-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsetup.sh
More file actions
112 lines (92 loc) · 2.62 KB
/
setup.sh
File metadata and controls
112 lines (92 loc) · 2.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
#!/bin/bash
set -e
# Green and red gecho
gecho() { echo -e "\033[1;32m$1\033[0m"; }
recho() { echo -e "\033[1;31m$1\033[0m"; }
# Parse command line arguments
FORCE=false
for arg in "$@"; do
if [ "$arg" == "--force" ]; then
FORCE=true
fi
done
# Check prerequisites
if [ "$FORCE" = false ] && { [ ! -f "/etc/lsb-release" ] || [ -z "$(grep '24.04' /etc/lsb-release)" ]; }; then
recho "ERROR: The official Icebox setup script only supports Ubuntu Server 24.04"
recho "Use --force flag to override this check and run at your own risk."
exit 1
fi
if [ "$EUID" -ne 0 ]; then
recho "ERROR: Must be run as root."
exit 1
fi
# Check config
if [ -z "$ICEBOX_USER" ]; then
ICEBOX_USER="icebox"
fi
if [ -z "$DEVICE_IP" ]; then
DEVICE_IP=$(ip route get 1 | awk '{print $7; exit}')
fi
gecho "Installing Icebox to run as $ICEBOX_USER with IP address $DEVICE_IP"
gecho "Configuring user"
if [ ! "$(id -u "$ICEBOX_USER" 2>/dev/null)" ]; then
gecho "Adding user $ICEBOX_USER"
useradd -r -s /usr/sbin/nologin "$ICEBOX_USER"
fi
usermod -aG adm icebox
if [ -d /opt/icebox/icebox ]; then
gecho "Removing old Icebox installation"
rm -fr /opt/icebox/icebox
fi
gecho "Setting up directories"
mkdir -p /opt/icebox/icebox
mkdir -p /etc/icebox
mkdir -p /var/log/icebox
touch /etc/icebox/config-icewatch.json
chown $ICEBOX_USER:$ICEBOX_USER /etc/icebox/config-icewatch.json
gecho "Installing Icebox"
DEPLOY_DIR=$(mktemp -d)
cd "$DEPLOY_DIR"
git clone https://github.com/icewatch-io/icebox.git
if [ -d Icebox ]; then
mv Icebox icebox
fi
cd icebox
mv src/icebox /opt/icebox
chmod +x /opt/icebox/icebox/iptables.sh
if [ ! -f /etc/icebox/config.json ]; then
gecho "Using example config"
cp "$DEPLOY_DIR/icebox/config-example.json" /etc/icebox/config.json
else
gecho "Using existing config"
fi
chown -R $ICEBOX_USER:$ICEBOX_USER /opt/icebox
chown -R $ICEBOX_USER:$ICEBOX_USER /var/log/icebox
chmod -R g+x /opt/icebox/icebox
cd /opt/icebox
rm -rf "$DEPLOY_DIR"
gecho "Setting up Icebox service"
if [ -f /etc/systemd/system/icebox.service ]; then
rm /etc/systemd/system/icebox.service
fi
cat >/etc/systemd/system/icebox.service <<EOF
[Unit]
Description=Icebox
[Service]
Type=simple
ExecStartPre=+/opt/icebox/icebox/iptables.sh add
ExecStopPost=+/opt/icebox/icebox/iptables.sh remove
ExecStart=python3 -B /opt/icebox/icebox
WorkingDirectory=/opt/icebox/
User=$ICEBOX_USER
Group=$ICEBOX_USER
Restart=always
RestartSec=1s
TimeoutStopSec=15
[Install]
WantedBy=multi-user.target
EOF
gecho "Starting Icebox service"
systemctl daemon-reload
systemctl enable icebox --now
gecho "Icebox installed and started. Reboot recommended."