freedive/priv/freebsd/service_init.sh.eex

#!/bin/sh

if [ -f <%= @data_dir %>/tls.key ] ; then
  echo "[ok] TLS keys for https endpoint"
else
  echo "[create] TLS keys for https endpoint"
  cat > <%= @data_dir %>/request.txt <<INNER_EOF
[req]
default_bits = 4096
default_md = sha256
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = NA
ST = NA
L = NA
O = NA
OU = NA
CN = <%= @name %>.local
[v3_req]
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = <%= @name %>.local
DNS.2 = localhost
IP.1 = 127.0.0.1
INNER_EOF
  openssl req -new -nodes -x509 -days 36500 -newkey rsa:2048 -keyout <%= @data_dir %>/tls.key -out <%= @data_dir %>/tls.crt -config <%= @data_dir %>/request.txt
  rm <%= @data_dir %>/request.txt
  chown -R <%= @user %>:<%= @group %> <%= @data_dir %>
fi

# Check if the secret-key is already set in @env_file
if grep -q "CHANGE-ME" <%= @env_file %> ; then
  echo "[create] Secret-key for web server"
  SECRET_KEY="$( openssl rand -base64 128 | strings | grep -o '[[:alnum:]]' | head -n 64 | tr -d '\n'; echo )"
  sed -i '' -e "s/CHANGE-ME/${SECRET_KEY}/g" <%= @env_file %>
else
  echo "[ok] Secret-key for web server"
fi

# Migrate database
echo "[migrate] Database"
<%= @app_dir %>/bin/<%= @name %> eval "Freedive.Release.migrate"
Add FreeBSD packaging 2024-05-13 17:26:07 +02:00			`#!/bin/sh`

			`if [ -f <%= @data_dir %>/tls.key ] ; then`
			`echo "[ok] TLS keys for https endpoint"`
			`else`
			`echo "[create] TLS keys for https endpoint"`
			`cat > <%= @data_dir %>/request.txt <<INNER_EOF`
			`[req]`
			`default_bits = 4096`
			`default_md = sha256`
			`distinguished_name = req_distinguished_name`
			`x509_extensions = v3_req`
			`prompt = no`
			`[req_distinguished_name]`
			`C = NA`
			`ST = NA`
			`L = NA`
			`O = NA`
			`OU = NA`
			`CN = <%= @name %>.local`
			`[v3_req]`
			`keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment`
			`extendedKeyUsage = serverAuth`
			`subjectAltName = @alt_names`
			`[alt_names]`
			`DNS.1 = <%= @name %>.local`
			`DNS.2 = localhost`
			`IP.1 = 127.0.0.1`
			`INNER_EOF`
			`openssl req -new -nodes -x509 -days 36500 -newkey rsa:2048 -keyout <%= @data_dir %>/tls.key -out <%= @data_dir %>/tls.crt -config <%= @data_dir %>/request.txt`
			`rm <%= @data_dir %>/request.txt`
			`chown -R <%= @user %>:<%= @group %> <%= @data_dir %>`
			`fi`

			`# Check if the secret-key is already set in @env_file`
			`if grep -q "CHANGE-ME" <%= @env_file %> ; then`
			`echo "[create] Secret-key for web server"`
			`SECRET_KEY="$( openssl rand -base64 128 \| strings \| grep -o '[[:alnum:]]' \| head -n 64 \| tr -d '\n'; echo )"`
			`sed -i '' -e "s/CHANGE-ME/${SECRET_KEY}/g" <%= @env_file %>`
			`else`
			`echo "[ok] Secret-key for web server"`
			`fi`

			`# Migrate database`
			`echo "[migrate] Database"`
			`<%= @app_dir %>/bin/<%= @name %> eval "Freedive.Release.migrate"`