Recipe for Shinobi Security DVR

Debian 10.3 container
4 cores, 8 GB disk, 2 GB RAM, 512 MB swap, big storage mountpoint on /mnt/dvr

adduser tdobes
adduser tdobes adm
adduser tdobes systemd-journal

aptitude update && aptitude forget-new && aptitude full-upgrade

aptitude install apt-transport-https gnupg
echo 'deb buster main' > /etc/apt/sources.list.d/nodesource.list
echo 'deb-src buster main' >> /etc/apt/sources.list.d/nodesource.list
wget -O- | apt-key add -
aptitude update

aptitude install git nodejs
aptitude install mariadb-server mariadb-client

# this installs a ton of xorg deps:
# aptitude --without-recommends install ffmpeg
# alternate plan: install static binaries instead (from
tar -xJf ffmpeg-release-amd64-static.tar.xz
mv ffmpeg-*-amd64-static/ffmpeg ffmpeg-*-amd64-static/ffprobe /usr/local/bin/
rm -r ffmpeg-release-amd64-static.tar.xz ffmpeg-*-amd64-static/

# see
mkdir -p /opt/shinobi
git clone -b master /opt/shinobi
echo '{"Product": "Shinobi Professional (Pro)", "Branch": "master", "Version": "'`GIT_DIR=/opt/shinobi/.git git rev-parse HEAD`'", "Date": "'`date`'", "Repository": ""}' > /opt/shinobi/version.json
shinobi_cron_key=`head -c 512 < /dev/urandom | base64 -w 0 | head -c 30`
sed -e 's|change_this_to_something_very_random__just_anything_other_than_this|'$shinobi_cron_key'|' /opt/shinobi/conf.sample.json > /opt/shinobi/conf.json
cp /opt/shinobi/super.sample.json /opt/shinobi/super.json

# see
# and
# ...maybe use jq to manipulate json for config + stuff?

# TODO: test and do this stuff
pushd /opt/shinobi
# TODO: Fix this stuff so it uses custom db username/pass and possibly custom db name
mysql -u $sqluser -p$sqlpass -e "source sql/user.sql" # this has the MySQL username, password, and database name hardcoded
mysql -u $sqluser -p$sqlpass -e "source sql/framework.sql" # this has the MySQL database name hardcoded

npm install npm -g # use npm to update global install of npm to latest version
npm install --unsafe-perm # install all dependencies needed by shinobi
npm audit fix --force # checks dependencies for security issues and auto-fix

### npm install pm2 -g # should probably use systemd instead
touch /opt/shinobi/INSTALL/installed.txt

cp /opt/shinobi/conf.sample.json /opt/shinobi/conf.json
# TODO: edit /opt/shinobi/conf.json
cp /opt/shinobi/super.sample.json /opt/shinobi/super.json
# TODO: edit /opt/shinobi/super.json
# generating password in super.json: echo -n admin | md5sum | cut -d' ' -f1

# we intentionally omit making a symlink for the INSTALL/shinobi script because it assumes we installed to the default dir and are using PM2

pm2 start camera.js
pm2 start cron.js
pm2 startup
pm2 save
pm2 list

adduser --system --home /nonexistent --no-create-home shinobi

npm install -g pm2 # I sorta don't think these are needed anymore: generator-nodecg yo electron

mkdir -p /var/local/pm2
chown nodecg:staff /var/local/pm2
chmod g+w /var/local/pm2

echo '[Unit]' > /etc/systemd/system/nodecg.service
echo 'Description=NodeCG Service' >> /etc/systemd/system/nodecg.service
echo '' >> /etc/systemd/system/nodecg.service
echo >> /etc/systemd/system/nodecg.service
echo '[Service]' >> /etc/systemd/system/nodecg.service
echo 'ExecStart=/usr/bin/pm2 start /var/local/nodecg/index.js --name nodecg' >> /etc/systemd/system/nodecg.service
echo 'User=nodecg' >> /etc/systemd/system/nodecg.service
echo 'Environment=PM2_HOME=/var/local/pm2' >> /etc/systemd/system/nodecg.service
echo 'Type=forking' >> /etc/systemd/system/nodecg.service
echo 'Restart=always' >> /etc/systemd/system/nodecg.service
echo 'RestartSec=1' >> /etc/systemd/system/nodecg.service
echo >> /etc/systemd/system/nodecg.service
echo '[Install]' >> /etc/systemd/system/nodecg.service
echo '' >> /etc/systemd/system/nodecg.service

systemctl daemon-reload
systemctl enable nodecg.service
systemctl start nodecg.service
computer/shinobi_dvr.txt · Last modified: 2020/05/10 14:06 by tdobes
Recent changes RSS feed Driven by DokuWiki Valid XHTML 1.0 Valid CSS