-
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathinstall-remote
executable file
·102 lines (84 loc) · 2.84 KB
/
install-remote
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#!/bin/sh
# Installation wrapper to create Weblate instance on Hetzner cloud
set -e
if [ ! -f .venv/bin/activate ] ; then
echo "Missing virtual environment!"
exit 2
fi
if [ -z "$1" ] || [ "$1" = "--help" ] ; then
echo "Usage: install-remote HOSTNAME [VERSION]"
exit 1
fi
SERVER_NAME="$1"
# Set path to include script directory
PATH="$(dirname "$(readlink -f "$0")"):$PATH"
export PATH
BOOTSTRAP=$(mktemp --tmpdir weblate-bootstrap.XXXXXXXXXX)
TMPFILE=$(mktemp --tmpdir weblate-log.XXXXXXXXXX)
# Gather basic configuration
bootstrap "$BOOTSTRAP" "$2"
cat >> "$BOOTSTRAP" <<EOT
WEBLATE_PASSWORD="$(apg -a 0 -M sncl -n 1 -x 10 -m 20)"
EOT
# shellcheck disable=SC1090
. "$BOOTSTRAP"
# shellcheck disable=SC1090,SC1091
. .venv/bin/activate
pip install -r requirements.txt
# Create server
# Type: cx22 / cax11 / cax21
# Location: nbg1 / fsn1 / hel1
# image is debian-12 for arm64
#
# debian-12 arm64: 114690389
# debian-12 amd64: 114690387
hcloud server create \
--image 114690387 \
--location fsn1 \
--name "$SERVER_NAME" \
--network 19990 \
--firewall 13110 \
--ssh-key 1056953 \
--ssh-key 1494306 \
--type cx22 | tee "$TMPFILE"
IPADDRESS=$(sed -n 's/IPv4: \(.*\)/\1/p' "$TMPFILE")
IP6ADDRESS=$(sed -n 's/IPv6: \(.*\)/\1/p' "$TMPFILE")
hcloud server set-rdns --ip "$IPADDRESS" --hostname "$WEBLATE_DOMAIN" "$SERVER_NAME"
hcloud server set-rdns --ip "$IP6ADDRESS" --hostname "$WEBLATE_DOMAIN" "$SERVER_NAME"
./dns-edit "$IPADDRESS" "$IP6ADDRESS" "$WEBLATE_CLOUD_DOMAIN"
ssh-keygen -f ~/.ssh/known_hosts -R "$IPADDRESS"
echo "Created server with address $IPADDRESS, please ensure $WEBLATE_DOMAIN points to that"
# shellcheck disable=SC2034
read -r dummy
s() {
# shellcheck disable=SC2029
ssh "root@$IPADDRESS" "$@"
}
# Configure mail sending
echo "$WEBLATE_DOMAIN:$(openssl passwd -6 -salt "$(openssl rand -hex 6)" "$EXIM_PASS"):666:0:99999:7::" | ssh root@mail tee --append /etc/exim4/passwd
ssh root@mail ln -sf /etc/exim4/virtual/weblate.cloud "/etc/exim4/virtual/$WEBLATE_DOMAIN"
# Install the system
scp "$BOOTSTRAP" "root@$IPADDRESS:/etc/weblate-bootstrap"
s apt update
s apt install -y git
s git clone https://github.com/WeblateOrg/scripts.git
s ./scripts/configure-system
s ./scripts/install-exim
s ./scripts/install-docker
s ./scripts/install-weblate-docker
#s ./scripts/install-posgtresql
#s ./scripts/install-weblate
s ./scripts/upgrade-nginx-ssl
s ./scripts/install-munin
s ./scripts/install-graylog
# Print list of things to do
echo "TODO:"
echo " * Store password: $WEBLATE_PASSWORD"
echo " * Add $IPADDRESS to SSH configuration"
# AMD uses ens10
echo " * Add host to munin: $(s ip -f inet address show enp7s0 | sed -En -e 's/.*inet ([0-9.]+).*/\1/p')"
echo " * Link with purchased service"
echo " * Activate and verify backups"
echo " * Verify SMTP is working"
echo " * Add service to monitoring"
rm -f "$BOOTSTRAP" "$TMPFILE"