#!/usr/bin/env bash script_name="$(basename $(realpath $0))" working_dir="$(dirname $(realpath $0))" #conf_file="${working_dir}/conf/${script_name%%.*}.conf" conf_file="${working_dir}/conf/mattermost.conf" LOCK_DIR="/tmp/$(basename $0).$$.LOCK" log_file="${LOCK_DIR}/${script_name%%.*}.log" backup_date="$(date +%Y-%m-%d-%H%M)" # ---------- # Base Function(s) # ---------- clean_up() { # Perform program exit housekeeping rm -rf "$LOCK_DIR" blank_line exit $1 } echononl(){ if $terminal ; then echo X\\c > /tmp/shprompt$$ if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then echo -e -n " $*\\c" 1>&2 else echo -e -n " $*" 1>&2 fi rm /tmp/shprompt$$ fi } fatal(){ echo "" if $terminal ; then echo -e " [ \033[31m\033[1mFatal\033[m ] $*" else echo -e " [ Fatal ] $*" fi echo "" if $terminal ; then echo -e " \033[1mScript terminated\033[m.." else echo -e " Script terminated.." fi echo "" rm -rf $LOCK_DIR exit 1 } error (){ echo "" if $terminal ; then echo -e " [ \033[31m\033[1mError\033[m ] $*" else echo " [ Error ] $*" fi echo "" } warn (){ echo "" if $terminal ; then echo -e " [ \033[33m\033[1mWarning\033[m ] $*" else echo " [ Error ] $*" fi echo "" } info (){ if $terminal ; then echo "" if $terminal ; then echo -e " [ \033[32m\033[1mInfo\033[m ] $*" else echo " [ Info ] $*" fi echo "" fi } echo_ok() { if $terminal ; then echo -e "\033[85G[ \033[32mok\033[m ]" fi } echo_failed(){ if $terminal ; then echo -e "\033[85G[ \033[1;31mfailed\033[m ]" fi } echo_skipped() { if $terminal ; then echo -e "\033[85G[ \033[33m\033[1mskipped\033[m ]" fi } echo_wait(){ if $terminal ; then echo -en "\033[85G[ \033[5m\033[1m..\033[m ]" fi } trim() { local var="$*" var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters echo -n "$var" } blank_line() { if $terminal ; then echo "" fi } detect_os () { if $(which lsb_release > /dev/null 2>&1) ; then DIST="$(lsb_release -i | awk '{print tolower($3)}')" DIST_VERSION="$(lsb_release -r | awk '{print tolower($2)}')" DIST_CODENAME="$(lsb_release -c | awk '{print tolower($2)}')" if [[ "$DIST" = "debian" ]]; then if $(echo "$DIST_VERSION" | grep -q '\.') ; then DIST_VERSION=$(echo "$DIST_VERSION" | cut --delimiter='.' -f1) fi fi elif [[ -e "/etc/os-release" ]]; then . /etc/os-release DIST=$ID DIST_VERSION=${VERSION_ID} fi # remove whitespace from DIST and DIST_VERSION DIST="${DIST// /}" DIST_VERSION="${DIST_VERSION// /}" } # ---------- # - Jobhandling # ---------- # - Run 'clean_up' for signals SIGHUP SIGINT SIGTERM # - trap clean_up SIGHUP SIGINT SIGTERM # - Create lock directory '$LOCK_DIR" # mkdir "$LOCK_DIR" # ---------- # - Some checks .. # ---------- # - Running in a terminal? # - if [[ -t 1 ]] ; then terminal=true else fatal "Script must run in a terminal." fi # ========== # - Begin Main Script # ========== # ---------- # - Headline # ---------- if $terminal ; then echo "" echo -e "\033[1m----------\033[m" echo -e "\033[32m\033[1mRunning script \033[m\033[1m$script_name\033[32m .. \033[m" echo -e "\033[1m----------\033[m" fi # ---------- # Read Configurations from $conf_file # ---------- # - Give your default values here # - DEFAULT_FQHN_HOSTNAME="$(hostname -f)" DEFAULT_MATTERMOST_USER="mattermost" DEFAULT_DB_NAME="mattermost" DEFAULT_DB_USER="mattermost" DEFAULT_DB_TYPE="pgsql" # generate random password regexp_digit="([23456789].*){2}" regexp_special_char="([-_%+].*){2}" regexp_not_alowed="([0ODl18B])" LENGTH=16 while [ 1 ] ; do DEFAULT_DB_PASS="$(head -c 300 /dev/urandom | tr -cd 'a-zA-Z1-9\-_%' | head -c ${LENGTH})" # - Check Password # - if [[ "$DEFAULT_DB_PASS" =~ $regexp_not_alowed ]] ; then continue fi if [[ ! "$DEFAULT_DB_PASS" =~ $regexp_special_char ]] ; then continue fi if [[ ! "$DEFAULT_DB_PASS" =~ $regexp_digit ]] ; then continue fi break done echo "$conf_file" if [[ -f "$conf_file" ]]; then source "$conf_file" else warn "No configuration file '$conf_file' present.\n Loading default values.." fi [[ -n "$FQHN_HOSTNAME" ]] && DEFAULT_FQHN_HOSTNAME="$FQHN_HOSTNAME" if [[ -n "$DB_TYPE" ]] ; then if [[ "${DB_TYPE,,}" = "postgres" ]] || [[ "${DB_TYPE,,}" = "postgresql" ]] || [[ "${DB_TYPE,,}" = "pgsql" ]] || [[ "${DB_TYPE,,}" = "psql" ]] ; then DEFAULT_DB_TYPE=pgsql elif [[ "${DB_TYPE,,}" = "mysql" ]] ; then DEFAULT_DB_TYPE=mysql else fatal "Wrong or empty Database Type (DB_TYPE) - must be 'mysql' or 'pgsql'." fi fi [[ -n "$DB_NAME" ]] && DEFAULT_DB_NAME="$DB_NAME" [[ -n "$DB_USER" ]] && DEFAULT_DB_NAME="$DB_USER" [[ -n "$DB_PASS" ]] && DEFAULT_DB_PASS="$DB_PASS" [[ -n "$MATTERMOST_USER" ]] && DEFAULT_MATTERMOST_USER="$MATTERMOST_USER" if [[ -n "$MATTERMOST_GROUP" ]]; then DEFAULT_MATTERMOST_GROUP="$MATTERMOST_GROUP" else DEFAULT_MATTERMOST_GROUP="$DEFAULT_MATTERMOST_USER" fi blank_line echononl "Detect distribution/release of running OS.." detect_os > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi echo -e "\033[32m--\033[m" echo "" echo "Version Number of Mattermost Server to install" echo "" echo " see: https://mattermost.com/download/" echo "" echo "" MATTERMOST_VERSION= while [ "X$MATTERMOST_VERSION" = "X" ] do echononl "Mattermost Server Version: " read MATTERMOST_VERSION if [ "X$MATTERMOST_VERSION" = "X" ]; then echo -e "\n\t\033[33m\033[1mA Version number is required!\033[m\n" fi done DOWNLOAD_ARCHIVE="mattermost-${MATTERMOST_VERSION}-linux-amd64.tar.gz" DOWNLOAD_URL="https://releases.mattermost.com/${MATTERMOST_VERSION}/${DOWNLOAD_ARCHIVE}" FQHN_HOSTNAME= echo "" echo -e "\033[32m--\033[m" echo "" echo "Insert full qualified hostname for Mattermost Service" echo "" if [[ -n "$DEFAULT_FQHN_HOSTNAME" ]]; then while [[ "X${FQHN_HOSTNAME}" = "X" ]]; do echononl "Full qualified hostname [${DEFAULT_FQHN_HOSTNAME}]: " read FQHN_HOSTNAME if [[ "X${FQHN_HOSTNAME}" = "X" ]]; then FQHN_HOSTNAME=$DEFAULT_FQHN_HOSTNAME fi if [[ ! $FQHN_HOSTNAME =~ \. ]]; then echo -e "\n\tGiven Host \033[33m\033[1m$FQHN_HOSTNAME\033[m seems not to be a full qualified hostname.\n" FQHN_HOSTNAME="" fi done else while [[ "X${FQHN_HOSTNAME}" = "X" ]]; do echononl "Full qualified hostname: " read FQHN_HOSTNAME if [[ "X${FQHN_HOSTNAME}" = "X" ]]; then echo -e "\n\t\033[33m\033[1mFull qualified hostname is reqired\033[m\n" fi if [[ ! $FQHN_HOSTNAME =~ \. ]]; then echo -e "\n\tGiven Host \033[33m\033[1m$FQHN_HOSTNAME\033[m seems not to be a full qualified hostname.\n" FQHN_HOSTNAME="" fi done fi HOSTNAME="${FQHN_HOSTNAME%%.*}" echo "" echo "--" echo "" echo "Enter user and group for Mattermost Service." echo "" MATTERMOST_USER= while [ "X$MATTERMOST_USER" = "X" ] do echononl "Mattermost user [${DEFAULT_MATTERMOST_USER}]: " read MATTERMOST_USER if [ "X$MATTERMOST_USER" = "X" ]; then MATTERMOST_USER=$DEFAULT_MATTERMOST_USER fi done MATTERMOST_GROUP= while [ "X$MATTERMOST_GROUP" = "X" ] do echononl "Mattermost group [$DEFAULT_MATTERMOST_GROUP]: " read MATTERMOST_GROUP if [ "X$MATTERMOST_GROUP" = "X" ]; then MATTERMOST_GROUP=$DEFAULT_MATTERMOST_GROUP fi done DB_TYPE="" echo "" echo -e "\033[32m--\033[m" echo "" echo "Choose Database Type" echo "" if [[ "$DEFAULT_DB_TYPE" = "mysql" ]]; then echo -e "\033[3G\033[37m\033[1m[1] MySQL\033[m" else echo -e "\033[3G[1] MySQL" fi if [[ "$DEFAULT_DB_TYPE" = "pgsql" ]] ; then echo -e "\033[3G[2] \033[37m\033[1mPostgeSQL\033[m" else echo -e "\033[3G[2] PostgeSQL" fi echo "" echo "Type a number or press to choose highlighted value" echo "" echononl "Eingabe: " while [ "$DB_TYPE" != "mysql" -a "$DB_TYPE" != "pgsql" ]; do read OPTION case $OPTION in 1) DB_TYPE="mysql" ;; 2) DB_TYPE="pgsql" ;; '') DB_TYPE=$DEFAULT_DB_TYPE ;; *) echo "" echo -e "\033[3GFalsche Eingabe ! [ 1 = MySQL ; 2 = PostgreSQL ] or type " echo "" echononl "Eingabe: " ;; esac done DB_NAME= echo "" echo -e "\033[32m--\033[m" echo "" echo "Enter Database Name used by Mattermost Service" echo "" if [[ -n "$DEFAULT_DB_NAME" ]]; then while [[ "X${DB_NAME}" = "X" ]]; do echononl "Database Name [${DEFAULT_DB_NAME}]: " read DB_NAME if [[ "X${DB_NAME}" = "X" ]]; then DB_NAME=$DEFAULT_DB_NAME fi done else while [[ "X${DB_NAME}" = "X" ]]; do echononl "Database Name: " read DB_NAME if [[ "X${DB_NAME}" = "X" ]]; then echo -e "\n\t\033[33m\033[1m Database Name is reqired\033[m\n" fi done fi DB_USER= echo "" echo -e "\033[32m--\033[m" echo "" echo "Enter Database User used by Mattermost Service" echo "" if [[ -n "$DEFAULT_DB_USER" ]]; then while [[ "X${DB_USER}" = "X" ]]; do echononl "Database User [${DEFAULT_DB_USER}]: " read DB_USER if [[ "X${DB_USER}" = "X" ]]; then DB_USER=$DEFAULT_DB_USER fi done else while [[ "X${DB_USER}" = "X" ]]; do echononl "Database User: " read DB_USER if [[ "X${DB_USER}" = "X" ]]; then echo -e "\n\t\033[33m\033[1m Database User is reqired\033[m\n" fi done fi DB_PASS= echo "" echo -e "\033[32m--\033[m" echo "" echo "Enter Database Password used by Mattermost Service" echo "" if [[ -n "$DEFAULT_DB_PASS" ]]; then while [[ "X${DB_PASS}" = "X" ]]; do echononl "Database Password [${DEFAULT_DB_PASS}]: " read DB_PASS if [[ "X${DB_PASS}" = "X" ]]; then DB_PASS=$DEFAULT_DB_PASS fi done else while [[ "X${DB_PASS}" = "X" ]]; do echononl "Database Password: " read DB_PASS if [[ "X${DB_PASS}" = "X" ]]; then echo -e "\n\t\033[33m\033[1m Database Password is reqired\033[m\n" fi done fi if [[ "$DB_TYPE" = "mysql" ]] ; then if [[ -n "$MYSQL_CREDENTIAL_ARGS" ]] ; then if ! $(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e 'quit' > /dev/null 2>&1) ; then fatal "Parameter MYSQL_CREDENTIAL_ARGS is given, but a connection to MySQL Service failed.!" fi USE_MYSQL_CREDENTIAL_ARGS=true else USE_MYSQL_CREDENTIAL_ARGS=false _MYSQL_ROOT_PW="" echo "" echo -e "\033[32m--\033[m" echo "" echo "Insert root password of MySQL Database Service" echo "" while [ "X${_MYSQL_ROOT_PW}" = "X" ]; do echononl "Passworteingabe: " read -s _MYSQL_ROOT_PW if [ "X${_MYSQL_ROOT_PW}" = "X" ]; then echo -e "\n\t\033[33m\033[1mPassworteingabe erforderlich!\033[m\n" continue fi if $(pgrep mysqld_safe > /dev/null 2>&1) || $(pgrep mysqld > /dev/null 2>&1); then if $(mysql --user="root" --password="$_MYSQL_ROOT_PW" -N -s -e 'quit' > /dev/null 2>&1) ; then MYSQL_ROOT_PW=$_MYSQL_ROOT_PW else echo -e "\n\t\033[33m\033[1mFalsches Passwort\033[m\n" _MYSQL_ROOT_PW="" fi else fatal "MySQL seems not be running. Start MySQL Service and try installing mattermost again." fi done fi fi echo "" echo "" echo -e "\t\033[32mStart install script for Mattermost Server with the following parameters\033[m" echo "" echo -e "\tMattermost Server Version: \033[33m\033[1m$MATTERMOST_VERSION\033[m" echo "" echo -e "\tFull qualified Hostname..: $FQHN_HOSTNAME" echo -e "\tHostname.................: $HOSTNAME" echo "" echo -e "\tMattermost user..........: $MATTERMOST_USER" echo -e "\tMattermost group.........: $MATTERMOST_GROUP" echo "" echo "" if [[ "${DB_TYPE}" = "pgsql" ]] ; then echo -e "\tDatabase Type............: PostgreSQL" else echo -e "\tDatabase Type............: MySQL" fi echo "" if [[ "${DB_TYPE}" = "mysql" ]]; then if $USE_MYSQL_CREDENTIAL_ARGS ; then echo -e "\tMYSQL_CREDENTIAL_ARGS....: $MYSQL_CREDENTIAL_ARGS" else echo -e "\tRoot password MySQL......: **" fi echo "" fi echo -e "\tDatabase Name............: $DB_NAME" echo -e "\tDatabase User............: $DB_USER" echo -e "\tDatabase Password........: $DB_PASS" echo "" echononl "einverstanden (yes/no): " read OK OK=${OK,,} while [ "X$OK" != "Xyes" -a "X$OK" != "Xno" ]; do echononl "Wrong entry! [yes/no]: " read OK OK=${OK,,} done [ $OK = "yes" ] || fatal Repeat with other settings.. echo "" echo "" if ! $USE_MYSQL_CREDENTIAL_ARGS ; then MYSQL_CREDENTIAL_ARGS="--user='root' --password=$_MYSQL_ROOT_PW" if ! $(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e 'quit' > /dev/null 2>&1) ; then fatal "Parameter MYSQL_CREDENTIAL_ARGS is given, but a connection to MySQL Service failed.!" fi fi echo echo -e "\033[37m\033[1mSome checks....\033[m" echo _failed=false echononl "Check if Nginx Webservice is installed.." if $(dpkg -s nginx-extras > "$log_file" 2>&1) ; then nginx_installed=true elif $(dpkg -s nginx-full > "$log_file" 2>&1) ; then nginx_installed=true else nginx_installed=false fi if $nginx_installed ; then echo -e "\033[85G[ \033[32mYES\033[m ]" else echo -e "\033[85G[ \033[1;31mNOT installed\033[m ]" echo "" echononl "\033[1mcontinue anyway\033[m [yes/no]: " read OK while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/nno]: " read OK done [[ $OK = "yes" ]] || fatal "Abbruch durch User" fi _failed=false if [[ "${DB_TYPE}" = "mysql" ]]; then echononl "Check if MySQL Database Service is installed.." if $(dpkg -s mysql-server > "$log_file" 2>&1) ; then database_service_installed=true else database_service_installed=false fi if $database_service_installed ; then echo -e "\033[85G[ \033[32mYES\033[m ]" else echo -e "\033[85G[ \033[1;31mNOT installed\033[m ]" echo "" echononl "\033[1mcontinue anyway\033[m [yes/no]: " read OK while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/nno]: " read OK done [[ $OK = "yes" ]] || fatal "Abbruch durch User" fi else echononl "Check if PostgreSQL Database Service is installed.." if $(dpkg -s postgresql > "$log_file" 2>&1) ; then database_service_installed=true else database_service_installed=false fi if $database_service_installed ; then echo -e "\033[85G[ \033[32mYES\033[m ]" else echo -e "\033[85G[ \033[1;31mNOT installed\033[m ]" echo "" echononl "\033[1mcontinue anyway\033[m [yes/no]: " read OK while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/nno]: " read OK done [[ $OK = "yes" ]] || fatal "Abbruch durch User" fi fi _failed=false echononl "Check if certificate for '$FQHN_HOSTNAME' is present.." if [[ -d "/var/lib/dehydrated/certs/${FQHN_HOSTNAME}" ]] ; then if [[ -h "/var/lib/dehydrated/certs/${FQHN_HOSTNAME}/fullchain.pem" ]]; then cert_present=true else cert_present=false fi else cert_present=false fi if $cert_present ; then echo -e "\033[85G[ \033[32mYES\033[m ]" else echo -e "\033[85G[ \033[1;31mNOT present\033[m ]" fi if ! $nginx_installed || ! $database_service_installed ; then if ! $nginx_installed ; then fatal "Prerequisites are a correct installation of the NGINX Web Service as well as a correct installation of the $DB_TYPE database service. It's also highly recommended to have a valid certificate for your FQHN Hostname '${FQHN_HOSTNAME}'." else fatal "Prerequisites are a correct installation of the NGINX Web Service as well as a correct installation of the $DB_TYPE database service." fi elif ! $cert_present ; then warn "It is highly recommended to have a valid certificate for your FQHN Hostname '${FQHN_HOSTNAME}'." echononl "\033[1mcontinue anyway\033[m [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/nno]: " read OK done [[ $OK = "yes" ]] || fatal "Abbruch durch User" fi echo echo -e "\033[37m\033[1mSome pre-installation stuff..\033[m" echo echononl "Stop Mattermost Service.." if $(systemctl is-active --quiet service mattermost.service) ; then systemctl stop mattermost.service > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echo_skipped fi blank_line if [[ "${DB_TYPE}" = "mysql" ]] ; then echononl "Create MySQL Database User '${DB_USER}' with Password '${DB_PASS}'.." if [[ "$(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \ "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '$DB_USER')" 2>/dev/null)" = 1 ]]; then echo_skipped else mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \ "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '${DB_PASS}'" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi fi echononl "Create MySQL Database '${DB_NAME}'.." if [[ "$(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \ "SHOW DATABASES LIKE '${DB_NAME}'" 2>/dev/null)" = "${DB_NAME}" ]]; then echo_skipped else mysql $MYSQL_CREDENTIAL_ARGS -N -s -e "CREATE DATABASE ${DB_NAME}" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi fi echononl "Grant access privileges to the user '${DB_USER}'’." mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \ "GRANT ALL PRIVILEGES ON ${DB_NAME}.* to '${DB_USER}'@'localhost';" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi echononl "FLUSH PRIVILEGES to dadabase engine .." mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \ "FLUSH PRIVILEGES" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else # Check if PostgreSQL database '$DB_NAME' exists .. # count=$(su - postgres -c "psql -q -A -t -l" | grep -c -e "^$DB_NAME") if [[ $count -eq 0 ]];then database_exists=false else database_exists=true fi # sudo -u postgres psql -c "CREATE DATABASE ${DB_NAME};" > $log_file 2>&1 # sudo -u postgres psql -c "CREATE USER ${DB_USER} WITH PASSWORD '${DB_PASS}';" > $log_file 2>&1 # sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} to ${DB_USER};" > $log_file 2>&1 # sudo -u postgres psql -c "ALTER DATABASE ${DB_NAME} OWNER TO ${DB_USER};" > $log_file 2>&1 # sudo -u postgres psql -c "GRANT USAGE, CREATE ON SCHEMA PUBLIC TO ${DB_USER};" > $log_file 2>&1 echononl "Create PostgreSQL database '${DB_NAME}'.." if $database_exists ; then echo_skipped else sudo -u postgres psql -c "CREATE DATABASE ${DB_NAME};" > $log_file 2>&1 if [[ $? -ne 0 ]] ; then echo_failed error "$(cat "$log_file")" echo "" echononl "\033[1mcontinue anyway\033[m [yes/no]: " read OK while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/nno]: " read OK done [[ $OK = "yes" ]] || fatal "Abbruch durch User" else echo_ok fi fi echononl "Create PostgreSQL database user ${DB_USER}.." if $database_exists ; then echo_skipped else sudo -u postgres psql -c "CREATE USER ${DB_USER} WITH PASSWORD '${DB_PASS}';" > $log_file 2>&1 if [[ $? -ne 0 ]] ; then echo_failed error "$(cat "$log_file")" echo "" echononl "\033[1mcontinue anyway\033[m [yes/no]: " read OK while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/nno]: " read OK done [[ $OK = "yes" ]] || fatal "Abbruch durch User" else echo_ok fi fi echononl "Grant the user access to the Mattermost database.." if $database_exists ; then echo_skipped else sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} to ${DB_USER};" > $log_file 2>&1 if [[ $? -ne 0 ]] ; then echo_failed error "$(cat "$log_file")" echo "" echononl "\033[1mcontinue anyway\033[m [yes/no]: " read OK while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/nno]: " read OK done [[ $OK = "yes" ]] || fatal "Abbruch durch User" else echo_ok fi fi echononl "Change the owner of database '${DB_NAME}' to '${DB_USER}'.." if $database_exists ; then echo_skipped else sudo -u postgres psql -c "ALTER DATABASE ${DB_NAME} OWNER TO ${DB_USER};" > $log_file 2>&1 if [[ $? -ne 0 ]] ; then echo_failed error "$(cat "$log_file")" echo "" echononl "\033[1mcontinue anyway\033[m [yes/no]: " read OK while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/nno]: " read OK done [[ $OK = "yes" ]] || fatal "Abbruch durch User" else echo_ok fi fi echononl "Grant access to objects contained in the specified schema.." if $database_exists ; then echo_skipped else sudo -u postgres psql -c "GRANT USAGE, CREATE ON SCHEMA PUBLIC TO ${DB_USER};" > $log_file 2>&1 if [[ $? -ne 0 ]] ; then echo_failed error "$(cat "$log_file")" echo "" echononl "\033[1mcontinue anyway\033[m [yes/no]: " read OK while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/nno]: " read OK done [[ $OK = "yes" ]] || fatal "Abbruch durch User" else echo_ok fi fi fi echo echo -e "\033[37m\033[1mInstalling Mattermost Server..\033[m" echo echononl "Create the Mattermost (system) group.." if cat /etc/group | grep -e "^${MATTERMOST_GROUP}:" > /dev/null 2>&1 ; then echo_skipped else groupadd -r $MATTERMOST_GROUP > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi fi echononl "Create the Mattermost (system) user.." if id -u $MATTERMOST_USER > /dev/null 2>&1; then echo_skipped else useradd -r -M -d /opt/mattermost -s /bin/false -g $MATTERMOST_GROUP $MATTERMOST_USER > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi fi echononl "Download the latest version (${MATTERMOST_VERSION}) of the Mattermost Server.." if [[ ! -f "${working_dir}/mattermost-${MATTERMOST_VERSION}-linux-amd64.tar.gz" ]]; then wget -O "${working_dir}/${DOWNLOAD_ARCHIVE}" "${DOWNLOAD_URL}" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echo_skipped fi echononl "Backup Mattermost Installation directory.." if [[ -d "/opt/mattermost" ]]; then cp -a "/opt/mattermost" "/opt/mattermost.${backup_date}" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echo_skipped fi echononl "Extract the Mattermost Server files.." tar -C /opt -xvzf "${working_dir}/${DOWNLOAD_ARCHIVE}" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi echononl "Set ownbership of installation directors '/opt/mattermost'.." chown -R ${MATTERMOST_USER}:${MATTERMOST_GROUP} /opt/mattermost > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi echononl "Give write permissions to the mattermost group.." chmod -R g+w /opt/mattermost> "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi echononl "Backup file '/opt/mattermost/config/config.json'.." if [[ ! -f "/opt/mattermost/config/config.json.ORIG" ]]; then cp -a /opt/mattermost/config/config.json /opt/mattermost/config/config.json.ORIG > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echo_skipped fi echo echo -e "\033[37m\033[1mConfigure Mattermost - file '/opt/mattermost/config/config.json'..\033[m" echo echononl "Set up 'SqlSettings'.." if [[ "${DB_TYPE}" = "mysql" ]] ; then if ! $(grep -q -E "^\s*\"DriverName\":\s+mysql" /opt/mattermost/config/config.json 2> "$log_file") ; then _found=false :> ${LOCK_DIR}/config.json :> $log_file while IFS='' read -r _line || [[ -n $_line ]] ; do if $_found && echo "$_line" | grep -iq -E "^\s*\"DriverName\":" 2> /dev/null ; then cat <> ${LOCK_DIR}/config.json 2> "$log_file" "DriverName": "mysql", EOF elif $_found && echo "$_line" | grep -iq -E "^\s*\"DataSource\":" 2> /dev/null ; then cat <> ${LOCK_DIR}/config.json 2> "$log_file" "DataSource": "${DB_USER}:${DB_PASS}@tcp(localhost:3306)/${DB_NAME}?charset=utf8mb4,utf8\\u0026readTimeout=30s\\u0026writeTimeout=30s", EOF else echo "$_line" >> ${LOCK_DIR}/config.json 2> "$log_file" fi if ! $_found && echo "$_line" | grep -iq -E "^\s*\"SqlSettings\"" 2> /dev/null ; then _found=true fi if $_found && echo "$_line" | grep -iq -E "^\s*\}," 2> /dev/null ; then _found=false fi done < "/opt/mattermost/config/config.json" cp -a "${LOCK_DIR}/config.json" /opt/mattermost/config/config.json >> "$log_file" 2>&1 if [[ -s "$log_file" ]] ; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echo_skipped fi else if ! $(grep -q -E "^\s*\"DriverName\":\s+postgres" /opt/mattermost/config/config.json 2> "$log_file") ; then _found=false :> ${LOCK_DIR}/config.json :> $log_file while IFS='' read -r _line || [[ -n $_line ]] ; do if $_found && echo "$_line" | grep -iq -E "^\s*\"DriverName\":" 2> /dev/null ; then cat <> ${LOCK_DIR}/config.json 2> "$log_file" "DriverName": "postgres", EOF elif $_found && echo "$_line" | grep -iq -E "^\s*\"DataSource\":" 2> /dev/null ; then cat <> ${LOCK_DIR}/config.json 2> "$log_file" "DataSource": "postgres://${DB_USER}:${DB_PASS}@localhost:5432/${DB_NAME}?sslmode=disable\\u0026connect_timeout=10", EOF else echo "$_line" >> ${LOCK_DIR}/config.json 2> "$log_file" fi if ! $_found && echo "$_line" | grep -iq -E "^\s*\"SqlSettings\"" 2> /dev/null ; then _found=true fi if $_found && echo "$_line" | grep -iq -E "^\s*\}," 2> /dev/null ; then _found=false fi done < "/opt/mattermost/config/config.json" cp -a "${LOCK_DIR}/config.json" /opt/mattermost/config/config.json >> "$log_file" 2>&1 if [[ -s "$log_file" ]] ; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echo_skipped fi : fi echononl "Set up 'ServiceSettings'.." if ! $(grep -q -E "^\s*\"SiteURL\":\s+\"https://${FQHN_HOSTNAME}\"" /opt/mattermost/config/config.json 2> "$log_file") ; then _found=false :> ${LOCK_DIR}/config.json :> $log_file while IFS='' read -r _line || [[ -n $_line ]] ; do if $_found && echo "$_line" | grep -iq -E "^\s*\"SiteURL\":" 2> /dev/null ; then cat <> ${LOCK_DIR}/config.json 2> "$log_file" "SiteURL": "https://${FQHN_HOSTNAME}", EOF elif $_found && echo "$_line" | grep -iq -E "^\s*\"ListenAddress\":" 2> /dev/null ; then cat <> ${LOCK_DIR}/config.json 2> "$log_file" "ListenAddress": "127.0.0.1:8065", EOF else echo "$_line" >> ${LOCK_DIR}/config.json 2> "$log_file" fi if ! $_found && echo "$_line" | grep -iq -E "^\s*\"ServiceSettings\"" 2> /dev/null ; then _found=true fi if $_found && echo "$_line" | grep -iq -E "^\s*\}," 2> /dev/null ; then _found=false fi done < "/opt/mattermost/config/config.json" cp -a "${LOCK_DIR}/config.json" /opt/mattermost/config/config.json >> "$log_file" 2>&1 if [[ -s "$log_file" ]] ; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echo_skipped fi echononl "Reset ownbership of '/opt/mattermost/config/config.json'.." chown ${MATTERMOST_USER}:${MATTERMOST_GROUP} /opt/mattermost/config/config.json > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi echo echo -e "\033[37m\033[1mSetup Mattermost to use systemd for starting and stopping..\033[m" echo echononl "Create a systemd unit file.." if [[ "${DB_TYPE}" = "mysql" ]] ; then cat < /etc/systemd/system//mattermost.service 2>"$log_file" [Unit] Description=Mattermost After=network.target After=mysql.service Requires=mysql.service [Service] Type=notify ExecStart=/opt/mattermost/bin/mattermost TimeoutStartSec=3600 KillMode=mixed Restart=always RestartSec=10 WorkingDirectory=/opt/mattermost User=$MATTERMOST_USER Group=$MATTERMOST_GROUP LimitNOFILE=524288 [Install] WantedBy=multi-user.target EOF if [[ -s "$log_file" ]] ; then echo_failed error "$(cat "$log_file")" else echo_ok fi else cat < /etc/systemd/system//mattermost.service 2>"$log_file" [Unit] Description=Mattermost After=network.target [Service] Type=notify ExecStart=/opt/mattermost/bin/mattermost TimeoutStartSec=3600 KillMode=mixed Restart=always RestartSec=10 WorkingDirectory=/opt/mattermost User=mattermost Group=mattermost LimitNOFILE=49152 [Install] WantedBy=multi-user.target EOF if [[ -s "$log_file" ]] ; then echo_failed error "$(cat "$log_file")" else echo_ok fi fi echononl "Make systemd load the new unit.." systemctl daemon-reload > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi echononl "Set Mattermost Service to start on machine start up.." systemctl enable mattermost.service > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi blank_line echononl "Start Mattermost Service" systemctl start mattermost.service > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi echo "" echo -e "\033[37m\033[1mConfiguring NGINX with SSL and HTTP/2..\033[m" echo "" echononl "Backup existing NGINX configuration.." if [[ -f "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf" ]] ; then cp -a "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf" \ "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf.${backup_date}" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echo_skipped fi echononl "NGINX virtual host configuration for '${FQHN_HOSTNAME}'.." cat < "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf" 2> "$log_file" # -- ${FQHN_HOSTNAME} -- upstream mm_backend { server 127.0.0.1:8065; keepalive 32; } proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off; server { listen 80; listen [::]:80; server_name ${FQHN_HOSTNAME}; return 301 https://\$server_name\$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name ${FQHN_HOSTNAME}; http2_push_preload on; # Enable HTTP/2 Server Push # Include location directive for Let's Encrypt ACME Challenge # # Needed for (automated) updating certificate # include snippets/letsencrypt-acme-challenge.conf; ssl on; ssl_certificate /var/lib/dehydrated/certs/${FQHN_HOSTNAME}/fullchain.pem; ssl_certificate_key /var/lib/dehydrated/certs/${FQHN_HOSTNAME}/privkey.pem; ssl_trusted_certificate /var/lib/dehydrated/certs/${FQHN_HOSTNAME}/chain.pem; # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits # # To generate a dhparam.pem file, run in a terminal # openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 2048 # ssl_dhparam /etc/nginx/ssl/dhparam.pem; # Enable TLS versions (TLSv1.3 is required upcoming HTTP/3 QUIC). ssl_protocols TLSv1.2 TLSv1.3; # Enable TLSv1.3's 0-RTT. Use \$ssl_early_data when reverse proxying to # prevent replay attacks. # # @see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data ssl_early_data on; # ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES) # Everything better than SHA1 (deprecated) # ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers on; # Eable session resumption to improve https performance ssl_session_cache shared:SSL:50m; ssl_session_timeout 10m; ssl_session_tickets off; # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) # add_header Strict-Transport-Security max-age=15768000; # OCSP Stapling --- # fetch OCSP records from URL in ssl_certificate and cache them ssl_stapling on; ssl_stapling_verify on; add_header X-Early-Data \$tls1_3_early_data; location ~ /api/v[0-9]+/(users/)?websocket\$ { proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection "upgrade"; client_max_body_size 50M; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \$scheme; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_buffers 256 16k; proxy_buffer_size 16k; client_body_timeout 60; send_timeout 300s; lingering_timeout 5; proxy_connect_timeout 90s; proxy_send_timeout 300s; proxy_read_timeout 90s; proxy_http_version 1.1; proxy_pass http://mm_backend; } location / { client_max_body_size 100M; proxy_set_header Connection ""; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \$scheme; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_buffers 256 16k; proxy_buffer_size 16k; proxy_read_timeout 600s; proxy_cache mattermost_cache; proxy_cache_revalidate on; proxy_cache_min_uses 2; proxy_cache_use_stale timeout; proxy_cache_lock on; proxy_http_version 1.1; proxy_pass http://mm_backend; } } # This block is useful for debugging TLS v1.3. Please feel free to remove this # and use the '\$ssl_early_data' variable exposed by NGINX directly should you # wish to do so. map \$ssl_early_data \$tls1_3_early_data { "~." \$ssl_early_data; default ""; } EOF if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi echononl "Enable created configuration.." if [[ ! -h "/etc/nginx/sites-enabled/${FQHN_HOSTNAME}.conf" ]]; then ln -s "../sites-available/${FQHN_HOSTNAME}.conf" \ "/etc/nginx/sites-enabled/${FQHN_HOSTNAME}.conf" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echo_skipped fi echononl "Restart NGINX Service.." systemctl restart nginx > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi echo "" echo -e "\033[37m\033[1mSome post-installation stuff..\033[m" echo "" echononl "Create/Update configuration file '$(basename "$conf_file")'" if [[ -f "$conf_file" ]] ; then echo_skipped else cp -a "${conf_file}.sample" "$conf_file" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi fi _key="FQHN_HOSTNAME" _val="$FQHN_HOSTNAME" echononl "Update Parameter '$_key'.." if $(grep -q -E "^\s*$_key=\"?$_val\"?\s*$" "$conf_file" 2> /dev/null) ; then echo_skipped elif $(grep -q -E "^\s*$_key=" "$conf_file" 2> /dev/null) ; then perl -i -n -p -e "s/^\s*$_key=.*/${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi elif $(grep -q -E "^\s*#\s*${_key}" "$conf_file" 2> /dev/null) ; then perl -i -n -p -e "s/^(\s*\#\s*$_key=.*)/\1\n${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else cat <> "$conf_file" 2> "$log_file" ${_key}=${_val} EOF if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi fi _key="MATTERMOST_USER" _val="$MATTERMOST_USER" echononl "Update Parameter '$_key'.." if $(grep -q -E "^\s*$_key=\"?$_val\"?\s*$" "$conf_file" 2> /dev/null) ; then echo_skipped elif $(grep -q -E "^\s*$_key=" "$conf_file" 2> /dev/null) ; then perl -i -n -p -e "s/^\s*$_key=.*/${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi elif $(grep -q -E "^\s*#\s*${_key}" "$conf_file" 2> /dev/null) ; then perl -i -n -p -e "s/^(\s*\#\s*$_key=.*)/\1\n${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else cat <> "$conf_file" 2> "$log_file" ${_key}=${_val} EOF if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi fi _key="MATTERMOST_GROUP" _val="$MATTERMOST_GROUP" echononl "Update Parameter '$_key'.." if $(grep -q -E "^\s*$_key=\"?$_val\"?\s*$" "$conf_file" 2> /dev/null) ; then echo_skipped elif $(grep -q -E "^\s*$_key=" "$conf_file" 2> /dev/null) ; then perl -i -n -p -e "s/^\s*$_key=.*/${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi elif $(grep -q -E "^\s*#\s*${_key}" "$conf_file" 2> /dev/null) ; then perl -i -n -p -e "s/^(\s*\#\s*$_key=.*)/\1\n${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else cat <> "$conf_file" 2> "$log_file" ${_key}=${_val} EOF if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi fi _key="DB_TYPE" _val="$DB_TYPE" echononl "Update Parameter '$_key'.." if $(grep -q -E "^\s*$_key=\"?$_val\"?\s*$" "$conf_file" 2> /dev/null) ; then echo_skipped elif $(grep -q -E "^\s*$_key=" "$conf_file" 2> /dev/null) ; then perl -i -n -p -e "s/^\s*$_key=.*/${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi elif $(grep -q -E "^\s*#\s*${_key}" "$conf_file" 2> /dev/null) ; then perl -i -n -p -e "s/^(\s*\#\s*$_key=.*)/\1\n${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else cat <> "$conf_file" 2> "$log_file" ${_key}=${_val} EOF if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi fi _key="DB_NAME" _val="$DB_NAME" echononl "Update Parameter '$_key'.." if $(grep -q -E "^\s*$_key=\"?$_val\"?\s*$" "$conf_file" 2> /dev/null) ; then echo_skipped elif $(grep -q -E "^\s*$_key=" "$conf_file" 2> /dev/null) ; then perl -i -n -p -e "s/^\s*$_key=.*/${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi elif $(grep -q -E "^\s*#\s*${_key}" "$conf_file" 2> /dev/null) ; then perl -i -n -p -e "s/^(\s*\#\s*$_key=.*)/\1\n${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else cat <> "$conf_file" 2> "$log_file" ${_key}=${_val} EOF if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi fi _key="DB_USER" _val="$DB_USER" echononl "Update Parameter '$_key'.." if $(grep -q -E "^\s*$_key=\"?$_val\"?\s*$" "$conf_file" 2> /dev/null) ; then echo_skipped elif $(grep -q -E "^\s*$_key=" "$conf_file" 2> /dev/null) ; then perl -i -n -p -e "s/^\s*$_key=.*/${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi elif $(grep -q -E "^\s*#\s*${_key}" "$conf_file" 2> /dev/null) ; then perl -i -n -p -e "s/^(\s*\#\s*$_key=.*)/\1\n${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else cat <> "$conf_file" 2> "$log_file" ${_key}=${_val} EOF if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi fi _key="DB_PASS" _val="$DB_PASS" echononl "Update Parameter '$_key'.." if $(grep -q -E "^\s*$_key=\"?$_val\"?\s*$" "$conf_file" 2> /dev/null) ; then echo_skipped elif $(grep -q -E "^\s*$_key=" "$conf_file" 2> /dev/null) ; then perl -i -n -p -e "s§^\s*$_key=.*§${_key}=\"${_val}\"§" "$conf_file" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi elif $(grep -q -E "^\s*#\s*${_key}" "$conf_file" 2> /dev/null) ; then perl -i -n -p -e "s&^(\s*\#\s*$_key=.*)&\1\n${_key}=\"${_val}\"&" "$conf_file" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else cat <> "$conf_file" 2> "$log_file" ${_key}="${_val}" EOF if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi fi clean_up 0 echo echo -e "\033[37m\033[1mUpdate file '/etc/systemd/system.conf'....\033[m" echo echononl "Set Parameter 'DefaultLimitNOFILE'.." if ! $(grep -q -E "^\s*DefaultLimitNOFILE=" /etc/systemd/system.conf 2> /dev/null); then perl -i -n -p -e "s/^(\s*#DefaultLimitNOFILE=.*)/\1\nDefaultLimitNOFILE=1048576/" \ /etc/systemd/system.conf > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi elif ! $(grep -q -E "^\s*DefaultLimitNOFILE=1048576" /etc/systemd/system.conf 2> /dev/null); then perl -i -n -p -e "s/^\s*DefaultLimitNOFILE=.*/DefaultLimitNOFILE=1048576/" \ /etc/systemd/system.conf > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echo_skipped fi echononl "Set Parameter 'DefaultLimitNPROC'.." if ! $(grep -q -E "^\s*DefaultLimitNPROC=" /etc/systemd/system.conf 2> /dev/null); then perl -i -n -p -e "s/^(\s*#DefaultLimitNPROC=.*)/\1\nDefaultLimitNPROC=1048576/" \ /etc/systemd/system.conf > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi elif ! $(grep -q -E "^\s*DefaultLimitNPROC=1048576" /etc/systemd/system.conf 2> /dev/null); then perl -i -n -p -e "s/^\s*DefaultLimitNPROC=.*/DefaultLimitNPROC=1048576/" \ /etc/systemd/system.conf > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echo_skipped fi echononl "Set Parameter 'DefaultTasksMax'.." if ! $(grep -q -E "^\s*DefaultTasksMax=" /etc/systemd/system.conf 2> /dev/null); then perl -i -n -p -e "s/^(\s*#DefaultTasksMax=.*)/\1\nDefaultTasksMax=1048576/" \ /etc/systemd/system.conf > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi elif ! $(grep -q -E "^\s*DefaultTasksMax=1048576" /etc/systemd/system.conf 2> /dev/null); then perl -i -n -p -e "s/^\s*DefaultTasksMax=.*/DefaultTasksMax=1048576/" \ /etc/systemd/system.conf > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echo_skipped fi echononl "Set Parameter 'DefaultLimitRTPRIO'.." if ! $(grep -q -E "^\s*DefaultLimitRTPRIO=" /etc/systemd/system.conf 2> /dev/null); then perl -i -n -p -e "s/^(\s*#DefaultLimitRTPRIO=.*)/\1\nDefaultLimitRTPRIO=infinity/" \ /etc/systemd/system.conf > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi elif ! $(grep -q -E "^\s*DefaultLimitRTPRIO=infinity" /etc/systemd/system.conf 2> /dev/null); then perl -i -n -p -e "s/^\s*DefaultLimitRTPRIO=.*/DefaultLimitRTPRIO=infinity/" \ /etc/systemd/system.conf > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echo_skipped fi echononl "Set Parameter 'DefaultLimitRTTIME'.." if ! $(grep -q -E "^\s*DefaultLimitRTTIME=" /etc/systemd/system.conf 2> /dev/null); then perl -i -n -p -e "s/^(\s*#DefaultLimitRTTIME=.*)/\1\nDefaultLimitRTTIME=infinity/" \ /etc/systemd/system.conf > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi elif ! $(grep -q -E "^\s*DefaultLimitRTTIME=infinity" /etc/systemd/system.conf 2> /dev/null); then perl -i -n -p -e "s/^\s*DefaultLimitRTTIME=.*/DefaultLimitRTTIME=infinity/" \ /etc/systemd/system.conf > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echo_skipped fi _failed=false echononl "Set Parameter 'DefaultLimitCORE'.." if ! $(grep -q -E "^\s*DefaultLimitCORE=" /etc/systemd/system.conf 2> /dev/null); then perl -i -n -p -e "s/^(\s*#DefaultLimitCORE=.*)/\1\nDefaultLimitCORE=infinity/" \ /etc/systemd/system.conf > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi elif ! $(grep -q -E "^\s*DefaultLimitCORE=infinity" /etc/systemd/system.conf 2> /dev/null); then perl -i -n -p -e "s/^\s*DefaultLimitCORE=.*/DefaultLimitCORE=infinity/" \ /etc/systemd/system.conf > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echo_skipped fi echononl "Reload Systemd .." systemctl daemon-reload > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi echo echo -e "\033[37m\033[1mSome Certifikation/Key stuff..\033[m" echo cert_copied=false echononl "Copy Snakeoil Cert to file '/etc/ssl/fullchain.pem'.." if [[ ! -f "/etc/ssl/fullchain.pem" ]] && [[ ! -h "/etc/ssl/fullchain.pem" ]]; then cp /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/fullchain.pem > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok cert_copied=true fi else echo_skipped fi perm_cert="644" echononl "Set Permission $perm_cert on file '/etc/ssl/fullchain.pem'.." if $cert_copied ; then chmod 644 /etc/ssl/fullchain.pem > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echo_skipped fi if [[ ! -h "/etc/ssl/${FQHN_HOSTNAME}.crt" ]]; then if [[ -f "/etc/ssl/${FQHN_HOSTNAME}.crt" ]] ; then echononl "Remove file '/etc/ssl/${FQHN_HOSTNAME}.crt'.." rm "/etc/ssl/${FQHN_HOSTNAME}.crt" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi fi echononl "Set Symlink '/etc/ssl/${FQHN_HOSTNAME}.crt --> fullchain.pem'.." ln -s fullchain.pem /etc/ssl/${FQHN_HOSTNAME}.crt > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echononl "Set Symlink '/etc/ssl/${FQHN_HOSTNAME}.crt --> fullchain.pem'.." echo_skipped fi blank_line key_copied=false echononl "Copy Snakeoil Key to file '/etc/ssl/privkey.pem'.." if [[ ! -f "/etc/ssl/privkey.pem" ]] && [[ ! -h "/etc/ssl/privkey.pem" ]]; then cp /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/privkey.pem > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok key_copied=true fi else echo_skipped fi perm_key="644" echononl "Set Permission $perm_key on file '/etc/ssl/privkey.pem'.." if $key_copied ; then chmod 644 /etc/ssl/privkey.pem > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echo_skipped fi if [[ ! -h "/etc/ssl/${FQHN_HOSTNAME}.key" ]]; then if [[ -f "/etc/ssl/${FQHN_HOSTNAME}.key" ]] ; then echononl "Remove file '/etc/ssl/${FQHN_HOSTNAME}.key'.." rm "/etc/ssl/${FQHN_HOSTNAME}.key" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi fi echononl "Set Symlink '/etc/ssl/${FQHN_HOSTNAME}.key --> privkey.pem'.." ln -s fullchain.pem /etc/ssl/${FQHN_HOSTNAME}.key > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echononl "Set Symlink '/etc/ssl/${FQHN_HOSTNAME}.key --> privkey.pem'.." echo_skipped fi echo echo -e "\033[37m\033[1mSome naming stuff..\033[m" echo echononl "Change /etc/hostname - set entry to '$FQHN_HOSTNAME'.." if [[ "$(head -1 /etc/hostname)" != "$FQHN_HOSTNAME" ]]; then cat < /etc/hostname $FQHN_HOSTNAME EOF if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else echo_skipped fi blank_line echo -e " Take care '/etc/hosts' contains line '127.0.1.1 ${FQHN_HOSTNAME} $HOSTNAME'.." echononl " \033[1m127.0.1.1 ${FQHN_HOSTNAME} $HOSTNAME\033[m .." if ! $(grep -q -E "^\s*127.0.1.1 ${FQHN_HOSTNAME} $HOSTNAME" /etc/hosts 2> "$log_file") ; then if $(grep -q -E "^\s*127.0.1.1" /etc/hosts 2> "$log_file") ; then perl -i -n -p -e "s/(^\s*127.0.1.1.*)/#\1\n127.0.1.1 ${FQHN_HOSTNAME} $HOSTNAME/" \ /etc/hosts > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi elif $(grep -q -E "^\s*127.0.0.1" /etc/hosts 2> "$log_file") ; then perl -i -n -p -e "s/(^\s*127.0.0.1.*)/\1\n127.0.1.1 ${FQHN_HOSTNAME} $HOSTNAME/" \ /etc/hosts > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi else cat <> /etc/hosts 2> "$log_file" 127.0.1.1 ${FQHN_HOSTNAME} $HOSTNAME EOF if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi fi else echo_skipped fi echo echo -e "\033[37m\033[1mRepository stuff..\033[m" echo echononl "Add the '$JITSI_REPOSITORY_VERSION' Jitsi package repository.." echo "deb https://download.jitsi.org ${JITSI_REPOSITORY_VERSION}/" > /etc/apt/sources.list.d/jitsi-${JITSI_REPOSITORY_VERSION}.list if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi if [[ "$JITSI_REPOSITORY_VERSION" = "stable" ]]; then if [[ -f "/etc/apt/sources.list.d/jitsi-unstable.list" ]]; then echononl "Remove Repository List for 'unstable' jitsi packages.." rm "/etc/apt/sources.list.d/jitsi-unstable.list" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi fi else if [[ -f "/etc/apt/sources.list.d/jitsi-stable.list" ]]; then echononl "Remove Repository List for 'stable' jitsi packages.." rm "/etc/apt/sources.list.d/jitsi-stable.list" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi fi fi echononl "Add the Jitsi Maintainer gpg key.." wget -qO - https://download.jitsi.org/jitsi-key.gpg.key 2> "$log_file" | sudo apt-key add - > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi echononl "Update Repository.." apt-get update > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi # Ensure support is available for apt repositories served via HTTPS # echononl "Install 'apt-transport-https'.." if $(dpkg -s apt-transport-https > "$log_file" 2>&1) ; then echo_skipped else apt-get install -y apt-transport-https > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi fi info "To ensure, your system is fully prepared for installing Jitsi Meet, it is recommend to \033[1mreboot the system before installing Jitsi Meet\033[m." clean_up 0