mirror of
https://github.com/deadcxap/init_scripts.git
synced 2026-07-02 05:43:40 +03:00
Merge pull request #10 from deadcxap/codex/update-setup.sh-to-modify-role-folder-structure
feat: install role services directly
This commit is contained in:
@@ -26,11 +26,39 @@ run() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
wait_for_apt() {
|
wait_for_apt() {
|
||||||
while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do
|
local lock_files=(
|
||||||
|
/var/lib/dpkg/lock-frontend
|
||||||
|
/var/lib/dpkg/lock
|
||||||
|
/var/lib/apt/lists/lock
|
||||||
|
/var/cache/apt/archives/lock
|
||||||
|
)
|
||||||
|
local timeout=900 # максимум 15 минут ждать
|
||||||
|
local waited=0
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
local locked=false
|
||||||
|
for f in "${lock_files[@]}"; do
|
||||||
|
if fuser "$f" >/dev/null 2>&1; then
|
||||||
|
locked=true
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if ! $locked; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if (( waited >= timeout )); then
|
||||||
|
echo "Timeout waiting for apt/dpkg lock (maybe unattended-upgrades?)" >&2
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
sleep 1
|
sleep 1
|
||||||
|
((waited++))
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
print_summary() {
|
print_summary() {
|
||||||
echo "\n==== Итоговая сводка ===="
|
echo "\n==== Итоговая сводка ===="
|
||||||
for item in "${SUMMARY[@]}"; do
|
for item in "${SUMMARY[@]}"; do
|
||||||
@@ -103,8 +131,9 @@ if [[ $(id -u) -ne 0 ]]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
install_packages() {
|
install_packages() {
|
||||||
|
run "Waiting for apt lock" wait_for_apt
|
||||||
run "Updating package index" apt-get update -y
|
run "Updating package index" apt-get update -y
|
||||||
run "Installing base packages" apt-get install -y sudo curl wget git ufw logrotate unattended-upgrades ca-certificates gnupg lsb-release apt-transport-https
|
run "Installing base packages" apt-get install -y sudo curl wget git ufw logrotate unattended-upgrades ca-certificates gnupg lsb-release apt-transport-https jq
|
||||||
}
|
}
|
||||||
|
|
||||||
setup_timezone() {
|
setup_timezone() {
|
||||||
@@ -122,7 +151,7 @@ EOF"
|
|||||||
}
|
}
|
||||||
|
|
||||||
create_user() {
|
create_user() {
|
||||||
run "Creating user $USERNAME" bash -c "id '$USERNAME' >/dev/null 2>&1 || adduser --disabled-password --gecos '' '$USERNAME'"
|
run "Creating user $" bash -c "id '$USERNAME' >/dev/null 2>&1 || adduser --disabled-password --gecos '' '$USERNAME'"
|
||||||
run "Granting sudo privileges to $USERNAME" bash -c "usermod -aG sudo '$USERNAME' && printf '%s ALL=(ALL) NOPASSWD:ALL\\n' '$USERNAME' >/etc/sudoers.d/90-$USERNAME"
|
run "Granting sudo privileges to $USERNAME" bash -c "usermod -aG sudo '$USERNAME' && printf '%s ALL=(ALL) NOPASSWD:ALL\\n' '$USERNAME' >/etc/sudoers.d/90-$USERNAME"
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -187,6 +216,7 @@ configure_ufw() {
|
|||||||
|
|
||||||
install_docker() {
|
install_docker() {
|
||||||
if ! command -v docker >/dev/null 2>&1; then
|
if ! command -v docker >/dev/null 2>&1; then
|
||||||
|
run "Waiting for apt lock" wait_for_apt
|
||||||
run "Installing Docker" bash -c "install -m 0755 -d /etc/apt/keyrings && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && echo 'deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable' | tee /etc/apt/sources.list.d/docker.list >/dev/null && apt-get update -y && apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin"
|
run "Installing Docker" bash -c "install -m 0755 -d /etc/apt/keyrings && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && echo 'deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable' | tee /etc/apt/sources.list.d/docker.list >/dev/null && apt-get update -y && apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin"
|
||||||
fi
|
fi
|
||||||
run "Adding $USERNAME to docker group" usermod -aG docker "$USERNAME"
|
run "Adding $USERNAME to docker group" usermod -aG docker "$USERNAME"
|
||||||
@@ -197,6 +227,7 @@ install_docker() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
configure_fail2ban() {
|
configure_fail2ban() {
|
||||||
|
run "Waiting for apt lock" wait_for_apt
|
||||||
run "Installing fail2ban" apt-get install -y fail2ban
|
run "Installing fail2ban" apt-get install -y fail2ban
|
||||||
run "Configuring fail2ban" bash -c "cat >/etc/fail2ban/jail.local <<'EOF'
|
run "Configuring fail2ban" bash -c "cat >/etc/fail2ban/jail.local <<'EOF'
|
||||||
[sshd]
|
[sshd]
|
||||||
@@ -223,7 +254,7 @@ EOF"
|
|||||||
|
|
||||||
install_netbird() {
|
install_netbird() {
|
||||||
[[ -z "$NETBIRD_KEY" ]] && return
|
[[ -z "$NETBIRD_KEY" ]] && return
|
||||||
wait_for_apt
|
run "Waiting for apt lock" wait_for_apt
|
||||||
run "Installing Netbird" bash -c "curl -fsSL https://pkgs.netbird.io/install.sh | sh"
|
run "Installing Netbird" bash -c "curl -fsSL https://pkgs.netbird.io/install.sh | sh"
|
||||||
run "Starting Netbird" netbird up --setup-key "$NETBIRD_KEY"
|
run "Starting Netbird" netbird up --setup-key "$NETBIRD_KEY"
|
||||||
run "Checking Netbird service" systemctl is-active --quiet netbird
|
run "Checking Netbird service" systemctl is-active --quiet netbird
|
||||||
@@ -233,6 +264,7 @@ install_netbird() {
|
|||||||
setup_vector() {
|
setup_vector() {
|
||||||
[[ -z "$VECTOR_ENDPOINT" ]] && return
|
[[ -z "$VECTOR_ENDPOINT" ]] && return
|
||||||
if ! command -v vector >/dev/null 2>&1; then
|
if ! command -v vector >/dev/null 2>&1; then
|
||||||
|
run "Waiting for apt lock" wait_for_apt
|
||||||
run "Installing Vector" bash -c "curl -1sLf 'https://repositories.timber.io/public/vector/cfg/setup/bash.deb.sh' | bash && apt-get install -y vector"
|
run "Installing Vector" bash -c "curl -1sLf 'https://repositories.timber.io/public/vector/cfg/setup/bash.deb.sh' | bash && apt-get install -y vector"
|
||||||
fi
|
fi
|
||||||
run "Configuring Vector" bash -c "cat >/etc/vector/vector.toml <<'EOF'
|
run "Configuring Vector" bash -c "cat >/etc/vector/vector.toml <<'EOF'
|
||||||
@@ -255,26 +287,25 @@ EOF"
|
|||||||
|
|
||||||
setup_role() {
|
setup_role() {
|
||||||
[[ -z "$ROLE" ]] && return
|
[[ -z "$ROLE" ]] && return
|
||||||
local TEMP_DIR ROLE_SRC ROLE_TARGET INIT_SCRIPT REPO_URL ROLE_URL
|
local TEMP_DIR ROLE_SRC REPO_URL ROLE_URL service_dir service_name target_dir init_script
|
||||||
REPO_URL="https://github.com/deadcxap/init_scripts.git"
|
REPO_URL="https://github.com/deadcxap/init_scripts.git"
|
||||||
ROLE_URL="https://api.github.com/repos/deadcxap/init_scripts/contents/$ROLE"
|
ROLE_URL="https://api.github.com/repos/deadcxap/init_scripts/contents/$ROLE"
|
||||||
log "Checking role $ROLE exists in repository"
|
log "Checking role $ROLE exists in repository"
|
||||||
if curl -fsSL -o /dev/null "$ROLE_URL"; then
|
if curl -fsSL -o /dev/null "$ROLE_URL"; then
|
||||||
log "OK: role $ROLE exists in repository"
|
log "OK: role $ROLE exists in repository"
|
||||||
SUMMARY+=("Role check: OK")
|
SUMMARY+=("Role exists check: OK")
|
||||||
else
|
else
|
||||||
log "WARN: role $ROLE not found in repository, skipping"
|
log "WARN: role $ROLE not found in repository, skipping"
|
||||||
SUMMARY+=("Role check: WARN")
|
SUMMARY+=("Role check: WARN")
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
TEMP_DIR=$(mktemp -d)
|
TEMP_DIR=$(mktemp -d)
|
||||||
# run "Cloning role repository" git clone --depth=1 "$REPO_URL" "$TEMP_DIR"
|
|
||||||
run "Cloning role repository (sparse)" bash -c "
|
run "Cloning role repository (sparse)" bash -c "
|
||||||
git --config-env=http.https://github.com/.extraheader=GH_AUTH_HEADER \
|
git --config-env=http.https://github.com/.extraheader=GH_AUTH_HEADER \
|
||||||
clone --depth=1 --filter=blob:none --sparse "$REPO_URL" "$TEMP_DIR" &&
|
clone --depth=1 --filter=blob:none --sparse \"$REPO_URL\" \"$TEMP_DIR\"
|
||||||
git --config-env=http.https://github.com/.extraheader=GH_AUTH_HEADER \
|
git --config-env=http.https://github.com/.extraheader=GH_AUTH_HEADER \
|
||||||
-C "$TEMP_DIR" sparse-checkout set "$ROLE"
|
-C \"$TEMP_DIR\" sparse-checkout set \"$ROLE\"
|
||||||
"
|
"
|
||||||
|
|
||||||
ROLE_SRC="$TEMP_DIR/$ROLE"
|
ROLE_SRC="$TEMP_DIR/$ROLE"
|
||||||
if [[ ! -d "$ROLE_SRC" ]]; then
|
if [[ ! -d "$ROLE_SRC" ]]; then
|
||||||
@@ -283,18 +314,37 @@ setup_role() {
|
|||||||
run "Cleaning up role repository" rm -rf "$TEMP_DIR"
|
run "Cleaning up role repository" rm -rf "$TEMP_DIR"
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
run "Copying role files" cp -r "$ROLE_SRC" /opt/
|
run "Copying role files" cp -r "$ROLE_SRC"/. /opt/
|
||||||
ROLE_TARGET="/opt/$ROLE"
|
for service_dir in "$ROLE_SRC"/*; do
|
||||||
run "Setting ownership for $ROLE_TARGET" chown -R "$USERNAME:$USERNAME" "$ROLE_TARGET"
|
[ -d "$service_dir" ] || continue
|
||||||
INIT_SCRIPT="$ROLE_TARGET/init.sh"
|
service_name="$(basename "$service_dir")"
|
||||||
if [[ -f "$INIT_SCRIPT" ]]; then
|
target_dir="/opt/$service_name"
|
||||||
run "Running init.sh for $ROLE" bash "$INIT_SCRIPT"
|
run "Setting ownership for $target_dir" chown -R "$USERNAME:$USERNAME" "$target_dir"
|
||||||
run "Checking $ROLE stack" bash -c "cd '$ROLE_TARGET' && docker compose ps | grep -q 'Up'"
|
init_script="$target_dir/init.sh"
|
||||||
run "Removing init.sh for $ROLE" rm -f "$INIT_SCRIPT"
|
if [[ -f "$init_script" ]]; then
|
||||||
else
|
run "Running init.sh for $service_name" bash "$init_script"
|
||||||
log "WARN: init.sh not found in $ROLE_TARGET, skipping"
|
run "Waiting for $service_name stack to be Up" bash -c "
|
||||||
SUMMARY+=("init.sh for $ROLE: MISSING")
|
set -e
|
||||||
|
dir=\"$target_dir\"
|
||||||
|
timeout=\"${COMPOSE_WAIT_TIMEOUT:-180}\"
|
||||||
|
interval=\"${COMPOSE_WAIT_INTERVAL:-5}\"
|
||||||
|
end=\$((SECONDS + timeout))
|
||||||
|
while (( SECONDS < end )); do
|
||||||
|
if cd \"\$dir\" && docker compose ps | grep -q 'Up'; then
|
||||||
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
sleep \"\$interval\"
|
||||||
|
done
|
||||||
|
echo \"WARN: Timed out: containers not Up after \${timeout}s\" >&2
|
||||||
|
exit 0
|
||||||
|
"
|
||||||
|
# run "Checking $service_name stack" bash -c "cd \"$target_dir\" && docker compose ps | grep -q 'Up'"
|
||||||
|
run "Removing init.sh for $service_name" rm -f "$init_script"
|
||||||
|
else
|
||||||
|
log "WARN: init.sh not found in $target_dir, skipping"
|
||||||
|
SUMMARY+=("init.sh for $service_name: MISSING")
|
||||||
|
fi
|
||||||
|
done
|
||||||
run "Cleaning up role repository" rm -rf "$TEMP_DIR"
|
run "Cleaning up role repository" rm -rf "$TEMP_DIR"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user