forked from GNUsocial/gnu-social
Diogo Peralta Cordeiro
fb3e900b28
Fixed minor issues with Commong:config of env not being included and ported to local social yaml Fixed some regressions introduced with [CORE] Unset sensitive information from the environment
417 lines
17 KiB
Bash
Executable File
417 lines
17 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
# ------------ Find the root folder where social is installed --------------
|
|
INSTALL_DIR="${PWD}"
|
|
while true; do
|
|
if [ ! -f "${INSTALL_DIR}/social.yaml" ]; then
|
|
INSTALL_DIR="$(dirname "${INSTALL_DIR}")"
|
|
elif [ "${INSTALL_DIR}" = '/' ]; then
|
|
echo "The current folder and it's parents don't seem to contain a valid GNU social installation, exiting"
|
|
exit 1
|
|
else
|
|
break
|
|
fi
|
|
done
|
|
cd "${INSTALL_DIR}" || exit 1
|
|
# --------------------------------------------------------------------------
|
|
|
|
|
|
|
|
# ------------ Check whether the system has whiptail or dialog -------------
|
|
if command -v whiptail > /dev/null 2>&1; then
|
|
WHIPTAIL=whiptail
|
|
elif command -v dialog > /dev/null 2>&1; then
|
|
WHIPTAIL=dialog
|
|
else
|
|
echo "whiptail/dialog are not available, can't proceed"
|
|
exit 1
|
|
fi
|
|
|
|
# whiptail/dialog exits with 1 when cancelling through the UI, or 255 on ^C
|
|
validate_exit () {
|
|
case $1 in
|
|
1|255) printf "Canceling...\n" && exit 2 ;;
|
|
esac
|
|
}
|
|
# --------------------------------------------------------------------------
|
|
|
|
|
|
# TODO Add suport for other webservers
|
|
# ------------ Pick which services to configure through docker-compose and which to configure externally --------------
|
|
SERVICES=$(${WHIPTAIL} --title 'GNU social' --clear --backtitle 'GNU social' \
|
|
--menu "\nWelcome to the GNU social configurator. This program will help configure your GNU social node.\n\n\
|
|
Choose whether you prefer social to handle all the services it needs though docker,\nor if you'd rather use and configure your own:" 0 0 0 \
|
|
docker 'Docker service configuration' \
|
|
mixed 'Mixed docker/external service configuration' \
|
|
external 'External service configuration' \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
case ${SERVICES} in
|
|
'docker') DOCKER='"nginx" "certbot" "php" "db" "redis" "worker"' ;; # TODO enable and configure "mail"
|
|
'mixed')
|
|
DOCKER=$(${WHIPTAIL} --title 'GNU social Docker services' --clear --backtitle 'GNU social' \
|
|
--checklist "\nPick which of the following services you'd like to add to docker-compose.\n* indicates a service that has extra configuration" 0 0 0 \
|
|
nginx 'Configure NGINX' on \
|
|
certbot "Configure CertBot (automatic certificate renewing)" on \
|
|
php 'Configure PHP' on \
|
|
db 'Configure a DBMS*' on \
|
|
redis 'Configure Redis (optional, recommended)' on \
|
|
mail 'Confugure a mail server*' on \
|
|
worker 'Confugure container with worker queues' on \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
;;
|
|
'external') DOCKER='' ;;
|
|
esac
|
|
# --------------------------------------------------------------------------
|
|
|
|
|
|
|
|
# ------------ If the user requested the use of docker services, ensure we have `docker` and `docker-compose` --------------
|
|
case ${SERVICES} in
|
|
'mixed'|'docker')
|
|
if ! (command -v docker > /dev/null 2>&1 && command -v docker-compose > /dev/null 2>&1); then
|
|
echo "docker/docker-compose are not available, can't proceed"
|
|
exit 1
|
|
fi
|
|
;;
|
|
esac
|
|
# --------------------------------------------------------------------------
|
|
|
|
|
|
|
|
# ------------ Regarless of whether using a docker container for the DBMS or not, we need to know which we're using, and it's settings --------------
|
|
DBMS=$(${WHIPTAIL} --title 'GNU social DBMS' --clear --backtitle 'GNU social' \
|
|
--radiolist "\nPick which DBMS you'd like to use" 0 0 0 \
|
|
postgres 'Use PostgreSQL' on \
|
|
mariadb 'Use MariaDB' off \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
|
|
while true; do
|
|
DB_NAME=$(${WHIPTAIL} --title 'GNU social DB name' --clear --backtitle 'GNU social' \
|
|
--inputbox "\nEnter a name for the database to be used by social" 0 0 "social" \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
if [ -n "${DB_NAME}" ]; then break; fi
|
|
done
|
|
|
|
if [ "${DBMS}" = 'postgres' ]; then DB_USER="postgres"; else DB_USER="social"; fi
|
|
if echo "${DOCKER}" | grep -Fvq '"db"'; then
|
|
while true; do
|
|
DB_USER=$(${WHIPTAIL} --title 'GNU social DB user' --clear --backtitle 'GNU social' \
|
|
--inputbox "\nEnter a user name for social to connect to the database under" 0 0 "${DB_USER}" \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
if [ -n "${DB_USER}" ]; then break; fi
|
|
done
|
|
fi
|
|
while true; do
|
|
DB_PASSWORD=$(${WHIPTAIL} --title 'GNU social DB password' --clear --backtitle 'GNU social' \
|
|
--passwordbox "\nEnter a password for social to connect to the database with" 0 0 \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
if [ -n "${DB_PASSWORD}" ]; then break; fi
|
|
done
|
|
|
|
if [ "${DBMS}" = 'postgres' ]; then DB_DSN="postgresql://${DB_USER}:${DB_PASSWORD}@db:5432/${DB_NAME}";
|
|
else DB_DSN="mysql://${DB_USER}:${DB_PASSWORD}@db:3306/${DB_NAME}"; fi
|
|
if echo "${DOCKER}" | grep -Fvq '"db"'; then
|
|
while true; do
|
|
DB_DSN=$(${WHIPTAIL} --title 'GNU social DB DSN' --clear --backtitle 'GNU social' \
|
|
--inputbox "\nEnter the DSN/URL for social to connect to the database with" 0 0 \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
if [ -n "${DB_DSN}" ]; then break; fi
|
|
done
|
|
fi
|
|
|
|
if [ "${DBMS}" != 'postgres' ] && echo "${DOCKER}" | grep -Fq '"db"'; then
|
|
while true; do
|
|
DB_ROOT_PASSWORD=$(${WHIPTAIL} --title 'GNU social DB root user password' --clear --backtitle 'GNU social' \
|
|
--passwordbox "\nEnter a password for the database root user" 0 0 \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
if [ -n "${DB_ROOT_PASSWORD}" ]; then break; fi
|
|
done
|
|
fi
|
|
# --------------------------------------------------------------------------
|
|
|
|
|
|
# -------------------------------- PHP -------------------------------------
|
|
if echo "${DOCKER}" | grep -Fq '"php"'; then
|
|
${WHIPTAIL} --title "Build PHP container locally?" --clear --backtitle 'GNU social' \
|
|
--yesno "\nDo you want to compile the needed PHP extensions and build the container locally? (May provide better performance but requires more than 1GiB of RAM)" 0 0 \
|
|
--defaultno \
|
|
3>&1 1>&2 2>&3
|
|
BUILD_PHP=$((1-$?)) # Invert output
|
|
fi
|
|
# --------------------------------------------------------------------------
|
|
|
|
|
|
# ------------------------ Network configuration ----------------------------
|
|
while true; do
|
|
DOMAIN_ROOT=$(${WHIPTAIL} --title 'GNU social domain root' --clear --backtitle 'GNU social' \
|
|
--inputbox "\nEnter the root domain from where social will be served" 0 0 \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
if [ -n "${DOMAIN_ROOT}" ]; then break; fi
|
|
done
|
|
|
|
# Subdomain is optional
|
|
SUBDOMAIN=$(${WHIPTAIL} --title 'GNU social subdomain' --clear --backtitle 'GNU social' \
|
|
--inputbox "\nEnter the subdomain from where social will be served, if any" 0 0 \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
if [ -z "${SUBDOMAIN}" ]; then
|
|
DOMAIN="${DOMAIN_ROOT}"
|
|
else
|
|
DOMAIN="${SUBDOMAIN}.${DOMAIN_ROOT}"
|
|
fi
|
|
|
|
${WHIPTAIL} --title "Use Let's Encrypt certificate?" --clear --backtitle 'GNU social' \
|
|
--yesno "\nDo you want to use a certificate signed by Let's Encrypt? A self signed certificate will be created, \
|
|
as one is required, but you may provide your own" 0 0 \
|
|
3>&1 1>&2 2>&3
|
|
LE_CERT=$((1-$?)) # Invert output
|
|
|
|
if [ $LE_CERT -ne 0 ]; then
|
|
while true; do
|
|
EMAIL=$(${WHIPTAIL} --title 'GNU social admin email' --clear --backtitle 'GNU social' \
|
|
--inputbox "\nEnter the email to register the admin user under" 0 0 \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
if [ -n "${EMAIL}" ]; then break; fi
|
|
done
|
|
fi
|
|
|
|
while true; do
|
|
NODE_NAME=$(${WHIPTAIL} --title 'GNU social node name' --clear --backtitle 'GNU social' \
|
|
--inputbox "\nEnter the name for this GNU social node" 0 0 \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
if [ -n "${NODE_NAME}" ]; then break; fi
|
|
done
|
|
|
|
while true; do
|
|
NGINX_HTTP_PORT=$(${WHIPTAIL} --title 'GNU social HTTP port' --clear --backtitle 'GNU social' \
|
|
--inputbox "\nWhich port should NGINX use for HTTP traffic ('host:port' is also valid)" 0 0 "80" \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
if [ -n "${NGINX_HTTP_PORT}" ]; then break; fi
|
|
done
|
|
|
|
while true; do
|
|
NGINX_HTTPS_PORT=$(${WHIPTAIL} --title 'GNU social HTTPS port' --clear --backtitle 'GNU social' \
|
|
--inputbox "\nWhich port should NGINX use for HTTPS traffic ('host:port' is also valid)" 0 0 "443" \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
if [ -n "${NGINX_HTTPS_PORT}" ]; then break; fi
|
|
done
|
|
|
|
PHP_PORT=9000
|
|
if echo "${DOCKER}" | grep -Fvq '"php"'; then
|
|
while true; do
|
|
PHP_PORT=$(${WHIPTAIL} --title 'GNU social PHP service port' --clear --backtitle 'GNU social' \
|
|
--inputbox "\nWhich port should be used for PHP" 0 0 "9000" \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
if [ -n "${PHP_PORT}" ]; then break; fi
|
|
done
|
|
fi
|
|
# --------------------------------------------------------------------------
|
|
|
|
|
|
|
|
PROFILE=$(${WHIPTAIL} --title 'GNU social site profile' --clear --backtitle 'GNU social' \
|
|
--menu "\nPick one of the following node visibility presets:" 0 0 0 \
|
|
public 'Make this node publicly accessible, with open registration' \
|
|
community 'Make this node publicly accessible, but with invite-only registration' \
|
|
isolated 'Make this node publicly accessible, with open registration but do not federate' \
|
|
private 'Make this node publicly accessible, but with invite-only registration, only registered users can see feeds' \
|
|
single_user 'Like public, but only allows registering one user' \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
|
|
|
|
|
|
# ------------ Mail server --------------
|
|
MAILER_DSN='sendmail://localhost'
|
|
if false; then
|
|
if echo "${DOCKER}" | grep -Fvq '"mail"'; then
|
|
while true; do
|
|
MAILER_DSN=$(${WHIPTAIL} --title 'GNU social mail server DSN' --clear --backtitle 'GNU social' \
|
|
--inputbox "\nEnter a DSN/URL social will use to connect to the mail server" 0 0 "${MAILER_DSN}" \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
if [ -n "${MAILER_DSN}" ]; then break; fi
|
|
done
|
|
while true; do
|
|
MAIL_DOMAIN=$(${WHIPTAIL} --title 'GNU social mail server domain' --clear --backtitle 'GNU social' \
|
|
--inputbox "\nEnter the domain social will use to serve mail" 0 0 "${DOMAIN_ROOT}" \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
if [ -n "${MAIL_DOMAIN}" ]; then break; fi
|
|
done
|
|
fi
|
|
|
|
if echo "${DOCKER}" | grep -Fq '"mail"'; then
|
|
while true; do
|
|
MAIL_DOMAIN_ROOT=$(${WHIPTAIL} --title 'GNU social mail server domain' --clear --backtitle 'GNU social' \
|
|
--inputbox "\nEnter the root domain social will use to serve mail" 0 0 "${DOMAIN_ROOT}" \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
if [ -n "${MAIL_DOMAIN_ROOT}" ]; then break; fi
|
|
done
|
|
|
|
MAIL_SUBDOMAIN=$(${WHIPTAIL} --title 'GNU social mail server subdomain' --clear --backtitle 'GNU social' \
|
|
--inputbox "\nEnter a subdomain social will send email from (optional, can be empty)" 0 0 \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
|
|
if [ -z "${MAIL_SUBDOMAIN}" ]; then
|
|
MAIL_DOMAIN="${MAIL_DOMAIN_ROOT}"
|
|
else
|
|
MAIL_DOMAIN="${MAIL_SUBDOMAIN}.${MAIL_DOMAIN_ROOT}"
|
|
fi
|
|
|
|
while true; do
|
|
MAIL_SENDER_USER=$(${WHIPTAIL} --title 'GNU social mail sender user' --clear --backtitle 'GNU social' \
|
|
--inputbox "\nEnter the user emails should be sent from (email without @domain)" 0 0 \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
if [ -n "${MAIL_SENDER_USER}" ]; then break; fi
|
|
done
|
|
|
|
while true; do
|
|
MAIL_SENDER_NAME=$(${WHIPTAIL} --title 'GNU social mail sender name' --clear --backtitle 'GNU social' \
|
|
--inputbox "\nEnter the name emails should be sent from" 0 0 "${NODE_NAME}" \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
if [ -n "${MAIL_SENDER_NAME}" ]; then break; fi
|
|
done
|
|
|
|
while true; do
|
|
MAIL_PASSWORD=$(${WHIPTAIL} --title 'GNU social mail password' --clear --backtitle 'GNU social' \
|
|
--passwordbox "\nEnter a password for the user in the mail server" 0 0 \
|
|
3>&1 1>&2 2>&3)
|
|
validate_exit $?
|
|
if [ -n "${MAIL_PASSWORD}" ]; then break; fi
|
|
done
|
|
fi
|
|
fi
|
|
# --------------------------------------------------------------------------
|
|
|
|
|
|
|
|
# --------------- Ensure we have the needed certificates -------------------
|
|
mkdir -p "${INSTALL_DIR}/docker/bootstrap"
|
|
cat > "${INSTALL_DIR}/docker/bootstrap/bootstrap.env" <<EOF
|
|
#!/bin/sh
|
|
DOMAIN_ROOT=${DOMAIN_ROOT}
|
|
WEB_DOMAIN=${DOMAIN}
|
|
MAIL_DOMAIN=${MAIL_DOMAIN}
|
|
SIGNED=${LE_CERT}
|
|
EOF
|
|
[ -n "${EMAIL}" ] && echo EMAIL="${EMAIL}" >> "${INSTALL_DIR}/docker/bootstrap/bootstrap.env"
|
|
|
|
chmod +x ./docker/bootstrap/bootstrap.env
|
|
docker-compose -f docker/bootstrap/bootstrap.yaml up
|
|
validate_exit $?
|
|
# --------------------------------------------------------------------------
|
|
|
|
|
|
|
|
# ------------ Configure parameters for the creation of docker containers --------------
|
|
mkdir -p "${INSTALL_DIR}/docker/db"
|
|
if [ "${DBMS}" = 'postgres' ]; then
|
|
cat > "${INSTALL_DIR}/docker/db/db.env" <<EOF
|
|
DBMS=${DBMS}
|
|
POSTGRES_USER=postgres
|
|
POSTGRES_PASSWORD=${DB_PASSWORD}
|
|
EOF
|
|
else
|
|
cat > "${INSTALL_DIR}/docker/db/db.env" <<EOF
|
|
DBMS=${DBMS}
|
|
MYSQL_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
|
|
MYSQL_DATABASE=${DB_NAME}
|
|
MYSQL_USER=${DB_USER}
|
|
MYSQL_PASSWORD=${DB_PASSWORD}
|
|
EOF
|
|
fi
|
|
|
|
touch .env.local
|
|
sed -ri 's/DATABASE_URL=.*//' .env.local
|
|
echo "DATABASE_URL=${DB_DSN}" >> .env.local
|
|
sed -ri 's/MAILER_DSN=.*//' .env.local
|
|
echo "MAILER_DSN=${MAILER_DSN}" >> .env.local
|
|
|
|
mkdir -p "${INSTALL_DIR}/docker/social"
|
|
cat > "${INSTALL_DIR}/docker/social/social.env" <<EOF
|
|
SOCIAL_DBMS=${DBMS}
|
|
SOCIAL_DB=${DB_NAME}
|
|
SOCIAL_USER=${DB_USER}
|
|
SOCIAL_PASSWORD=${DB_PASSWORD}
|
|
CONFIG_DOMAIN=${DOMAIN}
|
|
CONFIG_NODE_NAME=${NODE_NAME}
|
|
SOCIAL_ADMIN_EMAIL=${EMAIL}
|
|
SOCIAL_SITE_PROFILE=${PROFILE}
|
|
MAILER_DSN=${MAILER_DSN}
|
|
EOF
|
|
# --------------------------------------------------------------------------
|
|
|
|
# TODO create admin user
|
|
#SOCIAL_ADMIN_NICK="${ADMIN_NICK}"
|
|
#SOCIAL_ADMIN_PASSWORD="${ADMIN_PASSWORD}"
|
|
|
|
|
|
|
|
# --------------- Write mail configuration, and setup ----------------------
|
|
mkdir -p "${INSTALL_DIR}/docker/mail"
|
|
|
|
HASHED_PASSWORD="{SHA512-CRYPT}"$(echo "${MAIL_PASSWORD}" | openssl passwd -6 -in -)
|
|
|
|
cat > "${INSTALL_DIR}/docker/mail/mail.env" <<EOF
|
|
MAIL_DOMAIN=${MAIL_DOMAIN}
|
|
MAIL_DOMAIN_ROOT=${MAIL_DOMAIN_ROOT}
|
|
MAIL_USER=${MAIL_SENDER_USER}
|
|
MAIL_NAME=${MAIL_SENDER_NAME}
|
|
MAIL_ADDRESS=${MAIL_SENDER_USER}@${MAIL_DOMAIN}
|
|
SSL_CERT=/etc/letsencrypt/live/${MAIL_DOMAIN}/fullchain.pem
|
|
SSL_KEY=/etc/letsencrypt/live/${MAIL_DOMAIN}/privkey.pem
|
|
HASHED_PASSWORD=${HASHED_PASSWORD}
|
|
EOF
|
|
# --------------------------------------------------------------------------
|
|
|
|
|
|
|
|
# ------------------- Write docker-compose config file ---------------------
|
|
cat > "${INSTALL_DIR}/docker-compose.yaml" <<EOF
|
|
version: '3'
|
|
|
|
services:
|
|
EOF
|
|
|
|
export DOCKER="${DOCKER}"
|
|
export NGINX_HTTP_PORT="${NGINX_HTTP_PORT}"
|
|
export NGINX_HTTPS_PORT="${NGINX_HTTPS_PORT}"
|
|
export PHP_PORT="${PHP_PORT}"
|
|
export DBMS="${DBMS}"
|
|
export BUILD_PHP="${BUILD_PHP}"
|
|
export LE_CERT="${LE_CERT}"
|
|
|
|
for SERV in ${DOCKER}; do
|
|
SERV=$(echo "${SERV}" | sed -r 's/"([^"]*)"/\1/')
|
|
sh "${INSTALL_DIR}/docker/${SERV}/docker-compose.fragment.sh" >> "${INSTALL_DIR}/docker-compose.yaml"
|
|
done
|
|
|
|
if echo "${DOCKER}" | grep -Fq '"db"'; then
|
|
cat >> "${INSTALL_DIR}/docker-compose.yaml" <<EOF
|
|
volumes:
|
|
database:
|
|
EOF
|
|
fi
|
|
# --------------------------------------------------------------------------
|
|
|
|
cd "${OLDPWD}" || exit 1
|