From e585228dd5ddfe7a735d9ba00bdaab3fc4474af5 Mon Sep 17 00:00:00 2001
From: Jamil <jamilbk@users.noreply.github.com>
Date: Thu, 27 Oct 2022 13:58:14 -0700
Subject: [PATCH] Fix CADDY_OPTS (#1065)

* Fix CADDY_OPTS

* bootstrapDB no matter what
---
 scripts/docker_migrate.sh | 40 +++++++++++++++++++++++++++++++--------
 scripts/install.sh        | 13 ++++++++-----
 2 files changed, 40 insertions(+), 13 deletions(-)

diff --git a/scripts/docker_migrate.sh b/scripts/docker_migrate.sh
index ba75fcedd..8d376c308 100755
--- a/scripts/docker_migrate.sh
+++ b/scripts/docker_migrate.sh
@@ -52,6 +52,18 @@ prompt () {
   esac
 }
 
+promptACME() {
+  read -p "Would you like to enable automatic SSL cert provisioning? Requires a valid DNS record and port 80 to be reachable. (Y/n): " acme
+  case $acme in
+    n|N)
+      caddyOpts="--internal-certs"
+      ;;
+    *)
+      caddyOpts=""
+      ;;
+  esac
+}
+
 condIns () {
   dir=$1
   file=$2
@@ -80,6 +92,10 @@ promptInstallDir() {
 migrate () {
   export FZ_INSTALL_DIR=$installDir
   promptInstallDir
+
+  caddyOpts=""
+  promptACME
+
   env_files=/opt/firezone/service/phoenix/env
 
   if ! test -f $installDir/docker-compose.yml; then
@@ -149,6 +165,9 @@ migrate () {
   condIns $env_files "CONNECTIVITY_CHECKS_ENABLED"
   condIns $env_files "CONNECTIVITY_CHECKS_INTERVAL"
 
+  # Add caddy opts
+  echo "CADDY_OPTS=$caddyOpts" >> $installDir/.env
+
   # optional vars
   if test -f $env_files/DATABASE_PASSWORD; then
     db_pass=$(cat $env_files/DATABASE_PASSWORD)
@@ -168,27 +187,21 @@ doDumpLoad () {
   db_port=$(cat /opt/firezone/service/phoenix/env/DATABASE_PORT)
   db_name=$(cat /opt/firezone/service/phoenix/env/DATABASE_NAME)
   db_user=$(cat /opt/firezone/service/phoenix/env/DATABASE_USER)
+
   /opt/firezone/embedded/bin/pg_dump -h $db_host -p $db_port -d $db_name -U $db_user > $installDir/firezone_omnibus_backup.sql
 
   echo "Loading existing database into docker..."
-  DATABASE_PASSWORD=$db_pass $dc -f $installDir/docker-compose.yml up -d postgres
-  sleep 5
-  $dc -f $installDir/docker-compose.yml exec postgres psql -U postgres -h 127.0.0.1 -c "ALTER ROLE postgres WITH PASSWORD '${db_pass}'"
-  $dc -f $installDir/docker-compose.yml exec postgres dropdb -U postgres -h 127.0.0.1 --if-exists $db_name
-  $dc -f $installDir/docker-compose.yml exec postgres createdb -U postgres -h 127.0.0.1 $db_name
   $dc -f $installDir/docker-compose.yml exec -T postgres psql -U postgres -h 127.0.0.1 -d $db_name < $installDir/firezone_omnibus_backup.sql
   rm $installDir/firezone_omnibus_backup.sql
 }
 
 dumpLoadDb () {
-  echo "Would you like Firezone to attempt to migrate your existing database to Dockerized Postgres too?"
+  echo "Would you like Firezone to attempt to migrate your existing database data to Dockerized Postgres too?"
   echo "We only recommend this for Firezone installations using the default bundled Postgres."
   read -p "Proceed? (Y/n): " dumpLoad
 
   case $dumpLoad in
     n|N)
-      echo "Aborted"
-      exit
       ;;
     *)
       doDumpLoad
@@ -236,8 +249,19 @@ EOF
   esac
 }
 
+bootstrapDb () {
+  echo "Bootstrapping DB..."
+  db_name=$(cat /opt/firezone/service/phoenix/env/DATABASE_NAME)
+  DATABASE_PASSWORD=$db_pass $dc -f $installDir/docker-compose.yml up -d postgres
+  sleep 5
+  $dc -f $installDir/docker-compose.yml exec postgres psql -U postgres -h 127.0.0.1 -c "ALTER ROLE postgres WITH PASSWORD '${db_pass}'"
+  $dc -f $installDir/docker-compose.yml exec postgres dropdb -U postgres -h 127.0.0.1 --if-exists $db_name
+  $dc -f $installDir/docker-compose.yml exec postgres createdb -U postgres -h 127.0.0.1 $db_name
+}
+
 curlCheck
 dockerCheck
 prompt
+bootstrapDb
 dumpLoadDb
 printSuccess
diff --git a/scripts/install.sh b/scripts/install.sh
index 860538109..cabbf9a96 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -95,10 +95,10 @@ promptACME() {
   read -p "Would you like to enable automatic SSL cert provisioning? Requires a valid DNS record and port 80 to be reachable. (Y/n): " acme
   case $acme in
     n|N)
-      export CADDY_OPTS="--internal-certs"
+      caddyOpts="--internal-certs"
       ;;
     *)
-      export CADDY_OPTS=""
+      caddyOpts=""
       ;;
   esac
 }
@@ -114,9 +114,11 @@ firezoneSetup() {
   sed -i.bak "s/ADMIN_EMAIL=.*/ADMIN_EMAIL=$1/" "$installDir/.env"
   sed -i.bak "s~EXTERNAL_URL=.*~EXTERNAL_URL=$2~" "$installDir/.env"
   sed -i.bak "s/DATABASE_PASSWORD=.*/DATABASE_PASSWORD=$db_pass/" "$installDir/.env"
+  echo "CADDY_OPTS=$3" >> "$installDir/.env"
 
-  echo "UID=$(id -u)" >> $installDir/.env
-  echo "GID=$(id -g)" >> $installDir/.env
+  # XXX: This causes perms issues on macOS with postgres
+  # echo "UID=$(id -u)" >> $installDir/.env
+  # echo "GID=$(id -g)" >> $installDir/.env
 
   # Set DATABASE_PASSWORD explicitly here in case the user has this var set in their shell
   DATABASE_PASSWORD=$db_pass $dc -f $installDir/docker-compose.yml up -d postgres
@@ -180,13 +182,14 @@ main() {
   adminUser=""
   externalUrl=""
   defaultInstallDir="$HOME/.firezone"
+  caddyOpts=""
   promptEmail "Enter the administrator email you'd like to use for logging into this Firezone instance: "
   promptInstallDir "Enter the desired installation directory ($defaultInstallDir): "
   promptExternalUrl "Enter the external URL that will be used to access this instance. ($defaultExternalUrl): "
   promptACME
   promptContact
   read -p "Press <ENTER> to install or Ctrl-C to abort."
-  firezoneSetup $adminUser $externalUrl
+  firezoneSetup $adminUser $externalUrl $caddyOpts
 }
 
 dockerCheck