2023-07-14 21:34:21 -07:00
#!/usr/bin/env bash
2023-07-15 00:26:44 -07:00
# wget https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/sp.sh
2023-07-15 00:13:18 -07:00
2023-07-14 21:34:21 -07:00
GREEN = "\e[32m"
LIGHTBLUE = "\e[94m"
ENDCOLOR = "\e[0m"
#
pushd /etc/nixos/
2023-07-15 11:29:18 -07:00
wget https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/flake.nix
2023-07-14 21:34:21 -07:00
2023-07-15 11:29:18 -07:00
chown root:root /etc/nixos/ -R
chmod 770 /etc/nixos/ -R
2023-07-14 21:34:21 -07:00
popd
#
mkdir /var/lib/domains
touch /var/lib/domains/btcpayserver
touch /var/lib/domains/matrix
touch /var/lib/domains/nextcloud
touch /var/lib/domains/sslemail
touch /var/lib/domains/vaultwarden
touch /var/lib/domains/wordpress
#
2023-07-14 23:42:37 -07:00
echo -e " ${ GREEN } What is your New Matrix (Element Chat) domain name? ${ ENDCOLOR } "
read
echo -n $REPLY > /var/lib/domains/matrix
echo -e " ${ GREEN } What is your New Wordpress domain name? ${ ENDCOLOR } "
read
echo -n $REPLY > /var/lib/domains/wordpress
echo -e " ${ GREEN } What is your New Nextcloud domain name? ${ ENDCOLOR } "
read
echo -n $REPLY > /var/lib/domains/nextcloud
echo -e " ${ GREEN } What is your New BTCPayserver domain name? ${ ENDCOLOR } "
read
echo -n $REPLY > /var/lib/domains/btcpayserver
echo -e " ${ GREEN } What is your New Vaultwarden domain name? ${ ENDCOLOR } "
read
echo -n $REPLY > /var/lib/domains/vaultwarden
echo -e " ${ GREEN } What is the email you would like to use to manage the SSL certificates for your domains? ${ ENDCOLOR } "
read
echo -n $REPLY > /var/lib/domains/sslemail
#
2023-07-14 21:34:21 -07:00
mkdir /var/lib/nextcloudaddition
2023-07-16 01:20:56 -07:00
cat > /var/lib/nextcloudaddition/nextcloudaddition <<- "EOF"
2023-07-15 11:29:18 -07:00
2023-08-10 20:49:55 -07:00
2023-08-17 09:46:30 -07:00
'trusted_proxies' = >
2023-07-15 11:29:18 -07:00
array (
0 = > '127.0.0.1' ,
) ,
2023-08-17 09:46:30 -07:00
'default_locale' = > 'en_US' ,
'default_phone_region' = > 'US' ,
2023-09-05 08:27:04 -07:00
'filelocking.enabled' = > true,
'memcache.locking' = > '\OC\Memcache\Redis' ,
'memcache.distributed' = > '\OC\Memcache\Redis' ,
2023-09-05 11:41:16 -07:00
'memcache.local' = >'\OC\Memcache\ACPu' ,
2023-09-05 08:27:04 -07:00
'redis' = >
array (
'host' = > '/run/redis-roffice/redis.sock' ,
'port' = > 0,
'timeout' = > 0.0,
) ,
2023-07-14 21:34:21 -07:00
2023-07-16 01:20:56 -07:00
EOF
2023-07-14 21:34:21 -07:00
#
mkdir /var/lib/njalla/
2023-07-16 01:20:56 -07:00
cat > /var/lib/njalla/njalla.sh <<- "EOF"
2023-07-14 21:34:21 -07:00
#!/usr/bin/env bash
2023-08-25 20:58:45 -07:00
IP = $( dig @resolver4.opendns.com myip.opendns.com +short -4)
2023-07-14 21:34:21 -07:00
2023-07-15 11:29:18 -07:00
## Manually Add DDNS Script From Njalla User Account AFTER Install
2023-07-14 21:34:21 -07:00
2023-07-16 01:20:56 -07:00
curl " https://... ${ IP } "
2023-07-14 21:34:21 -07:00
2023-07-16 01:20:56 -07:00
EOF
2023-07-14 21:34:21 -07:00
#
mkdir /var/lib/external_ip
2023-07-16 01:20:56 -07:00
cat > /var/lib/external_ip/external_ip.sh <<- "EOF"
2023-07-14 21:34:21 -07:00
#!/usr/bin/env bash
2023-08-25 20:58:45 -07:00
IP = $( dig @resolver4.opendns.com myip.opendns.com +short -4)
2023-07-16 01:20:56 -07:00
echo " ${ IP } " > /var/lib/secrets/external_ip
EOF
2023-07-14 21:34:21 -07:00
#
2023-09-05 08:27:04 -07:00
mkdir /var/lib/internal_ip
cat > /var/lib/internal_ip/internal_ip.sh <<- "EOF"
#!/usr/bin/env bash
sudo echo -n $( ip route get 1.2.3.4 | awk '{print $7}' ) > /var/lib/secrets/internal_ip
exit 0
EOF
#
2023-09-05 14:27:05 -07:00
touch /etc/nixos/custom.nix
cat > /etc/nixos/custom.nix <<- "EOF"
{ config, pkgs, lib, ...} :
let
personalization = import ./personalization.nix;
in
{
}
EOF
#
2023-07-14 21:34:21 -07:00
mkdir /var/lib/agenix-secrets/
2023-07-16 01:20:56 -07:00
cat > /var/lib/agenix-secrets/secrets.nix <<- "EOF"
2023-07-14 21:34:21 -07:00
let
2023-07-15 11:29:18 -07:00
root = "placeholder" ;
2023-07-14 21:34:21 -07:00
in
2023-07-16 01:20:56 -07:00
2023-07-14 21:34:21 -07:00
{
2023-07-15 11:29:18 -07:00
"wordpressdb.age" .publicKeys = [ root ] ;
"matrixdb.age" .publicKeys = [ root ] ;
2023-07-14 21:34:21 -07:00
2023-07-15 11:29:18 -07:00
"nextclouddb.age" .publicKeys = [ root ] ;
2023-07-14 21:34:21 -07:00
2023-07-15 11:29:18 -07:00
"turn.age" .publicKeys = [ root ] ;
2023-07-14 21:34:21 -07:00
2023-07-15 11:29:18 -07:00
"matrix_reg_secret.age" .publicKeys = [ root ] ;
2023-07-14 21:34:21 -07:00
}
2023-07-16 01:20:56 -07:00
EOF
2023-07-14 21:34:21 -07:00
#
2023-07-14 23:23:32 -07:00
mkdir /var/lib/secrets
2023-07-15 00:13:18 -07:00
mkdir /var/lib/secrets/vaultwarden
2023-07-14 23:23:32 -07:00
touch /var/lib/secrets/nextclouddb
touch /var/lib/secrets/wordpressdb
touch /var/lib/secrets/matrixdb
touch /var/lib/secrets/turn
touch /var/lib/secrets/matrix_reg_secret
touch /var/lib/secrets/main
touch /var/lib/secrets/vaultwarden/vaultwarden.env
2023-07-15 01:19:36 -07:00
touch /var/lib/secrets/external_ip
2023-09-05 08:27:04 -07:00
touch /var/lib/secrets/internal_ip
2023-07-14 23:08:43 -07:00
2023-07-14 21:34:21 -07:00
echo -n $( pwgen -s 17 -1) > /var/lib/secrets/nextclouddb
echo -n $( pwgen -s 17 -1) > /var/lib/secrets/wordpressdb
echo -n $( pwgen -s 17 -1) > /var/lib/secrets/matrixdb
echo -n $( pwgen -s 17 -1) > /var/lib/secrets/turn
echo -n $( pwgen -s 17 -1) > /var/lib/secrets/matrix_reg_secret
echo -n $( pwgen -s 17 -1) > /var/lib/secrets/main
echo -n ADMIN_TOKEN = $( openssl rand -base64 48
) > /var/lib/secrets/vaultwarden/vaultwarden.env
#
2023-07-15 01:19:36 -07:00
mkdir -p /root/.ssh/agenix
2023-07-15 00:54:02 -07:00
ssh-keygen -q -N "" -t ed25519 -f /root/.ssh/agenix/agenix-secret-keys
sed -i -e " 0,/root.*/{s::root = $( cat /root/.ssh/agenix/agenix-secret-keys.pub) :};s:root@nixos:: " /var/lib/agenix-secrets/secrets.nix
sed -i 's:\(root =[[:blank:]]*\)\(.*\):\1"\2";:' /var/lib/agenix-secrets/secrets.nix
#
2023-07-15 01:19:36 -07:00
pushd /var/lib/agenix-secrets
2023-07-15 00:54:02 -07:00
2023-07-15 11:29:18 -07:00
echo -n $( cat /var/lib/secrets/wordpressdb) | EDITOR = 'cp /dev/stdin' nix run github:ryantm/agenix -- -e wordpressdb.age -i /root/.ssh/agenix/agenix-secret-keys
2023-07-15 00:54:02 -07:00
2023-07-15 11:29:18 -07:00
echo -n $( cat /var/lib/secrets/nextclouddb) | EDITOR = 'cp /dev/stdin' nix run github:ryantm/agenix -- -e nextclouddb.age -i /root/.ssh/agenix/agenix-secret-keys
2023-07-15 00:54:02 -07:00
2023-07-15 11:29:18 -07:00
echo -n $( cat /var/lib/secrets/matrixdb) | EDITOR = 'cp /dev/stdin' nix run github:ryantm/agenix -- -e matrixdb.age -i /root/.ssh/agenix/agenix-secret-keys
2023-07-15 00:54:02 -07:00
2023-07-15 11:29:18 -07:00
echo -n $( cat /var/lib/secrets/turn) | EDITOR = 'cp /dev/stdin' nix run github:ryantm/agenix -- -e turn.age -i /root/.ssh/agenix/agenix-secret-keys
2023-07-15 00:54:02 -07:00
2023-07-15 11:29:18 -07:00
echo -n $( cat /var/lib/secrets/matrix_reg_secret) | EDITOR = 'cp /dev/stdin' nix run github:ryantm/agenix -- -e matrix_reg_secret.age -i /root/.ssh/agenix/agenix-secret-keys
2023-07-15 00:54:02 -07:00
popd
2023-09-05 14:22:42 -07:00
2023-07-16 01:36:48 -07:00
#
2023-07-15 00:54:02 -07:00
2023-07-15 00:37:16 -07:00
pushd /etc/nixos
2023-07-14 21:34:21 -07:00
2023-07-15 11:29:18 -07:00
nix flake update
2023-07-14 21:34:21 -07:00
2023-07-15 11:29:18 -07:00
nixos-rebuild switch --impure
2023-07-14 21:34:21 -07:00
popd
#
2023-07-15 00:37:16 -07:00
chown root:root /var/lib/secrets/main -R
2023-07-14 23:36:36 -07:00
2023-07-15 00:37:16 -07:00
chown root:root /var/lib/secrets/external_ip -R
2023-07-14 23:36:36 -07:00
2023-09-05 08:27:04 -07:00
chown root:root /var/lib/secrets/internal_ip -R
2023-07-15 00:37:16 -07:00
chown matrix-synapse:matrix-synapse /var/lib/secrets/matrix_reg_secret -R
2023-07-14 23:36:36 -07:00
2023-07-15 00:37:16 -07:00
chown matrix-synapse:matrix-synapse /var/lib/secrets/matrixdb -R
2023-07-14 21:34:21 -07:00
2023-07-15 00:37:16 -07:00
chown postgres:postgres /var/lib/secrets/nextclouddb -R
2023-07-15 00:13:18 -07:00
2023-07-15 00:37:16 -07:00
chown turnserver:turnserver /var/lib/secrets/turn -R
2023-07-15 00:13:18 -07:00
2023-07-15 00:37:16 -07:00
chown mysql:mysql /var/lib/secrets/wordpressdb -R
2023-07-15 00:13:18 -07:00
2023-07-15 00:37:16 -07:00
chown vaultwarden:vaultwarden /var/lib/secrets/vaultwarden -R
2023-07-14 21:34:21 -07:00
2023-07-16 19:40:26 -07:00
2023-07-15 00:37:16 -07:00
chmod 770 /var/lib/secrets/ -R
2023-07-14 23:50:43 -07:00
#
2023-07-15 00:37:16 -07:00
chown caddy:php /var/lib/domains -R
2023-07-14 21:34:21 -07:00
2023-07-15 00:37:16 -07:00
chmod 770 /var/lib/domains -R
2023-07-14 21:34:21 -07:00
2023-07-15 00:37:16 -07:00
#
2023-07-14 21:34:21 -07:00
2023-07-15 00:37:16 -07:00
pushd /etc/nixos
2023-07-14 21:34:21 -07:00
2023-07-15 11:29:18 -07:00
nix flake update
2023-07-14 21:34:21 -07:00
2023-07-15 11:29:18 -07:00
nixos-rebuild switch --impure
2023-07-14 21:34:21 -07:00
2023-07-15 00:37:16 -07:00
popd
2023-07-14 21:34:21 -07:00
#
set -x
wget -P /var/lib/www/downloadwp https://wordpress.org/latest.zip
wget -P /var/lib/www/downloadnc https://download.nextcloud.com/server/releases/latest.zip
unzip /var/lib/www/downloadwp/latest.zip -d /var/lib/www/
unzip /var/lib/www/downloadnc/latest.zip -d /var/lib/www/
rm -rf /var/lib/www/downloadwp
rm -rf /var/lib/www/downloadnc
chown caddy:php /var/lib/www -R
chmod 770 /var/lib/www -R
#
mkdir /var/lib/nextcloud
chown caddy:php /var/lib/nextcloud -R
chmod 770 /var/lib/nextcloud -R
#
mkdir /var/lib/coturn
chown turnserver:turnserver /var/lib/coturn -R
chmod 770 /var/lib/coturn -R
#
echo " root: $( cat /var/lib/secrets/main) " | chpasswd -c SHA512
2023-07-15 07:58:43 -07:00
echo "free:a" | chpasswd -c SHA512
2023-07-14 21:34:21 -07:00
#
sudo -u free flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
#
2023-07-14 22:57:41 -07:00
rm -rf /root/sp.sh
2023-07-14 21:34:21 -07:00
2023-07-14 22:54:07 -07:00
#
2023-07-14 21:34:21 -07:00
chown bitcoin:bitcoin /run/media/Second_Drive/BTCEcoandBackup/Bitcoin_Node -R
chmod 770 /run/media/Second_Drive/BTCEcoandBackup/Bitcoin_Node -R
chown electrs:electrs /run/media/Second_Drive/BTCEcoandBackup/Electrs_Data -R
chmod 770 /run/media/Second_Drive/BTCEcoandBackup/Electrs_Data -R
2023-07-14 23:36:36 -07:00
#
pushd /etc/nixos
2023-07-14 21:34:21 -07:00
2023-07-15 11:29:18 -07:00
nix flake update
2023-07-14 23:36:36 -07:00
2023-07-15 11:29:18 -07:00
nixos-rebuild switch --impure
2023-07-14 23:36:36 -07:00
popd
2023-07-14 21:34:21 -07:00
#
2023-07-15 18:12:18 -07:00
mkdir -p /home/free/Downloads
2023-07-15 10:01:19 -07:00
pushd /home/free/Downloads
2023-07-14 21:34:21 -07:00
2023-07-15 11:29:18 -07:00
wget https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Reseter/sovran_systemsOS_reseter_local_installer/sovran_systemsOS_reseter_install.sh
2023-07-15 08:02:23 -07:00
2023-07-15 11:29:18 -07:00
bash sovran_systemsOS_reseter_install.sh
2023-07-14 21:34:21 -07:00
popd
#
2023-07-15 10:01:19 -07:00
pushd /home/free/Downloads
2023-07-14 21:34:21 -07:00
2023-07-15 11:29:18 -07:00
wget https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Updater/sovran_systemsOS_updater_local_installer/sovran_systemsOS_updater_install.sh
2023-07-15 08:02:23 -07:00
2023-07-15 11:29:18 -07:00
bash sovran_systemsOS_updater_install.sh
2023-07-14 21:34:21 -07:00
popd
#
2023-07-15 18:12:18 -07:00
mkdir -p /home/free/Pictures
2023-07-16 01:36:48 -07:00
pushd /home/free/Pictures
2023-07-15 14:03:29 -07:00
wget https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/Wallpaper_Dark_Wide.png
chown free:users /home/free -R
chmod 770 /home/free -R
popd
#
2023-07-15 19:34:35 -07:00
2023-07-16 19:40:26 -07:00
pushd /home/free/Downloads
sudo -u free wget https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/Sovran_SystemsOS-Desktop
popd
#
2023-07-15 19:34:35 -07:00
wp = $( cat /var/lib/secrets/wordpressdb)
sudo mysql -u root -e " SET PASSWORD FOR wpusr@localhost = PASSWORD(' ${ wp } ') " ;
#
mkdir /root/.ssh
mkdir -p /home/free/.ssh
2023-07-16 19:40:26 -07:00
chown free:users /home/free/.ssh -R
2023-07-15 19:34:35 -07:00
touch /root/.ssh/authorized_keys
sudo -u free ssh-keygen -q -N "gosovransystems" -t ed25519 -f /home/free/.ssh/factory_login
chmod 700 /home/free/.ssh -R
2023-07-16 19:40:26 -07:00
echo " $( cat /home/free/.ssh/factory_login.pub) " >> /root/.ssh/authorized_keys
2023-07-15 19:34:35 -07:00
#
2023-07-14 21:34:21 -07:00
sudo matrix-synapse-register_new_matrix_user -u admin -p a -a
sudo echo "no" | matrix-synapse-register_new_matrix_user -u test -p a
2023-08-25 12:31:39 -07:00
#
2023-08-03 12:53:21 -07:00
# This key is removed before shipping as it allows Sovran Systems to access the machine via root remotely.
2023-07-14 21:34:21 -07:00
2023-07-14 22:54:07 -07:00
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCQa3DEhx9RUtV0WopfFuL3cjQt2fBzp5wOg/hkj0FXyZXpp+F47Td1B9mKMNvucINaMQB6T0mW6c70fyT92gZO2OqCff6aeWovtTd9ynRgtJbny/qvVSShDbJcR7nSMeVPoDRaYs18fuA50guYnfoYAkaXyXPmVQ0uK84HwIB5j8gq6GMji7vv+TTNhDP8qOceUzt1DYPo9Z2JSnkFey+Z/fmxWJGsu+MSrA0/PPENEmf6L0ZSgxnu3gHEtdyX2hrFzjE16y3G0wSQzbWJb8MJO0KRSMcyvz6AzOSW4RYdXR1c+4JiciKRdnIAYYHfg7tnZT9wC9AzHjdEbmmrlF05mtjXKnxbPgGY0tlRSYo7B5E0k2zfi30MkIJ6kIE9TMM2z/+1KstrQN4OKBTGomBTYQaRQCT6dGpRTR+b8lOvUcnCSuat1sUC2M2VGFcBbDbKD0FyXy/vOk1pgA4I7GoESWQClnl+ntRg8HrW4oVTX2KpqR2CXjlF956HJGqHW6k= free@nixos" >> /root/.ssh/authorized_keys
#
2023-07-15 09:50:54 -07:00
2023-07-14 21:34:21 -07:00
set +x
echo -e " ${ GREEN } These four passwords are generated for convenience to use for the Web front end setup UI accounts for Nextcloud, Wordpress, VaultWarden, and BTCPayserver (if you want to use them). ${ ENDCOLOR } \n "
echo -e " $( pwgen -s 17 -1) \n "
echo -e " $( pwgen -s 17 -1) \n "
echo -e " $( pwgen -s 17 -1) \n "
echo -e " $( pwgen -s 17 -1) \n "
#
2023-07-16 19:40:26 -07:00
DOMAIN = $( cat /var/lib/domains/matrix)
cp -n /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/${ DOMAIN } /${ DOMAIN } .crt /var/lib/coturn/${ DOMAIN } .crt.pem
cp -n /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/${ DOMAIN } /${ DOMAIN } .key /var/lib/coturn/${ DOMAIN } .key.pem
bash /var/lib/external_ip/external_ip.sh
chown turnserver:turnserver /var/lib/coturn -R
chmod 770 /var/lib/coturn -R
#
pushd /etc/nixos
nix flake update
nixos-rebuild switch --impure
popd
#
2023-07-14 21:34:21 -07:00
echo -e " ${ LIGHTBLUE } One last thing, you need to put the Njalla DDNS info from Njalla into njalla.sh. ${ ENDCOLOR } \n "
echo -e " ${ GREEN } All Finished! Please Reboot then Enjoy your New Sovran Pro! ${ ENDCOLOR } \n "