diff --git a/src/000-entry.sh b/src/000-entry.sh index e0d9a1d..65917b4 100755 --- a/src/000-entry.sh +++ b/src/000-entry.sh @@ -3,7 +3,6 @@ set -xo pipefail domain_root="${DOMAIN_ROOT:-orionkindel.com}" -subdomain_gitea="${SUBDOMAIN_GITEA:-git}" uid_git="${UID_GIT:-1000}" @@ -27,7 +26,7 @@ uid_git="${UID_GIT:-1000}" # ... # ``` function doas { - ssh -F /dev/null -o IdentitiesOnly=yes -i /root/.ssh/local_ed25519 $1@localhost "set -xo pipefail; $2" + ssh -F /dev/null -o IdentitiesOnly=yes -i /root/.ssh/local_ed25519 "$1@localhost" "set -xo pipefail; $2" } rm /root/.ssh/local_ed25519 || true; diff --git a/src/010-system-apt.sh b/src/010-system-apt.sh index 5ab0a47..5407410 100755 --- a/src/010-system-apt.sh +++ b/src/010-system-apt.sh @@ -24,6 +24,8 @@ install -m 0755 -d /etc/apt/keyrings rm /etc/apt/keyrings/docker.gpg || true; curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg chmod a+r /etc/apt/keyrings/docker.gpg + +# shellcheck disable=SC2027,SC2046 echo \ "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \ "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ diff --git a/src/011-system-users.sh b/src/011-system-users.sh index 5f32f13..2b75f17 100644 --- a/src/011-system-users.sh +++ b/src/011-system-users.sh @@ -3,29 +3,29 @@ function user_del_if_exist { if id "$1" &>/dev/null; then set +x - grp=`id -g $1` + grp=$(id -g "$1") # https://i.imgflip.com/3ggbcq.jpg - until userdel $1; do pkill -eU $1 || true; done; + until userdel "$1"; do pkill -eU "$1" || true; done; set -x - groupdel $grp || true - rm -rf /home/$1 || true + groupdel "$grp" || true + rm -rf "/home/${1:?}" || true fi } function user_init { - loginctl enable-linger $1 + loginctl enable-linger "$1" - rm -r /home/$1/.ssh || true - mkdir /home/$1/.ssh - chown $1:$1 /home/$1/.ssh + rm -r "/home/$1/.ssh" || true + mkdir "/home/$1/.ssh" + chown "$1:$1" "/home/$1/.ssh" - cp /root/.ssh/local_ed25519.pub /home/$1/.ssh/authorized_keys - chown $1:$1 /home/$1/.ssh/authorized_keys - chmod 600 /home/$1/.ssh/authorized_keys + cp /root/.ssh/local_ed25519.pub "/home/$1/.ssh/authorized_keys" + chown "$1:$1" "/home/$1/.ssh/authorized_keys" + chmod 600 "/home/$1/.ssh/authorized_keys" - doas $1 " - echo $2 >> ~/.ssh/authorized_keys; - echo \"export DOCKER_HOST=unix:///run/user/`id -u $1`/docker.sock\" > ~/.bashrc; + doas "$1" " + echo \"$2\" >> ~/.ssh/authorized_keys; + echo \"export DOCKER_HOST=unix:///run/user/$(id -u "$1")/docker.sock\" > ~/.bashrc; echo \"export PATH=/usr/bin:/usr/sbin:$PATH\" >> ~/.bashrc; source ~/.bashrc; dockerd-rootless-setuptool.sh install; diff --git a/src/012-system-users-gitea.sh b/src/012-system-users-gitea.sh index bae12e1..c43e843 100644 --- a/src/012-system-users-gitea.sh +++ b/src/012-system-users-gitea.sh @@ -1,5 +1,7 @@ #! /usr/bin/bash +uid_git=${uid_git:-} + ## backup gitea data to /tmp mkdir -p /tmp/git if id git &>/dev/null; then @@ -17,17 +19,17 @@ fi ## delete and recreate `git` user user_del_if_exist git -echo $uid_git -groupadd --gid $uid_git git +echo "$uid_git" +groupadd --gid "$uid_git" git useradd \ - --gid $uid_git \ - --uid $uid_git \ + --gid "$uid_git" \ + --uid "$uid_git" \ --create-home \ --shell /bin/bash \ git -read -p 'enter public ssh key allowing sessions as `git`:' git_ssh_pub -user_init git $git_ssh_pub +read -rp "enter public ssh key allowing sessions as \`git\`:" git_ssh_pub +user_init git "$git_ssh_pub" ## restore homedir mv /tmp/git/data /home/git/ diff --git a/src/013-system-users-other.sh b/src/013-system-users-other.sh index 02200f7..003ecea 100755 --- a/src/013-system-users-other.sh +++ b/src/013-system-users-other.sh @@ -2,5 +2,5 @@ user_del_if_exist orion useradd --create-home --shell /bin/bash orion -read -p 'enter public ssh key allowing sessions as `orion`:' orion_ssh_pub -user_init orion $orion_ssh_pub +read -rp "enter public ssh key allowing sessions as \`orion\`:" orion_ssh_pub +user_init orion "$orion_ssh_pub" diff --git a/src/021-net-routing.sh b/src/021-net-routing.sh index 4ac6ddf..a0cca12 100755 --- a/src/021-net-routing.sh +++ b/src/021-net-routing.sh @@ -1,16 +1,18 @@ #! /usr/bin/bash +domain_root=${domain_root:-} + mkdir -p /etc/nginx/sites-available mkdir -p /etc/nginx/sites-enabled -rm -r /etc/nginx/sites-available/$domain_root 2>/dev/null || true -rm -r /etc/nginx/sites-enabled/$domain_root 2>/dev/null || true +rm -r "/etc/nginx/sites-available/$domain_root" 2>/dev/null || true +rm -r "/etc/nginx/sites-enabled/$domain_root" 2>/dev/null || true -touch /etc/nginx/sites-available/$domain_root -ln -s /etc/nginx/sites-available/$domain_root /etc/nginx/sites-enabled/$domain_root +touch "/etc/nginx/sites-available/$domain_root" +ln -s "/etc/nginx/sites-available/$domain_root" "/etc/nginx/sites-enabled/$domain_root" -cp ./nginx.conf /etc/nginx/sites-available/$domain_root -chmod 777 /etc/nginx/sites-available/$domain_root +cp ./nginx.conf "/etc/nginx/sites-available/$domain_root" +chmod 777 "/etc/nginx/sites-available/$domain_root" systemctl enable nginx systemctl start nginx diff --git a/src/030-gitea-actions.sh b/src/030-gitea-actions.sh index 657deb9..7db4e1b 100644 --- a/src/030-gitea-actions.sh +++ b/src/030-gitea-actions.sh @@ -1,6 +1,6 @@ #! /usr/bin/bash -read -p 'enter action runner token: ' token +read -rp 'enter action runner token: ' token cp ./gitea-actions-runner-config.yml /home/git/runner-config.yml