From f3731f88504c022263a49c7d424ef0768a118618 Mon Sep 17 00:00:00 2001 From: Illia Chub Date: Sat, 12 Sep 2020 22:06:27 +0300 Subject: [PATCH] Installation script enchansements --- static/server.sh | 77 ++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 61 insertions(+), 16 deletions(-) diff --git a/static/server.sh b/static/server.sh index 19cc33a..bcd9b4e 100755 --- a/static/server.sh +++ b/static/server.sh @@ -4,17 +4,17 @@ InstallDependencies() { - packagesNeeded='curl jq mkpasswd pwgen' - if [ -x "$(command -v apk)" ]; then sudo apk add --no-cache $packagesNeeded # Alpine Linux - elif [ -x "$(command -v apt-get)" ]; then sudo apt-get install curl jq whois pwgen # Debian/Ubuntu Linux - elif [ -x "$(command -v dnf)" ]; then sudo dnf install $packagesNeeded # Fedora Linux + packagesNeeded='curl jq pwgen vim nano' + if [ -x "$(command -v apk)" ]; then sudo apk add --no-cache $packagesNeeded # Alpine Linux + elif [ -x "$(command -v apt-get)" ]; then sudo apt-get install curl jq whois pwgen # Debian/Ubuntu Linux + elif [ -x "$(command -v dnf)" ]; then sudo dnf install $packagesNeeded # Fedora Linux elif [ -x "$(command -v rpm-ostree)" ]; then sudo rpm-ostree install $packagesNeeded # Fedora Linux Silverblue - elif [ -x "$(command -v zypper)" ]; then sudo zypper install $packagesNeeded # openSUSE Linux - elif [ -x "$(command -v pacman)" ]; then sudo pacman -S $packagesNeeded # Arch/Manjaro Linux - elif [ -x "$(command -v emerge)" ]; then sudo emerge --ask $packagesNeeded # Gentoo Linux - elif [ -x "$(command -v nix-env)" ]; then nix-env -iA $packagesNeeded # NixOS + elif [ -x "$(command -v zypper)" ]; then sudo zypper install $packagesNeeded # openSUSE Linux + elif [ -x "$(command -v pacman)" ]; then sudo pacman -S $packagesNeeded # Arch/Manjaro Linux + elif [ -x "$(command -v emerge)" ]; then sudo emerge --ask $packagesNeeded # Gentoo Linux + elif [ -x "$(command -v nix-env)" ]; then sudo nix-env -iA $packagesNeeded # NixOS + elif [ -x "$(command -v pkg)" ]; then sudo pkg install $packagesNeeded # FreeBSD else echo "FAILED TO INSTALL PACKAGE: Package manager not found. You must manually install: $packagesNeeded">&2; fi - PASSWORD=$( mkpasswd -m sha-512 "$PASSWORD" ) wget https://selfprivacy.org/configuration.nix wget https://selfprivacy.org/mailserver.nix wget https://selfprivacy.org/goss.nix @@ -24,7 +24,7 @@ InstallDependencies() wget https://selfprivacy.org/s3cli chmod +x s3cli chmod +x mkpasswd - PASSWORD=$( ./mkpasswd -m sha-512 "$PASSWORD" ) + export PASSWORD=$( ./mkpasswd -m sha-512 "$PASSWORD" ) } CollectData() { @@ -33,7 +33,7 @@ CollectData() read -p "Please, paste your AWS Secret Access Key: " AWS_TOKEN read -p "Please, paste your AWS Access Key ID: " AWS_TOKEN_ID read -p "Please, define your domain there: " DOMAIN - read -p "Please, define your mail username: " USERNAME + read -p "Please, define your mail username: " USER read -p "Please, define your password: " PASSWORD } @@ -63,11 +63,12 @@ MakeConfig() # Mailserver sed -i '15s/.*/ fqdn = "'$DOMAIN'";/' mailserver.nix sed -i '16s/.*/ domains = [ "'"$DOMAIN"'" ];/' mailserver.nix - sed -i '21s/.*/\t"'$USERNAME'@'$DOMAIN'" = {/' mailserver.nix - sed -i '22s/.*/\t hashedPassword = "'"$PASSWORD"'";/' mailserver.nix + sed -i '21s/.*/\t"'$USER'@'$DOMAIN'" = {/' mailserver.nix + #sed -i '22s/.*/\t hashedPassword = "'"$PASSWORD"'";/' mailserver.nix + sed -i "22s,.*,\t\ hashedPassword = \"${PASSWORD}\";," mailserver.nix sed -i '31s/.*/\t\t"'"$DOMAIN"'"/' mailserver.nix - sed -i '48s/.*/\t "admin@'"$DOMAIN"'" = "'"$USERNAME"'@'"$DOMAIN"'";/' mailserver.nix - sed -i '70s/.*/ email = "'"$USERNAME"'@'"$DOMAIN"'";/' mailserver.nix + sed -i '48s/.*/\t "admin@'"$DOMAIN"'" = "'"$USER"'@'"$DOMAIN"'";/' mailserver.nix + sed -i '70s/.*/ email = "'"$USER"'@'"$DOMAIN"'";/' mailserver.nix # System Configuration sed -i "16s,.*,\t\"${sshKey}\"," configuration.nix @@ -75,6 +76,7 @@ MakeConfig() # Restic sed -i '14s/.*/\t\tEnvironment = [ "AWS_ACCESS_KEY_ID='$AWS_TOKEN_ID'" "AWS_SECRET_ACCESS_KEY='$AWS_TOKEN'" ];/' restic.nix sed -i "17s,.*,\t restic -r s3:s3.amazonaws.com/${AWS_BUCKET_NAME} backup /var/vmail /var/vmail ," restic.nix + vim mailserver.nix } @@ -169,6 +171,9 @@ ClearTempFiles() rm mailserver.nix rm restic.nix rm s3cli + rm .dns_records.json + rm .records + rm mkpasswd exit 0 } @@ -182,6 +187,38 @@ GetZoneID() -H "Content-Type: application/json" > .cloudflare.json export zoneid=$( for i in {0..24}; do jq 'if .result['$i'].name == "'$DOMAIN'" then .result['$i'].id else null end' .cloudflare.json; done | grep -v null | sed -e 's/^"//' -e 's/"$//' ) } + +#Purge DNS records + +PurgeDNSRecords() +{ +curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" \ + -H "Authorization: Bearer $CLOUDFLARE_TOKEN" \ + -H "Content-Type: application/json" > .dns_records.json + +for i in {0..24} +do +jq '.result['$i'].id' .dns_records.json +done | grep -v null | sed 's/"//g' > .records + +export recordIDs=() +while IFS= read -r line +do + recordIDs+=("$line") +done < .records + +for recordid in "${recordIDs[@]}" +do + echo $zoneid + echo $recordid + echo $CLOUDFLARE_TOKEN + curl -X DELETE "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records/$recordid" \ + -H "Authorization: Bearer $CLOUDFLARE_TOKEN" \ + -H "Content-Type: application/json" +done + +} + # Create records CreateARecord() { @@ -279,6 +316,15 @@ printf "Waiting for nixos-infect to replace system files(this may take some time sleep 280 CreateS3Bucket GetMachineIP +read -p "ALL YOUR EXISTING DNS RECORDS ON CLOUDFLARE WILL BE REMOVED!!! ARE YOU SURE(y/N) " CREATEDNS +if [ $CREATEDNS != "y" || $CREATEDNS == "Y" ] +then +exit -1 +fi +printf "Purging records..." +PurgeDNSRecords +printf "done" +CreateARecord ApplyConfig if [ $RESTORE_MAILBACKUP == "y" ] then @@ -289,7 +335,6 @@ GetDKIM echo "Beginning CloudFlare configuration" GetZoneID printf "Creating records..." -CreateARecord CreateMXRecord CreateDMARCRecord CreateSPFRecord