#!/bin/bash SCRIPTHOME=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) export SSLHOME=$SCRIPTHOME/SSL secho() { for ((i=0;i<$1;i++)); do echo ""; done echo $2 } sudo echo -n "" if [ $(whoami) = "root" ]; then echo "sudo せずに実行してください" exit 0 fi echo "0" > $SCRIPTHOME/.setupphase.txt echo "================================================" echo " 認証局の作成" echo "================================================" cd $SSLHOME ./CA.pl -newca if [ $? -ne 0 ]; then echo "処理を中止します" exit fi secho 3 "=== CA証明書部分を切り出す" sed -n "/-----BEGIN/,/CERTIFICATE-----/p" exampleCA/cacert.pem > exampleCA/example.net.ca.crt secho 3 "=== OSにCA証明書を登録" sudo cp exampleCA/example.net.ca.crt /usr/local/share/ca-certificates/ sudo update-ca-certificates echo "1" > $SCRIPTHOME/.setupphase.txt secho 5 echo "================================================" echo " SSL証明書の作成" echo "================================================" cd exampleCA/certs/ echo "=== 証明書署名要求の作成" SSLCERTDIR=$(date +%Y%m%d%H%M)_wildcard.example.net mkdir $SSLCERTDIR cd $SSLCERTDIR $SSLHOME/CA.pl -newreq if [ $? -ne 0 ]; then echo "処理を中止します" exit fi secho 3 "=== CAで署名" $SSLHOME/CA.pl -sign secho 3 "=== SSL証明書部分を切り出す" sed -n "/-----BEGIN/,/CERTIFICATE-----/p" newcert.pem > wildcard.example.net.crt secho 3 "=== 秘密鍵からパスフレーズを削除" openssl pkey -in newkey.pem -out wildcard.example.net.key if [ $? -ne 0 ]; then echo "処理を中止します" exit fi secho 3 "=== SSL証明書と秘密鍵を配置" sudo cp wildcard.example.net.crt /etc/ssl/private sudo cp wildcard.example.net.key /etc/ssl/private echo "2" > $SCRIPTHOME/.setupphase.txt secho 5 echo "================================================" echo " Apacheの設定" echo "================================================" cd $SCRIPTHOME echo "=== Apacheのインストール" sudo apt -y install apache2 if [ $? -ne 0 ]; then echo "処理を中止します" exit fi secho 3 "=== サイト設定" sudo a2dissite 000-default sudo cp apache/*.conf /etc/apache2/sites-available/ sudo a2ensite example.net gitea kopano secho 3 "=== モジュールの有効化" sudo a2enmod ssl rewrite proxy_http headers secho 3 "=== 警告を止める設定" echo "ServerName localhost" | sudo tee /etc/apache2/conf-available/fqdn.conf > /dev/null sudo a2enconf fqdn secho 3 "=== Apacheの再起動" sudo systemctl restart apache2 echo "3" > $SCRIPTHOME/.setupphase.txt secho 5 echo "================================================" echo " git接続設定の構成" echo "================================================" sudo apt -y install ssh if [ $? -ne 0 ]; then echo "処理を中止します" exit fi ssh-keygen -t ed25519 -C "$(whoami) git key" -f ~/.ssh/git-key cat <> ~/.ssh/config host git.example.net HostName git.example.net User $(whoami) IdentityFile ~/.ssh/git-key EOF echo "4" > $SCRIPTHOME/.setupphase.txt secho 5 echo "================================================" echo " ユーザーgitの作成" echo "================================================" sudo useradd -m git if [ $? -ne 0 ]; then echo "処理を中止します" exit fi echo "=== UID/GIDの書き換え" sed -i "s/\(- USER_UID=\)[[:digit:]]\+/\1$(id -u git)/" docker/docker-compose.yml sed -i "s/\(- USER_GID=\)[[:digit:]]\+/\1$(id -g git)/" docker/docker-compose.yml echo "=== gitの証明書の作成" sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key" -f /home/git/.ssh/id_rsa sudo -u git cp /home/git/.ssh/id_rsa.pub /home/git/.ssh/authorized_keys sudo -u git chmod 600 /home/git/.ssh/authorized_keys echo "=== SSHパススルー用のコマンドを生成" cat <<"EOF" | sudo tee /usr/local/bin/gitea > /dev/null #!/bin/sh ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@" EOF sudo chmod +x /usr/local/bin/gitea echo "5" > $SCRIPTHOME/.setupphase.txt secho 5 echo "================================================" echo " コンテナの起動" echo "================================================" cd $SCRIPTHOME/docker SSLCERTDIR=$SCRIPTHOME/SSL/exampleCA/certs/$(ls -r ../SSL/exampleCA/certs | head -n1) echo "=== 証明書の配置" if [ ! -d config/kopano/packages/cert ]; then mkdir config/kopano/packages/cert fi cp $SSLCERTDIR/wildcard.example.net.crt config/kopano/packages/cert/server.crt cp $SSLCERTDIR/wildcard.example.net.key config/kopano/packages/cert/server.key if [ ! -d config/gitea/cert ]; then mkdir config/gitea/cert fi cp ../SSL/exampleCA/example.net.ca.crt config/gitea/cert/ca.crt secho 3 "=== Kopanoパッケージの配置" echo "Kopano Community Edition の core と webapp をダウンロードして" echo "$SCRIPTHOME/docker/config/kopano/packagesにコピーしてください。" echo " core-XX.X.X.XX.XXXXXXX-Ubuntu_20.04-amd64.tar.gz" echo " webapp-X.X.X.XX.XXXXXXX-Ubuntu_20.04-all.tar.gz" echo " ※Xはバージョンを表す英数字になっています。" echo "https://download.kopano.io/community/" read -p "コピーが終わったらEnterキーを押してください。" secho 3 "=== コンテナの起動" sudo docker compose up -d --build if [ $? -ne 0 ]; then echo "処理を中止します" exit fi echo "6" > $SCRIPTHOME/.setupphase.txt secho 5 echo "================================================" echo " rvmのインストール" echo "================================================" cd $SCRIPTHOME sudo apt install gnupg2 gpg --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB \curl -sSL https://get.rvm.io | bash -s stable sed -i '$ a \\n[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm" # Load RVM into a shell session *as a function*' ~/.bashrc if [ $(stat -c %s ~/.bash_profile) -eq 200 ]; then rm ~/.bash_profile; fi if [ $(stat -c %s ~/.mkshrc) -eq 118 ]; then rm ~/.mkshrc; fi if [ $(stat -c %s ~/.zlogin) -eq 118 ]; then rm ~/.zlogin; fi if [ $(stat -c %s ~/.zshrc) -eq 118 ]; then rm ~/.zshrc; fi echo "7" > $SCRIPTHOME/.setupphase.txt secho 5 echo "================================================" echo " hostsの設定" echo "================================================" ./10-hosts.sh echo "8" > $SCRIPTHOME/.setupphase.txt secho 3 "=== セットアップ完了" exit