diff --git a/for_new_sovran_pros/psp.sh b/for_new_sovran_pros/psp.sh new file mode 100644 index 0000000..5198f30 --- /dev/null +++ b/for_new_sovran_pros/psp.sh @@ -0,0 +1,117 @@ +#!/usr/bin/env bash + +### First make sure USB Flash Drive has latest NixOS image + +### Then plug in power and ether cord to new blank Sovran Pro and then plug in USB Flash Drive with the NixOS installer image; then turn on. + +### Second once booted into the installer image type: + + ### "sudo su" + ### "passwd" + ### then type "a" + ### then "ip a" + + +#### Third - GO TO LAPTOP and send script to the HOUSE-SOVRANPRO... + + ### rsync -avP -e "ssh -i ~/.ssh/sovransystems" /home/free/Documents/Sovran\ Systems/Sovran\ Pro\ Scripts/Step_2_pspv2 root@172.88.122.161:/home/free/Documents/New_Install_Scripts + + +#### Fourth - FROM LAPTOP LOGIN to the HOUSE-SOVRANPRO transfer this script to The New Sovran Pro... + + ### Open terminal Log into the HOUSE-SOVRANPRO + + ### ssh -i ~/.ssh/sovransystems root@172.88.122.161 + + ### NOW WHILE LOGGED INTO HOUSE-SOVRANPRO type... + + ### rsync -avP -e ssh /home/free/Documents/New_Install_Scripts/Step_2_psp root@192.168.0.?:/root + + +## Then log in with ssh root@192.168.1.[whatever is the ip of the New Sovran Pro] + +## Then run bash Step_2_psp + +GREEN="\e[32m" +LIGHTBLUE="\e[94m" +ENDCOLOR="\e[0m" + +lsblk + +echo -e "${GREEN}What block for Root drive (usually sda)?${ENDCOLOR}";read commitroot + +parted /dev/"$commitroot" -- mklabel gpt +parted /dev/"$commitroot" -- mkpart primary 512MB -7MB +parted /dev/"$commitroot" -- mkpart ESP fat32 1MB 512MB +parted /dev/"$commitroot" -- set 2 esp on + +lsblk + +echo -e "${GREEN}What partition for Root drive (usually sda1)?${ENDCOLOR}";read commitrootpartition + +echo -e "${GREEN}What partition for Boot drive (usually sda2)?${ENDCOLOR}";read commitbootpartition + +mkfs.ext4 -L nixos /dev/"$commitrootpartition" + +mkfs.fat -F 32 -n boot /dev/"$commitbootpartition" + +mount /dev/disk/by-label/nixos /mnt + +mkdir -p /mnt/boot/efi + +mount /dev/disk/by-label/boot /mnt/boot/efi + +nixos-generate-config --root /mnt + +rm /mnt/etc/nixos/configuration.nix + +cat <> /mnt/etc/nixos/configuration.nix +{ config, pkgs, ... }: { + imports = [ + ./hardware-configuration.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.efiSysMountPoint = "/boot/efi"; + + nix = { + package = pkgs.nixUnstable; + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; + + environment.systemPackages = with pkgs; [ + wget + git + ranger + fish + ]; + + services.openssh = { + enable = true; + permitRootLogin = "yes"; + }; +} + +EOT + +nixos-install + +reboot + +#### After reboot from Laptop WHILE LOGGED INTO The TestSovranPro + + ### rsync -avP -e ssh /root/.ssh/authorized_keys root@192.168.[whatever is the ip of the New Sovran Pro]:/root/ + +### Then type login into the New Sovran Pro to send the sp script: + + ### "ssh root@192.168.1.[whatever the ip is]" + ### then password is "a" + ### then wget command... + ### "wget https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/sp" + +#### Then type: + + ### "bash sp" (which the script "sp" is Step 3) diff --git a/for_new_sovran_pros/sp.sh b/for_new_sovran_pros/sp.sh new file mode 100644 index 0000000..9e01b03 --- /dev/null +++ b/for_new_sovran_pros/sp.sh @@ -0,0 +1,347 @@ +#!/usr/bin/env bash + +set -o nounset + +GREEN="\e[32m" +LIGHTBLUE="\e[94m" +ENDCOLOR="\e[0m" + +# + +pushd /etc/nixos/ + + wget https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/flake.nix + + chown root:root /etc/nixos/ -R + + chmod 770 /etc/nixos/ -R + +popd + +# + +mkdir /var/lib/domains + +touch /var/lib/domains/btcpayserver +touch /var/lib/domains/matrix +touch /var/lib/domains/nextcloud +touch /var/lib/domains/onlyoffice +touch /var/lib/domains/sslemail +touch /var/lib/domains/vaultwarden +touch /var/lib/domains/wordpress + +# + +mkdir /var/lib/nextcloudaddition + +cat <> /var/lib/nextcloudaddition/nextcloudaddition + 'trusted_proxies' => + array ( + 0 => '127.0.0.1', + ), + 'default_locale' => 'en_US', + 'default_phone_region' => 'US', + 'filelocking.enabled' => true, + 'memcache.local' => '\OC\Memcache\APCu', + +EOT + +# + +mkdir /var/lib/njalla/ + +cat <> /var/lib/njalla/njalla.sh + +#!/usr/bin/env bash + +IP=$(wget -qO- https://ipecho.net/plain ; echo) + +##Add DDNS Script From Njalla User Account + +curl "https://...${IP}" + + +EOT + +# + +mkdir /var/lib/external_ip + +cat <> /var/lib/external_ip/external_ip.sh + +#!/usr/bin/env bash + +wget -qO- https://ipecho.net/plain ; echo > /var/lib/secrets/external_ip + + +EOT + +# + +mkdir /var/lib/agenix-secrets/ + +cat <> /var/lib/agenix-secrets/secrets.nix + +let + + root = + +in +{ + + "wordpressdb.age".publicKeys = [ root ]; + + "matrixdb.age".publicKeys = [ root ]; + + "nextclouddb.age".publicKeys = [ root ]; + + "turn.age".publicKeys = [ root ]; + + "matrix_reg_secret.age".publicKeys = [ root ]; + +} + + +EOT + +# + +ssh-keygen -q -N "" -t ed25519 -f /root/.ssh/agenix/agenix-secret-keys + +sed -i -e "0,/root.*/{s::root = $(cat /root/.ssh/agenix/agenix-secret-keys.pub):};s:root@nixos::" /var/lib/agenix-secrets/secrets.nix + +sed -i 's:\(root =[[:blank:]]*\)\(.*\):\1"\2";:' /var/lib/agenix-secrets/secrets.nix + +# + +echo -n $(pwgen -s 17 -1) > /var/lib/secrets/nextclouddb +echo -n $(pwgen -s 17 -1) > /var/lib/secrets/wordpressdb +echo -n $(pwgen -s 17 -1) > /var/lib/secrets/matrixdb +echo -n $(pwgen -s 17 -1) > /var/lib/secrets/turn +echo -n $(pwgen -s 17 -1) > /var/lib/secrets/matrix_reg_secret +echo -n $(pwgen -s 17 -1) > /var/lib/secrets/main +echo -n $(pwgen -s 17 -1) > /var/lib/secrets/onlyofficejwtSecretFile +echo -n ADMIN_TOKEN=$(openssl rand -base64 48 +) > /var/lib/secrets/vaultwarden/vaultwarden.env + +# + +pushd /var/lib/agenix-secrets/ + + echo -n $(cat /var/lib/secrets/wordpressdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e wordpressdb.age -i /root/.ssh/agenix/agenix-secret-keys + + echo -n $(cat /var/lib/secrets/nextclouddb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e nextclouddb.age -i /root/.ssh/agenix/agenix-secret-keys + + echo -n $(cat /var/lib/secrets/matrixdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrixdb.age -i /root/.ssh/agenix/agenix-secret-keys + + echo -n $(cat /var/lib/secrets/turn) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e turn.age -i /root/.ssh/agenix/agenix-secret-keys + + echo -n $(cat /var/lib/secrets/matrix_reg_secret) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrix_reg_secret.age -i /root/.ssh/agenix/agenix-secret-keys + +popd + +# + +nixos-rebuild switch --impure + +# + +chown root:root /var/lib/secrets/main -R + +chown root:root /var/lib/secrets/external_ip -R + +chown matrix-synapse:matrix-synapse /var/lib/secrets/matrix_reg_secret -R + +chown matrix-synapse:matrix-synapse /var/lib/secrets/matrixdb -R + +chown postgres:postgres /var/lib/secrets/nextclouddb -R + +chown turnserver:turnserver /var/lib/secrets/turn -R + +chown mysql:mysql /var/lib/secrets/wordpressdb -R + +chown vaultwarden:vaultwarden /var/lib/secrets/vaultwarden -R + +chown onlyoffice:onlyoffice /var/lib/secrets/onlyofficejwtSecretFile + +chmod 770 /var/lib/secrets/ -R + +# + +echo -e "${GREEN}What is your New Matrix (Element Chat) domain name?${ENDCOLOR}" +read +echo -n $REPLY > /var/lib/domains/matrix + +echo -e "${GREEN}What is your New Wordpress domain name?${ENDCOLOR}" +read +echo -n $REPLY > /var/lib/domains/wordpress + +echo -e "${GREEN}What is your New Nextcloud domain name?${ENDCOLOR}" +read +echo -n $REPLY > /var/lib/domains/nextcloud + +echo -e "${GREEN}What is your New BTCPayserver domain name?${ENDCOLOR}" +read +echo -n $REPLY > /var/lib/domains/btcpayserver + +echo -e "${GREEN}What is your New Vaultwarden domain name?${ENDCOLOR}" +read +echo -n $REPLY > /var/lib/domains/vaultwarden + +echo -e "${GREEN}What is your New OnlyOffice domain name?${ENDCOLOR}" +read +echo -n $REPLY > /var/lib/domains/onlyoffice + +echo -e "${GREEN}What is the email you would like to use to manage the SSL certificates for your domains?${ENDCOLOR}" +read +echo -n $REPLY > /var/lib/domains/sslemail + + +chown caddy:php /var/lib/domains -R + +chmod 770 /var/lib/domains -R + +# + +set -x + +# + +wget -P /var/lib/www/downloadwp https://wordpress.org/latest.zip + +wget -P /var/lib/www/downloadnc https://download.nextcloud.com/server/releases/latest.zip + +unzip /var/lib/www/downloadwp/latest.zip -d /var/lib/www/ + +unzip /var/lib/www/downloadnc/latest.zip -d /var/lib/www/ + +rm -rf /var/lib/www/downloadwp + +rm -rf /var/lib/www/downloadnc + +chown caddy:php /var/lib/www -R + +chmod 770 /var/lib/www -R + +# + +mkdir /var/lib/nextcloud + +chown caddy:php /var/lib/nextcloud -R + +chmod 770 /var/lib/nextcloud -R + +# + +mkdir /var/lib/coturn + +chown turnserver:turnserver /var/lib/coturn -R + +chmod 770 /var/lib/coturn -R + +# + +echo "root:$(cat /var/lib/secrets/main)" | chpasswd -c SHA512 + +# + +sudo -u free flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo +flatpak update + +# + +sudo -u free ssh-keygen -q -N "gosovransytems" -t ed25519 -f /home/free/.ssh/factory_login + +sed -i -e "0,/ssh-ed25519.*/{ s::$(cat /home/free/.ssh/factory_login.pub): }" /root/.ssh/authorized_keys + +# + +echo "free:a" | chpasswd -c SHA512 + +# + +rm -rf /root/sp + +rm -rf /root/factory_login_install + +rm -rf /home/free/.ssh/sovranpro_login + +rm -rf /home/free/.ssh/sovranpro_login.pub + + +chown bitcoin:bitcoin /run/media/Second_Drive/BTCEcoandBackup/Bitcoin_Node -R + +chmod 770 /run/media/Second_Drive/BTCEcoandBackup/Bitcoin_Node -R + +chown electrs:electrs /run/media/Second_Drive/BTCEcoandBackup/Electrs_Data -R + +chmod 770 /run/media/Second_Drive/BTCEcoandBackup/Electrs_Data -R + +nixos-rebuild switch --impure + + +# + +wget https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Reseter/sovran_systemsOS_reseter_local_installer/sovran_systemsOS_reseter_install.sh + +pushd ~/Downloads + +sudo -u free bash sovran_systemsOS_reseter_install.sh + +popd + +# + +wget https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Updater/sovran_systemsOS_updater_local_installer/sovran_systemsOS_updater_install.sh + +pushd ~/Downloads + +sudo -u free bash sovran_systemsOS_updater_install.sh + +popd + +# + +sudo matrix-synapse-register_new_matrix_user -u admin -p a -a + +sudo echo "no" | matrix-synapse-register_new_matrix_user -u test -p a + +# + +DOMAIN=$(cat /var/lib/domains/matrix) + + +cp -n /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/${DOMAIN}/${DOMAIN}.crt /var/lib/coturn/${DOMAIN}.crt.pem + +cp -n /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/${DOMAIN}/${DOMAIN}.key /var/lib/coturn/${DOMAIN}.key.pem + +chown turnserver:turnserver /var/lib/coturn -R + +chmod 770 /var/lib/coturn -R + +systemctl restart coturn + +# + +sed -i '$e cat /var/lib/nextcloudaddition/nextcloudaddition' /var/lib/www/nextcloud/config/config.php + +chown caddy:php /var/lib/www -R + +chmod 770 /var/lib/www -R + +# + +set +x + +echo -e "${GREEN}These four passwords are generated for convenience to use for the Web front end setup UI accounts for Nextcloud, Wordpress, VaultWarden, and BTCPayserver (if you want to use them).${ENDCOLOR} \n" + +echo -e "$(pwgen -s 17 -1) \n" +echo -e "$(pwgen -s 17 -1) \n" +echo -e "$(pwgen -s 17 -1) \n" +echo -e "$(pwgen -s 17 -1) \n" + +# + +echo -e "${LIGHTBLUE}One last thing, you need to put the Njalla DDNS info from Njalla into njalla.sh.${ENDCOLOR} \n" + +echo -e "${GREEN}All Finished! Please Reboot then Enjoy your New Sovran Pro!${ENDCOLOR} \n"