add lychee_install script

2025-03-30 23:52:47 +02:00 · 2025-03-30 23:52:47 +02:00 · b8808e4219
parent 5375a48bfd
commit b8808e4219
3 changed files with 160 additions and 0 deletions
--- a/scripts/.directories.txt
+++ b/scripts/.directories.txt
@ -1,3 +1,4 @@
+all_inclusive
 common
 server-dhcp
 server-httpd
--- a/scripts/all_inclusive/.list_files.txt
+++ b/scripts/all_inclusive/.list_files.txt
@ -0,0 +1 @@
+lychee_install.sh
--- a/scripts/all_inclusive/lychee_install.sh
+++ b/scripts/all_inclusive/lychee_install.sh
@ -0,0 +1,158 @@
+#!/bin/bash
+
+# Vérifier que le script est lancé en root
+if [[ $EUID -ne 0 ]]; then
+  echo "Ce script doit être exécuté en tant que root." >&2
+  exit 1
+fi
+
+# Définir les variables
+DB_NAME="lychee"
+DB_USER="lycheeuser"
+LYCHEE_DIR="/var/www/lychee"
+APACHE_CONF="/etc/apache2/sites-available/lychee.conf"
+PHP_VERSION="8.3"
+
+PHP_INI_CLI="/etc/php/${PHP_VERSION}/cli/php.ini"
+PHP_INI_APACHE="/etc/php/${PHP_VERSION}/apache2/php.ini"
+
+# Générer un mot de passe alphanumérique sécurisé
+DB_PASSWORD=$(tr -dc 'A-Za-z0-9' </dev/urandom | head -c 16)
+echo "Mot de passe généré pour la base de données : ${DB_PASSWORD}"
+
+# Sauvegarde temporaire root-only
+echo "${DB_PASSWORD}" > /root/.lychee_db_password
+chmod 600 /root/.lychee_db_password
+
+# Mise à jour du système
+apt update && apt upgrade -y
+
+# Ajout du dépôt Sury pour PHP 8.3
+apt install -y apt-transport-https lsb-release ca-certificates wget gnupg2
+wget -qO - https://packages.sury.org/php/apt.gpg | gpg --dearmor -o /etc/apt/trusted.gpg.d/php.gpg
+echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list
+apt update
+
+# Installation des paquets nécessaires
+apt install -y apache2 mariadb-server php${PHP_VERSION} php${PHP_VERSION}-cli php${PHP_VERSION}-intl php${PHP_VERSION}-xmlrpc \
+php${PHP_VERSION}-soap php${PHP_VERSION}-mysql php${PHP_VERSION}-zip php${PHP_VERSION}-gd php${PHP_VERSION}-tidy \
+php${PHP_VERSION}-mbstring php${PHP_VERSION}-curl php${PHP_VERSION}-xml php${PHP_VERSION}-bcmath php${PHP_VERSION}-imagick \
+php${PHP_VERSION}-tokenizer libapache2-mod-php${PHP_VERSION} unzip
+
+# Définir la timezone PHP pour CLI et Apache
+sed -i "s|^;*date.timezone =.*|date.timezone = Europe/Paris|" ${PHP_INI_CLI}
+sed -i "s|^;*date.timezone =.*|date.timezone = Europe/Paris|" ${PHP_INI_APACHE}
+
+
+# Sécuriser MariaDB
+mysql_secure_installation <<EOF
+
+y
+n
+y
+y
+y
+y
+EOF
+
+# Créer la base et l'utilisateur avec droits restreints
+mysql <<EOF
+CREATE DATABASE ${DB_NAME} CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+CREATE USER '${DB_USER}'@'localhost' IDENTIFIED BY '${DB_PASSWORD}';
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON ${DB_NAME}.* TO '${DB_USER}'@'localhost';
+FLUSH PRIVILEGES;
+EOF
+
+# Télécharger et installer Lychee proprement
+cd /tmp
+wget https://github.com/LycheeOrg/Lychee/releases/latest/download/Lychee.zip
+unzip Lychee.zip
+rm -rf ${LYCHEE_DIR}
+mv Lychee ${LYCHEE_DIR}
+rm Lychee.zip
+
+# Demander le nom de domaine ou l'IP publique
+read -p "Entrez le nom de domaine ou l'adresse IP d'accès à Lychee (ex: lychee.mondomaine.fr ou 192.168.1.100) : " LYCHEE_HOST
+
+# Forcer le protocole HTTP pour APP_URL
+APP_URL="http://${LYCHEE_HOST}"
+
+# Modification du .env
+cp ${LYCHEE_DIR}/.env.example ${LYCHEE_DIR}/.env
+
+sed -i "s|^APP_URL=.*|APP_URL=${APP_URL}|" ${LYCHEE_DIR}/.env
+sed -i "s|^DB_CONNECTION=.*|DB_CONNECTION=mysql|" ${LYCHEE_DIR}/.env
+sed -i "s|^DB_HOST=.*|DB_HOST=127.0.0.1|" ${LYCHEE_DIR}/.env
+sed -i "s|^DB_PORT=.*|DB_PORT=3306|" ${LYCHEE_DIR}/.env
+sed -i "s|^#*DB_DATABASE=.*|DB_DATABASE=${DB_NAME}|" ${LYCHEE_DIR}/.env
+sed -i "s|^#*DB_USERNAME=.*|DB_USERNAME=${DB_USER}|" ${LYCHEE_DIR}/.env
+sed -i "s|^#*DB_PASSWORD=.*|DB_PASSWORD=\"${DB_PASSWORD}\"|" ${LYCHEE_DIR}/.env
+
+# Définir le fuseau horaire
+echo "APP_TIMEZONE=Europe/Paris" >> ${LYCHEE_DIR}/.env
+
+# Propriétés et permissions
+chown -R www-data:www-data ${LYCHEE_DIR}
+chmod 640 ${LYCHEE_DIR}/.env
+find ${LYCHEE_DIR} -type f -exec chmod 640 {} \;
+find ${LYCHEE_DIR} -type d -exec chmod 750 {} \;
+
+# Permissions spécifiques pour data/upload
+chmod -R 750 ${LYCHEE_DIR}/uploads/ ${LYCHEE_DIR}/data/
+
+# Permissions spécifiques attendues par Lychee
+chmod -R g+s ${LYCHEE_DIR}/public/uploads
+chmod -R g+s ${LYCHEE_DIR}/public/sym
+chmod 2775 ${LYCHEE_DIR}/public/uploads
+chmod 2775 ${LYCHEE_DIR}/public/uploads/import
+chmod 2775 ${LYCHEE_DIR}/public/sym
+chmod 0664 ${LYCHEE_DIR}/public/uploads/import/index.html
+chmod 0664 ${LYCHEE_DIR}/public/sym/index.html
+chmod 2775 ${LYCHEE_DIR}/storage/tmp/jobs
+chmod 2775 ${LYCHEE_DIR}/storage/tmp/uploads
+chmod -R g+s ${LYCHEE_DIR}/storage/tmp/jobs
+chmod -R g+s ${LYCHEE_DIR}/storage/tmp/uploads
+
+# Protéger les fichiers sensibles via .htaccess
+cat > ${LYCHEE_DIR}/.htaccess <<EOF
+<FilesMatch "\.(env|env\.example|sql|log|conf)$">
+    Order allow,deny
+    Deny from all
+</FilesMatch>
+EOF
+
+# Configuration Apache
+cat > ${APACHE_CONF} <<EOF
+<VirtualHost *:80>
+    ServerAdmin webmaster@localhost
+    DocumentRoot ${LYCHEE_DIR}/public
+
+    <Directory ${LYCHEE_DIR}/public>
+        Options -Indexes +FollowSymLinks
+        AllowOverride All
+        Require all granted
+    </Directory>
+
+    ErrorLog \${APACHE_LOG_DIR}/lychee_error.log
+    CustomLog \${APACHE_LOG_DIR}/lychee_access.log combined
+
+    LimitRequestBody 10485760
+</VirtualHost>
+EOF
+
+# Désactiver modules inutiles
+a2dismod -f autoindex status cgi userdir
+
+# Activer Lychee et désactiver le site par défaut
+a2enmod rewrite
+a2ensite lychee.conf
+a2dissite 000-default.conf
+
+# Recharger Apache
+systemctl reload apache2
+
+# Déterminer l'IP locale
+IP=$(hostname -I | awk '{print $1}')
+
+echo "Installation de Lychee terminée."
+echo "Accédez à l’interface web pour finaliser la configuration : http://${IP}"