rorenv/01-setup.sh

221 lines
6.1 KiB
Bash
Raw Normal View History

2023-04-29 21:11:49 +09:00
#!/bin/bash
SCRIPTHOME=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
export SSLHOME=$SCRIPTHOME/SSL
secho() {
for ((i=0;i<$1;i++)); do echo ""; done
echo $2
}
sudo echo -n ""
if [ $(whoami) = "root" ]; then
echo "sudo せずに実行してください"
exit 0
fi
echo "0" > $SCRIPTHOME/.setupphase.txt
echo "================================================"
echo " 認証局の作成"
echo "================================================"
cd $SSLHOME
./CA.pl -newca
if [ $? -ne 0 ]; then
echo "処理を中止します"
exit
fi
secho 3 "=== CA証明書部分を切り出す"
sed -n "/-----BEGIN/,/CERTIFICATE-----/p" exampleCA/cacert.pem > exampleCA/example.net.ca.crt
secho 3 "=== OSにCA証明書を登録"
sudo cp exampleCA/example.net.ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
echo "1" > $SCRIPTHOME/.setupphase.txt
secho 5
echo "================================================"
echo " SSL証明書の作成"
echo "================================================"
cd exampleCA/certs/
echo "=== 証明書署名要求の作成"
SSLCERTDIR=$(date +%Y%m%d%H%M)_wildcard.example.net
mkdir $SSLCERTDIR
cd $SSLCERTDIR
$SSLHOME/CA.pl -newreq
if [ $? -ne 0 ]; then
echo "処理を中止します"
exit
fi
secho 3 "=== CAで署名"
$SSLHOME/CA.pl -sign
secho 3 "=== SSL証明書部分を切り出す"
sed -n "/-----BEGIN/,/CERTIFICATE-----/p" newcert.pem > wildcard.example.net.crt
secho 3 "=== 秘密鍵からパスフレーズを削除"
openssl pkey -in newkey.pem -out wildcard.example.net.key
if [ $? -ne 0 ]; then
echo "処理を中止します"
exit
fi
secho 3 "=== SSL証明書と秘密鍵を配置"
sudo cp wildcard.example.net.crt /etc/ssl/private
sudo cp wildcard.example.net.key /etc/ssl/private
echo "2" > $SCRIPTHOME/.setupphase.txt
secho 5
echo "================================================"
echo " Apacheの設定"
echo "================================================"
cd $SCRIPTHOME
echo "=== Apacheのインストール"
sudo apt -y install apache2
if [ $? -ne 0 ]; then
echo "処理を中止します"
exit
fi
secho 3 "=== サイト設定"
sudo a2dissite 000-default
sudo cp apache/*.conf /etc/apache2/sites-available/
sudo a2ensite example.net gitea kopano
secho 3 "=== モジュールの有効化"
sudo a2enmod ssl rewrite proxy_http headers
secho 3 "=== 警告を止める設定"
echo "ServerName localhost" | sudo tee /etc/apache2/conf-available/fqdn.conf > /dev/null
sudo a2enconf fqdn
secho 3 "=== Apacheの再起動"
sudo systemctl restart apache2
echo "3" > $SCRIPTHOME/.setupphase.txt
secho 5
echo "================================================"
echo " git接続設定の構成"
echo "================================================"
sudo apt -y install ssh
if [ $? -ne 0 ]; then
echo "処理を中止します"
exit
fi
ssh-keygen -t ed25519 -C "$(whoami) git key" -f ~/.ssh/git-key
cat <<EOF >> ~/.ssh/config
host git.example.net
HostName git.example.net
User $(whoami)
IdentityFile ~/.ssh/git-key
EOF
echo "4" > $SCRIPTHOME/.setupphase.txt
secho 5
echo "================================================"
echo " ユーザーgitの作成"
echo "================================================"
sudo useradd -m git
if [ $? -ne 0 ]; then
echo "処理を中止します"
exit
fi
echo "=== gitの証明書の作成"
sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key" -f /home/git/.ssh/id_rsa
sudo -u git cp /home/git/.ssh/id_rsa.pub /home/git/.ssh/authorized_keys
sudo -u git chmod 600 /home/git/.ssh/authorized_keys
echo "=== SSHパススルー用のコマンドを生成"
cat <<"EOF" | sudo tee /usr/local/bin/gitea > /dev/null
#!/bin/sh
ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
EOF
sudo chmod +x /usr/local/bin/gitea
echo "5" > $SCRIPTHOME/.setupphase.txt
secho 5
echo "================================================"
echo " コンテナの起動"
echo "================================================"
cd $SCRIPTHOME/docker
SSLCERTDIR=$SCRIPTHOME/SSL/exampleCA/certs/$(ls -r ../SSL/exampleCA/certs | head -n1)
echo "=== 証明書の配置"
if [ ! -d config/kopano/packages/cert ]; then
mkdir config/kopano/packages/cert
fi
cp $SSLCERTDIR/wildcard.example.net.crt config/kopano/packages/cert/server.crt
cp $SSLCERTDIR/wildcard.example.net.key config/kopano/packages/cert/server.key
if [ ! -d config/gitea/cert ]; then
mkdir config/gitea/cert
fi
cp ../SSL/exampleCA/example.net.ca.crt config/gitea/cert/ca.crt
secho 3 "=== Kopanoパッケージの配置"
echo "Kopano Community Edition の core と webapp をダウンロードして"
echo "$SCRIPTHOME/docker/config/kopano/packagesにコピーしてください。"
echo " core-XX.X.X.XX.XXXXXXX-Ubuntu_20.04-amd64.tar.gz"
echo " webapp-X.X.X.XX.XXXXXXX-Ubuntu_20.04-all.tar.gz"
echo " ※Xはバージョンを表す英数字になっています。"
echo "https://download.kopano.io/community/"
read -p "コピーが終わったらEnterキーを押してください。"
secho 3 "=== コンテナの起動"
sudo docker compose up -d --build
if [ $? -ne 0 ]; then
echo "処理を中止します"
exit
fi
echo "6" > $SCRIPTHOME/.setupphase.txt
secho 5
echo "================================================"
echo " rvmのインストール"
echo "================================================"
cd $SCRIPTHOME
sudo apt install gnupg2
gpg --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB
\curl -sSL https://get.rvm.io | bash -s stable
sed -i '$ a \\n[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm" # Load RVM into a shell session *as a function*' ~/.bashrc
if [ $(stat -c %s ~/.bash_profile) -eq 200 ]; then rm ~/.bash_profile; fi
if [ $(stat -c %s ~/.mkshrc) -eq 118 ]; then rm ~/.mkshrc; fi
if [ $(stat -c %s ~/.zlogin) -eq 118 ]; then rm ~/.zlogin; fi
if [ $(stat -c %s ~/.zshrc) -eq 118 ]; then rm ~/.zshrc; fi
echo "7" > $SCRIPTHOME/.setupphase.txt
secho 5
echo "================================================"
echo " hostsの設定"
echo "================================================"
./10-hosts.sh
echo "8" > $SCRIPTHOME/.setupphase.txt
secho 3 "=== セットアップ完了"
exit