2025-03-05 21:43:20 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
set -euo pipefail
|
|
|
|
|
|
2025-03-06 19:39:36 +00:00
|
|
|
SERVICE_DIR="/root/service"
|
|
|
|
|
mkdir -p ${SERVICE_DIR}
|
|
|
|
|
cd ${SERVICE_DIR}
|
|
|
|
|
|
2025-03-05 21:43:20 +00:00
|
|
|
echo "== Fetch Source Code (from git)"
|
|
|
|
|
# Clone if not yet cloned
|
|
|
|
|
if [ ! -d .git ]; then
|
|
|
|
|
git clone \
|
|
|
|
|
--depth 1 \
|
|
|
|
|
--no-checkout \
|
|
|
|
|
--filter=tree:0 \
|
2025-03-06 19:04:18 +00:00
|
|
|
https://github.com/tjo-space/tjo-space-infrastructure.git .
|
2025-03-05 21:43:20 +00:00
|
|
|
git sparse-checkout set --no-cone /id.tjo.space
|
|
|
|
|
git checkout
|
|
|
|
|
else
|
|
|
|
|
git fetch --depth=1
|
|
|
|
|
git reset --hard origin/main
|
|
|
|
|
fi
|
|
|
|
|
|
2025-03-06 19:10:20 +00:00
|
|
|
echo "=== Installing Dependencies"
|
2025-03-06 20:15:27 +00:00
|
|
|
DEBIAN_FRONTEND=noninteractive apt update -y
|
|
|
|
|
DEBIAN_FRONTEND=noninteractive apt install -y \
|
2025-03-06 20:11:57 +00:00
|
|
|
rsync \
|
|
|
|
|
jq \
|
2025-03-06 19:10:20 +00:00
|
|
|
podman
|
2025-03-05 21:43:20 +00:00
|
|
|
|
2025-03-06 19:10:20 +00:00
|
|
|
echo "=== Configure Firewall"
|
|
|
|
|
ufw allow 22/tcp # SSH
|
2025-03-06 20:18:34 +00:00
|
|
|
ufw allow 80/tcp # HTTP
|
2025-03-06 19:10:20 +00:00
|
|
|
ufw allow 443/tcp # HTTPS
|
|
|
|
|
ufw allow 636/tcp # LDAPS
|
2025-03-06 20:11:57 +00:00
|
|
|
ufw --force enable
|
2025-03-06 19:31:24 +00:00
|
|
|
|
2025-03-06 20:11:57 +00:00
|
|
|
echo "== Configure Metadata"
|
|
|
|
|
DOMAIN_NAME=$(jq -r ".domain" /etc/tjo.space/meta.json)
|
|
|
|
|
|
|
|
|
|
echo "=== Copy Configuration Files"
|
|
|
|
|
rsync -av id.tjo.space/containers/ /etc/containers/systemd/
|
|
|
|
|
rsync -av id.tjo.space/configs/ /etc/
|
|
|
|
|
|
2025-03-06 20:18:34 +00:00
|
|
|
systemctl daemon-reload
|
|
|
|
|
|
2025-03-06 20:11:57 +00:00
|
|
|
echo "=== Setup Caddy"
|
|
|
|
|
cat <<EOF >/etc/caddy/env
|
|
|
|
|
DOMAIN_NAME=${DOMAIN_NAME}
|
|
|
|
|
EOF
|
|
|
|
|
|
2025-03-06 20:41:09 +00:00
|
|
|
systemctl start caddy
|
