blob: 5ff4cac802efe18ae9cf1993ea4e5985c101735b (
plain) (
blame)
| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
 | #!/bin/sh
: ${ttrss_username:='s-ttrss'}
: ${ttrss_dbname:='ttrss'}
: ${ttrss_dbhost:="$postgres_host"}
: ${ttrss_fqdn:="$fqdn"}
: ${ttrss_access_role:='ttrss-access'}
: ${ttrss_admin_role:='ttrss-admin'}
: ${ttrss_mail_from:="ttrss-noreply@${email_domain}"}
ttrss_dn="uid=${ttrss_username},${robots_basedn}"
ttrss_https_cert="${nginx_conf_dir}/ttrss.crt"
ttrss_https_key="${nginx_conf_dir}/ttrss.key"
ttrss_repo='https://git.tt-rss.org/fox/tt-rss.git/'
ttrss_branch=master
ttrss_repo_dir=/usr/local/www/tt-rss
ttrss_keytab="${keytab_dir}/ttrss.keytab"
ttrss_client_keytab="${keytab_dir}/ttrss.client.keytab"
ttrss_fpm_socket=/var/run/fpm-ttrss.sock
# Install required packages.
pkg install -y \
  ca_root_nss \
  nginx \
  git-lite \
  php${php_version}-ctype \
  php${php_version}-curl \
  php${php_version}-dom \
  php${php_version}-exif \
  php${php_version}-fileinfo \
  php${php_version}-filter \
  php${php_version}-gd \
  php${php_version}-iconv \
  php${php_version}-intl \
  php${php_version}-ldap \
  php${php_version}-mbstring \
  php${php_version}-opcache \
  php${php_version}-pcntl \
  php${php_version}-pdo \
  php${php_version}-pdo_pgsql \
  php${php_version}-pgsql \
  php${php_version}-phar \
  php${php_version}-posix \
  php${php_version}-session \
  php${php_version}-simplexml \
  php${php_version}-sockets \
  php${php_version}-tokenizer \
  php${php_version}-xml \
  php${php_version}-xmlwriter \
  php${php_version}-zip
# Create ttrss principal and keytab.
ldap_add "$ttrss_dn" <<EOF
objectClass: account
uid: ${ttrss_username}
EOF
add_principal -nokey -x "dn=${ttrss_dn}" "$ttrss_username"
ktadd -k "$ttrss_client_keytab" "$ttrss_username"
chgrp "$nginx_user" "$ttrss_client_keytab"
chmod 640 "$ttrss_client_keytab"
nginx_uid=$(id -u "$nginx_user")
install_directory -o "$nginx_user" -m 0700 "/var/krb5/user/${nginx_uid}"
ln -snfv "$ttrss_client_keytab" "/var/krb5/user/${nginx_uid}/client.keytab"
# Create HTTP principal and keytab.
add_principal -nokey -x "containerdn=${services_basedn}" "HTTP/${fqdn}"
ktadd -k "$ttrss_keytab" "HTTP/${fqdn}"
chgrp "$nginx_user" "$ttrss_keytab"
chmod 640 "$ttrss_keytab"
ln -snfv "$ttrss_keytab" "/var/krb5/user/${nginx_uid}/keytab"
# Install ttrss from git.
[ -d "$ttrss_repo_dir" ] || git clone "$ttrss_repo" "$ttrss_repo_dir"
# Update git repos.
git -C "$ttrss_repo_dir" pull --ff-only
git -C "$ttrss_repo_dir" switch "$ttrss_branch"
# Fix permissions on writable directories.
for dir in lock cache feed-icons ; do
  chmod 755 "${ttrss_repo_dir}/${dir}"
  chown -R "${nginx_user}:${nginx_user}" "${ttrss_repo_dir}/${dir}"
done
# Generate config.php.
install_template -m 0644 "${ttrss_repo_dir}/config.php"
# Create postgres user and database.
postgres_create_role "$ttrss_dbhost" "$ttrss_username"
postgres_create_database "$ttrss_dbhost" "$ttrss_dbname" "$ttrss_username"
# Initialize the database schema.
su -m "$nginx_user" -c "${ttrss_repo_dir}/update.php --update-schema=force-yes"
# Copy tt-rss LDAP auth plugin.
install_directory -m 0755 "${ttrss_repo_dir}/plugins.local/auth_idm"
install_file -m 0644 "${ttrss_repo_dir}/plugins.local/auth_idm/init.php"
# Copy tt-rss rc script.
install_file -m 0555 /usr/local/etc/rc.d/ttrssd
# Allow ttrss user to perform git queries.
git config --system --replace-all safe.directory "$ttrss_repo_dir"
# Copy TLS certificate for nginx.
install_certificate     nginx "$ttrss_https_cert"
install_certificate_key nginx "$ttrss_https_key"
# Generate nginx configuration.
install_file -m 0644 /usr/local/etc/nginx/fastcgi_params
install_template -m 0644 \
  /usr/local/etc/nginx/nginx.conf \
  /usr/local/etc/nginx/vhosts.conf
install_file -m 0644 /etc/newsyslog.conf.d/nginx.conf
# Generate php-fpm configuration.
install_file -m 0644 \
  /usr/local/etc/php.ini \
  /usr/local/etc/php-fpm.conf
install_template -m 0644 \
  /usr/local/etc/php-fpm.d/ttrss.conf
> /usr/local/etc/php-fpm.d/www.conf
# Enable and start daemons.
sysrc -v \
  nginx_enable=YES \
  php_fpm_enable=YES \
  ttrssd_enable=YES
service nginx restart
service php_fpm restart
service ttrssd restart
# Create roles.
for role in "$ttrss_access_role" "$ttrss_admin_role"; do
  ldap_add "cn=${role},${roles_basedn}" <<EOF
objectClass: groupOfMembers
cn: ${role}
EOF
done
 |