From e58ec8ad346cecd83870d6e1785d559253007f75 Mon Sep 17 00:00:00 2001
From: einhorn_b <dariofrodo@gmx.de>
Date: Wed, 10 Jan 2024 22:21:42 +0100
Subject: [PATCH] use chown after

---
 backend/.env.template                       |  2 +-
 deployment/bare_metal/.env.dist             | 12 ++++-
 deployment/hetzner_cloud/install.sh         | 56 +++++++++++++++++----
 deployment/hetzner_cloud/install_gradido.sh | 48 ------------------
 4 files changed, 58 insertions(+), 60 deletions(-)
 delete mode 100755 deployment/hetzner_cloud/install_gradido.sh

diff --git a/backend/.env.template b/backend/.env.template
index 9133428ab..9adb09793 100644
--- a/backend/.env.template
+++ b/backend/.env.template
@@ -49,7 +49,7 @@ EMAIL_USERNAME=$EMAIL_USERNAME
 EMAIL_SENDER=$EMAIL_SENDER
 EMAIL_PASSWORD=$EMAIL_PASSWORD
 EMAIL_SMTP_URL=$EMAIL_SMTP_URL
-EMAIL_SMTP_PORT=587
+EMAIL_SMTP_PORT=$EMAIL_SMTP_PORT
 EMAIL_LINK_VERIFICATION=$EMAIL_LINK_VERIFICATION
 EMAIL_LINK_SETPASSWORD=$EMAIL_LINK_SETPASSWORD
 EMAIL_LINK_FORGOTPASSWORD=$EMAIL_LINK_FORGOTPASSWORD
diff --git a/deployment/bare_metal/.env.dist b/deployment/bare_metal/.env.dist
index 326392124..ebdc9f277 100644
--- a/deployment/bare_metal/.env.dist
+++ b/deployment/bare_metal/.env.dist
@@ -6,13 +6,17 @@ COMMUNITY_SUPPORT_MAIL=support@supportmail.com
 
 # setup email account for sending gradido system messages to users
 EMAIL=true
-EMAIL_TEST_MODUS=false
-EMAIL_TEST_RECEIVER=test_team@gradido.net
 EMAIL_USERNAME=peter@lustig.de
 EMAIL_SENDER=peter@lustig.de
 EMAIL_PASSWORD=1234
 EMAIL_SMTP_URL=smtp.lustig.de
+EMAIL_SMTP_PORT=587
+
+# how many minutes email verification code is valid
+# also used for password reset code
 EMAIL_CODE_VALID_TIME=1440
+# how many minutes user must wait before he can request the email verification code again
+# also used for password reset code
 EMAIL_CODE_REQUEST_TIME=10
 
 # Need to adjust by updates
@@ -31,6 +35,10 @@ URL_PROTOCOL=https
 # start script
 # only for test server
 DEPLOY_SEED_DATA=false
+# test email
+# if true all email will be send to EMAIL_TEST_RECEIVER instead of email address of user
+EMAIL_TEST_MODUS=false
+EMAIL_TEST_RECEIVER=test_team@gradido.net
 
 # Logging
 GRADIDO_LOG_PATH=/home/gradido/gradido/deployment/bare_metal/log
diff --git a/deployment/hetzner_cloud/install.sh b/deployment/hetzner_cloud/install.sh
index 8a2d18a16..b83cdae68 100755
--- a/deployment/hetzner_cloud/install.sh
+++ b/deployment/hetzner_cloud/install.sh
@@ -10,7 +10,7 @@ set -o allexport
 SCRIPT_PATH=$(realpath ../bare_metal)
 SCRIPT_DIR=$(dirname $SCRIPT_PATH)
 LOCAL_SCRIPT_PATH=$(realpath $0)
-LOCAL_SCRIPT_DIR=$(dirname $SCRIPT_PATH)
+LOCAL_SCRIPT_DIR=$(dirname $LOCAL_SCRIPT_PATH)
 PROJECT_ROOT=$SCRIPT_DIR/..
 set +o allexport
 
@@ -80,15 +80,12 @@ expect eof
 ")
 echo "$SECURE_MYSQL"
 
-# create db user
-export DB_USER=gradido
-export DB_PASSWORD=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo);
-
-# run all commands which must be called in gradido user space
-sudo -u gradido $LOCAL_SCRIPT_DIR/install_gradido.sh 
-
 # Configure nginx
 rm /etc/nginx/sites-enabled/default
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/nginx/sites-available/gradido.conf.template > $SCRIPT_PATH/nginx/sites-available/gradido.conf
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/nginx/sites-available/update-page.conf.template > $SCRIPT_PATH/nginx/sites-available/update-page.conf
+mkdir $SCRIPT_PATH/nginx/sites-enabled
+ln -s $SCRIPT_PATH/nginx/sites-available/update-page.conf $SCRIPT_PATH/nginx/sites-enabled/default
 ln -s $SCRIPT_PATH/nginx/sites-enabled/default /etc/nginx/sites-enabled
 ln -s $SCRIPT_PATH/nginx/common /etc/nginx/
 rmdir /etc/nginx/conf.d
@@ -97,16 +94,57 @@ ln -s $SCRIPT_PATH/nginx/conf.d /etc/nginx/
 # setup https with certbot
 certbot certonly --nginx --non-interactive --agree-tos --domains $COMMUNITY_HOST --email $COMMUNITY_SUPPORT_MAIL
 
+# Install node 16. with nvm, with nodesource is depracted
+sudo -u gradido bash -c 'curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash'
+# Close and reopen your terminal to start using nvm or run the following to use it now:
+sudo -u gradido bash -c 'export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"'
+sudo -u gradido bash -c '. $HOME/.nvm/nvm.sh && nvm install 16' # first installed version will be set to default automatic
+
+# Install yarn
+sudo -u gradido bash -c '. $HOME/.nvm/nvm.sh && npm i -g yarn'
+
+# Install pm2
+sudo -u gradido bash -c '. $HOME/.nvm/nvm.sh && npm i -g pm2 && pm2 startup'
+
 # Install logrotate
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/logrotate/gradido.conf.template > $SCRIPT_PATH/logrotate/gradido.conf
 cp $SCRIPT_PATH/logrotate/gradido.conf /etc/logrotate.d/gradido.conf
 
-# setup db user
+# create db user
+export DB_USER=gradido
+export DB_PASSWORD=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo);
 mysql <<EOFMYSQL
     CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASSWORD';
     GRANT ALL PRIVILEGES ON *.* TO '$DB_USER'@'localhost';
     FLUSH PRIVILEGES;
 EOFMYSQL
 
+# Configure database
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/database/.env.template > $PROJECT_ROOT/database/.env
+
+# Configure backend
+export JWT_SECRET=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo);
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/backend/.env.template > $PROJECT_ROOT/backend/.env
+
+# Configure frontend
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/frontend/.env.template > $PROJECT_ROOT/frontend/.env
+
+# Configure admin
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/admin/.env.template > $PROJECT_ROOT/admin/.env
+
+# Configure dht-node
+export FEDERATION_DHT_SEED=$(< /dev/urandom tr -dc a-f0-9 | head -c 32;echo);
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/dht-node/.env.template > $PROJECT_ROOT/dht-node/.env
+
+# Configure federation
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/federation/.env.template > $PROJECT_ROOT/federation/.env
+
+# set all created or modified files back to belonging to gradido
+chown -R gradido:gradido $PROJECT_ROOT
+
+# create cronjob to delete yarn output in /tmp and for making backups regulary
+sudo -u gradido crontab < $LOCAL_SCRIPT_DIR/crontabs.txt
+
 # Start gradido
 # Note: on first startup some errors will occur - nothing serious
 sudo -u gradido $SCRIPT_PATH/start.sh 
\ No newline at end of file
diff --git a/deployment/hetzner_cloud/install_gradido.sh b/deployment/hetzner_cloud/install_gradido.sh
deleted file mode 100755
index b2db53cf3..000000000
--- a/deployment/hetzner_cloud/install_gradido.sh
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/bin/bash
-# called from install.sh as gradido user
-# ENV variables from install.sh are accessable by child scripts
-# changing don't count for calling script
-
-# Configure nginx
-envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/nginx/sites-available/gradido.conf.template > $SCRIPT_PATH/nginx/sites-available/gradido.conf
-envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/nginx/sites-available/update-page.conf.template > $SCRIPT_PATH/nginx/sites-available/update-page.conf
-mkdir $SCRIPT_PATH/nginx/sites-enabled
-ln -s $SCRIPT_PATH/nginx/sites-available/update-page.conf $SCRIPT_PATH/nginx/sites-enabled/default
-
-# Install node 16. with nvm, with nodesource is depracted
-curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
-# Close and reopen your terminal to start using nvm or run the following to use it now:
-export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
-nvm install 16 # first installed version will be set to default automatic
-
-# Install yarn
-npm i -g yarn
-
-# Install pm2
-npm i -g pm2 && pm2 startup
-
-# Install logrotate
-envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/logrotate/gradido.conf.template > $SCRIPT_PATH/logrotate/gradido.conf
-
-# Configure database
-envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/database/.env.template > $PROJECT_ROOT/database/.env
-
-# Configure backend
-export JWT_SECRET=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo);
-envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/backend/.env.template > $PROJECT_ROOT/backend/.env
-
-# Configure frontend
-envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/frontend/.env.template > $PROJECT_ROOT/frontend/.env
-
-# Configure admin
-envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/admin/.env.template > $PROJECT_ROOT/admin/.env
-
-# Configure dht-node
-export FEDERATION_DHT_SEED=$(< /dev/urandom tr -dc a-f0-9 | head -c 32;echo);
-envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/dht-node/.env.template > $PROJECT_ROOT/dht-node/.env
-
-# Configure federation
-envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $PROJECT_ROOT/federation/.env.template > $PROJECT_ROOT/federation/.env
-
-# create cronjob to delete yarn output in /tmp and for making backups regulary
-crontab < $LOCAL_SCRIPT_DIR/crontabs.txt