72 lines
1.9 KiB
Elixir
72 lines
1.9 KiB
Elixir
#!/bin/sh
|
|
|
|
if [ -f <%= @data_dir %>/tls.key ] ; then
|
|
echo "[ok] TLS keys for https endpoint"
|
|
else
|
|
echo "[create] TLS keys for https endpoint"
|
|
cat > <%= @data_dir %>/request.txt <<INNER_EOF
|
|
[req]
|
|
default_bits = 4096
|
|
default_md = sha256
|
|
distinguished_name = req_distinguished_name
|
|
x509_extensions = v3_req
|
|
prompt = no
|
|
[req_distinguished_name]
|
|
C = NA
|
|
ST = NA
|
|
L = NA
|
|
O = NA
|
|
OU = NA
|
|
CN = <%= @name %>.local
|
|
[v3_req]
|
|
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
|
|
extendedKeyUsage = serverAuth
|
|
subjectAltName = @alt_names
|
|
[alt_names]
|
|
DNS.1 = <%= @name %>.local
|
|
DNS.2 = localhost
|
|
IP.1 = 127.0.0.1
|
|
INNER_EOF
|
|
openssl req -new -nodes -x509 -days 36500 -newkey rsa:2048 -keyout <%= @data_dir %>/tls.key -out <%= @data_dir %>/tls.crt -config <%= @data_dir %>/request.txt
|
|
rm <%= @data_dir %>/request.txt
|
|
chown -R <%= @user %>:<%= @group %> <%= @data_dir %>
|
|
fi
|
|
|
|
# Check if the secret-key is already set in @env_file
|
|
if grep -q "CHANGE-ME" <%= @env_file %> ; then
|
|
echo "[create] Secret-key for web server"
|
|
SECRET_KEY="$( openssl rand -base64 128 | strings | grep -o '[[:alnum:]]' | head -n 64 | tr -d '\n'; echo )"
|
|
sed -i '' -e "s/CHANGE-ME/${SECRET_KEY}/g" <%= @env_file %>
|
|
else
|
|
echo "[ok] Secret-key for web server"
|
|
fi
|
|
|
|
# Migrate database
|
|
echo "[migrate] Database"
|
|
<%= @app_dir %>/bin/<%= @name %> eval "Freedive.Release.migrate"
|
|
|
|
# Install inotify-tools
|
|
if pkg info inotify-tools > /dev/null 2>&1 ; then
|
|
echo "[ok] inotify-tools is installed"
|
|
else
|
|
echo "[install] inotify-tools"
|
|
pkg install -U -y inotify-tools
|
|
fi
|
|
|
|
|
|
# Install doas
|
|
if pkg info doas > /dev/null 2>&1 ; then
|
|
echo "[ok] doas is installed"
|
|
else
|
|
echo "[install] doas"
|
|
pkg install -U -y doas
|
|
fi
|
|
|
|
# Configure doas
|
|
touch /usr/local/etc/doas.conf
|
|
if ! grep -q "permit nopass <%= @user %> as root" /usr/local/etc/doas.conf ; then
|
|
echo "[configure] doas"
|
|
echo "permit nopass <%= @user %> as root" >> /usr/local/etc/doas.conf
|
|
else
|
|
echo "[ok] doas is configured"
|
|
fi
|