#!/bin/sh clear echo "####################" echo "# WEBSERVER RUNNER #" echo "# »» hitler.rip «« #" echo "####################" echo echo "[server] This script sets up my web servers the way I like it." echo "[server] Note:" echo "[server] this script assumes you already have an openssh server set up properly." echo echo "[server] installing base packages..." sudo apt update sudo apt upgrade -y sudo apt install -y sudo vim git curl wget btop tmux sudo usermod -aG sudo "$(whoami)" sudo apt install -y nmap traceroute netcat-openbsd man man-db rsync ed bc unrar-free zip unzip lvm2 echo "[server] installing other packages..." sudo apt install -y pandoc echo "[server] setting up classical vim..." tee -a ~/.vimrc << END syntax on set number set relativenumber set tabstop=4 set shiftwidth=4 set hlsearch set showmatch set mouse=a END echo "[server] setting up tmux..." tee ~/.tmux.conf << EOF unbind C-b set-option -g prefix C-d bind-key C-d send-prefix bind -n M-f detach bind -n M-t kill-session bind -n M-q kill-pane bind -n M-y split-window -h bind -n M-x split-window -v bind -n M-a select-pane -L bind -n M-d select-pane -R bind -n M-w select-pane -U bind -n M-s select-pane -D bind -nr M-h resize-pane -L 1 bind -nr M-j resize-pane -D 1 bind -nr M-k resize-pane -U 1 bind -nr M-l resize-pane -R 1 bind -nr M-Left resize-pane -L 1 bind -nr M-Down resize-pane -D 1 bind -nr M-Up resize-pane -U 1 bind -nr M-Right resize-pane -R 1 bind -n M-c swap-pane -D bind -n M-g prev bind -n M-b next bind -n M-v new-window bind -n M-e command-prompt -I '#W' { rename-window -- '%%' } bind -n M-r command-prompt -I '#W' { select-pane -T '%%' } set -g base-index 1 setw -g pane-base-index 1 set-option -g allow-rename off setw -g automatic-rename off set -g renumber-windows on set -g pane-border-status top set -g pane-border-format " [ ###P #T ] " set -g pane-active-border-style "fg=magenta" set -g mouse on set -g default-terminal "tmux-256color" set-window-option -g window-status-separator '' set -gF window-status-format "#[bg=default,fg=white] ##I " set -gF window-status-current-format "#[bg=magenta,fg=default] ##I " set -gF status-style "bg=default,fg=white" set -g status-right-length 100 set -g status-left-length 100 set -g status-left "" set -g status-right "" set -g status-right "#[fg=white]#S #[fg=magenta]| #[fg=white]#(whoami)#[fg=magenta]@#[fg=white]#H #[fg=magenta]| %Y-%m-%d %H:%M" EOF tmux source ~/.tmux.conf echo "[server] installing server packages..." sudo apt install -y ufw fail2ban sudo ufw allow http sudo ufw allow https sudo ufw allow ssh #sudo ufw allow 41641/udp # tailscale #sudo ufw allow 1965/tcp # gemini sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw enable sudo systemctl enable ufw sudo systemctl start ufw sudo tee /etc/fail2ban/jail.local << EOF [sshd] enabled = true filter = sshd port = ssh banaction = ufw banaction_allports = ufw bantime = -1 maxretry = 3 logpath = \$(sshd_log)s backend = systemd EOF sudo systemctl enable fail2ban sudo systemctl start fail2ban echo "[server] setting up nginx..." sudo apt install -y nginx python3-certbot-nginx sudo certbot --nginx # web@hitler.rip # Y # N # hitler.rip www.hitler.rip links.hitler.rip git.hitler.rip sudo tee /etc/nginx/sites-available/default << EOF server { if (\$host = hitler.rip) { return 301 https://hitler.rip\$request_uri; } if (\$host = www.hitler.rip) { return 301 https://hitler.rip\$request_uri; } if (\$host = links.hitler.rip) { return 301 https://hitler.rip/links\$request_uri; } if (\$host = git.hitler.rip) { return 301 https://git.hitler.rip\$request_uri; } listen 80; listen [::]:80; serer_name hitler.rip www.hitler.rip links.hitler.rip git.hitler.rip; return 301 https://hitler.rip\$request_uri; } server { server_name hitler.rip www.hitler.rip links.hitler.rip; if (\$host = links.hitler.rip) { return 301 https://hitler.rip/links\$request_uri; } if (\$host = www.hitler.rip) { return 301 https://hitler.rip\$request_uri; } root /srv/web; error_page 404 /404.html location = /404.html { internal; } index index.html; location / { try_files \$uri \$uri/ =404; } listen [::]:443 ssl; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/hitler.rip/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/hitler.rip/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; } server { server_name git.hitler.rip; root /usr/share/cgit; try_files \$uri @cgit; location @cgit { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi; fastcgi_param PATH_INFO \$uri; fastcgi_param QUERY_STRING \$args; fastcgi_param HTTP_HOST git.hitler.rip; fastcgi_pass unix:/run/fcgiwrap.socket; } listen [::]:443 ssl; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/hitler.rip/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/hitler.rip/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; } EOF sudo mkdir -p /srv/web/ sudo mkdir -p /srv/build/ sudo chown -R $(whoami):$(whoami) /srv/web/ sudo chown -R $(whoami):$(whoami) /srv/build/ sudo systemctl restart nginx sudo systemctl enable nginx echo "[server] setting up git server..." sudo adduser --shell $(which git-shell) git sudo mkdir /home/git/.ssh/ sudo cp ~/.ssh/authorized_keys /home/git/.ssh/ sudo chown -R git:git /home/git/.ssh/ sudo chmod 700 /home/git/.ssh/ sudo chmod 600 /home/git/.ssh/authorized_keys sudo mkdir -p /srv/git/ sudo chown -R git:git /srv/git/ sudo mkdir -p /srv/pgit/ sudo chown -R git:git /srv/pgit/ git config --global --add safe.directory '*' # to allow the server to clone its own repos echo "[server] git server created. you may now clone the website build script to /srv/build/ and push your website." echo "[server] setting up cgit..." sudo apt install -y cgit fcgiwrap sudo systemctl enable fcgiwrap sudo systemctl start fcgiwrap sudo tee /etc/cgitrc << EOF css=/cgit.css logo=/cgit.png favicon=/cgit.png virtual-root=/ readme=:README.md readme=:readme.md readme=:README readme=:readme readme=:ABOUT.md readme=:about.md readme=:ABOUT readme=:about source-filter=/usr/lib/cgit/filters/syntax-highlighting.py about-filter=/usr/lib/cgit/filters/about-formatting.sh root-title=git.hitler.rip root-desc=web frontend for public git repos | all emails regarding repos to snapshots=tar.gz tar.bz2 zip enable-blame=1 enable-commit-graph=1 enable-log-filecount=1 enable-log-linecount=1 branch-sort=age enable-git-config=1 enable-http-clone=1 clone-prefix=https://git.hitler.rip mimetype.gif=image/gif mimetype.html=text/html mimetype.jpg=image/jpeg mimetype.jpeg=image/jpeg mimetype.pdf=application/pdf mimetype.png=image/png mimetype.svg=image/svg+xml scan-path=/srv/git EOF sudo tee -a /usr/share/cgit/cgit.css << EOF .logo > a > img { width: 64px; height: 64px; } EOF echo "[server] cgit server created. you may now replace /usr/share/cgit/cgit.png and /usr/share/cgit/favicon.ico with a custom image." echo "[server] configuring shell..." tee ~/.bash_aliases << EOF alias t="tmux" alias tile="tmux" alias term="tmux" alias terminal="tmux" alias terminals="tmux ls" alias sessions="tmux ls" alias session="tmux attach -t" alias attach="tmux attach -t" alias .="pwd" alias ..="cd .." alias ...="cd ../.." alias ....="cd ../../.." alias .....="cd ../../../.." alias bc="bc -q" alias c="rsync -P" EOF curl -sS https://starship.rs/install.sh | sh mkdir -p ~/.config/ curl -L https://starship.rs/config-schema.json --output ~/.config/starship-schema.json tee ~/.config/starship.toml << EOF "\$schema" = '~/.config/starship-schema.json' add_newline = true #palette = "catppuccin_mocha" [username] show_always = true style_root = 'bold red' style_user = 'bold purple' # mauve format = '[\$user](\$style) @ ' [hostname] ssh_only = false ssh_symbol = 'ssh://' format = '[\$ssh_symbol\$hostname](\$style) : ' style = 'bold cyan' # sky [directory] truncation_length = 4 truncate_to_repo = true truncation_symbol = '…/' style = 'bold yellow' # rosewater read_only = " ro" [character] success_symbol = "[>](bold purple)" # magenta error_symbol = "[x](bold red)" vimcmd_symbol = "[<](bold cyan)" # sky [git_commit] tag_symbol = " tag " [git_status] ahead = ">" behind = "<" diverged = "<>" renamed = "r" deleted = "x" [git_branch] symbol = "git " style = "bold red" # peach [aws] symbol = "aws " [azure] symbol = "az " [buf] symbol = "buf " [bun] symbol = "bun " [c] symbol = "C " [cobol] symbol = "cobol " [conda] symbol = "conda " [crystal] symbol = "cr " [cmake] symbol = "cmake " [daml] symbol = "daml " [dart] symbol = "dart " [deno] symbol = "deno " [dotnet] symbol = ".NET " [docker_context] symbol = "docker " [elixir] symbol = "exs " [elm] symbol = "elm " [fennel] symbol = "fnl " [fossil_branch] symbol = "fossil " [gcloud] symbol = "gcp " [gleam] symbol = "gleam " [golang] symbol = "go " [gradle] symbol = "gradle " [guix_shell] symbol = "guix " [hg_branch] symbol = "hg " [java] symbol = "java " [julia] symbol = "jl " [kotlin] symbol = "kt " [lua] symbol = "lua " [nodejs] symbol = "nodejs " [memory_usage] symbol = "memory " [meson] symbol = "meson " [nats] symbol = "nats " [nim] symbol = "nim " [nix_shell] symbol = "nix " [ocaml] symbol = "ml " [opa] symbol = "opa " [os.symbols] AIX = "aix " Alpaquita = "alq " AlmaLinux = "alma " Alpine = "alp " Amazon = "amz " Android = "andr " Arch = "rch " Artix = "atx " CachyOS = "cachy " CentOS = "cent " Debian = "deb " DragonFly = "dfbsd " Emscripten = "emsc " EndeavourOS = "ndev " Fedora = "fed " FreeBSD = "fbsd " Garuda = "garu " Gentoo = "gentoo " HardenedBSD = "hbsd " Illumos = "lum " Kali = "kali " Linux = "linux " Mabox = "mbox " Macos = "mac " Manjaro = "mjo " Mariner = "mrn " MidnightBSD = "mid " Mint = "mint " NetBSD = "nbsd " NixOS = "nixos " Nobara = "nbra " OpenBSD = "obsd " OpenCloudOS = "ocos " openEuler = "oeul " openSUSE = "osuse " OracleLinux = "orac " Pop = "popos " Raspbian = "rpios " Redhat = "rhl " RedHatEnterprise = "rhel " RockyLinux = "rky " Redox = "redox " Solus = "sol " SUSE = "suse " Ubuntu = "ubnt " Ultramarine = "ultm " Unknown = "unk " Uos = "uos " Void = "void " Windows = "win " [package] symbol = "pkg " [perl] symbol = "pl " [php] symbol = "php " [pijul_channel] symbol = "pijul " [pulumi] symbol = "pulumi " [purescript] symbol = "purs " [python] symbol = "py " [quarto] symbol = "quarto " [raku] symbol = "raku " [ruby] symbol = "rb " [rust] symbol = "rs " [scala] symbol = "scala " [spack] symbol = "spack " [solidity] symbol = "solidity " [status] symbol = "[x](bold red) " [sudo] symbol = "sudo " [swift] symbol = "swift " [typst] symbol = "typst " [terraform] symbol = "terraform " [zig] symbol = "zig " [palettes.catppuccin_mocha] rosewater = "#f5e0dc" flamingo = "#f2cdcd" pink = "#f5c2e7" mauve = "#cba6f7" red = "#f38ba8" maroon = "#eba0ac" peach = "#fab387" yellow = "#f9e2af" green = "#a6e3a1" teal = "#94e2d5" sky = "#89dceb" sapphire = "#74c7ec" blue = "#89b4fa" lavender = "#b4befe" text = "#cdd6f4" subtext1 = "#bac2de" subtext0 = "#a6adc8" overlay2 = "#9399b2" overlay1 = "#7f849c" overlay0 = "#6c7086" surface2 = "#585b70" surface1 = "#45475a" surface0 = "#313244" base = "#1e1e2e" mantle = "#181825" crust = "#11111b" EOF tee -a ~/.bashrc << EOF # -- Minimal Setup -- eval "\$(starship init bash)" export EDITOR="vim" export FZF_DEFAULT_OPTS=" --color=bg+:#313244,bg:#1e1e2e,spinner:#f5e0dc,hl:#f38ba8 --color=fg:#cdd6f4,header:#f38ba8,info:#cba6f7,pointer:#f5e0dc --color=marker:#b4befe,fg+:#cdd6f4,prompt:#cba6f7,hl+:#f38ba8 --color=border:#313244,label:#cdd6f4" source ~/.bash_aliases clear EOF