Final install script release
parent
2cb16a7e81
commit
b26e36a96e
|
@ -17,9 +17,10 @@ InstallDependencies()
|
||||||
wget https://selfprivacy.org/configuration.nix
|
wget https://selfprivacy.org/configuration.nix
|
||||||
wget https://selfprivacy.org/mailserver.nix
|
wget https://selfprivacy.org/mailserver.nix
|
||||||
wget https://selfprivacy.org/goss.nix
|
wget https://selfprivacy.org/goss.nix
|
||||||
|
wget https://selfprivacy.org/goss.yaml
|
||||||
wget https://selfprivacy.org/restic.nix
|
wget https://selfprivacy.org/restic.nix
|
||||||
wget https://selfprivacy.org/restic.yaml
|
|
||||||
wget https://selfprivacy.org/s3cli
|
wget https://selfprivacy.org/s3cli
|
||||||
|
chmod +x s3cli
|
||||||
}
|
}
|
||||||
CollectData()
|
CollectData()
|
||||||
{
|
{
|
||||||
|
@ -44,7 +45,6 @@ GenerateSSHKey()
|
||||||
# Add SSH key to Hetzner
|
# Add SSH key to Hetzner
|
||||||
AddSSHKey()
|
AddSSHKey()
|
||||||
{
|
{
|
||||||
echo "Adding SSH keys to Hetzner..."
|
|
||||||
curl -s \
|
curl -s \
|
||||||
-X POST \
|
-X POST \
|
||||||
-H "Authorization: Bearer $HETZNER_TOKEN" \
|
-H "Authorization: Bearer $HETZNER_TOKEN" \
|
||||||
|
@ -66,8 +66,12 @@ MakeConfig()
|
||||||
sed -i '63s/.*/ email = "'"$USERNAME"'@'"$DOMAIN"'";/' mailserver.nix
|
sed -i '63s/.*/ email = "'"$USERNAME"'@'"$DOMAIN"'";/' mailserver.nix
|
||||||
|
|
||||||
# System Configuration
|
# System Configuration
|
||||||
sed -i "15s,.*,\t\"${sshKey}\"," configuration.nix
|
sed -i "16s,.*,\t\"${sshKey}\"," configuration.nix
|
||||||
sed -i "16s,.*,\t restic -r s3:s3.amazonaws.com/${AWS_BUCKET_NAME} backup /var/vmail /var/vmail ," restic.nix
|
|
||||||
|
# Restic
|
||||||
|
sed -i '14s/.*/\t\tEnvironment = [ "AWS_ACCESS_KEY_ID='$AWS_TOKEN_ID'" "AWS_SECRET_ACCESS_KEY='$AWS_TOKEN'" ];/' restic.nix
|
||||||
|
sed -i "17s,.*,\t restic -r s3:s3.amazonaws.com/${AWS_BUCKET_NAME} backup /var/vmail /var/vmail ," restic.nix
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
MakeServer()
|
MakeServer()
|
||||||
|
@ -98,16 +102,12 @@ CreateS3BucketRaw()
|
||||||
|
|
||||||
CreateS3Bucket()
|
CreateS3Bucket()
|
||||||
{
|
{
|
||||||
mkdir ~/.aws
|
if test -z $(./s3cli -e http://s3.us-east-2.amazonaws.com --ak "$AWS_TOKEN_ID" --sk "$AWS_TOKEN" --region us-east-2 bucket ls | grep backup)
|
||||||
touch ~/.aws/credentials
|
then
|
||||||
echo "[default]" >> ~/.aws/credentials
|
export AWS_BUCKET_NAME=$(pwgen -1 --no-capitalize 6)-backup
|
||||||
echo "aws_access_key_id=$AWS_TOKEN_ID" >> ~/.aws/credentials
|
./s3cli -e http://s3.us-east-2.amazonaws.com --ak "$AWS_TOKEN_ID" --sk "$AWS_TOKEN" --region us-east-2 bucket create $AWS_BUCKET_NAME
|
||||||
echo "aws_secret_access_key=$AWS_TOKEN" >> ~/.aws/credentials
|
else
|
||||||
if [[ -z "$(./s3cli -e http://s3.us-east-2.amazonaws.com --ak "$AWS_TOKEN_ID" --sk "$AWS_TOKEN" --region us-east-2 bucket ls | grep backup)" ]]; then
|
read -p "Restore from backup? y/n " RESTORE_MAILBACKUP
|
||||||
read "AWS S3 bucket found in your account. Do you want to restore backup from there? (y/n) " RESTORE_MAILBACKUP
|
|
||||||
else
|
|
||||||
export AWS_BUCKET_NAME=$(pwgen -1 --no-capitalize 6)-backup
|
|
||||||
./s3cli -e http://s3.us-east-2.amazonaws.com --ak "$AWS_TOKEN_ID" --sk "$AWS_TOKEN" --region us-east-2 bucket create $AWS_BUCKET_NAME
|
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -127,14 +127,14 @@ ApplyConfig()
|
||||||
scp -i ~/.nix-ms/id_rsa mailserver.nix "root@$machineip:/root"
|
scp -i ~/.nix-ms/id_rsa mailserver.nix "root@$machineip:/root"
|
||||||
scp -i ~/.nix-ms/id_rsa configuration.nix "root@$machineip:/root"
|
scp -i ~/.nix-ms/id_rsa configuration.nix "root@$machineip:/root"
|
||||||
scp -i ~/.nix-ms/id_rsa goss.nix "root@$machineip:/root"
|
scp -i ~/.nix-ms/id_rsa goss.nix "root@$machineip:/root"
|
||||||
|
scp -i ~/.nix-ms/id_rsa restic.nix "root@$machineip:/root"
|
||||||
scp -i ~/.nix-ms/id_rsa goss.yaml "root@$machineip:/root"
|
scp -i ~/.nix-ms/id_rsa goss.yaml "root@$machineip:/root"
|
||||||
ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/mailserver.nix /etc/nixos/mailserver.nix
|
ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/mailserver.nix /etc/nixos/mailserver.nix
|
||||||
ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/configuration.nix /etc/nixos/configuration.nix
|
ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/configuration.nix /etc/nixos/configuration.nix
|
||||||
ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/goss.nix /etc/nixos/goss.nix
|
ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/goss.nix /etc/nixos/goss.nix
|
||||||
|
ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/restic.nix /etc/nixos/restic.nix
|
||||||
sleep 3
|
sleep 3
|
||||||
ssh -i ~/.nix-ms/id_rsa "root@$machineip" nixos-rebuild switch
|
ssh -i ~/.nix-ms/id_rsa "root@$machineip" nixos-rebuild switch
|
||||||
ssh -i ~/.nix-ms/id_rsa "root@$machineip" export AWS_ACCESS_KEY_ID=$AWS_TOKEN_ID
|
|
||||||
ssh -i ~/.nix-ms/id_rsa "root@$machineip" export AWS_SECRET_ACCESS_KEY=$AWS_TOKEN
|
|
||||||
}
|
}
|
||||||
|
|
||||||
RestoreBackup()
|
RestoreBackup()
|
||||||
|
@ -158,8 +158,13 @@ ClearTempFiles()
|
||||||
rm $DOMAIN.selector.txt
|
rm $DOMAIN.selector.txt
|
||||||
rm -rf ~/.nix-ms/
|
rm -rf ~/.nix-ms/
|
||||||
rm ~/.ssh/known_hosts
|
rm ~/.ssh/known_hosts
|
||||||
rm .healthz.json
|
rm configuration.nix
|
||||||
rm .hetzner_machines.json
|
rm goss.nix
|
||||||
|
rm goss.yaml
|
||||||
|
rm mailserver.nix
|
||||||
|
rm restic.nix
|
||||||
|
rm s3cli
|
||||||
|
exit 0
|
||||||
}
|
}
|
||||||
|
|
||||||
# Cloudflare configuration
|
# Cloudflare configuration
|
||||||
|
@ -216,8 +221,8 @@ PostInstallation()
|
||||||
{
|
{
|
||||||
ssh -i ~/.nix-ms/id_rsa "root@$machineip" restic -r s3:s3.amazonaws.com/$AWS_BUCKET_NAME init
|
ssh -i ~/.nix-ms/id_rsa "root@$machineip" restic -r s3:s3.amazonaws.com/$AWS_BUCKET_NAME init
|
||||||
ssh -i ~/.nix-ms/id_rsa "root@$machineip" restic -r s3:s3.amazonaws.com/$AWS_BUCKET_NAME forget --prune --keep-hourly 2 --keep-daily 7 --keep-weekly 4
|
ssh -i ~/.nix-ms/id_rsa "root@$machineip" restic -r s3:s3.amazonaws.com/$AWS_BUCKET_NAME forget --prune --keep-hourly 2 --keep-daily 7 --keep-weekly 4
|
||||||
ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/result/bin/goss /root/
|
#ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/result/bin/goss /root/
|
||||||
ssh -i ~/.nix-ms/id_rsa "root@$machineip" /root/goss serve --format json &
|
#ssh -i ~/.nix-ms/id_rsa "root@$machineip" /root/goss serve --format json &
|
||||||
}
|
}
|
||||||
|
|
||||||
PerformTests()
|
PerformTests()
|
||||||
|
@ -254,7 +259,6 @@ then
|
||||||
exit -1
|
exit -1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
#RunPreFlightChecks
|
|
||||||
InstallDependencies
|
InstallDependencies
|
||||||
GenerateSSHKey
|
GenerateSSHKey
|
||||||
printf "Importing SSH key into your Hetzner account..."
|
printf "Importing SSH key into your Hetzner account..."
|
||||||
|
@ -267,11 +271,12 @@ printf "Waiting for the server to create...\n"
|
||||||
MakeServer
|
MakeServer
|
||||||
sleep 30
|
sleep 30
|
||||||
printf "Waiting for nixos-infect to replace system files(this may take some time)...\n"
|
printf "Waiting for nixos-infect to replace system files(this may take some time)...\n"
|
||||||
sleep 240
|
sleep 280
|
||||||
CreateS3Bucket
|
CreateS3Bucket
|
||||||
GetMachineIP
|
GetMachineIP
|
||||||
ApplyConfig
|
ApplyConfig
|
||||||
if [$RESTORE_MAILBACKUP == "y"]; then
|
if [ $RESTORE_MAILBACKUP == "y" ]
|
||||||
|
then
|
||||||
RestoreBackup
|
RestoreBackup
|
||||||
fi
|
fi
|
||||||
GetDKIM
|
GetDKIM
|
||||||
|
@ -286,11 +291,6 @@ CreateSPFRecord
|
||||||
CreateDKIMRecord
|
CreateDKIMRecord
|
||||||
printf "done\n"
|
printf "done\n"
|
||||||
PostInstallation
|
PostInstallation
|
||||||
#PerformTests
|
|
||||||
#while ! ping -c1 192.168.0.107 &>/dev/null
|
|
||||||
# do echo "Ping Fail - `date`"
|
|
||||||
#done
|
|
||||||
#echo "Host Found - `date`"
|
|
||||||
printf "Clearing temporary files..."
|
printf "Clearing temporary files..."
|
||||||
ClearTempFiles
|
ClearTempFiles
|
||||||
printf "done\n"
|
printf "done\n"
|
||||||
|
|
Loading…
Reference in New Issue