Add 'legacy/scripts/apache2.sh'

legacy/scripts/apache2.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -e
+
+export DEBIAN_FRONTEND=noninteractive
+
+apt-get update -y
+apt-get upgrade -y
+apt-get install -y apache2 certbot python3-certbot-apache
+
+certbot run -n --apache --agree-tos -d $1 -m $2 --redirect

legacy/scripts/internal-webserver.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+
+export DEBIAN_FRONTEND=noninteractive
+
+apt-get update -y
+apt-get upgrade -y
+apt-get install -y git apache2
+
+cd /var/www/html/
+git clone https://github.com/that-github-guy/quick-deploy-scripts.git
+# { crontab -l -u root; echo '*/15 * * * * cd /var/www/html/quick-deploy-scripts/ && git pull --ff-only main'; } | crontab -u root -

legacy/scripts/lxc.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+set -e
+
+# TODO: make it take arguments instead of environment variables
+lxc launch ubuntu:18.04 $instance_name -c security.nesting=$nesting
+lxc config device add $instance_name auto$instance_name proxy listen=$proto:$listen_ip:$external_port connect=$proto:127.0.0.1:$internal_port
+sleep $wait | true # wait for network, TODO: more elegant solution
+lxc exec $instance_name -- bash -c "$script"

legacy/scripts/pdns.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+set -e
+
+export DEBIAN_FRONTEND=noninteractive
+
+apt-get update -y
+apt-get upgrade -y
+apt-get install -y ca-certificates curl gnupg lsb-release nano wget tmux
+
+sed -i 's/#DNSStubListener=yes/DNSStubListener=no/' /etc/systemd/resolved.conf
+sed -i 's/127.0.0.53/8.8.8.8/' /etc/resolv.conf
+systemctl restart systemd-resolved
+ping -c 1 google.com # checks to see DNS connectivity still exists
+
+webserverkey=$(date +%s | sha256sum | base64 | head -c 32) # INSECURE, use openssl rand -hex
+apt-get install -y pdns-server pdns-backend-sqlite3 sqlite3
+mkdir /var/lib/powerdns || true
+sqlite3 /var/lib/powerdns/pdns.sqlite3 < /usr/share/doc/pdns-backend-sqlite3/schema.sqlite3.sql || true
+chown -R pdns:pdns /var/lib/powerdns
+tee -a /etc/powerdns/pdns.conf << EOF
+gsqlite3-database=/var/lib/powerdns/pdns.sqlite3
+webserver=yes
+webserver-address=0.0.0.0
+webserver-allow-from=127.0.0.1,10.0.0.0/8,172.0.0.0/8
+webserver-port=8081
+webserver-password=$webserverkey
+api=yes
+api-key=$webserverkey
+EOF
+systemctl restart pdns
+
+apt-get remove docker docker-engine docker.io containerd runc
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
+  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null # snippet from docker
+apt-get update -y
+apt-get install -y docker-ce docker-ce-cli containerd.io
+docker run hello-world
+
+secretkey=$(date +%s | sha256sum | base64 | head -c 32)
+docker run -d \
+    -e SECRET_KEY=$secretkey \
+    -v pda-data:/data \
+    -p 9191:80 \
+    ngoduykhanh/powerdns-admin:latest
+
+echo '{$webserverkey}'

legacy/setup/setup-internal-webserver.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+set -e
+
+export instance_name=internal-webserver
+export nesting=false
+export proto=tcp
+export listen_ip=127.0.0.1
+export internal_port=80
+export external_port=81
+export script='apt-get update -y && apt-get install curl && curl -sL https://github.com/that-github-guy/quick-deploy-scripts/raw/main/scripts/internal-webserver.sh | bash'
+
+export wait=5
+
+bash ../scripts/lxc.sh