1 files changed, 519 insertions, 0 deletions

diff --git a/server.sh b/server.sh
new file mode 100755
index 0000000..2dc7788
--- /dev/null
+++ b/server.sh
@@ -0,0 +1,519 @@
+#!/bin/sh
+clear
+echo "####################"
+echo "# WEBSERVER RUNNER #"
+echo "# »» hitler.rip «« #"
+echo "####################"
+echo
+echo "[server] This script sets up my web servers the way I like it."
+echo "[server] Note:"
+echo "[server] this script assumes you already have an openssh server set up properly."
+echo
+
+echo "[server] installing base packages..."
+sudo apt update
+sudo apt upgrade -y
+sudo apt install -y sudo vim git curl wget btop tmux
+sudo usermod -aG sudo "$(whoami)"
+sudo apt install -y nmap traceroute netcat-openbsd man man-db rsync ed bc unrar-free zip unzip lvm2
+
+echo "[server] installing other packages..."
+sudo apt install -y pandoc
+
+echo "[server] setting up classical vim..."
+tee -a ~/.vimrc << END
+syntax on
+set number
+set relativenumber
+set tabstop=4
+set shiftwidth=4
+set hlsearch
+set showmatch
+set mouse=a
+END
+
+echo "[server] setting up tmux..."
+tee ~/.tmux.conf << EOF
+unbind C-b
+set-option -g prefix C-d
+bind-key C-d send-prefix
+
+bind -n M-f detach
+bind -n M-t kill-session
+bind -n M-q kill-pane
+
+bind -n M-y split-window -h
+bind -n M-x split-window -v
+bind -n M-a select-pane -L
+bind -n M-d select-pane -R
+bind -n M-w select-pane -U
+bind -n M-s select-pane -D
+bind -nr M-h resize-pane -L 1
+bind -nr M-j resize-pane -D 1
+bind -nr M-k resize-pane -U 1
+bind -nr M-l resize-pane -R 1
+bind -nr M-Left resize-pane -L 1
+bind -nr M-Down resize-pane -D 1
+bind -nr M-Up resize-pane -U 1
+bind -nr M-Right resize-pane -R 1
+bind -n M-c swap-pane -D
+
+bind -n M-g prev
+bind -n M-b next
+bind -n M-v new-window
+
+bind -n M-e command-prompt -I '#W' { rename-window -- '%%' }
+bind -n M-r command-prompt -I '#W' { select-pane -T '%%' }
+
+set -g base-index 1
+setw -g pane-base-index 1
+set-option -g allow-rename off
+setw -g automatic-rename off
+set -g renumber-windows on
+
+set -g pane-border-status top
+set -g pane-border-format " [ ###P #T ] "
+set -g pane-active-border-style "fg=magenta"
+
+set -g mouse on
+set -g default-terminal "tmux-256color"
+
+set-window-option -g window-status-separator ''
+set -gF window-status-format "#[bg=default,fg=white] ##I "
+set -gF window-status-current-format "#[bg=magenta,fg=default] ##I "
+set -gF status-style "bg=default,fg=white"
+
+set -g status-right-length 100
+set -g status-left-length 100
+set -g status-left ""
+set -g status-right ""
+set -g status-right "#[fg=white]#S #[fg=magenta]| #[fg=white]#(whoami)#[fg=magenta]@#[fg=white]#H #[fg=magenta]| %Y-%m-%d %H:%M"
+EOF
+tmux source ~/.tmux.conf
+
+echo "[server] installing server packages..."
+sudo apt install -y ufw fail2ban
+sudo ufw allow http
+sudo ufw allow https
+sudo ufw allow ssh
+#sudo ufw allow 41641/udp # tailscale
+#sudo ufw allow 1965/tcp # gemini
+sudo ufw default deny incoming
+sudo ufw default allow outgoing
+sudo ufw enable
+sudo systemctl enable ufw
+sudo systemctl start ufw
+sudo tee /etc/fail2ban/jail.local << EOF
+[sshd]
+enabled = true
+filter = sshd
+port = ssh
+banaction = ufw
+banaction_allports = ufw
+bantime = -1
+maxretry = 3
+logpath = \$(sshd_log)s
+backend = systemd
+EOF
+sudo systemctl enable fail2ban
+sudo systemctl start fail2ban
+
+echo "[server] setting up nginx..."
+sudo apt install -y nginx python3-certbot-nginx
+sudo certbot --nginx
+	# web@hitler.rip
+	# Y
+	# N
+	# hitler.rip www.hitler.rip links.hitler.rip git.hitler.rip
+sudo tee /etc/nginx/sites-available/default << EOF
+server {
+	if (\$host = hitler.rip) {
+		return 301 https://hitler.rip\$request_uri;
+	}
+	if (\$host = www.hitler.rip) {
+		return 301 https://hitler.rip\$request_uri;
+	}
+	if (\$host = links.hitler.rip) {
+		return 301 https://hitler.rip/links\$request_uri;
+	}
+	if (\$host = git.hitler.rip) {
+		return 301 https://git.hitler.rip\$request_uri;
+	}
+	listen 80;
+	listen [::]:80;
+	serer_name hitler.rip www.hitler.rip links.hitler.rip git.hitler.rip;
+	return 301 https://hitler.rip\$request_uri;
+}
+
+server {
+	server_name hitler.rip www.hitler.rip links.hitler.rip;
+
+	if (\$host = links.hitler.rip) {
+		return 301 https://hitler.rip/links\$request_uri;
+	}
+	if (\$host = www.hitler.rip) {
+		return 301 https://hitler.rip\$request_uri;
+	}
+
+	root /srv/web;
+	index index.html;
+	location / {
+		try_files \$uri \$uri/ =404;
+	}
+	listen [::]:443 ssl;
+	listen 443 ssl;
+	ssl_certificate /etc/letsencrypt/live/hitler.rip/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/hitler.rip/privkey.pem;
+	include /etc/letsencrypt/options-ssl-nginx.conf;
+	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+}
+
+server {
+	server_name git.hitler.rip;
+	root /usr/share/cgit;
+	try_files \$uri @cgit;
+	location @cgit {
+		include fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi;
+		fastcgi_param PATH_INFO \$uri;
+		fastcgi_param QUERY_STRING \$args;
+		fastcgi_param HTTP_HOST git.hitler.rip;
+		fastcgi_pass unix:/run/fcgiwrap.socket;
+	}
+	listen [::]:443 ssl;
+	listen 443 ssl;
+	ssl_certificate /etc/letsencrypt/live/hitler.rip/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/hitler.rip/privkey.pem;
+	include /etc/letsencrypt/options-ssl-nginx.conf;
+	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+}
+EOF
+sudo mkdir -p /srv/web/
+sudo mkdir -p /srv/build/
+sudo chown -R $(whoami):$(whoami) /srv/web/
+sudo chown -R $(whoami):$(whoami) /srv/build/
+sudo systemctl restart nginx
+sudo systemctl enable nginx
+
+echo "[server] setting up git server..."
+sudo adduser --shell $(which git-shell) git
+sudo mkdir /home/git/.ssh/
+sudo cp ~/.ssh/authorized_keys /home/git/.ssh/
+sudo chown -R git:git /home/git/.ssh/
+sudo chmod 700 /home/git/.ssh/
+sudo chmod 600 /home/git/.ssh/authorized_keys
+sudo mkdir -p /srv/git/
+sudo chown -R git:git /srv/git/
+sudo mkdir -p /srv/pgit/
+sudo chown -R git:git /srv/pgit/
+git config --global --add safe.directory '*' # to allow the server to clone its own repos
+echo "[server] git server created. you may now clone the website build script to /srv/build/ and push your website."
+
+echo "[server] setting up cgit..."
+sudo apt install -y cgit fcgiwrap
+sudo systemctl enable fcgiwrap
+sudo systemctl start fcgiwrap
+sudo tee /etc/cgitrc << EOF
+css=/cgit.css
+logo=/cgit.png
+favicon=/cgit.png
+virtual-root=/
+
+readme=:README.md
+readme=:readme.md
+readme=:README
+readme=:readme
+readme=:ABOUT.md
+readme=:about.md
+readme=:ABOUT
+readme=:about
+source-filter=/usr/lib/cgit/filters/syntax-highlighting.py
+about-filter=/usr/lib/cgit/filters/about-formatting.sh
+
+root-title=git.hitler.rip
+root-desc=web frontend for public git repos | all emails regarding repos to <git@hitler.rip>
+
+snapshots=tar.gz tar.bz2 zip
+
+enable-blame=1
+enable-commit-graph=1
+enable-log-filecount=1
+enable-log-linecount=1
+branch-sort=age
+enable-git-config=1
+enable-http-clone=1
+clone-prefix=https://git.hitler.rip
+
+mimetype.gif=image/gif
+mimetype.html=text/html
+mimetype.jpg=image/jpeg
+mimetype.jpeg=image/jpeg
+mimetype.pdf=application/pdf
+mimetype.png=image/png
+mimetype.svg=image/svg+xml
+
+scan-path=/srv/git
+EOF
+sudo tee -a /usr/share/cgit/cgit.css << EOF
+.logo > a > img {
+	width: 64px;
+	height: 64px;
+}
+EOF
+echo "[server] cgit server created. you may now replace /usr/share/cgit/cgit.png and /usr/share/cgit/favicon.ico with a custom image."
+
+echo "[server] configuring shell..."
+tee ~/.bash_aliases << EOF
+alias t="tmux"
+alias tile="tmux"
+alias term="tmux"
+alias terminal="tmux"
+alias terminals="tmux ls"
+alias sessions="tmux ls"
+alias session="tmux attach -t"
+alias attach="tmux attach -t"
+alias .="pwd"
+alias ..="cd .."
+alias ...="cd ../.."
+alias ....="cd ../../.."
+alias .....="cd ../../../.."
+alias bc="bc -q"
+alias c="rsync -P"
+EOF
+curl -sS https://starship.rs/install.sh | sh
+mkdir -p ~/.config/
+curl -L https://starship.rs/config-schema.json --output ~/.config/starship-schema.json
+tee ~/.config/starship.toml << EOF
+"\$schema" = '~/.config/starship-schema.json'
+add_newline = true
+#palette = "catppuccin_mocha"
+[username]
+show_always = true
+style_root = 'bold red'
+style_user = 'bold purple' # mauve
+format = '[\$user](\$style) @ '
+[hostname]
+ssh_only = false
+ssh_symbol = 'ssh://'
+format = '[\$ssh_symbol\$hostname](\$style) : '
+style = 'bold cyan' # sky
+[directory]
+truncation_length = 4
+truncate_to_repo = true
+truncation_symbol = '…/'
+style = 'bold yellow' # rosewater
+read_only = " ro"
+[character]
+success_symbol = "[>](bold purple)" # magenta
+error_symbol = "[x](bold red)"
+vimcmd_symbol = "[<](bold cyan)" # sky
+[git_commit]
+tag_symbol = " tag "
+[git_status]
+ahead = ">"
+behind = "<"
+diverged = "<>"
+renamed = "r"
+deleted = "x"
+[git_branch]
+symbol = "git "
+style = "bold red" # peach
+[aws]
+symbol = "aws "
+[azure]
+symbol = "az "
+[buf]
+symbol = "buf "
+[bun]
+symbol = "bun "
+[c]
+symbol = "C "
+[cobol]
+symbol = "cobol "
+[conda]
+symbol = "conda "
+[crystal]
+symbol = "cr "
+[cmake]
+symbol = "cmake "
+[daml]
+symbol = "daml "
+[dart]
+symbol = "dart "
+[deno]
+symbol = "deno "
+[dotnet]
+symbol = ".NET "
+[docker_context]
+symbol = "docker "
+[elixir]
+symbol = "exs "
+[elm]
+symbol = "elm "
+[fennel]
+symbol = "fnl "
+[fossil_branch]
+symbol = "fossil "
+[gcloud]
+symbol = "gcp "
+[gleam]
+symbol = "gleam "
+[golang]
+symbol = "go "
+[gradle]
+symbol = "gradle "
+[guix_shell]
+symbol = "guix "
+[hg_branch]
+symbol = "hg "
+[java]
+symbol = "java "
+[julia]
+symbol = "jl "
+[kotlin]
+symbol = "kt "
+[lua]
+symbol = "lua "
+[nodejs]
+symbol = "nodejs "
+[memory_usage]
+symbol = "memory "
+[meson]
+symbol = "meson "
+[nats]
+symbol = "nats "
+[nim]
+symbol = "nim "
+[nix_shell]
+symbol = "nix "
+[ocaml]
+symbol = "ml "
+[opa]
+symbol = "opa "
+[os.symbols]
+AIX = "aix "
+Alpaquita = "alq "
+AlmaLinux = "alma "
+Alpine = "alp "
+Amazon = "amz "
+Android = "andr "
+Arch = "rch "
+Artix = "atx "
+CachyOS = "cachy "
+CentOS = "cent "
+Debian = "deb "
+DragonFly = "dfbsd "
+Emscripten = "emsc "
+EndeavourOS = "ndev "
+Fedora = "fed "
+FreeBSD = "fbsd "
+Garuda = "garu "
+Gentoo = "gentoo "
+HardenedBSD = "hbsd "
+Illumos = "lum "
+Kali = "kali "
+Linux = "linux "
+Mabox = "mbox "
+Macos = "mac "
+Manjaro = "mjo "
+Mariner = "mrn "
+MidnightBSD = "mid "
+Mint = "mint "
+NetBSD = "nbsd "
+NixOS = "nixos "
+Nobara = "nbra "
+OpenBSD = "obsd "
+OpenCloudOS = "ocos "
+openEuler = "oeul "
+openSUSE = "osuse "
+OracleLinux = "orac "
+Pop = "popos "
+Raspbian = "rpios "
+Redhat = "rhl "
+RedHatEnterprise = "rhel "
+RockyLinux = "rky "
+Redox = "redox "
+Solus = "sol "
+SUSE = "suse "
+Ubuntu = "ubnt "
+Ultramarine = "ultm "
+Unknown = "unk "
+Uos = "uos "
+Void = "void "
+Windows = "win "
+[package]
+symbol = "pkg "
+[perl]
+symbol = "pl "
+[php]
+symbol = "php "
+[pijul_channel]
+symbol = "pijul "
+[pulumi]
+symbol = "pulumi "
+[purescript]
+symbol = "purs "
+[python]
+symbol = "py "
+[quarto]
+symbol = "quarto "
+[raku]
+symbol = "raku "
+[ruby]
+symbol = "rb "
+[rust]
+symbol = "rs "
+[scala]
+symbol = "scala "
+[spack]
+symbol = "spack "
+[solidity]
+symbol = "solidity "
+[status]
+symbol = "[x](bold red) "
+[sudo]
+symbol = "sudo "
+[swift]
+symbol = "swift "
+[typst]
+symbol = "typst "
+[terraform]
+symbol = "terraform "
+[zig]
+symbol = "zig "
+[palettes.catppuccin_mocha]
+rosewater = "#f5e0dc"
+flamingo = "#f2cdcd"
+pink = "#f5c2e7"
+mauve = "#cba6f7"
+red = "#f38ba8"
+maroon = "#eba0ac"
+peach = "#fab387"
+yellow = "#f9e2af"
+green = "#a6e3a1"
+teal = "#94e2d5"
+sky = "#89dceb"
+sapphire = "#74c7ec"
+blue = "#89b4fa"
+lavender = "#b4befe"
+text = "#cdd6f4"
+subtext1 = "#bac2de"
+subtext0 = "#a6adc8"
+overlay2 = "#9399b2"
+overlay1 = "#7f849c"
+overlay0 = "#6c7086"
+surface2 = "#585b70"
+surface1 = "#45475a"
+surface0 = "#313244"
+base = "#1e1e2e"
+mantle = "#181825"
+crust = "#11111b"
+EOF
+tee -a ~/.bashrc << EOF
+# -- Minimal Setup --
+eval "\$(starship init bash)"
+export EDITOR="vim"
+export FZF_DEFAULT_OPTS=" --color=bg+:#313244,bg:#1e1e2e,spinner:#f5e0dc,hl:#f38ba8 --color=fg:#cdd6f4,header:#f38ba8,info:#cba6f7,pointer:#f5e0dc --color=marker:#b4befe,fg+:#cdd6f4,prompt:#cba6f7,hl+:#f38ba8 --color=border:#313244,label:#cdd6f4"
+source ~/.bash_aliases
+clear
+EOF