|
|
|
@ -5,24 +5,24 @@
|
|
|
|
|
InstallDependencies()
|
|
|
|
|
{
|
|
|
|
|
packagesNeeded='curl jq'
|
|
|
|
|
if [ -x "$(command -v apk)" ]; then sudo apk add --no-cache $packagesNeeded
|
|
|
|
|
elif [ -x "$(command -v apt-get)" ]; then sudo apt-get install $packagesNeeded
|
|
|
|
|
elif [ -x "$(command -v dnf)" ]; then sudo dnf install $packagesNeeded
|
|
|
|
|
elif [ -x "$(command -v zypper)" ]; then sudo zypper install $packagesNeeded
|
|
|
|
|
elif [ -x "$(command -v pacman)" ]; then sudo pacman -S $packagesNeeded
|
|
|
|
|
elif [ -x "$(command -v emerge)" ]; then sudo emerge --ask $packagesNeeded
|
|
|
|
|
if [ -x "$(command -v apk)" ]; then sudo apk add --no-cache $packagesNeeded # Alpine Linux
|
|
|
|
|
elif [ -x "$(command -v apt-get)" ]; then sudo apt-get install $packagesNeeded # Debian/Ubuntu Linux
|
|
|
|
|
elif [ -x "$(command -v dnf)" ]; then sudo dnf install $packagesNeeded # Fedora Linux
|
|
|
|
|
elif [ -x "$(command -v rpm-ostree)" ]; then sudo rpm-ostree install $packagesNeeded # Fedora Linux Silverblue
|
|
|
|
|
elif [ -x "$(command -v zypper)" ]; then sudo zypper install $packagesNeeded # openSUSE Linux
|
|
|
|
|
elif [ -x "$(command -v pacman)" ]; then sudo pacman -S $packagesNeeded # Arch/Manjaro Linux
|
|
|
|
|
elif [ -x "$(command -v emerge)" ]; then sudo emerge --ask $packagesNeeded # Gentoo Linux
|
|
|
|
|
elif [ -x "$(command -v nix-env)" ]; then nix-env -iA $packagesNeeded # NixOS
|
|
|
|
|
else echo "FAILED TO INSTALL PACKAGE: Package manager not found. You must manually install: $packagesNeeded">&2; fi
|
|
|
|
|
wget http://192.168.0.104/configuration.nix
|
|
|
|
|
wget http://192.168.0.104/mailserver.nix
|
|
|
|
|
wget https://selfprivacy.org/configuration.nix
|
|
|
|
|
wget https://selfprivacy.org/mailserver.nix
|
|
|
|
|
}
|
|
|
|
|
CollectData()
|
|
|
|
|
{
|
|
|
|
|
read -p "Please, paste your Hetzner API token here: " HETZNER_TOKEN
|
|
|
|
|
echo $HETZNER_TOKEN
|
|
|
|
|
read -p "Please paste your CloudFlare global API key here: " CLOUDFLARE_TOKEN
|
|
|
|
|
read -p "Please paste your CloudFlare Token: " CLOUDFLARE_TOKEN
|
|
|
|
|
echo $CLOUDFLARE_TOKEN
|
|
|
|
|
read -p "Please enter your CloudFlare e-mail here: " CLOUDFLARE_EMAIL
|
|
|
|
|
echo $CLOUDFLARE_EMAIL
|
|
|
|
|
read -p "Please define your domain there: " DOMAIN
|
|
|
|
|
echo $DOMAIN
|
|
|
|
|
read -p "Please define your mail username: " USERNAME
|
|
|
|
@ -61,7 +61,7 @@ MakeConfig()
|
|
|
|
|
sed -i '31s/.*/\t\t"'"$DOMAIN"'"/' mailserver.nix
|
|
|
|
|
sed -i '41s/.*/\t "admin@'"$DOMAIN"'" = "'"$USERNAME"'@'"$DOMAIN"'";/' mailserver.nix
|
|
|
|
|
sed -i '63s/.*/ email = "'"$USERNAME"'@'"$DOMAIN"'";/' mailserver.nix
|
|
|
|
|
sed -i "15s,.*,\t\"${sshKey}\"," configuration.nix
|
|
|
|
|
sed -i "16s,.*,\t\"${sshKey}\"," configuration.nix
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
MakeServer()
|
|
|
|
@ -89,6 +89,7 @@ ApplyConfig()
|
|
|
|
|
ssh -i ~/.nix-ms/id_rsa "root@$machineip" echo "Authentificated"
|
|
|
|
|
scp -i ~/.nix-ms/id_rsa mailserver.nix "root@$machineip:/root"
|
|
|
|
|
scp -i ~/.nix-ms/id_rsa configuration.nix "root@$machineip:/root"
|
|
|
|
|
scp -i ~/.nix-ms/id_rsa goss.yaml "root@$machineip:/root"
|
|
|
|
|
ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/mailserver.nix /etc/nixos/mailserver.nix
|
|
|
|
|
ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/configuration.nix /etc/nixos/configuration.nix
|
|
|
|
|
sleep 3
|
|
|
|
@ -119,8 +120,7 @@ ClearTempFiles()
|
|
|
|
|
GetZoneID()
|
|
|
|
|
{
|
|
|
|
|
curl -s -X GET "https://api.cloudflare.com/client/v4/zones" \
|
|
|
|
|
-H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
|
|
|
|
|
-H "X-Auth-Key: $CLOUDFLARE_TOKEN" \
|
|
|
|
|
-H "Authorization: Bearer $CLOUDFLARE_TOKEN" \
|
|
|
|
|
-H "Content-Type: application/json" > .cloudflare.json
|
|
|
|
|
export zoneid=$( for i in {0..24}; do jq 'if .result['$i'].name == "'$DOMAIN'" then .result['$i'].id else null end' .cloudflare.json; done | grep -v null | sed -e 's/^"//' -e 's/"$//' )
|
|
|
|
|
}
|
|
|
|
@ -128,8 +128,7 @@ GetZoneID()
|
|
|
|
|
CreateARecord()
|
|
|
|
|
{
|
|
|
|
|
curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" \
|
|
|
|
|
-H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
|
|
|
|
|
-H "X-Auth-Key: $CLOUDFLARE_TOKEN" \
|
|
|
|
|
-H "Authorization: Bearer $CLOUDFLARE_TOKEN" \
|
|
|
|
|
-H "Content-Type: application/json" \
|
|
|
|
|
--data '{"type":"A","name":"'$DOMAIN'","content":"'$machineip'","ttl":3600,"priority":10,"proxied":false}' > /dev/null
|
|
|
|
|
}
|
|
|
|
@ -137,8 +136,7 @@ CreateARecord()
|
|
|
|
|
CreateMXRecord()
|
|
|
|
|
{
|
|
|
|
|
curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" \
|
|
|
|
|
-H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
|
|
|
|
|
-H "X-Auth-Key: $CLOUDFLARE_TOKEN" \
|
|
|
|
|
-H "Authorization: Bearer $CLOUDFLARE_TOKEN" \
|
|
|
|
|
-H "Content-Type: application/json" \
|
|
|
|
|
--data '{"type":"MX","name":"@","content":"'$DOMAIN'","ttl":3600,"priority":10,"proxied":false}' > /dev/null
|
|
|
|
|
}
|
|
|
|
@ -146,8 +144,7 @@ CreateMXRecord()
|
|
|
|
|
CreateDMARCRecord()
|
|
|
|
|
{
|
|
|
|
|
curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" \
|
|
|
|
|
-H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
|
|
|
|
|
-H "X-Auth-Key: $CLOUDFLARE_TOKEN" \
|
|
|
|
|
-H "Authorization: Bearer $CLOUDFLARE_TOKEN" \
|
|
|
|
|
-H "Content-Type: application/json" \
|
|
|
|
|
--data '{"type":"TXT","name":"_dmarc","content":"v=DMARC1; p=none","ttl":18000,"priority":10,"proxied":false}' > /dev/null
|
|
|
|
|
}
|
|
|
|
@ -155,8 +152,7 @@ CreateDMARCRecord()
|
|
|
|
|
CreateSPFRecord()
|
|
|
|
|
{
|
|
|
|
|
curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" \
|
|
|
|
|
-H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
|
|
|
|
|
-H "X-Auth-Key: $CLOUDFLARE_TOKEN" \
|
|
|
|
|
-H "Authorization: Bearer $CLOUDFLARE_TOKEN" \
|
|
|
|
|
-H "Content-Type: application/json" \
|
|
|
|
|
--data '{"type":"TXT","name":"'$DOMAIN'","content":"v=spf1 a mx ip4:'$machineip' -all","ttl":18000,"priority":10,"proxied":false}' > /dev/null
|
|
|
|
|
}
|
|
|
|
@ -164,11 +160,27 @@ CreateSPFRecord()
|
|
|
|
|
CreateDKIMRecord()
|
|
|
|
|
{
|
|
|
|
|
export dkim=$( echo $dkim | sed -e 's/^"//' -e 's/"$//' )
|
|
|
|
|
curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" -H "X-Auth-Email: $CLOUDFLARE_EMAIL" -H "X-Auth-Key: $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" --data '{"type":"TXT","name":"selector._domainkey","content":"v=DKIM1; '$dkim'","ttl":18000,"priority":10,"proxied":false}' > /dev/null
|
|
|
|
|
curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" -H "Authorization: Bearer $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" --data '{"type":"TXT","name":"selector._domainkey","content":"v=DKIM1; '$dkim'","ttl":18000,"priority":10,"proxied":false}' > /dev/null
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
CollectData
|
|
|
|
|
PostInstallation()
|
|
|
|
|
{
|
|
|
|
|
ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/result/bin/goss /root/
|
|
|
|
|
ssh -i ~/.nix-ms/id_rsa "root@$machineip" /root/goss serve --format json &
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
PerformTests()
|
|
|
|
|
{
|
|
|
|
|
curl $machineip:8080/healthz > .healthz.json
|
|
|
|
|
for i in {0..24}; do jq 'if .results['$i'].err != null then "FAIL" else "OK" end' .healthz.json;
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if test -z "$HETZNER_TOKEN" || test -z "$CLOUDFLARE_TOKEN" || test -z "$PASSWORD"
|
|
|
|
|
then
|
|
|
|
|
CollectData
|
|
|
|
|
fi
|
|
|
|
|
InstallDependencies
|
|
|
|
|
GenerateSSHKey
|
|
|
|
|
printf "Importing SSH key into your Hetzner account..."
|
|
|
|
@ -181,7 +193,7 @@ printf "Waiting for the server to create...\n"
|
|
|
|
|
MakeServer
|
|
|
|
|
sleep 30
|
|
|
|
|
printf "Waiting for nixos-infect to replace system files(this may take some time)...\n"
|
|
|
|
|
sleep 180
|
|
|
|
|
sleep 200
|
|
|
|
|
GetMachineIP
|
|
|
|
|
ApplyConfig
|
|
|
|
|
GetDKIM
|
|
|
|
@ -194,7 +206,13 @@ CreateMXRecord
|
|
|
|
|
CreateDMARCRecord
|
|
|
|
|
CreateSPFRecord
|
|
|
|
|
CreateDKIMRecord
|
|
|
|
|
echo "done"
|
|
|
|
|
printf "done\n"
|
|
|
|
|
PostInstallation
|
|
|
|
|
PerformTests
|
|
|
|
|
#while ! ping -c1 192.168.0.107 &>/dev/null
|
|
|
|
|
# do echo "Ping Fail - `date`"
|
|
|
|
|
#done
|
|
|
|
|
#echo "Host Found - `date`"
|
|
|
|
|
printf "Clearing temporary files..."
|
|
|
|
|
ClearTempFiles
|
|
|
|
|
printf "done\n"
|
|
|
|
|