#!/bin/bash # variables LABEL="DATA" DATABASE_PASS="Di1sgPgSQLPw." TLD="example.com" HOST="ejabberd" ORGNAME="Ejabberd example" # start set -e PGVER=$(eselect postgresql show) [ -e /01firstboot ] && exit 0 [ -e /02firstboot ] || exit 0 if [ ! -d "/$LABEL/var/lib/postgresql" ]; then echo 'Start PostgeSQL DB, create ejabberd database...' systemctl stop postgresql-$PGVER mkdir -p "/$LABEL/var/lib" rm -rf "/$LABEL/var/lib/postgresql.orig" cp -a "/var/lib/postgresql" "/$LABEL/var/lib/postgresql.orig" mv "/var/lib/postgresql" "/$LABEL/var/lib/postgresql" ln -s "/$LABEL/var/lib/postgresql" "/var/lib/postgresql" systemctl start postgresql-$PGVER psql -U postgres -d postgres -c "CREATE ROLE ejabberd WITH LOGIN;" psql -U postgres -d postgres -c "ALTER USER ejabberd WITH PASSWORD '$DATABASE_PASS';" psql -U postgres -d postgres -c "CREATE DATABASE ejabberd WITH OWNER ejabberd;" psql -U ejabberd -d ejabberd < /usr/share/ejabberd/sql/pg.new.sql else echo 'start PostgreSQL DB...' rm -rf "/$LABEL/var/lib/postgresql.orig" mv "/var/lib/postgresql" "/$LABEL/var/lib/postgresql.orig" ln -s "/$LABEL/var/lib/postgresql" "/var/lib/postgresql" systemctl start postgresql-$PGVER fi if [ ! -f "/$LABEL/etc/jabber/ejabberd.yml" ]; then echo 'edit ejabberd configuration' mkdir -p "/$LABEL/etc/jabber" chown jabber:jabber "/$LABEL/etc/jabber" chmod 770 "/$LABEL/etc/jabber" cp "/etc/jabber/ejabberd.yml" "/$LABEL/etc/jabber/ejabberd.yml.orig" mv "/etc/jabber/ejabberd.yml" "/$LABEL/etc/jabber/ejabberd.yml" ln -s "/$LABEL/etc/jabber/ejabberd.yml" "/etc/jabber/ejabberd.yml" sed -i 's# - localhost# - localhost\n - example.com#' "/$LABEL/etc/jabber/ejabberd.yml" sed -i 's/listen:/### ==============\n### DATABASE SETUP\n\nlisten:/' "/$LABEL/etc/jabber/ejabberd.yml" sed -i 's/listen:/sql_type: pgsql\nlisten:/' "/$LABEL/etc/jabber/ejabberd.yml" sed -i 's/listen:/sql_server: "localhost"\nlisten:/' "/$LABEL/etc/jabber/ejabberd.yml" sed -i 's/listen:/sql_database: "ejabberd"\nlisten:/' "/$LABEL/etc/jabber/ejabberd.yml" sed -i 's/listen:/sql_username: "ejabberd"\nlisten:/' "/$LABEL/etc/jabber/ejabberd.yml" sed -i "s/listen:/sql_password: \"$DATABASE_PASS\"\\nlisten:/" "/$LABEL/etc/jabber/ejabberd.yml" sed -i 's/listen:/default_db: sql\nlisten:/' "/$LABEL/etc/jabber/ejabberd.yml" sed -i 's/listen:/new_sql_schema: true\n\nlisten:/' "/$LABEL/etc/jabber/ejabberd.yml" else mv "/$LABEL/etc/jabber/ejabberd.yml.orig" "/$LABEL/etc/jabber/ejabberd.yml.orig-alt" mv "/etc/jabber/ejabberd.yml" "/$LABEL/etc/jabber/ejabberd.yml.orig" ln -s "/$LABEL/etc/jabber/ejabberd.yml" "/etc/jabber/ejabberd.yml" fi if [ ! -f "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" ]; then echo 'Create certificates...' mkdir -p "/$LABEL/CERTS/KEYS/" mkdir -p "/$LABEL/CERTS/$HOST.$TLD" echo "FQDN = $HOST.$TLD" > "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" echo "ORGNAME = $ORGNAME" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" echo "ALTNAMES = DNS:$HOST.$TLD , DNS:$TLD , DNS:conference.$TLD , DNS:guest.$TLD , DNS:proxy.$TLD , DNS:pubsub.$TLD , DNS:turn.$TLD , DNS:upload.$TLD" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" echo -e "\n[ req ]\ndefault_bits = 4096\ndefault_md = sha256\nprompt = no\nencrypt_key = no\ndistinguished_name = dn\nreq_extensions = req_ext\ndefault_keyfile = ../KEYS/\$FQDN-key.pem\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" echo -e "\n[ dn ]\nC = DE\nO = \$ORGNAME\nCN = \$FQDN\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" echo -e "\n[ req_ext ]\nsubjectAltName = \$ALTNAMES" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" openssl req -x509 -new -config "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" -out "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" -keyout "/$LABEL/CERTS/KEYS/$HOST.$TLD-key.pem" cp "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-fullchain.pem" touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem" fi rm -rf /etc/ssl/ejabberd rm -rf /etc/ssl/nginx mkdir -p /etc/ssl ln -sf "/$LABEL/etc/ssl/ejabberd" "/etc/ssl/ejabberd" ln -sf "/$LABEL/etc/ssl/nginx" "/etc/ssl/nginx" systemctl enable postgresql-$PGVER systemctl enable ejabberd systemctl enable nginx /usr/local/bin/cert-renew.sh systemctl start ejabberd systemctl start nginx rm /02firstboot