normal file
3
.gitmodules
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
[submodule "scripts/util"]
|
||||||
|
path = scripts/util
|
||||||
|
url = https://github.com/targetdisk/bash-util
|
||||||
56
scripts/certbot.bash
Normal file
56
scripts/certbot.bash
Normal file
|
|
@ -0,0 +1,56 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
DOMAIN='targetdisk.io'
|
||||||
|
CLOUDFLARE_SECRET_INI='/root/.super-secret/cloudflare.ini'
|
||||||
|
|
||||||
|
install_certbot() {
|
||||||
|
[ "$1" == help ] && echo -n "Install certbot via Pip." && return 0
|
||||||
|
[ $UID -ne 0 ] && die "ERROR: must be root!"
|
||||||
|
|
||||||
|
mkdir -p ~/src
|
||||||
|
|
||||||
|
pip install --user --upgrade pip
|
||||||
|
pip install --upgrade certbot
|
||||||
|
|
||||||
|
git clone --recurse-submodules \
|
||||||
|
https://github.com/cloudflare/certbot-dns-cloudflare \
|
||||||
|
~/src/certbot-dns-cloudflare
|
||||||
|
|
||||||
|
pushd ~/src/certbot-dns-cloudflare
|
||||||
|
python3 setup.py install
|
||||||
|
popd # ~/src/certbot-dns-cloudflare
|
||||||
|
}
|
||||||
|
|
||||||
|
setup_certbot() {
|
||||||
|
[ "$1" == help ] && echo -n "Setup certbot with Cloudflare DNS." && return 0
|
||||||
|
[ $UID -ne 0 ] && die "ERROR: must be root!"
|
||||||
|
|
||||||
|
[ -f "$CLOUDFLARE_SECRET_INI" ] \
|
||||||
|
|| dedcat "ERROR: Please ensure you have a \"$CLOUDFLARE_SECRET_INI\" file!"$'\n' \
|
||||||
|
$' For more information see here:\n' \
|
||||||
|
$' https://developers.cloudflare.com/fundamentals/api/get-started/\n\n' \
|
||||||
|
$' And here:\n' \
|
||||||
|
' https://labzilla.io/blog/cloudflare-certbot'
|
||||||
|
|
||||||
|
certbot certonly --dns-cloudflare \
|
||||||
|
--dns-cloudflare-credentials "$CLOUDFLARE_SECRET_INI" \
|
||||||
|
-d "$DOMAIN,*.$DOMAIN" \
|
||||||
|
--preferred-challenges dns-01
|
||||||
|
}
|
||||||
|
|
||||||
|
# TODO: Check back when Go/Cloudflare get their heads our of their arses
|
||||||
|
install_cloudflared() {
|
||||||
|
[ "$1" == help ] && echo -n "Setup cloudflared." && return 0
|
||||||
|
[ $UID -ne 0 ] && die "ERROR: must be root!"
|
||||||
|
|
||||||
|
# Alpine+Cloudflare+Go made me do this
|
||||||
|
wget -O /usr/local/bin/cloudflared \
|
||||||
|
'https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64'
|
||||||
|
|
||||||
|
# We really should be checking a checksum/sig before doing this...
|
||||||
|
# Oh well...
|
||||||
|
chmod +x /usr/local/bin/cloudflared
|
||||||
|
|
||||||
|
# If you hack Cloudflare's GitHub/devs you honestly deserve the keys to my little
|
||||||
|
# kingdom... ¯\_(ツ)_/¯
|
||||||
|
}
|
||||||
81
scripts/setup-server
Executable file
81
scripts/setup-server
Executable file
|
|
@ -0,0 +1,81 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
. "$(dirname $0)/util/logging.bash"
|
||||||
|
. "$(dirname $0)/certbot.bash"
|
||||||
|
|
||||||
|
fns=(
|
||||||
|
add_deps
|
||||||
|
setup_rust
|
||||||
|
install_srv
|
||||||
|
install_certbot
|
||||||
|
setup_certbot
|
||||||
|
install_cloudflared
|
||||||
|
start_srv
|
||||||
|
show_help
|
||||||
|
)
|
||||||
|
|
||||||
|
show_help() {
|
||||||
|
[ "$1" == help ] && echo -n "Display this help." && return 0
|
||||||
|
|
||||||
|
cat <<<"$HELPSTR"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Don't forget to add musl-dev!
|
||||||
|
add_deps() {
|
||||||
|
[ "$1" == help ] && echo -n "Install deps for building static-web-server." && return 0
|
||||||
|
[ $UID -ne 0 ] && die "ERROR: must be root!"
|
||||||
|
|
||||||
|
if [ -e /etc/debian_version ]; then
|
||||||
|
sudo apt install build-essential python3-pip socat
|
||||||
|
elif [ -e /etc/alpine-release ]; then
|
||||||
|
apk add gcc make musl-dev rustup py3-pip # clang gcc-libs libgcc
|
||||||
|
#apk add git
|
||||||
|
else
|
||||||
|
die "ERROR: Unsupported. Get the dependencies yourself!"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
setup_rust() {
|
||||||
|
[ "$1" == help ] && echo -n "Configure rustup for user." && return 0
|
||||||
|
|
||||||
|
if [ -e /etc/debian_version ]; then
|
||||||
|
wget "https://static.rust-lang.org/rustup/dist/$(uname -m)-unknown-linux-gnu/rustup-init"
|
||||||
|
# TODO: verify sigs
|
||||||
|
chmod +x rustup-init
|
||||||
|
./rustup-init <<<$'1\n'
|
||||||
|
else
|
||||||
|
rustup-init <<<$'1\n'
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
install_srv() {
|
||||||
|
[ "$1" == help ] && echo -n "Install static-web-server." && return 0
|
||||||
|
|
||||||
|
mkdir -p ~/src
|
||||||
|
git clone --recurse-submodules \
|
||||||
|
https://github.com/static-web-server/static-web-server.git \
|
||||||
|
~/src/static-web-server
|
||||||
|
|
||||||
|
cargo install --path ~/src/static-web-server
|
||||||
|
}
|
||||||
|
|
||||||
|
start_srv() {
|
||||||
|
[ "$1" == help ] && echo -n "Start local static-web-server." && return 0
|
||||||
|
|
||||||
|
local httproot
|
||||||
|
[ -n "$1" ] && httproot="$1" || httproot="$HOME/httproot"
|
||||||
|
|
||||||
|
static-web-server \
|
||||||
|
--port 1337 \
|
||||||
|
--host 127.0.0.1 \
|
||||||
|
--root "$httproot"
|
||||||
|
}
|
||||||
|
|
||||||
|
read -d '' EXTRA_NOTE <<EONOTE
|
||||||
|
|
||||||
|
Note: You will need to run some operations as different users for security and
|
||||||
|
practicality.
|
||||||
|
|
||||||
|
EONOTE
|
||||||
|
|
||||||
|
. "$(dirname $0)/util/dynamic_main.bash"
|
||||||
1
scripts/util
Submodule
1
scripts/util
Submodule
|
|
@ -0,0 +1 @@
|
||||||
|
Subproject commit 282c2f5b04eabb95b40f3c9c6f05e2e660233d6d
|
||||||
Loading…
Add table
Add a link
Reference in a new issue