updated sp and rename sp.sh and added psp.sh
This commit is contained in:
parent
8bfe05b8a7
commit
cd8175c4bc
117
for_new_sovran_pros/psp.sh
Normal file
117
for_new_sovran_pros/psp.sh
Normal file
@ -0,0 +1,117 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
### First make sure USB Flash Drive has latest NixOS image
|
||||||
|
|
||||||
|
### Then plug in power and ether cord to new blank Sovran Pro and then plug in USB Flash Drive with the NixOS installer image; then turn on.
|
||||||
|
|
||||||
|
### Second once booted into the installer image type:
|
||||||
|
|
||||||
|
### "sudo su"
|
||||||
|
### "passwd"
|
||||||
|
### then type "a"
|
||||||
|
### then "ip a"
|
||||||
|
|
||||||
|
|
||||||
|
#### Third - GO TO LAPTOP and send script to the HOUSE-SOVRANPRO...
|
||||||
|
|
||||||
|
### rsync -avP -e "ssh -i ~/.ssh/sovransystems" /home/free/Documents/Sovran\ Systems/Sovran\ Pro\ Scripts/Step_2_pspv2 root@172.88.122.161:/home/free/Documents/New_Install_Scripts
|
||||||
|
|
||||||
|
|
||||||
|
#### Fourth - FROM LAPTOP LOGIN to the HOUSE-SOVRANPRO transfer this script to The New Sovran Pro...
|
||||||
|
|
||||||
|
### Open terminal Log into the HOUSE-SOVRANPRO
|
||||||
|
|
||||||
|
### ssh -i ~/.ssh/sovransystems root@172.88.122.161
|
||||||
|
|
||||||
|
### NOW WHILE LOGGED INTO HOUSE-SOVRANPRO type...
|
||||||
|
|
||||||
|
### rsync -avP -e ssh /home/free/Documents/New_Install_Scripts/Step_2_psp root@192.168.0.?:/root
|
||||||
|
|
||||||
|
|
||||||
|
## Then log in with ssh root@192.168.1.[whatever is the ip of the New Sovran Pro]
|
||||||
|
|
||||||
|
## Then run bash Step_2_psp
|
||||||
|
|
||||||
|
GREEN="\e[32m"
|
||||||
|
LIGHTBLUE="\e[94m"
|
||||||
|
ENDCOLOR="\e[0m"
|
||||||
|
|
||||||
|
lsblk
|
||||||
|
|
||||||
|
echo -e "${GREEN}What block for Root drive (usually sda)?${ENDCOLOR}";read commitroot
|
||||||
|
|
||||||
|
parted /dev/"$commitroot" -- mklabel gpt
|
||||||
|
parted /dev/"$commitroot" -- mkpart primary 512MB -7MB
|
||||||
|
parted /dev/"$commitroot" -- mkpart ESP fat32 1MB 512MB
|
||||||
|
parted /dev/"$commitroot" -- set 2 esp on
|
||||||
|
|
||||||
|
lsblk
|
||||||
|
|
||||||
|
echo -e "${GREEN}What partition for Root drive (usually sda1)?${ENDCOLOR}";read commitrootpartition
|
||||||
|
|
||||||
|
echo -e "${GREEN}What partition for Boot drive (usually sda2)?${ENDCOLOR}";read commitbootpartition
|
||||||
|
|
||||||
|
mkfs.ext4 -L nixos /dev/"$commitrootpartition"
|
||||||
|
|
||||||
|
mkfs.fat -F 32 -n boot /dev/"$commitbootpartition"
|
||||||
|
|
||||||
|
mount /dev/disk/by-label/nixos /mnt
|
||||||
|
|
||||||
|
mkdir -p /mnt/boot/efi
|
||||||
|
|
||||||
|
mount /dev/disk/by-label/boot /mnt/boot/efi
|
||||||
|
|
||||||
|
nixos-generate-config --root /mnt
|
||||||
|
|
||||||
|
rm /mnt/etc/nixos/configuration.nix
|
||||||
|
|
||||||
|
cat <<EOT >> /mnt/etc/nixos/configuration.nix
|
||||||
|
{ config, pkgs, ... }: {
|
||||||
|
imports = [
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
package = pkgs.nixUnstable;
|
||||||
|
extraOptions = ''
|
||||||
|
experimental-features = nix-command flakes
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
wget
|
||||||
|
git
|
||||||
|
ranger
|
||||||
|
fish
|
||||||
|
];
|
||||||
|
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
permitRootLogin = "yes";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
EOT
|
||||||
|
|
||||||
|
nixos-install
|
||||||
|
|
||||||
|
reboot
|
||||||
|
|
||||||
|
#### After reboot from Laptop WHILE LOGGED INTO The TestSovranPro
|
||||||
|
|
||||||
|
### rsync -avP -e ssh /root/.ssh/authorized_keys root@192.168.[whatever is the ip of the New Sovran Pro]:/root/
|
||||||
|
|
||||||
|
### Then type login into the New Sovran Pro to send the sp script:
|
||||||
|
|
||||||
|
### "ssh root@192.168.1.[whatever the ip is]"
|
||||||
|
### then password is "a"
|
||||||
|
### then wget command...
|
||||||
|
### "wget https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/sp"
|
||||||
|
|
||||||
|
#### Then type:
|
||||||
|
|
||||||
|
### "bash sp" (which the script "sp" is Step 3)
|
347
for_new_sovran_pros/sp.sh
Normal file
347
for_new_sovran_pros/sp.sh
Normal file
@ -0,0 +1,347 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -o nounset
|
||||||
|
|
||||||
|
GREEN="\e[32m"
|
||||||
|
LIGHTBLUE="\e[94m"
|
||||||
|
ENDCOLOR="\e[0m"
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
pushd /etc/nixos/
|
||||||
|
|
||||||
|
wget https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/flake.nix
|
||||||
|
|
||||||
|
chown root:root /etc/nixos/ -R
|
||||||
|
|
||||||
|
chmod 770 /etc/nixos/ -R
|
||||||
|
|
||||||
|
popd
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
mkdir /var/lib/domains
|
||||||
|
|
||||||
|
touch /var/lib/domains/btcpayserver
|
||||||
|
touch /var/lib/domains/matrix
|
||||||
|
touch /var/lib/domains/nextcloud
|
||||||
|
touch /var/lib/domains/onlyoffice
|
||||||
|
touch /var/lib/domains/sslemail
|
||||||
|
touch /var/lib/domains/vaultwarden
|
||||||
|
touch /var/lib/domains/wordpress
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
mkdir /var/lib/nextcloudaddition
|
||||||
|
|
||||||
|
cat <<EOT >> /var/lib/nextcloudaddition/nextcloudaddition
|
||||||
|
'trusted_proxies' =>
|
||||||
|
array (
|
||||||
|
0 => '127.0.0.1',
|
||||||
|
),
|
||||||
|
'default_locale' => 'en_US',
|
||||||
|
'default_phone_region' => 'US',
|
||||||
|
'filelocking.enabled' => true,
|
||||||
|
'memcache.local' => '\OC\Memcache\APCu',
|
||||||
|
|
||||||
|
EOT
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
mkdir /var/lib/njalla/
|
||||||
|
|
||||||
|
cat <<EOT >> /var/lib/njalla/njalla.sh
|
||||||
|
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
IP=$(wget -qO- https://ipecho.net/plain ; echo)
|
||||||
|
|
||||||
|
##Add DDNS Script From Njalla User Account
|
||||||
|
|
||||||
|
curl "https://...${IP}"
|
||||||
|
|
||||||
|
|
||||||
|
EOT
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
mkdir /var/lib/external_ip
|
||||||
|
|
||||||
|
cat <<EOT >> /var/lib/external_ip/external_ip.sh
|
||||||
|
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
wget -qO- https://ipecho.net/plain ; echo > /var/lib/secrets/external_ip
|
||||||
|
|
||||||
|
|
||||||
|
EOT
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
mkdir /var/lib/agenix-secrets/
|
||||||
|
|
||||||
|
cat <<EOT >> /var/lib/agenix-secrets/secrets.nix
|
||||||
|
|
||||||
|
let
|
||||||
|
|
||||||
|
root =
|
||||||
|
|
||||||
|
in
|
||||||
|
{
|
||||||
|
|
||||||
|
"wordpressdb.age".publicKeys = [ root ];
|
||||||
|
|
||||||
|
"matrixdb.age".publicKeys = [ root ];
|
||||||
|
|
||||||
|
"nextclouddb.age".publicKeys = [ root ];
|
||||||
|
|
||||||
|
"turn.age".publicKeys = [ root ];
|
||||||
|
|
||||||
|
"matrix_reg_secret.age".publicKeys = [ root ];
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
EOT
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
ssh-keygen -q -N "" -t ed25519 -f /root/.ssh/agenix/agenix-secret-keys
|
||||||
|
|
||||||
|
sed -i -e "0,/root.*/{s::root = $(cat /root/.ssh/agenix/agenix-secret-keys.pub):};s:root@nixos::" /var/lib/agenix-secrets/secrets.nix
|
||||||
|
|
||||||
|
sed -i 's:\(root =[[:blank:]]*\)\(.*\):\1"\2";:' /var/lib/agenix-secrets/secrets.nix
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
echo -n $(pwgen -s 17 -1) > /var/lib/secrets/nextclouddb
|
||||||
|
echo -n $(pwgen -s 17 -1) > /var/lib/secrets/wordpressdb
|
||||||
|
echo -n $(pwgen -s 17 -1) > /var/lib/secrets/matrixdb
|
||||||
|
echo -n $(pwgen -s 17 -1) > /var/lib/secrets/turn
|
||||||
|
echo -n $(pwgen -s 17 -1) > /var/lib/secrets/matrix_reg_secret
|
||||||
|
echo -n $(pwgen -s 17 -1) > /var/lib/secrets/main
|
||||||
|
echo -n $(pwgen -s 17 -1) > /var/lib/secrets/onlyofficejwtSecretFile
|
||||||
|
echo -n ADMIN_TOKEN=$(openssl rand -base64 48
|
||||||
|
) > /var/lib/secrets/vaultwarden/vaultwarden.env
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
pushd /var/lib/agenix-secrets/
|
||||||
|
|
||||||
|
echo -n $(cat /var/lib/secrets/wordpressdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e wordpressdb.age -i /root/.ssh/agenix/agenix-secret-keys
|
||||||
|
|
||||||
|
echo -n $(cat /var/lib/secrets/nextclouddb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e nextclouddb.age -i /root/.ssh/agenix/agenix-secret-keys
|
||||||
|
|
||||||
|
echo -n $(cat /var/lib/secrets/matrixdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrixdb.age -i /root/.ssh/agenix/agenix-secret-keys
|
||||||
|
|
||||||
|
echo -n $(cat /var/lib/secrets/turn) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e turn.age -i /root/.ssh/agenix/agenix-secret-keys
|
||||||
|
|
||||||
|
echo -n $(cat /var/lib/secrets/matrix_reg_secret) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrix_reg_secret.age -i /root/.ssh/agenix/agenix-secret-keys
|
||||||
|
|
||||||
|
popd
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
nixos-rebuild switch --impure
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
chown root:root /var/lib/secrets/main -R
|
||||||
|
|
||||||
|
chown root:root /var/lib/secrets/external_ip -R
|
||||||
|
|
||||||
|
chown matrix-synapse:matrix-synapse /var/lib/secrets/matrix_reg_secret -R
|
||||||
|
|
||||||
|
chown matrix-synapse:matrix-synapse /var/lib/secrets/matrixdb -R
|
||||||
|
|
||||||
|
chown postgres:postgres /var/lib/secrets/nextclouddb -R
|
||||||
|
|
||||||
|
chown turnserver:turnserver /var/lib/secrets/turn -R
|
||||||
|
|
||||||
|
chown mysql:mysql /var/lib/secrets/wordpressdb -R
|
||||||
|
|
||||||
|
chown vaultwarden:vaultwarden /var/lib/secrets/vaultwarden -R
|
||||||
|
|
||||||
|
chown onlyoffice:onlyoffice /var/lib/secrets/onlyofficejwtSecretFile
|
||||||
|
|
||||||
|
chmod 770 /var/lib/secrets/ -R
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
echo -e "${GREEN}What is your New Matrix (Element Chat) domain name?${ENDCOLOR}"
|
||||||
|
read
|
||||||
|
echo -n $REPLY > /var/lib/domains/matrix
|
||||||
|
|
||||||
|
echo -e "${GREEN}What is your New Wordpress domain name?${ENDCOLOR}"
|
||||||
|
read
|
||||||
|
echo -n $REPLY > /var/lib/domains/wordpress
|
||||||
|
|
||||||
|
echo -e "${GREEN}What is your New Nextcloud domain name?${ENDCOLOR}"
|
||||||
|
read
|
||||||
|
echo -n $REPLY > /var/lib/domains/nextcloud
|
||||||
|
|
||||||
|
echo -e "${GREEN}What is your New BTCPayserver domain name?${ENDCOLOR}"
|
||||||
|
read
|
||||||
|
echo -n $REPLY > /var/lib/domains/btcpayserver
|
||||||
|
|
||||||
|
echo -e "${GREEN}What is your New Vaultwarden domain name?${ENDCOLOR}"
|
||||||
|
read
|
||||||
|
echo -n $REPLY > /var/lib/domains/vaultwarden
|
||||||
|
|
||||||
|
echo -e "${GREEN}What is your New OnlyOffice domain name?${ENDCOLOR}"
|
||||||
|
read
|
||||||
|
echo -n $REPLY > /var/lib/domains/onlyoffice
|
||||||
|
|
||||||
|
echo -e "${GREEN}What is the email you would like to use to manage the SSL certificates for your domains?${ENDCOLOR}"
|
||||||
|
read
|
||||||
|
echo -n $REPLY > /var/lib/domains/sslemail
|
||||||
|
|
||||||
|
|
||||||
|
chown caddy:php /var/lib/domains -R
|
||||||
|
|
||||||
|
chmod 770 /var/lib/domains -R
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
set -x
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
wget -P /var/lib/www/downloadwp https://wordpress.org/latest.zip
|
||||||
|
|
||||||
|
wget -P /var/lib/www/downloadnc https://download.nextcloud.com/server/releases/latest.zip
|
||||||
|
|
||||||
|
unzip /var/lib/www/downloadwp/latest.zip -d /var/lib/www/
|
||||||
|
|
||||||
|
unzip /var/lib/www/downloadnc/latest.zip -d /var/lib/www/
|
||||||
|
|
||||||
|
rm -rf /var/lib/www/downloadwp
|
||||||
|
|
||||||
|
rm -rf /var/lib/www/downloadnc
|
||||||
|
|
||||||
|
chown caddy:php /var/lib/www -R
|
||||||
|
|
||||||
|
chmod 770 /var/lib/www -R
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
mkdir /var/lib/nextcloud
|
||||||
|
|
||||||
|
chown caddy:php /var/lib/nextcloud -R
|
||||||
|
|
||||||
|
chmod 770 /var/lib/nextcloud -R
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
mkdir /var/lib/coturn
|
||||||
|
|
||||||
|
chown turnserver:turnserver /var/lib/coturn -R
|
||||||
|
|
||||||
|
chmod 770 /var/lib/coturn -R
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
echo "root:$(cat /var/lib/secrets/main)" | chpasswd -c SHA512
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
sudo -u free flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
|
||||||
|
flatpak update
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
sudo -u free ssh-keygen -q -N "gosovransytems" -t ed25519 -f /home/free/.ssh/factory_login
|
||||||
|
|
||||||
|
sed -i -e "0,/ssh-ed25519.*/{ s::$(cat /home/free/.ssh/factory_login.pub): }" /root/.ssh/authorized_keys
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
echo "free:a" | chpasswd -c SHA512
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
rm -rf /root/sp
|
||||||
|
|
||||||
|
rm -rf /root/factory_login_install
|
||||||
|
|
||||||
|
rm -rf /home/free/.ssh/sovranpro_login
|
||||||
|
|
||||||
|
rm -rf /home/free/.ssh/sovranpro_login.pub
|
||||||
|
|
||||||
|
|
||||||
|
chown bitcoin:bitcoin /run/media/Second_Drive/BTCEcoandBackup/Bitcoin_Node -R
|
||||||
|
|
||||||
|
chmod 770 /run/media/Second_Drive/BTCEcoandBackup/Bitcoin_Node -R
|
||||||
|
|
||||||
|
chown electrs:electrs /run/media/Second_Drive/BTCEcoandBackup/Electrs_Data -R
|
||||||
|
|
||||||
|
chmod 770 /run/media/Second_Drive/BTCEcoandBackup/Electrs_Data -R
|
||||||
|
|
||||||
|
nixos-rebuild switch --impure
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
wget https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Reseter/sovran_systemsOS_reseter_local_installer/sovran_systemsOS_reseter_install.sh
|
||||||
|
|
||||||
|
pushd ~/Downloads
|
||||||
|
|
||||||
|
sudo -u free bash sovran_systemsOS_reseter_install.sh
|
||||||
|
|
||||||
|
popd
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
wget https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Updater/sovran_systemsOS_updater_local_installer/sovran_systemsOS_updater_install.sh
|
||||||
|
|
||||||
|
pushd ~/Downloads
|
||||||
|
|
||||||
|
sudo -u free bash sovran_systemsOS_updater_install.sh
|
||||||
|
|
||||||
|
popd
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
sudo matrix-synapse-register_new_matrix_user -u admin -p a -a
|
||||||
|
|
||||||
|
sudo echo "no" | matrix-synapse-register_new_matrix_user -u test -p a
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
DOMAIN=$(cat /var/lib/domains/matrix)
|
||||||
|
|
||||||
|
|
||||||
|
cp -n /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/${DOMAIN}/${DOMAIN}.crt /var/lib/coturn/${DOMAIN}.crt.pem
|
||||||
|
|
||||||
|
cp -n /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/${DOMAIN}/${DOMAIN}.key /var/lib/coturn/${DOMAIN}.key.pem
|
||||||
|
|
||||||
|
chown turnserver:turnserver /var/lib/coturn -R
|
||||||
|
|
||||||
|
chmod 770 /var/lib/coturn -R
|
||||||
|
|
||||||
|
systemctl restart coturn
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
sed -i '$e cat /var/lib/nextcloudaddition/nextcloudaddition' /var/lib/www/nextcloud/config/config.php
|
||||||
|
|
||||||
|
chown caddy:php /var/lib/www -R
|
||||||
|
|
||||||
|
chmod 770 /var/lib/www -R
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
set +x
|
||||||
|
|
||||||
|
echo -e "${GREEN}These four passwords are generated for convenience to use for the Web front end setup UI accounts for Nextcloud, Wordpress, VaultWarden, and BTCPayserver (if you want to use them).${ENDCOLOR} \n"
|
||||||
|
|
||||||
|
echo -e "$(pwgen -s 17 -1) \n"
|
||||||
|
echo -e "$(pwgen -s 17 -1) \n"
|
||||||
|
echo -e "$(pwgen -s 17 -1) \n"
|
||||||
|
echo -e "$(pwgen -s 17 -1) \n"
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
echo -e "${LIGHTBLUE}One last thing, you need to put the Njalla DDNS info from Njalla into njalla.sh.${ENDCOLOR} \n"
|
||||||
|
|
||||||
|
echo -e "${GREEN}All Finished! Please Reboot then Enjoy your New Sovran Pro!${ENDCOLOR} \n"
|
Loading…
Reference in New Issue
Block a user