agala/server-initializer
1
0
Fork 0
mirror of https://github.com/elAgala/server-initializer.git synced 2026-02-14 05:06:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: minor bugfixes & border cases

Browse Source
This commit is contained in:
elAgala
2026-02-13 05:00:32 -03:00
parent 5c84b78600
commit 36663e63ec
9 changed files with 46 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/docker/create_networks.sh
View File

@@ -1,8 +1,10 @@
#!/bin/bash #!/bin/bash
function create_networks() { function create_networks() {
docker network create caddy_net docker network ls --format '{{.Name}}' | grep -q '^caddy_net$' \
|| docker network create caddy_net
echo "[ DOCKER ]: Created caddy intranet 'caddy_net'" echo "[ DOCKER ]: Created caddy intranet 'caddy_net'"
docker network create monitoring_net docker network ls --format '{{.Name}}' | grep -q '^monitoring_net$' \
|| docker network create monitoring_net
echo "[ DOCKER ]: Created monitoring intranet 'monitoring_net'" echo "[ DOCKER ]: Created monitoring intranet 'monitoring_net'"
} }

2
src/monitoring/install_prometheus.sh
View File

@@ -22,7 +22,7 @@ function install_prometheus() {
# Copy Promtail configuration # Copy Promtail configuration
cp "$template_path/promtail/promtail.yml" "$monitoring_dir/promtail/promtail.yml" cp "$template_path/promtail/promtail.yml" "$monitoring_dir/promtail/promtail.yml"
cd "$monitoring_dir" cd "$monitoring_dir" || return 1
if [ "$development_mode" = "true" ]; then if [ "$development_mode" = "true" ]; then
echo "[ MONITOR ]: Development mode - skipping Docker operations" echo "[ MONITOR ]: Development mode - skipping Docker operations"
echo "[ MONITOR ]: Monitoring stack files copied successfully" echo "[ MONITOR ]: Monitoring stack files copied successfully"

3
src/user/create_deploy_user.sh
View File

@@ -6,8 +6,7 @@ function create_deploy_user() {
home_dir="/home/$username" home_dir="/home/$username"
echo "[ USER ]: Starting user $username setup" echo "[ USER ]: Starting user $username setup"
mkdir -p $home_dir sudo useradd -m -s /bin/bash $username
sudo useradd $username
password="${DEPLOY_PASSWORD:-$(openssl rand -base64 16)}" password="${DEPLOY_PASSWORD:-$(openssl rand -base64 16)}"
echo "$username:$password" | sudo chpasswd echo "$username:$password" | sudo chpasswd
echo "[ USER ]: Password set for $username (use DEPLOY_PASSWORD env var to specify)" echo "[ USER ]: Password set for $username (use DEPLOY_PASSWORD env var to specify)"

3
src/user/create_user.sh
View File

@@ -6,8 +6,7 @@ function create_user() {
home_dir="/home/$username" home_dir="/home/$username"
echo "[ USER ]: Starting user $username setup" echo "[ USER ]: Starting user $username setup"
mkdir -p $home_dir sudo useradd -m -s /bin/bash $username
sudo useradd $username
password="${ADMIN_PASSWORD:-$(openssl rand -base64 16)}" password="${ADMIN_PASSWORD:-$(openssl rand -base64 16)}"
echo "$username:$password" | sudo chpasswd echo "$username:$password" | sudo chpasswd
echo "[ USER ]: Password set for $username (use ADMIN_PASSWORD env var to specify)" echo "[ USER ]: Password set for $username (use ADMIN_PASSWORD env var to specify)"

2
src/utils/install_make.sh
View File

@@ -3,6 +3,6 @@
function install_make() { function install_make() {
echo "[ UTILS ]: Installing Make" echo "[ UTILS ]: Installing Make"
sudo apt update sudo apt update
sudo apt install make sudo apt install -y make
echo "[ UTILS ]: Make installed succesfully" echo "[ UTILS ]: Make installed succesfully"
} }

13
src/web/install_caddy.sh
View File

@@ -15,7 +15,7 @@ function install_caddy() {
mkdir -p "$caddy_dir/caddy/coraza" mkdir -p "$caddy_dir/caddy/coraza"
mkdir -p "$caddy_dir/caddy/sites-enabled" mkdir -p "$caddy_dir/caddy/sites-enabled"
chown -R "$username:$username" "$caddy_dir" sudo chown -R "$username:$username" "$caddy_dir"
# Copy configuration files from local repo # Copy configuration files from local repo
cp "$template_path/docker-compose.yml" "$caddy_dir/docker-compose.yml" cp "$template_path/docker-compose.yml" "$caddy_dir/docker-compose.yml"
@@ -30,7 +30,7 @@ function install_caddy() {
if [ "$development_mode" = "true" ]; then if [ "$development_mode" = "true" ]; then
echo "[ WEB ]: Development mode - skipping Docker operations" echo "[ WEB ]: Development mode - skipping Docker operations"
echo "[ WEB ]: Creating placeholder .env file..." echo "[ WEB ]: Creating placeholder .env file..."
cd "$caddy_dir" cd "$caddy_dir" || return 1
cat >"$caddy_dir/.env" <<EOF cat >"$caddy_dir/.env" <<EOF
CROWDSEC_API_KEY=dev-placeholder-key CROWDSEC_API_KEY=dev-placeholder-key
PROMETHEUS_PASSWORD=dev-placeholder-password PROMETHEUS_PASSWORD=dev-placeholder-password
@@ -51,7 +51,7 @@ EOF
echo "[ WEB ]: Hashing Loki password..." echo "[ WEB ]: Hashing Loki password..."
LOKI_PASSWORD=$(htpasswd -nbB user "$loki_plain_password" | cut -d: -f2) LOKI_PASSWORD=$(htpasswd -nbB user "$loki_plain_password" | cut -d: -f2)
cd "$caddy_dir" cd "$caddy_dir" || return 1
# Start only CrowdSec first # Start only CrowdSec first
echo "[ WEB ]: Starting CrowdSec container..." echo "[ WEB ]: Starting CrowdSec container..."
@@ -88,14 +88,15 @@ EOF
# Start all containers now that passwords are ready # Start all containers now that passwords are ready
echo "[ WEB ]: Starting all containers with generated keys..." echo "[ WEB ]: Starting all containers with generated keys..."
sudo docker compose up -d sudo docker compose up -d
fi
echo "[ WEB ]: Caddy setup completed successfully!"
echo "[ WEB ]: Configuration location: $caddy_dir"
echo "[ WEB ]: ============================================" echo "[ WEB ]: ============================================"
echo "[ WEB ]: SAVE THESE - Plaintext monitoring passwords:" echo "[ WEB ]: SAVE THESE - Plaintext monitoring passwords:"
echo "[ WEB ]: Prometheus: $prometheus_plain_password" echo "[ WEB ]: Prometheus: $prometheus_plain_password"
echo "[ WEB ]: Loki: $loki_plain_password" echo "[ WEB ]: Loki: $loki_plain_password"
echo "[ WEB ]: ============================================" echo "[ WEB ]: ============================================"
fi
echo "[ WEB ]: Caddy setup completed successfully!"
echo "[ WEB ]: Configuration location: $caddy_dir"
echo "[ WEB ]: Add your site configurations to: $caddy_dir/caddy/sites-enabled/" echo "[ WEB ]: Add your site configurations to: $caddy_dir/caddy/sites-enabled/"
} }

13
templates/caddy/full/caddy/Caddyfile
View File

@@ -5,11 +5,11 @@
# Enable metrics for Prometheus # Enable metrics for Prometheus
metrics metrics
# Logging - console for Docker logs and file for CrowdSec/Promtail # Logging - JSON format required for Promtail label extraction
log { log {
level INFO level INFO
output file /var/log/caddy/access.log output file /var/log/caddy/access.log
format console format json
} }
# Allow CrowdSec globally # Allow CrowdSec globally
@@ -20,5 +20,14 @@
} }
# Reusable WAF snippet — use `import waf` in any site block
(waf) {
coraza_waf {
directives `
Include /etc/caddy/coraza.conf
`
}
}
# Import all site configurations from sites-enabled directory # Import all site configurations from sites-enabled directory
import /etc/caddy/sites-enabled/*.Caddyfile import /etc/caddy/sites-enabled/*.Caddyfile

23
templates/caddy/full/caddy/sites-enabled/examples.Caddyfile
View File

@@ -7,13 +7,22 @@
# file_server # file_server
# } # }
# Example: Reverse Proxy for service running in docker container (must be under caddy_net) # Example: Reverse Proxy for a Docker container app
# api.example.com {
# coraza_waf {
# directives `
# Include /etc/caddy/coraza.conf
# `
# }
# #
# Requirements: the app container must be on caddy_net.
# Add the following to your app's docker-compose.yml:
#
# services:
# my-app:
# image: my-app:latest
# networks:
# - caddy_net
#
# networks:
# caddy_net:
# external: true
#
# api.example.com {
# import waf
# reverse_proxy * http://{CONTAINER_NAME}:{CONTAINER_PORT} # reverse_proxy * http://{CONTAINER_NAME}:{CONTAINER_PORT}
# } # }

4
templates/caddy/full/docker-compose.yml
View File

@@ -7,7 +7,7 @@ services:
- ./crowdsec/data:/var/lib/crowdsec/data - ./crowdsec/data:/var/lib/crowdsec/data
- caddy_logs:/var/log/caddy:ro - caddy_logs:/var/log/caddy:ro
environment: environment:
- COLLECTIONS=crowdsecurity/caddy crowdsecurity/whitelist-good-actors crowdsecurity/http-cve - COLLECTIONS=crowdsecurity/caddy crowdsecurity/whitelist-good-actors crowdsecurity/http-cve crowdsecurity/base-http-scenarios
- BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY} - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
networks: networks:
- monitoring_net - monitoring_net
@@ -25,7 +25,7 @@ services:
- PROMETHEUS_PASSWORD=${PROMETHEUS_PASSWORD} - PROMETHEUS_PASSWORD=${PROMETHEUS_PASSWORD}
- LOKI_PASSWORD=${LOKI_PASSWORD} - LOKI_PASSWORD=${LOKI_PASSWORD}
volumes: volumes:
- ../../deploy/static:/srv/static # Your static files location - ${HOME}/deploy/static:/srv/static # Your static files location
- ./caddy/Caddyfile:/etc/caddy/Caddyfile - ./caddy/Caddyfile:/etc/caddy/Caddyfile
- ./caddy/sites-enabled:/etc/caddy/sites-enabled - ./caddy/sites-enabled:/etc/caddy/sites-enabled
- ./caddy/coraza/coraza.conf:/etc/caddy/coraza.conf - ./caddy/coraza/coraza.conf:/etc/caddy/coraza.conf