2020-11-28 15:12:32 -05:00
|
|
|
#!/usr/bin/perl
|
|
|
|
|
|
|
|
use warnings;
|
|
|
|
use strict;
|
|
|
|
|
2020-11-28 15:50:18 -05:00
|
|
|
# provision.pl
|
|
|
|
# script to provision a tilde instance
|
|
|
|
#
|
2020-11-28 15:12:32 -05:00
|
|
|
# This script is intended to be run on a fresh
|
|
|
|
# OpenBSD install
|
2020-11-28 15:50:18 -05:00
|
|
|
#
|
|
|
|
# gashapwn
|
|
|
|
# Nov 2020
|
2020-11-28 15:12:32 -05:00
|
|
|
|
2020-11-28 16:51:19 -05:00
|
|
|
my $GIT_REPO = 'https://git.lain.church/gashapwn/lyadmin.git';
|
2020-11-28 17:06:51 -05:00
|
|
|
my ($REPO_DIR) = $GIT_REPO =~ /\/([^\/]*)\.git$/;
|
2020-11-29 22:07:54 -05:00
|
|
|
my $INST_DIR = "/tilde";
|
|
|
|
|
2020-11-29 22:34:21 -05:00
|
|
|
my $SVC_ACCT = "_lingyind";
|
2020-11-28 15:50:18 -05:00
|
|
|
|
|
|
|
my $pwuid;
|
2020-11-28 15:12:32 -05:00
|
|
|
|
2020-11-28 17:59:41 -05:00
|
|
|
my $admin_un;
|
2020-11-28 16:51:19 -05:00
|
|
|
my $admin_home_dir;
|
2020-11-28 15:50:18 -05:00
|
|
|
|
|
|
|
# Make sure we're running as root
|
|
|
|
$pwuid = getpwuid( $< );
|
|
|
|
|
|
|
|
if($pwuid ne "root"){
|
|
|
|
die "script must be run as root";
|
|
|
|
}
|
|
|
|
|
2020-11-28 15:12:32 -05:00
|
|
|
# Check /etc/passwd for the username created during
|
|
|
|
# installation
|
2020-11-28 15:55:28 -05:00
|
|
|
if( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){
|
2020-11-28 15:12:32 -05:00
|
|
|
printf("admin user will be set to %s\n", $admin_un);
|
|
|
|
}else{
|
|
|
|
die "create a non-root user & set user passsword before running this script."
|
|
|
|
}
|
|
|
|
|
2020-11-28 16:51:19 -05:00
|
|
|
$admin_home_dir = "/home/$admin_un";
|
|
|
|
|
2020-11-28 15:57:25 -05:00
|
|
|
# grant doas access to admin user
|
|
|
|
system("echo 'permit $admin_un' > /etc/doas.conf");
|
2020-11-28 16:51:19 -05:00
|
|
|
|
|
|
|
# install git
|
|
|
|
system("pkg_add git");
|
2020-11-29 22:07:54 -05:00
|
|
|
|
|
|
|
# Setup install dir
|
|
|
|
system("mkdir $INST_DIR");
|
2020-11-29 22:16:31 -05:00
|
|
|
system("useradd -d $INST_DIR -r 100..900 $SVC_ACCT");
|
|
|
|
system("chown $SVC_ACCT:$SVC_ACCT $INST_DIR");
|
2020-11-29 22:07:54 -05:00
|
|
|
chdir $INST_DIR;
|
|
|
|
|
2020-11-28 18:14:54 -05:00
|
|
|
# clone repo
|
2020-11-29 22:07:54 -05:00
|
|
|
system("su $SVC_ACCT -c 'git clone $GIT_REPO'");
|
2020-11-28 17:06:51 -05:00
|
|
|
chdir $REPO_DIR;
|
2020-11-28 17:59:41 -05:00
|
|
|
|
2020-11-29 02:44:02 -05:00
|
|
|
# Copy the skel directory
|
2020-11-29 02:45:42 -05:00
|
|
|
system("mkdir ./skel/public_html/cgi");
|
2020-11-29 02:44:02 -05:00
|
|
|
system("cp -r ./skel/* /etc/skel/");
|
|
|
|
|
2020-11-29 03:04:54 -05:00
|
|
|
# setup admin user
|
|
|
|
system("cp -r ./skel/* /home/$admin_un/");
|
|
|
|
system("chown -R $admin_un:$admin_un /home/$admin_un");
|
2020-11-29 18:43:46 -05:00
|
|
|
system("echo $admin_un >> ./user_list.txt");
|
2020-11-29 03:04:54 -05:00
|
|
|
|
2020-11-28 17:59:41 -05:00
|
|
|
# Setup the virtual environment
|
|
|
|
system("pkg_add python3");
|
2020-11-29 14:58:03 -05:00
|
|
|
printf("generating virtual enviornment...\n");
|
2020-11-29 22:07:54 -05:00
|
|
|
system("su $SVC_ACCT -c 'python3 -m venv venv'");
|
|
|
|
system("su $SVC_ACCT -c '. ./venv/bin/activate && pip3 install -r requirements.txt'");
|
2020-11-28 17:02:02 -05:00
|
|
|
|
2020-11-29 23:29:02 -05:00
|
|
|
system("cp ./perl-script/conf/lingyin.rc /etc/rc.d/lingyind");
|
|
|
|
system("chmod 755 /etc/rc.d/lingyind");
|
|
|
|
system("rcctl enable lingyind");
|
2020-11-30 01:00:58 -05:00
|
|
|
exec("rcctl start lingyind");
|
2020-11-29 23:29:02 -05:00
|
|
|
|
2020-11-28 17:59:41 -05:00
|
|
|
system("pkg_add p5-JSON");
|
2020-11-29 02:53:47 -05:00
|
|
|
|
|
|
|
# Install apache
|
|
|
|
system("pkg_add apache-httpd");
|
2020-11-29 14:35:08 -05:00
|
|
|
printf("configuring apache\n");
|
2020-11-29 02:53:47 -05:00
|
|
|
# enable the userdir module
|
2020-11-29 03:17:21 -05:00
|
|
|
system("sed -i -e 's/^\\(.\\)*#\\(LoadModule userdir_module\\)/\\1\\2/' /etc/apache2/httpd2.conf");
|
|
|
|
system("sed -i -e 's/^\\(.\\)*#\\(Include \\/etc\\/apache2\\/extra\\/httpd-userdir.conf\\)/\\1\\2/' /etc/apache2/httpd2.conf");
|
2020-11-29 02:53:47 -05:00
|
|
|
# Enable the CGI directory
|
|
|
|
system("echo '<Directory \"/home/*/public_html/cgi/\">
|
|
|
|
Require all granted
|
|
|
|
Options +ExecCGI
|
|
|
|
AddHandler cgi-script .cgi
|
|
|
|
</Directory>' >> /etc/apache2/extra/httpd-userdir.conf");
|
|
|
|
# Enable the CGI modules
|
2020-11-29 03:17:21 -05:00
|
|
|
system("sed -i -e 's/^\\(.\\)*#\\(LoadModule cgi_module\\)/\\1\\2/' /etc/apache2/httpd2.conf");
|
|
|
|
system("sed -i -e 's/^\\(.\\)*#\\(LoadModule cgid_module\\)/\\1\\2/' /etc/apache2/httpd2.conf");
|
2020-11-29 02:53:47 -05:00
|
|
|
# Disable directory listing
|
2020-11-29 03:17:21 -05:00
|
|
|
system("sed -i -e 's/\\(<\\/Directory>\\)/ Options -Indexes\\
|
|
|
|
\\1/g' /etc/apache2/extra/httpd-userdir.conf");
|
2020-11-29 02:53:47 -05:00
|
|
|
|
|
|
|
# Change the port to 5001
|
2020-11-29 03:17:21 -05:00
|
|
|
system("sed -i -e 's/^\\(.\\)*Listen *80/\\1Listen 5001/' /etc/apache2/httpd2.conf");
|
2020-11-29 14:35:08 -05:00
|
|
|
# rev up those apache processes!
|
2020-11-29 23:29:02 -05:00
|
|
|
system("rcctl enable apache2");
|
2020-11-29 14:35:08 -05:00
|
|
|
system("rcctl start apache2");
|
|
|
|
|
|
|
|
# Install and config haproxy
|
|
|
|
system("pkg_add haproxy");
|
|
|
|
|
|
|
|
printf("configuring haproxy\n");
|
2020-11-29 14:58:03 -05:00
|
|
|
system("cp ./perl-script/conf/haproxy.cfg /etc/haproxy/haproxy.cfg");
|
2020-11-29 23:29:02 -05:00
|
|
|
system("rcctl enable haproxy");
|
2020-11-29 14:35:08 -05:00
|
|
|
system("rcctl start haproxy");
|
2020-11-29 18:43:46 -05:00
|
|
|
|
2020-11-29 23:29:02 -05:00
|
|
|
|
2020-11-29 18:43:46 -05:00
|
|
|
printf("dont forget to setup your ssh pub key at /home/$admin_un/.ssh/authorized_keys\n");
|