mawillcockson/install.sh

## install.sh
#!/bin/sh
set -eu
HOME=/home/ubuntu
MYSQL_ROOT_USERNAME="${MYSQL_ROOT_USERNAME:-"root"}"
MYSQL_ROOT_PASSWORD="${MYSQL_ROOT_PASSWORD:-"root_password"}"
WORDPRESS_DATABASE_NAME="${WORDPRESS_DATABASE_NAME:-"wordpress"}"
WORDPRESS_DB_USERNAME="${WORDPRESS_DB_USERNAME:-"wordpress_user"}"
WORDPRESS_DB_PASSWORD="${WORDPRESS_DB_PASSWORD:-"wordpress_password"}"

log() {
    printf '%sLOG-- %s\n' "--" "$@"
}
error() {
    printf '%sERROR-- %s\n' "--" "$@"
    exit 1
}
leave() {
    trap - EXIT
    return 0
}

trap leave EXIT

cd "${HOME}"

log "waiting for network to be happy, so mysql_install_db doesn't return an error"
while ! host -W 1 elementor; do
    sleep 1
done

install_system_packages() {
    sudo apt install --no-install-recommends --assume-yes \
        curl \
        expect \
        mariadb-client \
        mariadb-server \
        php \
        php-fpm \
        php-mysql \
        nginx
}

# if ! install_system_packages ; then
#     sudo apt update
#     sudo apt upgrade --assume-yes
#     install_system_packages
#     sudo apt autoremove --assume-yes
#     sudo apt clean
# fi

# log "checking for wordpress database"
# if ! sudo mysql \
#     --user="${MYSQL_ROOT_USERNAME}" \
#     --password="${MYSQL_ROOT_PASSWORD}" \
#     --protocol=SOCKET \
#     --execute=EXIT \
#     "${WORDPRESS_DATABASE_NAME}"
# then
#     set +eu # needed because the mysql_install_db shell script somehow runs with the current environment settings
#     sudo mysql_install_db \
#         --user=mysql \
#         --auth-root-authentication-method=socket
#
#     expect - << EOF
# spawn sudo mysql_secure_installation
# expect {
#     "Enter current password for root (enter for none):" {
#         sleep 1
#         send "\\r"
#         exp_continue
#     }
#     "Set root password?" {
#         send "y\\r"
#     }
# }
# expect {
#     "New password:" {
#         send "${MYSQL_ROOT_PASSWORD}\\r"
#         exp_continue
#     }
#     "Re-enter new password:" {
#         send "${MYSQL_ROOT_PASSWORD}\\r"
#         exp_continue
#     }
#     "Remove anonymous users?" {
#         send "y\\r"
#     }
# }
# expect {
#     "Disallow root login remotely?" {
#         send "y\\r"
#     }
# }
# expect {
#     "Remove test database and access to it?" {
#         send "y\\r"
#     }
# }
# expect {
#     "Reload privilege tables now?" {
#         sleep 0.5
#         send "y\\r"
#         send_user "\\r"
#     }
# }
# wait
# send_user "expect done\\r"
# exit
# EOF
#
#     log "making a database for wordpress"
#     sudo mysql \
#         --user="${MYSQL_ROOT_USERNAME}" \
#         --password="${MYSQL_ROOT_PASSWORD}" \
#         --protocol=SOCKET << EOF
# CREATE DATABASE ${WORDPRESS_DATABASE_NAME};
# GRANT ALL PRIVILEGES ON ${WORDPRESS_DATABASE_NAME}.* TO "${WORDPRESS_DB_USERNAME}"@"localhost" IDENTIFIED BY "${WORDPRESS_DB_PASSWORD}";
# FLUSH PRIVILEGES;
# EXIT
# EOF
#
# fi

log "downloading wordpress"
if ! [ -d wordpress ]; then
    if ! [ -f wordpress.tar.gz ]; then
        log "downloading wordpress tarball"
        curl -L "https://wordpress.org/latest.tar.gz" --output wordpress.tar.gz
    fi
    mkdir -p wordpress
    log "unpacking wordpress install files"
    tar -xf wordpress.tar.gz -C wordpress --strip-components=1
    find wordpress -type d -exec chmod a=rwx \{\} \+
    find wordpress -type f -exec chmod a=rw \{\} \+
fi

log "checking for wp-config.php"
if ! [ -f /var/www/html/wp-config.php ]; then
    log "copying wordpress install files"
    sudo rm /var/www/html/index.nginx-debian.html || true
    sudo chown www-data:www-data /var/www/html
    sudo -u www-data cp -r wordpress/* /var/www/html

    log "making wp-config.php"
    sudo -u www-data tee /var/www/html/wp-config.php > /dev/null << EOF
<?php
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the installation.
 * You don't have to use the web site, you can copy this file to "wp-config.php"
 * and fill in the values.
 *
 * This file contains the following configurations:
 *
 * * Database settings
 * * Secret keys
 * * Database table prefix
 * * ABSPATH
 *
 * @link https://wordpress.org/support/article/editing-wp-config-php/
 *
 * @package WordPress
 */

// ** Database settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', '${WORDPRESS_DATABASE_NAME}' );

/** Database username */
define( 'DB_USER', '${WORDPRESS_DB_USERNAME}' );

/** Database password */
define( 'DB_PASSWORD', '${WORDPRESS_DB_PASSWORD}' );

/** Database hostname */
define( 'DB_HOST', '/var/run/mysqld/mysqld.sock' );

/** Database charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );

/** The database collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );

/**#@+
 * Authentication unique keys and salts.
 *
 * Change these to different unique phrases! You can generate these using
 * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
 *
 * You can change these at any point in time to invalidate all existing cookies.
 * This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define( 'AUTH_KEY',         'AUTH_KEY'        );
define( 'SECURE_AUTH_KEY',  'SECURE_AUTH_KEY' );
define( 'LOGGED_IN_KEY',    'LOGGED_IN_KEY'   );
define( 'NONCE_KEY',        'NONCE_KEY'       );
define( 'AUTH_SALT',        ''                );
define( 'SECURE_AUTH_SALT', ''                );
define( 'LOGGED_IN_SALT',   ''                );
define( 'NONCE_SALT',       ''                );

/**#@-*/

/**
 * WordPress database table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
\$table_prefix = 'wp_';

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 *
 * For information on other constants that can be used for debugging,
 * visit the documentation.
 *
 * @link https://wordpress.org/support/article/debugging-in-wordpress/
 */
define( 'WP_DISABLE_FATAL_ERROR_HANDLER', true );  // 5.2 and later
define( 'WP_DEBUG', true );

/* Add any custom values between this line and the "stop editing" line. */


/* That's all, stop editing! Happy publishing. */

/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
	define( 'ABSPATH', __DIR__ . '/' );
}

/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';
EOF
fi

log "configuring nginx"
sudo mkdir -p /etc/nginx/global
sudo tee /etc/nginx/sites-available/default > /dev/null <<'EOF'
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

upstream php {
    server unix:/var/run/php/php7.4-fpm.sock;
    server 127.0.0.1:9000;
}

# Default server configuration
#
server {
	listen 80 default_server;
	listen [::]:80 default_server;

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	server_name _;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.php;

    include global/restrictions.conf;
    include global/wordpress.conf;
}
EOF

sudo tee /etc/nginx/global/restrictions.conf > /dev/null <<'EOF'
location = /favicon.ico {
    log_not_found off;
    access_log off;
}

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}

location ~ /\. {
    deny all;
}

location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
}
EOF

sudo tee /etc/nginx/global/wordpress.conf > /dev/null <<'EOF'
location / {
    try_files $uri $uri/ /index.php?$args;
}

location ~ \.php$ {
    include fastcgi_params;
    fastcgi_intercept_errors on;
    fastcgi_pass php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
    expires max;
    log_not_found off;
}
EOF

sudo nginx -t

sudo systemctl reload nginx || sudo systemctl restart nginx

log "now visit /wp-admin/install.php"

## run.sh
#!/bin/sh
set -eu
# lxc profile create less-safe
# lxc profile edit less-safe <<'EOF'
# config:
#   limits.cpu: 1-1
#   limits.memory: 500MB
#   limits.memory.enforce: hard
#   limits.memory.swap: "false"
#   limits.processes: "500"
# description: prevents instance from hogging all the host's resources
# devices: {}
# name: less-safe
# used_by:
# - /1.0/instances/elementor
# EOF
# lxc profile create web-server
# lxc profile edit web-server <<'EOF'
# config: {}
# description: ""
# devices:
#   tcp-proxy:
#     connect: tcp:0.0.0.0:80,443,8000,8080
#     listen: tcp:0.0.0.0:80,443,8000,8080
#     type: proxy
#   udp-proxy:
#     connect: udp:0.0.0.0:80,443,8000,8080
#     listen: udp:0.0.0.0:80,443,8000,8080
#     type: proxy
# name: web-server
# used_by:
# - /1.0/instances/elementor
# EOF
# lxc launch "ubuntu:20.04" wordpress \
#     -p default \
#     -p less-safe \
#     -p web-server
# lxc exec wordpress -- chpasswd -c NONE << EOF
# root:
# ubuntu:
# EOF
# lxc exec wordpress -- apt update -y
# lxc exec wordpress -- apt upgrade -y
# lxc stop wordpress
# lxc snapshot wordpress fresh --reuse
# lxc start wordpress
lxc file push \
    ~/projects/elementor/install.sh \
    elementor/home/ubuntu/install.sh \
    --uid 1000 \
    --gid 1000 \
    --mode 0755
lxc exec elementor -- sudo -i -u ubuntu /home/ubuntu/install.sh
	#!/bin/sh
	set -eu
	HOME=/home/ubuntu
	MYSQL_ROOT_USERNAME="${MYSQL_ROOT_USERNAME:-"root"}"
	MYSQL_ROOT_PASSWORD="${MYSQL_ROOT_PASSWORD:-"root_password"}"
	WORDPRESS_DATABASE_NAME="${WORDPRESS_DATABASE_NAME:-"wordpress"}"
	WORDPRESS_DB_USERNAME="${WORDPRESS_DB_USERNAME:-"wordpress_user"}"
	WORDPRESS_DB_PASSWORD="${WORDPRESS_DB_PASSWORD:-"wordpress_password"}"

	log() {
	printf '%sLOG-- %s\n' "--" "$@"
	}
	error() {
	printf '%sERROR-- %s\n' "--" "$@"
	exit 1
	}
	leave() {
	trap - EXIT
	return 0
	}

	trap leave EXIT

	cd "${HOME}"

	log "waiting for network to be happy, so mysql_install_db doesn't return an error"
	while ! host -W 1 elementor; do
	sleep 1
	done

	install_system_packages() {
	sudo apt install --no-install-recommends --assume-yes \
	curl \
	expect \
	mariadb-client \
	mariadb-server \
	php \
	php-fpm \
	php-mysql \
	nginx
	}

	# if ! install_system_packages ; then
	# sudo apt update
	# sudo apt upgrade --assume-yes
	# install_system_packages
	# sudo apt autoremove --assume-yes
	# sudo apt clean
	# fi

	# log "checking for wordpress database"
	# if ! sudo mysql \
	# --user="${MYSQL_ROOT_USERNAME}" \
	# --password="${MYSQL_ROOT_PASSWORD}" \
	# --protocol=SOCKET \
	# --execute=EXIT \
	# "${WORDPRESS_DATABASE_NAME}"
	# then
	# set +eu # needed because the mysql_install_db shell script somehow runs with the current environment settings
	# sudo mysql_install_db \
	# --user=mysql \
	# --auth-root-authentication-method=socket
	#
	# expect - << EOF
	# spawn sudo mysql_secure_installation
	# expect {
	# "Enter current password for root (enter for none):" {
	# sleep 1
	# send "\\r"
	# exp_continue
	# }
	# "Set root password?" {
	# send "y\\r"
	# }
	# }
	# expect {
	# "New password:" {
	# send "${MYSQL_ROOT_PASSWORD}\\r"
	# exp_continue
	# }
	# "Re-enter new password:" {
	# send "${MYSQL_ROOT_PASSWORD}\\r"
	# exp_continue
	# }
	# "Remove anonymous users?" {
	# send "y\\r"
	# }
	# }
	# expect {
	# "Disallow root login remotely?" {
	# send "y\\r"
	# }
	# }
	# expect {
	# "Remove test database and access to it?" {
	# send "y\\r"
	# }
	# }
	# expect {
	# "Reload privilege tables now?" {
	# sleep 0.5
	# send "y\\r"
	# send_user "\\r"
	# }
	# }
	# wait
	# send_user "expect done\\r"
	# exit
	# EOF
	#
	# log "making a database for wordpress"
	# sudo mysql \
	# --user="${MYSQL_ROOT_USERNAME}" \
	# --password="${MYSQL_ROOT_PASSWORD}" \
	# --protocol=SOCKET << EOF
	# CREATE DATABASE ${WORDPRESS_DATABASE_NAME};
	# GRANT ALL PRIVILEGES ON ${WORDPRESS_DATABASE_NAME}.* TO "${WORDPRESS_DB_USERNAME}"@"localhost" IDENTIFIED BY "${WORDPRESS_DB_PASSWORD}";
	# FLUSH PRIVILEGES;
	# EXIT
	# EOF
	#
	# fi

	log "downloading wordpress"
	if ! [ -d wordpress ]; then
	if ! [ -f wordpress.tar.gz ]; then
	log "downloading wordpress tarball"
	curl -L "https://wordpress.org/latest.tar.gz" --output wordpress.tar.gz
	fi
	mkdir -p wordpress
	log "unpacking wordpress install files"
	tar -xf wordpress.tar.gz -C wordpress --strip-components=1
	find wordpress -type d -exec chmod a=rwx \{\} \+
	find wordpress -type f -exec chmod a=rw \{\} \+
	fi

	log "checking for wp-config.php"
	if ! [ -f /var/www/html/wp-config.php ]; then
	log "copying wordpress install files"
	sudo rm /var/www/html/index.nginx-debian.html \|\| true
	sudo chown www-data:www-data /var/www/html
	sudo -u www-data cp -r wordpress/* /var/www/html

	log "making wp-config.php"
	sudo -u www-data tee /var/www/html/wp-config.php > /dev/null << EOF
	<?php
	/**
	* The base configuration for WordPress
	*
	* The wp-config.php creation script uses this file during the installation.
	* You don't have to use the web site, you can copy this file to "wp-config.php"
	* and fill in the values.
	*
	* This file contains the following configurations:
	*
	* * Database settings
	* * Secret keys
	* * Database table prefix
	* * ABSPATH
	*
	* @link https://wordpress.org/support/article/editing-wp-config-php/
	*
	* @package WordPress
	*/

	// Database settings - You can get this info from your web host //
	/** The name of the database for WordPress */
	define( 'DB_NAME', '${WORDPRESS_DATABASE_NAME}' );

	/** Database username */
	define( 'DB_USER', '${WORDPRESS_DB_USERNAME}' );

	/** Database password */
	define( 'DB_PASSWORD', '${WORDPRESS_DB_PASSWORD}' );

	/** Database hostname */
	define( 'DB_HOST', '/var/run/mysqld/mysqld.sock' );

	/** Database charset to use in creating database tables. */
	define( 'DB_CHARSET', 'utf8' );

	/** The database collate type. Don't change this if in doubt. */
	define( 'DB_COLLATE', '' );

	/**#@+
	* Authentication unique keys and salts.
	*
	* Change these to different unique phrases! You can generate these using
	* the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
	*
	* You can change these at any point in time to invalidate all existing cookies.
	* This will force all users to have to log in again.
	*
	* @since 2.6.0
	*/
	define( 'AUTH_KEY', 'AUTH_KEY' );
	define( 'SECURE_AUTH_KEY', 'SECURE_AUTH_KEY' );
	define( 'LOGGED_IN_KEY', 'LOGGED_IN_KEY' );
	define( 'NONCE_KEY', 'NONCE_KEY' );
	define( 'AUTH_SALT', '' );
	define( 'SECURE_AUTH_SALT', '' );
	define( 'LOGGED_IN_SALT', '' );
	define( 'NONCE_SALT', '' );

	/*#@-/

	/**
	* WordPress database table prefix.
	*
	* You can have multiple installations in one database if you give each
	* a unique prefix. Only numbers, letters, and underscores please!
	*/
	\$table_prefix = 'wp_';

	/**
	* For developers: WordPress debugging mode.
	*
	* Change this to true to enable the display of notices during development.
	* It is strongly recommended that plugin and theme developers use WP_DEBUG
	* in their development environments.
	*
	* For information on other constants that can be used for debugging,
	* visit the documentation.
	*
	* @link https://wordpress.org/support/article/debugging-in-wordpress/
	*/
	define( 'WP_DISABLE_FATAL_ERROR_HANDLER', true ); // 5.2 and later
	define( 'WP_DEBUG', true );

	/* Add any custom values between this line and the "stop editing" line. */



	/* That's all, stop editing! Happy publishing. */

	/** Absolute path to the WordPress directory. */
	if ( ! defined( 'ABSPATH' ) ) {
	define( 'ABSPATH', __DIR__ . '/' );
	}

	/** Sets up WordPress vars and included files. */
	require_once ABSPATH . 'wp-settings.php';
	EOF
	fi

	log "configuring nginx"
	sudo mkdir -p /etc/nginx/global
	sudo tee /etc/nginx/sites-available/default > /dev/null <<'EOF'
	##
	# You should look at the following URL's in order to grasp a solid understanding
	# of Nginx configuration files in order to fully unleash the power of Nginx.
	# https://www.nginx.com/resources/wiki/start/
	# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
	# https://wiki.debian.org/Nginx/DirectoryStructure
	#
	# In most cases, administrators will remove this file from sites-enabled/ and
	# leave it as reference inside of sites-available where it will continue to be
	# updated by the nginx packaging team.
	#
	# This file will automatically load configuration files provided by other
	# applications, such as Drupal or Wordpress. These applications will be made
	# available underneath a path with that package name, such as /drupal8.
	#
	# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
	##

	upstream php {
	server unix:/var/run/php/php7.4-fpm.sock;
	server 127.0.0.1:9000;
	}

	# Default server configuration
	#
	server {
	listen 80 default_server;
	listen [::]:80 default_server;

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	server_name _;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.php;

	include global/restrictions.conf;
	include global/wordpress.conf;
	}
	EOF

	sudo tee /etc/nginx/global/restrictions.conf > /dev/null <<'EOF'
	location = /favicon.ico {
	log_not_found off;
	access_log off;
	}

	location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
	}

	location ~ /\. {
	deny all;
	}

	location ~* /(?:uploads\|files)/.*\.php$ {
	deny all;
	}
	EOF

	sudo tee /etc/nginx/global/wordpress.conf > /dev/null <<'EOF'
	location / {
	try_files $uri $uri/ /index.php?$args;
	}

	location ~ \.php$ {
	include fastcgi_params;
	fastcgi_intercept_errors on;
	fastcgi_pass php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	}

	location ~* \.(js\|css\|png\|jpg\|jpeg\|gif\|ico)$ {
	expires max;
	log_not_found off;
	}
	EOF

	sudo nginx -t

	sudo systemctl reload nginx \|\| sudo systemctl restart nginx

	log "now visit /wp-admin/install.php"
	#!/bin/sh
	set -eu
	# lxc profile create less-safe
	# lxc profile edit less-safe <<'EOF'
	# config:
	# limits.cpu: 1-1
	# limits.memory: 500MB
	# limits.memory.enforce: hard
	# limits.memory.swap: "false"
	# limits.processes: "500"
	# description: prevents instance from hogging all the host's resources
	# devices: {}
	# name: less-safe
	# used_by:
	# - /1.0/instances/elementor
	# EOF
	# lxc profile create web-server
	# lxc profile edit web-server <<'EOF'
	# config: {}
	# description: ""
	# devices:
	# tcp-proxy:
	# connect: tcp:0.0.0.0:80,443,8000,8080
	# listen: tcp:0.0.0.0:80,443,8000,8080
	# type: proxy
	# udp-proxy:
	# connect: udp:0.0.0.0:80,443,8000,8080
	# listen: udp:0.0.0.0:80,443,8000,8080
	# type: proxy
	# name: web-server
	# used_by:
	# - /1.0/instances/elementor
	# EOF
	# lxc launch "ubuntu:20.04" wordpress \
	# -p default \
	# -p less-safe \
	# -p web-server
	# lxc exec wordpress -- chpasswd -c NONE << EOF
	# root:
	# ubuntu:
	# EOF
	# lxc exec wordpress -- apt update -y
	# lxc exec wordpress -- apt upgrade -y
	# lxc stop wordpress
	# lxc snapshot wordpress fresh --reuse
	# lxc start wordpress
	lxc file push \
	~/projects/elementor/install.sh \
	elementor/home/ubuntu/install.sh \
	--uid 1000 \
	--gid 1000 \
	--mode 0755
	lxc exec elementor -- sudo -i -u ubuntu /home/ubuntu/install.sh