76 lines
2.8 KiB
Bash
Executable File
76 lines
2.8 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# variables
|
|
LABEL="DATA"
|
|
DATABASE_PASS="Di1sgPgSQLPw."
|
|
ADMIN_PASS="tryton"
|
|
TLD="example.com"
|
|
HOST="tryton"
|
|
ORGNAME="Tryton example"
|
|
|
|
# start
|
|
set -e
|
|
|
|
PGVER=$(eselect postgresql show)
|
|
|
|
[ -e /01firstboot ] && exit 0
|
|
[ -e /02firstboot ] || exit 0
|
|
|
|
systemctl stop postgresql-$PGVER
|
|
if [ ! -d "/$LABEL/var/lib/postgresql" ]; then
|
|
echo 'Create tryton database...'
|
|
mkdir -p "/$LABEL/var/lib"
|
|
rm -rf "/$LABEL/var/lib/postgresql.orig"
|
|
cp -a "/var/lib/postgresql" "/$LABEL/var/lib/postgresql.orig"
|
|
mv "/var/lib/postgresql" "/$LABEL/var/lib/postgresql"
|
|
ln -s "/$LABEL/var/lib/postgresql" "/var/lib/postgresql"
|
|
systemctl start postgresql-$PGVER
|
|
psql -U postgres -d postgres -c "CREATE ROLE trytond WITH LOGIN;"
|
|
psql -U postgres -d postgres -c "ALTER USER trytond WITH PASSWORD '$DATABASE_PASS';"
|
|
psql -U postgres -d postgres -c "CREATE DATABASE trytond WITH OWNER trytond;"
|
|
export TRYTONPASSFILE=/tmp/trytonpassfile
|
|
echo -n "$ADMIN_PASS" > "$TRYTONPASSFILE"
|
|
trytond-admin -c /etc/trytond/trytond.conf -d trytond --all --email admin@$TLD
|
|
rm -f "$TRYTONPASSFILE"
|
|
else
|
|
echo 'start PostgreSQL DB...'
|
|
if [ ! -L /var/lib/postgresql ]; then
|
|
rm -rf "/$LABEL/var/lib/postgresql.orig"
|
|
mv "/var/lib/postgresql" "/$LABEL/var/lib/postgresql.orig"
|
|
ln -s "/$LABEL/var/lib/postgresql" "/var/lib/postgresql"
|
|
fi
|
|
systemctl start postgresql-$PGVER
|
|
fi
|
|
|
|
if [ ! -f "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" ]; then
|
|
echo 'Create certificates...'
|
|
mkdir -p "/$LABEL/CERTS/KEYS/"
|
|
mkdir -p "/$LABEL/CERTS/$HOST.$TLD"
|
|
echo "FQDN = $HOST.$TLD" > "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
|
echo "ORGNAME = $ORGNAME" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
|
echo "ALTNAMES = DNS:$HOST.$TLD , DNS:$TLD" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
|
echo -e "\n[ req ]\ndefault_bits = 4096\ndefault_md = sha256\nprompt = no\nencrypt_key = no\ndistinguished_name = dn\nreq_extensions = req_ext\ndefault_keyfile = ../KEYS/\$FQDN-key.pem\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
|
echo -e "\n[ dn ]\nC = DE\nO = \$ORGNAME\nCN = \$FQDN\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
|
echo -e "\n[ req_ext ]\nsubjectAltName = \$ALTNAMES" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
|
openssl req -x509 -new -config "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" -out "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" -keyout "/$LABEL/CERTS/KEYS/$HOST.$TLD-key.pem"
|
|
cp "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-fullchain.pem"
|
|
touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem"
|
|
fi
|
|
|
|
rm -rf /etc/ssl/trytond
|
|
rm -rf /etc/ssl/nginx
|
|
mkdir -p /etc/ssl
|
|
ln -sf "/$LABEL/etc/ssl/trytond" "/etc/ssl/trytond"
|
|
ln -sf "/$LABEL/etc/ssl/nginx" "/etc/ssl/nginx"
|
|
|
|
/etc/ssl/cert-renew.sh
|
|
|
|
systemctl enable postgresql-$PGVER
|
|
systemctl enable trytond
|
|
systemctl enable nginx
|
|
|
|
systemctl restart trytond
|
|
systemctl restart nginx
|
|
|
|
rm /02firstboot
|