83 lines
2.9 KiB
Bash
Executable File
83 lines
2.9 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# base settings
|
|
set -e
|
|
|
|
[ -e /firstboot ] || exit 0
|
|
|
|
echo 'Setting defaults...'
|
|
localectl --no-convert set-keymap de-latin1-nodeadkeys
|
|
|
|
echo 'Activate services...'
|
|
timedatectl set-ntp true
|
|
|
|
# variables
|
|
LABEL="DATA"
|
|
DATABASE_PASS="Di1sgMySQLPwd."
|
|
|
|
# Data partition
|
|
echo 'Mount data partition...'
|
|
mkdir -p /$LABEL
|
|
if [ ! -L "/dev/disk/by-label/$LABEL" ]; then
|
|
echo 'ERROR: Data partition not found!'
|
|
echo "Please create a data partition with ext4 filesystem and label \"$LABEL\":"
|
|
echo "# cfdisk /dev/<disk> (use GPT label, create linux partition)"
|
|
echo "# mkfs.ext4 -L $LABEL /dev/<partition>"
|
|
exit 1
|
|
fi
|
|
if ! grep -Fq "LABEL=$LABEL" /etc/fstab; then
|
|
echo "LABEL=$LABEL /$LABEL ext4 noatime 0 1" >> /etc/fstab
|
|
fi
|
|
mount -a
|
|
if ! mount | grep /$LABEL > /dev/null; then
|
|
echo "ERROR: Could not mount data partition!"
|
|
exit 1
|
|
fi
|
|
|
|
if [ ! -d "/$LABEL/var/lib/mysql/pi" ]; then
|
|
echo 'Initialize MariaDB...'
|
|
systemctl stop mariadb
|
|
mkdir -p /$LABEL/var/lib/mysql
|
|
rm -rf /$LABEL/var/lib/mysql/*
|
|
cp -a /var/lib/mysql/. /$LABEL/var/lib/mysql
|
|
sed -i "s:^datadir.*:datadir = /$LABEL/var/lib/mysql:" /etc/mysql/my.cnf
|
|
systemctl start mariadb
|
|
|
|
echo 'Create privacyIDEA database...'
|
|
mysql -u root -e "CREATE USER 'pi'@'localhost' IDENTIFIED BY '$DATABASE_PASS'"
|
|
mysql -u root -e "CREATE DATABASE pi DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;"
|
|
mysql -u root -e "GRANT ALL PRIVILEGES ON pi.* TO 'pi'@'localhost' IDENTIFIED by '$DATABASE_PASS';"
|
|
mysql -u root -e "FLUSH PRIVILEGES;"
|
|
|
|
echo 'Initialize privacyIDEA database...'
|
|
sed -i "s:<pi-db-password>:$DATABASE_PASS:" /etc/privacyidea/pi.cfg
|
|
pi-manage createdb
|
|
if [ ! -d "/$LABEL/etc/privacyidea" ]; then
|
|
echo 'Create privacyIDEA encryption and audit keys...'
|
|
mkdir -p /$LABEL/etc/privacyidea
|
|
chown privacyidea /$LABEL/etc/privacyidea
|
|
|
|
rm /etc/privacyidea/enckey
|
|
pi-manage create_enckey
|
|
mv /etc/privacyidea/enckey /$LABEL/etc/privacyidea/enckey
|
|
chown privacyidea /$LABEL/etc/privacyidea/enckey
|
|
ln -s /$LABEL/etc/privacyidea/enckey /etc/privacyidea/enckey
|
|
|
|
rm /etc/privacyidea/public.pem /etc/privacyidea/private.pem
|
|
pi-manage create_audit_keys
|
|
mv /etc/privacyidea/private.pem /$LABEL/etc/privacyidea/private.pem
|
|
mv /etc/privacyidea/public.pem /$LABEL/etc/privacyidea/public.pem
|
|
chown privacyidea /$LABEL/etc/privacyidea/*.pem
|
|
ln -s /$LABEL/etc/privacyidea/private.pem /etc/privacyidea/private.pem
|
|
ln -s /$LABEL/etc/privacyidea/public.pem /etc/privacyidea/public.pem
|
|
fi
|
|
else
|
|
echo 'Start MariaDB...'
|
|
sed -i "s:^datadir.*:datadir = /$LABEL/var/lib/mysql:" /etc/mysql/my.cnf
|
|
systemctl start mariadb
|
|
fi
|
|
echo 'Enable database...'
|
|
systemctl enable mariadb
|
|
|
|
rm /firstboot
|