Oliver/cc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

working

Browse Source
This commit is contained in:
Oliver
2025-08-25 05:52:55 +02:00
parent 29a9892ca6
commit c373588b5b
9 changed files with 70 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
app/etc/traefik/certs/empty Normal file
View File

26
app/host_vars/create Executable file
View File

@@ -0,0 +1,26 @@
#!/bin/bash
# Check for argument
if [ "$#" -ne 1 ]; then
echo "Usage: $0 <key_name>"
exit 1
fi
key_name="$1"
target_dir="./$key_name"
# Create directory if it doesn't exist
mkdir -p "$target_dir"
# Full paths for private and public keys
private_key="$target_dir/$key_name"
public_key="$target_dir/$key_name.pub"
# Generate Ed25519 key without passphrase
ssh-keygen -t ed25519 -f "$private_key" -N "" -q
# Confirm creation
echo "SSH key pair created:"
echo "Private key: $private_key"
echo "Public key : $public_key"

7
app/host_vars/dev/dev
View File

@@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACBH5vr90RFgOJrP2Xjr5I5QBxlonCC7pce56JDJFboPXQAAAJh9gvJGfYLy
RgAAAAtzc2gtZWQyNTUxOQAAACBH5vr90RFgOJrP2Xjr5I5QBxlonCC7pce56JDJFboPXQ
AAAEBSerxP83/u4p/IobVSxko5ZXO+/PPczGW0kopTfLLAykfm+v3REWA4ms/ZeOvkjlAH
GWicILulx7nokMkVug9dAAAAEXJvb3RAMmNjNzhkYzBhZDIwAQIDBA==
-----END OPENSSH PRIVATE KEY-----

1
app/host_vars/dev/dev.pub
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEfm+v3REWA4ms/ZeOvkjlAHGWicILulx7nokMkVug9d root@2cc78dc0ad20

18
app/onboarding
View File

@@ -46,14 +46,20 @@ rex doas mkdir -p "$SSH_DIR"
rex doas chmod 700 "$SSH_DIR"
rex doas chown 4server:4server "$SSH_DIR"
template templates/ssh/id_ed25519 /home/4server/.ssh/id_ed25519
template templates/ssh/id_ed25519.pub /home/4server/.ssh/id_ed25519.pub
rex "doas bash -c 'chmod 700 /home/4server/.ssh/*'"
rex "doas bash -c 'chown -R 4server:4server /home/4server/.ssh/*'"
template templates/ssh/id_ed25519.pub /home/4server/.ssh/authorized_keys
rex doas chmod 755 /home/4server
rex doas chmod 700 /home/4server/.ssh
rex doas chmod 600 /home/4server/.ssh/authorized_keys
rex doas chown 4server:4server /home/4server/.ssh/authorized_keys
rex doas passwd -u 4server
template templates/.bashrc /home/4server/.bashrc
rex doas mkdir -p /etc/doas.d
rex "doas sh -c 'grep -q \"permit nopass 4server as root\" /etc/doas.d/4server.conf 2>/dev/null || echo \"permit nopass 4server as root\" | tee -a /etc/doas.d/4server.conf > /dev/null'"
rex doas rc-service sshd restart

2
app/templates/.bashrc → app/templates/.profile
View File

@@ -1,5 +1,5 @@
# ~/.bashrc
clear
echo "Server {{HOSTNAME}}"

10
app/templates/etc/fail2ban/jail.conf Normal file
View File

@@ -0,0 +1,10 @@
[DEFAULT]
bantime = 1h
findtime = 30m
maxretry = 1
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log

2
app/templates/ssh/id_ed25519.pub
View File

@@ -1 +1 @@
{{ssh_public}}
{{SSH_PUBLIC}}

19
app/update
View File

@@ -6,19 +6,23 @@ rex doas chmod 777 /4server
rex mkdir -p /4server/data/log
template templates/hosts /etc/hosts
template templates/.profile /home/4server/.profile
### PACKAGES
template templates/repositories /etc/apk/repositories
rex doas apk update && upgrade
rex doas apk add openssh ufw python3 build-base python3-dev linux-headers py3-pip gcc g++ musl-dev libffi-dev make jq rsync mc vim docker docker-compose htop linux-lts sqlite bash postgresql16-client
rex doas pip install --break-system-packages --no-cache-dir "uvicorn[standard]" fastapi pydantic psutil
rex "doas apk update && doas apk upgrade"
rex doas apk add fail2ban openssh ufw python3 build-base python3-dev linux-headers py3-pip gcc g++ musl-dev libffi-dev make jq rsync mc vim docker docker-compose htop linux-lts sqlite bash postgresql16-client
rex doas pip install --root-user-action ignore --break-system-packages --no-cache-dir "uvicorn[standard]" fastapi pydantic psutil
### own bins
echo "Running prsync ./sbin"
prsync -h "$hosts_file" -avz ./sbin/ /4server/sbin/
### Security
template templates/etc/fail2ban/jail.conf /etc/fail2ban/jail.conf
### API
@@ -44,7 +48,8 @@ rex mkdir -p /4server/data/traefik/etc
template templates/traefik.yaml /4server/data/traefik/etc/traefik.yaml
rex mkdir -p /4server/data/traefik/etc/certs
prsync -h "$hosts_file" -avz ./etc/certs/* /4server/data/traefik/etc/certs/
echo "prsync traefik certs"
prsync -h "$hosts_file" -avz ./etc/traefik/certs/* /4server/data/traefik/etc/certs/
template templates/docker-compose.yml /4server/docker-compose.yml
rex doas docker-compose -f /4server/docker-compose.yml up -d --force-recreate