From 5c84b78600b312d8e89c2164d10747aba559a852 Mon Sep 17 00:00:00 2001 From: elAgala Date: Fri, 13 Feb 2026 04:42:46 -0300 Subject: [PATCH] feat: make script autonomous (run without prompts) --- CLAUDE.md | 12 ++++++++---- index.sh | 7 ++++--- src/user/create_deploy_user.sh | 5 +++-- src/user/create_user.sh | 5 +++-- src/user/ssh_config.sh | 11 ++++++++--- src/web/install_caddy.sh | 16 +++++++--------- 6 files changed, 33 insertions(+), 23 deletions(-) diff --git a/CLAUDE.md b/CLAUDE.md index 213ba4f..489f6bc 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -14,25 +14,29 @@ Server-initializer is a Docker-based server setup automation tool that provision ### Development and Testing ```bash -# Build and test setup script in development mode +# Build and test setup script in development mode (skips Docker operations) make dev # Build and keep container alive for testing make dev-keep-alive -# Build Docker test container +# Build Docker test container make build # Clean up test containers and images make clean -# Build custom Caddy image with WAF and CrowdSec +# Build custom Caddy image with WAF and CrowdSec (includes push to registry) make build-caddy ``` +The `--development` flag can be passed to `install.sh` to skip Docker-related operations during testing. + ### Caddy Management (from deployed server) +These commands should be run from within the `templates/caddy/full/` directory on the deployed server: + ```bash -# Restart Caddy with config reload +# Restart Caddy with config reload make caddy:restart # Generate new CrowdSec API key diff --git a/index.sh b/index.sh index 887201b..0c502a6 100644 --- a/index.sh +++ b/index.sh @@ -3,8 +3,9 @@ REPO_URL="https://github.com/elAgala/server-initializer" TARGET_DIR="/tmp/server-initializer" -if [ -z "$1" ]; then - echo "[ ERROR ]: No username provided. Use ./index.sh " +ADMIN_USER="${1:-${ADMIN_USER:-}}" +if [ -z "$ADMIN_USER" ]; then + echo "[ ERROR ]: No username provided. Pass as argument or set ADMIN_USER env var" exit 1 fi @@ -18,7 +19,7 @@ cd "$TARGET_DIR/src" || exit 1 echo "[ INITIALIZER ]: Starting initialization" chmod +x ./install.sh -./install.sh "$1" +./install.sh "$ADMIN_USER" echo "[ INITIALIZER ]: Setup completed succesfully!" diff --git a/src/user/create_deploy_user.sh b/src/user/create_deploy_user.sh index 46c4164..4f65268 100644 --- a/src/user/create_deploy_user.sh +++ b/src/user/create_deploy_user.sh @@ -8,8 +8,9 @@ function create_deploy_user() { echo "[ USER ]: Starting user $username setup" mkdir -p $home_dir sudo useradd $username - echo "[ USER ]: Set a password for user [$username]:" - sudo passwd $username + password="${DEPLOY_PASSWORD:-$(openssl rand -base64 16)}" + echo "$username:$password" | sudo chpasswd + echo "[ USER ]: Password set for $username (use DEPLOY_PASSWORD env var to specify)" echo "[ USER ]: User [deploy] created succesfully" echo "[ USER ]: Adding user to groups" diff --git a/src/user/create_user.sh b/src/user/create_user.sh index a27f652..290091d 100644 --- a/src/user/create_user.sh +++ b/src/user/create_user.sh @@ -8,8 +8,9 @@ function create_user() { echo "[ USER ]: Starting user $username setup" mkdir -p $home_dir sudo useradd $username - echo "[ USER ]: Set a password for $username:" - sudo passwd "$username" + password="${ADMIN_PASSWORD:-$(openssl rand -base64 16)}" + echo "$username:$password" | sudo chpasswd + echo "[ USER ]: Password set for $username (use ADMIN_PASSWORD env var to specify)" echo "[ USER ]: User created succesfully" echo "[ USER ]: Adding user to groups" diff --git a/src/user/ssh_config.sh b/src/user/ssh_config.sh index 31e3ce4..f566350 100644 --- a/src/user/ssh_config.sh +++ b/src/user/ssh_config.sh @@ -14,13 +14,18 @@ function config_ssh() { sudo chown -R "$username:$username" $ssh_dir echo "[ SSH ]: Created ~/.ssh/authorized_keys" - echo "[ SSH ]: Paste the public key for $username (leave empty to skip)" - read -r public_key + # Pick env var based on username: DEPLOY_SSH_KEY for deploy user, ADMIN_SSH_KEY for others + if [ "$username" = "deploy" ]; then + public_key="${DEPLOY_SSH_KEY:-}" + else + public_key="${ADMIN_SSH_KEY:-}" + fi + if [ -n "$public_key" ]; then echo "$public_key" | sudo tee -a "$ssh_dir/authorized_keys" >/dev/null echo "[ SSH ]: Public key added to $ssh_dir/authorized_keys." else - echo "[ SSH ]: No public key provided, skipping..." + echo "[ SSH ]: WARNING: No SSH key provided for $username (set ADMIN_SSH_KEY / DEPLOY_SSH_KEY)" fi # Create SSH configuration file instead of modifying main sshd_config diff --git a/src/web/install_caddy.sh b/src/web/install_caddy.sh index 9f7320a..cc1f7a7 100644 --- a/src/web/install_caddy.sh +++ b/src/web/install_caddy.sh @@ -42,12 +42,8 @@ EOF sudo apt-get install -y apache2-utils echo "[ WEB ]: Setting up authentication passwords..." - echo -n "Enter password for Prometheus access: " - read -s prometheus_plain_password - echo - echo -n "Enter password for Loki access: " - read -s loki_plain_password - echo + prometheus_plain_password="${MONITORING_PROMETHEUS_PASSWORD:-$(openssl rand -base64 16)}" + loki_plain_password="${MONITORING_LOKI_PASSWORD:-$(openssl rand -base64 16)}" # Generate password hashes using htpasswd (no Caddy needed) echo "[ WEB ]: Hashing Prometheus password..." @@ -96,8 +92,10 @@ EOF echo "[ WEB ]: Caddy setup completed successfully!" echo "[ WEB ]: Configuration location: $caddy_dir" - echo "[ WEB ]: CrowdSec API key: $CROWDSEC_API_KEY" - echo "[ WEB ]: Prometheus password: [ENCRYPTED AND STORED IN .env]" - echo "[ WEB ]: Loki password: [ENCRYPTED AND STORED IN .env]" + echo "[ WEB ]: ============================================" + echo "[ WEB ]: SAVE THESE - Plaintext monitoring passwords:" + echo "[ WEB ]: Prometheus: $prometheus_plain_password" + echo "[ WEB ]: Loki: $loki_plain_password" + echo "[ WEB ]: ============================================" echo "[ WEB ]: Add your site configurations to: $caddy_dir/caddy/sites-enabled/" }