From 775fd9a5c2133ac4f0a5c23673c6f19a13b94471 Mon Sep 17 00:00:00 2001 From: deadcxap <36386824+deadcxap@users.noreply.github.com> Date: Mon, 25 Aug 2025 01:27:12 +0300 Subject: [PATCH 1/2] fix: copy hidden role files --- setup.sh | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/setup.sh b/setup.sh index 06c5b5d..3fc1372 100644 --- a/setup.sh +++ b/setup.sh @@ -255,7 +255,7 @@ EOF" setup_role() { [[ -z "$ROLE" ]] && return - local TEMP_DIR ROLE_SRC ROLE_TARGET INIT_SCRIPT REPO_URL ROLE_URL + local TEMP_DIR ROLE_SRC REPO_URL ROLE_URL service_dir service_name target_dir init_script REPO_URL="https://github.com/deadcxap/init_scripts.git" ROLE_URL="https://api.github.com/repos/deadcxap/init_scripts/contents/$ROLE" log "Checking role $ROLE exists in repository" @@ -283,18 +283,22 @@ setup_role() { run "Cleaning up role repository" rm -rf "$TEMP_DIR" return fi - run "Copying role files" cp -r "$ROLE_SRC" /opt/ - ROLE_TARGET="/opt/$ROLE" - run "Setting ownership for $ROLE_TARGET" chown -R "$USERNAME:$USERNAME" "$ROLE_TARGET" - INIT_SCRIPT="$ROLE_TARGET/init.sh" - if [[ -f "$INIT_SCRIPT" ]]; then - run "Running init.sh for $ROLE" bash "$INIT_SCRIPT" - run "Checking $ROLE stack" bash -c "cd '$ROLE_TARGET' && docker compose ps | grep -q 'Up'" - run "Removing init.sh for $ROLE" rm -f "$INIT_SCRIPT" - else - log "WARN: init.sh not found in $ROLE_TARGET, skipping" - SUMMARY+=("init.sh for $ROLE: MISSING") - fi + run "Copying role files" cp -r "$ROLE_SRC"/. /opt/ + for service_dir in "$ROLE_SRC"/*; do + [ -d "$service_dir" ] || continue + service_name="$(basename "$service_dir")" + target_dir="/opt/$service_name" + run "Setting ownership for $target_dir" chown -R "$USERNAME:$USERNAME" "$target_dir" + init_script="$target_dir/init.sh" + if [[ -f "$init_script" ]]; then + run "Running init.sh for $service_name" bash "$init_script" + run "Checking $service_name stack" bash -c "cd \"$target_dir\" && docker compose ps | grep -q 'Up'" + run "Removing init.sh for $service_name" rm -f "$init_script" + else + log "WARN: init.sh not found in $target_dir, skipping" + SUMMARY+=("init.sh for $service_name: MISSING") + fi + done run "Cleaning up role repository" rm -rf "$TEMP_DIR" } From 29aa8f544fab246d3bd568202cf893f442d453fd Mon Sep 17 00:00:00 2001 From: deadcxap <36386824+deadcxap@users.noreply.github.com> Date: Mon, 25 Aug 2025 03:06:14 +0300 Subject: [PATCH 2/2] Update setup.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit причесали экранирование, доработали ожидание освобождения apt и добавили его ко всем установкам --- setup.sh | 70 ++++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 58 insertions(+), 12 deletions(-) diff --git a/setup.sh b/setup.sh index 3fc1372..ef3cd60 100644 --- a/setup.sh +++ b/setup.sh @@ -26,11 +26,39 @@ run() { } wait_for_apt() { - while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do + local lock_files=( + /var/lib/dpkg/lock-frontend + /var/lib/dpkg/lock + /var/lib/apt/lists/lock + /var/cache/apt/archives/lock + ) + local timeout=900 # максимум 15 минут ждать + local waited=0 + + while true; do + local locked=false + for f in "${lock_files[@]}"; do + if fuser "$f" >/dev/null 2>&1; then + locked=true + break + fi + done + + if ! $locked; then + return 0 + fi + + if (( waited >= timeout )); then + echo "Timeout waiting for apt/dpkg lock (maybe unattended-upgrades?)" >&2 + return 1 + fi + sleep 1 + ((waited++)) done } + print_summary() { echo "\n==== Итоговая сводка ====" for item in "${SUMMARY[@]}"; do @@ -103,8 +131,9 @@ if [[ $(id -u) -ne 0 ]]; then fi install_packages() { + run "Waiting for apt lock" wait_for_apt run "Updating package index" apt-get update -y - run "Installing base packages" apt-get install -y sudo curl wget git ufw logrotate unattended-upgrades ca-certificates gnupg lsb-release apt-transport-https + run "Installing base packages" apt-get install -y sudo curl wget git ufw logrotate unattended-upgrades ca-certificates gnupg lsb-release apt-transport-https jq } setup_timezone() { @@ -122,7 +151,7 @@ EOF" } create_user() { - run "Creating user $USERNAME" bash -c "id '$USERNAME' >/dev/null 2>&1 || adduser --disabled-password --gecos '' '$USERNAME'" + run "Creating user $" bash -c "id '$USERNAME' >/dev/null 2>&1 || adduser --disabled-password --gecos '' '$USERNAME'" run "Granting sudo privileges to $USERNAME" bash -c "usermod -aG sudo '$USERNAME' && printf '%s ALL=(ALL) NOPASSWD:ALL\\n' '$USERNAME' >/etc/sudoers.d/90-$USERNAME" } @@ -187,6 +216,7 @@ configure_ufw() { install_docker() { if ! command -v docker >/dev/null 2>&1; then + run "Waiting for apt lock" wait_for_apt run "Installing Docker" bash -c "install -m 0755 -d /etc/apt/keyrings && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && echo 'deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable' | tee /etc/apt/sources.list.d/docker.list >/dev/null && apt-get update -y && apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin" fi run "Adding $USERNAME to docker group" usermod -aG docker "$USERNAME" @@ -197,6 +227,7 @@ install_docker() { } configure_fail2ban() { + run "Waiting for apt lock" wait_for_apt run "Installing fail2ban" apt-get install -y fail2ban run "Configuring fail2ban" bash -c "cat >/etc/fail2ban/jail.local <<'EOF' [sshd] @@ -223,7 +254,7 @@ EOF" install_netbird() { [[ -z "$NETBIRD_KEY" ]] && return - wait_for_apt + run "Waiting for apt lock" wait_for_apt run "Installing Netbird" bash -c "curl -fsSL https://pkgs.netbird.io/install.sh | sh" run "Starting Netbird" netbird up --setup-key "$NETBIRD_KEY" run "Checking Netbird service" systemctl is-active --quiet netbird @@ -233,6 +264,7 @@ install_netbird() { setup_vector() { [[ -z "$VECTOR_ENDPOINT" ]] && return if ! command -v vector >/dev/null 2>&1; then + run "Waiting for apt lock" wait_for_apt run "Installing Vector" bash -c "curl -1sLf 'https://repositories.timber.io/public/vector/cfg/setup/bash.deb.sh' | bash && apt-get install -y vector" fi run "Configuring Vector" bash -c "cat >/etc/vector/vector.toml <<'EOF' @@ -261,20 +293,19 @@ setup_role() { log "Checking role $ROLE exists in repository" if curl -fsSL -o /dev/null "$ROLE_URL"; then log "OK: role $ROLE exists in repository" - SUMMARY+=("Role check: OK") + SUMMARY+=("Role exists check: OK") else log "WARN: role $ROLE not found in repository, skipping" SUMMARY+=("Role check: WARN") return fi TEMP_DIR=$(mktemp -d) - # run "Cloning role repository" git clone --depth=1 "$REPO_URL" "$TEMP_DIR" run "Cloning role repository (sparse)" bash -c " - git --config-env=http.https://github.com/.extraheader=GH_AUTH_HEADER \ - clone --depth=1 --filter=blob:none --sparse "$REPO_URL" "$TEMP_DIR" && - git --config-env=http.https://github.com/.extraheader=GH_AUTH_HEADER \ - -C "$TEMP_DIR" sparse-checkout set "$ROLE" -" + git --config-env=http.https://github.com/.extraheader=GH_AUTH_HEADER \ + clone --depth=1 --filter=blob:none --sparse \"$REPO_URL\" \"$TEMP_DIR\" + git --config-env=http.https://github.com/.extraheader=GH_AUTH_HEADER \ + -C \"$TEMP_DIR\" sparse-checkout set \"$ROLE\" + " ROLE_SRC="$TEMP_DIR/$ROLE" if [[ ! -d "$ROLE_SRC" ]]; then @@ -292,7 +323,22 @@ setup_role() { init_script="$target_dir/init.sh" if [[ -f "$init_script" ]]; then run "Running init.sh for $service_name" bash "$init_script" - run "Checking $service_name stack" bash -c "cd \"$target_dir\" && docker compose ps | grep -q 'Up'" + run "Waiting for $service_name stack to be Up" bash -c " + set -e + dir=\"$target_dir\" + timeout=\"${COMPOSE_WAIT_TIMEOUT:-180}\" + interval=\"${COMPOSE_WAIT_INTERVAL:-5}\" + end=\$((SECONDS + timeout)) + while (( SECONDS < end )); do + if cd \"\$dir\" && docker compose ps | grep -q 'Up'; then + exit 0 + fi + sleep \"\$interval\" + done + echo \"WARN: Timed out: containers not Up after \${timeout}s\" >&2 + exit 0 + " + # run "Checking $service_name stack" bash -c "cd \"$target_dir\" && docker compose ps | grep -q 'Up'" run "Removing init.sh for $service_name" rm -f "$init_script" else log "WARN: init.sh not found in $target_dir, skipping"