diff --git a/.dockerignore b/.dockerignore index e6e2c5d13..883f032a7 100644 --- a/.dockerignore +++ b/.dockerignore @@ -9,3 +9,5 @@ apps/fg_vpn/_build **/cover docs + +.DS_Store diff --git a/pkg/Dockerfile.ubuntu_18.04 b/pkg/Dockerfile.ubuntu_18.04 index a202b10a0..3b54d8797 100644 --- a/pkg/Dockerfile.ubuntu_18.04 +++ b/pkg/Dockerfile.ubuntu_18.04 @@ -65,5 +65,6 @@ RUN mix release RUN mkdir -p pkg/$PKG_DIR/opt RUN mv _build/prod/rel/firezone pkg/$PKG_DIR/opt/firezone +RUN ls -lR pkg/$PKG_DIR + RUN cd pkg && dpkg-deb --build $PKG_DIR -RUN lintian pkg/$PKG_DIR.deb diff --git a/pkg/ubuntu_18.04_amd64/DEBIAN/changelog b/pkg/ubuntu_18.04_amd64/DEBIAN/changelog index 48a837e1e..831de16be 100644 --- a/pkg/ubuntu_18.04_amd64/DEBIAN/changelog +++ b/pkg/ubuntu_18.04_amd64/DEBIAN/changelog @@ -1,3 +1,3 @@ firezone (0.2.0ubuntu1) bionic; urgency=low - * initial release 🥳 + * initial release diff --git a/pkg/ubuntu_18.04_amd64/DEBIAN/postinst b/pkg/ubuntu_18.04_amd64/DEBIAN/postinst index 2dc5b1424..46a141bcb 100755 --- a/pkg/ubuntu_18.04_amd64/DEBIAN/postinst +++ b/pkg/ubuntu_18.04_amd64/DEBIAN/postinst @@ -20,34 +20,53 @@ else useradd --system firezone fi -# Generate app secrets -live_view_signing_salt="$(openssl rand -base64 24)" -secret_key_base="$(openssl rand -base64 48)" +hostname=$(hostname) + +# Create role if not exists db_user=firezone - -# base64 includes forward slashes which are problematic in the -# db_url connect string, so use hex. db_password="$(openssl rand -hex 16)" +res=$(su postgres -c "psql -c \"SELECT 1 FROM pg_roles WHERE rolname = '${db_user}';\"") +if [[ $res == *"0 rows"* ]]; then + su postgres -c "psql -c \"CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';\"" +else + echo "${db_user} role found in DB" +fi -db_key="$(openssl rand -base64 32)" +# Create DB if not exists +db_name=firezone +res=$(su postgres -c "psql -c \"SELECT 1 FROM pg_database WHERE datname = '${db_name}';\"") +if [[ $res == *"0 rows"* ]]; then + su postgres -c "psql -c \"CREATE DATABASE firezone;\" || true" +else + echo "${db_name} exists; not creating" +fi + +su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE firezone to ${db_user};\"" # Setup DB # XXX: Remove || true and detect actual failures -su postgres -c "psql -c \"CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';\" || true" -su postgres -c "psql -c \"CREATE DATABASE firezone;\" || true" -su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE firezone to ${db_user};\" || true" # Write FireZone SSL files mkdir -p /opt/firezone/ssl -hostname=$(hostname) -openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes \ - -keyout /opt/firezone/ssl/key.pem \ - -out /opt/firezone/ssl/cert.pem \ - -days 365 -subj "/CN=${hostname}" +ssl_key_file=/opt/firezone/ssl/key.pem +ssl_cert_file=/opt/firezone/ssl/cert.pem +if [ ! -f $ssl_key_file && ! -f $ssl_cert_file]; then + openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes \ + -keyout $ssl_key_file \ + -out $ssl_cert_file \ + -days 365 -subj "/CN=${hostname}" +else + echo "ssl files exist; not creating" +fi +# Generate app secrets +live_view_signing_salt="$(openssl rand -base64 24)" +secret_key_base="$(openssl rand -base64 48)" +db_key="$(openssl rand -base64 32)" wg genkey > /opt/firezone/server.key # Write FireZone config files +if [ ! -f /opt/firezone/config.env ]; then cat <> /opt/firezone/config.env # This file is loaded into FireZone's Environment upon launch to configure it. @@ -98,6 +117,9 @@ SSL_KEY_FILE=/opt/firezone/ssl/key.pem # users via the CLI. DISABLE_SIGNUP=yes EOT +else + echo "config file exists; not creating" +fi # Set perms chown -R firezone:root /opt/firezone diff --git a/pkg/ubuntu_18.04_arm64/DEBIAN/changelog b/pkg/ubuntu_18.04_arm64/DEBIAN/changelog index 48a837e1e..831de16be 100644 --- a/pkg/ubuntu_18.04_arm64/DEBIAN/changelog +++ b/pkg/ubuntu_18.04_arm64/DEBIAN/changelog @@ -1,3 +1,3 @@ firezone (0.2.0ubuntu1) bionic; urgency=low - * initial release 🥳 + * initial release diff --git a/pkg/ubuntu_20.04_amd64/DEBIAN/changelog b/pkg/ubuntu_20.04_amd64/DEBIAN/changelog index 48a837e1e..9ba56fa91 100644 --- a/pkg/ubuntu_20.04_amd64/DEBIAN/changelog +++ b/pkg/ubuntu_20.04_amd64/DEBIAN/changelog @@ -1,3 +1,3 @@ -firezone (0.2.0ubuntu1) bionic; urgency=low +firezone (0.2.0ubuntu1) trusty; urgency=low - * initial release 🥳 + * initial release diff --git a/pkg/ubuntu_20.04_arm64/DEBIAN/changelog b/pkg/ubuntu_20.04_arm64/DEBIAN/changelog index 48a837e1e..9ba56fa91 100644 --- a/pkg/ubuntu_20.04_arm64/DEBIAN/changelog +++ b/pkg/ubuntu_20.04_arm64/DEBIAN/changelog @@ -1,3 +1,3 @@ -firezone (0.2.0ubuntu1) bionic; urgency=low +firezone (0.2.0ubuntu1) trusty; urgency=low - * initial release 🥳 + * initial release