48 lines
1.5 KiB
Bash
Executable File
48 lines
1.5 KiB
Bash
Executable File
#!/bin/bash
|
|
set -e
|
|
echo "=== Gigafibre Infrastructure Setup ==="
|
|
|
|
# 1. Docker
|
|
if ! command -v docker &>/dev/null; then
|
|
echo "Installing Docker..."
|
|
apt-get update && apt-get install -y ca-certificates curl gnupg
|
|
install -m 0755 -d /etc/apt/keyrings
|
|
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
|
echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable" > /etc/apt/sources.list.d/docker.list
|
|
apt-get update && apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
|
|
fi
|
|
|
|
# 2. Security
|
|
apt-get install -y ufw fail2ban
|
|
cp system/jail.local /etc/fail2ban/jail.local 2>/dev/null
|
|
systemctl enable --now fail2ban
|
|
ufw default deny incoming && ufw default allow outgoing
|
|
ufw allow 22/tcp && ufw allow 80/tcp && ufw allow 443/tcp
|
|
ufw allow 1883/tcp && ufw allow 9292/tcp
|
|
echo "y" | ufw enable
|
|
|
|
# 3. Network
|
|
cp system/*.network /etc/systemd/network/
|
|
systemctl restart systemd-networkd
|
|
|
|
# 4. Docker network
|
|
docker network create proxy 2>/dev/null || true
|
|
|
|
# 5. Traefik
|
|
cd /opt/infra && docker compose -f traefik/docker-compose.yml up -d
|
|
|
|
# 6. Apps
|
|
docker compose -f apps/docker-compose.yml up -d
|
|
|
|
# 7. Oktopus
|
|
docker compose -f oktopus/docker-compose.yml up -d
|
|
|
|
# 8. Traefik Hub
|
|
cd traefik-hub && docker build -t traefik-hub:latest . && cd ..
|
|
docker compose -f traefik-hub/docker-compose.yml up -d
|
|
|
|
echo "=== Setup complete ==="
|
|
echo "Hub: https://hub.gigafibre.ca"
|
|
echo "OSS: https://oss.gigafibre.ca"
|
|
echo "Git: https://git.gigafibre.ca"
|