ExternalVendorCode/open-balena
1
0
Fork 0
mirror of https://github.com/balena-io/open-balena.git synced 2024-12-19 05:37:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
55f60c60d2
open-balena/scripts/make-env
Rich Bayliss 55f60c60d2
env: Pass superuser credentials in the environment 
Allows the credentials to be passed via the environment in order
that the application can create the user on start up.

Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
2018-11-07 10:10:26 +00:00

91 lines
2.6 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash -e
usage() {
echo "usage: $0"
echo
echo "Required Variables:"
echo
echo " DOMAIN"
echo " ROOT_CA Path to root CA certificate"
echo " ROOT_CRT Path to root/wildcard certificate"
echo " ROOT_KEY Path to root/wildcard private key"
echo " JWT_CRT Path to Token Auth certificate"
echo " JWT_KEY Path to Token Auth private key"
echo " JWT_KID Path to KeyID for the Token Auth certificate"
echo " VPN_CA Path to the VPN sub-CA certificate"
echo " VPN_CRT Path to the VPN server certificate"
echo " VPN_KEY Path to the VPN server private key"
echo " VPN_DH Path to the VPN server Diffie Hellman parameters"
echo
}
for var in DOMAIN ROOT_CA ROOT_CRT ROOT_KEY JWT_CRT JWT_KEY JWT_KID VPN_CA VPN_CRT VPN_KEY VPN_DH SUPERUSER_EMAIL SUPERUSER_PASSWORD; do
if [ -z "${!var-}" ]; then
usage
exit 1
fi
done
randstr() {
LC_CTYPE=C tr -dc A-Za-z0-9 < /dev/urandom | fold -w "${1:-32}" | head -n 1
}
b64encode() {
cat "$@" | base64 --wrap=0 2>/dev/null || cat "$@" | base64 --break=0
}
VPN_CONFIG=$(b64encode <<STR
client
remote vpn.$DOMAIN 443
resolv-retry infinite
remote-cert-tls server
ca /etc/openvpn/ca.crt
auth-user-pass /var/volatile/vpn-auth
auth-retry none
script-security 2
up /etc/openvpn-misc/upscript.sh
up-restart
down /etc/openvpn-misc/downscript.sh
comp-lzo
dev resin-vpn
dev-type tun
proto tcp
nobind
persist-key
persist-tun
verb 3
user openvpn
group openvpn
STR
)
cat <<STR
export OPENBALENA_PRODUCTION_MODE=false
export OPENBALENA_COOKIE_SESSION_SECRET=$(randstr 32)
export OPENBALENA_HOST_NAME=$DOMAIN
export OPENBALENA_JWT_SECRET=$(randstr 32)
export OPENBALENA_RESINOS_REGISTRY_CODE=$(randstr 32)
export OPENBALENA_ROOT_CA=$(b64encode "$ROOT_CA")
export OPENBALENA_ROOT_CRT=$(b64encode "${ROOT_CRT}")
export OPENBALENA_ROOT_KEY=$(b64encode "${ROOT_KEY}")
export OPENBALENA_TOKEN_AUTH_BUILDER_TOKEN=$(randstr 64)
export OPENBALENA_TOKEN_AUTH_PUB=$(b64encode "$JWT_CRT")
export OPENBALENA_TOKEN_AUTH_KEY=$(b64encode "$JWT_KEY")
export OPENBALENA_TOKEN_AUTH_KID=$(b64encode "$JWT_KID")
export OPENBALENA_VPN_CA=$(b64encode "$VPN_CA")
export OPENBALENA_VPN_CONFIG=$VPN_CONFIG
export OPENBALENA_VPN_SERVER_CRT=$(b64encode "$VPN_CRT")
export OPENBALENA_VPN_SERVER_KEY=$(b64encode "$VPN_KEY")
export OPENBALENA_VPN_SERVER_DH=$(b64encode "$VPN_DH")
export OPENBALENA_VPN_SERVICE_API_KEY=$(randstr 32)
export OPENBALENA_API_VPN_SERVICE_API_KEY=$(randstr 32)
export OPENBALENA_REGISTRY_SECRET_KEY=$(randstr 32)
export OPENBALENA_SSH_AUTHORIZED_KEYS=
export NODE_EXTRA_CA_CERTS="$ROOT_CA"
export OPENBALENA_SUPERUSER_EMAIL=$SUPERUSER_EMAIL
export OPENBALENA_SUPERUSER_PASSWORD=$SUPERUSER_PASSWORD
STR
Reference in New Issue View Git Blame Copy Permalink