From 8fcc3b31adf0809272eb8679c8cd4462b6661317 Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Thu, 13 Jan 2022 22:34:17 +0100
Subject: [PATCH] improved installscript alot - proper order - templates for
 all configs to fill in automatically

---
 admin/.env.template              |   4 +
 backend/.env .template           |  33 ++++++++
 database/.env.template           |   8 ++
 deployment/bare_metal/install.sh | 135 +++++++++++++++----------------
 frontend/.env.template           |   3 +
 5 files changed, 114 insertions(+), 69 deletions(-)
 create mode 100644 admin/.env.template
 create mode 100644 backend/.env .template
 create mode 100644 database/.env.template
 create mode 100644 frontend/.env.template

diff --git a/admin/.env.template b/admin/.env.template
new file mode 100644
index 000000000..d785705f0
--- /dev/null
+++ b/admin/.env.template
@@ -0,0 +1,4 @@
+GRAPHQL_URI=${GRAPHQL_URI}
+WALLET_AUTH_URL=${WALLET_AUTH_URL}
+WALLET_URL=${WALLET_URL}
+DEBUG_DISABLE_AUTH=false
\ No newline at end of file
diff --git a/backend/.env .template b/backend/.env .template
new file mode 100644
index 000000000..09e58f5f5
--- /dev/null
+++ b/backend/.env .template	
@@ -0,0 +1,33 @@
+PORT=4000
+JWT_SECRET=${JWT_SECRET}
+JWT_EXPIRES_IN=10m
+GRAPHIQL=false
+GDT_API_URL=https://gdt.gradido.net
+DB_HOST=localhost
+DB_PORT=3306
+DB_USER=${DB_USER}
+DB_PASSWORD=${DB_PASSWORD}
+DB_DATABASE=gradido_community
+
+EMAIL=${EMAIL}
+EMAIL_USERNAME=${EMAIL_USERNAME}
+EMAIL_SENDER=${EMAIL_SENDER}
+EMAIL_PASSWORD=${EMAIL_PASSWORD}
+EMAIL_SMTP_URL=§{EMAIL_SMTP_URL}
+EMAIL_SMTP_PORT=587
+#RESEND_TIME=1 minute, 60 => 1hour, 1440 (60 minutes * 24 hours) => 24 hours 
+RESEND_TIME=10
+
+EMAIL_LINK_VERIFICATION=${EMAIL_LINK_VERIFICATION}
+
+#KLICKTIPP_USER=
+#KLICKTIPP_PASSWORD=
+#KLICKTIPP_APIKEY_DE=
+#KLICKTIPP_APIKEY_EN=
+#KLICKTIPP=true
+COMMUNITY_NAME=
+COMMUNITY_URL=
+COMMUNITY_REGISTER_URL=
+COMMUNITY_DESCRIPTION=
+
+WEBHOOK_ELOPAGE_SECRET=${WEBHOOK_ELOPAGE_SECRET}
\ No newline at end of file
diff --git a/database/.env.template b/database/.env.template
new file mode 100644
index 000000000..bee25c9ea
--- /dev/null
+++ b/database/.env.template
@@ -0,0 +1,8 @@
+DB_HOST=localhost
+DB_PORT=3306
+DB_USER=${DB_USER}
+DB_PASSWORD=${DB_PASSWORD}
+DB_DATABASE=gradido_community
+MIGRATIONS_TABLE=migrations
+
+TYPEORM_SEEDING_FACTORIES=src/factories/**/*{.ts,.js}
diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh
index 3d1d44a2c..3c999b501 100755
--- a/deployment/bare_metal/install.sh
+++ b/deployment/bare_metal/install.sh
@@ -3,15 +3,26 @@
 # This install script requires the minimum requirements already installed.
 # How to do this is described in detail in [setup.md](./setup.md)
 
+# Find current directory & configure paths
+set -o allexport
+SCRIPT_PATH=$(realpath $0)
+SCRIPT_DIR=$(dirname $SCRIPT_PATH)
+PROJECT_ROOT=$SCRIPT_DIR/../..
+set +o allexport
+
 # Load .env or .env.dist if not present
 set -o allexport
-if [ -f ".env" ]; then
-    source .env
+#TODO
+if [ -f "$SCRIPT_DIR/.env" ]; then
+    source $SCRIPT_DIR/.env
 else
-    source .env.dist
+    source $SCRIPT_DIR/.env.dist
 fi
 set +o allexport
 
+# Configure git
+git config pull.ff only
+
 # Install mariadb
 sudo apt-get install -y mariadb-server
 sudo mysql_secure_installation
@@ -23,57 +34,24 @@ sudo mysql_secure_installation
 # Remove test database and access to it? [Y/n] Y
 # Reload privilege tables now? [Y/n] Y
 
-# create db user
-DB_USER=gradido 
-DB_PASSWORD=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo);
-# create table 
-#create database gradido_community 
-#    DEFAULT CHARACTER SET utf8mb4
-#    DEFAULT COLLATE utf8mb4_unicode_ci;
-# GRANT ALL PRIVILEGES ON gradido_community.* TO '$DB_USER'@'localhost';
-sudo mysql <<EOFMYSQL
-    CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASSWD';
-    GRANT ALL PRIVILEGES ON *.* TO '$DB_USER'@'localhost';
-    FLUSH PRIVILEGES;
-EOFMYSQL
-# TODO generate .env
-echo $DB_PASSWORD
-
-#TODO go to database
-#TODO generate this
-#TODO database setup
-cp .env.dist .env
-
-#TODO go to backend
-#TODO generate this
-#TODO database setup
-#TODOchange jwt secret
-#TODO change email releated stuff
-cp .env.dist .env
-
-#TODO go to frontend
-#TODO generate this
-#TODO backend url
-#TODO admin url
-cp .env.dist .env
-
-#TODO go to admin
-#TODO generate this
-#TODO change graphqlurl
-#TODO change wallet url
-
-cp .env.dist .env
-
-#TODO import old database
-
 # Install nginx
 sudo apt-get install -y nginx
 sudo rm /etc/nginx/sites-enabled/default
-sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/sites-available/gradido.conf /etc/nginx/sites-available
-sudo ln -s /etc/nginx/sites-available/gradido.conf /etc/nginx/sites-enabled
-sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/sites-available/update-page.conf /etc/nginx/sites-available
-cd /etc/nginx
-sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/common common
+# sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/sites-available/gradido.conf /etc/nginx/sites-available
+# sudo ln -s /etc/nginx/sites-available/gradido.conf /etc/nginx/sites-enabled
+# sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/sites-available/update-page.conf /etc/nginx/sites-available
+sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/common /etc/nginx/
+
+# Allow nginx configuration and restart for gradido
+#TODO generate file
+sudo nano /etc/sudoers.d/gradido
+> gradido ALL=(ALL) NOPASSWD: /etc/init.d/nginx start,/etc/init.d/nginx stop,/etc/init.d/nginx restart
+sudo chmod a+rw /etc/nginx/sites-enabled
+
+# Install node 16.x
+curl -sL https://deb.nodesource.com/setup_16.x | sudo -E bash -
+sudo apt-get install -y nodejs
+sudo apt-get install -y build-essential
 
 # Install yarn
 sudo apt-get install -y curl
@@ -83,32 +61,22 @@ echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/source
 sudo apt-get update
 sudo apt-get install -y yarn
 
-# Install node 16.x
-curl -sL https://deb.nodesource.com/setup_16.x | sudo -E bash -
-sudo apt-get install -y nodejs
-sudo apt-get install -y build-essential
-
 # Install pm2
 sudo yarn global add pm2
 
 # Install certbot
+sudo /etc/init.d/nginx stop
 sudo apt-get install -y certbot
-sudo apt-get install -y python3-certbot-nginx
-sudo certbot --certonly
+sudo certbot certonly
 > Enter email address (used for urgent renewal and security notices) > support@gradido.net
 > Please read the Terms of Service at > Y
 > Would you be willing, once your first certificate is successfully issued, to > N
 > No names were found in your configuration files. Please enter in your domain > stage1.gradido.net
+sudo /etc/init.d/nginx start
 
-git config pull.ff only
-
-# Allow nginx configuration and restart for gradido
-sudo nano /etc/sudoers.d/gradido
-> gradido ALL=(ALL) NOPASSWD: /etc/init.d/nginx start,/etc/init.d/nginx stop,/etc/init.d/nginx restart
-sudo chmod a+rw /etc/nginx/sites-enabled
-
-# Webhooks (optional)
+# Webhooks (optional) (for development)
 sudo apt install webhook
+# TODO generate
 nano ~/hooks.json
 ```
 [
@@ -118,7 +86,7 @@ nano ~/hooks.json
     "pass-arguments-to-command": [
       {
         "source": "string",
-        "name": "new_deployment"
+        "name": "master"
       },
     ],
     "command-working-directory": "/home/gradido/gradido/deployment/bare_metal",
@@ -137,7 +105,7 @@ nano ~/hooks.json
         {
           "match": {
             "type": "value",
-            "value": "refs/heads/new_deployment",
+            "value": "refs/heads/master",
             "parameter": {
               "source": "payload",
               "name": "ref"
@@ -152,4 +120,33 @@ nano ~/hooks.json
 
 webhook -hooks ~/hooks.json &
 # or for debugging
-webhook -hooks ~/hooks.json -verbose
\ No newline at end of file
+webhook -hooks ~/hooks.json -verbose
+
+# create db user
+DB_USER=gradido 
+DB_PASSWORD=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo);
+# create table 
+#create database gradido_community 
+#    DEFAULT CHARACTER SET utf8mb4
+#    DEFAULT COLLATE utf8mb4_unicode_ci;
+# GRANT ALL PRIVILEGES ON gradido_community.* TO '$DB_USER'@'localhost';
+sudo mysql <<EOFMYSQL
+    CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASSWORD';
+    GRANT ALL PRIVILEGES ON *.* TO '$DB_USER'@'localhost';
+    FLUSH PRIVILEGES;
+EOFMYSQL
+
+# Configure database
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/database/.env.template > $PROJECT_ROOT/database/.env
+
+# Configure backend
+JWT_SECRET=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo);
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/backend/.env.template > $PROJECT_ROOT/backend/.env
+
+# Configure frontend
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/frontend/.env.template > $PROJECT_ROOT/frontend/.env
+
+# Configure admin
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/admin/.env.template > $PROJECT_ROOT/admin/.env
+
+#TODO import old database
\ No newline at end of file
diff --git a/frontend/.env.template b/frontend/.env.template
new file mode 100644
index 000000000..5d370fb9d
--- /dev/null
+++ b/frontend/.env.template
@@ -0,0 +1,3 @@
+GRAPHQL_URI=${GRAPHQL_URI}
+DEFAULT_PUBLISHER_ID=2896
+ADMIN_AUTH_URL=${ADMIN_AUTH_URL}
\ No newline at end of file