mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-05 09:26:27 +00:00
487 lines
13 KiB
Bash
Executable file
487 lines
13 KiB
Bash
Executable file
#!/bin/bash
|
||
|
||
setup_ldap() {
|
||
apt-get -y install slapd
|
||
|
||
echo "Hashing the LDAP password..."
|
||
hashed_ldap_passwd=$(slappasswd -s $1)
|
||
|
||
echo $hashed_ldap_passwd
|
||
echo "Building the LDAP config files"
|
||
sed 's|dc=example,dc=org|'"$2"'|g' install_utils/db.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db
|
||
sed 's|dc=example,dc=org|'"$2"'|g' install_utils/schema.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema
|
||
|
||
echo "Deleting exisitng LDAP configuration"
|
||
service slapd stop
|
||
rm -rf /etc/ldap/slapd.d/*
|
||
rm -rf /var/lib/ldap/*
|
||
|
||
echo "Setting up the new LDAP configuration"
|
||
slapadd -n 0 -l /tmp/schema -F /etc/ldap/slapd.d/
|
||
slapadd -n 1 -l /tmp/db
|
||
|
||
echo "Fixing the LDAP files permissions and restarting slapd"
|
||
chown -R openldap:openldap /etc/ldap/slapd.d
|
||
chown -R openldap:openldap /var/lib/ldap
|
||
service slapd start
|
||
}
|
||
|
||
|
||
install_re2o_server() {
|
||
echo "Re2o setup !
|
||
This tool will help you setup re2o. It is highly recommended to use a Debian clean server for this operation.
|
||
Installing sudo and dialog packages..."
|
||
|
||
export DEBIAN_FRONTEND=noninteractive
|
||
|
||
apt-get -y install sudo dialog
|
||
|
||
HEIGHT=15
|
||
WIDTH=40
|
||
CHOICE_HEIGHT=4
|
||
|
||
TITLE="Re2o setup !"
|
||
MSGBOX="This tool will help you setup re2o. It is highly recommended to use a Debian clean server for this operation."
|
||
init=$(dialog --clear \
|
||
--title "$TITLE" \
|
||
--msgbox "$MSGBOX" \
|
||
$HEIGHT $WIDTH \
|
||
2>&1 >/dev/tty)
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
BACKTITLE="Re2o preconfiguration of the database"
|
||
MENU="Choose an option"
|
||
TITLE="Database engine"
|
||
OPTIONS=(1 "mysql"
|
||
2 "postgresql")
|
||
sql_bdd_type=$(dialog --clear \
|
||
--backtitle "$BACKTITLE" \
|
||
--title "$TITLE" \
|
||
--menu "$MENU" \
|
||
$HEIGHT $WIDTH $CHOICE_HEIGHT \
|
||
"${OPTIONS[@]}" \
|
||
2>&1 >/dev/tty)
|
||
|
||
clear
|
||
|
||
|
||
|
||
|
||
|
||
TITLE="Local extension to use (ex : example.net)"
|
||
|
||
extension_locale=$(dialog --title "$TITLE" \
|
||
--backtitle "$BACKTITLE" \
|
||
--inputbox "$TITLE" \
|
||
$HEIGHT $WIDTH \
|
||
2>&1 >/dev/tty)
|
||
clear
|
||
|
||
IFS='.' read -a extension_locale_array <<< $extension_locale
|
||
|
||
|
||
for i in "${extension_locale_array[@]}"
|
||
do
|
||
ldap_dn+="dc=$i,"
|
||
done
|
||
ldap_dn=${ldap_dn::-1}
|
||
echo $ldap_dn
|
||
|
||
|
||
|
||
|
||
|
||
TITLE="SQL database location"
|
||
OPTIONS=(1 "Local"
|
||
2 "Remote")
|
||
|
||
sql_is_local=$(dialog --clear \
|
||
--backtitle "$BACKTITLE" \
|
||
--title "$TITLE" \
|
||
--menu "$MENU" \
|
||
$HEIGHT $WIDTH $CHOICE_HEIGHT \
|
||
"${OPTIONS[@]}" \
|
||
2>&1 >/dev/tty)
|
||
|
||
clear
|
||
|
||
TITLE="SQL database password"
|
||
|
||
sql_password=$(dialog --title "$TITLE" \
|
||
--backtitle "$BACKTITLE" \
|
||
--inputbox "$TITLE" $HEIGHT $WIDTH \
|
||
2>&1 >/dev/tty)
|
||
clear
|
||
|
||
|
||
if [ $sql_is_local == 2 ]
|
||
then
|
||
TITLE="Username to access the remote SQL database"
|
||
sql_login=$(dialog --title "$TITLE" \
|
||
--backtitle "$BACKTITLE" \
|
||
--inputbox "$TITLE" $HEIGHT $WIDTH \
|
||
2>&1 >/dev/tty)
|
||
clear
|
||
TITLE="Name of the SQL database"
|
||
sql_name=$(dialog --title "$TITLE" \
|
||
--backtitle "$BACKTITLE" \
|
||
--inputbox "$TITLE" $HEIGHT $WIDTH \
|
||
2>&1 >/dev/tty)
|
||
clear
|
||
TITLE="Host of the remote SQL database"
|
||
sql_host=$(dialog --title "$TITLE" \
|
||
--backtitle "$BACKTITLE" \
|
||
--inputbox "$TITLE" $HEIGHT $WIDTH \
|
||
2>&1 >/dev/tty)
|
||
clear
|
||
else
|
||
sql_name="re2o"
|
||
sql_login="re2o"
|
||
sql_host="localhost"
|
||
fi
|
||
|
||
|
||
|
||
|
||
|
||
|
||
BACKTITLE="Re2o preconfiguration of the active directory"
|
||
TITLE="LDAP location"
|
||
OPTIONS=(1 "Local"
|
||
2 "Remote")
|
||
|
||
ldap_is_local=$(dialog --clear \
|
||
--backtitle "$BACKTITLE" \
|
||
--title "$TITLE" \
|
||
--menu "$MENU" \
|
||
$HEIGHT $WIDTH $CHOICE_HEIGHT \
|
||
"${OPTIONS[@]}" \
|
||
2>&1 >/dev/tty)
|
||
|
||
TITLE="LDAP password"
|
||
ldap_password=$(dialog --title "$TITLE" \
|
||
--backtitle "$BACKTITLE" \
|
||
--inputbox "$TITLE" $HEIGHT $WIDTH \
|
||
2>&1 >/dev/tty)
|
||
clear
|
||
if [ $ldap_is_local == 2 ]
|
||
then
|
||
TITLE="CN entry for the admin user of the remote LDAP"
|
||
ldap_cn=$(dialog --title "$TITLE" \
|
||
--backtitle "$BACKTITLE" \
|
||
--inputbox "$TITLE" $HEIGHT $WIDTH \
|
||
2>&1 >/dev/tty)
|
||
clear
|
||
TITLE="Host of the remote LDAP"
|
||
ldap_host=$(dialog --title "$TITLE" \
|
||
--backtitle "$BACKTITLE" \
|
||
--inputbox "$TITLE" $HEIGHT $WIDTH \
|
||
2>&1 >/dev/tty)
|
||
clear
|
||
TITLE="Is the TLS activated ?"
|
||
OPTIONS=(1 "Yes"
|
||
2 "No")
|
||
ldap_tls=$(dialog --title "$TITLE" \
|
||
--backtitle "$BACKTITLE" \
|
||
--MENU "$MENU"\
|
||
$HEIGHT $WIDTH $CHOICE_HEIGHT \
|
||
"${OPTIONS[@]}" \
|
||
2>&1 >/dev/tty)
|
||
clear
|
||
else
|
||
ldap_cn="cn=admin,"
|
||
ldap_cn+=$ldap_dn
|
||
ldap_host="localhost"
|
||
ldap_tls=2
|
||
fi
|
||
|
||
|
||
|
||
|
||
|
||
BACKTITLE="Re2o preconfiguration of the mail server"
|
||
TITLE="Host of the mail server to use"
|
||
email_host=$(dialog --title "$TITLE" \
|
||
--backtitle "$BACKTITLE" \
|
||
--inputbox "$TITLE" \
|
||
$HEIGHT $WIDTH \
|
||
2>&1 >/dev/tty)
|
||
|
||
TITLE="Port of the mail server"
|
||
OPTIONS=(25 "SMTP"
|
||
465 "SMTPS"
|
||
587 "Submission")
|
||
|
||
email_port=$(dialog --clear \
|
||
--backtitle "$BACKTITLE" \
|
||
--title "$TITLE" \
|
||
--menu "$MENU" \
|
||
$HEIGHT $WIDTH $CHOICE_HEIGHT \
|
||
"${OPTIONS[@]}" \
|
||
2>&1 >/dev/tty)
|
||
clear
|
||
|
||
install_base=$(dialog --clear \
|
||
--title "Re2o setup!" \
|
||
--msgbox "Installation des paquets de base" \
|
||
$HEIGHT $WIDTH \
|
||
2>&1 >/dev/tty)
|
||
|
||
|
||
|
||
|
||
echo "Installation des paquets de base"
|
||
apt-get -y install python3-django python3-dateutil texlive-latex-base texlive-fonts-recommended python3-djangorestframework python3-django-reversion python3-pip libsasl2-dev libldap2-dev libssl-dev python3-crypto python3-git libjs-jquery libjs-jquery-uil libjs-jquery-timepicker libjs-bootstrap
|
||
pip3 install django-bootstrap3 django-ldapdb==0.9.0 django-macaddress
|
||
|
||
|
||
|
||
|
||
|
||
echo "SQL Database setup"
|
||
if [ $sql_bdd_type == 1 ]
|
||
then
|
||
apt-get -y install python3-mysqldb mysql-client
|
||
mysql_command="CREATE DATABASE $sql_name collate='utf8_general_ci';
|
||
CREATE USER '$sql_login'@'localhost' IDENTIFIED BY '$sql_password';
|
||
GRANT ALL PRIVILEGES ON $sql_name.* TO '$sql_login'@'localhost';
|
||
FLUSH PRIVILEGES;"
|
||
if [ $sql_is_local == 1 ]
|
||
then
|
||
apt-get -y install mysql-server
|
||
mysql -u root --execute="$mysql_command"
|
||
else
|
||
echo "Please execute the following command on the remote SQL server and then continue"
|
||
echo "$mysql_command"
|
||
while true
|
||
do
|
||
read -p "Continue (y/n)?" choice
|
||
case "$choice" in
|
||
y|Y ) break;;
|
||
n|N ) exit;;
|
||
* ) echo "Invalid";;
|
||
esac
|
||
done
|
||
fi
|
||
else
|
||
apt-get -y install postgresql-client python3-psycopg2
|
||
pgsql_command1="CREATE DATABASE $sql_name ENCODING 'UTF8' LC_COLLATE='fr_FR.UTF-8' LC_CTYPE='fr_FR.UTF-8';"
|
||
pgsql_command2="CREATE USER $sql_login with password '$sql_password';"
|
||
pgsql_command3="ALTER DATABASE $sql_name owner to $sql_login;"
|
||
if [ $sql_is_local == 1 ]
|
||
then
|
||
apt-get -y install postgresql
|
||
sudo -u postgres psql --command="$pgsql_command1"
|
||
sudo -u postgres psql --command="$pgsql_command2"
|
||
sudo -u postgres psql --command="$pgsql_command3"
|
||
else
|
||
echo "Please execute the following commands on the remote SQL server and then continue"
|
||
echo "sudo -u postgres psql $pgsql_command1"
|
||
echo "sudo -u postgres psql $pgsql_command2"
|
||
echo "sudo -u postgres psql $pgsql_command3"
|
||
while true
|
||
do
|
||
read -p "Continue (y/n)?" choice
|
||
case "$choice" in
|
||
y|Y ) break;;
|
||
n|N ) exit;;
|
||
* ) echo "Invalid";;
|
||
esac
|
||
done
|
||
fi
|
||
fi
|
||
|
||
|
||
|
||
|
||
|
||
echo "LDAP setup"
|
||
if [ $ldap_is_local == 1 ]
|
||
then
|
||
setup_ldap $ldap_password $ldap_dn
|
||
else
|
||
TITLE="LDAP server setup"
|
||
MSGBOX="Please manually setup the remote LDAP server by launching the following commands: ./install_re2o.sh ldap $ldap_password $ldap_dn"
|
||
ldap_setup=$(dialog --clear \
|
||
--title "$TITLE" \
|
||
--msgbox "$MSGBOX" \
|
||
$HEIGHT $WIDTH \
|
||
2>&1 >/dev/tty)
|
||
fi
|
||
|
||
|
||
|
||
|
||
|
||
echo "Writing of the settings_local.py file"
|
||
|
||
django_secret_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(50)]))")
|
||
aes_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(32)]))")
|
||
|
||
cp re2o/settings_local.example.py re2o/settings_local.py
|
||
if [ $sql_bdd_type == 1 ]
|
||
then
|
||
sed -i 's/db_engine/django.db.backends.mysql/g' re2o/settings_local.py
|
||
else
|
||
sed -i 's/db_engine/django.db.backends.postgresql_psycopg2/g' re2o/settings_local.py
|
||
fi
|
||
sed -i 's/SUPER_SECRET_KEY/'"$django_secret_key"'/g' re2o/settings_local.py
|
||
sed -i 's/SUPER_SECRET_DB/'"$sql_password"'/g' re2o/settings_local.py
|
||
sed -i 's/A_SECRET_AES_KEY/'"$aes_key"'/g' re2o/settings_local.py
|
||
sed -i 's/db_name_value/'"$sql_name"'/g' re2o/settings_local.py
|
||
sed -i 's/db_user_value/'"$sql_login"'/g' re2o/settings_local.py
|
||
sed -i 's/db_host_value/'"$sql_host"'/g' re2o/settings_local.py
|
||
sed -i 's/ldap_dn/'"$ldap_cn"'/g' re2o/settings_local.py
|
||
if [ $ldap_tls == 2 ]
|
||
then
|
||
sed -i "s/'TLS': True,/# 'TLS': True,#/g" re2o/settings_local.py
|
||
fi
|
||
sed -i 's/SUPER_SECRET_LDAP/'"$ldap_password"'/g' re2o/settings_local.py
|
||
sed -i 's/ldap_host_ip/'"$ldap_host"'/g' re2o/settings_local.py
|
||
sed -i 's/dc=example,dc=org/'"$ldap_dn"'/g' re2o/settings_local.py
|
||
sed -i 's/example.org/'"$extension_locale"'/g' re2o/settings_local.py
|
||
sed -i 's/MY_EMAIL_HOST/'"$email_host"'/g' re2o/settings_local.py
|
||
sed -i 's/MY_EMAIL_PORT/'"$email_port"'/g' re2o/settings_local.py
|
||
|
||
|
||
|
||
|
||
TITLE="Django setup"
|
||
MSGBOX="Applying the Django database migrations"
|
||
migrations=$(dialog --clear \
|
||
--title "$TITLE" \
|
||
--msgbox "$MSGBOX" \
|
||
$HEIGHT $WIDTH \
|
||
2>&1 >/dev/tty)
|
||
|
||
python3 manage.py migrate
|
||
|
||
|
||
|
||
|
||
|
||
|
||
TITLE="Django setup"
|
||
MSGBOX="Collecting statics"
|
||
static=$(dialog --clear \
|
||
--title "$TITLE" \
|
||
--msgbox "$MSGBOX" \
|
||
$HEIGHT $WIDTH \
|
||
2>&1 >/dev/tty)
|
||
|
||
python3 manage.py collectstatic
|
||
|
||
|
||
|
||
|
||
BACKTITLE="Web server"
|
||
TITLE="Web server to use"
|
||
OPTIONS=(1 "apache2"
|
||
2 "nginx")
|
||
|
||
web_serveur=$(dialog --clear \
|
||
--backtitle "$BACKTITLE" \
|
||
--title "$TITLE" \
|
||
--menu "$MENU" \
|
||
$HEIGHT $WIDTH $CHOICE_HEIGHT \
|
||
"${OPTIONS[@]}" \
|
||
2>&1 >/dev/tty)
|
||
|
||
clear
|
||
|
||
TITLE="URL for accessing the web server (e.g. re2o.example.net). Be sure that this URL is accessible and correspond to a DNS entry if applicable."
|
||
url_server=$(dialog --title "$TITLE" \
|
||
--backtitle "$BACKTITLE" \
|
||
--inputbox "$TITLE" \
|
||
$HEIGHT $WIDTH \
|
||
2>&1 >/dev/tty)
|
||
clear
|
||
|
||
TITLE="Activate TLS with Let'Encrypt on the web server ?"
|
||
OPTIONS=(1 "Oui"
|
||
2 "Non")
|
||
|
||
is_tls=$(dialog --clear \
|
||
--backtitle "$BACKTITLE" \
|
||
--title "$TITLE" \
|
||
--menu "$MENU" \
|
||
$HEIGHT $WIDTH $CHOICE_HEIGHT \
|
||
"${OPTIONS[@]}" \
|
||
2>&1 >/dev/tty)
|
||
|
||
clear
|
||
|
||
sed -i 's/URL_SERVER/'"$url_server"'/g' re2o/settings_local.py
|
||
|
||
if [ $web_serveur == 1 ]
|
||
then
|
||
apt-get -y install apache2 libapache2-mod-wsgi-py3
|
||
a2enmod ssl
|
||
a2enmod wsgi
|
||
if [ $is_tls == 1 ]
|
||
then
|
||
cp install_utils/apache2/re2o-tls.conf /etc/apache2/sites-available/re2o.conf
|
||
apt-get -y install certbot
|
||
apt-get -y install python-certbot-apache
|
||
certbot certonly --rsa-key-size 4096 --apache -d $url_server
|
||
sed -i 's/LE_PATH/'"$url_server"'/g' /etc/apache2/sites-available/re2o.conf
|
||
else
|
||
cp install_utils/apache2/re2o.conf /etc/apache2/sites-available/re2o.conf
|
||
fi
|
||
rm /etc/apache2/sites-enabled/000-default.conf
|
||
sed -i 's|URL_SERVER|'"$url_server"'|g' /etc/apache2/sites-available/re2o.conf
|
||
current_path=$(pwd)
|
||
sed -i 's|PATH|'"$current_path"'|g' /etc/apache2/sites-available/re2o.conf
|
||
a2ensite re2o
|
||
service apache2 reload
|
||
else
|
||
TITLE="Web server setup"
|
||
MSGBOX="Nginx non supporté, vous devrez installer manuellement"
|
||
web_server=$(dialog --clear \
|
||
--title "$TITLE" \
|
||
--msgbox "$MSGBOX" \
|
||
$HEIGHT $WIDTH \
|
||
2>&1 >/dev/tty)
|
||
fi
|
||
|
||
python3 manage.py createsuperuser
|
||
|
||
|
||
|
||
|
||
|
||
TITLE="End of the setup"
|
||
MSGBOX="You can now visit $url_server and connect with the credentials you just entered. This user hhas the superuser rights, meaning he can access and do everything."
|
||
end=$(dialog --clear \
|
||
--title "$TITLE" \
|
||
--msgbox "Vous pouvez à présent vous rendre sur $url_server, et vous connecter. Votre utilisateur dispose des privilèges superuser" \
|
||
$HEIGHT $WIDTH \
|
||
2>&1 >/dev/tty)
|
||
}
|
||
|
||
|
||
main_function() {
|
||
if [ ! -z "$1" ]
|
||
then
|
||
if [ $1 == ldap ]
|
||
then
|
||
if [ ! -z "$2" ]
|
||
then
|
||
echo Installation du ldap
|
||
setup_ldap $2 $3
|
||
else
|
||
echo Arguments invalides !
|
||
exit
|
||
fi
|
||
fi
|
||
else
|
||
install_re2o_server
|
||
fi
|
||
}
|
||
|
||
main_function $1 $2 $3
|