build.sh 3.08 KB
Newer Older
ale's avatar
ale committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
#!/bin/sh
#
# Install script for git.autistici.org/ai/website
# inside a Docker container.
#
# The installation procedure requires installing some
# dedicated packages, so we have split it out to a script
# for legibility.

# Packages that are only used to build the site. These will be
# removed once we're done.
BUILD_PACKAGES="rsync"

# Packages required to serve the website and run the services.
# We have to keep the python3 packages around in order to run
# chaperone (installed via pip).
PACKAGES="
        apache2
        apache-exporter
        libapache2-mod-removeip
	libapache2-mod-sso

        php-cli
        php-fpm
        php-mysql
        php-gd
        php-imap
        php-mcrypt
ale's avatar
ale committed
29
	php-mbstring
ale's avatar
ale committed
30
	php-xml
ale's avatar
ale committed
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
        mysql-client

        python3-pip
        python3-setuptools
        python3-wheel
"

# Apache modules to enable.
APACHE_MODULES_ENABLE="
        headers
        proxy_fcgi
        removeip
        rewrite
        setenvif
	sso
ale's avatar
ale committed
46
	unique_id
ale's avatar
ale committed
47 48 49 50 51
"

# Apache modules that are enabled by default by the Debian package,
# and that we want to disable.
APACHE_MODULES_DISABLE="
ale's avatar
ale committed
52
	access_compat
ale's avatar
ale committed
53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101
        ssl
"

# Config snippets to enable for Apache.
APACHE_CONFIG_ENABLE="
        metrics
        php7.0-fpm
"

# Config snippets to disable.
APACHE_CONFIG_DISABLE="
        other-vhosts-access-log
        serve-cgi-bin
"

# Sites to enable.
APACHE_SITES="
	webmail
"

# The default bitnami/minideb image defines an 'install_packages'
# command which is just a convenient helper. Define our own in
# case we are using some other Debian image.
if [ "x$(which install_packages)" = "x" ]; then
    install_packages() {
        env DEBIAN_FRONTEND=noninteractive apt-get install -qqy --no-install-recommends "$@"
    }
fi

set -e

# Install the main A/I package repository.
install_packages curl gnupg
echo "deb http://deb.autistici.org/urepo ai3/" > /etc/apt/sources.list.d/ai.list
curl -s http://deb.autistici.org/repo.key | apt-key add -
apt-get -q update

install_packages ${BUILD_PACKAGES} ${PACKAGES}

# Install the configuration, overlayed over /etc.
rsync -a /tmp/conf/ /etc/

# Enable/disable Apache modules and configs.
a2enmod -q ${APACHE_MODULES_ENABLE}
a2dismod -q -f ${APACHE_MODULES_DISABLE}
a2enconf -q ${APACHE_CONFIG_ENABLE}
a2disconf -q ${APACHE_CONFIG_DISABLE}
a2ensite ${APACHE_SITES}

ale's avatar
ale committed
102 103 104
# Fix Apache error logging.
sed -i -e 's@^ErrorLog.*$@ErrorLog /dev/stderr@' /etc/apache2/apache2.conf

ale's avatar
ale committed
105 106 107 108 109 110 111 112 113 114
# Create runtime directories (since we're not going to use init
# scripts or systemd units to start the services).
mkdir -p /var/run/apache2 /var/run/php

# Fix runtime permissions for the Roundcube data directories.
for d in temp logs ; do
    chown www-data:www-data /var/www/webmail/$d
    chmod 700 /var/www/webmail/$d
done

ale's avatar
ale committed
115 116 117
# Ensure that the startup script is executable.
chmod 755 /start.sh

ale's avatar
ale committed
118 119 120
# Create config mountpoint
mkdir -p /etc/roundcube

ale's avatar
ale committed
121 122 123 124 125 126 127 128 129 130 131
# Install Chaperone (minimalistic init service).
pip3 install chaperone
rm -fr /root/.cache/pip

# Remove packages used for installation.
apt-get remove -y --purge curl gnupg ${BUILD_PACKAGES}
apt-get autoremove -y
apt-get clean
rm -fr /var/lib/apt/lists/*
rm -fr /tmp/conf