forked from opensourcewebsite-org/osw-devops
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall.sh
executable file
·91 lines (68 loc) · 2.78 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/usr/bin/env bash
set -euo pipefail
UBUNTU_VERSION=$(grep -F VERSION_ID /etc/os-release | cut -d\" -f2)
UBUNTU_CODENAME=$(grep -F VERSION_CODENAME /etc/os-release | cut -d= -f2)
SALT_RELEASE='3006'
apt-get update
apt-get full-upgrade -y
apt-get install wget -y
if ! [[ -d /etc/apt/keyrings ]]; then
mkdir /etc/apt/keyrings
fi
wget -qO /etc/apt/keyrings/salt-archive-keyring-2023.gpg "https://repo.saltproject.io/salt/py3/ubuntu/${UBUNTU_VERSION}/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg"
cat <<EOF > /etc/apt/sources.list.d/salt.list
deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=amd64] https://repo.saltproject.io/salt/py3/ubuntu/${UBUNTU_VERSION}/amd64/${SALT_RELEASE} ${UBUNTU_CODENAME} main
EOF
apt-get update
apt-get install salt-master salt-minion -y
cat <<EOF > /etc/salt/master
fileserver_backend:
- git
gitfs_provider: gitpython
gitfs_update_interval: 80
gitfs_saltenv_whitelist:
- base
gitfs_remotes:
- https://github.com/saltstack-formulas/salt-formula.git
- https://github.com/saltstack-formulas/cron-formula.git
- https://github.com/saltstack-formulas/nginx-formula.git
- https://github.com/saltstack-formulas/php-formula.git
- https://github.com/saltstack-formulas/supervisor-formula.git
- https://github.com/saltstack-formulas/users-formula.git
- https://github.com/saltstack-formulas/logrotate-formula.git
- https://github.com/opensourcewebsite-org/osw-devops.git:
- root: salt
pillarenv_from_saltenv: True
ext_pillar:
- git:
- https://github.com/opensourcewebsite-org/osw-devops.git:
- root: pillar
EOF
salt-pip install GitPython
systemctl restart salt-master
echo 'opensourcewebsite.org' > /etc/salt/minion_id
if ! grep -Fq 'master: 127.0.0.1' /etc/salt/minion; then
echo 'master: 127.0.0.1' >> /etc/salt/minion
fi
systemctl restart salt-minion
sleep 60
salt-key -ay opensourcewebsite.org
# Swap
if ! [[ -f /swapfile ]]; then
fallocate -l 4G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo '/swapfile none swap sw 0 0' >> /etc/fstab
echo 'vm.swappiness=0' > /etc/sysctl.d/10-swappiness.conf
sysctl --system
fi
# Certifications for nginx
mkdir -p /etc/letsencrypt/live/opensourcewebsite.org
mkdir /etc/nginx
openssl req -batch -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/letsencrypt/live/opensourcewebsite.org/privkey.pem -out /etc/letsencrypt/live/opensourcewebsite.org/fullchain.pem
openssl req -batch -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/nginx.pem -out /etc/nginx/nginx.pem
# Copy a file with user-passwords
wget https://raw.githubusercontent.com/opensourcewebsite-org/osw-devops/master/pillar/users/user-passwords.txt.dist -O /srv/user-passwords.txt
# Copy email test script
wget https://raw.githubusercontent.com/opensourcewebsite-org/osw-devops/master/mail-testert.sh