VA
/
appliances
1
0
Fork 0
Code Issues Pull Requests Releases 3 Wiki Activity
appliances/ejabberd/appliance/02firstboot.start

168 lines
7.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# variables
LABEL="DATA"
DATABASE_PASS=$(head -c 300 /dev/urandom | tr -cd 'a-zA-Z0-9' | head -c 16)
TLD="example.com"
HOST="ejabberd"
ORGNAME="Ejabberd example"
# start
set -e
PGVER=$(eselect postgresql show)
[ -e /01firstboot ] && exit 0
[ -e /02firstboot ] || exit 0
# ejabberd configuration
if [ ! -L "/etc/jabber/ejabberd.yml" ]; then
if [ ! -f "/$LABEL/etc/jabber/ejabberd.yml" ]; then
echo 'Create ejabberd configuration'
mkdir -p "/$LABEL/etc/jabber"
chown jabber:jabber "/$LABEL/etc/jabber"
chmod 770 "/$LABEL/etc/jabber"
cp "/etc/jabber/ejabberd.yml" "/$LABEL/etc/jabber/ejabberd.yml"
chown root:jabber "/$LABEL/etc/jabber/ejabberd.yml"
mv "/etc/jabber/ejabberd.yml" "/$LABEL/etc/jabber/ejabberd.yml.orig"
sed -i 's# - localhost# - localhost\n - example.com#' "/$LABEL/etc/jabber/ejabberd.yml"
sed -i 's/ - \/etc\/ssl\/ejabberd\/server.pem/ - \/etc\/ssl\/ejabberd\/server.pem\n - \/etc\/ssl\/ejabberd\/server.key/' "/$LABEL/etc/jabber/ejabberd.yml"
sed -i 's/listen:/### ==============\n### DATABASE SETUP\n\nlisten:/' "/$LABEL/etc/jabber/ejabberd.yml"
sed -i 's/listen:/sql_type: pgsql\nlisten:/' "/$LABEL/etc/jabber/ejabberd.yml"
sed -i 's/listen:/sql_server: "localhost"\nlisten:/' "/$LABEL/etc/jabber/ejabberd.yml"
sed -i 's/listen:/sql_database: "ejabberd"\nlisten:/' "/$LABEL/etc/jabber/ejabberd.yml"
sed -i 's/listen:/sql_username: "ejabberd"\nlisten:/' "/$LABEL/etc/jabber/ejabberd.yml"
sed -i "s/listen:/sql_password: \"$DATABASE_PASS\"\\nlisten:/" "/$LABEL/etc/jabber/ejabberd.yml"
sed -i 's/listen:/default_db: sql\nlisten:/' "/$LABEL/etc/jabber/ejabberd.yml"
sed -i 's/listen:/new_sql_schema: true\n\nlisten:/' "/$LABEL/etc/jabber/ejabberd.yml"
ln -s "/$LABEL/etc/jabber/ejabberd.yml" "/etc/jabber/ejabberd.yml"
else
echo 'Linking ejabberd configuration'
cp -f "/$LABEL/etc/jabber/ejabberd.yml" "/$LABEL/etc/jabber/ejabberd.yml.alt"
mv -f "/$LABEL/etc/jabber/ejabberd.yml.orig" "/$LABEL/etc/jabber/ejabberd.yml.orig-alt"
mv -f "/etc/jabber/ejabberd.yml" "/$LABEL/etc/jabber/ejabberd.yml.orig"
ln -s "/$LABEL/etc/jabber/ejabberd.yml" "/etc/jabber/ejabberd.yml"
fi
fi
# Movim configuration
if [ ! -L "/usr/share/movim/config/db.inc.php" ]; then
if [ ! -f "/$LABEL/usr/share/movim/config/db.inc.php" ]; then
echo 'Create Movim configuration'
mkdir -p "/$LABEL/usr/share/movim/config"
chown nginx:nginx "/$LABEL/usr/share/movim/config"
cp "/usr/share/movim/config/db.example.inc.php" "/$LABEL/usr/share/movim/config/db.inc.php"
cp "/usr/share/movim/config/db.example.inc.php" "/$LABEL/usr/share/movim/config/db.inc.php.orig"
sed -i "s/'username' .*/'username' => 'movim',/" "/$LABEL/usr/share/movim/config/db.inc.php"
ln -s "/$LABEL/usr/share/movim/config/db.inc.php" "/usr/share/movim/config/db.inc.php"
else
echo 'Linking Movim configuration'
cp -f "/$LABEL/usr/share/movim/config/db.inc.php" "/$LABEL/usr/share/movim/config/db.inc.php.alt"
mv -f "/$LABEL/usr/share/movim/config/db.inc.php.orig" "/$LABEL/usr/share/movim/config/db.inc.php.orig-alt"
cp "/usr/share/movim/config/db.example.inc.php" "/$LABEL/usr/share/movim/config/db.inc.php.orig"
ln -s "/$LABEL/usr/share/movim/config/db.inc.php" "/usr/share/movim/config/db.inc.php"
fi
fi
if [ ! -L "/usr/share/movim/log" ]; then
echo 'Create Movim log directory'
mkdir -p "/$LABEL/usr/share/movim/log"
chown nginx:nginx "/$LABEL/usr/share/movim/log"
ln -s "/$LABEL/usr/share/movim/log" "/usr/share/movim/log"
fi
if [ ! -L "/usr/share/movim/cache" ]; then
echo 'Create Movim internal cache directory'
mkdir -p "/$LABEL/usr/share/movim/cache"
chown nginx:nginx "/$LABEL/usr/share/movim/cache"
ln -s "/$LABEL/usr/share/movim/cache" "/usr/share/movim/cache"
fi
if [ ! -L "/usr/share/movim/public/cache" ]; then
echo 'Create Movim public cache directory'
mkdir -p "/$LABEL/usr/share/movim/public/cache"
chown nginx:nginx "/$LABEL/usr/share/movim/public/cache"
ln -s "/$LABEL/usr/share/movim/public/cache" "/usr/share/movim/public/cache"
fi
# Database
if [ ! -L "/var/lib/postgresql" ]; then
systemctl stop postgresql-$PGVER
if [ ! -d "/$LABEL/var/lib/postgresql" ]; then
echo 'Start PostgeSQL DB...'
mkdir -p "/$LABEL/var/lib"
rm -rf "/$LABEL/var/lib/postgresql"
cp -a "/var/lib/postgresql" "/$LABEL/var/lib/postgresql"
mv "/var/lib/postgresql" "/$LABEL/var/lib/postgresql.orig"
ln -s "/$LABEL/var/lib/postgresql" "/var/lib/postgresql"
systemctl start postgresql-$PGVER
echo 'Create ejabberd database...'
psql -U postgres -d postgres -c "CREATE ROLE ejabberd WITH LOGIN;"
psql -U postgres -d postgres -c "ALTER USER ejabberd WITH PASSWORD '$DATABASE_PASS';"
psql -U postgres -d postgres -c "CREATE DATABASE ejabberd WITH OWNER ejabberd;"
psql -U ejabberd -d ejabberd < /usr/share/ejabberd/sql/pg.new.sql
echo 'Create movim database...'
psql -U postgres -d postgres -c "CREATE ROLE movim WITH LOGIN;"
psql -U postgres -d postgres -c "ALTER USER movim WITH PASSWORD '$DATABASE_PASS';"
psql -U postgres -d postgres -c "CREATE DATABASE movim WITH OWNER movim;"
else
echo 'start PostgreSQL DB...'
rm -rf "/$LABEL/var/lib/postgresql.orig"
mv "/var/lib/postgresql" "/$LABEL/var/lib/postgresql.orig"
ln -s "/$LABEL/var/lib/postgresql" "/var/lib/postgresql"
systemctl start postgresql-$PGVER
psql -U postgres -d postgres -c "ALTER USER ejabberd WITH PASSWORD '$DATABASE_PASS';"
psql -U postgres -d postgres -c "ALTER USER movim WITH PASSWORD '$DATABASE_PASS';"
fi
else
echo 'Set new database password...'
systemctl restart postgresql-$PGVER
psql -U postgres -d postgres -c "ALTER USER ejabberd WITH PASSWORD '$DATABASE_PASS';"
psql -U postgres -d postgres -c "ALTER USER movim WITH PASSWORD '$DATABASE_PASS';"
fi
# update config with new database password
sed -i "s/sql_password: .*/sql_password: \"$DATABASE_PASS\"/" "/$LABEL/etc/jabber/ejabberd.yml"
sed -i "s/'password' .*/'password' => '$DATABASE_PASS',/" "/$LABEL/usr/share/movim/config/db.inc.php"
cd /usr/share/movim && echo yes | composer movim:migrate
# Certificate
if [ -x "/$LABEL/etc/ssl/cert-renew.sh" ]; then
# angepaßtes Zertifikat vorhanden (kein example)
if [ ! -L /etc/ssl/cert-renew.sh ]; then
rm -f "/$LABEL/etc/ssl/cert-renew.sh.orig"
mv "/etc/ssl/cert-renew.sh" "/$LABEL/etc/ssl/cert-renew.sh.orig"
else
rm -f "/etc/ssl/cert-renew.sh"
fi
ln -s "/$LABEL/etc/ssl/cert-renew.sh" "/etc/ssl/cert-renew.sh"
else
echo 'Create example certificate...'
mkdir -p "/$LABEL/CERTS/KEYS/"
mkdir -p "/$LABEL/CERTS/$HOST.$TLD"
echo "FQDN = $HOST.$TLD" > "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
echo "ORGNAME = $ORGNAME" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
echo "ALTNAMES = DNS:$HOST.$TLD , DNS:$TLD" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
echo -e "\n[ req ]\ndefault_bits = 4096\ndefault_md = sha256\nprompt = no\nencrypt_key = no\ndistinguished_name = dn\nreq_extensions = req_ext\ndefault_keyfile = ../KEYS/\$FQDN-key.pem\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
echo -e "\n[ dn ]\nC = DE\nO = \$ORGNAME\nCN = \$FQDN\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
echo -e "\n[ req_ext ]\nsubjectAltName = \$ALTNAMES" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
openssl req -x509 -new -config "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" -out "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" -keyout "/$LABEL/CERTS/KEYS/$HOST.$TLD-key.pem"
cp "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-fullchain.pem"
touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem"
fi
rm -rf /etc/ssl/ejabberd
rm -rf /etc/ssl/nginx
mkdir -p /etc/ssl
ln -sf "/$LABEL/etc/ssl/ejabberd" "/etc/ssl/ejabberd"
ln -sf "/$LABEL/etc/ssl/nginx" "/etc/ssl/nginx"
/etc/ssl/cert-renew.sh
systemctl enable postgresql-$PGVER
systemctl enable ejabberd
systemctl enable nginx
systemctl restart ejabberd
systemctl restart nginx
rm /02firstboot
Reference in New Issue View Git Blame Copy Permalink