Last active
April 7, 2021 15:57
-
-
Save nurse/6101638 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# https://gist.github.com/nurse/6101638 | |
export U=naruse | |
export PUBKEY_URL=http://nalsh.jp/ssh.pub | |
## before running this script | |
### Debian | |
# edit /etc/network/interfaces with dns-nameservers | |
# sudo aptitude update && sudo aptitude safe-upgrade | |
# | |
## To run this script | |
### Debian | |
# wget -O chkbuild.sh http://nalsh.jp/skr/chkbuild.sh&&sudo sh ./chkbuild.sh | |
### FreeBSD | |
# vi /etc/group # add me to wheel | |
# sudo passwd # set password of root | |
# freebsd-update upgrade -r 8.4-RELEASE | |
# freebsd-update install | |
# reboot | |
# freebsd-update install | |
# freebsd-update upgrade -r 10.0-RELEASE | |
# freebsd-update install | |
# vi /etc/rc.conf # s/re0/xn0/g | |
# vi /etc/fstab # s/ad/ada/g | |
# reboot | |
# freebsd-update install | |
# fetch -o - http://nalsh.jp/skr/chkbuild.sh|sh | |
set -u | |
set -e | |
umask 0750 | |
NotImpError=127 | |
user_exist_p () { | |
id -u $1 > /dev/null 2>&1 | |
} | |
group_add () { | |
local group=$1 | |
case `unams -s` in | |
"FreeBSD" ) | |
if ! pw groupshow $group; then | |
pw groupadd $group | |
fi | |
;; | |
"NetBSD" ) | |
echo not implemented | |
exit $NotImpError | |
;; | |
"Linux" ) | |
groupadd -f $group | |
;; | |
* ) | |
echo not implemented | |
exit $NotImpError | |
;; | |
esac | |
} | |
pkg_install () { | |
local name=$1 | |
shift | |
while [ $# -gt 1 ]; do | |
local line=$1 | |
local pkgname="${line#$os:}" | |
if [ "$line" != "$pkgname" ]; then | |
echo $pkgname | |
break | |
fi | |
shift | |
done | |
case $os in | |
"FreeBSD" ) | |
pkg install -Uy $name | |
;; | |
"NetBSD" ) | |
pkgin install -y $name | |
;; | |
"Debian" ) | |
aptitude install -y $name | |
;; | |
"RedHat" ) | |
yum install -y $name | |
;; | |
esac | |
} | |
which_s () { | |
which $1 > /dev/null 2> /dev/null | |
} | |
if [ 0 -ne `id -u` ]; then | |
echo must run as root | |
#exit 1 | |
fi | |
############################## | |
# detect OS | |
case `/usr/bin/uname -s` in | |
FreeBSD ) | |
os="FreeBSD" | |
FETCH="fetch -o" | |
;; | |
NetBSD ) | |
os="NetBSD" | |
FETCH="ftp -o" | |
;; | |
Linux ) | |
if [ -e /etc/debian_version ]; then | |
os="Debian" | |
FETCH="wget -O" | |
elif [ -e /etc/redhat-release ]; then | |
os="RedHat" | |
FETCH="curl -s -o" | |
else | |
echo cannot detect what Linux distribution is | |
fi | |
;; | |
*) | |
uname -v | |
echo cannot detect OS | |
exit 1 | |
;; | |
esac | |
############################## | |
# | |
# initial setup | |
case $os in | |
"FreeBSD" ) | |
if [ -e /usr/local/sbin/pkg ]; then | |
/usr/local/sbin/pkg update | |
else | |
echo TODO: FreeBSD should use pkgng | |
fi | |
;; | |
"Debian" ) | |
aptitude update | |
;; | |
"RedHat" ) | |
yum update | |
;; | |
"NetBSD" ) | |
echo TODO: use pkgin | |
exit | |
;; | |
esac | |
############################## | |
# | |
# Setup $U's account | |
if ! user_exist_p $U ; then | |
case `uname -s` in | |
"FreeBSD" ) | |
pw groupadd $U | |
pw useradd $U -m -g $U -G wheel,operator | |
;; | |
"NetBSD" ) | |
useradd -m -G wheel,operator -s /bin/ksh $U | |
;; | |
"Linux" ) | |
useradd -m -G wheel -s /bin/bash $U | |
;; | |
esac | |
fi | |
if ! grep -q "wheel:.*:$U" /etc/group; then | |
case `uname -s` in | |
"FreeBSD" ) | |
pw groupmod wheel -m $U | |
pw groupmod operator -m $U | |
;; | |
"Linux" ) | |
usermod -a -G wheel $U | |
;; | |
esac | |
fi | |
# setup $U's ssh | |
if [ ! -e /home/$U/.ssh ]; then | |
mkdir /home/$U/.ssh | |
chown $U:$U /home/$U/.ssh | |
chmod 700 /home/$U/.ssh | |
fi | |
if [ ! -e /home/$U/.ssh/authorized_keys ]; then | |
$FETCH authorized_keys $PUBKEY_URL | |
mv authorized_keys /home/$U/.ssh/authorized_keys | |
chown -R $U:$U /home/$U/.ssh/authorized_keys | |
fi | |
############################## | |
# | |
# Setup sshd | |
if ! grep -q 8080 /etc/ssh/sshd_config; then | |
echo 'PermitRootLogin no' >> /etc/ssh/sshd_config | |
echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config | |
echo "Port 22" >> /etc/ssh/sshd_config | |
echo "Port 8080" >> /etc/ssh/sshd_config | |
fi | |
# NetBSD | |
# myname/hostname | |
# .zshrc | |
# .tmux.conf | |
# ntpd | |
# bison | |
# subversion | |
# scmgit-base | |
# ruby18-base | |
############################## | |
# | |
# Install packages | |
# Debian build-essential | |
if ! make --version >/dev/null 2>&1; then | |
case $os in | |
"Debian" ) | |
aptitude install -y build-essential | |
;; | |
"RedHat" ) | |
yum install -y gcc | |
yum install -y redhat-lsb-core | |
# EPEL | |
# sudo rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6 | |
# sudo rpm -ivh http://ftp.riken.jp/Linux/fedora/epel/6/x86_64/epel-release-6-8 | |
esac | |
fi | |
# sudo | |
if ! which_s sudo; then | |
case $os in | |
"FreeBSD" ) | |
pkg install security/sudo | |
;; | |
"NetBSD" ) | |
cd /usr/pkgsrc/security/sudo | |
make all install clean | |
;; | |
*) | |
echo cannot install sudo | |
exit 1 | |
;; | |
esac | |
fi | |
if ! which_s sudo; then | |
echo failed to install sudo | |
fi | |
if [ -e /etc/sudoers ]; then | |
SUDOERS_PATH=/etc/sudoers | |
elif [ -e /usr/local/etc/sudoers ]; then | |
SUDOERS_PATH=/usr/local/etc/sudoers | |
else | |
echo 'error: cannot find sudoers' | |
exit 1 | |
fi | |
if ! grep -q PERL_BADLANG $SUDOERS_PATH; then | |
echo $U' ALL=(ALL) NOPASSWD: ALL' >> $SUDOERS_PATH | |
echo '%wheel ALL=(ALL) NOPASSWD: ALL' >> $SUDOERS_PATH | |
echo 'Defaults env_keep += "PERL_BADLANG"' >> $SUDOERS_PATH | |
fi | |
# install zsh | |
if ! which_s zsh; then | |
echo installing zsh | |
pkg_install zsh | |
fi | |
# install screen | |
if ! which_s screen; then | |
echo installing screen | |
pkg_install screen | |
fi | |
# install subversion | |
if ! which_s svn; then | |
echo installing subversion | |
pkg_install subversion | |
fi | |
# install git | |
if ! which_s git; then | |
echo installing git | |
pkg_install git | |
fi | |
# install ruby | |
if ! which_s ruby; then | |
echo installing ruby | |
pkg_install ruby | |
fi | |
# install autoconf | |
if ! ( which_s autoconf || [ -e /home/$U/local/autoconf ] ); then | |
echo installing autoconf | |
case $os in | |
"___Debian" ) | |
# aptitude install -y autoconf # too old | |
cd /tmp | |
AUTOCONF=autoconf-2.69 | |
rm -f /tmp/$AUTOCONF.tar.gz | |
rm -rf /tmp/$AUTOCONF | |
wget -O $AUTOCONF.tar.gz http://ftp.gnu.org/gnu/autoconf/$AUTOCONF.tar.gz | |
tar xvf autoconf-2.69.tar.gz | |
rm -f /tmp/$AUTOCONF.tar.gz | |
cd /tmp/$AUTOCONF | |
./configure --prefix=/home/$U/local/autoconf | |
make install | |
chown -R $U /home/$U/local/autoconf | |
rm -rf /tmp/$AUTOCONF | |
;; | |
*) | |
pkg_install autoconf | |
esac | |
fi | |
# install bison | |
if ! which_s bison; then | |
echo installing bison | |
pkg_install bison | |
fi | |
# install zlib | |
if ! [ -e /usr/include/zlib.h ]; then | |
echo installing zlib | |
case $os in | |
"Debian" ) | |
aptitude install -y zlib1g-dev | |
;; | |
"RedHat" ) | |
yum install -y zlib-devel | |
;; | |
*) | |
echo cannot install zlib | |
exit 1 | |
;; | |
esac | |
fi | |
# install libssl | |
if ! [ -e /usr/include/openssl ]; then | |
echo installing libssl | |
case $os in | |
"Debian" ) | |
aptitude install -y libssl-dev | |
;; | |
"RedHat" ) | |
yum install -y openssl-devel | |
;; | |
*) | |
echo cannot install libssl | |
exit 1 | |
;; | |
esac | |
fi | |
# install curses | |
#if ! [ -e /usr/include/curses.h ]; then | |
# echo installing curses | |
# case $os in | |
# "Debian" ) | |
# aptitude install -y libncurses-dev | |
# ;; | |
# *) | |
# echo cannot install curses | |
# exit 1 | |
# ;; | |
# esac | |
#fi | |
# install readline | |
if ! [ -e /usr/include/readline ]; then | |
echo installing readline | |
case $os in | |
"Debian" ) | |
aptitude install -y libreadline-dev | |
;; | |
"RedHat" ) | |
yum install -y readline-devel | |
;; | |
*) | |
echo cannot install readline | |
exit 1 | |
;; | |
esac | |
fi | |
# install ntpd | |
if ! [ -e /usr/sbin/ntpd ]; then | |
echo installing ntpd | |
case $os in | |
"Debian" ) | |
aptitude install -y openntpd | |
;; | |
"RedHat" ) | |
yum install -y ntp | |
;; | |
*) | |
echo cannot install ntpd | |
exit 1 | |
;; | |
esac | |
fi | |
# install nginx | |
if ! which_s nginx; then | |
echo installing nginx | |
pkg_install nginx | |
fi | |
if [ -e /etc/nginx/sites-available/default ]; then | |
NGINXCONF=/etc/nginx/sites-available/default | |
elif [ -e /etc/nginx/nginx.conf ]; then | |
NGINXCONF=/etc/nginx/nginx.conf | |
elif [ -e /usr/local/etc/nginx/nginx.conf ]; then | |
NGINXCONF=/usr/local/etc/nginx/nginx.conf | |
else | |
echo cannot find nginx.conf | |
exit 1 | |
fi | |
if ! grep -q chkbuild $NGINXCONF; then | |
cp $NGINXCONF /tmp/nginx-default | |
rm -f $NGINXCONF.bak | |
sed -i.bak '/^ *server /a\ | |
include /home/naruse/chkbuild/misc/nginx.conf;\ | |
' $NGINXCONF | |
rm $NGINXCONF.bak | |
fi | |
case $os in | |
FreeBSD ) | |
if ! grep -q nginx_enable /etc/rc.conf; then | |
echo nginx_enable="YES" >> /etc/rc.conf | |
fi | |
;; | |
esac | |
############################## | |
# | |
# Setup chkbuild | |
echo cheking chkbuild user | |
if ! user_exist_p chkbuild ; then | |
echo making chkbuild user | |
case `uname -s` in | |
"FreeBSD" ) | |
pw groupadd chkbuild | |
pw useradd chkbuild -g chkbuild | |
;; | |
"Linux" ) | |
/usr/sbin/useradd chkbuild | |
/usr/sbin/usermod -G users,chkbuild $U | |
;; | |
esac | |
cd /home | |
mkdir chkbuild | |
chown ${U}:chkbuild chkbuild | |
chmod 2755 chkbuild | |
mkdir chkbuild/build | |
mkdir chkbuild/public_html | |
chown ${U}:chkbuild chkbuild/build chkbuild/public_html | |
chmod 2775 chkbuild/build chkbuild/public_html | |
fi | |
if ! [ -e /home/$U/chkbuild ]; then | |
cd /home/$U | |
sudo -u $U git clone https://github.com/nurse/chkbuild.git | |
fi | |
if ! [ -e /home/$U/chkbuild/tmp ]; then | |
ln -s /home/chkbuild /home/$U/chkbuild/tmp | |
fi | |
# crontab | |
if ! grep -q chkbuild /etc/crontab; then | |
echo " | |
1 */2 * * * chkbuild /usr/bin/killall -z -u chkbuild -9 2>/dev/null | |
2 */2 * * * chkbuild /bin/rm /home/chkbuild/build/.lock | |
3 */2 * * * chkbuild /home/$U/chkbuild/start-build | |
" >> /etc/crontab | |
fi | |
# 3rd line may be /usr/local/bin/ruby /home/$U/chkbuild/start-build | |
############################## | |
# | |
# Run services | |
if [ -e /usr/sbin/service ]; then | |
# Debian & FreeBSD | |
case $os in | |
Debian | FreeBSD ) | |
sudo service ssh restart | |
;; | |
RedHat ) | |
sudo /bin/systemctl restart sshd.service | |
;; | |
esac | |
sudo service nginx restart | |
fi | |
# .htaccess for apache | |
# if ! [ -e /home/chkbuild/public_html/.htaccess ]; then | |
# echo 'RemoveType .gz | |
# AddEncoding gzip .gz | |
# <Files rss> | |
# ForceType application/rss+xml | |
# </Files>' >> /home/chkbuild/public_html/.htaccess | |
# fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment