From ccffaa7db9cc8ed7997768ddc4f800a8e3330960 Mon Sep 17 00:00:00 2001 From: Dym Sohin Date: Tue, 18 Jul 2023 16:20:48 +0200 Subject: [PATCH] init --- .zshrc | 34 ++++++++ _install.sh | 166 +++++++++++++++++++++++++++++++++++++++ _installs/apache.sh | 9 +++ _installs/certbot.sh | 47 +++++++++++ _installs/docker.sh | 86 ++++++++++++++++++++ _installs/fojego.sh | 51 ++++++++++++ _installs/gotosocial.sh | 30 +++++++ _installs/nextcloud.sh | 15 ++++ _installs/nodejs.sh | 43 ++++++++++ _installs/postgres.sh | 46 +++++++++++ _installs/rust.sh | 47 +++++++++++ _installs/sftp.sh | 22 ++++++ _installs/suitcrm.sh | 7 ++ mysql/_install.sh | 36 +++++++++ mysql/bak.sh | 2 + mysql/my.cnf | 25 ++++++ mysql/mysql-5.7.sh | 21 +++++ mysql/mysql_wordpress.sh | 16 ++++ nginx/_install.sh | 12 +++ nginx/dym.sh--gts.conf | 56 +++++++++++++ nginx/ipv6.sh | 11 +++ nginx/mailcow.conf | 43 ++++++++++ nginx/nginx.conf | 71 +++++++++++++++++ nginx/poste.conf | 19 +++++ nginx/source.garden.conf | 43 ++++++++++ poste-io/@reboot.sh | 30 +++++++ poste-io/_install.sh | 16 ++++ poste-io/docker.sh | 86 ++++++++++++++++++++ sendmail/@reboot.sh | 5 ++ sendmail/_install.sh | 22 ++++++ 30 files changed, 1117 insertions(+) create mode 100644 .zshrc create mode 100755 _install.sh create mode 100755 _installs/apache.sh create mode 100755 _installs/certbot.sh create mode 100755 _installs/docker.sh create mode 100755 _installs/fojego.sh create mode 100755 _installs/gotosocial.sh create mode 100755 _installs/nextcloud.sh create mode 100755 _installs/nodejs.sh create mode 100755 _installs/postgres.sh create mode 100755 _installs/rust.sh create mode 100755 _installs/sftp.sh create mode 100755 _installs/suitcrm.sh create mode 100755 mysql/_install.sh create mode 100755 mysql/bak.sh create mode 100644 mysql/my.cnf create mode 100755 mysql/mysql-5.7.sh create mode 100755 mysql/mysql_wordpress.sh create mode 100755 nginx/_install.sh create mode 100644 nginx/dym.sh--gts.conf create mode 100755 nginx/ipv6.sh create mode 100644 nginx/mailcow.conf create mode 100644 nginx/nginx.conf create mode 100644 nginx/poste.conf create mode 100644 nginx/source.garden.conf create mode 100755 poste-io/@reboot.sh create mode 100755 poste-io/_install.sh create mode 100755 poste-io/docker.sh create mode 100755 sendmail/@reboot.sh create mode 100755 sendmail/_install.sh diff --git a/.zshrc b/.zshrc new file mode 100644 index 0000000..d9898ed --- /dev/null +++ b/.zshrc @@ -0,0 +1,34 @@ +!/usr/bin/zsh + +source ~/.profile + +ZSH="$HOME/.oh-my-zsh" +ZSH_THEME='agnoster' +CASE_SENSITIVE='false' +DISABLE_LS_COLORS='true' +COMPLETION_WAITING_DOTS='true' +HIST_STAMPS='yyyy-mm-dd' + +plugins=( git ) +source "$ZSH/oh-my-zsh.sh" + + +alias bc='bc -l' +alias l='ls -alhg --group-directories-first' +alias ll='l -R' +alias ls='ls -AF --group-directories-first' +alias d='du -ch --max-depth=1' +alias md='mkdir' + +alias i='apt-get install -y' +alias un='apt-get remove -y' +alias x='chmod +x' + +alias upd=' +apt-get update -y; +apt-get upgrade -y; +apt-get autoremove -y; +apt-get autoclean -y; +' +alias i='apt-get install -y' +alias un='apt-get remove -y' diff --git a/_install.sh b/_install.sh new file mode 100755 index 0000000..eb9bb88 --- /dev/null +++ b/_install.sh @@ -0,0 +1,166 @@ +#!/bin/bash + + +# latest git +add-apt-repository -y \ + ppa:git-core/ppa +apt-get update -y +apt-get install -y \ + git + + +# upgrade +apt-get upgrade -y + + +# all the tools +apt-get install -y \ + build-essential \ + certbot \ + clang \ + curl \ + ffmpeg \ + g++ \ + ghostscript \ + graphicsmagick \ + imagemagick \ + jpegoptim \ + lynx \ + make \ + nginx \ + pkg-config \ + pngcrush \ + pngquant \ + postgresql \ + postgresql-contrib \ + rmlint \ + sshfs \ + ufw \ + wget \ + zsh + + +# oh-my-zsh +sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" + + +# python3 & co +apt-get install -y \ + python-is-python3 \ + python3 \ + python3-pip + +ln -s /usr/bin/pip3 \ + /usr/local/bin/pip + +pip install pipupgrade +pipupgrade -y --pip --ignore-error + + +# nodejs +rm -rf /usr/local/bin/npm /usr/local/share/man/man1/node* ~/.npm +rm -rf /usr/local/lib/node* +rm -rf /usr/local/bin/node* +rm -rf /usr/local/include/node* +apt-get purge nodejs npm +apt autoremove + +wget 'https://nodejs.org/dist/v16.15.0/node-v16.15.0-linux-x64.tar.xz' +tar -xf 'node-v16.15.0-linux-x64.tar.xz' +rm 'node-v16.15.0-linux-x64.tar.xz' +mv node-v16.15.0-linux-x64/bin/* /usr/local/bin/ +mv node-v16.15.0-linux-x64/lib/node_modules/ /usr/local/lib/ + +npm i -g n +n lts +npm i -g npm + +npm i -g svgo + + +# deno +curl -fsSL https://deno.land/install.sh \ + | sh + + +# rust +apt-get install -y \ + openssl libssl1.1 libssl-dev \ + libfreetype6-dev libfontconfig1-dev libxcb-xfixes0-dev + +curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh + +source $HOME/.cargo/env + +rustup toolchain install nightly \ + --allow-downgrade \ + --profile minimal \ + --component clippy + +rustup default nightly + +env LIBSSH2_SYS_USE_PKG_CONFIG='' \ + cargo install \ + cargo-update + +## cargo apps +cargo install \ + xh bat exa fd-find \ + broot jql sd \ + xargo + + + +# mail +apt-get install -y \ + apt-transport-https ca-certificates \ + gnupg-agent software-properties-common + +curl -fsSL https://download.docker.com/linux/ubuntu/gpg \ + | apt-key add - + +apt-key fingerprint 0EBFCD88 + +add-apt-repository \ + "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ + $(lsb_release -cs) \ + stable" + +apt-get update -y +apt-get install -y \ + docker-ce docker-ce-cli containerd.io + +docker pull analogic/poste.io +docker run \ + --detach \ + --restart always \ + --name 'mailserver' \ + --hostname 'mail.dym.sh' \ + --publish 25:25 \ + --publish 465:465 \ + --publish 587:587 \ + --publish 993:993 \ + --publish 4190:4190 \ + --publish 12080:80 \ + --publish 12443:443 \ + --volume /etc/localtime:/etc/localtime:ro \ + --volume /var/mail/data:/data \ + --tty analogic/poste.io + + +# # hypercore +# npm i -g @hyperspace/cli +# hyp daemon start +# echo "`crontab -l` +# @reboot /usr/local/bin/hyp daemon start +# " | crontab - + + +# assign hostname +hostname 'dym.sh' +echo 'dym.sh' > /etc/hostname + + +# no logs +systemctl stop rsyslog.service +systemctl disable rsyslog.service diff --git a/_installs/apache.sh b/_installs/apache.sh new file mode 100755 index 0000000..8cc8be1 --- /dev/null +++ b/_installs/apache.sh @@ -0,0 +1,9 @@ +#!/usr/bin/zsh + +sudo mv /etc/apache2/sites-available /etc/apache2/sites-available_bak +sudo mv /etc/apache2/sites-enabled /etc/apache2/sites-enabled_bak + +sudo ln -s /Cfg/apache/conf /etc/apache2/sites-available --force +sudo ln -s /Cfg/apache/conf /etc/apache2/sites-enabled --force + +sudo systemctl restart apache2.service diff --git a/_installs/certbot.sh b/_installs/certbot.sh new file mode 100755 index 0000000..2cad9df --- /dev/null +++ b/_installs/certbot.sh @@ -0,0 +1,47 @@ +#!/usr/bin/zsh + +sudo apt-get remove -y \ + python3-cryptography + +pip3 install \ + certbot \ + cryptography + + +certbot certonly \ + -d 'source.garden' \ + -d '*.source.garden' \ + --email 'certbot+source.garden@dym.sh' \ + --agree-tos \ + --manual-public-ip-logging-ok \ + --renew-by-default \ + --rsa-key-size 4096 \ + --no-bootstrap \ + --manual \ + --preferred-challenges dns-01 \ + --server https://acme-v02.api.letsencrypt.org/directory + + +certbot certonly \ + -d 'dym.sh' \ + -d '*.dym.sh' \ + --email 'certbot+dym.sh@dym.sh' \ + --agree-tos \ + --manual-public-ip-logging-ok \ + --renew-by-default \ + --rsa-key-size 4096 \ + --no-bootstrap \ + --manual \ + --preferred-challenges dns-01 \ + --server https://acme-v02.api.letsencrypt.org/directory + + +# check every month and on server-restart +echo ' +# letsencrypt renews +1 1 1 * * letsencrypt renew --nginx --quiet +@reboot letsencrypt renew --nginx --quiet +' >> /etc/crontab + +# +systemctl restart cron.service diff --git a/_installs/docker.sh b/_installs/docker.sh new file mode 100755 index 0000000..4028056 --- /dev/null +++ b/_installs/docker.sh @@ -0,0 +1,86 @@ +#!/usr/bin/zsh + +# remove old versions +sudo apt-get remove -y \ + docker docker-engine \ + docker.io containerd runc + + +# install surrounding necessities +sudo apt-get update -y + +sudo apt-get install -y \ + apt-transport-https \ + ca-certificates \ + curl \ + gnupg \ + lsb-release + + +# docker.com key file +curl -fsSL 'https://download.docker.com/linux/ubuntu/gpg' \ + | sudo gpg --dearmor -o \ + '/usr/share/keyrings/docker-archive-keyring.gpg' + + +# # the `lsb_release` prints linux-mint's codename +# # of which docker has no idea, so +U='UBUNTU_CODENAME=' +DISTRO=`cat '/etc/os-release' | grep "$U"` +if [ ! -z "$DISTRO" ]; then + DISTRO="${DISTRO/$U/}" +else + DISTRO=`lsb_release -cs` +fi +echo "DISTRO: '$DISTRO'" + +# add docker apt +echo " +deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \ +https://download.docker.com/linux/ubuntu \ +$DISTRO stable \ +" | sudo tee /etc/apt/sources.list.d/docker.list + + +# update sources +sudo apt update -y + +# check avaliable versions +apt-cache \ + madison docker-ce + +# install docker +sudo apt install -y \ + docker-ce docker-ce-cli containerd.io docker-compose + + +# manage rootless +sudo groupadd docker +sudo usermod -aG docker $USER +# logout from command line (open new terminal tab/window) +newgrp docker +docker run hello-world + +# ubuntu desktop +curl https://desktop-stage.docker.com/linux/main/amd64/77103/docker-desktop.deb --output docker-desktop.deb +sudo apt install ./docker-desktop.deb +systemctl --user start docker-desktop + + + + +# image of OSX +# 40GB disk space required: 20GB original image 20GB your container. +docker pull sickcodes/docker-osx:auto + +# boot directly into a real OS X shell with a visual display [NOT HEADLESS] +docker run -it \ + --device /dev/kvm \ + -p 50922:10022 \ + -v /tmp/.X11-unix:/tmp/.X11-unix \ + -e "DISPLAY=${DISPLAY:-:0.0}" \ + -e GENERATE_UNIQUE=true \ + sickcodes/docker-osx:auto + +# username is user +# passsword is alpine diff --git a/_installs/fojego.sh b/_installs/fojego.sh new file mode 100755 index 0000000..8cc7a1d --- /dev/null +++ b/_installs/fojego.sh @@ -0,0 +1,51 @@ +apt-get install -y \ + git git-lfs + +wget https://codeberg.org/forgejo/forgejo/releases/download/v1.19.3-0/forgejo-1.19.3-0-linux-amd64 +chmod +x forgejo-1.19.3-0-linux-amd64 + +gpg --keyserver keys.openpgp.org --recv EB114F5E6C0DC2BCDD183550A4B61A2DC5923710 +wget https://codeberg.org/forgejo/forgejo/releases/download/v1.19.3-0/forgejo-1.19.3-0-linux-amd64.asc +gpg --verify forgejo-1.19.3-0-linux-amd64.asc forgejo-1.19.3-0-linux-amd64 + +mv forgejo-1.19.3-0-linux-amd64 /usr/local/bin/forgejo +chmod 755 /usr/local/bin/forgejo + + +groupadd --system git + +adduser --system --shell /bin/bash --comment 'Git Version Control' \ + --gid git --home-dir /home/git --create-home git + +mkdir /var/lib/forgejo +chown git:git /var/lib/forgejo \ + && chmod 750 /var/lib/forgejo + +mkdir /usr/local/bin/data +chown root:git /usr/local/bin/data \ + && chmod 770 /usr/local/bin/data + +mkdir /usr/local/bin/log +chown root:git /usr/local/bin/log \ + && chmod 770 /usr/local/bin/log + +mkdir /usr/local/bin/custom +chown root:git /usr/local/bin/custom \ + && chmod 770 /usr/local/bin/custom + +mkdir /etc/forgejo +chown root:git /etc/forgejo \ + && chmod 770 /etc/forgejo + + +wget -O \ + /etc/systemd/system/forgejo.service \ + 'https://codeberg.org/forgejo/forgejo/raw/branch/forgejo/contrib/systemd/forgejo.service' + +# If you’re not using sqlite, but MySQL or MariaDB or PostgreSQL, you’ll have to edit that file (/etc/systemd/system/forgejo.service) and uncomment the corresponding Wants= and After= lines. Otherwise it should work as it is. + +systemctl enable forgejo.service +systemctl start forgejo.service + +# open http://source.garden:3000 + diff --git a/_installs/gotosocial.sh b/_installs/gotosocial.sh new file mode 100755 index 0000000..10ded51 --- /dev/null +++ b/_installs/gotosocial.sh @@ -0,0 +1,30 @@ + +mkdir -p /gotosocial/storage/certs +cd /gotosocial + +wget 'https://github.com/superseriousbusiness/gotosocial/releases/download/v0.10.0-rc3/gotosocial_0.10.0-rc3_linux_amd64.tar.gz' +tar -xf gotosocial_* + +cp ./example/config.yaml . +nano ./config.yaml + +./gotosocial --config-path ./config.yaml server start + +./gotosocial --config-path ./config.yaml admin account create --username dym --email dym@dym.sh --password '!TEST_123' + +./gotosocial --config-path ./config.yaml admin account promote --username dym + + +useradd -r gotosocial +groupadd gotosocial +usermod -a -G gotosocial gotosocial +chown -R gotosocial:gotosocial /gotosocial + +cp /gotosocial/example/gotosocial.service /etc/systemd/system/ +systemctl enable --now gotosocial.service +killall gotosocial +# nohup ./gotosocial --config-path ./config.yaml server start :8080' diff --git a/_installs/nodejs.sh b/_installs/nodejs.sh new file mode 100755 index 0000000..b7db036 --- /dev/null +++ b/_installs/nodejs.sh @@ -0,0 +1,43 @@ +#!/usr/bin/zsh + + +# optional: remove old installs +sudo apt purge -y \ + nodejs npm +sudo apt autoremove -y + +sudo rm /usr/bin/node +sudo rm /usr/bin/npm +sudo rm -rf /usr/share/npm +sudo rm -rf /usr/share/nodejs + + +# install node + npm +wget -O 'node.xz' \ + 'https://nodejs.org/dist/v18.16.0/node-v18.16.0-linux-x64.tar.xz' +tar -xf 'node.xz' +rm 'node.xz' +sudo mv node-v18.16.0-linux-x64/bin/* /usr/local/bin/ +sudo mv node-v18.16.0-linux-x64/lib/node_modules/ /usr/local/lib/ + +sudo mkdir -p \ + '/usr/lib/nodejs' \ + '/usr/lib/node_modules' + + +# fix permissions +sudo chown -R $USER:$USER \ + '/usr/local' \ + '/usr/share' \ + '/usr/lib/nodejs' \ + '/usr/lib/node_modules' + + +# install version manager +npm i -g n + +# bump node to latest LTS version +n lts + +# update npm +npm i -g npm diff --git a/_installs/postgres.sh b/_installs/postgres.sh new file mode 100755 index 0000000..cd8a184 --- /dev/null +++ b/_installs/postgres.sh @@ -0,0 +1,46 @@ +#!/usr/bin/zsh + +# Postgres + +# the `lsb_release` prints linux-mint's codename +# of which pg has no idea, so +U='UBUNTU_CODENAME=' +DISTRO=`cat '/etc/os-release' | grep "$U"` +if [ ! -z "$DISTRO" ]; then + DISTRO="${DISTRO/$U/}" +else + DISTRO=`lsb_release -cs` +fi +echo "DISTRO: '$DISTRO'" + + +SRC="deb http://apt.postgresql.org/pub/repos/apt $DISTRO-pgdg main" +sudo sh -c \ + "echo '$SRC' > /etc/apt/sources.list.d/pgdg.list" + +wget --quiet -O - 'https://www.postgresql.org/media/keys/ACCC4CF8.asc' \ + | sudo apt-key add - + +curl -sS 'https://www.postgresql.org/media/keys/ACCC4CF8.asc' \ + | gpg --dearmor \ + | sudo tee /etc/apt/trusted.gpg.d/postgresql.gpg + +sudo apt update -y +sudo apt install -y \ + postgresql-14 + +psql --version + +sudo systemctl start \ + postgresql-14 postgresql-client-14 + +sudo nano /etc/postgresql/14/main/pg_hba.conf +# `local all all trust` + +sudo systemctl restart postgresql.service + +psql -U postgres +``` +ALTER USER postgres WITH PASSWORD 'postgres'; +exit; +``` diff --git a/_installs/rust.sh b/_installs/rust.sh new file mode 100755 index 0000000..67ceebc --- /dev/null +++ b/_installs/rust.sh @@ -0,0 +1,47 @@ +#!/usr/bin/zsh + +# rust & co + +# install road-1 +sudo apt install -y \ + cmake pkg-config python3 \ + openssl libssl1.1 libssl-dev \ + libfreetype6-dev \ + libfontconfig1-dev \ + libxcb-xfixes0-dev \ + libdbus-1-dev + + # libgtk-3-dev \ + # libgtksourceview-4.0-dev \ + # webkit2gtk-4.0 \ + # libappindicator3-dev \ + # libwebkit2gtk-4.0-dev \ + # libudev-dev \ + # libevdev-dev \ + # libhidapi-dev \ + # liblua5.4-dev + + +# install road-2 +curl --proto '=https' --tlsv1.2 -sSf \ + https://sh.rustup.rs \ + | sh -s -- --default-toolchain none -y + +source $HOME/.cargo/env + +rustup toolchain install nightly \ + --allow-downgrade \ + --profile minimal \ + --component clippy + +rustup default nightly + +env LIBSSH2_SYS_USE_PKG_CONFIG='' \ + cargo install \ + cargo-update + +## cargo apps +cargo install \ + xh bat exa fd-find \ + broot jql sd \ + xargo diff --git a/_installs/sftp.sh b/_installs/sftp.sh new file mode 100755 index 0000000..b3a3e0b --- /dev/null +++ b/_installs/sftp.sh @@ -0,0 +1,22 @@ +#!/usr/bin/zsh + +apt install ssh + +nano /etc/ssh/sshd_config +```cfg +Match group sftp +ChrootDirectory /home +X11Forwarding no +AllowTcpForwarding no +ForceCommand internal-sftp +``` + +systemctl restart ssh +addgroup sftp +useradd -m sftpuser -g sftp +passwd sftpuser +chmod 700 /home/sftpuser/ + +sftp sftpuser@127.0.0.1 + +open sftp://127.0.0.1 \ No newline at end of file diff --git a/_installs/suitcrm.sh b/_installs/suitcrm.sh new file mode 100755 index 0000000..235f9dd --- /dev/null +++ b/_installs/suitcrm.sh @@ -0,0 +1,7 @@ + + +cd /var/www/crm +find . -type d -not -perm 2755 -exec chmod 2755 {} \; +find . -type f -not -perm 0644 -exec chmod 0644 {} \; +find . ! -user www-data -exec chown www-data:www-data {} \; +chmod +x bin/console diff --git a/mysql/_install.sh b/mysql/_install.sh new file mode 100755 index 0000000..ed175af --- /dev/null +++ b/mysql/_install.sh @@ -0,0 +1,36 @@ +#!/usr/bin/zsh + +sudo apt install -y \ + mysql-server + +sudo systemctl start mysql.service + +sudo mysql_secure_installation +sudo mysql + +systemctl status mysql.service + + +sudo ln -s \ + '/Cfg/mysql/my.cnf' \ + '/etc/mysql/my.cnf' --force + +sudo chown mysql:mysql /etc/mysql/my.cnf +sudo chmod 0640 /etc/mysql/my.cnf + +sudo killall -9 mysql_secure_installation +# sudo mysql +sudo mysql -u root --skip-password + +``` +ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'my very strong password !123'; +CREATE USER 'admin'@'localhost' IDENTIFIED BY 'my very strong password !123'; +GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost'; +FLUSH PRIVILEGES; +EXIT; +``` + + +sudo chown -R mysql /var/lib/mysql +sudo chgrp -R mysql /var/lib/mysql +sudo chmod 755 /var/lib/mysql diff --git a/mysql/bak.sh b/mysql/bak.sh new file mode 100755 index 0000000..99609cd --- /dev/null +++ b/mysql/bak.sh @@ -0,0 +1,2 @@ +mysqldump -u root --skip-password --all-databasaes \ + > db_local.sql \ No newline at end of file diff --git a/mysql/my.cnf b/mysql/my.cnf new file mode 100644 index 0000000..093cf56 --- /dev/null +++ b/mysql/my.cnf @@ -0,0 +1,25 @@ +# /etc/mysql/my.cnf +# +# The MySQL database server configuration file. +# +# You can copy this to one of: +# - "/etc/mysql/my.cnf" to set global options, +# - "~/.my.cnf" to set user-specific options. +# +# One can use all long options that the program supports. +# Run program with --help to get a list of available options and with +# --print-defaults to see which it would actually understand and use. +# +# For explanations see +# http://dev.mysql.com/doc/mysql/en/server-system-variables.html + +# +# * IMPORTANT: Additional settings that can override those from this file! +# The files must end with '.cnf', otherwise they'll be ignored. +# + +!includedir /etc/mysql/conf.d/ +!includedir /etc/mysql/mysql.conf.d/ + +[mysqld] +sql-mode="ALLOW_INVALID_DATES,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION" diff --git a/mysql/mysql-5.7.sh b/mysql/mysql-5.7.sh new file mode 100755 index 0000000..9af2334 --- /dev/null +++ b/mysql/mysql-5.7.sh @@ -0,0 +1,21 @@ +wget https://dev.mysql.com/get/mysql-apt-config_0.8.12-1_all.deb +sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 467B942D3A79BD29 +sudo dpkg -i mysql-apt-config_0.8.12-1_all.deb +sudo apt-get update -y +sudo apt-cache policy mysql-server +sudo apt-get install -y \ + -f 'mysql-client=5.7*' 'mysql-community-server=5.7*' 'mysql-server=5.7*' + +sudo chown -R mysql:mysql /var/lib/mysql/ +sudo chmod -R 755 /var/lib/mysql/ + +sudo systemctl restart mysql.service + +sudo chown -R www-data:www-data /var/www + + +dpkg -i ./mysql-common_5.7.42-1debian10_amd64.deb +dpkg -i ./mysql-community-client_5.7.42-1debian10_amd64.deb +dpkg -i ./mysql-client_5.7.42-1debian10_amd64.deb +dpkg -i ./mysql-community-server_5.7.42-1debian10_amd64.deb +dpkg -i ./mysql-community-server-dbgsym_5.7.42-1debian10_amd64.deb diff --git a/mysql/mysql_wordpress.sh b/mysql/mysql_wordpress.sh new file mode 100755 index 0000000..230ad9b --- /dev/null +++ b/mysql/mysql_wordpress.sh @@ -0,0 +1,16 @@ +# mysql +apt-get install -y \ + mysql-server + +systemctl start mysql.service +mysql_secure_installation +systemctl status mysql.service + +mysql -u root +```sql +CREATE DATABASE wp; +CREATE USER 'db_admin'@'localhost' IDENTIFIED BY 'BjMPUpXtlUBHSr=l-TWYKHwCI7DPjF1YJMo2qpjW8LQI3Rk=EVKevexq6r3b+c6Ggf-cpk65nB-m8w=2'; +GRANT ALL PRIVILEGES ON wp.* TO 'db_admin'@'localhost'; +FLUSH PRIVILEGES; +EXIT; +``` diff --git a/nginx/_install.sh b/nginx/_install.sh new file mode 100755 index 0000000..93fb4e5 --- /dev/null +++ b/nginx/_install.sh @@ -0,0 +1,12 @@ +#!/usr/bin/zsh + +sudo apt install -y \ + nginx \ + nginx-extras + +mkdir -p /etc/nginx/ssl/ +openssl req -x509 -nodes -days 365 -newkey rsa:4096 \ + -keyout /etc/nginx/ssl/nginx.key \ + -out /etc/nginx/ssl/nginx.crt + +openssl dhparam -out /etc/nginx/dhparam.pem 4096 diff --git a/nginx/dym.sh--gts.conf b/nginx/dym.sh--gts.conf new file mode 100644 index 0000000..4e11c7f --- /dev/null +++ b/nginx/dym.sh--gts.conf @@ -0,0 +1,56 @@ +server { + server_name dym.sh; + listen 80; + listen [::]:80; + + location ~ /\.well-known/acme-challenge { + root /var/lib/letsencrypt/; + } + location / { + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always; + return 301 https://$server_name$request_uri; + } +} + +server { + server_name dym.sh; + listen 443 ssl http2; + listen [::]:443 ssl http2; + + ssl_trusted_certificate /etc/letsencrypt/live/dym.sh/chain.pem; + ssl_certificate /etc/letsencrypt/live/dym.sh/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dym.sh/privkey.pem; + + + location ~* ^\/(rss\/|feed\.xml|feed\.rss)$ { + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always; + return 301 https://$server_name/rss; + } + + location ~* \/\.?rss$ { + types { } default_type "application/rss+xml; charset=utf-8"; + root /var/www/dym.sh/; + } + + location / { + root /var/www/dym.sh/; + try_files + $uri + $uri/ + @gts; + } + + client_max_body_size 2000M; + proxy_pass_request_headers on; + + location @gts { + # set to 127.0.0.1 instead of localhost to work around https://stackoverflow.com/a/52550758 + proxy_pass http://127.0.0.1:10099; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } + +} diff --git a/nginx/ipv6.sh b/nginx/ipv6.sh new file mode 100755 index 0000000..1ee2f11 --- /dev/null +++ b/nginx/ipv6.sh @@ -0,0 +1,11 @@ +#!/usr/bin/zsh + +# enable_ipv6 + +ip addr add 2a02:c206:3009:9964::1/112 dev eth0 +ip -6 addr show + +ip route add default via fe80::1 dev eth0 +ip -6 route show + +ping -6 2a02:c206:3009:9964::1 diff --git a/nginx/mailcow.conf b/nginx/mailcow.conf new file mode 100644 index 0000000..3492200 --- /dev/null +++ b/nginx/mailcow.conf @@ -0,0 +1,43 @@ +server { + listen 80 default_server; + listen [::]:80; + server_name mail.*; + + # For SSL domain validation + root /var/www/html; + location /.well-known/acme-challenge/ { allow all; } + location /.well-known/pki-validation/ { allow all; } + location / { return 301 https://$server_name$request_uri; } +} + +server { + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2; + server_name mail.*; + + ssl_certificate /opt/mailcow-dockerized/data/assets/ssl/cert.pem; + ssl_certificate_key /opt/mailcow-dockerized/data/assets/ssl/key.pem; + ssl_dhparam /etc/nginx/ssl/dhparam.pem; + ssl_ecdh_curve secp384r1; + + ssl_session_timeout 7d; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!DH:!ADH:!EDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!AES256-GCM-SHA384'; + + # Change to your upload limit + client_max_body_size 500m; + + location / { + proxy_pass http://127.0.0.1:10080; + proxy_buffer_size 128k; + proxy_buffers 64 512k; + proxy_busy_buffers_size 512k; + proxy_set_header X-Forwarded-Proto $scheme; + client_max_body_size 0; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_redirect off; + } +} diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 0000000..bad362f --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,71 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + error_log /var/log/nginx/error.log; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + server_names_hash_bucket_size 128; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + client_max_body_size 1024m; + + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; + ssl_session_tickets off; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + ssl_prefer_server_ciphers off; + ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1; + ssl_stapling on; + ssl_stapling_verify on; + + gzip on; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + + gzip_types application/activity+json + application/atom+xml + application/javascript + application/json + application/manifest+json + application/rss+xml + application/xml + text/cache-manifest + text/calendar + text/css + text/javascript + text/markdown + text/plain + text/vcard + text/vnd.wap.wml + text/vtt + text/x-component + text/xml + ; + + index index.html; + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} diff --git a/nginx/poste.conf b/nginx/poste.conf new file mode 100644 index 0000000..e5bc925 --- /dev/null +++ b/nginx/poste.conf @@ -0,0 +1,19 @@ +server { + server_name mx.dym.sh; + listen 80; + listen [::]:80; + + location ~ /\.well-known/acme-challenge { + root /var/lib/letsencrypt/; + } +} + +server { + server_name mx.dym.sh; + listen 443 ssl http2; + listen [::]:443 ssl http2; + + ssl_trusted_certificate /etc/letsencrypt/live/dym.sh/chain.pem; + ssl_certificate /etc/letsencrypt/live/dym.sh/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dym.sh/privkey.pem; +} diff --git a/nginx/source.garden.conf b/nginx/source.garden.conf new file mode 100644 index 0000000..c6cde5f --- /dev/null +++ b/nginx/source.garden.conf @@ -0,0 +1,43 @@ +server { + server_name source.garden; + listen 80; + listen [::]:80; + + location ~ /\.well-known/acme-challenge { + root /var/lib/letsencrypt/; + } + location / { + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always; + return 301 https://$server_name$request_uri; + } +} + +server { + server_name source.garden; + listen 443 ssl http2; + listen [::]:443 ssl http2; + + ssl_trusted_certificate /etc/letsencrypt/live/source.garden-0002/chain.pem; + ssl_certificate /etc/letsencrypt/live/source.garden-0002/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/source.garden-0002/privkey.pem; + + location / { + root /var/www/source.garden/; + try_files + $uri + $uri/ + @forgejo; + } + + location @forgejo { + # set to 127.0.0.1 instead of localhost to work around https://stackoverflow.com/a/52550758 + proxy_pass http://127.0.0.1:3000; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } + + client_max_body_size 2000M; +} diff --git a/poste-io/@reboot.sh b/poste-io/@reboot.sh new file mode 100755 index 0000000..5a0ebfb --- /dev/null +++ b/poste-io/@reboot.sh @@ -0,0 +1,30 @@ +#!/usr/bin/zsh + +# clear port 25 for landing +# lsof -i :25 +pkill sendmail + +# stop and remove old container +docker stop mailserver +docker rm `docker ps -a -q` +docker container rm -f `docker ps -a -q` +docker container prune +# update container +docker pull analogic/poste.io + +# start +docker run \ + --detach \ + --restart always \ + --name 'mailserver' \ + --hostname 'mx.dym.sh' \ + --publish 25:25 \ + --publish 143:143 \ + --publish 587:587 \ + --publish 993:993 \ + --publish 4190:4190 \ + --publish 12080:80 \ + --publish 12443:443 \ + --volume /etc/localtime:/etc/localtime:ro \ + --volume /var/mail/data:/data \ + --tty analogic/poste.io diff --git a/poste-io/_install.sh b/poste-io/_install.sh new file mode 100755 index 0000000..a44dceb --- /dev/null +++ b/poste-io/_install.sh @@ -0,0 +1,16 @@ +#!/usr/bin/zsh + +# start poste-io now to configure and such +`pwd`/@reboot.sh + +# admin settings +firefox https://mail..:12443/admin/install/server + + +# start poste-io on reboot +mkdir -p '/home/scripts/' +cp `pwd`/@reboot.sh '/home/scripts/mailserver.sh' + +echo "`crontab -l` +@reboot /home/scripts/mailserver.sh" \ + | crontab - diff --git a/poste-io/docker.sh b/poste-io/docker.sh new file mode 100755 index 0000000..5fea192 --- /dev/null +++ b/poste-io/docker.sh @@ -0,0 +1,86 @@ +#!/usr/bin/zsh + +# remove old versions +sudo apt-get remove -y \ + docker docker-engine \ + docker.io containerd runc + + +# install surrounding necessities +sudo apt-get update -y + +sudo apt-get install -y \ + apt-transport-https \ + ca-certificates \ + curl \ + gnupg \ + lsb-release + + +# docker.com key file +curl -fsSL 'https://download.docker.com/linux/ubuntu/gpg' \ + | sudo gpg --dearmor -o \ + '/usr/share/keyrings/docker-archive-keyring.gpg' + + +# # the `lsb_release` prints linux-mint's codename +# # of which docker has no idea, so +U='UBUNTU_CODENAME=' +DISTRO=`cat '/etc/os-release' | grep "$U"` +if [ ! -z "$DISTRO" ]; then + DISTRO="${DISTRO/$U/}" +else + DISTRO=`lsb_release -cs` +fi +echo "DISTRO: '$DISTRO'" + +# add docker apt +echo " +deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \ +https://download.docker.com/linux/ubuntu \ +$DISTRO stable \ +" | sudo tee /etc/apt/sources.list.d/docker.list + + +# update sources +sudo apt-get update -y + +# check avaliable versions +apt-cache \ + madison docker-ce + +# install docker +sudo apt-get install -y \ + docker-ce docker-ce-cli containerd.io docker-compose + + +# manage rootless +sudo groupadd docker +sudo usermod -aG docker $USER +# logout from command line (open new terminal tab/window) +newgrp docker +docker run hello-world + +# ubuntu desktop +curl https://desktop-stage.docker.com/linux/main/amd64/77103/docker-desktop.deb --output docker-desktop.deb +sudo apt-get install ./docker-desktop.deb +systemctl --user start docker-desktop + + + + +# image of OSX +# 40GB disk space required: 20GB original image 20GB your container. +docker pull sickcodes/docker-osx:auto + +# boot directly into a real OS X shell with a visual display [NOT HEADLESS] +docker run -it \ + --device /dev/kvm \ + -p 50922:10022 \ + -v /tmp/.X11-unix:/tmp/.X11-unix \ + -e "DISPLAY=${DISPLAY:-:0.0}" \ + -e GENERATE_UNIQUE=true \ + sickcodes/docker-osx:auto + +# username is user +# passsword is alpine diff --git a/sendmail/@reboot.sh b/sendmail/@reboot.sh new file mode 100755 index 0000000..de865be --- /dev/null +++ b/sendmail/@reboot.sh @@ -0,0 +1,5 @@ +#!/usr/bin/zsh + +sudo mkdir -p /var/run/sendmail/ +sudo chown -R root:smmsp /var/run/sendmail/ +sudo chmod -R 755 /var/run/sendmail/ diff --git a/sendmail/_install.sh b/sendmail/_install.sh new file mode 100755 index 0000000..af53a16 --- /dev/null +++ b/sendmail/_install.sh @@ -0,0 +1,22 @@ +#!/usr/bin/zsh + + +# congig +mkdir -p '/home/scripts/' +cp `pwd`/@reboot.sh '/home/scripts/sendmail.sh' + +# on reboot +echo "`crontab -l` +@reboot /home/scripts/sendmail.sh" \ + | crontab - + + +# make sure it can create temporarary lock files +sudo chmod -R a-x /var/spool/ +sudo mkdir /tmp +sudo chmod 0777 /tmp +sudo chmod +t /tmp + + +# test now +/home/scripts/sendmail.sh