commit 0bb9d2da0bd887bd616e237620025337234b2987 Author: Henrik Lorenzen Date: Wed Dec 3 10:41:03 2025 +0100 added basic setup diff --git a/.data/ufw/after.rules b/.data/ufw/after.rules new file mode 100644 index 0000000..cc36ab3 --- /dev/null +++ b/.data/ufw/after.rules @@ -0,0 +1,26 @@ +# BEGIN UFW AND DOCKER +*filter +:ufw-user-forward - [0:0] +:ufw-docker-logging-deny - [0:0] +:DOCKER-USER - [0:0] +-A DOCKER-USER -j ufw-user-forward + +-A DOCKER-USER -m conntrack --ctstate RELATED,ESTABLISHED -j RETURN +-A DOCKER-USER -m conntrack --ctstate INVALID -j DROP +-A DOCKER-USER -i docker0 -o docker0 -j ACCEPT + +-A DOCKER-USER -j RETURN -s 10.0.0.0/8 +-A DOCKER-USER -j RETURN -s 172.16.0.0/12 +-A DOCKER-USER -j RETURN -s 192.168.0.0/16 + +-A DOCKER-USER -j ufw-docker-logging-deny -m conntrack --ctstate NEW -d 10.0.0.0/8 +-A DOCKER-USER -j ufw-docker-logging-deny -m conntrack --ctstate NEW -d 172.16.0.0/12 +-A DOCKER-USER -j ufw-docker-logging-deny -m conntrack --ctstate NEW -d 192.168.0.0/16 + +-A DOCKER-USER -j RETURN + +-A ufw-docker-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW DOCKER BLOCK] " +-A ufw-docker-logging-deny -j DROP + +COMMIT +# END UFW AND DOCKER diff --git a/bin/deinstall.sh b/bin/deinstall.sh new file mode 100755 index 0000000..d817f01 --- /dev/null +++ b/bin/deinstall.sh @@ -0,0 +1,53 @@ +#!/bin/bash + +# Check if FAST_PATH is set in .bashrc + +source ~/.bashrc + +if [ -z "$FAST_PATH" ]; then + echo "FAST_PATH is not set in your environment. Please check your .bashrc file." + exit 1 +fi + +# check if -y flag is provided +if [[ "$1" == "-y" ]]; then + CONFIRM="y" +fi + +# if not, prompt the user for confirmation + +if [ -z "$CONFIRM" ]; then + echo "This will deinstall Fast from $FAST_PATH and remove all its files." + # Ask for confirmation before proceeding + read -p "Are you sure you want to deinstall Fast from $FAST_PATH? (y/N): " CONFIRM +fi + +if [[ "$CONFIRM" != "y" && "$CONFIRM" != "Y" ]]; then + echo "Deinstallation cancelled." + exit 0 +fi + +# Remove Fast installation directory +echo "Removing Fast installation directory at $FAST_PATH..." +sudo rm -rf "$FAST_PATH" + +# Remove FAST_PATH from .bashrc +sed -i '/export FAST_PATH=/d' ~/.bashrc +sed -i '/export PATH=\$FAST_PATH\/bin:\$PATH/d' ~/.bashrc + +# find all docker images with "fast" in their name and remove them +# Ask for confirmation before proceeding, default to yes +echo "Removing Docker images related to Fast..." +read -p "Are you sure you want to remove all Docker images related to Fast? (Y/n): " REMOVE_DOCKER + +if [[ "$REMOVE_DOCKER" == "n" || "$REMOVE_DOCKER" == "N" ]]; then + echo "Skipping Docker image removal." + exit 0 +else + docker images | grep fast/ | awk '{print $1}' | xargs -r docker rmi -f + docker image prune --force + +fi + + +echo "Fast installation directory removed." diff --git a/bin/setup_docker.sh b/bin/setup_docker.sh new file mode 100755 index 0000000..bffe3c2 --- /dev/null +++ b/bin/setup_docker.sh @@ -0,0 +1,26 @@ +sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc +sudo chmod a+r /etc/apt/keyrings/docker.asc + +# Add the repository to Apt sources: +sudo tee /etc/apt/sources.list.d/docker.sources < /dev/null 2>&1; then + sudo groupadd docker + sudo usermod -aG docker $USER || true + newgrp docker || echo "newgrp command failed, please log out and log back in to apply group changes." + sudo systemctl restart docker || echo "Failed to restart docker service, please check the service status manually." + sudo systemctl enable docker.service || echo "Failed to enable docker service, please check the service status manually." + sudo systemctl enable containerd.service || echo "Failed to enable containerd service, please check the service status manually." +fi + +echo "Docker has been installed and configured." diff --git a/bin/setup_env.sh b/bin/setup_env.sh new file mode 100755 index 0000000..c8ac7f4 --- /dev/null +++ b/bin/setup_env.sh @@ -0,0 +1,132 @@ +#!/bin/bash + +# check if FAST_PATH is set, if not exit with a message +if [ -z "$FAST_PATH" ]; then + echo "FAST_PATH is not set." + exit 1 +fi + +sudo cp $PWD/config/.env $FAST_PATH/.env +echo "Environment file copied to $FAST_PATH/.env" + +cd $FAST_PATH + +# Define the file to process +ENV_FILE=".env" + +# Define the keywords to look for (case-insensitive search for the value part) +KEYWORDS="(key|user|password|email)" + +# Define the secure placeholder value for non-interactive mode +SECURE_PLACEHOLDER="REPLACED_BY_SCRIPT" + +# Flag to check if the script is running interactively (can prompt for input) +# If stdin is connected to a terminal, it's interactive. +if [[ -t 0 ]]; then + IS_INTERACTIVE=true + echo "Mode: šŸŸ¢ Interactive (Will prompt for input)" +else + IS_INTERACTIVE=false + echo "Mode: šŸ”“ Non-Interactive (Will use placeholder: $SECURE_PLACEHOLDER)" +fi + +# Check if the .env file exists +if [ ! -f "$ENV_FILE" ]; then + echo "Error: .env file not found at $ENV_FILE" + exit 1 +fi + +echo "--- .env File Security Checker ---" +echo "Searching for sensitive variables in $ENV_FILE..." +echo "-----------------------------------" + +# Create a temporary file to store the modified content +TEMP_FILE=$(mktemp) + +# Loop through each line +while IFS= read -r line; do + + # 1. Skip comments and empty lines + if [[ "$line" =~ ^\#.* ]] || [[ -z "$line" ]]; then + echo "$line" >> "$TEMP_FILE" + continue + fi + + # 2. Extract the Variable Name and Value (must match VAR=VAL format) + if [[ "$line" =~ ^([[:alnum:]_]+)=.* ]]; then + VAR_NAME="${BASH_REMATCH[1]}" + VAR_VALUE_RAW="${line#*=}" + + # Clean quotes and convert value to lowercase for reliable keyword checking + VAR_VALUE_CLEANED="${VAR_VALUE_RAW%\"}"; VAR_VALUE_CLEANED="${VAR_VALUE_CLEANED#\"}" + VAR_VALUE_CLEANED="${VAR_VALUE_CLEANED%\'}"; VAR_VALUE_CLEANED="${VAR_VALUE_CLEANED#\'}" + VAR_VALUE_LOWER=$(echo "$VAR_VALUE_CLEANED" | tr '[:upper:]' '[:lower:]') + + # 3. Check if the value contains a sensitive keyword + if [[ "$VAR_VALUE_LOWER" =~ $KEYWORDS ]]; then + + echo -e "\nāš ļø Sensitive variable found: **$VAR_NAME**" + echo "Current value: $VAR_VALUE_RAW" + + NEW_LINE="" + + if $IS_INTERACTIVE; then + # INTERACTIVE MODE: Prompt the user + read -r -p "Enter a new secure value for $VAR_NAME: " NEW_VALUE < /dev/tty + echo $NEW_VALUE + + # if user entered an empty value, use the original value + if [ -z "$NEW_VALUE" ]; then + NEW_VALUE="$VAR_VALUE_CLEANED" + echo "No input provided. Keeping original value." + fi + + # Add quotes if value contains spaces + if [[ "$NEW_VALUE" =~ [[:space:]] ]]; then + NEW_LINE="$VAR_NAME=\"$NEW_VALUE\"" + else + NEW_LINE="$VAR_NAME=$NEW_VALUE" + fi + echo "Action: Manual update applied." + else + # NON-INTERACTIVE MODE: Use the placeholder + NEW_LINE="$VAR_NAME=$SECURE_PLACEHOLDER" + echo "Action: Automatically set to placeholder for non-interactive run." + fi + + # Write the new line + echo "$NEW_LINE" >> "$TEMP_FILE" + continue + fi + fi + + # 4. Write the line unchanged if not sensitive + echo "$line" >> "$TEMP_FILE" + +done < "$ENV_FILE" + +# Insert DOCKER_GROUP_ID +DOCKER_GROUP_ID=$(stat -c '%g' /var/run/docker.sock) +echo -e "\n--- adding DOCKER_GROUP_ID=$DOCKER_GROUP_ID to .env ---" +echo "DOCKER_GROUP_ID=$DOCKER_GROUP_ID" >> "$TEMP_FILE" + +# Generate DATA_MANGER_DB_URL +# check if POSTGRES_USER and POSTGRES_PASSWORD are set, else add the DATA_MANAGER_DB_URL without credentials +POSTGRES_USER=$(grep -E '^POSTGRES_USER=' "$ENV_FILE" | cut -d '=' -f2 | tr -d '"') +POSTGRES_PASSWORD=$(grep -E '^POSTGRES_PASSWORD=' "$ENV_FILE" | cut -d '=' -f2 | tr -d '"') + +if [ -z "$POSTGRES_USER" ] || [ -z "$POSTGRES_PASSWORD" ]; then + DATA_MANAGER_DB_URL=postgresql://data_db:5432/user_data +else + DATA_MANAGER_DB_URL=postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@data_db:5432/user_data +fi + +echo -e "\n--- adding DATA_MANAGER_DB_URL to .env ---" + +echo "DATA_MANAGER_DB_URL=$DATA_MANAGER_DB_URL" >> "$TEMP_FILE" + +# 5. Overwrite the original .env file with the content of the temporary file +echo -e "\n--- Finalizing Update ---" +sudo mv -f "$TEMP_FILE" "$ENV_FILE" + +echo "āœ… All updates applied. The original $ENV_FILE has been overwritten." diff --git a/bin/setup_fast.sh b/bin/setup_fast.sh new file mode 100755 index 0000000..029763f --- /dev/null +++ b/bin/setup_fast.sh @@ -0,0 +1,37 @@ + +# clone the repository +git clone https://git.nxs.solutions/Fast/FastFlask.git lib + +# ask the user for the location where to setup Fast +read -p "Enter the full path where you want to set up Fast (e.g., /opt/fast): " FAST_PATH +# if the user input is empty, use /opt/fast as default + +if [ -z "$FAST_PATH" ]; then + FAST_PATH="/opt/fast" +fi + +# create the directory if it doesn't exist +sudo mkdir -p "$FAST_PATH" +sudo cp -r lib/* $FAST_PATH +sudo cp -r lib/.docker/ $FAST_PATH/.docker/ + +# remove the .git directory to detach from the original repository +echo "Removing .git directory to detach from the original repository..." +sudo rm -r lib + +# check if FAST_PATH is in .bashrc, if not, add it and source .bashrc +if ! grep -q "export FAST_PATH=" ~/.bashrc; then + echo "export FAST_PATH=$FAST_PATH" >> ~/.bashrc + echo 'export PATH=$FAST_PATH/bin:$PATH' >> ~/.bashrc + source ~/.bashrc + echo "FAST_PATH added to .bashrc and sourced." +else + echo "FAST_PATH already exists in .bashrc." + echo "Overwriting FAST_PATH in .bashrc..." + sed -i "s|^export FAST_PATH=.*$|export FAST_PATH=$FAST_PATH|" ~/.bashrc + source ~/.bashrc + echo "FAST_PATH updated in .bashrc and sourced." +fi + +sudo chown -R $USER:root $FAST_PATH +echo "Fast has been set up at $FAST_PATH" diff --git a/bin/setup_ufw.sh b/bin/setup_ufw.sh new file mode 100755 index 0000000..600c949 --- /dev/null +++ b/bin/setup_ufw.sh @@ -0,0 +1,30 @@ +# !/bin/bash +# Script to set up UFW (Uncomplicated Firewall) with basic rules + +# Update package lists and install UFW +sudo apt update && sudo apt upgrade -y +sudo apt install ufw -y + +# Set default policies + +sudo ufw allow 22/tcp +sudo ufw allow 80/tcp +sudo ufw allow 443/tcp + +# Allow SSH for gitea container on port 2222 +sudo ufw allow 2222/tcp + +# Allow UDP ports from 60000 to 61000 for mosh +sudo ufw allow 60000:61000/udp + +#Solving iptables-persistent issue with UFW and Docker +sudo chown $USER:root /etc/ufw/after.rules + +# check if DOCKER-USER chain already exists to avoid duplicates + +grep -q 'DOCKER-USER' /etc/ufw/after.rules || echo "Updating ufw iptables" && sudo cat $PWD/.data/ufw/after.rules >> /etc/ufw/after.rules +sudo chown root:root /etc/ufw/after.rules + +# Enable UFW +sudo ufw enable +sudo ufw status verbose diff --git a/bin/start_build.sh b/bin/start_build.sh new file mode 100755 index 0000000..af324af --- /dev/null +++ b/bin/start_build.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +# Check if FAST_PATH is set in .bashrc + +source ~/.bashrc + +if [ -z "$FAST_PATH" ]; then + echo "FAST_PATH is not set in your environment. Please check your .bashrc file." + exit 1 +fi + +# Navigate to the Fast installation directory +echo "Starting Fast build process in $FAST_PATH..." +cd "$FAST_PATH" || { echo "Failed to navigate to $FAST_PATH. Directory does not exist."; exit 1; } + +# ask the user for selection of components to build +COMPONENTS=("secret_manager" "access_manager" "task_manager" "data_manager" "bill_manager" "load_manager") + +for COMPONENT in "${COMPONENTS[@]}"; do + read -p "Do you want to build $COMPONENT? (Y/n): " BUILD_COMPONENT + if [[ "$BUILD_COMPONENT" == "y" || "$BUILD_COMPONENT" == "Y" || $BUILD_COMPONENT == "" ]]; then + bin/build "$COMPONENT:latest" + else + echo "Skipping build for $COMPONENT." + fi +done + diff --git a/config/.env b/config/.env new file mode 100644 index 0000000..88b641f --- /dev/null +++ b/config/.env @@ -0,0 +1,46 @@ +VERSION=1.0.0 +LOG_LEVEL=DEBUG + +RUNPOD_API_KEY=your_rupod_api_key_here +REDIS_URL=redis://redis:6379/0 + + +TASK_MANAGER_URL=http://fastflask-nginx-1/task/api/v1 +TASK_MANAGER_API_KEY=task_manager_api_key + +SECRET_DATABASE_URL=sqlite:////app/data/secret.db +SECRET_MANAGER_URL=http://fastflask-nginx-1/secret/api/v1 +SECRET_MANAGER_API_KEY=secret_manager_api_key + +POSTGRES_USER=your_postgres_user +POSTGRES_PASSWORD=your_postgres_password + +STORAGE_DIR=/app/data + +ACCESS_DATABASE_URL=sqlite:////app/data/access.db +ACCESS_MANAGER_URL=http://fastflask-nginx-1/access/api/v1 +ACCESS_MANAGER_API_KEY=access_manager_api_key + +PROMETHEUS_URL=http://prometheus:9090 + +EXOSCALE_API_KEY=your_exoscale_api_key_here +EXOSCALE_API_SECRET=your_exoscale_api_secret_here + +STRIPE_SECRET_KEY_PROD=your_stripe_api_secret_here +STRIPE_SECRET_KEY=your_stripe_api_key_here + +ADMIN_USERNAME=your_admin_username_here +ADMIN_PASSWORD=your_admin_password_here +ADMIN_EMAIL=your_admin@email.com + +SMPT_SERVER=your_smtp_server.com +SMPT_PORT=465 + +JWT_SECRET_KEY=your_jwt_secret_key_here +SENDER_USER=your_smtp_username_here +SENDER_PASSWORD=your_smtp_password_here +SENDER_EMAIL=your_sender_email_here + +ACTIVATION_URL=https://your.activation.url/here + +PERSONAL_API_KEY=your_personal_api_key_here diff --git a/setup.sh b/setup.sh new file mode 100755 index 0000000..1d772f3 --- /dev/null +++ b/setup.sh @@ -0,0 +1,39 @@ +apt update && apt upgrade + +sudo apt install -y tmux neovim mosh zoxide starship git + +sudo apt update +sudo apt install ca-certificates curl build-essential -y +sudo install -m 0755 -d /etc/apt/keyrings + +# Install Node.js +curl -fsSL https://deb.nodesource.com/setup_current.x | sudo -E bash - +sudo apt install nodejs -y + +# Install Docker if user agrees + +read -p "Do you want to set up Docker? (Y/n): " SETUP_DOCKER + +if [[ "$SETUP_DOCKER" == "y" || "$SETUP_DOCKER" == "Y" || $SETUP_DOCKER == "" ]]; then + $PWD/bin/setup_docker.sh +fi + +# Install UFW after asking for permission +read -p "Do you want to set up UFW (Uncomplicated Firewall)? (Y/n): " SETUP_UFW + +if [[ "$SETUP_UFW" == "y" || "$SETUP_UFW" == "Y" || $SETUP_UFW == "" ]]; then + $PWD/bin/setup_ufw.sh +fi + +$PWD/bin/setup_fast.sh +$PWD/bin/setup_env.sh + +# Ask user if they want to start building Fast components now +read -p "Do you want to start building Fast components now? (Y/n): " START_BUILD + +if [[ "$START_BUILD" == "y" || "$START_BUILD" == "Y" || $START_BUILD == "" ]]; then + $PWD/bin/start_build.sh +fi + +sudo apt autoremove -y +