Scripts for setting up nginx

script/docker/printAllBridgedNetworksWithRange.sh

@@ -0,0 +1,4 @@
+#/bin/bash
+
+docker network inspect $(docker network ls | grep -F 'bridge' | cut -d' ' -f1) \
+    | jq -r '.[] | .Name + " " + .IPAM.Config[0].Subnet' -

script/docker/printContainerNamesOfComposition.sh

@@ -0,0 +1,23 @@
+#/bin/bash
+
+_COMPOSITION_FILE="${1:-./docker-compose.yml}"
+
+[ -d "${_COMPOSITION_FILE}" ] \
+    && echo "A valid composition file ('docker-compose.yml') is needed. Given parameter was: ${_COMPOSITION_FILE}" >&2 \
+    && exit 1
+
+_DOCKER_COMPOSE_CMD=""
+
+[ "${_DOCKER_COMPOSE_CMD}" = "" ] \
+    && docker compose version 2> /dev/null | grep -q version \
+    && _DOCKER_COMPOSE_CMD="docker compose"
+
+[ "${_DOCKER_COMPOSE_CMD}" = "" ] \
+    && docker-compose version 2> /dev/null | grep -q version \
+    && _DOCKER_COMPOSE_CMD="docker-compose"
+
+[ "${_DOCKER_COMPOSE_CMD}" = "" ] \
+    && echo "Command 'docker compose' not found" >&2 \
+    && exit 1
+
+${_DOCKER_COMPOSE_CMD} -f "${_COMPOSITION_FILE}" images | tail -n +2 | cut -d' ' -f1

script/host/net/printAllShortManagedHostnamesFromHostsFile.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Select just lines containing 'managedHost'.
+# 1.) Remove everything after a '#' (including the #).
+# 2.) Remove every indenting.
+# 3.) Remove blanks (spaces or tabs) at the end of lines.
+# 4.) Replace blanks (spaces or tabs) with one ';' between the values.
+# 5.) Delete empty lines.
+# Then cut the second field
+# Then cut the first field to get the short hostname
+grep 'managedHost' /etc/hosts \
+    | sed -e 's/#.*//' \
+        -e 's/^[[:blank:]]*//' \
+        -e 's/[[:blank:]]*$//' \
+        -e 's/\s\+/;/g' \
+        -e '/^$/d' \
+    | cut -d';' -f2 \
+    | cut -d'.' -f1
+

script/host/net/printOwnDefaultMACAdress.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+cat /sys/class/net/e*/address \
+    | head -n 1

script/host/net/printOwnIPv4Adress.sh

@@ -0,0 +1,108 @@
+#!/bin/bash
+
+#grep -E '(:|^(127|169\.254|10|172\.(1(6|7|8|9)|2[0-9]|30|31)|192\.168|(22(4|5|6|7|8|9)|23(0|1|2|3|4|5|6|7|8|9))).*)' findet:
+#  loopback:  127.0.0.0/8
+#  linklocal: 169.254.0.0/16
+#  private:   10.0.0.0/8,
+#             172.16.0.0/12,   (172.16… bis 172.31…)
+#             192.168.0.0/16
+# multicast:  224.0.0.0/4      (224… bis 239…)
+
+
+function all() {
+    # Select just lines containing 'inet'.
+    # 1.) Remove every indenting.
+    # 2.) Remove 'inet '.
+    # 3.) Remove everything after a '/' (including the /).
+    ip -4 addr \
+        | grep 'inet' \
+        | sed -e 's/^[[:blank:]]*//' \
+            -e 's/inet //' \
+            -e 's/\/.*//'
+}
+
+function routed() {
+    local _DEVICE
+    _DEVICE="$(ip -4 route show default | xargs -n 1 | grep -A1 -i dev | tail -n 1)"
+    readonly _DEVICE
+
+    ip -4 addr show dev "${_DEVICE:?"Missing DEVICE"}" scope global \
+        | grep 'inet' | xargs -n 1 \
+        | grep -A1 'inet' \
+        | tail -n 1 \
+        | cut -d/ -f1
+}
+
+function public() {
+    hostname -I | xargs -n 1 \
+        | grep -vE '(:|^(127|169\.254|10|172\.(1(6|7|8|9)|2[0-9]|30|31)|192\.168|(22(4|5|6|7|8|9)|23(0|1|2|3|4|5|6|7|8|9))).*)'
+}
+
+# Maybe use "resolvectl status" to get DNS Server and specify 'nslookup'
+function published() {
+    local _BOOT_HOSTNAME
+    _BOOT_HOSTNAME="$(hostname -b)"
+    readonly _BOOT_HOSTNAME
+
+    nslookup -type=A "${_BOOT_HOSTNAME:?"Missing BOOT_HOSTNAME"}" | xargs -n 1 \
+        | grep -A2 -i "${_BOOT_HOSTNAME}" \
+        | grep -A1 -i 'address' \
+        | tail -n1
+}
+
+function verified() {
+    local _PUBLISHED_IP
+    _PUBLISHED_IP="$(published)"
+    readonly _PUBLISHED_IP
+
+    [ -z "${_PUBLISHED_IP}" ] \
+        && return 0
+
+    all | grep "${_PUBLISHED_IP}"
+}
+
+function usage() {
+    echo "Use one of the following options:"
+    echo "  --all       : prints all IPv4 addresses"
+    echo "  --routed    : prints the IPv4 address used to send traffic to the default gateway"
+    echo "  --public    : prints all IPv4 addresses direct accessable from the internet"
+    echo "  --published : prints the IPv4 address provided by DNS using this host's name"
+    echo "  --verified  : prints the IPv4 included in 'all' und respended by 'published'"
+}
+
+
+
+function main(){
+
+    case "${1}" in
+        --all)
+            all
+            return 0
+            ;;
+        --routed)
+            routed
+            return 0
+            ;;
+        --public)
+            public
+            return 0
+            ;;
+        --published)
+            published
+            return 0
+            ;;
+        --verified)
+            verified
+            return 0
+            ;;
+        *)
+            usage
+            return 1
+            ;;
+    esac
+
+    return 1
+
+}
+
+ main "$@" && exit 0 || exit 1

script/host/net/printOwnIPv6Adress.sh

@@ -0,0 +1,109 @@
+#!/bin/bash
+
+#grep -E '(^::1|(^fc.*|^fd.*)|^fe80::.*|^ff.*)' findet:
+#  loopback: ::1/128
+#  uniquelocal: fc00::/7   (fc00… bis fdff…)
+#  linklocal:   fe80::/64
+#  multicast:   ff00::/8   (ff…)
+
+
+
+function all() {
+    # Select just lines containing 'inet6'.
+    # 1.) Remove every indenting.
+    # 2.) Remove 'inet6 '.
+    # 3.) Remove everything after a '/' (including the /).
+    ip -6 addr \
+        | grep 'inet6' \
+        | sed -e 's/^[[:blank:]]*//' \
+            -e 's/inet6 //' \
+            -e 's/\/.*//'
+}
+
+function routed() {
+    local _DEVICE
+    _DEVICE="$(ip -6 route show default | xargs -n 1 | grep -A1 -i dev | tail -n 1)"
+    readonly _DEVICE
+
+    ip -6 addr show dev "${_DEVICE:?"Missing DEVICE"}" scope global \
+        | grep 'inet6' \
+        | xargs -n 1 \
+        | grep -A1 'inet6' \
+        | grep ':' \
+        | cut -d/ -f1
+}
+
+function public() {
+    hostname -I | xargs -n 1 \
+        | grep ':' \
+        | grep -vE '(^::1|(^fc.*|^fd.*)|^fe80::.*|^ff.*)'
+}
+
+# Maybe use "resolvectl status" to get DNS Server and specify 'nslookup'
+function published() {
+    local _BOOT_HOSTNAME
+    _BOOT_HOSTNAME="$(hostname -b)"
+    readonly _BOOT_HOSTNAME
+
+    nslookup -type=AAAA "${_BOOT_HOSTNAME:?"Missing BOOT_HOSTNAME"}" | xargs -n 1 \
+        | grep -A2 -i "${_BOOT_HOSTNAME}" \
+        | grep -A1 -i address \
+        | tail -n1
+}
+
+function verified() {
+    local _PUBLISHED_IP
+    _PUBLISHED_IP="$(published)"
+    readonly _PUBLISHED_IP
+
+    [ -z "${_PUBLISHED_IP}" ] \
+        && return 0
+
+    all | grep "${_PUBLISHED_IP}"
+}
+
+function usage() {
+    echo "Use one of the following options:"
+    echo "  --all       : prints all IPv6 addresses"
+    echo "  --routed    : prints the IPv6 address used to send traffic to the default gateway"
+    echo "  --public    : prints all IPv6 addresses direct accessable from the internet"
+    echo "  --published : prints the IPv6 address provided by DNS using this host's name"
+    echo "  --verified  : prints the IPv6 included in 'all' und respended by 'published'"
+}
+
+
+
+function main(){
+
+    case "${1}" in
+        --all)
+            all
+            return 0
+            ;;
+        --routed)
+            routed
+            return 0
+            ;;
+        --public)
+            public
+            return 0
+            ;;
+        --published)
+            published
+            return 0
+            ;;
+        --verified)
+            verified
+            return 0
+            ;;
+        *)
+            usage
+            return 1
+            ;;
+    esac
+
+    return 1
+
+}
+
+ main "$@" && exit 0 || exit 1

script/host/net/printOwnMACAdresses.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+cat /sys/class/net/e*/address

script/host/net/printOwnShortHostnameFromHostsFile.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# Select just lines containing 'inet'.
+# 1.) Remove every indenting.
+# 2.) Remove 'inet '.
+# 3.) Remove everything after a '/' (including the /).
+# Search each IP of the IPv4-list in file '/etc/hosts' 
+# Select just lines containing 'managedHost'.
+# 1.) Remove everything after a '#' (including the #).
+# 2.) Remove every indenting.
+# 3.) Remove blanks (spaces or tabs) at the end of lines.
+# 4.) Replace blanks (spaces or tabs) with one ';' between the values.
+# 5.) Delete empty lines.
+# Then cut the second field
+# Then cut the first field to get the short hostname
+ip -4 addr \
+    | grep 'inet' \
+    | sed -e 's/^[[:blank:]]*//' \
+        -e 's/inet //' \
+        -e 's/\/.*//' \
+    | xargs -i grep {} /etc/hosts \
+    | grep 'managedHost' \
+    | sed -e 's/#.*//' \
+        -e 's/^[[:blank:]]*//' \
+        -e 's/[[:blank:]]*$//' \
+        -e 's/\s\+/;/g' \
+        -e '/^$/d' \
+    | cut -d';' -f2 \
+    | cut -d'.' -f1
+

script/host/nginx/restartIfConfigurationIsValid.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+nginx -t &> /dev/null \
+    && systemctl restart nginx.service \
+    && exit 0
+
+exit 1

script/host/nginx/setup.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+function main() {
+    local _SCRIPTPATH _DH_PATH _SELF_SIGNED_PATH
+    _SCRIPTPATH="$(cd -- "$(dirname "$0")" > /dev/null 2>&1; pwd -P)"
+    _DH_PATH="/etc/ssl/private"
+    _SELF_SIGNED_PATH="/etc/ssl/private"
+    readonly _SCRIPTPATH _DH_PATH _SELF_SIGNED_PATH
+
+    ! dpkg -s nginx > /dev/null 2>&1 \
+        && apt-get --yes install nginx-full \
+        && echo "Nginx erfolgreich installiert." \
+        || echo "Nginx ist bereits installiert."
+
+    ! dpkg -s openssl > /dev/null 2>&1 \
+        && apt-get --yes install openssl \
+        && echo "OpenSSL erfolgreich installiert." \
+        || echo "OpenSSL ist bereits installiert."
+
+    ! [ -f "${_DH_PATH}/dhparam4096.pem" ] \
+        && mkdir -p "${_DH_PATH}" \
+        && chmod go-rwx "${_DH_PATH}" \
+        && openssl dhparam -out "${_DH_PATH}/dhparam4096.pem" 4096 \
+        && echo "Diffie-Hellman-Parameters erfolgreich erstellt." \
+        || echo "Diffie-Hellman-Parameters bereits vorhanden."
+
+    ! [ -f "${_SELF_SIGNED_PATH}/selfsigned-private.key" ] \
+        && mkdir -p "${_SELF_SIGNED_PATH}" \
+        && chmod go-rwx "${_SELF_SIGNED_PATH}" \
+        && openssl req -x509 -days 36524 -nodes -newkey rsa:4096 \
+             -keyout "${_SELF_SIGNED_PATH}/selfsigned-private.key" \
+             -out "${_SELF_SIGNED_PATH}/selfsigned-fullchain.crt" \
+        && echo "Selbstsignierte Standardschlüssel erfolgreich erstellt." \
+        || echo "Selbstsignierte Standardschlüssel bereits vorhanden."
+
+#TODO Links erstellen
+#    [ -d "/etc/nginx/" ] \
+#        && cp "${_SCRIPTPATH}/etc_nginx_conf.d/"* "/etc/nginx/conf.d/" \
+#        && mkdir -p /etc/nginx/ssl-trusted \
+#        && cp "${_SCRIPTPATH}/etc_nginx_ssl-trusted/"* "/etc/nginx/ssl-trusted/" \
+#        && mkdir -p /var/www/letsencrypt/.well-known/acme-challenge \
+#        && echo "Basis-Konfiguration erfolgreich erstellt." \
+#        || echo "Basis-Konfiguration bereits vorhanden."
+
+    echo \
+        && echo "Nginx neu starten:" \
+        && nginx -t \
+        && systemctl restart nginx.service \
+        && return 0
+
+    return 1
+}
+
+main "$@" && exit 0 || exit 1

script/host/user/addUserToSudoGroup.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sudo usermod --append --groups sudo "${1:?"Missing first parameter USER"}"

script/host/user/removeUserFromSudoGroup.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sudo usermod --remove --groups sudo "${1:?"Missing first parameter USER"}"