idempotency for postinst

.dockerignore

@@ -9,3 +9,5 @@ apps/fg_vpn/_build
 **/cover
 
 docs
+
+.DS_Store

pkg/Dockerfile.ubuntu_18.04

@@ -65,5 +65,6 @@ RUN mix release
 RUN mkdir -p pkg/$PKG_DIR/opt
 RUN mv _build/prod/rel/firezone pkg/$PKG_DIR/opt/firezone
 
+RUN ls -lR pkg/$PKG_DIR
+
 RUN cd pkg && dpkg-deb --build $PKG_DIR
-RUN lintian pkg/$PKG_DIR.deb

pkg/ubuntu_18.04_amd64/DEBIAN/changelog

@@ -1,3 +1,3 @@
 firezone (0.2.0ubuntu1) bionic; urgency=low
 
-  * initial release 🥳
+  * initial release

pkg/ubuntu_18.04_amd64/DEBIAN/postinst

@@ -20,34 +20,53 @@ else
   useradd --system firezone
 fi
 
-# Generate app secrets
-live_view_signing_salt="$(openssl rand -base64 24)"
-secret_key_base="$(openssl rand -base64 48)"
+hostname=$(hostname)
+
+# Create role if not exists
 db_user=firezone
-
-# base64 includes forward slashes which are problematic in the
-# db_url connect string, so use hex.
 db_password="$(openssl rand -hex 16)"
+res=$(su postgres -c "psql -c \"SELECT 1 FROM pg_roles WHERE rolname = '${db_user}';\"")
+if [[ $res == *"0 rows"* ]]; then
+  su postgres -c "psql -c \"CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';\""
+else
+  echo "${db_user} role found in DB"
+fi
 
-db_key="$(openssl rand -base64 32)"
+# Create DB if not exists
+db_name=firezone
+res=$(su postgres -c "psql -c \"SELECT 1 FROM pg_database WHERE datname = '${db_name}';\"")
+if [[ $res == *"0 rows"* ]]; then
+  su postgres -c "psql -c \"CREATE DATABASE firezone;\" || true"
+else
+  echo "${db_name} exists; not creating"
+fi
+
+su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE firezone to ${db_user};\""
 
 # Setup DB
 # XXX: Remove || true and detect actual failures
-su postgres -c "psql -c \"CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';\" || true"
-su postgres -c "psql -c \"CREATE DATABASE firezone;\" || true"
-su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE firezone to ${db_user};\" || true"
 
 # Write FireZone SSL files
 mkdir -p /opt/firezone/ssl
-hostname=$(hostname)
-openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes \
-    -keyout /opt/firezone/ssl/key.pem \
-    -out /opt/firezone/ssl/cert.pem \
-    -days 365 -subj "/CN=${hostname}"
+ssl_key_file=/opt/firezone/ssl/key.pem
+ssl_cert_file=/opt/firezone/ssl/cert.pem
+if [ ! -f $ssl_key_file && ! -f $ssl_cert_file]; then
+  openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes \
+      -keyout $ssl_key_file \
+      -out $ssl_cert_file \
+      -days 365 -subj "/CN=${hostname}"
+else
+  echo "ssl files exist; not creating"
+fi
 
+# Generate app secrets
+live_view_signing_salt="$(openssl rand -base64 24)"
+secret_key_base="$(openssl rand -base64 48)"
+db_key="$(openssl rand -base64 32)"
 wg genkey > /opt/firezone/server.key
 
 # Write FireZone config files
+if [ ! -f /opt/firezone/config.env ]; then
 cat <<EOT >> /opt/firezone/config.env
 # This file is loaded into FireZone's Environment upon launch to configure it.
 
@@ -98,6 +117,9 @@ SSL_KEY_FILE=/opt/firezone/ssl/key.pem
 # users via the CLI.
 DISABLE_SIGNUP=yes
 EOT
+else
+  echo "config file exists; not creating"
+fi
 
 # Set perms
 chown -R firezone:root /opt/firezone

pkg/ubuntu_18.04_arm64/DEBIAN/changelog

@@ -1,3 +1,3 @@
 firezone (0.2.0ubuntu1) bionic; urgency=low
 
-  * initial release 🥳
+  * initial release

pkg/ubuntu_20.04_amd64/DEBIAN/changelog

@@ -1,3 +1,3 @@
-firezone (0.2.0ubuntu1) bionic; urgency=low
+firezone (0.2.0ubuntu1) trusty; urgency=low
 
-  * initial release 🥳
+  * initial release

pkg/ubuntu_20.04_arm64/DEBIAN/changelog

@@ -1,3 +1,3 @@
-firezone (0.2.0ubuntu1) bionic; urgency=low
+firezone (0.2.0ubuntu1) trusty; urgency=low
 
-  * initial release 🥳
+  * initial release