#!/bin/bash # base settings set -e [ -e /firstboot ] || exit 0 echo 'Setting defaults...' localectl --no-convert set-keymap de-latin1-nodeadkeys echo 'Activate services...' timedatectl set-ntp true # variables LABEL="DATA" DATABASE_PASS="Di1sgMySQLPwd." # Data partition echo 'Mount data partition...' mkdir -p /$LABEL if [ ! -L "/dev/disk/by-label/$LABEL" ]; then echo 'ERROR: Data partition not found!' echo "Please create a data partition with ext4 filesystem and label \"$LABEL\":" echo "# cfdisk /dev/ (use GPT label, create linux partition)" echo "# mkfs.ext4 -L $LABEL /dev/" exit 1 fi if ! grep -Fq "LABEL=$LABEL" /etc/fstab; then echo "LABEL=$LABEL /$LABEL ext4 noatime 0 1" >> /etc/fstab fi mount -a if ! mount | grep /$LABEL > /dev/null; then echo "ERROR: Could not mount data partition!" exit 1 fi if [ ! -d "/$LABEL/var/lib/mysql/pi" ]; then echo 'Initialize MariaDB...' systemctl stop mariadb mkdir -p /$LABEL/var/lib/mysql rm -rf /$LABEL/var/lib/mysql/* cp -a /var/lib/mysql/. /$LABEL/var/lib/mysql sed -i "s:^datadir.*:datadir = /$LABEL/var/lib/mysql:" /etc/mysql/my.cnf systemctl start mariadb echo 'Create privacyIDEA database...' mysql -u root -e "CREATE USER 'pi'@'localhost' IDENTIFIED BY '$DATABASE_PASS'" mysql -u root -e "CREATE DATABASE pi DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;" mysql -u root -e "GRANT ALL PRIVILEGES ON pi.* TO 'pi'@'localhost' IDENTIFIED by '$DATABASE_PASS';" mysql -u root -e "FLUSH PRIVILEGES;" echo 'Initialize privacyIDEA database...' sed -i "s::$DATABASE_PASS:" /etc/privacyidea/pi.cfg pi-manage createdb if [ ! -d "/$LABEL/etc/privacyidea" ]; then echo 'Create privacyIDEA encryption and audit keys...' mkdir -p /$LABEL/etc/privacyidea chown privacyidea /$LABEL/etc/privacyidea rm /etc/privacyidea/enckey pi-manage create_enckey mv /etc/privacyidea/enckey /$LABEL/etc/privacyidea/enckey chown privacyidea /$LABEL/etc/privacyidea/enckey ln -s /$LABEL/etc/privacyidea/enckey /etc/privacyidea/enckey rm /etc/privacyidea/public.pem /etc/privacyidea/private.pem pi-manage create_audit_keys mv /etc/privacyidea/private.pem /$LABEL/etc/privacyidea/private.pem mv /etc/privacyidea/public.pem /$LABEL/etc/privacyidea/public.pem chown privacyidea /$LABEL/etc/privacyidea/*.pem ln -s /$LABEL/etc/privacyidea/private.pem /etc/privacyidea/private.pem ln -s /$LABEL/etc/privacyidea/public.pem /etc/privacyidea/public.pem fi else echo 'Start MariaDB...' sed -i "s:^datadir.*:datadir = /$LABEL/var/lib/mysql:" /etc/mysql/my.cnf systemctl start mariadb fi echo 'Enable database...' systemctl enable mariadb rm /firstboot