Add server setup script

scripts/server_setup.sh

@@ -0,0 +1,71 @@
+#!/bin/bash
+
+SDIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
+
+source "$SDIR/shared.sh"
+
+LOGS_DIR=/var/log/advlabdb
+
+step "Update system packages"
+sudo apt update
+sudo apt dist-upgrade
+
+step "Remove unused packages"
+sudo apt autoremove
+
+step "Install needed system packages"
+sudo apt install python3 python3-pip python3-venv ufw nginx systemd -y
+
+step "Install optional system packages"
+sudo apt install htop
+
+step "Setup firewall"
+sudo ufw default allow outgoing
+sudo ufw default deny incoming
+sudo ufw allow ssh
+sudo ufw allow http/tcp
+# TODO: Setup https
+#sudo ufw allow https/tcp
+sudo ufw enable
+sudo ufw status
+
+step "Enable Gunicorn"
+sudo cp -v "$SDIR/gunicorn.service" /etc/systemd/system/
+sudo systemctl enable gunicorn
+
+step "Setup Nginx"
+sudo rm -v /etc/nginx/sites-{available,enabled}/default
+sudo cp -v "$SDIR/advlabdb.conf" /etc/nginx/sites-available/
+sudo ln -v -s /etc/nginx/sites-available/advlabdb.conf /etc/nginx/sites-enabled/
+sudo systemctl enable nginx
+
+step "Install pipx"
+install_latest_pipx
+LOCAL_BIN=/home/admin/.local/bin/
+PATH="$LOCAL_BIN:$PATH"
+
+step "Install Poetry"
+pipx install poetry
+
+step "Install Certbot"
+pipx install certbot
+pipx inject certbot certbot-nginx
+
+step "Setup Certbot"
+sudo "$LOCAL_BIN/certbot" --nginx
+echo "0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo $LOCAL_BIN/certbot renew -q" | sudo tee -a /etc/crontab
+
+step "Setup update cron jobs"
+# Every Sunday at 04:00
+echo "0 4 * * 0 admin bash $SDIR/user_update.sh &>> $LOGS_DIR/user_update.log" | sudo tee -a /etc/crontab
+# Every Sunday at 04:15
+echo "15 4 * * 0 root bash $SDIR/root_update.sh &>> $LOGS_DIR/root_update.log" | sudo tee -a /etc/crontab
+
+step "Install latest Poetry packages"
+poetry_install_latest
+
+step "Deactivate the 'root' user"
+sudo passwd -l root
+
+step "Reboot"
+sudo reboot