gyptazy/freedive
1
0
Fork 0
forked from hiway/freedive
Code Pull requests Activity
freedive/priv/freebsd/service_init.sh.eex

72 lines
1.9 KiB
Elixir
Raw Permalink Blame History

#!/bin/sh
if [ -f <%= @data_dir %>/tls.key ] ; then
echo "[ok] TLS keys for https endpoint"
else
echo "[create] TLS keys for https endpoint"
cat > <%= @data_dir %>/request.txt <<INNER_EOF
[req]
default_bits = 4096
default_md = sha256
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = NA
ST = NA
L = NA
O = NA
OU = NA
CN = <%= @name %>.local
[v3_req]
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = <%= @name %>.local
DNS.2 = localhost
IP.1 = 127.0.0.1
INNER_EOF
openssl req -new -nodes -x509 -days 36500 -newkey rsa:2048 -keyout <%= @data_dir %>/tls.key -out <%= @data_dir %>/tls.crt -config <%= @data_dir %>/request.txt
rm <%= @data_dir %>/request.txt
chown -R <%= @user %>:<%= @group %> <%= @data_dir %>
fi
# Check if the secret-key is already set in @env_file
if grep -q "CHANGE-ME" <%= @env_file %> ; then
echo "[create] Secret-key for web server"
SECRET_KEY="$( openssl rand -base64 128 | strings | grep -o '[[:alnum:]]' | head -n 64 | tr -d '\n'; echo )"
sed -i '' -e "s/CHANGE-ME/${SECRET_KEY}/g" <%= @env_file %>
else
echo "[ok] Secret-key for web server"
fi
# Migrate database
echo "[migrate] Database"
<%= @app_dir %>/bin/<%= @name %> eval "Freedive.Release.migrate"
# Install inotify-tools
if pkg info inotify-tools > /dev/null 2>&1 ; then
echo "[ok] inotify-tools is installed"
else
echo "[install] inotify-tools"
pkg install -U -y inotify-tools
fi
# Install doas
if pkg info doas > /dev/null 2>&1 ; then
echo "[ok] doas is installed"
else
echo "[install] doas"
pkg install -U -y doas
fi
# Configure doas
touch /usr/local/etc/doas.conf
if ! grep -q "permit nopass <%= @user %> as root" /usr/local/etc/doas.conf ; then
echo "[configure] doas"
echo "permit nopass <%= @user %> as root" >> /usr/local/etc/doas.conf
else
echo "[ok] doas is configured"
fi
View git blame Copy permalink