Sovran_SystemsOS/for_new_sovran_pros/sp.sh

424 lines
9.7 KiB
Bash
Raw Normal View History

#!/usr/bin/env bash
2023-07-15 00:26:44 -07:00
# wget https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/sp.sh
2023-07-15 00:13:18 -07:00
GREEN="\e[32m"
LIGHTBLUE="\e[94m"
ENDCOLOR="\e[0m"
#
pushd /etc/nixos/
2023-07-15 11:29:18 -07:00
wget https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/flake.nix
2023-07-15 11:29:18 -07:00
chown root:root /etc/nixos/ -R
chmod 770 /etc/nixos/ -R
popd
#
mkdir /var/lib/domains
touch /var/lib/domains/btcpayserver
touch /var/lib/domains/matrix
touch /var/lib/domains/nextcloud
touch /var/lib/domains/sslemail
touch /var/lib/domains/vaultwarden
touch /var/lib/domains/wordpress
#
2023-07-14 23:42:37 -07:00
echo -e "${GREEN}What is your New Matrix (Element Chat) domain name?${ENDCOLOR}"
read
echo -n $REPLY > /var/lib/domains/matrix
echo -e "${GREEN}What is your New Wordpress domain name?${ENDCOLOR}"
read
echo -n $REPLY > /var/lib/domains/wordpress
echo -e "${GREEN}What is your New Nextcloud domain name?${ENDCOLOR}"
read
echo -n $REPLY > /var/lib/domains/nextcloud
echo -e "${GREEN}What is your New BTCPayserver domain name?${ENDCOLOR}"
read
echo -n $REPLY > /var/lib/domains/btcpayserver
echo -e "${GREEN}What is your New Vaultwarden domain name?${ENDCOLOR}"
read
echo -n $REPLY > /var/lib/domains/vaultwarden
echo -e "${GREEN}What is the email you would like to use to manage the SSL certificates for your domains?${ENDCOLOR}"
read
echo -n $REPLY > /var/lib/domains/sslemail
#
mkdir /var/lib/nextcloudaddition
2023-07-16 01:20:56 -07:00
cat > /var/lib/nextcloudaddition/nextcloudaddition <<- "EOF"
2023-07-15 11:29:18 -07:00
2023-08-10 20:49:55 -07:00
2023-07-15 11:29:18 -07:00
'trusted_proxies' =>
array (
0 => '127.0.0.1',
),
'default_locale' => 'en_US',
'default_phone_region' => 'US',
'filelocking.enabled' => true,
'memcache.local' => '\OC\Memcache\APCu',
2023-08-10 20:49:55 -07:00
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => '/var/run/redis/redis.sock',
'port' => 0,
'timeout' => 0.0,
),
2023-07-16 01:20:56 -07:00
EOF
#
mkdir /var/lib/njalla/
2023-07-16 01:20:56 -07:00
cat > /var/lib/njalla/njalla.sh <<- "EOF"
#!/usr/bin/env bash
2023-07-16 01:20:56 -07:00
IP=$(wget -qO- https://ipecho.net/plain ; echo)
2023-07-15 11:29:18 -07:00
## Manually Add DDNS Script From Njalla User Account AFTER Install
2023-07-16 01:20:56 -07:00
curl "https://...${IP}"
2023-07-16 01:20:56 -07:00
EOF
#
mkdir /var/lib/external_ip
2023-07-16 01:20:56 -07:00
cat > /var/lib/external_ip/external_ip.sh <<- "EOF"
#!/usr/bin/env bash
2023-07-16 01:20:56 -07:00
IP=$(wget -qO- https://ipecho.net/plain ; echo)
echo "${IP}" > /var/lib/secrets/external_ip
EOF
#
mkdir /var/lib/agenix-secrets/
2023-07-16 01:20:56 -07:00
cat > /var/lib/agenix-secrets/secrets.nix <<- "EOF"
let
2023-07-15 11:29:18 -07:00
root = "placeholder" ;
in
2023-07-16 01:20:56 -07:00
{
2023-07-15 11:29:18 -07:00
"wordpressdb.age".publicKeys = [ root ];
"matrixdb.age".publicKeys = [ root ];
2023-07-15 11:29:18 -07:00
"nextclouddb.age".publicKeys = [ root ];
2023-07-15 11:29:18 -07:00
"turn.age".publicKeys = [ root ];
2023-07-15 11:29:18 -07:00
"matrix_reg_secret.age".publicKeys = [ root ];
}
2023-07-16 01:20:56 -07:00
EOF
#
2023-07-14 23:23:32 -07:00
mkdir /var/lib/secrets
2023-07-15 00:13:18 -07:00
mkdir /var/lib/secrets/vaultwarden
2023-07-14 23:23:32 -07:00
touch /var/lib/secrets/nextclouddb
touch /var/lib/secrets/wordpressdb
touch /var/lib/secrets/matrixdb
touch /var/lib/secrets/turn
touch /var/lib/secrets/matrix_reg_secret
touch /var/lib/secrets/main
touch /var/lib/secrets/vaultwarden/vaultwarden.env
2023-07-15 01:19:36 -07:00
touch /var/lib/secrets/external_ip
2023-07-14 23:08:43 -07:00
echo -n $(pwgen -s 17 -1) > /var/lib/secrets/nextclouddb
echo -n $(pwgen -s 17 -1) > /var/lib/secrets/wordpressdb
echo -n $(pwgen -s 17 -1) > /var/lib/secrets/matrixdb
echo -n $(pwgen -s 17 -1) > /var/lib/secrets/turn
echo -n $(pwgen -s 17 -1) > /var/lib/secrets/matrix_reg_secret
echo -n $(pwgen -s 17 -1) > /var/lib/secrets/main
echo -n ADMIN_TOKEN=$(openssl rand -base64 48
) > /var/lib/secrets/vaultwarden/vaultwarden.env
#
2023-07-15 01:19:36 -07:00
mkdir -p /root/.ssh/agenix
2023-07-15 00:54:02 -07:00
ssh-keygen -q -N "" -t ed25519 -f /root/.ssh/agenix/agenix-secret-keys
sed -i -e "0,/root.*/{s::root = $(cat /root/.ssh/agenix/agenix-secret-keys.pub):};s:root@nixos::" /var/lib/agenix-secrets/secrets.nix
sed -i 's:\(root =[[:blank:]]*\)\(.*\):\1"\2";:' /var/lib/agenix-secrets/secrets.nix
#
2023-07-15 01:19:36 -07:00
pushd /var/lib/agenix-secrets
2023-07-15 00:54:02 -07:00
2023-07-15 11:29:18 -07:00
echo -n $(cat /var/lib/secrets/wordpressdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e wordpressdb.age -i /root/.ssh/agenix/agenix-secret-keys
2023-07-15 00:54:02 -07:00
2023-07-15 11:29:18 -07:00
echo -n $(cat /var/lib/secrets/nextclouddb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e nextclouddb.age -i /root/.ssh/agenix/agenix-secret-keys
2023-07-15 00:54:02 -07:00
2023-07-15 11:29:18 -07:00
echo -n $(cat /var/lib/secrets/matrixdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrixdb.age -i /root/.ssh/agenix/agenix-secret-keys
2023-07-15 00:54:02 -07:00
2023-07-15 11:29:18 -07:00
echo -n $(cat /var/lib/secrets/turn) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e turn.age -i /root/.ssh/agenix/agenix-secret-keys
2023-07-15 00:54:02 -07:00
2023-07-15 11:29:18 -07:00
echo -n $(cat /var/lib/secrets/matrix_reg_secret) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrix_reg_secret.age -i /root/.ssh/agenix/agenix-secret-keys
2023-07-15 00:54:02 -07:00
popd
2023-07-16 01:36:48 -07:00
#
2023-07-15 00:54:02 -07:00
2023-07-15 00:37:16 -07:00
pushd /etc/nixos
2023-07-15 11:29:18 -07:00
nix flake update
2023-07-15 11:29:18 -07:00
nixos-rebuild switch --impure
popd
#
2023-07-15 00:37:16 -07:00
chown root:root /var/lib/secrets/main -R
2023-07-14 23:36:36 -07:00
2023-07-15 00:37:16 -07:00
chown root:root /var/lib/secrets/external_ip -R
2023-07-14 23:36:36 -07:00
2023-07-15 00:37:16 -07:00
chown matrix-synapse:matrix-synapse /var/lib/secrets/matrix_reg_secret -R
2023-07-14 23:36:36 -07:00
2023-07-15 00:37:16 -07:00
chown matrix-synapse:matrix-synapse /var/lib/secrets/matrixdb -R
2023-07-15 00:37:16 -07:00
chown postgres:postgres /var/lib/secrets/nextclouddb -R
2023-07-15 00:13:18 -07:00
2023-07-15 00:37:16 -07:00
chown turnserver:turnserver /var/lib/secrets/turn -R
2023-07-15 00:13:18 -07:00
2023-07-15 00:37:16 -07:00
chown mysql:mysql /var/lib/secrets/wordpressdb -R
2023-07-15 00:13:18 -07:00
2023-07-15 00:37:16 -07:00
chown vaultwarden:vaultwarden /var/lib/secrets/vaultwarden -R
2023-07-16 19:40:26 -07:00
2023-07-15 00:37:16 -07:00
chmod 770 /var/lib/secrets/ -R
2023-07-14 23:50:43 -07:00
#
2023-07-15 00:37:16 -07:00
chown caddy:php /var/lib/domains -R
2023-07-15 00:37:16 -07:00
chmod 770 /var/lib/domains -R
2023-07-15 00:37:16 -07:00
#
2023-07-15 00:37:16 -07:00
pushd /etc/nixos
2023-07-15 11:29:18 -07:00
nix flake update
2023-07-15 11:29:18 -07:00
nixos-rebuild switch --impure
2023-07-15 00:37:16 -07:00
popd
#
set -x
wget -P /var/lib/www/downloadwp https://wordpress.org/latest.zip
wget -P /var/lib/www/downloadnc https://download.nextcloud.com/server/releases/latest.zip
unzip /var/lib/www/downloadwp/latest.zip -d /var/lib/www/
unzip /var/lib/www/downloadnc/latest.zip -d /var/lib/www/
rm -rf /var/lib/www/downloadwp
rm -rf /var/lib/www/downloadnc
chown caddy:php /var/lib/www -R
chmod 770 /var/lib/www -R
#
mkdir /var/lib/nextcloud
chown caddy:php /var/lib/nextcloud -R
chmod 770 /var/lib/nextcloud -R
#
mkdir /var/lib/coturn
chown turnserver:turnserver /var/lib/coturn -R
chmod 770 /var/lib/coturn -R
#
echo "root:$(cat /var/lib/secrets/main)" | chpasswd -c SHA512
2023-07-15 07:58:43 -07:00
echo "free:a" | chpasswd -c SHA512
#
sudo -u free flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
#
2023-07-14 22:57:41 -07:00
rm -rf /root/sp.sh
2023-07-14 22:54:07 -07:00
#
chown bitcoin:bitcoin /run/media/Second_Drive/BTCEcoandBackup/Bitcoin_Node -R
chmod 770 /run/media/Second_Drive/BTCEcoandBackup/Bitcoin_Node -R
chown electrs:electrs /run/media/Second_Drive/BTCEcoandBackup/Electrs_Data -R
chmod 770 /run/media/Second_Drive/BTCEcoandBackup/Electrs_Data -R
2023-07-14 23:36:36 -07:00
#
pushd /etc/nixos
2023-07-15 11:29:18 -07:00
nix flake update
2023-07-14 23:36:36 -07:00
2023-07-15 11:29:18 -07:00
nixos-rebuild switch --impure
2023-07-14 23:36:36 -07:00
popd
#
2023-07-15 18:12:18 -07:00
mkdir -p /home/free/Downloads
2023-07-15 10:01:19 -07:00
pushd /home/free/Downloads
2023-07-15 11:29:18 -07:00
wget https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Reseter/sovran_systemsOS_reseter_local_installer/sovran_systemsOS_reseter_install.sh
2023-07-15 08:02:23 -07:00
2023-07-15 11:29:18 -07:00
bash sovran_systemsOS_reseter_install.sh
popd
#
2023-07-15 10:01:19 -07:00
pushd /home/free/Downloads
2023-07-15 11:29:18 -07:00
wget https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Updater/sovran_systemsOS_updater_local_installer/sovran_systemsOS_updater_install.sh
2023-07-15 08:02:23 -07:00
2023-07-15 11:29:18 -07:00
bash sovran_systemsOS_updater_install.sh
popd
#
2023-07-15 18:12:18 -07:00
mkdir -p /home/free/Pictures
2023-07-16 01:36:48 -07:00
pushd /home/free/Pictures
2023-07-15 14:03:29 -07:00
wget https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/Wallpaper_Dark_Wide.png
chown free:users /home/free -R
chmod 770 /home/free -R
popd
#
2023-07-15 19:34:35 -07:00
2023-07-16 19:40:26 -07:00
pushd /home/free/Downloads
sudo -u free wget https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/Sovran_SystemsOS-Desktop
popd
#
2023-07-15 19:34:35 -07:00
wp=$(cat /var/lib/secrets/wordpressdb)
sudo mysql -u root -e "SET PASSWORD FOR wpusr@localhost = PASSWORD('${wp}')";
#
mkdir /root/.ssh
mkdir -p /home/free/.ssh
2023-07-16 19:40:26 -07:00
chown free:users /home/free/.ssh -R
2023-07-15 19:34:35 -07:00
touch /root/.ssh/authorized_keys
sudo -u free ssh-keygen -q -N "gosovransystems" -t ed25519 -f /home/free/.ssh/factory_login
chmod 700 /home/free/.ssh -R
2023-07-16 19:40:26 -07:00
echo "$(cat /home/free/.ssh/factory_login.pub)" >> /root/.ssh/authorized_keys
2023-07-15 19:34:35 -07:00
#
sudo matrix-synapse-register_new_matrix_user -u admin -p a -a
sudo echo "no" | matrix-synapse-register_new_matrix_user -u test -p a
# This key is removed before shipping as it allows Sovran Systems to access the machine via root remotely.
2023-07-14 22:54:07 -07:00
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCQa3DEhx9RUtV0WopfFuL3cjQt2fBzp5wOg/hkj0FXyZXpp+F47Td1B9mKMNvucINaMQB6T0mW6c70fyT92gZO2OqCff6aeWovtTd9ynRgtJbny/qvVSShDbJcR7nSMeVPoDRaYs18fuA50guYnfoYAkaXyXPmVQ0uK84HwIB5j8gq6GMji7vv+TTNhDP8qOceUzt1DYPo9Z2JSnkFey+Z/fmxWJGsu+MSrA0/PPENEmf6L0ZSgxnu3gHEtdyX2hrFzjE16y3G0wSQzbWJb8MJO0KRSMcyvz6AzOSW4RYdXR1c+4JiciKRdnIAYYHfg7tnZT9wC9AzHjdEbmmrlF05mtjXKnxbPgGY0tlRSYo7B5E0k2zfi30MkIJ6kIE9TMM2z/+1KstrQN4OKBTGomBTYQaRQCT6dGpRTR+b8lOvUcnCSuat1sUC2M2VGFcBbDbKD0FyXy/vOk1pgA4I7GoESWQClnl+ntRg8HrW4oVTX2KpqR2CXjlF956HJGqHW6k= free@nixos" >> /root/.ssh/authorized_keys
#
2023-07-15 09:50:54 -07:00
set +x
echo -e "${GREEN}These four passwords are generated for convenience to use for the Web front end setup UI accounts for Nextcloud, Wordpress, VaultWarden, and BTCPayserver (if you want to use them).${ENDCOLOR} \n"
echo -e "$(pwgen -s 17 -1) \n"
echo -e "$(pwgen -s 17 -1) \n"
echo -e "$(pwgen -s 17 -1) \n"
echo -e "$(pwgen -s 17 -1) \n"
#
2023-07-16 19:40:26 -07:00
DOMAIN=$(cat /var/lib/domains/matrix)
cp -n /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/${DOMAIN}/${DOMAIN}.crt /var/lib/coturn/${DOMAIN}.crt.pem
cp -n /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/${DOMAIN}/${DOMAIN}.key /var/lib/coturn/${DOMAIN}.key.pem
bash /var/lib/external_ip/external_ip.sh
chown turnserver:turnserver /var/lib/coturn -R
chmod 770 /var/lib/coturn -R
#
pushd /etc/nixos
nix flake update
nixos-rebuild switch --impure
popd
#
echo -e "${LIGHTBLUE}One last thing, you need to put the Njalla DDNS info from Njalla into njalla.sh.${ENDCOLOR} \n"
echo -e "${GREEN}All Finished! Please Reboot then Enjoy your New Sovran Pro!${ENDCOLOR} \n"