env: Pass superuser credentials in the environment

Allows the credentials to be passed via the environment in order
that the application can create the user on start up.

Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>

compose/services.yml

@@ -53,6 +53,8 @@ services:
       VPN_HOST: vpn.${OPENBALENA_HOST_NAME}
       VPN_PORT: 443
       VPN_SERVICE_API_KEY: ${OPENBALENA_VPN_SERVICE_API_KEY}
+      SUPERUSER_EMAIL: ${OPENBALENA_SUPERUSER_EMAIL}
+      SUPERUSER_PASSWORD: ${OPENBALENA_SUPERUSER_PASSWORD}
 
   registry:
     extends:

scripts/make-env

@@ -19,7 +19,7 @@ usage() {
   echo
 }
 
-for var in DOMAIN ROOT_CA ROOT_CRT ROOT_KEY JWT_CRT JWT_KEY JWT_KID VPN_CA VPN_CRT VPN_KEY VPN_DH; do
+for var in DOMAIN ROOT_CA ROOT_CRT ROOT_KEY JWT_CRT JWT_KEY JWT_KID VPN_CA VPN_CRT VPN_KEY VPN_DH SUPERUSER_EMAIL SUPERUSER_PASSWORD; do
   if [ -z "${!var-}" ]; then
     usage
     exit 1
@@ -85,4 +85,6 @@ export OPENBALENA_API_VPN_SERVICE_API_KEY=$(randstr 32)
 export OPENBALENA_REGISTRY_SECRET_KEY=$(randstr 32)
 export OPENBALENA_SSH_AUTHORIZED_KEYS=
 export NODE_EXTRA_CA_CERTS="$ROOT_CA"
+export OPENBALENA_SUPERUSER_EMAIL=$SUPERUSER_EMAIL
+export OPENBALENA_SUPERUSER_PASSWORD=$SUPERUSER_PASSWORD
 STR

scripts/quickstart

@@ -9,20 +9,24 @@ CERTS_DIR="${CONFIG_DIR}/certs"
 DOMAIN=openbalena.local
 
 usage() {
-  echo "usage: $0 [-h] [-p] [-d DOMAIN]"
+  echo "usage: $0 [-h] [-p] [-d DOMAIN] -U EMAIL -P PASSWORD"
   echo
   echo "  -p           patch hosts - patch the host /etc/hosts file"
   echo "  -d DOMAIN    the domain name this deployment will run as, eg. example.com. Default is 'openbalena.local'"
+  echo "  -U EMAIL     the email address of the superuser account, used to login to your install from the Balena CLI"
+  echo "  -P PASSWORD  the password to use for the superuser account."
   echo
 }
 
 show_help=false
 patch_hosts=false
-while getopts ":hpd:" opt; do
+while getopts ":hpd:U:P:" opt; do
   case "${opt}" in
     h) show_help=true;;
     p) patch_hosts=true;;
     d) DOMAIN="${OPTARG}";;
+    U) SUPERUSER_EMAIL="${OPTARG}";;
+    P) SUPERUSER_PASSWORD="${OPTARG}";;
     *)
       echo "Invalid argument: -${OPTARG}"
       usage
@@ -32,6 +36,11 @@ while getopts ":hpd:" opt; do
 done
 shift $((OPTIND-1))
 
+if [ -z "${SUPERUSER_EMAIL}" ] || [ -z "${SUPERUSER_PASSWORD}" ]; then
+  usage
+  exit 1
+fi
+
 if [ "$show_help" = "true" ]; then
   usage
   exit 1