initial commit

01/01-k-server-initial-setup.99.sh

@@ -0,0 +1,161 @@
+#!/bin/bash
+#===============================================================================
+# ШАГ 99: ФИНАЛЬНАЯ ПРОВЕРКА
+#===============================================================================
+# Запуск: sudo bash 01-k-server-initial-setup.99.sh
+#===============================================================================
+
+SCRIPT_DIR=$(cd "$(dirname "$0")" && pwd)
+source "$SCRIPT_DIR/01-k-server-initial-setup.00.sh"
+
+init_log
+check_root
+
+print_header "ШАГ 99: ФИНАЛЬНАЯ ПРОВЕРКА"
+
+echo ""
+echo -e "${BLUE}================================================================${NC}"
+echo -e "${BLUE}  СТАТУС СИСТЕМЫ${NC}"
+echo -e "${BLUE}================================================================${NC}"
+
+#-------------------------------------------------------------------------------
+# Системная информация
+#-------------------------------------------------------------------------------
+echo ""
+echo "Система:"
+echo "  Hostname:     $(hostname)"
+echo "  OS:           $(lsb_release -d 2>/dev/null | cut -f2 || cat /etc/os-release | grep PRETTY_NAME | cut -d\" -f2)"
+echo "  Kernel:       $(uname -r)"
+echo "  Uptime:       $(uptime -p)"
+echo "  Timezone:     $(timedatectl show --property=Timezone --value 2>/dev/null || cat /etc/timezone)"
+echo ""
+
+#-------------------------------------------------------------------------------
+# Проверка сервисов
+#-------------------------------------------------------------------------------
+echo "Сервисы:"
+
+# SSH
+if service_running sshd || service_running ssh; then
+    echo -e "  SSH:          ${GREEN}OK${NC}"
+else
+    echo -e "  SSH:          ${RED}FAILED${NC}"
+fi
+
+# nftables
+if nft list table inet filter &>/dev/null; then
+    echo -e "  Firewall:     ${GREEN}OK${NC}"
+else
+    echo -e "  Firewall:     ${YELLOW}НЕ НАСТРОЕН${NC}"
+fi
+
+# Fail2ban
+if service_running fail2ban; then
+    echo -e "  Fail2ban:     ${GREEN}OK${NC}"
+else
+    echo -e "  Fail2ban:     ${YELLOW}НЕ ЗАПУЩЕН${NC}"
+fi
+
+echo ""
+
+#-------------------------------------------------------------------------------
+# Проверка пользователя
+#-------------------------------------------------------------------------------
+echo "Пользователь:"
+
+if user_exists "$ADMIN_USER"; then
+    echo -e "  $ADMIN_USER:  ${GREEN}OK${NC}"
+    if groups "$ADMIN_USER" | grep -q sudo; then
+        echo "  Группы:       $(groups $ADMIN_USER | cut -d: -f2)"
+    fi
+    if [[ -f "/home/$ADMIN_USER/.ssh/authorized_keys" ]]; then
+        KEY_COUNT=$(wc -l < "/home/$ADMIN_USER/.ssh/authorized_keys")
+        echo "  SSH ключи:    $KEY_COUNT"
+    else
+        echo -e "  SSH ключи:    ${YELLOW}НЕ ДОБАВЛЕНЫ${NC}"
+    fi
+else
+    echo -e "  $ADMIN_USER:  ${RED}НЕ СОЗДАН${NC}"
+fi
+
+echo ""
+
+#-------------------------------------------------------------------------------
+# Сеть
+#-------------------------------------------------------------------------------
+echo "Сеть:"
+echo "  Интерфейсы:"
+
+for iface in $IFACE_EXT $IFACE_INT; do
+    if ip link show "$iface" &>/dev/null; then
+        STATE=$(ip link show "$iface" | grep -oP 'state \K\w+')
+        IP=$(ip -4 addr show "$iface" | grep -oP 'inet \K[\d.]+' | head -1)
+        if [[ "$iface" == "$IFACE_EXT" ]]; then
+            echo "    $iface (внешний):  $STATE, $IP"
+        else
+            echo "    $iface (внутренний): $STATE, $IP"
+        fi
+    fi
+done
+
+echo ""
+
+#-------------------------------------------------------------------------------
+# Ресурсы
+#-------------------------------------------------------------------------------
+echo "Ресурсы:"
+
+# Память
+MEM_TOTAL=$(free -h | grep Mem | awk '{print $2}')
+MEM_USED=$(free -h | grep Mem | awk '{print $3}')
+echo "  Память:       $MEM_USED / $MEM_TOTAL"
+
+# Swap
+if has_swap; then
+    SWAP_TOTAL=$(free -h | grep Swap | awk '{print $2}')
+    SWAP_USED=$(free -h | grep Swap | awk '{print $3}')
+    echo "  Swap:         $SWAP_USED / $SWAP_TOTAL"
+else
+    echo "  Swap:         не настроен"
+fi
+
+# Диск
+DISK_USAGE=$(df -h / | tail -1 | awk '{print $3 " / " $2 " (" $5 ")"}')
+echo "  Диск /:       $DISK_USAGE"
+
+echo ""
+
+#-------------------------------------------------------------------------------
+# Firewall правила
+#-------------------------------------------------------------------------------
+echo "Firewall (открытые порты):"
+nft list table inet filter 2>/dev/null | grep "dport" | grep -oE "dport [0-9]+" | sort -u | awk '{print "  " $2}' | tr '\n' ' '
+echo ""
+echo ""
+
+#-------------------------------------------------------------------------------
+# Итог
+#-------------------------------------------------------------------------------
+echo -e "${GREEN}================================================================${NC}"
+echo -e "${GREEN}  ПЕРВОНАЧАЛЬНАЯ НАСТРОЙКА ЗАВЕРШЕНА${NC}"
+echo -e "${GREEN}================================================================${NC}"
+echo ""
+
+if [[ ! -f "/home/$ADMIN_USER/.ssh/authorized_keys" ]] || [[ ! -s "/home/$ADMIN_USER/.ssh/authorized_keys" ]]; then
+    echo -e "${YELLOW}============================================================${NC}"
+    echo -e "${YELLOW}  ВАЖНО: Добавьте SSH-ключ для $ADMIN_USER!${NC}"
+    echo -e "${YELLOW}============================================================${NC}"
+    echo ""
+    echo "  sudo nano /home/$ADMIN_USER/.ssh/authorized_keys"
+    echo ""
+fi
+
+echo "Следующие шаги:"
+echo "  1. Добавьте SSH-ключ для $ADMIN_USER"
+echo "  2. Проверьте вход по SSH с другой консоли"
+echo "  3. Проверьте сетевую конфигурацию: /etc/netplan/01-netcfg.yaml"
+echo "  4. Перезагрузите сервер: reboot"
+echo "  5. Запустите скрипт развёртывания Git-сервера"
+echo ""
+echo "Лог установки: $LOG_FILE"
+echo ""