From b0c14528321a75b14d11d46488f631c44156e040 Mon Sep 17 00:00:00 2001 From: Matthew Hodgson Date: Fri, 8 Nov 2024 10:30:38 +0000 Subject: [PATCH] setup script --- setup.sh | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 setup.sh diff --git a/setup.sh b/setup.sh new file mode 100644 index 0000000..66a3d55 --- /dev/null +++ b/setup.sh @@ -0,0 +1,51 @@ +#!/bin/bash + +# set up data & secrets dir with the right ownerships in the default location +# to stop docker autocreating them with random owners. +# originally these were checked into the git repo, but that's pretty ugly, so doing it here instead. +mkdir -p data/{element-{web,call},livekit,mas,nginx/{ssl,www,conf.d},postgres,synapse} +mkdir -p secrets/{livekit,postgres,synapse} + +# create blank secrets to avoid docker creating empty directories in the host +touch secrets/livekit/livekit_{api,secret}_key \ + secrets/postgres/postgres_password \ + secrets/synapse/signing.key + +# grab an env if we don't have one already +if [[ ! -e .env ]]; then + cp .env-sample .env + + sed -ir s/^USER_ID=/USER_ID=$(id -u)/ .env + sed -ir s/^GROUP_ID=/GROUP_ID=$(id -g)/ .env + + read -p "Enter base domain name (e.g. example.com): " DOMAIN + sed -ir s/^example.com/$DOMAIN/ .env + + # SSL setup + mkdir -p data/ssl + read -p "Use local mkcert CA for SSL? [y/n]" use_mkcert + if [[ use_mkcert =~ ^[Yy]$ ]]; then + if [[ ! -x mkcert ]]; then + echo "Please install mkcert from brew/apt/yum etc" + exit + fi + mkcert -install + mkcert $DOMAIN '*.'$DOMAIN + mv ${DOMAIN}+1.pem data/ssl/fullchain.pem + mv ${DOMAIN}+1-key.pem data/ssl/privkey.pem + cp "$(mkcert -CAROOT)"/rootCA.pem data/ssl/ca-certificates.crt + # borrow letsencrypt's SSL config + curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "data/ssl/options-ssl-nginx.conf" + curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "data/ssl/ssl-dhparams.pem" + else + read -p "Use letsencrypt for SSL? [y/n]" use_letsencrypt + if [[ use_letsencrypt =~ ^[Yy]$ ]]; then + mkdir -p data/certbot/{conf,www} + ln -s data/ssl data/certbot/conf/live/$DOMAIN + touch data/ssl/ca-certificates.crt # will get overwritten by init-letsencrypt.sh + exec scripts/init-letsencrypt.sh + else + echo "Please put a valid {privkey,fullchain}.pem and ca-certificates.crt into data/ssl/" + fi + fi +fi