mirror of
https://codeberg.org/Mo8it/AdvLabDB.git
synced 2024-09-19 18:31:16 +00:00
71 lines
1.8 KiB
Bash
71 lines
1.8 KiB
Bash
#!/bin/bash
|
|
|
|
SDIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
|
|
|
|
source "$SDIR/shared.sh"
|
|
|
|
LOGS_DIR=/var/log/advlabdb
|
|
|
|
step "Update system packages"
|
|
sudo apt update
|
|
sudo apt dist-upgrade
|
|
|
|
step "Remove unused packages"
|
|
sudo apt autoremove
|
|
|
|
step "Install needed system packages"
|
|
sudo apt install python3 python3-pip python3-venv ufw nginx systemd -y
|
|
|
|
step "Install optional system packages"
|
|
sudo apt install htop
|
|
|
|
step "Setup firewall"
|
|
sudo ufw default allow outgoing
|
|
sudo ufw default deny incoming
|
|
sudo ufw allow ssh
|
|
sudo ufw allow http/tcp
|
|
# TODO: Setup https
|
|
#sudo ufw allow https/tcp
|
|
sudo ufw enable
|
|
sudo ufw status
|
|
|
|
step "Enable Gunicorn"
|
|
sudo cp -v "$SDIR/gunicorn.service" /etc/systemd/system/
|
|
sudo systemctl enable gunicorn
|
|
|
|
step "Setup Nginx"
|
|
sudo rm -v /etc/nginx/sites-{available,enabled}/default
|
|
sudo cp -v "$SDIR/advlabdb.conf" /etc/nginx/sites-available/
|
|
sudo ln -v -s /etc/nginx/sites-available/advlabdb.conf /etc/nginx/sites-enabled/
|
|
sudo systemctl enable nginx
|
|
|
|
step "Install pipx"
|
|
install_latest_pipx
|
|
LOCAL_BIN=/home/admin/.local/bin/
|
|
PATH="$LOCAL_BIN:$PATH"
|
|
|
|
step "Install Poetry"
|
|
pipx install poetry
|
|
|
|
step "Install Certbot"
|
|
pipx install certbot
|
|
pipx inject certbot certbot-nginx
|
|
|
|
step "Setup Certbot"
|
|
sudo "$LOCAL_BIN/certbot" --nginx
|
|
echo "0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo $LOCAL_BIN/certbot renew -q" | sudo tee -a /etc/crontab
|
|
|
|
step "Setup update cron jobs"
|
|
# Every Sunday at 04:00
|
|
echo "0 4 * * 0 admin bash $SDIR/user_update.sh &>> $LOGS_DIR/user_update.log" | sudo tee -a /etc/crontab
|
|
# Every Sunday at 04:15
|
|
echo "15 4 * * 0 root bash $SDIR/root_update.sh &>> $LOGS_DIR/root_update.log" | sudo tee -a /etc/crontab
|
|
|
|
step "Install latest Poetry packages"
|
|
poetry_install_latest
|
|
|
|
step "Deactivate the 'root' user"
|
|
sudo passwd -l root
|
|
|
|
step "Reboot"
|
|
sudo reboot
|