2021-04-24 14:48:13 +00:00
|
|
|
#!/bin/sh
|
|
|
|
# Fallar ante cualquier error
|
|
|
|
set -e
|
|
|
|
|
2021-08-25 21:03:13 +00:00
|
|
|
# Por ahora sólo soportamos x86_64
|
|
|
|
uname -m | grep -q x86_64 || exit 1
|
|
|
|
|
2021-05-25 13:48:32 +00:00
|
|
|
DIR="$(dirname "$(realpath "$0")")"
|
2021-08-25 21:04:24 +00:00
|
|
|
ROOT="$(dirname "$DIR")"
|
2021-08-25 21:05:33 +00:00
|
|
|
SELF="$(basename "$0")"
|
2021-04-24 14:48:13 +00:00
|
|
|
|
2021-05-25 13:51:10 +00:00
|
|
|
# Sólo se puede correr desde el directorio de Sutty
|
2021-08-25 21:04:24 +00:00
|
|
|
if test "$ROOT" != "$(dirname "$PWD")" && test "$ROOT" != "$PWD"; then
|
|
|
|
echo "¡No estás corriendo dentro de una carpeta de Sutty!"
|
2021-08-25 21:05:33 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
# Necesitamos bubblewrap
|
|
|
|
if ! type bwrap >/dev/null 2>&1 ; then
|
|
|
|
echo "Por favor, instala el paquete bubblewrap"
|
2021-05-25 13:51:10 +00:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2021-08-25 21:05:54 +00:00
|
|
|
if test $(sysctl kernel.unprivileged_userns_clone -n) -ne 1 ; then
|
|
|
|
echo "Necesitamos configurar tu sistema, ingresa tu contraseña para correr el comando" >&2
|
|
|
|
echo "sudo sysctl -a kernel.unprivileged_userns_clone=1"
|
|
|
|
sudo sysctl -a kernel.unprivileged_userns_clone=1
|
|
|
|
fi
|
|
|
|
|
2021-08-25 21:04:24 +00:00
|
|
|
# Si estamos corriendo el comando desde la raíz de trabajo no hay que
|
|
|
|
# agregar el directorio.
|
|
|
|
if test "$ROOT" = "$PWD"; then
|
|
|
|
WORKDIR="/Sutty"
|
|
|
|
else
|
|
|
|
WORKDIR="/Sutty/${PWD##*/}/"
|
|
|
|
fi
|
2021-04-24 14:48:13 +00:00
|
|
|
|
2021-05-16 16:22:58 +00:00
|
|
|
# Podemos cambiar el entorno
|
2021-08-25 21:04:24 +00:00
|
|
|
ENTORNO=${ENTORNO:-${ROOT}/hain}
|
2021-04-24 14:48:13 +00:00
|
|
|
|
2021-05-16 15:45:16 +00:00
|
|
|
correr() {
|
2021-04-26 16:03:36 +00:00
|
|
|
echo "> $1"
|
2021-04-24 14:48:13 +00:00
|
|
|
|
2021-05-16 15:45:16 +00:00
|
|
|
mkdir -p "$ENTORNO/home"
|
2021-04-28 18:16:30 +00:00
|
|
|
# migrar de versiones anteriores de hainish
|
2021-05-16 15:45:16 +00:00
|
|
|
test -d "$ENTORNO$HOME" && mv "$ENTORNO$HOME" "$ENTORNO/home/suttier"
|
2021-04-28 18:16:30 +00:00
|
|
|
|
2021-04-26 16:03:36 +00:00
|
|
|
env -i \
|
2021-04-27 18:29:15 +00:00
|
|
|
TERM="$TERM" \
|
2021-04-26 16:03:36 +00:00
|
|
|
USER="$USER" \
|
2021-04-28 18:16:30 +00:00
|
|
|
HOME="/home/suttier" \
|
2021-05-08 23:22:42 +00:00
|
|
|
HAIN_ENV=true \
|
2021-06-01 15:44:16 +00:00
|
|
|
RAILS_ENV="${RAILS_ENV:-development}" \
|
|
|
|
JEKYLL_ENV="${JEKYLL_ENV:-development}" \
|
2021-06-01 19:58:45 +00:00
|
|
|
EDITOR="nano" \
|
2021-06-08 18:07:45 +00:00
|
|
|
PAGER="less -niSFX" \
|
2021-04-26 16:03:36 +00:00
|
|
|
bwrap \
|
|
|
|
--unshare-user-try \
|
|
|
|
--unshare-ipc \
|
|
|
|
--unshare-uts \
|
|
|
|
--unshare-cgroup-try \
|
|
|
|
--bind "$ENTORNO" / \
|
2021-08-25 21:04:24 +00:00
|
|
|
--bind "$ROOT" /Sutty \
|
2021-04-26 16:03:36 +00:00
|
|
|
--ro-bind /etc/hosts /etc/hosts \
|
|
|
|
--ro-bind /etc/passwd /etc/passwd \
|
|
|
|
--ro-bind /etc/group /etc/group \
|
|
|
|
--ro-bind /etc/resolv.conf /etc/resolv.conf \
|
|
|
|
--ro-bind /etc/localtime /etc/localtime \
|
|
|
|
--dev-bind /dev /dev \
|
|
|
|
--dev-bind /sys /sys \
|
|
|
|
--dev-bind /proc /proc \
|
|
|
|
--dev-bind /tmp /tmp \
|
2021-08-25 21:04:24 +00:00
|
|
|
--chdir "$WORKDIR" \
|
2021-06-01 15:42:32 +00:00
|
|
|
/bin/sh -l -c "$1" < "${stdin:-/dev/null}"
|
2021-04-26 16:03:36 +00:00
|
|
|
}
|
2021-04-24 14:48:13 +00:00
|
|
|
|
2021-06-16 17:54:27 +00:00
|
|
|
generar_certificado() {
|
|
|
|
chmod 700 "$ENTORNO/etc/ssl/private"
|
|
|
|
|
|
|
|
ca_key="/etc/ssl/private/ca-sutty.key"
|
2021-07-08 22:56:41 +00:00
|
|
|
ca_crt="/usr/local/share/ca-certificates/ca-sutty.crt"
|
2021-06-16 17:54:27 +00:00
|
|
|
|
|
|
|
domain_key="/etc/ssl/private/sutty.local.key"
|
|
|
|
domain_csr="/etc/ssl/private/sutty.local.csr"
|
|
|
|
domain_crt="/etc/ssl/certs/sutty.local.crt"
|
|
|
|
|
2021-08-25 21:04:24 +00:00
|
|
|
if test -f "$ROOT/sutty.local/domain/sutty.local.crt"; then
|
|
|
|
SUTTY_LOCAL="$ROOT/sutty.local"
|
2021-06-16 17:54:27 +00:00
|
|
|
|
|
|
|
echo "Migrando certificados de sutty.local..."
|
|
|
|
|
|
|
|
cp "$SUTTY_LOCAL/ca/key.key" "$ENTORNO$ca_key"
|
|
|
|
cp "$SUTTY_LOCAL/ca/crt.crt" "$ENTORNO$ca_crt"
|
|
|
|
|
|
|
|
cp "$SUTTY_LOCAL/domain/sutty.local.key" "$ENTORNO$domain_key"
|
|
|
|
cp "$SUTTY_LOCAL/domain/sutty.local.csr" "$ENTORNO$domain_csr"
|
|
|
|
cp "$SUTTY_LOCAL/domain/sutty.local.crt" "$ENTORNO$domain_crt"
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
|
|
|
|
echo "Generando certificados..."
|
|
|
|
|
|
|
|
correr "openssl genpkey -algorithm RSA -pass pass:sutty -out $ca_key"
|
|
|
|
correr "openssl req -x509 -new -nodes -key $ca_key -sha256 \
|
|
|
|
-passin pass:sutty -passout pass:sutty \
|
|
|
|
-subj '/C=IN/ST=Cyberspace/L=Cyberspace/O=Sutty/OU=Espacio/CN=Sutty Local CA' \
|
|
|
|
-days 3650 -out $ca_crt"
|
|
|
|
|
2021-07-08 22:56:41 +00:00
|
|
|
correr "update-ca-certificates"
|
|
|
|
|
2021-06-16 17:54:27 +00:00
|
|
|
correr "openssl req -nodes -newkey rsa:2048 -keyout $domain_key -out $domain_csr \
|
|
|
|
-subj '/C=IN/ST=Cyberspace/L=Cyberspace/O=Sutty/OU=Espacio/CN=sutty.local/CN=*.sutty.local'"
|
|
|
|
correr "openssl x509 -req -in $domain_csr \
|
|
|
|
-CA $ca_crt -CAkey $ca_key -CAcreateserial \
|
|
|
|
-out $domain_crt -days 3650 -sha256"
|
|
|
|
|
|
|
|
echo "Instalando certificados..."
|
|
|
|
if which update-ca-certificates 2>/dev/null; then
|
|
|
|
sudo install -Dm 644 "$ENTORNO$ca_crt" /usr/share/ca-certificates/extra/sutty.crt
|
|
|
|
sudo dpkg-reconfigure ca-certificates
|
|
|
|
sudo update-ca-certificates
|
|
|
|
else
|
|
|
|
sudo trust anchor "$ENTORNO$ca_crt"
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2021-05-16 15:45:16 +00:00
|
|
|
crear_entorno() {
|
|
|
|
ALPINE="3.13.5"
|
2021-04-26 16:03:36 +00:00
|
|
|
ALPINE_URL="https://dl-cdn.alpinelinux.org/alpine/v${ALPINE%.*}/releases/x86_64/alpine-minirootfs-${ALPINE}-x86_64.tar.gz"
|
2021-04-24 14:48:13 +00:00
|
|
|
|
2021-04-26 16:03:36 +00:00
|
|
|
# Definir si vamos a usar wget o curl
|
2021-08-25 21:05:33 +00:00
|
|
|
type wget >/dev/null 2>&1 && download="wget -O -"
|
|
|
|
type busybox >/dev/null 2>&1 && download="busybox wget -O -"
|
|
|
|
type curl >/dev/null 2>&1 && download="curl"
|
2021-04-24 14:48:13 +00:00
|
|
|
|
2021-04-26 16:03:36 +00:00
|
|
|
# Si no hay ninguno de los dos, salir
|
|
|
|
test -z "${download}" && exit 1
|
2021-04-24 14:48:13 +00:00
|
|
|
|
2021-04-26 16:03:36 +00:00
|
|
|
# Darle permiso de lectura a otres también
|
|
|
|
umask 022
|
2021-04-24 14:48:13 +00:00
|
|
|
|
2021-04-26 16:03:36 +00:00
|
|
|
# Crear el directorio de trabajo
|
2021-05-16 16:33:32 +00:00
|
|
|
mkdir -p "$ENTORNO"
|
2021-04-24 14:48:13 +00:00
|
|
|
|
2021-04-26 16:03:36 +00:00
|
|
|
# Descargar y extraer Alpine
|
2021-05-16 16:33:32 +00:00
|
|
|
test -f "$ENTORNO/etc/os-release" || ${download} "${ALPINE_URL}" | tar xz --directory "$ENTORNO"
|
2021-06-08 18:07:45 +00:00
|
|
|
# Configurar los repositorios de Sutty
|
|
|
|
grep -q sutty "$ENTORNO/etc/apk/repositories" || echo "https://alpine.sutty.nl/alpine/v${ALPINE%\.*}/sutty" >> "$ENTORNO/etc/apk/repositories"
|
|
|
|
test -f "$ENTORNO/etc/apk/keys/alpine@sutty.nl-5ea884cd.rsa.pub" || wget https://alpine.sutty.nl/alpine/sutty.pub -O "$ENTORNO/etc/apk/keys/alpine@sutty.nl-5ea884cd.rsa.pub"
|
2021-04-24 14:48:13 +00:00
|
|
|
|
2021-05-29 21:47:17 +00:00
|
|
|
# Instalar las dependencias solo si cambiaron
|
|
|
|
if test "$ENTORNO/etc/apk/world" -ot "$DIR/packages"; then
|
|
|
|
echo "Instalando paquetes..."
|
|
|
|
packages="$(cat "$DIR/packages" | tr "\n" " ")"
|
|
|
|
correr "apk add --no-cache $packages"
|
|
|
|
fi
|
2021-04-26 16:03:36 +00:00
|
|
|
|
|
|
|
# Habilitar la instalación de gemas binarias
|
|
|
|
sed -re "s/#(@platforms = )/\1/" -i "$ENTORNO/usr/lib/ruby/2.7.0/rubygems.rb"
|
|
|
|
|
2021-05-08 21:31:13 +00:00
|
|
|
# Deshabilitar el usuario de nginx
|
|
|
|
sed -re "/user nginx/d" -i "$ENTORNO/etc/nginx/nginx.conf"
|
|
|
|
|
|
|
|
# Crear el directorio del PID
|
|
|
|
install -dm 755 "$ENTORNO/run/nginx"
|
|
|
|
# Instalar la configuración
|
|
|
|
install -m 640 "$DIR/nginx.conf" "$ENTORNO/etc/nginx/http.d/default.conf"
|
2021-06-01 19:58:45 +00:00
|
|
|
|
|
|
|
# Resaltado de sintaxis en nano
|
|
|
|
grep -q "^include " "$ENTORNO/etc/nanorc" || echo "include \"/usr/share/nano/*.nanorc\"" >> "$ENTORNO/etc/nanorc"
|
2021-06-08 18:07:45 +00:00
|
|
|
|
|
|
|
# Instalar scripts
|
|
|
|
for script in "$DIR/bin/"*; do
|
|
|
|
install -m 755 "$script" "$ENTORNO/usr/local/bin/${script##*/}"
|
|
|
|
done
|
2021-06-16 17:54:27 +00:00
|
|
|
|
|
|
|
test -f "$ENTORNO/etc/ssl/certs/sutty.local.crt" || generar_certificado
|
2021-04-26 16:03:36 +00:00
|
|
|
}
|
|
|
|
|
2021-08-25 21:05:33 +00:00
|
|
|
case $1 in
|
|
|
|
init) echo "export PATH=$DIR:\$PATH" ;;
|
|
|
|
*)
|
|
|
|
if ! type "$SELF" >/dev/null 2>&1 ; then
|
2021-08-25 22:34:43 +00:00
|
|
|
echo "Tip: Inicia haini.sh con 'eval \$($0 init)' para poder ejecutar con solo 'haini.sh'" >&2
|
2021-08-25 21:05:33 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
crear_entorno
|
2021-08-25 21:06:58 +00:00
|
|
|
stdin=/dev/stdin correr "${*:-sh}"
|
2021-08-25 21:05:33 +00:00
|
|
|
;;
|
|
|
|
esac
|