diff options
Diffstat (limited to 'bootstrap.sh')
| -rw-r--r-- | bootstrap.sh | 285 |
1 files changed, 285 insertions, 0 deletions
diff --git a/bootstrap.sh b/bootstrap.sh new file mode 100644 index 0000000..b0e9eff --- /dev/null +++ b/bootstrap.sh @@ -0,0 +1,285 @@ +echo "[ 1/9] Setting up Git" + +if ! id git >/dev/null 2>&1; then + useradd -m -b /srv git + [ $? -eq 0 ] || exit $? +else + echo "[SKIP] Git user already created." +fi + +GIT_HOME=$( grep git /etc/passwd | cut -d: -f6 ) + +if [ "$GIT_HOME" = "" ]; then + echo "[ERROR] No git home!" + exit 1 +fi + +echo "[INFO] Git home: $GIT_HOME" + +if ! command -v git >/dev/null 2>&1; then + apt-get install -y git + [ $? -eq 0 ] || exit $? +else + echo "[SKIP] Git already installed." +fi + +if ls /usr/lib/git-core/git-http-backend >/dev/null 2>&1; then + GIT_HTTP_BACKEND=/usr/lib/git-core/git-http-backend +elif ls /usr/libexec/git-core/git-http-backend >/dev/null 2>&1; then + GIT_HTTP_BACKEND=/usr/libexec/git-core/git-http-backend +else + echo "[ERROR] git-http-backend not found!" + exit 1 +fi + +echo "[INFO] git-http-backend: $GIT_HTTP_BACKEND" + +echo "[ 2/9] Setting up cgit" + +if [ ! command -v /usr/share/webapps/cgit/cgit.cgi >/dev/null 2>&1 ] && + [ ! command -v /usr/lib/cgit/cgit.cgi >/dev/null 2>&1 ]; then + apt-get install -y cgit + [ $? -eq 0 ] || exit $? +else + echo "[SKIP] cgit already installed." +fi + +if command -v /usr/share/webapps/cgit/cgit.cgi >/dev/null 2>&1; then + CGIT_CGI=/usr/share/webapps/cgit/cgit.cgi +elif command -v /usr/lib/cgit/cgit.cgi >/dev/null 2>&1; then + CGIT_CGI=/usr/lib/cgit/cgit.cgi +else + echo "[ERROR] cgit not found!" + exit 1 +fi + +echo "[INFO] Found cgit: $CGIT_CGI" + +echo "[ 3/9] Setting up nginx" + +if ! command -v nginx >/dev/null 2>&1; then + apt-get install -y nginx + [ $? -eq 0 ] || exit $? +else + echo "[SKIP] nginx already installed." +fi + +echo "[ 4/9] Setting up certbot" + +if ! command -v certbot >/dev/null 2>&1; then + apt-get install -y python3-certbot-nginx + [ $? -eq 0 ] || exit $? +else + echo "[SKIP] certbot already installed." +fi + +echo "[ 5/9] Setting up fcgiwrap" + +if ! command -v fcgiwrap >/dev/null 2>&1; then + apt-get install -y fcgiwrap + [ $? -eq 0 ] || exit $? +else + echo "[SKIP] fcgiwrap already installed." +fi + +echo "[ 6/9] Setting up htpasswd" + +if ! command -v htpasswd >/dev/null 2>&1; then + apt-get install -y apache2-utils + [ $? -eq 0 ] || exit $? +else + echo "[SKIP] htpasswd already installed." +fi + +echo "[ 7/9] Setting up GCC" + +if ! command -v gcc >/dev/null 2>&1; then + apt-get install -y gcc + [ $? -eq 0 ] || exit $? +else + echo "[SKIP] GCC already installed." +fi + +echo "[ 8/9] Compiling and setting up CGI program" + +COMPILE="\ + -Wno-old-style-declaration \ + -Wno-missing-field-initializers -Wno-missing-braces \ + -Wall -Wextra -Werror -pedantic -mshstk \ + -O3 -o main main.c" + +SAN=-fsanitize=address,undefined,leak + +if gcc $SAN $COMPILE >/dev/null 2>&1; then + gcc $SAN $COMPILE + [ $? -eq 0 ] || exit $? +else + echo "[INFO] Sanitizers are disabled." + gcc $COMPILE + [ $? -eq 0 ] || exit $? +fi + +chown root:root main +[ $? -eq 0 ] || exit $? + +mv -f main /srv/ +[ $? -eq 0 ] || exit $? + +mv -f static /srv/static +[ $? -eq 0 ] || exit $? + +echo "[ 9/9] Configuring" + +if [ ! -d /etc/nginx/sites-available ]; then + mkdir /etc/nginx/sites-available + [ $? -eq 0 ] || exit $? +fi + +if [ ! -d /etc/nginx/sites-enabled ]; then + mkdir /etc/nginx/sites-enabled + [ $? -eq 0 ] || exit $? +fi + +if [ ! -f /etc/nginx/sites-enabled/default ]; then + ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default + [ $? -eq 0 ] || exit $? +fi + +cat <<EOF >/etc/nginx/sites-available/default +server { + listen 80; + listen [::]:80; + + server_name _; + + location ~ ^/git_write/ { + rewrite ^/git_write/(.*) /\$1 break; + + auth_basic "Git"; + auth_basic_user_file $GIT_HOME.htpasswd; + + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $GIT_HTTP_BACKEND; + fastcgi_param GIT_PROJECT_ROOT $GIT_HOME; + fastcgi_param PATH_INFO \$uri; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + location ~ ^/git_read/ { + rewrite ^/git_read/(.*) /\$1 break; + + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $GIT_HTTP_BACKEND; + fastcgi_param GIT_PROJECT_ROOT $GIT_HOME; + fastcgi_param PATH_INFO \$uri; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + location ~ \\.git { + if (\$arg_service = git-receive-pack) { + rewrite /(.*) /git_write/\$1 last; + } + if (\$uri ~ ^/.*/git-receive-pack\$) { + rewrite /(.*) /git_write/\$1 last; + } + if (\$arg_service = git-upload-pack) { + rewrite /(.*) /git_read/\$1 last; + } + if (\$uri ~ ^/.*/git-upload-pack\$) { + rewrite /(.*) /git_read/\$1 last; + } + } + + location ^~ /git/ { + rewrite ^/git/(.*) /\$1 break; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $CGIT_CGI; + fastcgi_param PATH_INFO \$uri; + fastcgi_param QUERY_STRING \$args; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + location ~* \\.(txt|asc|htm|css|svg|jpg|png|gif|ico|woff|woff2|js|wasm|mp3)\$ { + rewrite ^/(.*) /static/plain/\$1 break; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $CGIT_CGI; + fastcgi_param PATH_INFO \$uri; + fastcgi_param QUERY_STRING \$args; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + location / { + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME /srv/main.cgi; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } +} +EOF +[ $? -eq 0 ] || exit $? + +echo "[INFO] Written /etc/nginx/sites-available/default:" + +cat /etc/nginx/sites-available/default + +cat <<EOF >/etc/nginx/mime.types +types { + text/plain txt; + text/plain asc; + text/html htm; + text/css css; + image/svg+xml svg; + image/jpeg jpg; + image/png png; + image/gif gif; + image/x-icon ico; + application/font-woff woff; + application/font-woff2 woff2; + application/javascript js; + application/wasm wasm; + audio/mpeg mp3; +} +EOF +[ $? -eq 0 ] || exit $? + +echo "[INFO] Written /etc/nginx/mime.types:" + +cat /etc/nginx/mime.types + +cat <<EOF >/etc/nginx/nginx.conf +user git; +worker_processes 1; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; +} + +http { + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + server_names_hash_bucket_size 256; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + gzip on; + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} +EOF +[ $? -eq 0 ] || exit $? + +echo "[INFO] Written /etc/nginx/nginx.conf:" + +cat /etc/nginx/nginx.conf + +echo "[INFO] All done!" |