4
mirror of git://git.acid.vegas/tools.git synced 2024-12-22 22:36:36 +00:00
tools/deploy/httpd
2024-01-25 23:06:20 -05:00

59 lines
2.7 KiB
Bash
Executable File

#!/bin/sh
# SuperNETs tool for nginx deployment - Developed by acidvegas (https://git.acid.vegas/supertools)
HUB="changeme"
USERNAME=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
PASSWORD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
PORT="changeme"
setup_home() {
mkdir $HOME/www
wget -O $HOME/www/badwords.conf https://raw.githubusercontent.com/supernets/unrealircd/master/doc/conf/badwords.conf
wget -O $HOME/www/except.conf https://raw.githubusercontent.com/supernets/unrealircd/master/doc/conf/except.conf
wget -O $HOME/www/ircd.conf https://raw.githubusercontent.com/supernets/unrealircd/master/doc/conf/unrealircd.remote.conf # edit this
wget -O $HOME/www/modules.conf https://raw.githubusercontent.com/supernets/unrealircd/master/doc/conf/modules.conf
wget -O $HOME/www/opers.conf https://raw.githubusercontent.com/supernets/unrealircd/master/doc/conf/opers.conf # edit this
wget -O $HOME/www/spamfilter.conf https://raw.githubusercontent.com/supernets/unrealircd/master/doc/conf/spamfilter.conf
chown -R acidvegas:acidvegas $HOME/www && chmod -R 755 $HOME/www
}
setup_nginx() {
}
echo "http {"
echo "\taccess_log off;"
echo "\tsendfile on;"
echo "\tsendfile_max_chunk 1m;"
echo "\tserver_tokens off;"
echo "\tserver {"
echo "\t\tlisten [::]:$PORT ssl http2;"
echo "\t\tlisten $PORT ssl http2;"
echo "\t\troot /home/acidvegas/www;"
echo "\t\tserver_name $HUB;"
echo "\t\tcharset UTF-8;"
echo "\t\tsatisfy all;"
echo "\t\tallow 1.1.1.1; # link 1"
echo "\t\tallow 1.1.1.2; # link 2"
echo "\t\tallow 1.1.1.3; # link 3"
echo "\t\tdeny all;"
echo "\t\tauth_basic \"Restricted\";"
echo "\t\tauth_basic_user_file /etc/nginx/.htpasswd;"
echo "\t\tssl_certificate /etc/letsencrypt/live/$HUB/fullchain.pem;"
echo "\t\tssl_certificate_key /etc/letsencrypt/live/$HUB/privkey.pem;"
echo "\t\tssl_session_tickets off;"
echo "\t}"
echo "}"
} > /etc/nginx/nginx.conf
echo "$USERNAME:$(openssl passwd -apr1 $PASSWORD)\n" > /etc/nginx/.htpasswd
systemctl enable nginx && systemctl start nginx
}
setup_certbot() {
certbot certonly --standalone -d $HUB -m admin@supernets.org # fix this
echo -e "[Unit]\nDescription=cerbot renewal\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/certbot renew -n --quiet --agree-tos --deploy-hook systemctl restart nginx" > /etc/systemd/system/certbot.service
echo -e "[Unit]\nDescription=cerbot renewal timer\n\n[Timer]\nOnCalendar=0/12:00:00\nRandomizedDelaySec=1h\nPersistent=true\n\n[Install]\nWantedBy=timers.target" > /etc/systemd/system/certbot.timer
systemctl enable certbot.timer && systemctl start certbot.timer
}
setup_home
setup_nginx
setup_certbot
echo "Remote include: https://$USERNAME:$PASSWORD@$HUB:$PORT/"