refactor: read templates from local files

src/docker/create_networks.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+function create_networks() {
+  docker network create caddy_net
+  echo "[ DOCKER ]: Created caddy intranet 'caddy_net'"
+  docker network create monitoring_net
+  echo "[ DOCKER ]: Created monitoring intranet 'monitoring_net'"
+}

src/docker/install_docker.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+function install_docker() {
+  echo "[ DOCKER ]: Started Docker setup"
+
+  echo "[ DOCKER ]: Installing prerequisites"
+  # Install prerequisites
+  sudo apt-get update
+  sudo apt-get install -y ca-certificates curl
+
+  # Create directory for GPG key
+  sudo mkdir -p /etc/apt/keyrings
+
+  # Download and install Docker GPG key
+  sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+  sudo chmod a+r /etc/apt/keyrings/docker.asc
+
+  # Add Docker repository to sources.list
+  echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list >/dev/null
+
+  # Update package lists
+  sudo apt-get update
+
+  # Install Docker Engine, CLI, containerd, Buildx plugin, and Compose plugin
+  if ! dpkg -l | grep -q docker-ce; then
+    echo "[ DOCKER ]: Installing Docker"
+    sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+    echo "[ DOCKER ]: Installed succesfully"
+  else
+    echo "[ DOCKER ]: Docker was already installed"
+  fi
+}

src/install.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+
+echo "[ INSTALL ]: Updating server packages"
+sudo apt update && sudo apt upgrade -y && sudo apt dist-upgrade -y && sudo apt autoremove -y
+echo "[ INSTALL ]: Server updated. Starting component installation"
+
+source ./user/create_user.sh
+source ./user/create_deploy_user.sh
+source ./user/ssh_config.sh
+source ./web/install_caddy.sh
+source ./web/setup_ufw.sh
+source ./docker/install_docker.sh
+source ./docker/create_networks.sh
+source ./utils/install_vim.sh
+source ./utils/install_zsh.sh
+source ./utils/install_make.sh
+source ./monitoring/install_prometheus.sh
+
+chmod +x ./user/create_user.sh
+chmod +x ./user/ssh_config.sh
+chmod +x ./web/setup_ufw.sh
+chmod +x ./docker/install_docker.sh
+chmod +x ./utils/install_vim.sh
+chmod +x ./utils/install_zsh.sh
+chmod +x ./monitoring/install_prometheus.sh
+
+if [ -z "$1" ]; then
+  echo "Usage: $0 <username> [--development]"
+  exit 1
+fi
+
+# Check for development flag
+DEVELOPMENT_MODE=false
+if [ "$2" = "--development" ]; then
+  DEVELOPMENT_MODE=true
+  echo "[ INSTALL ]: Running in development mode - Docker operations will be skipped"
+fi
+
+# Get the repository directory (parent of src/)
+REPO_DIR="$(dirname "$PWD")"
+
+# User
+create_user $1
+config_ssh $1
+
+# Deploy user
+create_deploy_user
+config_ssh "deploy"
+
+# Docker
+install_docker
+create_networks
+
+# Web
+install_caddy $1 "$REPO_DIR" "$DEVELOPMENT_MODE"
+setup_ufw
+
+# Utils
+install_vim
+install_zsh $1
+install_make
+
+# Monitoring
+install_prometheus $1 "$REPO_DIR" "$DEVELOPMENT_MODE"

src/monitoring/install_prometheus.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+
+function install_prometheus() {
+  username="$1"
+  repo_dir="$2"
+  development_mode="$3"
+  template_path="$repo_dir/templates/monitoring"
+  monitoring_dir="/home/$username/monitoring"
+
+  echo "[ MONITOR ]: Starting monitoring setup"
+  mkdir -p "$monitoring_dir"
+  mkdir -p "$monitoring_dir/loki"
+  mkdir -p "$monitoring_dir/promtail"
+  
+  # Copy main monitoring files from local repo
+  cp "$template_path/docker-compose.yml" "$monitoring_dir/docker-compose.yml"
+  cp "$template_path/prometheus.yml" "$monitoring_dir/prometheus.yml"
+  
+  # Copy Loki configuration
+  cp "$template_path/loki/loki.yml" "$monitoring_dir/loki/loki.yml"
+  
+  # Copy Promtail configuration
+  cp "$template_path/promtail/promtail.yml" "$monitoring_dir/promtail/promtail.yml"
+  
+  cd "$monitoring_dir"
+  if [ "$development_mode" = "true" ]; then
+    echo "[ MONITOR ]: Development mode - skipping Docker operations"
+    echo "[ MONITOR ]: Monitoring stack files copied successfully"
+  else
+    echo "[ MONITOR ]: Monitoring stack installed. Starting containers"
+    sudo docker compose up -d
+    echo "[ MONITOR ]: Monitoring stack running:"
+    echo "  - Prometheus: http://localhost:9090 (internal)"
+    echo "  - Prometheus API: https://YOUR_SERVER_IP/prometheus/ (external)"
+    echo "  - Loki: http://localhost:3100 (internal)"
+    echo "  - Node Exporter: http://localhost:9100 (internal)"
+    echo "  - cAdvisor: http://localhost:8080 (internal)"
+  fi
+}

src/user/create_deploy_user.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+function create_deploy_user() {
+  username="deploy"
+
+  home_dir="/home/$username"
+
+  echo "[ USER ]: Starting user $username setup"
+  mkdir -p $home_dir
+  sudo useradd $username
+  echo "[ USER ]: Set a password for user [$username]:"
+  sudo passwd $username
+  echo "[ USER ]: User [deploy] created succesfully"
+
+  echo "[ USER ]: Adding user to groups"
+  sudo usermod -aG www-data $username
+  sudo usermod -aG docker $username
+  echo "[ USER ]: User added to the following groupps (www-data, docker)"
+
+  echo "[ USER ]: Creating deploy folders under /home/$username"
+  sudo mkdir -p /home/$username/static
+  sudo mkdir -p /home/$username/apps
+
+  echo "[ USER ]: Setting ownership of /home/$username folder"
+  sudo chown -R $username:$username /home/$username
+  echo "[ USER ]: User setup finished"
+}

src/user/create_user.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+function create_user() {
+  username=$1
+
+  home_dir="/home/$username"
+
+  echo "[ USER ]: Starting user $username setup"
+  mkdir -p $home_dir
+  sudo useradd $username
+  echo "[ USER ]: Set a password for $username:"
+  sudo passwd "$username"
+  echo "[ USER ]: User created succesfully"
+
+  echo "[ USER ]: Adding user to groups"
+  sudo usermod -aG sudo $username
+  sudo usermod -aG www-data $username
+  sudo usermod -aG docker $username
+  echo "[ USER ]: User added to the following groupps (sudo, www-data, docker)"
+
+  echo "[ USER ]: Setting ownership of /home/$username folder"
+  sudo chown -R $username:$username /home/$username
+
+  echo "[ USER ]: User setup finished"
+}

src/user/ssh_config.sh

@@ -0,0 +1,68 @@
+#!/bin/bash
+
+function config_ssh() {
+  username=$1
+
+  echo "[ SSH ]: Starting setup"
+  ssh_dir="/home/$username/.ssh"
+
+  sudo mkdir -p $ssh_dir
+  sudo chmod 700 $ssh_dir
+
+  sudo touch "$ssh_dir/authorized_keys"
+  sudo chmod 600 "$ssh_dir/authorized_keys"
+  sudo chown -R "$username:$username" $ssh_dir
+  echo "[ SSH ]: Created ~/.ssh/authorized_keys"
+
+  echo "[ SSH ]: Paste the public key for $username (leave empty to skip)"
+  read -r public_key
+  if [ -n "$public_key" ]; then
+    echo "$public_key" | sudo tee -a "$ssh_dir/authorized_keys" >/dev/null
+    echo "[ SSH ]: Public key added to $ssh_dir/authorized_keys."
+  else
+    echo "[ SSH ]: No public key provided, skipping..."
+  fi
+
+  # Create SSH configuration file instead of modifying main sshd_config
+  config_file="/etc/ssh/sshd_config.d/server-initializer.conf"
+
+  echo "[ SSH ]: Configuring SSH settings"
+  sudo mkdir -p /etc/ssh/sshd_config.d
+
+  # Check if config file exists
+  if [ ! -f "$config_file" ]; then
+    # Create the configuration file with security settings
+    sudo tee "$config_file" >/dev/null <<EOF
+# Server Initializer SSH Configuration
+# This file is managed by @elAgala/server-initializer
+
+# Disable root login
+PermitRootLogin no
+
+# Disable password authentication
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+UsePAM no
+
+# Only allow specific users
+AllowUsers $username
+EOF
+    echo "[ SSH ]: SSH configuration file created at $config_file"
+  else
+    # File exists, check if user is already in AllowUsers
+    if ! sudo grep -q "AllowUsers.*$username" "$config_file"; then
+      # Add user to existing AllowUsers line
+      sudo sed -i "s/^AllowUsers.*/& $username/" "$config_file"
+      echo "[ SSH ]: User $username added to existing AllowUsers"
+    else
+      echo "[ SSH ]: User $username already in AllowUsers"
+    fi
+  fi
+
+  echo "[ SSH ]: Root login disabled"
+  echo "[ SSH ]: Password authentication disabled"
+  echo "[ SSH ]: User $username added to allowed users"
+
+  sudo systemctl restart sshd
+  echo "[ SSH ]: Finished succesfully!"
+}

src/utils/install_make.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+function install_make() {
+  echo "[ UTILS ]: Installing Make"
+  sudo apt update
+  sudo apt install make
+  echo "[ UTILS ]: Make installed succesfully"
+}

src/utils/install_vim.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+function install_vim() {
+  # TODO: Add .config
+
+  echo "[ UTILS ]: Installing Vim"
+  sudo apt-get install -y vim
+  echo "[ UTILS ]: Vim installed succesfully"
+}

src/utils/install_zsh.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+function install_zsh() {
+  username=$1
+
+  echo "[ UTILS ]: Installing Zsh"
+  sudo apt-get install -y zsh
+  # Set Zsh as the default shell for the user
+  sudo chsh -s /usr/bin/zsh "$username"
+  echo "[ UTILS ]: Installing Oh My Zsh for $username"
+  # Install Oh My Zsh
+  sudo -u "$username" sh -c "$(wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -) --unattended"
+  echo "[ UTILS ]: Zsh and Oh My Zsh installed successfully and set as the default shell for $username"
+}

src/web/install_caddy.sh

@@ -0,0 +1,107 @@
+#!/bin/bash
+
+function install_caddy() {
+
+  username="$1"
+  repo_dir="$2"
+  development_mode="$3"
+  template_path="$repo_dir/templates/caddy/full"
+  caddy_dir="/home/$username/web-server"
+
+  echo "[ WEB ]: Starting Caddy setup"
+  mkdir -p "$caddy_dir"
+  mkdir -p "$caddy_dir/crowdsec"
+  mkdir -p "$caddy_dir/caddy"
+  mkdir -p "$caddy_dir/caddy/coraza"
+  mkdir -p "$caddy_dir/caddy/sites-enabled"
+
+  chown -R "$username:$username" "$caddy_dir"
+
+  # Copy configuration files from local repo
+  cp "$template_path/docker-compose.yml" "$caddy_dir/docker-compose.yml"
+  cp "$template_path/Makefile" "$caddy_dir/Makefile"
+  cp "$template_path/caddy/Caddyfile" "$caddy_dir/caddy/Caddyfile"
+  cp "$template_path/caddy/coraza/coraza.conf" "$caddy_dir/caddy/coraza/coraza.conf"
+  cp "$template_path/crowdsec/acquis.yaml" "$caddy_dir/crowdsec/acquis.yaml"
+  cp "$template_path/caddy/sites-enabled/prometheus.Caddyfile" "$caddy_dir/caddy/sites-enabled/prometheus.Caddyfile"
+  cp "$template_path/caddy/sites-enabled/examples.Caddyfile" "$caddy_dir/caddy/sites-enabled/examples.Caddyfile"
+
+  if [ "$development_mode" = "true" ]; then
+    echo "[ WEB ]: Development mode - skipping Docker operations"
+    echo "[ WEB ]: Creating placeholder .env file..."
+    cd "$caddy_dir"
+    cat >"$caddy_dir/.env" <<EOF
+CROWDSEC_API_KEY=dev-placeholder-key
+PROMETHEUS_PASSWORD=dev-placeholder-password
+LOKI_PASSWORD=dev-placeholder-password
+EOF
+  else
+    echo "[ WEB ]: Starting containers to generate keys..."
+    cd "$caddy_dir"
+
+    # Prompt user for passwords and encrypt them using Caddy
+    echo "[ WEB ]: Setting up authentication passwords..."
+    echo -n "Enter password for Prometheus access: "
+    read -s prometheus_plain_password
+    echo
+    echo -n "Enter password for Loki access: "
+    read -s loki_plain_password
+    echo
+
+    # Create .env file with placeholder
+    cat >"$caddy_dir/.env" <<EOF
+CROWDSEC_API_KEY=PLACEHOLDER_WILL_BE_REPLACED
+PROMETHEUS_PASSWORD=PLACEHOLDER_WILL_BE_REPLACED
+LOKI_PASSWORD=PLACEHOLDER_WILL_BE_REPLACED
+EOF
+
+    # Start containers
+    sudo docker compose up -d
+
+    # Wait for CrowdSec to be ready with health check
+    echo "[ WEB ]: Waiting for CrowdSec to be ready..."
+    for i in {1..30}; do
+      if sudo docker exec crowdsec cscli version >/dev/null 2>&1; then
+        echo "[ WEB ]: CrowdSec is ready!"
+        break
+      fi
+      echo "[ WEB ]: Waiting for CrowdSec... ($i/30)"
+      sleep 2
+    done
+
+    # Check if CrowdSec is ready
+    if ! sudo docker exec crowdsec cscli version >/dev/null 2>&1; then
+      echo "[ WEB ]: ERROR: CrowdSec failed to start properly. Check logs with: docker compose logs crowdsec"
+      return 1
+    fi
+
+    # Generate CrowdSec API key
+    echo "[ WEB ]: Generating CrowdSec API key..."
+    CROWDSEC_API_KEY=$(sudo docker exec crowdsec cscli bouncers add caddy-bouncer -o raw)
+
+    # Encrypt passwords using Caddy
+    echo "[ WEB ]: Encrypting Prometheus password..."
+    PROMETHEUS_PASSWORD=$(sudo docker exec caddy caddy hash-password --plaintext "$prometheus_plain_password")
+    echo "[ WEB ]: Encrypting Loki password..."
+    LOKI_PASSWORD=$(sudo docker exec caddy caddy hash-password --plaintext "$loki_plain_password")
+
+    # Update .env file with real API key and encrypted passwords
+    cat >"$caddy_dir/.env" <<EOF
+CROWDSEC_API_KEY=$CROWDSEC_API_KEY
+PROMETHEUS_PASSWORD=$PROMETHEUS_PASSWORD
+LOKI_PASSWORD=$LOKI_PASSWORD
+EOF
+
+    # Restart containers with new API key
+    echo "[ WEB ]: Restarting containers with generated keys..."
+    sudo docker compose down
+    sudo docker compose up -d
+  fi
+
+  echo "[ WEB ]: Caddy setup completed successfully!"
+  echo "[ WEB ]: Configuration location: $caddy_dir"
+  echo "[ WEB ]: CrowdSec API key: $CROWDSEC_API_KEY"
+  echo "[ WEB ]: Prometheus password: [ENCRYPTED AND STORED IN .env]"
+  echo "[ WEB ]: Loki password: [ENCRYPTED AND STORED IN .env]"
+  echo "[ WEB ]: Add your site configurations to: $caddy_dir/caddy/sites-enabled/"
+}

src/web/setup_ufw.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+function setup_ufw() {
+  echo "[ WEB ]: Started UFW Firewall setup"
+  sudo apt-get install -y ufw
+  sudo ufw default deny incoming
+  sudo ufw default allow outgoing
+  sudo ufw allow 22/tcp
+  sudo ufw allow 80/tcp
+  sudo ufw allow 443/tcp
+  sudo ufw enable
+  echo "[ WEB ]: UFW Installed succesfully. Open ports SSH:22 - HTTPS:443 - HTTP:80"
+}