From bd59e06d170ea37e293b1d8f48d5353f2a0b3224 Mon Sep 17 00:00:00 2001
From: einhorn_b <dariofrodo@gmx.de>
Date: Mon, 8 Jan 2024 15:59:55 +0100
Subject: [PATCH] install.sh can run on command line, certbort used for https,
 FEDERATION_DHT_SEED generate and loaded in start.sh

---
 deployment/bare_metal/.env.dist     |  2 +
 deployment/bare_metal/start.sh      | 25 ++++++----
 deployment/hetzner_cloud/README.md  | 31 +++++++++++-
 deployment/hetzner_cloud/install.sh | 73 ++++++++++++++++++++++++++++-
 4 files changed, 118 insertions(+), 13 deletions(-)

diff --git a/deployment/bare_metal/.env.dist b/deployment/bare_metal/.env.dist
index dd5e75484..59cbf042e 100644
--- a/deployment/bare_metal/.env.dist
+++ b/deployment/bare_metal/.env.dist
@@ -24,6 +24,8 @@ ADMIN_CONFIG_VERSION=v2.2024-01-04
 FEDERATION_CONFIG_VERSION=v1.2023-01-09
 FEDERATION_DHT_CONFIG_VERSION=v3.2023-04-26
 
+FEDERATION_DHT_TOPIC=GRADIDO_HUB
+
 # Need adjustments for test system
 URL_PROTOCOL=https
 # start script
diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh
index bc923c6fa..db67cc0d9 100755
--- a/deployment/bare_metal/start.sh
+++ b/deployment/bare_metal/start.sh
@@ -14,8 +14,10 @@ set +o allexport
 # the services and will therefore take precedence over the .env
 
 # We have to load the backend .env to get DB_USERNAME, DB_PASSWORD AND JWT_SECRET
+# and the dht-node .env to get FEDERATION_DHT_SEED
 export_var(){
   export $1=$(grep -v '^#' $PROJECT_ROOT/backend/.env | grep -e "$1" | sed -e 's/.*=//')
+  export $1=$(grep -v '^#' $PROJECT_ROOT/dht-node/.env | grep -e "$1" | sed -e 's/.*=//')
 }
 
 if [ -f "$PROJECT_ROOT/backend/.env" ]; then
@@ -24,6 +26,10 @@ if [ -f "$PROJECT_ROOT/backend/.env" ]; then
     export_var 'JWT_SECRET'
 fi
 
+if [ -f "$PROJECT_ROOT/dht-node/.env" ]; then
+    export_var 'FEDERATION_DHT_SEED'
+fi
+
 # Load .env or .env.dist if not present
 if [ -f "$SCRIPT_DIR/.env" ]; then
     set -o allexport
@@ -57,6 +63,10 @@ echo 'Configuring nginx to serve the update-page' >> $UPDATE_HTML
 rm /etc/nginx/sites-enabled/gradido.conf
 ln -s /etc/nginx/sites-available/update-page.conf /etc/nginx/sites-enabled/
 sudo /etc/init.d/nginx restart
+# enable https if env variable has value https
+if [ "$URL_PROTOCOL" = "https" ]; then
+    certbot --nginx --non-interactive
+fi
 
 # stop all services
 echo 'Stop and delete all Gradido services' >> $UPDATE_HTML
@@ -100,11 +110,7 @@ export FEDERATION_NGINX_CONF=$(< $NGINX_CONFIG_DIR/gradido-federation.conf.locat
 
 # *** 3rd generate gradido nginx config including federation modules per api-version
 echo 'Generate new gradido nginx config' >> $UPDATE_HTML
-case "$URL_PROTOCOL" in
- 'https') TEMPLATE_FILE="gradido.conf.ssl.template" ;;
-    *) TEMPLATE_FILE="gradido.conf.template" ;;
-esac
-envsubst '$FEDERATION_NGINX_CONF' < $NGINX_CONFIG_DIR/$TEMPLATE_FILE > $NGINX_CONFIG_DIR/gradido.conf.tmp
+envsubst '$FEDERATION_NGINX_CONF' < $NGINX_CONFIG_DIR/gradido.conf.template > $NGINX_CONFIG_DIR/gradido.conf.tmp
 unset FEDERATION_NGINX_CONF
 envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/gradido.conf.tmp > $NGINX_CONFIG_DIR/gradido.conf
 rm $NGINX_CONFIG_DIR/gradido.conf.tmp
@@ -112,11 +118,7 @@ rm $NGINX_CONFIG_DIR/gradido-federation.conf.locations
 
 # Generate update-page.conf from template
 echo 'Generate new update-page nginx config' >> $UPDATE_HTML
-case "$URL_PROTOCOL" in
- 'https') TEMPLATE_FILE="update-page.conf.ssl.template" ;;
-    *) TEMPLATE_FILE="update-page.conf.template" ;;
-esac
-envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/$TEMPLATE_FILE > $NGINX_CONFIG_DIR/update-page.conf
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/update-page.conf.template > $NGINX_CONFIG_DIR/update-page.conf
 
 # Clean tmp folder - remove yarn files
 find /tmp -name "yarn--*" -exec rm -r {} \;
@@ -262,6 +264,9 @@ echo 'Configuring nginx to serve gradido again' >> $UPDATE_HTML
 ln -s /etc/nginx/sites-available/gradido.conf /etc/nginx/sites-enabled/
 rm /etc/nginx/sites-enabled/update-page.conf
 sudo /etc/init.d/nginx restart
+if [ "$URL_PROTOCOL" = "https" ]; then
+    certbot --nginx --non-interactive
+fi
 
 # keep the update log
 cat $UPDATE_HTML >> $GRADIDO_LOG_PATH/update.$TODAY.log
diff --git a/deployment/hetzner_cloud/README.md b/deployment/hetzner_cloud/README.md
index 01df8663d..fbad7ace6 100644
--- a/deployment/hetzner_cloud/README.md
+++ b/deployment/hetzner_cloud/README.md
@@ -76,7 +76,34 @@ $ ssh -i /path/to/privKey gradido@gddhost.tld
 cd ~
 git clone https://github.com/gradido/gradido.git
 ```
-### Edit Config 
+
+### Adjust the values in `.env`
+
+***!!! Attention !!!***
+
+*Don't forget this step!
+All your following installations in `install.sh` will fail!*
+
+*Notes:*
+
+- *`;` cannot be part of any value!*
+- *The GitHub secret is created on GitHub in Settings -> Webhooks.*
+
+#### Create `.env` and set values
+
 ```bash
 cd ~/gradido/deployment
-cp ./bare_metal/.env.dist ./hetzner_cloud/.env
\ No newline at end of file
+cp ./bare_metal/.env.dist ./hetzner_cloud/.env
+cd hetzner_cloud/
+nano .env
+# adjust values accordingly
+```
+
+### Run `install.sh`
+***!!! Attention !!!***
+Don't use this script if you have custom config in /etc/nginx/conf.d, because this script
+will remove it and ln ../bare_metal/nginx/conf.d
+
+```bash
+sudo chmod +x ./install.sh
+sudo ./install.sh
\ No newline at end of file
diff --git a/deployment/hetzner_cloud/install.sh b/deployment/hetzner_cloud/install.sh
index c51a2e60b..64f6240ec 100644
--- a/deployment/hetzner_cloud/install.sh
+++ b/deployment/hetzner_cloud/install.sh
@@ -57,4 +57,75 @@ send \"y\r\"
 
 expect eof
 ")
-echo "$SECURE_MYSQL"
\ No newline at end of file
+echo "$SECURE_MYSQL"
+
+# Configure nginx
+rm /etc/nginx/sites-enabled/default
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_DIR/nginx/sites-available/gradido.conf.template > $SCRIPT_DIR/nginx/sites-available/gradido.conf
+ln -s $SCRIPT_DIR/nginx/sites-available/gradido.conf /etc/nginx/sites-available
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_DIR/nginx/sites-available/update-page.conf.template > $SCRIPT_DIR/nginx/sites-available/update-page.conf
+ln -s $SCRIPT_DIR/nginx/sites-available/update-page.conf /etc/nginx/sites-available
+ln -s $SCRIPT_DIR/nginx/common /etc/nginx/
+rmdir /etc/nginx/conf.d
+ln -s $SCRIPT_DIR/nginx/conf.d /etc/nginx/
+
+# setup https with certbot
+certbot --nginx --non-interactive --agree-tos --domains $COMMUNITY_HOST --email $COMMUNITY_SUPPORT_MAIL
+
+# Install node 16.x
+curl -sL https://deb.nodesource.com/setup_16.x | sudo -E bash -
+apt-get install -y nodejs
+
+# Install yarn
+curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
+echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
+apt-get update
+apt-get install -y yarn
+
+# Install pm2
+yarn global add pm2
+pm2 startup
+
+# Install logrotate
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_DIR/logrotate/gradido.conf.template > $SCRIPT_DIR/logrotate/gradido.conf
+cp $SCRIPT_DIR/logrotate/gradido.conf /etc/logrotate.d/gradido.conf
+chown root:root /etc/logrotate.d/gradido.conf
+
+# create db user
+export DB_USER=gradido
+export DB_PASSWORD=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo);
+mysql <<EOFMYSQL
+    CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASSWORD';
+    GRANT ALL PRIVILEGES ON 'gradido_community'.* TO '$DB_USER'@'localhost';
+    FLUSH PRIVILEGES;
+EOFMYSQL
+
+# Configure database
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/database/.env.template > $PROJECT_ROOT/database/.env
+
+# Configure backend
+export JWT_SECRET=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo);
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/backend/.env.template > $PROJECT_ROOT/backend/.env
+
+# Configure frontend
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/frontend/.env.template > $PROJECT_ROOT/frontend/.env
+
+# Configure admin
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/admin/.env.template > $PROJECT_ROOT/admin/.env
+
+# Configure dht-node
+export FEDERATION_DHT_SEED=$(< /dev/urandom tr -dc a-f0-9 | head -c 32;echo);
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/dht-node/.env.template > $PROJECT_ROOT/dht-node/.env
+
+# Configure federation
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/federation/.env.template > $PROJECT_ROOT/federation/.env
+
+# create cronjob to delete yarn output in /tmp
+# crontab -e
+# hourly job: 0 * * * * find /tmp -name "yarn--*" -cmin +60 -exec rm -r {} \; > /dev/null
+crontab -l | { cat; echo "0 * * * * find /tmp -name "yarn--*" -cmin +60 -exec rm -r {} \; > /dev/null"; } | crontab -
+# daily job:  0 4 * * * find /tmp -name "yarn--*" -ctime +1 -exec rm -r {} \; > /dev/null
+crontab -l | { cat; echo "0 4 * * * find /tmp -name "yarn--*" -ctime +1 -exec rm -r {} \; > /dev/null"; } | crontab -
+# Start gradido
+# Note: on first startup some errors will occur - nothing serious
+$SCRIPT_PATH/start.sh
\ No newline at end of file