add many changes
This commit is contained in:
parent
2af5e250a2
commit
34139df75e
4
.env
Normal file
4
.env
Normal file
@ -0,0 +1,4 @@
|
||||
TEST_PASSWORD=Pi9Y8hap63ReAAsH6nxj
|
||||
TEST_PASSWORD2=4266742@gmail.com
|
||||
TEST_PASSWORD2r=4266742@gmail.com
|
||||
TEST_PASSWORD2rr=sU9Dtf6v6qDlVsYaijqu
|
37
cron-list.sh
Normal file
37
cron-list.sh
Normal file
@ -0,0 +1,37 @@
|
||||
#!/bin/bash
|
||||
|
||||
CRON_LIST=/data/$SRV_START_DIR/cron.cfg
|
||||
|
||||
trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' EXIT
|
||||
set -e
|
||||
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
# Checking for the presence of the cron.list file
|
||||
if [ ! -f $CRON_LIST ]; then
|
||||
echo "cron.list file not found!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Reading current crontab jobs into a variable
|
||||
current_crontab=$(crontab -l 2>/dev/null)
|
||||
|
||||
# Iterate through the lines of the cron.list file
|
||||
while IFS= read -r line; do
|
||||
# Skip blank lines and comments
|
||||
if [[ -z "$line" || "$line" == \#* ]]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
# Checking if a job exists in the current crontab
|
||||
if echo "$current_crontab" | grep -Fq "$line"; then
|
||||
echo "The task already exists: $line"
|
||||
else
|
||||
# Adding a job to crontab
|
||||
(crontab -l; echo "$line") | crontab -
|
||||
echo "Task added: $line"
|
||||
fi
|
||||
done < "$CRON_LIST"
|
||||
|
||||
trap - EXIT
|
||||
echo "Cron add ok."
|
41
env-gen.sh
Normal file
41
env-gen.sh
Normal file
@ -0,0 +1,41 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Проверка наличия первого параметра
|
||||
if [ -z "$1" ]; then
|
||||
echo "Использование: $0 <название_переменной> [значение]"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
VARIABLE_NAME=$1
|
||||
ENV_FILE="/data/secrets/$SERVER_DOMAIN/$SERVER_DOMAIN.env"
|
||||
|
||||
# Генерация случайного пароля из цифр и маленьких латинских букв длиной 20 символов
|
||||
generate_random_password() {
|
||||
#tr -dc 'a-z0-9' </dev/urandom | head -c 20
|
||||
pwgen -s 20 1
|
||||
}
|
||||
|
||||
# Если указан второй параметр, используем его в качестве значения переменной
|
||||
if [ -n "$2" ]; then
|
||||
VALUE=$2
|
||||
else
|
||||
VALUE=$(generate_random_password)
|
||||
fi
|
||||
|
||||
# Создание .env файла, если он не существует
|
||||
if [ ! -f "$ENV_FILE" ]; then
|
||||
# Создание директорий, если они не существуют
|
||||
mkdir -p "$(dirname "$ENV_FILE")"
|
||||
touch "$ENV_FILE"
|
||||
fi
|
||||
|
||||
# Обновление или добавление переменной в .env файл
|
||||
if grep -q "^$VARIABLE_NAME=" "$ENV_FILE"; then
|
||||
# Переменная существует, обновляем её значение
|
||||
sed -i "s/^$VARIABLE_NAME=.*/$VARIABLE_NAME=$VALUE/" "$ENV_FILE"
|
||||
else
|
||||
# Переменная не существует, добавляем её в файл
|
||||
echo "$VARIABLE_NAME=$VALUE" >> "$ENV_FILE"
|
||||
fi
|
||||
|
||||
echo "Переменная $VARIABLE_NAME успешно обновлена/добавлена в $ENV_FILE"
|
39
global-env.sh
Normal file
39
global-env.sh
Normal file
@ -0,0 +1,39 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
echo -e "\033[31mThis script requires superuser rights.\033[0m"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ -z "$1" ] || [ -z "$2" ]; then
|
||||
echo "Please provide both the VAR_NAME and VAR_VALUE as arguments."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' EXIT
|
||||
set -e
|
||||
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
ENV_VAR_NAME=$1
|
||||
ENV_VAR_VALUE=$2
|
||||
|
||||
# Create a file if it does not exist
|
||||
if [ ! -f /etc/environment ]; then
|
||||
touch /etc/environment
|
||||
fi
|
||||
|
||||
# Checking if a variable already exists
|
||||
if grep -q "^${ENV_VAR_NAME}=" /etc/environment; then
|
||||
# If the variable exists, update its value
|
||||
sed -i "s/^${ENV_VAR_NAME}=.*/${ENV_VAR_NAME}=${ENV_VAR_VALUE}/" /etc/environment
|
||||
else
|
||||
# If the variable does not exist, add it
|
||||
echo "${ENV_VAR_NAME}=${ENV_VAR_VALUE}" | tee -a /etc/environment
|
||||
fi
|
||||
|
||||
export "${ENV_VAR_NAME}=${ENV_VAR_VALUE}"
|
||||
|
||||
trap - EXIT
|
||||
echo "Environment variable ${ENV_VAR_NAME} set to:"
|
||||
printenv "${ENV_VAR_NAME}"
|
39
init-db.sh
Normal file
39
init-db.sh
Normal file
@ -0,0 +1,39 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
echo -e "\033[31mThis script requires superuser rights\033[0m"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ -z "$1" ] || [ -z "$2" ]; then
|
||||
echo "Please provide all arguments: CREATE_DB_NAME, CREATE_DB,_PASSWORD"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
trap 'echo -e "\033[31mAn error has occurred\033[0m"; exit 1' EXIT
|
||||
set -e
|
||||
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
CREATE_DB_NAME=$1
|
||||
CREATE_DB_PASSWORD=$2
|
||||
|
||||
: "${POSTGRES_USER:?}"
|
||||
: "${POSTGRES_DB:?}"
|
||||
|
||||
sudo docker exec -i postgres psql -v ON_ERROR_STOP=1 -U "$POSTGRES_USER" -d "$POSTGRES_DB" <<-EOSQL
|
||||
CREATE USER "$CREATE_DB_NAME" WITH ENCRYPTED PASSWORD '$CREATE_DB_PASSWORD';
|
||||
CREATE DATABASE "$CREATE_DB_NAME";
|
||||
GRANT ALL PRIVILEGES ON DATABASE "$CREATE_DB_NAME" TO "$CREATE_DB_NAME";
|
||||
ALTER DATABASE "$CREATE_DB_NAME" OWNER TO "$CREATE_DB_NAME";
|
||||
EOSQL
|
||||
|
||||
|
||||
trap - EXIT
|
||||
echo -e "\033[32mDatabase $CREATE_DB_NAME created successfully\033[0m"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -1,8 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
echo "This script requires superuser rights. Running with sudo..."
|
||||
exec sudo "$0" "$@"
|
||||
echo -e "\033[31mThis script requires superuser rights.\033[0m"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' EXIT
|
||||
@ -10,18 +10,11 @@ set -e
|
||||
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
apt update -y
|
||||
apt upgrade -y
|
||||
apt install -y apt-transport-https ca-certificates curl software-properties-common
|
||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
|
||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/trusted.gpg.d/docker.gpg
|
||||
add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
|
||||
apt update -y
|
||||
apt install -y docker-ce
|
||||
apt install -y mc vim zip
|
||||
|
||||
mkdir -p /data
|
||||
chown usradmin:usradmin /data
|
||||
chmod 770 /data
|
||||
|
||||
trap - EXIT
|
||||
echo "Init complete"
|
||||
echo "Docker installed"
|
44
init-server.sh
Normal file
44
init-server.sh
Normal file
@ -0,0 +1,44 @@
|
||||
#!/bin/bash
|
||||
|
||||
USERNAME=usradmin
|
||||
SSH_PORT=2525
|
||||
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
echo -e "\033[31mThis script requires superuser rights.\033[0m"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' EXIT
|
||||
set -e
|
||||
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
apt update -y
|
||||
apt upgrade -y
|
||||
apt install -y mc vim zip pwgen
|
||||
|
||||
timedatectl set-timezone Asia/Yekaterinburg
|
||||
echo "Timezone changed:"
|
||||
timedatectl
|
||||
|
||||
if id "$USERNAME" &>/dev/null; then
|
||||
echo "User $USERNAME already exists"
|
||||
else
|
||||
useradd -m -s /bin/bash "$USERNAME"
|
||||
usermod -aG sudo "$USERNAME"
|
||||
fi
|
||||
|
||||
chown "$USERNAME":"$USERNAME" /data
|
||||
chmod 770 /data
|
||||
|
||||
mkdir -p /backups
|
||||
chown "$USERNAME":"$USERNAME" /backups
|
||||
chmod 770 /backups
|
||||
|
||||
# SSH config:
|
||||
cd /data/utils
|
||||
bash ssh-port.sh $SSH_PORT
|
||||
#bash ssh-pw.sh n
|
||||
|
||||
trap - EXIT
|
||||
echo "Init complete"
|
30
loader.sh
Normal file
30
loader.sh
Normal file
@ -0,0 +1,30 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Путь к файлу с списком ссылок
|
||||
FILE_LIST="server.list"
|
||||
# Токен доступа для авторизации
|
||||
TOKEN="READ_REPOSITORY_ACCESS_TOKEN"
|
||||
|
||||
# Проверка наличия файла со списком ссылок
|
||||
if [ ! -f "$FILE_LIST" ]; then
|
||||
echo "Файл $FILE_LIST не найден."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Читаем файл строчка за строчкой
|
||||
while IFS= read -r URL; do
|
||||
if [ ! -z "$URL" ]; then
|
||||
# Получаем имя файла из URL
|
||||
FILE_NAME=$(basename "$URL")
|
||||
|
||||
# Загружаем файл используя curl
|
||||
curl -H "Authorization: token $TOKEN" -O "$URL"
|
||||
|
||||
# Проверка статуса выполнения curl
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Ошибка при загрузке файла: $FILE_NAME"
|
||||
else
|
||||
echo "Успешно загружен: $FILE_NAME"
|
||||
fi
|
||||
fi
|
||||
done < "$FILE_LIST"
|
16
samba.sh
16
samba.sh
@ -1,8 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
echo "This script requires superuser rights. Running with sudo..."
|
||||
exec sudo "$0" "$@"
|
||||
echo -e "\033[31mThis script requires superuser rights.\033[0m"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ -z "$1" ] || [ -z "$2" ]; then
|
||||
@ -47,6 +47,18 @@ NEW_SECTION=$(cat << EOM
|
||||
directory mask = 0777
|
||||
force directory mode = 0777
|
||||
valid users = $USERNAME
|
||||
|
||||
# backups folder access
|
||||
[backups]
|
||||
path = /backups
|
||||
read only = no
|
||||
browseable = yes
|
||||
create mask = 0666
|
||||
force create mode = 0666
|
||||
directory mask = 0777
|
||||
force directory mode = 0777
|
||||
valid users = $USERNAME
|
||||
|
||||
EOM
|
||||
)
|
||||
|
||||
|
41
secrets-export.sh
Normal file
41
secrets-export.sh
Normal file
@ -0,0 +1,41 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Переменные
|
||||
SOURCE_DIR="/data/secrets"
|
||||
ARCHIVE_NAME="secrets.tar.gz.enc"
|
||||
REMOTE_USER="remote_user"
|
||||
REMOTE_HOST="remote_host"
|
||||
REMOTE_DIR="/secrets"
|
||||
PASSWORD_FILE="$SOURCE_DIR/secrets.env"
|
||||
|
||||
# Путь к зашифрованному архиву
|
||||
ARCHIVE_PATH="$SOURCE_DIR/$ARCHIVE_NAME"
|
||||
|
||||
# Чтение пароля из файла
|
||||
if [ -f "$PASSWORD_FILE" ]; then
|
||||
PASSWORD=$(cat "$PASSWORD_FILE")
|
||||
else
|
||||
echo "Файл с паролем не найден: $PASSWORD_FILE"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Создание tar.gz архива и шифрование его
|
||||
tar -czf - "$SOURCE_DIR" | openssl enc -aes-256-cbc -e -pass pass:"$PASSWORD" -out "$ARCHIVE_PATH"
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Не удалось создать и зашифровать архив"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Отправка архива на удаленный сервер
|
||||
rsync -avz "$ARCHIVE_PATH" "$REMOTE_USER@$REMOTE_HOST:$REMOTE_DIR"
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Не удалось отправить архив на удаленный сервер"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Удаление архива после успешной отправки (опционально)
|
||||
rm -f "$ARCHIVE_PATH"
|
||||
|
||||
echo "Успешно завершено!"
|
||||
|
||||
exit 0
|
48
secrets-import.sh
Normal file
48
secrets-import.sh
Normal file
@ -0,0 +1,48 @@
|
||||
#!/bin/bash
|
||||
|
||||
REMOTE_USER="remote_user"
|
||||
REMOTE_HOST="remote_host"
|
||||
REMOTE_DIR="/secrets"
|
||||
REMOTE_FILE="secrets.env.tar.gz"
|
||||
LOCAL_SECRETS_DIR="/data/secrets"
|
||||
ARCHIVE_PATH="$LOCAL_SECRETS_DIR/$REMOTE_FILE"
|
||||
PASSWORD_FILE="$LOCAL_SECRETS_DIR/secrets.env"
|
||||
|
||||
# Скачиваем файл с удаленного сервера
|
||||
rsync -avz --progress $REMOTE_USER@$REMOTE_HOST:$REMOTE_DIR/$REMOTE_FILE $LOCAL_SECRETS_DIR
|
||||
|
||||
# Проверяем успешность скачивания
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Ошибка: не удалось скачать файл $REMOTE_FILE."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Проверяем, существует ли файл $PASSWORD_FILE
|
||||
if [ ! -f "$PASSWORD_FILE" ]; then
|
||||
echo "Ошибка: файл с паролем $PASSWORD_FILE не найден."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Извлекаем пароль из файла
|
||||
PASSWORD=$(cat "$PASSWORD_FILE")
|
||||
|
||||
# Проверяем, существует ли папка $LOCAL_SECRETS_DIR
|
||||
if [ -d "$LOCAL_SECRETS_DIR" ]; then
|
||||
# Переименовываем старую папку
|
||||
mv "$LOCAL_SECRETS_DIR" "${LOCAL_SECRETS_DIR}_old"
|
||||
fi
|
||||
|
||||
# Создаем новую папку
|
||||
mkdir -p "$LOCAL_SECRETS_DIR"
|
||||
|
||||
# Распаковываем и расшифровываем файл в новую папку
|
||||
cd "$LOCAL_SECRETS_DIR"
|
||||
echo "$PASSWORD" | gpg --batch --yes --passphrase-fd 0 -d "$ARCHIVE_PATH" | tar -xz
|
||||
|
||||
# Проверяем успешность распаковки
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Ошибка: не удалось распаковать файл $REMOTE_FILE."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Файл $REMOTE_FILE успешно скачан, расшифрован и распакован в $LOCAL_SECRETS_DIR."
|
7
ssh-init.sh
Normal file
7
ssh-init.sh
Normal file
@ -0,0 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
ssh-keygen -t ed25519 -C "$ADMIN_EMAIL"
|
||||
|
||||
|
||||
|
||||
ssh-copy-id user@server_ip
|
23
ssh-port.sh
23
ssh-port.sh
@ -1,8 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
echo "This script requires superuser rights. Running with sudo..."
|
||||
exec sudo "$0" "$@"
|
||||
echo -e "\033[31mThis script requires superuser rights.\033[0m"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ -z "$1" ]; then
|
||||
@ -10,17 +10,24 @@ if [ -z "$1" ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' EXIT
|
||||
set -e
|
||||
|
||||
NEW_PORT="$1"
|
||||
SSH_CONFIG_FILE="/etc/ssh/sshd_config"
|
||||
|
||||
# Проверяем, что параметр является числом
|
||||
if ! [[ "$NEW_PORT" =~ ^[0-9]+$ ]]; then
|
||||
echo -e "\033[31mPort must be a number\033[0m"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' EXIT
|
||||
set -e
|
||||
|
||||
echo "Change SSH port to $NEW_PORT..."
|
||||
cp $SSH_CONFIG_FILE $SSH_CONFIG_FILE.bak
|
||||
sed -i "s/^#Port 22/Port $NEW_PORT/" $SSH_CONFIG_FILE
|
||||
sed -i "s/^Port 22/Port $NEW_PORT/" $SSH_CONFIG_FILE
|
||||
systemctl restart sshd
|
||||
sed -i "s/^#\?Port [0-9]*/Port $NEW_PORT/" $SSH_CONFIG_FILE
|
||||
|
||||
systemctl daemon-reload
|
||||
systemctl restart ssh
|
||||
|
||||
trap - EXIT
|
||||
echo "SSH port successfully changed to $NEW_PORT."
|
55
ssh-pw.sh
Normal file
55
ssh-pw.sh
Normal file
@ -0,0 +1,55 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
echo -e "\033[31mThis script requires superuser rights\033[0m"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Проверка наличия одного аргумента
|
||||
if [ "$#" -ne 1 ]; then
|
||||
echo "Usage: $0 <y/n>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Проверка аргумента
|
||||
if [ "$1" != "y" ] && [ "$1" != "n" ]; then
|
||||
echo "Invalid argument. Use 'y' to enable password authentication and 'n' to disable it"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' EXIT
|
||||
set -e
|
||||
|
||||
# Путь к конфигурационному файлу sshd
|
||||
SSHD_CONFIG="/etc/ssh/sshd_config"
|
||||
|
||||
# Функция включения или отключения доступа по паролю
|
||||
toggle_password_access() {
|
||||
local enable=$1
|
||||
if [ "$enable" == "y" ]; then
|
||||
sudo sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication yes/' $SSHD_CONFIG
|
||||
sudo sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' $SSHD_CONFIG
|
||||
else
|
||||
sudo sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication no/' $SSHD_CONFIG
|
||||
sudo sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' $SSHD_CONFIG
|
||||
fi
|
||||
}
|
||||
|
||||
# Бэкапим текущий конфигурационный файл
|
||||
sudo cp $SSHD_CONFIG $SSHD_CONFIG.backup
|
||||
|
||||
# Применение изменений
|
||||
toggle_password_access "$1"
|
||||
|
||||
# Перезапуск службы sshd для применения изменений
|
||||
sudo systemctl restart sshd
|
||||
|
||||
|
||||
trap - EXIT
|
||||
|
||||
# Уведомление о завершении
|
||||
if [ "$1" == "y" ]; then
|
||||
echo "Password authentication has been enabled"
|
||||
else
|
||||
echo "Password authentication has been disabled"
|
||||
fi
|
Loading…
Reference in New Issue
Block a user