aboutsummaryrefslogblamecommitdiff
path: root/scripts/hostclass/ttrss_server
blob: 5ff4cac802efe18ae9cf1993ea4e5985c101735b (plain) (tree)
1
2
3
4
5
6
7
8
9
10









                                                     
                                                 








































                                                       




                                                          



























































                                                                               
                                                     
























                                                        
#!/bin/sh

: ${ttrss_username:='s-ttrss'}
: ${ttrss_dbname:='ttrss'}
: ${ttrss_dbhost:="$postgres_host"}
: ${ttrss_fqdn:="$fqdn"}
: ${ttrss_access_role:='ttrss-access'}
: ${ttrss_admin_role:='ttrss-admin'}
: ${ttrss_mail_from:="ttrss-noreply@${email_domain}"}

ttrss_dn="uid=${ttrss_username},${robots_basedn}"
ttrss_https_cert="${nginx_conf_dir}/ttrss.crt"
ttrss_https_key="${nginx_conf_dir}/ttrss.key"
ttrss_repo='https://git.tt-rss.org/fox/tt-rss.git/'
ttrss_branch=master
ttrss_repo_dir=/usr/local/www/tt-rss
ttrss_keytab="${keytab_dir}/ttrss.keytab"
ttrss_client_keytab="${keytab_dir}/ttrss.client.keytab"
ttrss_fpm_socket=/var/run/fpm-ttrss.sock

# Install required packages.
pkg install -y \
  ca_root_nss \
  nginx \
  git-lite \
  php${php_version}-ctype \
  php${php_version}-curl \
  php${php_version}-dom \
  php${php_version}-exif \
  php${php_version}-fileinfo \
  php${php_version}-filter \
  php${php_version}-gd \
  php${php_version}-iconv \
  php${php_version}-intl \
  php${php_version}-ldap \
  php${php_version}-mbstring \
  php${php_version}-opcache \
  php${php_version}-pcntl \
  php${php_version}-pdo \
  php${php_version}-pdo_pgsql \
  php${php_version}-pgsql \
  php${php_version}-phar \
  php${php_version}-posix \
  php${php_version}-session \
  php${php_version}-simplexml \
  php${php_version}-sockets \
  php${php_version}-tokenizer \
  php${php_version}-xml \
  php${php_version}-xmlwriter \
  php${php_version}-zip

# Create ttrss principal and keytab.
ldap_add "$ttrss_dn" <<EOF
objectClass: account
uid: ${ttrss_username}
EOF
add_principal -nokey -x "dn=${ttrss_dn}" "$ttrss_username"

ktadd -k "$ttrss_client_keytab" "$ttrss_username"
chgrp "$nginx_user" "$ttrss_client_keytab"
chmod 640 "$ttrss_client_keytab"

nginx_uid=$(id -u "$nginx_user")
install_directory -o "$nginx_user" -m 0700 "/var/krb5/user/${nginx_uid}"
ln -snfv "$ttrss_client_keytab" "/var/krb5/user/${nginx_uid}/client.keytab"

# Create HTTP principal and keytab.
add_principal -nokey -x "containerdn=${services_basedn}" "HTTP/${fqdn}"

ktadd -k "$ttrss_keytab" "HTTP/${fqdn}"
chgrp "$nginx_user" "$ttrss_keytab"
chmod 640 "$ttrss_keytab"

ln -snfv "$ttrss_keytab" "/var/krb5/user/${nginx_uid}/keytab"

# Install ttrss from git.
[ -d "$ttrss_repo_dir" ] || git clone "$ttrss_repo" "$ttrss_repo_dir"

# Update git repos.
git -C "$ttrss_repo_dir" pull --ff-only
git -C "$ttrss_repo_dir" switch "$ttrss_branch"

# Fix permissions on writable directories.
for dir in lock cache feed-icons ; do
  chmod 755 "${ttrss_repo_dir}/${dir}"
  chown -R "${nginx_user}:${nginx_user}" "${ttrss_repo_dir}/${dir}"
done

# Generate config.php.
install_template -m 0644 "${ttrss_repo_dir}/config.php"

# Create postgres user and database.
postgres_create_role "$ttrss_dbhost" "$ttrss_username"
postgres_create_database "$ttrss_dbhost" "$ttrss_dbname" "$ttrss_username"

# Initialize the database schema.
su -m "$nginx_user" -c "${ttrss_repo_dir}/update.php --update-schema=force-yes"

# Copy tt-rss LDAP auth plugin.
install_directory -m 0755 "${ttrss_repo_dir}/plugins.local/auth_idm"
install_file -m 0644 "${ttrss_repo_dir}/plugins.local/auth_idm/init.php"

# Copy tt-rss rc script.
install_file -m 0555 /usr/local/etc/rc.d/ttrssd

# Allow ttrss user to perform git queries.
git config --system --replace-all safe.directory "$ttrss_repo_dir"

# Copy TLS certificate for nginx.
install_certificate     nginx "$ttrss_https_cert"
install_certificate_key nginx "$ttrss_https_key"

# Generate nginx configuration.
install_file -m 0644 /usr/local/etc/nginx/fastcgi_params
install_template -m 0644 \
  /usr/local/etc/nginx/nginx.conf \
  /usr/local/etc/nginx/vhosts.conf
install_file -m 0644 /etc/newsyslog.conf.d/nginx.conf

# Generate php-fpm configuration.
install_file -m 0644 \
  /usr/local/etc/php.ini \
  /usr/local/etc/php-fpm.conf
install_template -m 0644 \
  /usr/local/etc/php-fpm.d/ttrss.conf
> /usr/local/etc/php-fpm.d/www.conf

# Enable and start daemons.
sysrc -v \
  nginx_enable=YES \
  php_fpm_enable=YES \
  ttrssd_enable=YES
service nginx restart
service php_fpm restart
service ttrssd restart

# Create roles.
for role in "$ttrss_access_role" "$ttrss_admin_role"; do
  ldap_add "cn=${role},${roles_basedn}" <<EOF
objectClass: groupOfMembers
cn: ${role}
EOF
done