Don't read this — it's a secret

README.md

@@ -0,0 +1,2 @@
+# don't read this
+it is secret

bind_snoots

@@ -0,0 +1,11 @@
+#!/bin/sh
+cd /www/snoot.club/snoots
+for snoot in *; do
+	real="/www/snoot.club/snoots/$snoot/application/website"
+	pretend="/snoots/$snoot/website"
+	sudo mkdir -p "$pretend"
+	sudo umount "$pretend" 2>/dev/null
+	[ -e "$real" ] && sudo mount --bind "$real" "$pretend"
+	sudo chown root.root "/snoots/$snoot"
+	sudo chmod 755 "/snoots/$snoot"
+done

contain_snoot

@@ -0,0 +1,124 @@
+#!/bin/sh
+
+Skeleton_Snoot="/www/snoot.club/skeleton"
+Snoot_Root="/www/snoot.club/snoots"
+Snoot="$1"
+Public_Key="$2"
+Last_Snoot_port="$(cat /www/snoot.club/last_snoot_port || echo -n 33110)"
+Ssh_Port="$(($Last_Snoot_port + 1))"
+Web_Port="$(($Ssh_Port + 1))"
+
+cd "$Snoot_Root"
+
+cp -r "$Skeleton_Snoot" "$Snoot"
+
+cd "$Snoot/application"
+
+./say generating package json
+
+>package.json cat <<packagejson
+{
+  "name": "application",
+  "version": "1.0.0",
+  "main": "index.js",
+  "module": "main.js",
+  "scripts": {
+    "start": "micro -l tcp://0.0.0.0:${PORT-80}",
+    "start:developer": "micro -l tcp://0.0.0.0:${PORT-80}"
+  },
+  "author": "$Snoot <$Snoot@snoot.club>",
+  "license": "MPL-2.0",
+  "description": ""
+}
+packagejson
+
+./say installing javascript dependencies
+
+npm install micro serve-handler
+
+>authorized_keys echo $Public_Key
+
+./say generating index html
+
+>website/index.html cat <<indexhtml
+<!doctype html>
+<marquee direction=down behavior=alternate>
+  <marquee direction=right behavior=alternate>
+    <pre>
+      welcome to $Snoot's homepage
+
+      if you are $Snoot, then you have two choices:
+        • your ssh port is $Ssh_Port.
+          - <code>ssh root@snoot.club -p $Ssh_Port</code>
+          - the files for the application are in <code>/application</code>.
+        • your sftp user is $Snoot.
+          - <code>sftp $Snoot@snoot.club</code>
+          - the files for the website are in <code>./website</code>
+    </pre>
+  </marquee>
+</marquee>
+indexhtml
+
+cd ..
+
+./say generating docker compose
+
+>docker-compose.yml cat <<dockercomposeyml
+version: "3"
+services:
+  node:
+    image: "node:latest"
+    working_dir: /application
+    environment:
+      - NODE_ENV=production
+    volumes:
+      - ./application/:/application
+    ports:
+      - "$((Ssh_Port)):22"
+      - "$((Web_Port)):80"
+    restart: always
+    command: "/application/.start.sh"
+dockercomposeyml
+
+./say starting docker container
+
+docker-compose up -d
+
+./say generating nginx config
+
+>nginx.conf cat <<nginxconf
+server {
+  include /www/snoot.club/blocks/error_page.nginx;
+
+  default_type text/plain;
+
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name $Snoot.snoot.club;
+  access_log $Snoot_Root/$Snoot/logs/access.ssl.log;
+  error_log $Snoot_Root/$Snoot/logs/error.ssl.log;
+
+  ssl on;
+  ssl_certificate /etc/letsencrypt/live/snoot.club/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/snoot.club/privkey.pem;
+
+  location / {
+    proxy_pass http://127.0.0.1:$Web_Port/;
+    proxy_set_header Host \$http_host;
+    proxy_set_header X-Real-IP \$remote_addr;
+    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto \$scheme;
+    client_max_body_size 100m;
+  }
+}
+
+server {
+  listen 80;
+  listen [::]:80;
+  return 301 https://$Snoot.snoot.club/\$request_uri;
+}
+nginxconf
+
+./say updating last_snoot_port
+
+echo $Web_Port > /www/snoot.club/last_snoot_port

new_snoot

@@ -0,0 +1,40 @@
+#!/bin/sh
+Snoot="$1"
+Snoot_Root="/www/snoot.club/snoots"
+
+cd "$Snoot_Root"
+
+Existing_User="$(</etc/passwd awk -F: '{print $1}' | grep -e "^$Snoot\$")"
+
+if [ -z "$Existing_User" ]; then
+	./say creating user
+
+	sudo useradd -m -d "/snoots/$Snoot" -g common -G common,undercommon -s /bin/nologin "$Snoot"
+else
+	./say user "$Snoot" existed m8, hope that\'s ok\!
+fi
+
+echo enter their ssh key pls:
+
+read -r Public_Key
+
+./say creating authorized_keys file on host
+
+sudo mkdir -p "/snoots/$Snoot/.ssh"
+sudo sh -c "echo $Public_Key >> /snoots/$Snoot/.ssh/authorized_keys"
+sudo chmod -R 755 "/snoots/$Snoot/.ssh"
+sudo chown -R root.root "/snoots/$Snoot/.ssh"
+
+./say containing snoot
+
+/www/snoot.club/contain_snoot "$Snoot" "$Public_Key"
+
+sudo chown -R "$Snoot.common" "$Snoot_Root/$Snoot/application/website"
+
+./say binding snoots
+
+/www/snoot.club/bind_snoots
+
+./say reloading nginx
+
+sudo nginx -s reload

say

@@ -0,0 +1,8 @@
+#!/bin/sh
+debug_mode="${DEBUG-yes}"
+
+if [ ! -z "$debug_mode" ]; then
+	echo
+	echo "$*"
+	echo
+fi