va-kivitendo/appliance/02firstboot.start

#!/bin/bash

# variables
LABEL="DATA"
DATABASE_PASS=$(head -c 300 /dev/urandom | tr -cd 'a-zA-Z0-9' | head -c 16)
ADMIN_PASS=$(head -c 300 /dev/urandom | tr -cd 'a-zA-Z0-9' | head -c 8)
TLD="example.com"
HOST="kivitendo"
ORGNAME="Kivitendo example"

# start
set -e

PGVER=$(eselect postgresql show)

[ -e /01firstboot ] && exit 0
[ -e /02firstboot ] || exit 0

# Kivitendo configuration
if [ ! -L /var/www/localhost/kivitendo-erp/config/kivitendo.conf ]; then
    if [ ! -f "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf" ]; then
        echo 'Create Kivitendo config...'
        mkdir -p "/$LABEL/var/www/localhost/kivitendo-erp/config"
        echo "[authentication]" > "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "admin_password = $ADMIN_PASS" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "cookie_name = kivitendo_session_01" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "session_timeout = 600" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "[authentication/database]" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "host     = localhost" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "port     = 5432" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "db       = kivitendo_auth" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "user     = kivitendo" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "password = $DATABASE_PASS" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "[system]" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "language = de" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "stylesheet = kivitendo" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "default_manager = german" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "[paths]" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "document_path = /var/www/localhost/kivitendo-erp/documents" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "[task_server]" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        echo "run_as = apache" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"
        ln -s "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf" /var/www/localhost/kivitendo-erp/config/kivitendo.conf
        echo "/var/www/localhost/kivitendo-erp/config/kivitendo.conf" >> /DATA/.APPLIANCE/populate-data/LINK
    fi
fi

# Database
systemctl stop postgresql-$PGVER
if [ ! -d "/$LABEL/var/lib/postgresql" ]; then
	echo 'Create kivitendo db user and auth database...'
	mkdir -p "/$LABEL/var/lib"
	rm -rf "/$LABEL/var/lib/postgresql.orig"
	cp -a "/var/lib/postgresql" "/$LABEL/var/lib/postgresql.orig"
	mv "/var/lib/postgresql" "/$LABEL/var/lib/postgresql"
	ln -s "/$LABEL/var/lib/postgresql" "/var/lib/postgresql"
	systemctl start postgresql-$PGVER
	psql -U postgres -d template1 -c "CREATE EXTENSION IF NOT EXISTS plpgsql;"
	psql -U postgres -d postgres -c "CREATE ROLE kivitendo WITH LOGIN;"
	psql -U postgres -d postgres -c "ALTER USER kivitendo WITH PASSWORD '$DATABASE_PASS';"
	# laut Kivitendo-Doku benötigt der Datenbankbenutzer "postgres" ein Paßwort
	# Dieses wird im Folgenden auf das Kivitendo-Admin-Paßwort gesetzt
	# Zumindest hier unter Gentoo wird das aber trotzdem nicht abgefragt.
	# Evtl. gibt es dann Probleme mit Trigram Prozeduren.
	psql -U postgres -d postgres -c "ALTER USER postgres WITH PASSWORD '$ADMIN_PASS';"
	# Das Folgende steht auch nicht in der Doku, ohne kann aber über die Admin-GUI
	# keine Mandanten-Datenbank angelegt werden
	psql -U postgres -d postgres -c "ALTER USER kivitendo CREATEDB;"
else
	echo 'start PostgreSQL DB...'
	if [ ! -L /var/lib/postgresql ]; then
		rm -rf "/$LABEL/var/lib/postgresql.orig"
		mv "/var/lib/postgresql" "/$LABEL/var/lib/postgresql.orig"
		ln -s "/$LABEL/var/lib/postgresql" "/var/lib/postgresql"
	fi
	systemctl start postgresql-$PGVER
fi

# Certificate
if [ ! -f "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" ]; then
	echo 'Create certificates...'
	mkdir -p "/$LABEL/CERTS/KEYS/"
	mkdir -p "/$LABEL/CERTS/$HOST.$TLD"
	echo "FQDN = $HOST.$TLD" > "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
	echo "ORGNAME = $ORGNAME" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
	echo "ALTNAMES = DNS:$HOST.$TLD , DNS:$TLD" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
	echo -e "\n[ req ]\ndefault_bits = 4096\ndefault_md = sha256\nprompt = no\nencrypt_key = no\ndistinguished_name = dn\nreq_extensions = req_ext\ndefault_keyfile = ../KEYS/\$FQDN-key.pem\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
	echo -e "\n[ dn ]\nC = DE\nO = \$ORGNAME\nCN = \$FQDN\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
	echo -e "\n[ req_ext ]\nsubjectAltName = \$ALTNAMES" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
	openssl req -x509 -new -config "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" -out "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" -keyout "/$LABEL/CERTS/KEYS/$HOST.$TLD-key.pem"
	cp "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-fullchain.pem"
	touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem"
fi

rm -rf /etc/ssl/apache2
mkdir -p /etc/ssl
ln -sf "/$LABEL/etc/ssl/apache2" "/etc/ssl/apache2"

/etc/ssl/cert-renew.sh

systemctl enable postgresql-$PGVER
systemctl enable apache2

systemctl restart apache2

rm /02firstboot
first release 2024-11-16 10:03:25 +01:00			`#!/bin/bash`

			`# variables`
			`LABEL="DATA"`
			`DATABASE_PASS=$(head -c 300 /dev/urandom \| tr -cd 'a-zA-Z0-9' \| head -c 16)`
			`ADMIN_PASS=$(head -c 300 /dev/urandom \| tr -cd 'a-zA-Z0-9' \| head -c 8)`
			`TLD="example.com"`
			`HOST="kivitendo"`
			`ORGNAME="Kivitendo example"`

			`# start`
			`set -e`

			`PGVER=$(eselect postgresql show)`

			`[ -e /01firstboot ] && exit 0`
			`[ -e /02firstboot ] \|\| exit 0`

			`# Kivitendo configuration`
			`if [ ! -L /var/www/localhost/kivitendo-erp/config/kivitendo.conf ]; then`
			`if [ ! -f "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf" ]; then`
			`echo 'Create Kivitendo config...'`
			`mkdir -p "/$LABEL/var/www/localhost/kivitendo-erp/config"`
			`echo "[authentication]" > "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "admin_password = $ADMIN_PASS" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "cookie_name = kivitendo_session_01" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "session_timeout = 600" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "[authentication/database]" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "host = localhost" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "port = 5432" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "db = kivitendo_auth" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "user = kivitendo" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "password = $DATABASE_PASS" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "[system]" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "language = de" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "stylesheet = kivitendo" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "default_manager = german" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "[paths]" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "document_path = /var/www/localhost/kivitendo-erp/documents" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "[task_server]" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`echo "run_as = apache" >> "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf"`
			`ln -s "/$LABEL/var/www/localhost/kivitendo-erp/config/kivitendo.conf" /var/www/localhost/kivitendo-erp/config/kivitendo.conf`
			`echo "/var/www/localhost/kivitendo-erp/config/kivitendo.conf" >> /DATA/.APPLIANCE/populate-data/LINK`
			`fi`
			`fi`

			`# Database`
			`systemctl stop postgresql-$PGVER`
			`if [ ! -d "/$LABEL/var/lib/postgresql" ]; then`
			`echo 'Create kivitendo db user and auth database...'`
			`mkdir -p "/$LABEL/var/lib"`
			`rm -rf "/$LABEL/var/lib/postgresql.orig"`
			`cp -a "/var/lib/postgresql" "/$LABEL/var/lib/postgresql.orig"`
			`mv "/var/lib/postgresql" "/$LABEL/var/lib/postgresql"`
			`ln -s "/$LABEL/var/lib/postgresql" "/var/lib/postgresql"`
			`systemctl start postgresql-$PGVER`
			`psql -U postgres -d template1 -c "CREATE EXTENSION IF NOT EXISTS plpgsql;"`
			`psql -U postgres -d postgres -c "CREATE ROLE kivitendo WITH LOGIN;"`
			`psql -U postgres -d postgres -c "ALTER USER kivitendo WITH PASSWORD '$DATABASE_PASS';"`
			`# laut Kivitendo-Doku benötigt der Datenbankbenutzer "postgres" ein Paßwort`
			`# Dieses wird im Folgenden auf das Kivitendo-Admin-Paßwort gesetzt`
			`# Zumindest hier unter Gentoo wird das aber trotzdem nicht abgefragt.`
			`# Evtl. gibt es dann Probleme mit Trigram Prozeduren.`
			`psql -U postgres -d postgres -c "ALTER USER postgres WITH PASSWORD '$ADMIN_PASS';"`
			`# Das Folgende steht auch nicht in der Doku, ohne kann aber über die Admin-GUI`
			`# keine Mandanten-Datenbank angelegt werden`
			`psql -U postgres -d postgres -c "ALTER USER kivitendo CREATEDB;"`
			`else`
			`echo 'start PostgreSQL DB...'`
			`if [ ! -L /var/lib/postgresql ]; then`
			`rm -rf "/$LABEL/var/lib/postgresql.orig"`
			`mv "/var/lib/postgresql" "/$LABEL/var/lib/postgresql.orig"`
			`ln -s "/$LABEL/var/lib/postgresql" "/var/lib/postgresql"`
			`fi`
			`systemctl start postgresql-$PGVER`
			`fi`

			`# Certificate`
			`if [ ! -f "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" ]; then`
			`echo 'Create certificates...'`
			`mkdir -p "/$LABEL/CERTS/KEYS/"`
			`mkdir -p "/$LABEL/CERTS/$HOST.$TLD"`
			`echo "FQDN = $HOST.$TLD" > "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"`
			`echo "ORGNAME = $ORGNAME" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"`
			`echo "ALTNAMES = DNS:$HOST.$TLD , DNS:$TLD" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"`
			`echo -e "\n[ req ]\ndefault_bits = 4096\ndefault_md = sha256\nprompt = no\nencrypt_key = no\ndistinguished_name = dn\nreq_extensions = req_ext\ndefault_keyfile = ../KEYS/\$FQDN-key.pem\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"`
			`echo -e "\n[ dn ]\nC = DE\nO = \$ORGNAME\nCN = \$FQDN\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"`
			`echo -e "\n[ req_ext ]\nsubjectAltName = \$ALTNAMES" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"`
			`openssl req -x509 -new -config "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" -out "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" -keyout "/$LABEL/CERTS/KEYS/$HOST.$TLD-key.pem"`
			`cp "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-fullchain.pem"`
			`touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem"`
			`fi`

			`rm -rf /etc/ssl/apache2`
			`mkdir -p /etc/ssl`
			`ln -sf "/$LABEL/etc/ssl/apache2" "/etc/ssl/apache2"`

			`/etc/ssl/cert-renew.sh`

			`systemctl enable postgresql-$PGVER`
			`systemctl enable apache2`

			`systemctl restart apache2`

			`rm /02firstboot`