gitlab-ce/reconfigure-gitlab-ce.sh

#!/usr/bin/env bash
  
script_name="$(basename $(realpath $0))"
working_dir="$(dirname $(realpath $0))"

conf_file="${working_dir}/conf/${script_name%%.*}.conf"

LOCK_DIR="/tmp/$(basename $0).$$.LOCK"
log_file="${LOCK_DIR}/${script_name%%.*}.log"

backup_date="$(date +%Y-%m-%d-%H%M)"


# ----------
# Base Function(s)
# ----------

clean_up() {

   # Perform program exit housekeeping
   rm -rf "$LOCK_DIR"
   blank_line
   exit $1
}


echononl(){
   if $terminal ; then
      echo X\\c > /tmp/shprompt$$
      if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
         echo -e -n "   $*\\c" 1>&2
      else
         echo -e -n "   $*" 1>&2
      fi
      rm /tmp/shprompt$$
   fi
}

fatal(){
   echo ""
   if $terminal ; then
      echo -e "   [ \033[31m\033[1mFatal\033[m ] $*"
   else
      echo -e "   [ Fatal ] $*"
   fi
   echo ""
   if $terminal ; then
      echo -e "             \033[1mScript terminated\033[m.."
   else
      echo -e "             Script terminated.."
   fi
   echo ""
   rm -rf $LOCK_DIR
   exit 1
}

error (){
   echo ""
   if $terminal ; then
      echo -e "   [ \033[31m\033[1mError\033[m ] $*"
   else
      echo "   [ Error ] $*"
   fi
   echo ""
}

warn (){
   if $LOGGING || $terminal ; then
      echo ""
      if $terminal ; then
         echo -e "   [ \033[33m\033[1mWarn\033[m ]  $*"
      else
         echo "   [ Warn ]  $*"
      fi
      echo ""
   fi
}

info (){
   if $LOGGING || $terminal ; then
      echo ""
      if $terminal ; then
         echo -e "   [ \033[32m\033[1mInfo\033[m ]  $*"
      else
         echo "   [ Info ]  $*"
      fi
      echo ""
   fi
}

ok (){
   if $LOGGING || $terminal ; then
      echo ""
      if $terminal ; then
         echo -e "   [ \033[32m\033[1mOk\033[m ]    $*"
      else
         echo "   [ Ok ]    $*"
      fi
      echo ""
   fi
}

echo_done() {
   if $terminal ; then
      echo -e "\033[75G[ \033[32mdone\033[m ]"
   fi
}
echo_ok() {
   if $terminal ; then
      echo -e "\033[75G[ \033[32mok\033[m ]"
   fi
}
echo_failed(){
   if $terminal ; then
      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
   fi
}
echo_skipped() {
   if $terminal ; then
      echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]"
   fi
}
echo_wait(){
   if $terminal ; then
      echo -en "\033[75G[ \033[5m\033[1m...\033[m ]"
   fi
}

trim() {
    local var="$*"
    var="${var#"${var%%[![:space:]]*}"}"   # remove leading whitespace characters
    var="${var%"${var##*[![:space:]]}"}"   # remove trailing whitespace characters
    echo -n "$var"
}

blank_line() {
   if $terminal ; then
      echo ""
   fi
}



# ----------
# - Jobhandling 
# ----------

# - Run 'clean_up' for signals SIGHUP SIGINT SIGTERM
# -
trap clean_up SIGHUP SIGINT SIGTERM

# - Create lock directory '$LOCK_DIR"
#
mkdir "$LOCK_DIR"


# ----------
# - Some checks ..
# ----------

# - Running in a terminal?
# -
if [[ -t 1 ]] ; then
   terminal=true
else
   terminal=false
fi


# ==========
# - Begin Main Script
# ==========

# ----------
# - Headline
# ----------

if $terminal ; then
   echo ""
   echo -e "\033[1m----------\033[m"
   echo -e "\033[32m\033[1mRunning script \033[m\033[1m$script_name\033[32m .. \033[m"
   echo -e "\033[1m----------\033[m"
fi


# ----------
#  Read Configurations from $conf_file
# ----------


# - Give your default values here
# -
LOGGING=false
BATCH_MODE=false
LETS_ENCRYPT_CERT_DIR="/var/lib/dehydrated/certs/${HOST_NAME}"
GITLAB_CONF_FILE="/etc/gitlab/gitlab.rb"
gitlab_reconfigure=false
gitlab_ctl_script=/usr/bin/gitlab-ctl


if [[ -f "$conf_file" ]]; then
   source "$conf_file"
else
   warn "No configuration file '$conf_file' present.\n
             Loading default values.."
fi

if [[ ! -f "${GITLAB_CONF_FILE}" ]] ; then
	fatal "Gitlab configuration file ('${GITLAB_CONF_FILE}') not found!"
fi

if [[ ! -f "${gitlab_ctl_script}" ]] ; then
	fatal "Gitlab control script ('${gitlab_ctl_script}') not found!"
fi

echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Insert hostname (external_url)"
echo ""
_HOST_NAME="$(hostname --fqdn)"
HOST_NAME=
echononl "Hostname [${_HOST_NAME}]: "
read HOST_NAME
if [[ "X${HOST_NAME}" = "X" ]] ; then
	HOST_NAME="${_HOST_NAME}"
fi


# ----------
# - Main part of script
# ----------

if $terminal ; then
   echo ""
   echo ""
   echo -e "   \033[1mMain part of script ..\033[m"
   echo ""
fi

if [[ -n "$GITLAB_CONF_FILE" ]]; then

   if [[ ! -d "/var/lib/dehydrated/certs/${HOST_NAME}" ]]; then
      URL_SCHEMA="http"
   else
      URL_SCHEMA="https"
   fi

   echononl "   Adjust ${GITLAB_CONF_FILE} - external_url"

   if ! grep -E "^\s*external_url" $GITLAB_CONF_FILE 2> /dev/null | grep -q -E "${URL_SCHEMA}://${HOST_NAME}" 2> /dev/null ; then

      if grep -q -E "^\s*external_url" $GITLAB_CONF_FILE 2> /dev/null ; then

         perl -i -n -p -e "s#^(\s*(external_url).*)#\#\# \1\n\2 '${URL_SCHEMA}://${HOST_NAME}'#" $GITLAB_CONF_FILE
         if [[ $? -eq 0 ]] ; then
            echo_ok
            gitlab_reconfigure=true
         else
            echo_failed
         fi

      elif !  grep -q -E "^\s*#\s*external_url" $GITLAB_CONF_FILE 2> /dev/null ; then
         cat <<EOF >> ${GITLAB_CONF_FILE}

################################################################################
## Added by dehydrated install script $(basename $0)
################################################################################

external_url '${URL_SCHEMA}://${HOST_NAME}'

EOF
         if [[ $? -eq 0 ]] ; then
            echo_ok
            gitlab_reconfigure=true
         else
            echo_failed
         fi
      else
         perl -i -n -p -e "s#^(\s*\#\s*(external_url).*)#\1\n\2 '${URL_SCHEMA}://${HOST_NAME}'#" $GITLAB_CONF_FILE
         if [[ $? -eq 0 ]] ; then
            echo_ok
            gitlab_reconfigure=true
         else
            echo_failed
         fi
      fi
   else
      echo_skipped
   fi

   echononl "   Adjust ${GITLAB_CONF_FILE} - nginx['custom_gitlab_server_config']"

   if ! grep -E "^\s*nginx\['custom_gitlab_server_config'\]" $GITLAB_CONF_FILE 2> /dev/null | grep -q ".well-known/acme-challenge" 2> /dev/null ; then
      if !  grep -q -E "^\s*#\s*nginx\['custom_gitlab_server_config'\]" $GITLAB_CONF_FILE 2> /dev/null ; then
         cat <<EOF >> ${GITLAB_CONF_FILE}

################################################################################
## Added by dehydrated install script $(basename $0)
################################################################################

nginx['custom_gitlab_server_config'] = "location ^~ /.well-known/acme-challenge {\\n    alias /var/www/dehydrated;\\n    auth_basic off;\\n  }\\n"

EOF
         if [[ $? -eq 0 ]] ; then
            echo_ok
            gitlab_reconfigure=true
         else
            echo_failed
         fi
      else
         perl -i -n -p -e "s#^(\s*\#\s*(nginx\['custom_gitlab_server_config'\]).*)#\1\n\2 = \"location ^~ /.well-known/acme-challenge {\\\n    alias \/var\/www\/dehydrated;\\\n    auth_basic off;\\\n  }\\\n\"#" $GITLAB_CONF_FILE
         if [[ $? -eq 0 ]] ; then
            echo_ok
            gitlab_reconfigure=true
         else
            echo_failed
         fi
      fi
   else
      echo_skipped
   fi

   echononl "   Adjust ${GITLAB_CONF_FILE} - nginx['listen_addresses']"

   if ! grep -E "^\s*nginx\['listen_addresses'\]" $GITLAB_CONF_FILE 2> /dev/null | grep -q -E "\['\*',\s*'\[::]'\]" 2> /dev/null ; then

      if !  grep -q -E "^\s*#\s*nginx\['listen_addresses'\]" $GITLAB_CONF_FILE 2> /dev/null ; then
         cat <<EOF >> ${GITLAB_CONF_FILE}

################################################################################
## Added by dehydrated install script $(basename $0)
################################################################################

nginx['listen_addresses'] = ['*', '[::]']

EOF
         if [[ $? -eq 0 ]] ; then
            echo_ok
            gitlab_reconfigure=true
         else
            echo_failed
         fi
      else
         perl -i -n -p -e "s#^(\s*\#\s*(nginx\['listen_addresses'\]).*)#\1\n\2 = ['*', '[::]']#" $GITLAB_CONF_FILE
         if [[ $? -eq 0 ]] ; then
            echo_ok
            gitlab_reconfigure=true
         else
            echo_failed
         fi
      fi
   else
      echo_skipped
   fi

   if [[ -d "/var/lib/dehydrated/certs/${HOST_NAME}" ]]; then

      echononl "   Adjust ${GITLAB_CONF_FILE} - letsencrypt['enable']"

      if ! grep -E "^\s*letsencrypt\['enable'\]" $GITLAB_CONF_FILE 2> /dev/null | grep -q -E "false" 2> /dev/null ; then

         if grep -q -E "^\s*letsencrypt\['enable'\]" $GITLAB_CONF_FILE 2> /dev/null ; then

            perl -i -n -p -e "s#^(\s*(letsencrypt\['enable'\]).*)#\#\# \1\n\2 = false#" $GITLAB_CONF_FILE
            if [[ $? -eq 0 ]] ; then
               echo_ok
               gitlab_reconfigure=true
            else
               echo_failed
            fi

         elif ! grep -q -E "^\s*#\s*letsencrypt\['enable'\]" $GITLAB_CONF_FILE 2> /dev/null ; then
            cat <<EOF >> ${GITLAB_CONF_FILE}

################################################################################
## Added by dehydrated install script $(basename $0)
################################################################################

letsencrypt['enable'] = false

EOF
            if [[ $? -eq 0 ]] ; then
               echo_ok
               gitlab_reconfigure=true
            else
               echo_failed
            fi
         else
            perl -i -n -p -e "s#^(\s*\#\s*(letsencrypt\['enable'\]).*)#\1\n\2 = false#" $GITLAB_CONF_FILE
            if [[ $? -eq 0 ]] ; then
               echo_ok
               gitlab_reconfigure=true
            else
               echo_failed
            fi
         fi
      else
         echo_skipped
      fi

      echononl "   Adjust ${GITLAB_CONF_FILE} - nginx['redirect_http_to_https']"

      if ! grep -E "^\s*nginx\['redirect_http_to_https'\]" $GITLAB_CONF_FILE 2> /dev/null | grep -q -E "true" 2> /dev/null ; then

         if grep -q -E "^\s*nginx\['redirect_http_to_https'\]" $GITLAB_CONF_FILE 2> /dev/null ; then

            perl -i -n -p -e "s#^(\s*(nginx\['redirect_http_to_https'\]).*)#\#\# \1\n\2 = true#" $GITLAB_CONF_FILE
            if [[ $? -eq 0 ]] ; then
               echo_ok
               gitlab_reconfigure=true
            else
               echo_failed
            fi

         elif ! grep -q -E "^\s*#\s*nginx\['redirect_http_to_https'\]" $GITLAB_CONF_FILE 2> /dev/null ; then
            cat <<EOF >> ${GITLAB_CONF_FILE}

################################################################################
## Added by dehydrated install script $(basename $0)
################################################################################

nginx['redirect_http_to_https'] = true

EOF
            if [[ $? -eq 0 ]] ; then
               echo_ok
               gitlab_reconfigure=true
            else
               echo_failed
            fi
         else
            perl -i -n -p -e "s#^(\s*\#\s*(nginx\['redirect_http_to_https'\]).*)#\1\n\2 = true#" $GITLAB_CONF_FILE
            if [[ $? -eq 0 ]] ; then
               echo_ok
               gitlab_reconfigure=true
            else
               echo_failed
            fi
         fi
      else
         echo_skipped
      fi

      echononl "   Create Directory '/etc/gitlab/ssl'.."
      if [[ ! -d "/etc/gitlab/ssl" ]]; then
         mkdir -p "/etc/gitlab/ssl" > /dev/null 2>&1
         if [[ $? -eq 0 ]] ; then
            echo_ok
            gitlab_reconfigure=true
         else
            echo_failed
         fi
      else
         echo_skipped
      fi

      echononl "   Create Symlink '/etc/gitlab/ssl/${HOST_NAME}.key'.."

      if [[ -h "/etc/gitlab/ssl/${HOST_NAME}.key" ]] \
         && [[ "$(readlink -qs "/etc/gitlab/ssl/${HOST_NAME}.key")" = "/var/lib/dehydrated/certs/${HOST_NAME}/privkey.pem" ]] ; then
         echo_skipped
      else
         rm -rf "/etc/gitlab/ssl/${HOST_NAME}.key" > /dev/null 2>&1
         ln -s "/var/lib/dehydrated/certs/${HOST_NAME}/privkey.pem" "/etc/gitlab/ssl/${HOST_NAME}.key" > /dev/null 2>&1
         if [[ $? -eq 0 ]] ; then
            echo_ok
            gitlab_reconfigure=true
         else
            echo_failed
         fi
      fi

      echononl "   Create Symlink '/etc/gitlab/ssl/${HOST_NAME}.crt'.."
      if [[ -h "/etc/gitlab/ssl/${HOST_NAME}.crt" ]] \
         && [[ "$(readlink -qs "/etc/gitlab/ssl/${HOST_NAME}.crt")" = "/var/lib/dehydrated/certs/${HOST_NAME}/fullchain.pem" ]]; then
         echo_skipped
      else
         rm -rf "/etc/gitlab/ssl/${HOST_NAME}.crt" > /dev/null 2>&1
         ln -s "/var/lib/dehydrated/certs/${HOST_NAME}/fullchain.pem" "/etc/gitlab/ssl/${HOST_NAME}.crt" > /dev/null 2>&1
         if [[ $? -eq 0 ]] ; then
            echo_ok
            gitlab_reconfigure=true
         else
            echo_failed
         fi
      fi

   fi


fi

if $gitlab_installed ; then
	echo ""
   echononl "   Reconfiguring (and restarting) Gitlab Services.."
   if $gitlab_reconfigure ; then
      if [[ -x "$gitlab_ctl_script" ]]; then
         $gitlab_ctl_script reconfigure > /dev/null 2>&1
         if [[ $? -eq 0 ]] ; then
            echo_ok
         else
            echo_failed
            warn "Restart of Gitlab Services failed.."
         fi
      else
         echo_skipped
         warn "Gitlab Control Script (gitlab-ctl) not found."
      fi
   else
      echo_skipped
   fi
fi


clean_up 0