infrastructure-ng/id.tjo.space/configure.sh

#!/bin/bash
set -euo pipefail

SERVICE_DIR="/root/service"
mkdir -p ${SERVICE_DIR}
cd ${SERVICE_DIR}

echo "== Fetch Source Code (from git)"
# Clone if not yet cloned
if [ ! -d .git ]; then
  git clone \
    --depth 1 \
    --no-checkout \
    --filter=tree:0 \
    https://github.com/tjo-space/tjo-space-infrastructure.git .
  git sparse-checkout set --no-cone /id.tjo.space
  git checkout
else
  git fetch --depth=1
  git reset --hard origin/main
fi

echo "=== Configure Firewall"
ufw default deny incoming
ufw default allow outgoing
ufw default allow forward

ufw allow 22/tcp  # SSH
ufw allow 80/tcp  # HTTP
ufw allow 443/tcp # HTTPS

ufw --force enable

echo "=== Copy Configuration Files"
rsync -a id.tjo.space/containers/ /etc/containers/systemd/
rsync -a id.tjo.space/configs/ /etc/
systemctl daemon-reload

echo "=== Read Secrets"
age -d -i /etc/age/key.txt id.tjo.space/secrets.env.encrypted >id.tjo.space/secrets.env
set -a && source id.tjo.space/secrets.env && set +a

echo "=== Prepare srv directories"
mkdir -p /srv/authentik/{media,certs,custom-templates}
mkdir -p /srv/postgresql/data

echo "=== Setup Caddy"
systemctl restart caddy

echo "=== Setup Postgresql"
mkdir -p /etc/postgresql
cat <<EOF >/etc/postgresql/secrets.env
POSTGRES_PASSWORD=${POSTGRESQL_PASSWORD}
EOF
systemctl restart postgresql

echo "=== Setup Valkey"
systemctl restart valkey

echo "=== Setup Authentik Server"
mkdir -p /etc/authentik
cat <<EOF >/etc/authentik/secrets.env
AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRESQL_PASSWORD}
EOF
systemctl restart authentik-server

echo "=== Setup Authentik Worker"
systemctl restart authentik-worker
feat(id.tjo.space): changes 2025-03-07 11:13:53 +00:00			`#!/bin/bash`
			`set -euo pipefail`

			`SERVICE_DIR="/root/service"`
			`mkdir -p ${SERVICE_DIR}`
			`cd ${SERVICE_DIR}`

			`echo "== Fetch Source Code (from git)"`
			`# Clone if not yet cloned`
			`if [ ! -d .git ]; then`
			`git clone \`
			`--depth 1 \`
			`--no-checkout \`
			`--filter=tree:0 \`
			`https://github.com/tjo-space/tjo-space-infrastructure.git .`
			`git sparse-checkout set --no-cone /id.tjo.space`
			`git checkout`
			`else`
			`git fetch --depth=1`
			`git reset --hard origin/main`
			`fi`

			`echo "=== Configure Firewall"`
			`ufw default deny incoming`
			`ufw default allow outgoing`
feat(id.tjo.space): changes 2025-03-07 21:08:41 +00:00			`ufw default allow forward`
feat(id.tjo.space): changes 2025-03-07 11:13:53 +00:00
			`ufw allow 22/tcp # SSH`
			`ufw allow 80/tcp # HTTP`
			`ufw allow 443/tcp # HTTPS`

			`ufw --force enable`

			`echo "=== Copy Configuration Files"`
			`rsync -a id.tjo.space/containers/ /etc/containers/systemd/`
			`rsync -a id.tjo.space/configs/ /etc/`
			`systemctl daemon-reload`

			`echo "=== Read Secrets"`
			`age -d -i /etc/age/key.txt id.tjo.space/secrets.env.encrypted >id.tjo.space/secrets.env`
			`set -a && source id.tjo.space/secrets.env && set +a`

feat(id.tjo.space): changes 2025-03-07 11:27:13 +00:00			`echo "=== Prepare srv directories"`
			`mkdir -p /srv/authentik/{media,certs,custom-templates}`
			`mkdir -p /srv/postgresql/data`

feat(id.tjo.space): changes 2025-03-07 11:13:53 +00:00			`echo "=== Setup Caddy"`
feat(id.tjo.space): changes 2025-03-07 11:51:13 +00:00			`systemctl restart caddy`
feat(id.tjo.space): changes 2025-03-07 11:13:53 +00:00
			`echo "=== Setup Postgresql"`
feat(id.tjo.space): changes 2025-03-07 11:22:24 +00:00			`mkdir -p /etc/postgresql`
feat(id.tjo.space): changes 2025-03-07 11:13:53 +00:00			`cat <<EOF >/etc/postgresql/secrets.env`
			`POSTGRES_PASSWORD=${POSTGRESQL_PASSWORD}`
			`EOF`
feat(id.tjo.space): changes 2025-03-07 11:51:13 +00:00			`systemctl restart postgresql`
feat(id.tjo.space): changes 2025-03-07 11:13:53 +00:00
feat(id.tjo.space): changes 2025-03-07 11:28:22 +00:00			`echo "=== Setup Valkey"`
feat(id.tjo.space): changes 2025-03-07 11:51:13 +00:00			`systemctl restart valkey`
feat(id.tjo.space): changes 2025-03-07 11:13:53 +00:00
			`echo "=== Setup Authentik Server"`
feat(id.tjo.space): changes 2025-03-07 11:22:24 +00:00			`mkdir -p /etc/authentik`
feat(id.tjo.space): changes 2025-03-07 11:13:53 +00:00			`cat <<EOF >/etc/authentik/secrets.env`
			`AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}`
			`AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}`
			`AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRESQL_PASSWORD}`
			`EOF`
feat(id.tjo.space): changes 2025-03-07 11:51:13 +00:00			`systemctl restart authentik-server`
feat(id.tjo.space): changes 2025-03-07 11:13:53 +00:00
			`echo "=== Setup Authentik Worker"`
feat(id.tjo.space): changes 2025-03-07 11:51:13 +00:00			`systemctl restart authentik-worker`
No results found.