forked from Ponysearch/Ponysearch
LXC: normalize package installation & user creation.
utils/lib.sh: - get DIST_ID & DIST_VERSION from /etc/os-release - pkg_[install|remove|...] supports ubuntu, debian, archlinux & fedora utils/lxc.sh - Workaround for the "setrlimit(RLIMIT_CORE): Operation not permitted" error:: 'Set disable_coredump false' >> /etc/sudo.conf utils/[searx.sh|filtron.sh|morty.sh] - switched user creation from 'adduser' perl script to 'useradd' built-in command utils/searx.sh - install packages for ubuntu, debian, archlinux & fedora Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
This commit is contained in:
parent
e36e0f80ae
commit
5fb6d4f508
5 changed files with 96 additions and 34 deletions
|
@ -106,7 +106,7 @@ main() {
|
|||
rst_title "$SERVICE_NAME" part
|
||||
|
||||
required_commands \
|
||||
dpkg apt-get install git wget curl \
|
||||
sudo install git wget curl \
|
||||
|| exit
|
||||
|
||||
local _usage="unknown or missing $1 command $2"
|
||||
|
@ -231,9 +231,11 @@ assert_user() {
|
|||
rst_title "user $SERVICE_USER" section
|
||||
echo
|
||||
tee_stderr 1 <<EOF | bash | prefix_stdout
|
||||
sudo -H adduser --shell /bin/bash --system --home $SERVICE_HOME \
|
||||
--disabled-password --group --gecos 'Filtron' $SERVICE_USER
|
||||
sudo -H usermod -a -G shadow $SERVICE_USER
|
||||
useradd --shell /bin/bash --system \
|
||||
--home-dir "$SERVICE_HOME" \
|
||||
--comment 'Reverse HTTP proxy to filter requests' $SERVICE_USER
|
||||
mkdir "$SERVICE_HOME"
|
||||
chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME"
|
||||
groups $SERVICE_USER
|
||||
EOF
|
||||
SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"
|
||||
|
|
49
utils/lib.sh
49
utils/lib.sh
|
@ -3,6 +3,11 @@
|
|||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
# shellcheck disable=SC2059,SC1117
|
||||
|
||||
# ubuntu, debian, arch, fedora ...
|
||||
DIST_ID=$(source /etc/os-release; echo $ID);
|
||||
# shellcheck disable=SC2034
|
||||
DIST_VERS=$(source /etc/os-release; echo $VERSION_ID);
|
||||
|
||||
ADMIN_NAME="${ADMIN_NAME:-$(git config user.name)}"
|
||||
ADMIN_NAME="${ADMIN_NAME:-$USER}"
|
||||
|
||||
|
@ -54,7 +59,7 @@ sudo_or_exit() {
|
|||
|
||||
required_commands() {
|
||||
|
||||
# usage: requires_commands [cmd1 ...]
|
||||
# usage: required_commands [cmd1 ...]
|
||||
|
||||
local exit_val=0
|
||||
while [ -n "$1" ]; do
|
||||
|
@ -787,9 +792,6 @@ uWSGI_disable_app() {
|
|||
|
||||
# distro's package manager
|
||||
# ------------------------
|
||||
#
|
||||
# FIXME: Arch Linux & RHEL should be added
|
||||
#
|
||||
|
||||
pkg_install() {
|
||||
|
||||
|
@ -801,8 +803,20 @@ pkg_install() {
|
|||
if ! ask_yn "Should packages be installed?" Yn 30; then
|
||||
return 42
|
||||
fi
|
||||
case $DIST_ID in
|
||||
ubuntu|debian)
|
||||
# shellcheck disable=SC2068
|
||||
apt-get install -m -y $@
|
||||
;;
|
||||
arch)
|
||||
# shellcheck disable=SC2068
|
||||
pacman -S --noconfirm $@
|
||||
;;
|
||||
fedora)
|
||||
# shellcheck disable=SC2068
|
||||
dnf install -y $@
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
pkg_remove() {
|
||||
|
@ -815,15 +829,40 @@ pkg_remove() {
|
|||
if ! ask_yn "Should packages be removed (purge)?" Yn 30; then
|
||||
return 42
|
||||
fi
|
||||
apt-get purge --autoremove --ignore-missing -y "$@"
|
||||
case $DIST_ID in
|
||||
ubuntu|debian)
|
||||
# shellcheck disable=SC2068
|
||||
apt-get purge --autoremove --ignore-missing -y $@
|
||||
;;
|
||||
arch)
|
||||
# shellcheck disable=SC2068
|
||||
pacman -R --noconfirm $@
|
||||
;;
|
||||
fedora)
|
||||
# shellcheck disable=SC2068
|
||||
dnf remove -y $@
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
pkg_is_installed() {
|
||||
|
||||
# usage: pkg_is_install foopkg || pkg_install foopkg
|
||||
|
||||
case $DIST_ID in
|
||||
ubuntu|debian)
|
||||
dpkg -l "$1" &> /dev/null
|
||||
return $?
|
||||
;;
|
||||
arch)
|
||||
pacman -Qsq "$1" &> /dev/null
|
||||
return $?
|
||||
;;
|
||||
fedora)
|
||||
dnf list -q --installed "$1" &> /dev/null
|
||||
return $?
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
# git tooling
|
||||
|
|
11
utils/lxc.sh
11
utils/lxc.sh
|
@ -39,12 +39,15 @@ ubu1904_boilerplate="$ubu1804_boilerplate"
|
|||
# shellcheck disable=SC2034
|
||||
archlinux_boilerplate="
|
||||
pacman -Syu --noconfirm
|
||||
pacman -S --noconfirm git curl wget
|
||||
pacman -S --noconfirm git curl wget sudo
|
||||
echo 'Set disable_coredump false' >> /etc/sudo.conf
|
||||
"
|
||||
|
||||
# shellcheck disable=SC2034
|
||||
fedora31_boilerplate="
|
||||
dnf update -y
|
||||
dnf install -y git curl wget
|
||||
dnf install -y git curl wget hostname
|
||||
echo 'Set disable_coredump false' >> /etc/sudo.conf
|
||||
"
|
||||
|
||||
REMOTE_IMAGES=()
|
||||
|
@ -162,7 +165,9 @@ main() {
|
|||
lxc exec "${i}" -- "$@"
|
||||
exit_val=$?
|
||||
if [[ $exit_val -ne 0 ]]; then
|
||||
err_msg "[${_BBlue}${i}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}"
|
||||
warn_msg "[${_BBlue}${i}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}"
|
||||
else
|
||||
info_msg "[${_BBlue}${i}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}"
|
||||
fi
|
||||
done
|
||||
;;
|
||||
|
|
|
@ -105,7 +105,7 @@ main() {
|
|||
rst_title "$SERVICE_NAME" part
|
||||
|
||||
required_commands \
|
||||
dpkg apt-get install git wget curl \
|
||||
sudo install git wget curl \
|
||||
|| exit
|
||||
|
||||
local _usage="ERROR: unknown or missing $1 command $2"
|
||||
|
@ -224,9 +224,11 @@ assert_user() {
|
|||
rst_title "user $SERVICE_USER" section
|
||||
echo
|
||||
tee_stderr 1 <<EOF | bash | prefix_stdout
|
||||
sudo -H adduser --shell /bin/bash --system --home $SERVICE_HOME \
|
||||
--disabled-password --group --gecos 'Morty' $SERVICE_USER
|
||||
sudo -H usermod -a -G shadow $SERVICE_USER
|
||||
useradd --shell /bin/bash --system \
|
||||
--home-dir "$SERVICE_HOME" \
|
||||
--comment 'Web content sanitizer proxy' $SERVICE_USER
|
||||
mkdir "$SERVICE_HOME"
|
||||
chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME"
|
||||
groups $SERVICE_USER
|
||||
EOF
|
||||
SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"
|
||||
|
|
|
@ -35,14 +35,26 @@ SEARX_UWSGI_APP="searx.ini"
|
|||
# shellcheck disable=SC2034
|
||||
SEARX_UWSGI_SOCKET="/run/uwsgi/app/searx/socket"
|
||||
|
||||
# FIXME: Arch Linux & RHEL should be added
|
||||
|
||||
SEARX_APT_PACKAGES="\
|
||||
case $DIST_ID in
|
||||
ubuntu|debian) # apt packages
|
||||
SEARX_PACKAGES="\
|
||||
python3-dev python3-babel python3-venv \
|
||||
uwsgi uwsgi-plugin-python3 \
|
||||
git build-essential \
|
||||
libxslt-dev python3-dev python3-babel python3-venv \
|
||||
zlib1g-dev libffi-dev libssl-dev \
|
||||
"
|
||||
git build-essential libxslt-dev zlib1g-dev libffi-dev libssl-dev "
|
||||
;;
|
||||
arch) # pacman packages
|
||||
SEARX_PACKAGES="\
|
||||
python python-pip python-lxml python-babel \
|
||||
uwsgi uwsgi-plugin-python \
|
||||
git base-devel libxml2 "
|
||||
;;
|
||||
fedora) # dnf packages
|
||||
SEARX_PACKAGES="\
|
||||
python python-pip python-lxml python-babel \
|
||||
uwsgi uwsgi-plugin-python3 \
|
||||
git @development-tools libxml2 "
|
||||
;;
|
||||
esac
|
||||
|
||||
# Apache Settings
|
||||
|
||||
|
@ -72,7 +84,7 @@ usage() {
|
|||
usage::
|
||||
|
||||
$(basename "$0") shell
|
||||
$(basename "$0") install [all|user|pyenv|searx-src|apache]
|
||||
$(basename "$0") install [all|user|searx-src|pyenv|apache]
|
||||
$(basename "$0") update [searx]
|
||||
$(basename "$0") remove [all|user|pyenv|searx-src]
|
||||
$(basename "$0") activate [service]
|
||||
|
@ -120,7 +132,7 @@ main() {
|
|||
rst_title "$SEARX_INSTANCE_NAME" part
|
||||
|
||||
required_commands \
|
||||
dpkg systemctl apt-get install git wget curl \
|
||||
sudo systemctl install git wget curl \
|
||||
|| exit
|
||||
|
||||
local _usage="unknown or missing $1 command $2"
|
||||
|
@ -202,7 +214,7 @@ _service_prefix=" |$SERVICE_USER| "
|
|||
|
||||
install_all() {
|
||||
rst_title "Install $SEARX_INSTANCE_NAME (service)"
|
||||
pkg_install "$SEARX_APT_PACKAGES"
|
||||
pkg_install "$SEARX_PACKAGES"
|
||||
wait_key
|
||||
assert_user
|
||||
wait_key
|
||||
|
@ -260,9 +272,11 @@ assert_user() {
|
|||
rst_title "user $SERVICE_USER" section
|
||||
echo
|
||||
tee_stderr 1 <<EOF | bash | prefix_stdout
|
||||
sudo -H adduser --shell /bin/bash --system --home "$SERVICE_HOME" \
|
||||
--disabled-password --group --gecos 'searx' $SERVICE_USER
|
||||
sudo -H usermod -a -G shadow $SERVICE_USER
|
||||
useradd --shell /bin/bash --system \
|
||||
--home-dir "$SERVICE_HOME" \
|
||||
--comment 'Privacy-respecting metasearch engine' $SERVICE_USER
|
||||
mkdir "$SERVICE_HOME"
|
||||
chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME"
|
||||
groups $SERVICE_USER
|
||||
EOF
|
||||
#SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"
|
||||
|
|
Loading…
Reference in a new issue