#!/bin/bash set -euo pipefail GREEN='\033[0;32m'; RED='\033[0;31m'; YELLOW='\033[1;33m' CYAN='\033[0;36m'; BOLD='\033[1m'; NC='\033[0m' echo -e "${CYAN}${BOLD}" echo -e " _ _ _ _ _ _ _ " echo -e " _\ \ / /\ /\ \ /\ \ /\ \ /\ \ /\ \ _ " echo -e " /\__ \ / / \ / \ \ / \ \ / \ \ / \ \ / \ \ /\_\ " echo -e " / /_ \_\ / / /\ \ / /\ \ \ / /\ \ \ / /\ \ \ / /\ \ \ / /\ \ \_/ / / " echo -e " / / /\/_/ / / /\ \ \ / / /\ \ \ / / /\ \ \ / / /\ \ \ / / /\ \ \ / / /\ \___/ / " echo -e " / / / / / / \ \ \ / / / \ \_\ / / / \ \_\ / / / \ \_\ / / / \ \_\ / / / \/____/ " echo -e " / / / / / /___/ /\ \ / / / / / // / / \/_/ / / / / / // / / / / // / / / / / " echo -e " / / / ____ / / /_____/ /\ \ / / / / / // / / / / / / / // / / / / // / / / / / " echo -e " / /_/_/ ___/\ / /_________/\ \ \ / / /___/ / // / /________ / / /___/ / // / /___/ / // / / / / / " echo -e " /_______/\__\// / /_ __\ \_\/ / /____\/ // / /_________\/ / /____\/ // / /____\/ // / / / / / " echo -e " \_______\/ \_\___\ /____/_/\/_________/ \/____________/\/_________/ \/_________/ \/_/ \/_/ " echo -e " " echo -e "\nLaocoon Entreprise by Grgoire DEV, Damien${NC}" banner() { echo -e "\n${CYAN}${BOLD}══════════════════════════════════════════════${NC}" echo -e "${CYAN}${BOLD} $*${NC}" echo -e "${CYAN}${BOLD}══════════════════════════════════════════════${NC}" } ok() { echo -e "${GREEN} [✔] $*${NC}"; } err() { echo -e "${RED} [✘] $*${NC}"; exit 1; } step() { echo -e "\n${YELLOW} [→] $*${NC}"; } banner "1/8 — CONFIGURATION DU LABORATOIRE" read -rp " IP de votre serveur Proxmox (ex: 192.168.1.50) : " PROXMOX_IP [[ -z "$PROXMOX_IP" ]] && err "L'IP est obligatoire." read -rp " Stockage cible (défaut: local-lvm) : " TARGET_STORAGE TARGET_STORAGE="${TARGET_STORAGE:-local-lvm}" DB_NAME='laocoon_antivirus' DB_USER='laocoon' DB_PASS='Laocoon_Root_2026!' PHP_PORT=8000 API_PORT=5000 PVE_USER="cerveau@pve" TOKEN_NAME="orchestrator-token" DUMP_DIR="/var/lib/vz/dump" WORKDIR=$(mktemp -d) trap "rm -rf $WORKDIR" EXIT next_id() { local ID=$1 while qm status $ID &>/dev/null || pct status $ID &>/dev/null; do ID=$((ID + 1)); done echo $ID } LXC_ID=$(next_id 100) VM_SINKHOLE=$(next_id 900) VM_SANDBOX=$(next_id $((VM_SINKHOLE + 1))) banner "2/8 — PRÉPARATION DU SYSTÈME CENTRAL" pveam update >/dev/null TMPL=$(pveam available --section system | grep -E "debian-12|debian-11" | head -1 | awk '{print $2}') pveam download local "$TMPL" >/dev/null || true pct create $LXC_ID "local:vztmpl/$TMPL" --hostname "laocoon-srv" --password "P@ssword!" \ --memory 2048 --cores 2 --rootfs "$TARGET_STORAGE:20" --net0 "name=eth0,bridge=vmbr0,ip=dhcp" \ --features nesting=1 --unprivileged 1 --ostype debian >/dev/null pct start $LXC_ID sleep 10 LXC_IP=$(pct exec $LXC_ID -- hostname -I | awk '{print $1}') banner "3/8 — INSTALLATION DES DÉPENDANCES" pct exec $LXC_ID -- bash -c "apt-get update -y && DEBIAN_FRONTEND=noninteractive apt-get install -y python3 python3-pip mariadb-server apache2 php php-mysql php-mbstring php-zip php-gd php-curl php-xml curl wget unzip" pct exec $LXC_ID -- pip3 install --quiet --break-system-packages fastapi 'uvicorn[standard]' proxmoxer requests httpx python-multipart ok "Logiciels installés." banner "4/8 — LIAISON PROXMOX API" pveum role add SandboxAdmin -privs "VM.Audit VM.PowerMgmt VM.Console VM.Snapshot Sys.Audit" 2>/dev/null || true pveum user add "$PVE_USER" -password "$(openssl rand -base64 16)" 2>/dev/null || true pveum acl modify /vms --user "$PVE_USER" --role SandboxAdmin >/dev/null 2>&1 || true pveum acl modify /nodes --user "$PVE_USER" --role SandboxAdmin >/dev/null 2>&1 || true pveum user token delete "$PVE_USER" "$TOKEN_NAME" 2>/dev/null || true TOKEN_OUT=$(pveum user token add "$PVE_USER" "$TOKEN_NAME" --privsep 0) SECRET_TOKEN=$(echo "$TOKEN_OUT" | grep -A1 "value" | tail -n1 | awk '{print $1}') banner "6/8 — CONFIGURATION DE LA BASE DE DONNÉES" pct exec $LXC_ID -- systemctl enable --now mariadb pct exec $LXC_ID -- bash -c "mysql -u root -e \"CREATE DATABASE IF NOT EXISTS ${DB_NAME}; GRANT ALL PRIVILEGES ON ${DB_NAME}.* TO '${DB_USER}'@'localhost' IDENTIFIED BY '${DB_PASS}'; FLUSH PRIVILEGES;\"" wget -q -O "$WORKDIR/bdd.sql" "https://laocoon.grgoire.fr/install/bdd.sql" pct push $LXC_ID "$WORKDIR/bdd.sql" /tmp/bdd.sql pct exec $LXC_ID -- bash -c "mysql -u root ${DB_NAME} -e \"SET FOREIGN_KEY_CHECKS=0; SOURCE /tmp/bdd.sql; SET FOREIGN_KEY_CHECKS=1;\"" banner "7/8 — INTERFACE UTILISATEUR (PHP)" wget -q -O "$WORKDIR/php.zip" "https://laocoon.grgoire.fr/install/php.zip" pct push $LXC_ID "$WORKDIR/php.zip" /tmp/php.zip pct exec $LXC_ID -- bash -c " rm -f /var/www/html/index.html unzip -q -o /tmp/php.zip -d /var/www/html/ if [ -d /var/www/html/app_server ]; then cp -r /var/www/html/app_server/* /var/www/html/ && rm -rf /var/www/html/app_server; fi chown -R www-data:www-data /var/www/html/ sed -i 's/^Listen 80/Listen ${PHP_PORT}/' /etc/apache2/ports.conf sed -i 's/*:80/*:${PHP_PORT}/' /etc/apache2/sites-available/000-default.conf a2enmod rewrite >/dev/null 2>&1 || true systemctl restart apache2 " banner "8/8 — DÉPLOIEMENT DES VMS (EXTRACTION FORCÉE)" mkdir -p "$DUMP_DIR" deploy_vm_forced() { local ID=$1; local LABEL=$2; local FILE_NAME=$3 local LOCAL_FILE="$DUMP_DIR/$FILE_NAME" local EXT_DIR="$DUMP_DIR/ext_$ID" step "Téléchargement $LABEL..." wget -q --show-progress -O "$LOCAL_FILE" "https://laocoon.grgoire.fr/install/$FILE_NAME" rm -rf "$EXT_DIR" zstd -dcf "$LOCAL_FILE" | vma extract -v - "$EXT_DIR" DISK_RAW=$(find "$EXT_DIR" -name "disk-drive-*.raw" | head -1) qm destroy "$ID" --purge 2>/dev/null || true qm create "$ID" --name "$LABEL" --net0 "virtio,bridge=vmbr1" --memory 2048 --cores 2 qm importdisk "$ID" "$DISK_RAW" "$TARGET_STORAGE" VOL_NAME=$(pvesm list "$TARGET_STORAGE" | grep "vm-$ID-disk" | awk '{print $1}') qm set "$ID" --scsihw virtio-scsi-pci --scsi0 "$VOL_NAME" --boot order=scsi0 qm start "$ID" rm -f "$LOCAL_FILE" && rm -rf "$EXT_DIR" } deploy_vm_forced "$VM_SINKHOLE" "Sinkhole" "vm-900-sinkhole.vma.zst" deploy_vm_forced "$VM_SANDBOX" "Sandbox" "vm-901-windows-sandbox.vma.zst" banner "✅ TERMINÉ" echo -e "Dashboard : http://${LXC_IP}:${PHP_PORT}/"