npm - @drumee/setup-infra - Versions diffs - 1.0.15 → 1.0.16 - Mend

@drumee/setup-infra 1.0.15 → 1.0.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (74) hide show

package/bin/create-local-certs ADDED Viewed

@@ -0,0 +1,38 @@
+#!/bin/bash
+function self_sign(){
+  domain=$1
+  echo "Configuring certificates for $1..."
+  cnf_dir="/etc/drumee/certs/${domain}_ecc"
+  cnf=$cnf_dir/${domain}.cnf
+  if [ ! -f $cnf ]; then
+    echo "Local certificates could not be created. $cnf is missing "
+    exit 1
+  fi
+  cd $cnf_dir
+  openssl req -x509 -newkey rsa:4096 -keyout ${domain}.key -out ${domain}.cer -sha256 -days 3650 -nodes -config $cnf
+  target=/usr/local/share/ca-certificates
+  cp ${domain}.cer $target/
+  cp ${domain}.key $target/
+  chmod g+r $target/${domain}.key
+  openssl x509 -outform der -in ${domain}.cer -out $DRUMEE_STATIC_DIR/certs/${domain}.der
+}
+#-------------------
+mkdir -p $DRUMEE_STATIC_DIR/certs
+if [ "$PRIVATE_DOMAIN" != "" ]; then
+  self_sign $PRIVATE_DOMAIN
+fi
+if [ "$JITSI_DOMAIN" != "" ]; then
+  self_sign $JITSI_DOMAIN
+fi
+update-ca-certificates

package/bin/env CHANGED Viewed

@@ -39,11 +39,14 @@ protect_dir() {
       echo "No directory to protect. Skipped"
     fi
   else
-    mkdir -p $dir
-    chown -R $DRUMEE_SYSTEM_USER:$DRUMEE_SYSTEM_GROUP $dir
-    if [ "$confidential" = "yes" ]; then
-      chmod -R go-rwx $dir
+    ro=$(grep $dir /proc/mounts | sed -E "s/^.+(ro).+$/readl-only/")
+    if [ "$ro" != "read-only" ]; then
+      mkdir -p $dir
+      chown -R $DRUMEE_SYSTEM_USER:$DRUMEE_SYSTEM_GROUP $dir
+      if [ "$confidential" = "yes" ]; then
+        chmod -R go-rwx $dir
+      fi
+      chmod -R u+rwx $dir
     fi
-    chmod -R u+rwx $dir
   fi
 }

package/bin/init-acme CHANGED Viewed

@@ -13,8 +13,13 @@ echo "Configuring certificates..."
 function make_certs(){
   sum=0
   dom=$1
+  method=dns_nsupdate
+  if [ "$2" != "" -a -f "$2" ]; then
+    source $2 # source env filen
+    method=dns_$ACME_PROVIDER # https://github.com/acmesh-official/acme.sh/wiki/dnsapi
+  fi
   echo Generating "${dom}" cetificates...
-  OPTIONS="--issue -d $dom -d "*.${dom}" --home $ACME_DIR --config-home $ACME_DIR/configs --cert-home $CERTS_DIR --dns dns_nsupdate"
+  OPTIONS="--issue -d $dom -d "*.${dom}" --home $ACME_DIR --config-home $ACME_DIR/configs --cert-home $CERTS_DIR --dns ${method}"
   ./acme.sh $OPTIONS
   while [ ! -f ${CERTS_DIR}/${dom}_ecc/fullchain.cer ]; do
     ./acme.sh $OPTIONS
@@ -31,6 +36,20 @@ function make_certs(){
     fi
     sum=$(expr 1 + $sum)
   done
+  ca_dir=/usr/local/share/ca-certificates
+  mkdir -p $ca_dir
+  cert_file="${CERTS_DIR}/${dom}_ecc/${dom}"
+  if [ -f "${cert_file}.cer" ]; then
+    cp -f "${cert_file}.cer" "${target}.cer"
+  fi
+  if [ -f "${cert_file}.key" ]; then
+    cp -f "${cert_file}.key" "${target}.key"
+    chmod g+r "${cert_file}.key"
+  fi
 }
 set +e
@@ -49,7 +68,7 @@ if [ "$OWN_SSL" != "" ]; then
 fi
 if [ "$ACME_DIR" = "" ]; then
-  export ACME_DIR=/usr/share/acme
+  export ACME_DIR=/etc/drumee/certs/acme
 fi
 if [ ! -d $ACME_DIR ]; then
@@ -63,8 +82,8 @@ failed=0
 ./acme.sh --register-account -m $ACME_EMAIL_ACCOUNT --home $ACME_DIR  --config-home $ACME_DIR/configs --cert-home $CERTS_DIR
-make_certs $DRUMEE_DOMAIN_NAME
-make_certs $JITSI_DOMAIN
+make_certs $DRUMEE_DOMAIN_NAME $ACME_ENV_FILE
+make_certs $JITSI_DOMAIN $ACME_ENV_FILE
 usermod -a -G $DRUMEE_SYSTEM_GROUP prosody
 usermod -a -G $DRUMEE_SYSTEM_GROUP jvb

package/bin/init-named CHANGED Viewed

@@ -22,6 +22,6 @@ fi
 chown -R bind:bind /etc/bind
 echo Restarting named
-service named restart
+service named start
 echo "DNS server has been successfuly setup!"

package/bin/install CHANGED Viewed

@@ -6,10 +6,21 @@ script_dir=$(dirname $(readlink -f $0))
 export base=$(dirname $script_dir)
-$base/bin/init-mail $DRUMEE_DOMAIN_NAME
-# Write configs
+export PUBLIC_DOMAIN=$DRUMEE_DOMAIN_NAME
+if [ "$PUBLIC_DOMAIN" != "" ]; then
+  $base/bin/init-mail $DRUMEE_DOMAIN_NAME$PUBLIC_DOMAIN
+fi
+# Generate all the required settings
 node $base/index.js
+if [ ! -e /etc/drumee/drumee.sh ]; then
+  echo "Setup has failed"
+  exit 1
+fi
 source /etc/drumee/drumee.sh
 if [ -d /etc/cron.d/drumee ]; then
@@ -30,6 +41,8 @@ for d in mfs tmp; do
 done
+set +e
 LOG_DIR=$DRUMEE_SERVER_HOME/.pm2/logs
 touch $DRUMEE_DATA_DIR/mfs/dont-remove-this-dir
@@ -44,10 +57,21 @@ protect_dir $DRUMEE_SERVER_HOME
 protect_dir $DRUMEE_EXPORT_DIR
 protect_dir $DRUMEE_IMPORT_DIR
-$base/bin/init-named
-$base/bin/init-acme
+if [ "$ACME_ENV_FILE" = "" -o  ! -f "$ACME_ENV_FILE" ]; then
+  $base/bin/init-named
+fi
+if [ "$PRIVATE_DOMAIN" != "" ]; then
+  $base/bin/create-local-certs
+fi
+if [ "$PUBLIC_DOMAIN" != "" ]; then
+  $base/bin/init-acme
+fi
 setup_dirs
 setup_prosody
 crontab  < /etc/cron.d/drumee

package/bin/prosody CHANGED Viewed

@@ -3,25 +3,26 @@
 source /etc/drumee/drumee.sh
 source /etc/prosody/defaults/credentials.sh
-set +e
 #-------------------
 function setup_dirs() {
   echo Configuring directories permissions
-  ca_dir=/usr/local/share/ca-certificates
-  mkdir -p $ca_dir
+  # ca_dir=/usr/local/share/ca-certificates
+  # mkdir -p $ca_dir
-  cert_file="${CERTS_DIR}/${JITSI_DOMAIN}_ecc/${JITSI_DOMAIN}"
-  target="${ca_dir}/auth.${JITSI_DOMAIN}"
+  # cert_file="${CERTS_DIR}/${JITSI_DOMAIN}_ecc/${JITSI_DOMAIN}"
+  # target="${ca_dir}/auth.${JITSI_DOMAIN}"
-  if [ -f "${cert_file}.cer" ]; then
-    ln -sf "${cert_file}.cer" "${target}.cer"
-  fi
+  # if [ -f "${cert_file}.cer" ]; then
+  #   cp -f "${cert_file}.cer" "${target}.cer"
+  # fi
-  if [ -f "${cert_file}.key" ]; then
-    chmod g+r "${cert_file}.key"
-    ln -sf "${cert_file}.key" "${target}.key"
-  fi
+  # if [ -f "${cert_file}.key" ]; then
+  #   chmod g+r "${cert_file}.key"
+  #   cp -f "${cert_file}.key" "${target}.key"
+  # fi
+  # update-ca-certificates
   mkdir -p $DRUMEE_RUNTIME_DIR/prosody
   chown -R prosody:prosody $DRUMEE_RUNTIME_DIR/prosody
@@ -73,6 +74,14 @@ function setup_prosody() {
   addUser jvb $JVB_PASSWORD $auth_host
   addUser $APP_ID $APP_PASSWORD $JITSI_DOMAIN
+  if [ -f  /etc/jitsi/videobridge/jvb.public.conf ]; then
+    ln -sf /etc/jitsi/videobridge/jvb.public.conf /etc/jitsi/videobridge/jvb.conf
+  else
+    if [ -f  /etc/jitsi/videobridge/jvb.private.conf ]; then
+      ln -sf /etc/jitsi/videobridge/jvb.private.conf /etc/jitsi/videobridge/jvb.conf
+    fi
+  fi
   pub_ip=$(grep public-address /etc/jitsi/videobridge/jvb.conf | awk '{print $3}' | sed -e s/\"//g)
   if [ "$pub_ip" != "" ]; then
     o=$(grep ${pub_ip} /etc/hosts)