chris/dockercomposefiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
dockercomposefiles/dockerdeploy.sh

135 lines
6.4 KiB
Bash
Raw Permalink Blame History

# cd /haven_data/dockercomposefiles
# echo "git config --global --add safe.directory: \c"
# git config --global --add safe.directory /haven_data/dockercomposefiles
# echo "git stash push --include-untracked \c"
# git stash push --include-untracked
# echo "git stash drop \c"
# git stash drop
# echo "git pull:\c"
# git pull
echo "Copying Grungy Keys to HavenUser and Root user"
sudo cp /etc/ssh/ssh_host_rsa_key /home/havenuser/.ssh/id_ecdsa
sudo cp /etc/ssh/ssh_host_rsa_key.pub /home/havenuser/.ssh/id_ecdsa.pub
sudo cp /etc/ssh/ssh_host_rsa_key /root/.ssh/id_ecdsa
sudo cp /etc/ssh/ssh_host_rsa_key.pub /root/.ssh/id_ecdsa.pub
echo "Grabbing External NGINX Host Keys for known_hosts"
sudo ssh-keyscan -H 192.168.20.203 | grep ssh-ed25519 >> /home/havenuser/.ssh/known_hosts
sudo ssh-keyscan -H 192.168.20.203 | grep ssh-ed25519 >> /root/.ssh/known_hosts
#sudo docker volume create portainer_data
sudo docker volume create havenuser_data
sudo docker volume create nextcloud_data
sudo docker volume create nginx_data
sudo docker volume create nginx_logs
sudo docker volume create modsecurity_data
sudo docker volume create code-server_data
sudo docker volume create homarr_data
sudo docker volume create step-ca_data
sudo docker volume create searxng_data
sudo docker volume create searxng_cache
sudo docker volume create authentik_data
sudo docker volume create authentik_media
sudo docker volume create authentik_certs
sudo docker volume create authentik_redis
sudo docker volume create authentik_templates
sudo docker volume create authentik_postgresql
sudo docker volume create gluetun_data
sudo docker volume create jellyfin_config
sudo docker volume create jellyfin_cache
sudo docker volume create havenuser_movies
sudo docker volume create havenuser_tvshows
sudo docker volume create prowlarr_config
sudo docker volume create radarr_config
sudo docker volume create homepage_data
sudo docker volume create sonnar_config
sudo docker volume create sonnar_data
sudo docker volume create qbittorent_config
sudo docker volume create qbittorent_data
sudo docker volume create ollama_data
sudo docker volume create havenuser_documents
sudo docker volume create nextcloud_data
sudo docker volume create nextcloud_db_data
sudo docker volume create audiobookshelf_config
sudo docker volume create audiobookshelf_metadata
sudo docker volume create havenuser_audiobooks
sudo docker volume create havenuser_podcasts
sudo docker volume create havenuser_photos
sudo docker volume create snappymail_mysql
sudo docker volume create snappymail_data
sudo docker volume create dovecot_data
sudo docker volume create dovecot_vmail
sudo docker network create haven_internal
#sudo git clone http://192.168.20.213:3000/chris/dockercomposefiles.git /haven_data/dockercomposefiles
cd /haven_data/dockercomposefiles
echo "Setting Permissions...\c"
sudo chown -R :havenuser /haven_data/dockercomposefiles/
sudo chmod -R 770 /haven_data/dockercomposefiles/
sudo docker compose build --no-cache
sudo docker compose up -d
echo "Waiting for Container availability..."
sleep 15
echo "Generating User and Chain Certificates via step-ca"
#sudo docker exec -i step-ca touch ./certs/ca-chain.crt
echo "Generating Unique HAVEN User Certificate and Private Key"
sudo docker exec -i -u step:step step-ca openssl genpkey -algorithm RSA -out ./secrets/havenuser.key -pass pass:Swissbank01
sudo docker exec -i -u step:step step-ca openssl req -new -key ./secrets/havenuser.key -out ./certs/havenuser.csr -config ./havenuser.csr.cnf -passin pass:Swissbank01
sudo docker exec -i -u step:step step-ca openssl x509 -req -in ./certs/havenuser.csr -CA ./certs/intermediate_ca.crt -CAkey ./secrets/intermediate_ca_key -passin pass:Swissbank01 -CAcreateserial -out ./certs/havenuser.crt -days 365 -sha256
sudo docker exec -i -u step:step step-ca openssl pkcs12 -export -out ./certs/havenuser.pfx -inkey ./secrets/havenuser.key -in ./certs/havenuser.crt -certfile ./certs/intermediate_ca.crt -passout pass:Swissbank01 -clcerts
# echo "Generating CA Chain"
# sudo docker exec -i -u step:step step-ca cat ./certs/intermediate_ca.crt ./certs/root_ca.crt >> ./certs/ca-chain.crt
# echo "Verifying CA Chain"
# sudo docker exec -i step-ca chown step:step ./certs/ca-chain.crt
# sudo docker exec -i step-ca chmod 770 ./certs/ca-chain.crt
# sudo docker exec -i -u step:step step-ca openssl verify -CAfile ./certs/ca-chain.crt ./certs/intermediate_ca.crt
echo "Generating Server Wildcard Certificate"
sudo docker exec -i -u step:step step-ca openssl genpkey -algorithm RSA -out ./secrets/haven-wildcard.key -pass pass:Swissbank01
sudo docker exec -i -u step:step step-ca openssl req -new -key ./secrets/haven-wildcard.key -out ./certs/haven-wildcard.csr -config ./haven-wildcard.csr.cnf -passin pass:Swissbank01
sudo docker exec -i -u step:step step-ca openssl x509 -req -in ./certs/haven-wildcard.csr -CA ./certs/intermediate_ca.crt -CAkey ./secrets/intermediate_ca_key -passin pass:Swissbank01 -CAcreateserial -out ./certs/haven-wildcard.crt -days 365 -sha256
# echo "Setting Permissions...\c"
# sudo chown -R :havenuser /haven_data/docker/volumes/
# sudo chmod -R 770 /haven_data/docker/volumes/
echo "Sending new havenuser and ca-chain certs to external reverse proxy"
sudo mkdir /haven_data/certs
sudo chown -R :havenuser /haven_data/certs
sudo chmod -R 770 /haven_data/certs
echo "Copying havenuser keys"
sudo docker cp step-ca:/home/step/certs/havenuser.crt /haven_data/certs/
sudo docker cp step-ca:/home/step/secrets/havenuser.key /haven_data/certs/
echo "Copying CA public keys"
sudo docker cp step-ca:/home/step/certs/intermediate_ca.crt /haven_data/certs/
sudo docker cp step-ca:/home/step/certs/root_ca.crt /haven_data/certs/
echo "Copying wildcard cert"
sudo docker cp step-ca:/home/step/certs/haven-wildcard.crt /haven_data/certs/
sudo docker cp step-ca:/home/step/secrets/haven-wildcard.key /haven_data/certs/
echo "Creating public CA-Chain"
sudo cat /haven_data/certs/root_ca.crt /haven_data/certs/intermediate_ca.crt >> /haven_data/certs/ca-chain.crt
sudo docker cp /haven_data/certs/ca-chain.crt step-ca:/home/step/certs/ca-chain.crt
sudo chown -R :havenuser /haven_data/certs
sudo chmod -R 770 /haven_data/certs
echo "rsyncing to external proxy"
sudo rsync -arv --rsync-path='sudo rsync' /haven_data/certs/ root@192.168.20.203:/etc/nginx/conf.d/hvn.nz/certs/
sudo ssh root@192.168.20.203 systemctl restart nginx.service
echo "Creating dovecot mail user"
sudo docker exec -i -u root:root dovecot useradd havenuser -m -p Swissbank01
sudo docker exec -i dovecot doveadm mailbox create -s dovecot -u havenuser
Reference in New Issue View Git Blame Copy Permalink