Sign upLogin

svthalia/concrexit

View on GitHub
Star
infra/debian-install.sh

Summary

Maintainability
Test Coverage
#! /bin/sh

# This script sets a server up to run concrexit, by installing Docker, creating
# users, and some filesystem setup. It should be run as root, and expects
# a domain (e.g. "staging.thalia.nu", used to set hostname) as an argument.
# For example: `sudo sh debian-install.sh staging.thalia.nu`
#
# If anything goes wrong, you'll have to fix it manually.

# Stop if anything fails.
set -e

# Check input.
DOMAIN=$1
if [ -z "$DOMAIN" ]; then
    echo "Usage: $0 <domain>"
    exit 1
fi

if [ $(id -u) -ne 0 ]
  then echo "Please run as root"
  exit
fi

# Some functions used later.
export COLOR='\e[1;34m' # Bold blue.
export NO_COLOR='\e[0m'

step() {
    echo "\n$COLOR$1$NO_COLOR\n"
}

create_user() {
    username=$1
    ssh_key=$2

    # Create the user and add the SSH key.
    adduser --disabled-password --gecos "" $username
    adduser $username sudo
    mkdir /home/$username/.ssh
    echo "$ssh_key" > /home/$username/.ssh/authorized_keys
    chown -R $username:$username /home/$username/.ssh
    chmod 700 /home/$username/.ssh
    chmod 600 /home/$username/.ssh/authorized_keys

    # Allow the user to run sudo without a password.
    echo "$username ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/$username
}

if [ -f .debian-install-started ]; then
    echo ".debian-install-started already exists, so this script has already run."
    exit 1
fi

touch .debian-install-started

# Set hostname.
step "Setting hostname ($DOMAIN)..."
hostnamectl set-hostname $DOMAIN
echo "preserve_hostname: true" | sudo tee -a /etc/cloud/cloud.cfg

# Set up a swapfile and some performance settings (https://www.digitalocean.com/community/tutorials/how-to-add-swap-space-on-debian-11).
step "Setting up swapfile and performance settings..."
fallocate -l 4G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
sysctl vm.swappiness=20
sysctl vm.vfs_cache_pressure=50

# Persist the swapfile and performance settings.
echo "/swapfile none swap sw 0 0" | tee -a /etc/fstab
echo vm.swappiness=20 | tee -a /etc/sysctl.conf
echo vm.vfs_cache_pressure=80 | tee -a /etc/sysctl.conf

# Set up the postgres volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-using-volumes.html).
step "Setting up postgres volume..."

# Format the volume if it's not already formatted as ext4.
if ! file -L -s /dev/sdf | grep ext4; then
    mkfs -t ext4 /dev/sdf
fi

# Mount the volume.
mkdir -p /volumes/postgres
mount /dev/sdf /volumes/postgres

# Persist the mount.
POSTGRES_VOL_UUID=$(blkid /dev/sdf -s UUID -o value)
echo "UUID=$POSTGRES_VOL_UUID /volumes/postgres ext4 defaults,nofail 0 2" | tee -a /etc/fstab

# Install rsync.
step "Installing rsync..."
apt-get update -q -y
apt-get install -y rsync

# Install Docker Engine (https://docs.docker.com/engine/install/debian/).
step "Installing Docker Engine..."
apt-get update -q -y
apt-get install -q -y \
    ca-certificates \
    curl \
    gnupg

mkdir -m 0755 -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg

echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  tee /etc/apt/sources.list.d/docker.list > /dev/null

apt-get update -q -y

apt-get install -q -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

# Start Docker on boot (https://docs.docker.com/engine/install/linux-postinstall/).
step "Setting up Docker to start on boot..."
systemctl enable docker.service
systemctl enable containerd.service

# Set up deployment user. This user will be used by GitHub Actions to deploy.
step "Creating deployment user..."
create_user deploy "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOj2jPKZloJuWgVaZUKJ0n8J+Zpj34+GiPgNiX1N31hP"

# Create directory for concrexit.
step "Creating directory for concrexit..."
mkdir /var/lib/concrexit
chown -R deploy:deploy /var/lib/concrexit


# Set up users.
step "Creating users..."
create_user dirk "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIgMsOXBM1i1/GHoZIJpXQIm+dU5SRMat7HtZSKVrl5T"
create_user quinten "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8GLsrAXmnzd7ps5BI12KG/sN4apUPGksVZq6n6jtY2 quinten@epsilon"
create_user ties "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIYxMh74Ocgn0l7I0rrWiQ4uTcWgYo6UX3WgNZWPpUXF tiesdirksen@gmail.com"

step "Done :)"