From 0242504a0eecb3543f47d6d6c4ef3e38ee322534 Mon Sep 17 00:00:00 2001 From: Mitya Selivanov Date: Sat, 22 Feb 2025 17:07:12 +0100 Subject: Knock-knock cookie (work in progress) --- bootstrap.sh | 285 ----------------------------------------------------------- 1 file changed, 285 deletions(-) delete mode 100644 bootstrap.sh (limited to 'bootstrap.sh') diff --git a/bootstrap.sh b/bootstrap.sh deleted file mode 100644 index b0e9eff..0000000 --- a/bootstrap.sh +++ /dev/null @@ -1,285 +0,0 @@ -echo "[ 1/9] Setting up Git" - -if ! id git >/dev/null 2>&1; then - useradd -m -b /srv git - [ $? -eq 0 ] || exit $? -else - echo "[SKIP] Git user already created." -fi - -GIT_HOME=$( grep git /etc/passwd | cut -d: -f6 ) - -if [ "$GIT_HOME" = "" ]; then - echo "[ERROR] No git home!" - exit 1 -fi - -echo "[INFO] Git home: $GIT_HOME" - -if ! command -v git >/dev/null 2>&1; then - apt-get install -y git - [ $? -eq 0 ] || exit $? -else - echo "[SKIP] Git already installed." -fi - -if ls /usr/lib/git-core/git-http-backend >/dev/null 2>&1; then - GIT_HTTP_BACKEND=/usr/lib/git-core/git-http-backend -elif ls /usr/libexec/git-core/git-http-backend >/dev/null 2>&1; then - GIT_HTTP_BACKEND=/usr/libexec/git-core/git-http-backend -else - echo "[ERROR] git-http-backend not found!" - exit 1 -fi - -echo "[INFO] git-http-backend: $GIT_HTTP_BACKEND" - -echo "[ 2/9] Setting up cgit" - -if [ ! command -v /usr/share/webapps/cgit/cgit.cgi >/dev/null 2>&1 ] && - [ ! command -v /usr/lib/cgit/cgit.cgi >/dev/null 2>&1 ]; then - apt-get install -y cgit - [ $? -eq 0 ] || exit $? -else - echo "[SKIP] cgit already installed." -fi - -if command -v /usr/share/webapps/cgit/cgit.cgi >/dev/null 2>&1; then - CGIT_CGI=/usr/share/webapps/cgit/cgit.cgi -elif command -v /usr/lib/cgit/cgit.cgi >/dev/null 2>&1; then - CGIT_CGI=/usr/lib/cgit/cgit.cgi -else - echo "[ERROR] cgit not found!" - exit 1 -fi - -echo "[INFO] Found cgit: $CGIT_CGI" - -echo "[ 3/9] Setting up nginx" - -if ! command -v nginx >/dev/null 2>&1; then - apt-get install -y nginx - [ $? -eq 0 ] || exit $? -else - echo "[SKIP] nginx already installed." -fi - -echo "[ 4/9] Setting up certbot" - -if ! command -v certbot >/dev/null 2>&1; then - apt-get install -y python3-certbot-nginx - [ $? -eq 0 ] || exit $? -else - echo "[SKIP] certbot already installed." -fi - -echo "[ 5/9] Setting up fcgiwrap" - -if ! command -v fcgiwrap >/dev/null 2>&1; then - apt-get install -y fcgiwrap - [ $? -eq 0 ] || exit $? -else - echo "[SKIP] fcgiwrap already installed." -fi - -echo "[ 6/9] Setting up htpasswd" - -if ! command -v htpasswd >/dev/null 2>&1; then - apt-get install -y apache2-utils - [ $? -eq 0 ] || exit $? -else - echo "[SKIP] htpasswd already installed." -fi - -echo "[ 7/9] Setting up GCC" - -if ! command -v gcc >/dev/null 2>&1; then - apt-get install -y gcc - [ $? -eq 0 ] || exit $? -else - echo "[SKIP] GCC already installed." -fi - -echo "[ 8/9] Compiling and setting up CGI program" - -COMPILE="\ - -Wno-old-style-declaration \ - -Wno-missing-field-initializers -Wno-missing-braces \ - -Wall -Wextra -Werror -pedantic -mshstk \ - -O3 -o main main.c" - -SAN=-fsanitize=address,undefined,leak - -if gcc $SAN $COMPILE >/dev/null 2>&1; then - gcc $SAN $COMPILE - [ $? -eq 0 ] || exit $? -else - echo "[INFO] Sanitizers are disabled." - gcc $COMPILE - [ $? -eq 0 ] || exit $? -fi - -chown root:root main -[ $? -eq 0 ] || exit $? - -mv -f main /srv/ -[ $? -eq 0 ] || exit $? - -mv -f static /srv/static -[ $? -eq 0 ] || exit $? - -echo "[ 9/9] Configuring" - -if [ ! -d /etc/nginx/sites-available ]; then - mkdir /etc/nginx/sites-available - [ $? -eq 0 ] || exit $? -fi - -if [ ! -d /etc/nginx/sites-enabled ]; then - mkdir /etc/nginx/sites-enabled - [ $? -eq 0 ] || exit $? -fi - -if [ ! -f /etc/nginx/sites-enabled/default ]; then - ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default - [ $? -eq 0 ] || exit $? -fi - -cat </etc/nginx/sites-available/default -server { - listen 80; - listen [::]:80; - - server_name _; - - location ~ ^/git_write/ { - rewrite ^/git_write/(.*) /\$1 break; - - auth_basic "Git"; - auth_basic_user_file $GIT_HOME.htpasswd; - - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $GIT_HTTP_BACKEND; - fastcgi_param GIT_PROJECT_ROOT $GIT_HOME; - fastcgi_param PATH_INFO \$uri; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - location ~ ^/git_read/ { - rewrite ^/git_read/(.*) /\$1 break; - - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $GIT_HTTP_BACKEND; - fastcgi_param GIT_PROJECT_ROOT $GIT_HOME; - fastcgi_param PATH_INFO \$uri; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - location ~ \\.git { - if (\$arg_service = git-receive-pack) { - rewrite /(.*) /git_write/\$1 last; - } - if (\$uri ~ ^/.*/git-receive-pack\$) { - rewrite /(.*) /git_write/\$1 last; - } - if (\$arg_service = git-upload-pack) { - rewrite /(.*) /git_read/\$1 last; - } - if (\$uri ~ ^/.*/git-upload-pack\$) { - rewrite /(.*) /git_read/\$1 last; - } - } - - location ^~ /git/ { - rewrite ^/git/(.*) /\$1 break; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $CGIT_CGI; - fastcgi_param PATH_INFO \$uri; - fastcgi_param QUERY_STRING \$args; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - location ~* \\.(txt|asc|htm|css|svg|jpg|png|gif|ico|woff|woff2|js|wasm|mp3)\$ { - rewrite ^/(.*) /static/plain/\$1 break; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $CGIT_CGI; - fastcgi_param PATH_INFO \$uri; - fastcgi_param QUERY_STRING \$args; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - location / { - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME /srv/main.cgi; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } -} -EOF -[ $? -eq 0 ] || exit $? - -echo "[INFO] Written /etc/nginx/sites-available/default:" - -cat /etc/nginx/sites-available/default - -cat </etc/nginx/mime.types -types { - text/plain txt; - text/plain asc; - text/html htm; - text/css css; - image/svg+xml svg; - image/jpeg jpg; - image/png png; - image/gif gif; - image/x-icon ico; - application/font-woff woff; - application/font-woff2 woff2; - application/javascript js; - application/wasm wasm; - audio/mpeg mp3; -} -EOF -[ $? -eq 0 ] || exit $? - -echo "[INFO] Written /etc/nginx/mime.types:" - -cat /etc/nginx/mime.types - -cat </etc/nginx/nginx.conf -user git; -worker_processes 1; -pid /run/nginx.pid; -include /etc/nginx/modules-enabled/*.conf; - -events { - worker_connections 768; -} - -http { - sendfile on; - tcp_nopush on; - types_hash_max_size 2048; - server_names_hash_bucket_size 256; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_prefer_server_ciphers on; - - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; - - gzip on; - - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; -} -EOF -[ $? -eq 0 ] || exit $? - -echo "[INFO] Written /etc/nginx/nginx.conf:" - -cat /etc/nginx/nginx.conf - -echo "[INFO] All done!" -- cgit v1.2.3