leo/install
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

autocommit

Browse Source
This commit is contained in:
leo 2024-08-14 10:49:52 +05:00
parent be7d1e3f25
commit 75948ac257
4 changed files with 53 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
secrets-decrypt.sh
View File

@ -1,31 +1,39 @@
#!/bin/bash #!/bin/bash
# Проверка наличия аргументов if [ "$(id -u)" != "0" ]; then
echo -e "\033[31mThis script requires superuser rights.\033[0m"
exit 0
fi
if [ "$#" -ne 3 ]; then if [ "$#" -ne 3 ]; then
echo "Usage: $0 PASSWORD ARCHIVE_FILE DESTINATION_DIR" echo "Usage: $0 PASSWORD ARCHIVE_FILE DESTINATION_DIR"
exit 1 exit 1
fi fi
# Присваиваем аргументы переменным
PASSWORD=$1 PASSWORD=$1
ARCHIVE_FILE=$2 ARCHIVE_FILE=$2
DESTINATION_DIR=$3 DESTINATION_DIR=$3
# Проверка наличия существующего файла архива trap 'echo -e "\033[31msecrets-encrypt.sh: Something went wrong\033[0m"; exit 1' ERR
set -e
export DEBIAN_FRONTEND=noninteractive
echo "Checking for an existing archive file..."
if [ ! -f "$ARCHIVE_FILE" ]; then if [ ! -f "$ARCHIVE_FILE" ]; then
echo "Error: Archive file '$ARCHIVE_FILE' not found!" echo "Error: Archive file '$ARCHIVE_FILE' not found!"
exit 2 exit 2
fi fi
# Создание директории назначения, если она не существует echo "Check DESTINATION_DIR: $DESTINATION_DIR..."
if [ ! -d "$DESTINATION_DIR" ]; then mkdir -p "$DESTINATION_DIR"
mkdir -p "$DESTINATION_DIR"
fi
# Расшифровываем и извлекаем архив
echo "Decrypt and extract the archive..."
openssl enc -aes-256-cbc -d -in "$ARCHIVE_FILE" -out - -pass pass:"$PASSWORD" -pbkdf2 -iter 100000 | tar -xzf - -C "$DESTINATION_DIR" openssl enc -aes-256-cbc -d -in "$ARCHIVE_FILE" -out - -pass pass:"$PASSWORD" -pbkdf2 -iter 100000 | tar -xzf - -C "$DESTINATION_DIR"
# Проверка успешности выполнения команд trap - ERR
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
echo "Archive successfully decrypted and extracted to '$DESTINATION_DIR'" echo "Archive successfully decrypted and extracted to '$DESTINATION_DIR'"
else else

19
secrets-encrypt.sh
View File

@ -1,8 +1,12 @@
#!/bin/bash #!/bin/bash
# Проверим, что серверный домен передан как параметр if [ "$(id -u)" != "0" ]; then
echo -e "\033[31mThis script requires superuser rights.\033[0m"
exit 0
fi
if [ -z "$1" ]; then if [ -z "$1" ]; then
echo "Usage: $0 <server_domain>" echo "Usage: $0 <SERVER_DOMAIN>"
exit 1 exit 1
fi fi
@ -12,31 +16,28 @@ DOMAIN_DIR="/data/secrets/$SERVER_DOMAIN"
KEYS_FILE="$SAFE_DIR/keys.env" KEYS_FILE="$SAFE_DIR/keys.env"
ARCHIVE_FILE="$SAFE_DIR/$SERVER_DOMAIN.tar.gz" ARCHIVE_FILE="$SAFE_DIR/$SERVER_DOMAIN.tar.gz"
trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' ERR trap 'echo -e "\033[31msecrets-encrypt.sh: Something went wrong\033[0m"; exit 1' ERR
set -e set -e
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
# Функция генерации пароля
generate_password() { generate_password() {
tr -dc 'a-z0-9' < /dev/urandom | head -c20 tr -dc 'a-z0-9' < /dev/urandom | head -c20
} }
# Проверяем наличие ключа в keys.env и получаем его echo "We check for the presence of a key in keys.env and get it..."
KEY_VAR=$(echo "$SERVER_DOMAIN" | tr '.' '_') KEY_VAR=$(echo "$SERVER_DOMAIN" | tr '.' '_')
if grep -q "^$KEY_VAR=" "$KEYS_FILE"; then if grep -q "^$KEY_VAR=" "$KEYS_FILE"; then
PASSWORD=$(grep "^$KEY_VAR=" "$KEYS_FILE" | cut -d '=' -f2) PASSWORD=$(grep "^$KEY_VAR=" "$KEYS_FILE" | cut -d '=' -f2)
echo "Password for $SERVER_DOMAIN already exists." echo "Password for $SERVER_DOMAIN already exists"
else else
PASSWORD=$(generate_password) PASSWORD=$(generate_password)
echo "$KEY_VAR=$PASSWORD" >> "$KEYS_FILE" echo "$KEY_VAR=$PASSWORD" >> "$KEYS_FILE"
echo "Generated new password for $SERVER_DOMAIN." echo "Generated new password for $SERVER_DOMAIN."
fi fi
# Упаковываем и шифруем архив echo "Pack and encrypt the archive..."
#tar -czf - -C "$DOMAIN_DIR" . | openssl enc -aes-256-cbc -e -out "$ARCHIVE_FILE" -pass pass:"$PASSWORD"
tar -czf - -C "$DOMAIN_DIR" . | openssl enc -aes-256-cbc -e -out "$ARCHIVE_FILE" -pass pass:"$PASSWORD" -pbkdf2 -iter 100000 tar -czf - -C "$DOMAIN_DIR" . | openssl enc -aes-256-cbc -e -out "$ARCHIVE_FILE" -pass pass:"$PASSWORD" -pbkdf2 -iter 100000
trap - ERR trap - ERR

23
secrets-le-save.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Copy $SERVER_HOST.acme.json from remote server to dev server echo "Copy REMOTE_SERVER_HOST.acme.json from remote server to dev server $SERVER_DOMAIN..."
if [ "$(id -u)" != "0" ]; then if [ "$(id -u)" != "0" ]; then
echo -e "\033[31mThis script requires superuser rights.\033[0m" echo -e "\033[31mThis script requires superuser rights.\033[0m"
@ -8,20 +8,31 @@ if [ "$(id -u)" != "0" ]; then
fi fi
if [ -z "$1" ]; then if [ -z "$1" ]; then
echo "Usage: $0 <server_host>" echo "Usage: $0 <REMOTE_SERVER_HOST>"
exit 1 exit 1
fi fi
SERVER_HOST=$1 REMOTE_SERVER_HOST=$1
REMOTE_USER="root" REMOTE_USER="root"
ACME_FILE="/data/secrets/$SERVER_HOST/letsencrypt/$SERVER_HOST.acme.json" ACME_FILE="/data/secrets/$REMOTE_SERVER_HOST/letsencrypt/$REMOTE_SERVER_HOST.acme.json"
SECRETS_PATH=/data/secrets/$SERVER_DOMAIN/$SERVER_DOMAIN.env
trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' ERR trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' ERR
set -e set -e
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
scp $REMOTE_USER@$SERVER_HOST:$ACME_FILE $ACME_FILE source $SECRETS_PATH
echo $SECRETS_PATH
if [ -z "$SSHPORT" ]; then
echo "Error: SSHPORT is not set or is empty"
exit 1
fi
echo "scp copy from $REMOTE_SERVER_HOST to local $SERVER_DOMAIN: $ACME_FILE..."
scp -P $SSHPORT $REMOTE_USER@$REMOTE_SERVER_HOST:$ACME_FILE $ACME_FILE
trap - ERR trap - ERR
echo "remote $SERVER_HOST.acme.json copied to local folder" echo "remote $REMOTE_SERVER_HOST.acme.json copied to local folder"

19
secrets-push.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Push secrets to storage of secrets on $SERVER_ORIGIN_DOMAIN echo "Push secrets to storage of secrets on SERVER_ORIGIN_DOMAIN..."
if [ "$(id -u)" != "0" ]; then if [ "$(id -u)" != "0" ]; then
echo -e "\033[31mThis script requires superuser rights.\033[0m" echo -e "\033[31mThis script requires superuser rights.\033[0m"
@ -8,28 +8,25 @@ if [ "$(id -u)" != "0" ]; then
fi fi
if [ -z "$1" ]; then if [ -z "$1" ]; then
echo "Usage: $0 <server_host>" echo "Usage: $0 <REMOTE_SERVER_HOST>"
exit 1 exit 1
fi fi
SERVER_HOST=$1 REMOTE_SERVER_HOST=$1
SAFE_DIR="/data/secrets/safe" SAFE_DIR="/data/secrets/safe"
ARCHIVE_FILE="$SAFE_DIR/$SERVER_HOST.tar.gz" ARCHIVE_FILE="$SAFE_DIR/$REMOTE_SERVER_HOST.tar.gz"
REMOTE_USER="root" REMOTE_USER="root"
SECRETS_PATH=/data/secrets/$SERVER_HOST/$SERVER_HOST.env SECRETS_PATH=/data/secrets/$SERVER_DOMAIN/$SERVER_DOMAIN.env
trap 'echo -e "\033[31msecrets-push.sh: Something went wrong\033[0m"; exit 1' ERR
trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' ERR
set -e set -e
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
source $SECRETS_PATH source $SECRETS_PATH
echo "Encrypt secrets..." echo "Encrypt secrets..."
bash secrets-encrypt.sh $SERVER_HOST bash secrets-encrypt.sh $REMOTE_SERVER_HOST
echo "Create SAFE_DIR on ORIGIN server..." echo "Create SAFE_DIR on ORIGIN server..."
ssh $REMOTE_USER@$SERVER_ORIGIN_DOMAIN "mkdir -p $SAFE_DIR" ssh $REMOTE_USER@$SERVER_ORIGIN_DOMAIN "mkdir -p $SAFE_DIR"
@ -38,4 +35,4 @@ echo "Save archive on ORIGIN server safe..."
scp $ARCHIVE_FILE $REMOTE_USER@$SERVER_ORIGIN_DOMAIN:$SAFE_DIR scp $ARCHIVE_FILE $REMOTE_USER@$SERVER_ORIGIN_DOMAIN:$SAFE_DIR
trap - ERR trap - ERR
echo "Secrets for $SERVER_HOST pushed complete" echo "Secrets for $REMOTE_SERVER_HOST pushed complete"