#!/bin/sh clear echo "####################" echo "# WEBSERVER RUNNER #" echo "# »» hitler.rip «« #" echo "####################" echo echo "[server] This script sets up my web servers the way I like it." echo "[server] Note:" echo "[server] this script assumes you already have an openssh server set up properly." echo echo "[server] installing base packages..." sudo apt update sudo apt upgrade -y sudo apt install -y sudo vim git curl wget btop tmux sudo usermod -aG sudo "$(whoami)" sudo apt install -y nmap traceroute netcat-openbsd man man-db rsync ed bc unrar-free zip unzip lvm2 echo "[server] installing other packages..." sudo apt install -y pandoc echo "[server] setting up classical vim..." tee -a ~/.vimrc << END syntax on set number set relativenumber set tabstop=4 set shiftwidth=4 set hlsearch set showmatch set mouse=a END echo "[server] setting up tmux..." tee ~/.tmux.conf << EOF unbind C-b set-option -g prefix C-d bind-key C-d send-prefix bind -n M-f detach bind -n M-t kill-session bind -n M-q kill-pane bind -n M-y split-window -h bind -n M-x split-window -v bind -n M-a select-pane -L bind -n M-d select-pane -R bind -n M-w select-pane -U bind -n M-s select-pane -D bind -nr M-h resize-pane -L 1 bind -nr M-j resize-pane -D 1 bind -nr M-k resize-pane -U 1 bind -nr M-l resize-pane -R 1 bind -nr M-Left resize-pane -L 1 bind -nr M-Down resize-pane -D 1 bind -nr M-Up resize-pane -U 1 bind -nr M-Right resize-pane -R 1 bind -n M-c swap-pane -D bind -n M-g prev bind -n M-b next bind -n M-v new-window bind -n M-e command-prompt -I '#W' { rename-window -- '%%' } bind -n M-r command-prompt -I '#W' { select-pane -T '%%' } set -g base-index 1 setw -g pane-base-index 1 set-option -g allow-rename off setw -g automatic-rename off set -g renumber-windows on set -g pane-border-status top set -g pane-border-format " [ ###P #T ] " set -g pane-active-border-style "fg=magenta" set -g mouse on set -g default-terminal "tmux-256color" set-window-option -g window-status-separator '' set -gF window-status-format "#[bg=default,fg=white] ##I " set -gF window-status-current-format "#[bg=magenta,fg=default] ##I " set -gF status-style "bg=default,fg=white" set -g status-right-length 100 set -g status-left-length 100 set -g status-left "" set -g status-right "" set -g status-right "#[fg=white]#S #[fg=magenta]| #[fg=white]#(whoami)#[fg=magenta]@#[fg=white]#H #[fg=magenta]| %Y-%m-%d %H:%M" EOF tmux source ~/.tmux.conf echo "[server] installing server packages..." sudo apt install -y ufw fail2ban sudo ufw allow http sudo ufw allow https sudo ufw allow ssh #sudo ufw allow 41641/udp # tailscale #sudo ufw allow 1965/tcp # gemini sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw enable sudo systemctl enable ufw sudo systemctl start ufw sudo tee /etc/fail2ban/jail.local << EOF [sshd] enabled = true filter = sshd port = ssh banaction = ufw banaction_allports = ufw bantime = -1 maxretry = 3 logpath = \$(sshd_log)s backend = systemd EOF sudo systemctl enable fail2ban sudo systemctl start fail2ban echo "[server] setting up nginx..." sudo apt install -y nginx python3-certbot-nginx sudo certbot --nginx # web@hitler.rip # Y # N # hitler.rip www.hitler.rip links.hitler.rip oldgit.hitler.rip git.hitler.rip dns.hitler.rip search.hitler.rip sudo tee /etc/nginx/sites-available/default << EOF server { if ($host = hitler.rip) { return 301 https://hitler.rip$request_uri; } if ($host = www.hitler.rip) { return 301 https://hitler.rip$request_uri; } if ($host = links.hitler.rip) { return 301 https://hitler.rip/links$request_uri; } if ($host = oldgit.hitler.rip) { return 301 https://git.hitler.rip$request_uri; } if ($host = git.hitler.rip) { return 301 https://git.hitler.rip$request_uri; } if ($host = dns.hitler.rip) { return 301 https://dns.hitler.rip$request_uri; } if ($host = search.hitler.rip) { return 301 https://search.hitler.rip$request_uri; } listen 80; listen [::]:80; server_name hitler.rip www.hitler.rip links.hitler.rip oldgit.hitler.rip git.hitler.rip dns.hitler.rip search.hitler.rip; return 301 https://hitler.rip$request_uri; } server { server_name hitler.rip www.hitler.rip links.hitler.rip; if ($host = links.hitler.rip) { return 301 https://hitler.rip/links$request_uri; } if ($host = www.hitler.rip) { return 301 https://hitler.rip$request_uri; } root /srv/web; index index.html; error_page 404 /404.html; location = /404.html { internal; } location / { try_files $uri $uri/ =404; } listen [::]:443 ssl; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/hitler.rip/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/hitler.rip/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; } server { server_name oldgit.hitler.rip git.hitler.rip; root /usr/share/cgit; try_files $uri @cgit; location @cgit { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi; fastcgi_param PATH_INFO $uri; fastcgi_param QUERY_STRING $args; fastcgi_param HTTP_HOST git.hitler.rip; fastcgi_pass unix:/run/fcgiwrap.socket; } listen [::]:443 ssl; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/hitler.rip/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/hitler.rip/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; } server { server_name dns.hitler.rip; listen [::]:443 ssl; listen 443 ssl; location / { proxy_pass https://localhost:12221; } ssl_certificate /etc/letsencrypt/live/hitler.rip/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/hitler.rip/privkey.pem; } server { server_name search.hitler.rip; root /srv/frontends/4get; location @php { try_files $uri.php $uri/index.php =404; fastcgi_pass unix:/var/run/php/php-fpm.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_intercept_errors on; } location / { try_files $uri @php; } location ~* ^(.*)\.php$ { return 301 $1; } listen [::]:443 ssl; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/hitler.rip/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/hitler.rip/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; } EOF sudo mkdir -p /srv/web/ sudo mkdir -p /srv/build/ sudo chown -R $(whoami):$(whoami) /srv/web/ sudo chown -R $(whoami):$(whoami) /srv/build/ sudo systemctl restart nginx sudo systemctl enable nginx echo "[server] setting up git server..." sudo adduser --shell $(which git-shell) git sudo mkdir /home/git/.ssh/ sudo cp ~/.ssh/authorized_keys /home/git/.ssh/ sudo chown -R git:git /home/git/.ssh/ sudo chmod 700 /home/git/.ssh/ sudo chmod 600 /home/git/.ssh/authorized_keys sudo mkdir -p /srv/git/ sudo chown -R git:git /srv/git/ sudo mkdir -p /srv/pgit/ sudo chown -R git:git /srv/pgit/ git config --global --add safe.directory '*' # to allow the server to clone its own repos echo "[server] git server created. you may now clone the website build script to /srv/build/ and push your website." echo "[server] setting up cgit..." sudo apt install -y cgit fcgiwrap sudo systemctl enable fcgiwrap sudo systemctl start fcgiwrap sudo tee /etc/cgitrc << EOF css=/cgit.css logo=/cgit.png favicon=/cgit.png virtual-root=/ readme=:README.md readme=:readme.md readme=:README readme=:readme readme=:ABOUT.md readme=:about.md readme=:ABOUT readme=:about source-filter=/usr/lib/cgit/filters/syntax-highlighting.py about-filter=/usr/lib/cgit/filters/about-formatting.sh root-title=git.hitler.rip root-desc=web frontend for public git repos | all emails regarding repos to snapshots=tar.gz tar.bz2 zip enable-blame=1 enable-commit-graph=1 enable-log-filecount=1 enable-log-linecount=1 branch-sort=age enable-git-config=1 enable-http-clone=1 clone-prefix=https://git.hitler.rip mimetype.gif=image/gif mimetype.html=text/html mimetype.jpg=image/jpeg mimetype.jpeg=image/jpeg mimetype.pdf=application/pdf mimetype.png=image/png mimetype.svg=image/svg+xml scan-path=/srv/git EOF sudo tee -a /usr/share/cgit/cgit.css << EOF .logo > a > img { width: 64px; height: 64px; } EOF echo "[server] cgit server created. you may now replace /usr/share/cgit/cgit.png and /usr/share/cgit/favicon.ico with a custom image." echo "[server] setting up 4get..." sudo apt install -y php-fpm php-mbstring php-imagick imagemagick php-curl php-apcu sudo mkdir -p /srv/frontends/4get/ sudo chown -R "$(whoami)":"$(whoami)" /srv/frontends/4get/ git clone --depth 1 https://git.lolcat.ca/lolcat/4get /srv/frontends/4get echo "[server] 4get server created. You may now edit the robots.txt, data/config.php, add banners, the favicon and edit the template files." echo "[server] setting up adguard home..." sudo apt install -y dnsutils curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v echo "[server] finished setting up adguard home. allow port 3000 and run initial setup with admin panel set to appear on port 11211, then disallow port 3000 again. set log rotation to 7 days. enable encryption, set host, https port 12221 tls port 853. make blocked dns queries return the IP adress of the host. add dns fallback servers. add filters. also automate this ffs. block 12221 again as it's proxied to dns subdomain." echo "[server] configuring shell..." tee ~/.bash_aliases << EOF alias t="tmux" alias tile="tmux" alias term="tmux" alias terminal="tmux" alias terminals="tmux ls" alias sessions="tmux ls" alias session="tmux attach -t" alias attach="tmux attach -t" alias .="pwd" alias ..="cd .." alias ...="cd ../.." alias ....="cd ../../.." alias .....="cd ../../../.." alias bc="bc -q" alias c="rsync -P" EOF curl -sS https://starship.rs/install.sh | sh mkdir -p ~/.config/ curl -L https://starship.rs/config-schema.json --output ~/.config/starship-schema.json tee ~/.config/starship.toml << EOF "\$schema" = '~/.config/starship-schema.json' add_newline = true #palette = "catppuccin_mocha" [username] show_always = true style_root = 'bold red' style_user = 'bold purple' # mauve format = '[\$user](\$style) @ ' [hostname] ssh_only = false ssh_symbol = 'ssh://' format = '[\$ssh_symbol\$hostname](\$style) : ' style = 'bold cyan' # sky [directory] truncation_length = 4 truncate_to_repo = true truncation_symbol = '…/' style = 'bold yellow' # rosewater read_only = " ro" [character] success_symbol = "[>](bold purple)" # magenta error_symbol = "[x](bold red)" vimcmd_symbol = "[<](bold cyan)" # sky [git_commit] tag_symbol = " tag " [git_status] ahead = ">" behind = "<" diverged = "<>" renamed = "r" deleted = "x" [git_branch] symbol = "git " style = "bold red" # peach [aws] symbol = "aws " [azure] symbol = "az " [buf] symbol = "buf " [bun] symbol = "bun " [c] symbol = "C " [cobol] symbol = "cobol " [conda] symbol = "conda " [crystal] symbol = "cr " [cmake] symbol = "cmake " [daml] symbol = "daml " [dart] symbol = "dart " [deno] symbol = "deno " [dotnet] symbol = ".NET " [docker_context] symbol = "docker " [elixir] symbol = "exs " [elm] symbol = "elm " [fennel] symbol = "fnl " [fossil_branch] symbol = "fossil " [gcloud] symbol = "gcp " [gleam] symbol = "gleam " [golang] symbol = "go " [gradle] symbol = "gradle " [guix_shell] symbol = "guix " [hg_branch] symbol = "hg " [java] symbol = "java " [julia] symbol = "jl " [kotlin] symbol = "kt " [lua] symbol = "lua " [nodejs] symbol = "nodejs " [memory_usage] symbol = "memory " [meson] symbol = "meson " [nats] symbol = "nats " [nim] symbol = "nim " [nix_shell] symbol = "nix " [ocaml] symbol = "ml " [opa] symbol = "opa " [os.symbols] AIX = "aix " Alpaquita = "alq " AlmaLinux = "alma " Alpine = "alp " Amazon = "amz " Android = "andr " Arch = "rch " Artix = "atx " CachyOS = "cachy " CentOS = "cent " Debian = "deb " DragonFly = "dfbsd " Emscripten = "emsc " EndeavourOS = "ndev " Fedora = "fed " FreeBSD = "fbsd " Garuda = "garu " Gentoo = "gentoo " HardenedBSD = "hbsd " Illumos = "lum " Kali = "kali " Linux = "linux " Mabox = "mbox " Macos = "mac " Manjaro = "mjo " Mariner = "mrn " MidnightBSD = "mid " Mint = "mint " NetBSD = "nbsd " NixOS = "nixos " Nobara = "nbra " OpenBSD = "obsd " OpenCloudOS = "ocos " openEuler = "oeul " openSUSE = "osuse " OracleLinux = "orac " Pop = "popos " Raspbian = "rpios " Redhat = "rhl " RedHatEnterprise = "rhel " RockyLinux = "rky " Redox = "redox " Solus = "sol " SUSE = "suse " Ubuntu = "ubnt " Ultramarine = "ultm " Unknown = "unk " Uos = "uos " Void = "void " Windows = "win " [package] symbol = "pkg " [perl] symbol = "pl " [php] symbol = "php " [pijul_channel] symbol = "pijul " [pulumi] symbol = "pulumi " [purescript] symbol = "purs " [python] symbol = "py " [quarto] symbol = "quarto " [raku] symbol = "raku " [ruby] symbol = "rb " [rust] symbol = "rs " [scala] symbol = "scala " [spack] symbol = "spack " [solidity] symbol = "solidity " [status] symbol = "[x](bold red) " [sudo] symbol = "sudo " [swift] symbol = "swift " [typst] symbol = "typst " [terraform] symbol = "terraform " [zig] symbol = "zig " [palettes.catppuccin_mocha] rosewater = "#f5e0dc" flamingo = "#f2cdcd" pink = "#f5c2e7" mauve = "#cba6f7" red = "#f38ba8" maroon = "#eba0ac" peach = "#fab387" yellow = "#f9e2af" green = "#a6e3a1" teal = "#94e2d5" sky = "#89dceb" sapphire = "#74c7ec" blue = "#89b4fa" lavender = "#b4befe" text = "#cdd6f4" subtext1 = "#bac2de" subtext0 = "#a6adc8" overlay2 = "#9399b2" overlay1 = "#7f849c" overlay0 = "#6c7086" surface2 = "#585b70" surface1 = "#45475a" surface0 = "#313244" base = "#1e1e2e" mantle = "#181825" crust = "#11111b" EOF tee -a ~/.bashrc << EOF # -- Minimal Setup -- eval "\$(starship init bash)" export EDITOR="vim" export FZF_DEFAULT_OPTS=" --color=bg+:#313244,bg:#1e1e2e,spinner:#f5e0dc,hl:#f38ba8 --color=fg:#cdd6f4,header:#f38ba8,info:#cba6f7,pointer:#f5e0dc --color=marker:#b4befe,fg+:#cdd6f4,prompt:#cba6f7,hl+:#f38ba8 --color=border:#313244,label:#cdd6f4" source ~/.bash_aliases clear EOF