From ab0074c0a445ae9c8919ca475fd941d5682d73eb Mon Sep 17 00:00:00 2001 From: Eliezer Croitoru Date: Tue, 27 Aug 2024 09:44:36 +0300 Subject: [PATCH 1/4] Added basic squid installation --- disable-rp-filter.sh | 3 +++ install-ngtech-squid.sh | 38 ++++++++++++++++++++++++++++++++++++++ rules.v4 | 0 rules.v6 | 37 +++++++++++++++++++++++++++++++++++++ 4 files changed, 78 insertions(+) create mode 100755 disable-rp-filter.sh create mode 100755 install-ngtech-squid.sh create mode 100644 rules.v4 create mode 100644 rules.v6 diff --git a/disable-rp-filter.sh b/disable-rp-filter.sh new file mode 100755 index 0000000..270d059 --- /dev/null +++ b/disable-rp-filter.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +sysctl -a|grep \.rp_filter|gawk '{print $1}' |xargs -I{} sysctl -w {}=0 diff --git a/install-ngtech-squid.sh b/install-ngtech-squid.sh new file mode 100755 index 0000000..1ff75b9 --- /dev/null +++ b/install-ngtech-squid.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env bash + +dnf module disable squid -y + +cat < /etc/yum.repos.d/ngtech-squid.repo +[ngtech-squid] +name=Rocky Linux \$releasever - NgTech Squid Repo +#mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=\$basearch&repo=BaseOS-\$releasever +baseurl=https://www.ngtech.co.il/repo/rocky/\$releasever/\$basearch/ +gpgcheck=0 +enabled=1 +countme=1 +EOF + +dnf check-update + +dnf install -y squid squid-helpers + +dnf install -y epel-release + +crb enable + +dnf install -y epel-release + +dnf install -y iptstate atop htop conntrack-tools curl jq wget iptables-services iptables-utils \ + tcpdump + +systemctl disable firewalld --now + +cp -vf rules.v4 /etc/sysconfig/iptables +cp -vf rules.v6 /etc/sysconfig/ip6tables + + +systemctl start iptables +systemctl start ip6tables + +systemctl enable iptables +systemctl enable ip6tables diff --git a/rules.v4 b/rules.v4 new file mode 100644 index 0000000..e69de29 diff --git a/rules.v6 b/rules.v6 new file mode 100644 index 0000000..e9d7fd8 --- /dev/null +++ b/rules.v6 @@ -0,0 +1,37 @@ +# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024 +*filter +:INPUT ACCEPT [9:758] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [9:608] +COMMIT +# Completed on Tue Aug 27 02:40:47 2024 +# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024 +*security +:INPUT ACCEPT [9:758] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [9:608] +COMMIT +# Completed on Tue Aug 27 02:40:47 2024 +# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024 +*raw +:PREROUTING ACCEPT [9:758] +:OUTPUT ACCEPT [9:608] +COMMIT +# Completed on Tue Aug 27 02:40:47 2024 +# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024 +*mangle +:PREROUTING ACCEPT [9:758] +:INPUT ACCEPT [9:758] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [9:608] +:POSTROUTING ACCEPT [9:608] +COMMIT +# Completed on Tue Aug 27 02:40:47 2024 +# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024 +*nat +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +COMMIT +# Completed on Tue Aug 27 02:40:47 2024 From a047599fc859113377ed4553926e4f71a44e2c83 Mon Sep 17 00:00:00 2001 From: Eliezer Croitoru Date: Sun, 1 Sep 2024 03:13:03 +0300 Subject: [PATCH 2/4] Added basic semaphore scripts --- create-semaphore-db.sql | 23 +++++++++++++++++ install-semaphore.sh | 57 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+) create mode 100644 create-semaphore-db.sql create mode 100644 install-semaphore.sh diff --git a/create-semaphore-db.sql b/create-semaphore-db.sql new file mode 100644 index 0000000..aaeeef4 --- /dev/null +++ b/create-semaphore-db.sql @@ -0,0 +1,23 @@ +CREATE DATABASE semaphore; +CREATE USER 'semaphore'@'localhost' IDENTIFIED BY 'semaphore'; +GRANT Usage ON *.* TO 'semaphore'@'localhost'; +GRANT Alter ON semaphore.* TO 'semaphore'@'localhost'; +GRANT Create ON semaphore.* TO 'semaphore'@'localhost'; +GRANT Create view ON semaphore.* TO 'semaphore'@'localhost'; +GRANT Delete ON semaphore.* TO 'semaphore'@'localhost'; +GRANT Delete history ON semaphore.* TO 'semaphore'@'localhost'; +GRANT Drop ON semaphore.* TO 'semaphore'@'localhost'; +GRANT Index ON semaphore.* TO 'semaphore'@'localhost'; +GRANT Insert ON semaphore.* TO 'semaphore'@'localhost'; +GRANT References ON semaphore.* TO 'semaphore'@'localhost'; +GRANT Select ON semaphore.* TO 'semaphore'@'localhost'; +GRANT Show view ON semaphore.* TO 'semaphore'@'localhost'; +GRANT Trigger ON semaphore.* TO 'semaphore'@'localhost'; +GRANT Update ON semaphore.* TO 'semaphore'@'localhost'; +GRANT Alter routine ON semaphore.* TO 'semaphore'@'localhost'; +GRANT Create routine ON semaphore.* TO 'semaphore'@'localhost'; +GRANT Create temporary tables ON semaphore.* TO 'semaphore'@'localhost'; +GRANT Execute ON semaphore.* TO 'semaphore'@'localhost'; +GRANT Lock tables ON semaphore.* TO 'semaphore'@'localhost'; +GRANT Show Create Routine ON semaphore.* TO 'semaphore'@'localhost'; + diff --git a/install-semaphore.sh b/install-semaphore.sh new file mode 100644 index 0000000..317d7ed --- /dev/null +++ b/install-semaphore.sh @@ -0,0 +1,57 @@ +#!/usr/bin/env bash + +dnf install -y jq + +RPM_URL="https://github.com/semaphoreui/semaphore/releases/download/v2.10.22/semaphore_2.10.22_linux_amd64.rpm" +OUTPUT_FILENAME="semaphore_2.10.22_linux_amd64.rpm" + + +wget "${RPM_URL}" -O "${OUTPUT_FILENAME}" + +dnf localinstall -y ./semaphore*amd64.rpm + +dnf module disable mariadb -y + +wget "https://downloads.mariadb.com/MariaDB/mariadb_repo_setup" -O "mariadb_repo_setup" +# Checksum check +bash "mariadb_repo_setup" + +dnf install mariadb-server -y + +systemctl start mariadb +systemctl enable mariadb + +## Create database and user + +## setup semaphore + +## install config + +mkdir -p /etc/semaphore +cp -vf config.json /etc/semaphore/ + +##Create service + +cat > /etc/systemd/system/semaphore.service < Date: Sun, 1 Sep 2024 03:14:44 +0300 Subject: [PATCH 3/4] added enable sempahore --- install-semaphore.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/install-semaphore.sh b/install-semaphore.sh index 317d7ed..57cdbd7 100644 --- a/install-semaphore.sh +++ b/install-semaphore.sh @@ -53,5 +53,8 @@ EOF systemctl daemon-reload +systemctl start semaphore +systemctl enable semaphore + firewall-cmd --add-port=3000/tcp --permanent firewall-cmd --reload From f624077d8d12625438010c88fedef7c1061cf5bf Mon Sep 17 00:00:00 2001 From: Eliezer Croitoru Date: Sat, 7 Sep 2024 11:26:26 +0300 Subject: [PATCH 4/4] Periodic updates --- init-packages | 3 +++ init.sh | 3 +++ install-ansible.sh | 9 +++++++++ 3 files changed, 15 insertions(+) create mode 100644 init-packages create mode 100644 init.sh create mode 100755 install-ansible.sh diff --git a/init-packages b/init-packages new file mode 100644 index 0000000..36b9480 --- /dev/null +++ b/init-packages @@ -0,0 +1,3 @@ +wget +curl +git diff --git a/init.sh b/init.sh new file mode 100644 index 0000000..44a9677 --- /dev/null +++ b/init.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +dnf install -y $( cat init-packages ) diff --git a/install-ansible.sh b/install-ansible.sh new file mode 100755 index 0000000..8c242f4 --- /dev/null +++ b/install-ansible.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +dnf install -y python3.12 python3.12-devel python3.12-pip + +update-alternatives --set python3 /usr/bin/python3.12 + +python3 -m pip install --upgrade pip + +python3 -m pip install --upgrade ansible