Added installation script. Fixed images
|
@ -14,6 +14,6 @@
|
|||
|
||||
## Установка сервера
|
||||
|
||||
:black_large_square: `curl https://selfprivacy.org/server.sh | sh`
|
||||
:black_large_square: `bash <(curl -s https://selfprivacy.org/server.sh)`
|
||||
|
||||
> Скрипт потребует ключи: Hetzner, CloudFlare, ssh
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
title: "Install SelfPrivacy Server"
|
||||
date: 2020-08-21T13:23:47+03:00
|
||||
draft: true
|
||||
title: "Install"
|
||||
date: 2020-08-21T17:09:10+03:00
|
||||
draft: false
|
||||
|
||||
categories:
|
||||
- HowTo
|
||||
|
@ -55,59 +55,59 @@ If your system and network setup meets all of the requirements, we can start set
|
|||
|
||||
1. In your Hetzner account, go to **Security** tab
|
||||
|
||||
![dashboard](resources/hetzner/1.png)
|
||||
![dashboard](/img/hetzner/1.png)
|
||||
|
||||
2. Go to API Tokens
|
||||
|
||||
![security](resources/hetzner/2.png)
|
||||
![security](/img/hetzner/2.png)
|
||||
|
||||
3. Click "**Generate API Token**"
|
||||
|
||||
![tokens](resources/hetzner/3.png)
|
||||
![tokens](/img/hetzner/3.png)
|
||||
|
||||
4. Give your token a name(aka Token Description)
|
||||
|
||||
![generateTokens](resources/hetzner/4.png)
|
||||
![generateTokens](/img/hetzner/4.png)
|
||||
|
||||
5. Copy your newly generated token
|
||||
|
||||
| WARNING: You won't be able to see this token again, so please save it somewhere else, in the safe place |
|
||||
| --- |
|
||||
|
||||
![copyToken](resources/hetzner/5.png)
|
||||
![copyToken](/img/hetzner/5.png)
|
||||
|
||||
### **Getting CloudFlare public API key**
|
||||
|
||||
1. In your CloudFlare account, click onto account icon at the upper right corner
|
||||
|
||||
![dashboard](resources/cloudflare/1.png)
|
||||
![dashboard](/img/cloudflare/1.png)
|
||||
|
||||
2. At the newly appeared dropdown menu, click **My Profile**
|
||||
|
||||
![dropdown](resources/cloudflare/2.png)
|
||||
![dropdown](/img/cloudflare/2.png)
|
||||
|
||||
3. In your account settings, open **API Tokens** tab
|
||||
|
||||
![myAccount](resources/cloudflare/3.png)
|
||||
![myAccount](/img/cloudflare/3.png)
|
||||
|
||||
4. At the tokens tab, click **View** button, opposite of "Global API key" row
|
||||
|
||||
![globalAPIKey](resources/cloudflare/4.png)
|
||||
![globalAPIKey](/img/cloudflare/4.png)
|
||||
|
||||
5. Enter your pasword, complete capcha and click **View**
|
||||
|
||||
![securityCheck](resources/cloudflare/5.png)
|
||||
![securityCheck](/img/cloudflare/5.png)
|
||||
|
||||
6. Your key will be shown. Click **Copy** button to store it in the clipboard
|
||||
|
||||
![key](resources/cloudflare/6.png)
|
||||
![key](/img/cloudflare/6.png)
|
||||
|
||||
## Running a script
|
||||
|
||||
From now, you`re ready to start setting up a mailbox. To run a script, type:
|
||||
|
||||
```
|
||||
./install.sh
|
||||
bash <(curl -s https://selfprivacy.org/server.sh)
|
||||
```
|
||||
|
||||
## Manual Installation
|
||||
|
|
After Width: | Height: | Size: 104 KiB |
After Width: | Height: | Size: 114 KiB |
After Width: | Height: | Size: 79 KiB |
After Width: | Height: | Size: 94 KiB |
After Width: | Height: | Size: 98 KiB |
After Width: | Height: | Size: 130 KiB |
After Width: | Height: | Size: 52 KiB |
After Width: | Height: | Size: 61 KiB |
After Width: | Height: | Size: 74 KiB |
After Width: | Height: | Size: 93 KiB |
After Width: | Height: | Size: 93 KiB |
|
@ -0,0 +1,200 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Collecting authentification data
|
||||
|
||||
InstallDependencies()
|
||||
{
|
||||
packagesNeeded='curl jq'
|
||||
if [ -x "$(command -v apk)" ]; then sudo apk add --no-cache $packagesNeeded
|
||||
elif [ -x "$(command -v apt-get)" ]; then sudo apt-get install $packagesNeeded
|
||||
elif [ -x "$(command -v dnf)" ]; then sudo dnf install $packagesNeeded
|
||||
elif [ -x "$(command -v zypper)" ]; then sudo zypper install $packagesNeeded
|
||||
elif [ -x "$(command -v pacman)" ]; then sudo pacman -S $packagesNeeded
|
||||
elif [ -x "$(command -v emerge)" ]; then sudo emerge --ask $packagesNeeded
|
||||
else echo "FAILED TO INSTALL PACKAGE: Package manager not found. You must manually install: $packagesNeeded">&2; fi
|
||||
wget http://192.168.0.104/configuration.nix
|
||||
wget http://192.168.0.104/mailserver.nix
|
||||
}
|
||||
CollectData()
|
||||
{
|
||||
read -p "Please, paste your Hetzner API token here: " HETZNER_TOKEN
|
||||
echo $HETZNER_TOKEN
|
||||
read -p "Please paste your CloudFlare global API key here: " CLOUDFLARE_TOKEN
|
||||
echo $CLOUDFLARE_TOKEN
|
||||
read -p "Please enter your CloudFlare e-mail here: " CLOUDFLARE_EMAIL
|
||||
echo $CLOUDFLARE_EMAIL
|
||||
read -p "Please define your domain there: " DOMAIN
|
||||
echo $DOMAIN
|
||||
read -p "Please define your mail username: " USERNAME
|
||||
echo $USERNAME
|
||||
read -p "Please define your password: " PASSWORD && PASSWORD=$( mkpasswd -m sha-512 "$PASSWORD" )
|
||||
}
|
||||
|
||||
# Generate SSH key
|
||||
GenerateSSHKey()
|
||||
{
|
||||
echo "Generating SSH keys..."
|
||||
mkdir ~/.nix-ms
|
||||
ssh-keygen -f ~/.nix-ms/id_rsa > /dev/null
|
||||
export sshKey=$( cat ~/.nix-ms/id_rsa.pub )
|
||||
}
|
||||
|
||||
# Add SSH key to Hetzner
|
||||
AddSSHKey()
|
||||
{
|
||||
echo "Adding SSH keys to Hetzner..."
|
||||
curl -s \
|
||||
-X POST \
|
||||
-H "Authorization: Bearer $HETZNER_TOKEN" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{"name":"nixosms","public_key":"'"${sshKey}"'","labels":{}}' \
|
||||
'https://api.hetzner.cloud/v1/ssh_keys' > /dev/null
|
||||
}
|
||||
|
||||
# Create NixOS config file
|
||||
MakeConfig()
|
||||
{
|
||||
sed -i '15s/.*/ fqdn = "'$DOMAIN'";/' mailserver.nix
|
||||
sed -i '16s/.*/ domains = [ "'"$DOMAIN"'" ];/' mailserver.nix
|
||||
sed -i '21s/.*/\t"'$USERNAME'@'$DOMAIN'" = {/' mailserver.nix
|
||||
sed -i '22s/.*/\t hashedPassword = "'"$PASSWORD"'";/' mailserver.nix
|
||||
sed -i '31s/.*/\t\t"'"$DOMAIN"'"/' mailserver.nix
|
||||
sed -i '41s/.*/\t "admin@'"$DOMAIN"'" = "'"$USERNAME"'@'"$DOMAIN"'";/' mailserver.nix
|
||||
sed -i '63s/.*/ email = "'"$USERNAME"'@'"$DOMAIN"'";/' mailserver.nix
|
||||
sed -i "15s,.*,\t\"${sshKey}\"," configuration.nix
|
||||
}
|
||||
|
||||
MakeServer()
|
||||
{
|
||||
echo "Creating Server..."
|
||||
curl -s \
|
||||
-X POST \
|
||||
-H "Authorization: Bearer $HETZNER_TOKEN" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{"name":"nixos-mailserver","server_type":"cx11","start_after_create":true,"image":"ubuntu-20.04","ssh_keys":["nixosms"],"volumes":[],"networks":[],"user_data":"#cloud-config\nruncmd:\n- curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=hetzner NIX_CHANNEL=nixos-20.03 bash 2>&1 | tee /tmp/infect.log","labels":{},"automount":false}' \
|
||||
'https://api.hetzner.cloud/v1/servers' > /dev/null
|
||||
}
|
||||
# Get machine IP
|
||||
GetMachineIP()
|
||||
{
|
||||
curl -s \
|
||||
-H "Authorization: Bearer $HETZNER_TOKEN" \
|
||||
'https://api.hetzner.cloud/v1/servers' > .machine.json
|
||||
export machineip=$( for i in {0..24}; do jq 'if .servers['$i'].name == "nixos-mailserver" then .servers['$i'].public_net.ipv4.ip else null end' .machine.json; done | grep -v null | sed 's/"//' | sed 's/"//' )
|
||||
}
|
||||
|
||||
# Copy and apply mailserver config
|
||||
ApplyConfig()
|
||||
{
|
||||
ssh -i ~/.nix-ms/id_rsa "root@$machineip" echo "Authentificated"
|
||||
scp -i ~/.nix-ms/id_rsa mailserver.nix "root@$machineip:/root"
|
||||
scp -i ~/.nix-ms/id_rsa configuration.nix "root@$machineip:/root"
|
||||
ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/mailserver.nix /etc/nixos/mailserver.nix
|
||||
ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/configuration.nix /etc/nixos/configuration.nix
|
||||
sleep 3
|
||||
ssh -i ~/.nix-ms/id_rsa "root@$machineip" nixos-rebuild switch
|
||||
}
|
||||
|
||||
# Get DKIM keys from remote machine
|
||||
GetDKIM()
|
||||
{
|
||||
scp -i ~/.nix-ms/id_rsa "root@$machineip:/var/dkim/$DOMAIN.selector.txt" .
|
||||
sed -i '1d' $DOMAIN.selector.txt
|
||||
sed -i 's/ ) ; ----- DKIM key selector for '$DOMAIN'//g' $DOMAIN.selector.txt
|
||||
export dkim=$( cat $DOMAIN.selector.txt )
|
||||
}
|
||||
|
||||
ClearTempFiles()
|
||||
{
|
||||
rm .machine.json
|
||||
rm .cloudflare.json
|
||||
rm $DOMAIN.selector.txt
|
||||
rm -rf ~/.nix-ms/
|
||||
rm ~/.ssh/known_hosts
|
||||
}
|
||||
|
||||
# Cloudflare configuration
|
||||
|
||||
# Get zone ID
|
||||
GetZoneID()
|
||||
{
|
||||
curl -s -X GET "https://api.cloudflare.com/client/v4/zones" \
|
||||
-H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
|
||||
-H "X-Auth-Key: $CLOUDFLARE_TOKEN" \
|
||||
-H "Content-Type: application/json" > .cloudflare.json
|
||||
export zoneid=$( for i in {0..24}; do jq 'if .result['$i'].name == "'$DOMAIN'" then .result['$i'].id else null end' .cloudflare.json; done | grep -v null | sed -e 's/^"//' -e 's/"$//' )
|
||||
}
|
||||
# Create records
|
||||
CreateARecord()
|
||||
{
|
||||
curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" \
|
||||
-H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
|
||||
-H "X-Auth-Key: $CLOUDFLARE_TOKEN" \
|
||||
-H "Content-Type: application/json" \
|
||||
--data '{"type":"A","name":"'$DOMAIN'","content":"'$machineip'","ttl":3600,"priority":10,"proxied":false}' > /dev/null
|
||||
}
|
||||
|
||||
CreateMXRecord()
|
||||
{
|
||||
curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" \
|
||||
-H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
|
||||
-H "X-Auth-Key: $CLOUDFLARE_TOKEN" \
|
||||
-H "Content-Type: application/json" \
|
||||
--data '{"type":"MX","name":"@","content":"'$DOMAIN'","ttl":3600,"priority":10,"proxied":false}' > /dev/null
|
||||
}
|
||||
|
||||
CreateDMARCRecord()
|
||||
{
|
||||
curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" \
|
||||
-H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
|
||||
-H "X-Auth-Key: $CLOUDFLARE_TOKEN" \
|
||||
-H "Content-Type: application/json" \
|
||||
--data '{"type":"TXT","name":"_dmarc","content":"v=DMARC1; p=none","ttl":18000,"priority":10,"proxied":false}' > /dev/null
|
||||
}
|
||||
|
||||
CreateSPFRecord()
|
||||
{
|
||||
curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" \
|
||||
-H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
|
||||
-H "X-Auth-Key: $CLOUDFLARE_TOKEN" \
|
||||
-H "Content-Type: application/json" \
|
||||
--data '{"type":"TXT","name":"'$DOMAIN'","content":"v=spf1 a mx ip4:'$machineip' -all","ttl":18000,"priority":10,"proxied":false}' > /dev/null
|
||||
}
|
||||
|
||||
CreateDKIMRecord()
|
||||
{
|
||||
export dkim=$( echo $dkim | sed -e 's/^"//' -e 's/"$//' )
|
||||
curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" -H "X-Auth-Email: $CLOUDFLARE_EMAIL" -H "X-Auth-Key: $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" --data '{"type":"TXT","name":"selector._domainkey","content":"v=DKIM1; '$dkim'","ttl":18000,"priority":10,"proxied":false}' > /dev/null
|
||||
|
||||
}
|
||||
|
||||
CollectData
|
||||
InstallDependencies
|
||||
GenerateSSHKey
|
||||
printf "Importing SSH key into your Hetzner account..."
|
||||
AddSSHKey
|
||||
printf "done\n"
|
||||
printf "Generating config file..."
|
||||
MakeConfig
|
||||
printf "done\n"
|
||||
printf "Waiting for the server to create...\n"
|
||||
MakeServer
|
||||
sleep 30
|
||||
printf "Waiting for nixos-infect to replace system files(this may take some time)...\n"
|
||||
sleep 180
|
||||
GetMachineIP
|
||||
ApplyConfig
|
||||
GetDKIM
|
||||
|
||||
echo "Beginning CloudFlare configuration"
|
||||
GetZoneID
|
||||
printf "Creating records..."
|
||||
CreateARecord
|
||||
CreateMXRecord
|
||||
CreateDMARCRecord
|
||||
CreateSPFRecord
|
||||
CreateDKIMRecord
|
||||
echo "done"
|
||||
printf "Clearing temporary files..."
|
||||
ClearTempFiles
|
||||
printf "done\n"
|