77 lines
1.9 KiB
Bash
77 lines
1.9 KiB
Bash
|
#!/bin/bash
|
||
|
# Target DMZ
|
||
|
set -e
|
||
|
if [ -z $MILXCGUARD ] ; then exit 1; fi
|
||
|
DIR=`dirname $0`
|
||
|
cd `dirname $0`
|
||
|
|
||
|
# disable systemd-resolved which conflicts with nsd
|
||
|
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
|
||
|
systemctl stop systemd-resolved
|
||
|
|
||
|
apt-get update
|
||
|
DEB_VERSION=`cat /etc/debian_version | cut -d'.' -f1`
|
||
|
if [ $DEB_VERSION -eq "11" ] # DEB 11 aka Bullseye
|
||
|
then
|
||
|
DEBIAN_FRONTEND=noninteractive apt-get install -y certbot python3-certbot-apache
|
||
|
else
|
||
|
echo "Unsupported Debian version"
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
|
||
|
# preconfig TLS and certbot
|
||
|
a2enmod ssl
|
||
|
a2ensite default-ssl.conf
|
||
|
echo -e "
|
||
|
email=admin@kaz.milxc
|
||
|
agree-tos=1
|
||
|
no-verify-ssl=1
|
||
|
" >> /etc/letsencrypt/cli.ini
|
||
|
|
||
|
# Go KAZ !
|
||
|
# KAZ specific things
|
||
|
#installation de docker, docker-compose et on y fourre le user debian dans le groupe idoine
|
||
|
|
||
|
DEBIAN_FRONTEND=noninteractive apt-get install -y docker.io docker-compose docker-clean git apg curl sudo unzip rsync fuse-overlayfs
|
||
|
usermod -G docker debian
|
||
|
# activation dans alias dans /root/.bashrc
|
||
|
sed -i \
|
||
|
-e 's/^\# alias/alias/g' \
|
||
|
-e 's/^\# export/export/g' \
|
||
|
-e 's/^\# eval/eval/g' \
|
||
|
/root/.bashrc
|
||
|
|
||
|
if ! grep -q "for file in /dockers" /root/.bashrc 2>/dev/null; then
|
||
|
cat >> /root/.bashrc <<EOF
|
||
|
# enable bash completion in interactive shells
|
||
|
if ! shopt -oq posix; then
|
||
|
if [ -f /usr/share/bash-completion/bash_completion ]; then
|
||
|
. /usr/share/bash-completion/bash_completion
|
||
|
elif [ -f /etc/bash_completion ]; then
|
||
|
. /etc/bash_completion
|
||
|
fi
|
||
|
fi
|
||
|
for file in /kaz/bin/.*-completion.bash ; do
|
||
|
source "\${file}"
|
||
|
done
|
||
|
EOF
|
||
|
fi
|
||
|
|
||
|
|
||
|
# On met le KAZGUARD pour la mise au point
|
||
|
echo "export KAZGUARD='true'" >> /root/.bashrc
|
||
|
|
||
|
# On active fuse-overlayfs pour docker
|
||
|
cat >> /etc/docker/daemon.json <<EOF
|
||
|
{ "storage-driver": "fuse-overlayfs" }
|
||
|
EOF
|
||
|
service docker restart
|
||
|
mknod -m 666 /dev/fuse c 10 229 # + dans le rc.local ? + modprobe fuse sur l'ĥôte ?
|
||
|
|
||
|
./kaz.sh
|
||
|
|
||
|
# clear apt cache
|
||
|
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
|
||
|
DEBIAN_FRONTEND=noninteractive apt-get clean
|