| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146 |
- #!/bin/bash
- set -e
- # Ensure we're in the project root directory
- PROJECT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
- cd "${PROJECT_ROOT}"
- # Define directories relative to project root
- CREDENTIALS_DIR="config/credentials"
- DOCKER_DIR="docker"
- KEYCLOAK_SCRIPTS_DIR="scripts/setup/keycloak"
- ANSIBLE_PLAYBOOK="ansible/site.yml"
- ANSIBLE_INVENTORY="ansible/inventory/staging/hosts"
- # Create necessary directories
- mkdir -p "${CREDENTIALS_DIR}"
- mkdir -p "${DOCKER_DIR}"
- mkdir -p "${KEYCLOAK_SCRIPTS_DIR}"
- # Function to generate secure passwords
- generate_password() {
- openssl rand -base64 24 | tr -dc 'a-zA-Z0-9' | head -c 24
- }
- # Date for documentation
- SETUP_DATE=$(date '+%Y-%m-%d_%H-%M-%S')
- # Generate passwords
- KEYCLOAK_ADMIN_PASSWORD=$(generate_password)
- KC_DB_PASSWORD=$(generate_password)
- TESTADMIN_PASSWORD=$(generate_password)
- TESTUSER_PASSWORD=$(generate_password)
- NEXTCLOUD_DB_ROOT_PASSWORD=$(generate_password)
- NEXTCLOUD_DB_USER=$(generate_password)
- NEXTCLOUD_DB_PASSWORD=$(generate_password)
- NEXTCLOUD_ADMIN_USER=$(generate_password)
- NEXTCLOUD_ADMIN_PASSWORD=$(generate_password)
- KEYCLOAK_NEXTCLOUD_CLIENT_SECRET=$(generate_password)
- # Create .env file in docker directory
- cat > "${DOCKER_DIR}/.env" << EOL
- # Generated on ${SETUP_DATE}
- # Keycloak Admin
- KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}
- # Keycloak Database
- KC_DB_USERNAME=keycloak
- KC_DB_PASSWORD=${KC_DB_PASSWORD}
- # Nextcloud Database
- NEXTCLOUD_DB_ROOT_PASSWORD=${NEXTCLOUD_DB_ROOT_PASSWORD}
- NEXTCLOUD_DB_USER=${NEXTCLOUD_DB_USER}
- NEXTCLOUD_DB_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
- NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
- NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
- EOL
- # Create .env file for keycloak setup script
- cat > "${KEYCLOAK_SCRIPTS_DIR}/.env" << EOL
- # Generated on ${SETUP_DATE}
- KEYCLOAK_URL=https://auth.mrx8086.com
- KEYCLOAK_ADMIN_USER=admin
- KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}
- NEXTCLOUD_CLIENT_ID=nextcloud
- PAPERLESS_CLIENT_ID=paperless
- NODERED_CLIENT_ID=nodered
- TESTADMIN_PASSWORD=${TESTADMIN_PASSWORD}
- TESTUSER_PASSWORD=${TESTUSER_PASSWORD}
- KEYCLOAK_NEXTCLOUD_CLIENT_SECRET=${KEYCLOAK_NEXTCLOUD_CLIENT_SECRET}
- EOL
- # Create encrypted credentials documentation
- cat > "${CREDENTIALS_DIR}/credentials_${SETUP_DATE}.txt" << EOL
- Setup Date: ${SETUP_DATE}
- Keycloak Admin Credentials:
- Username: admin
- Password: ${KEYCLOAK_ADMIN_PASSWORD}
- Keycloak Database Credentials:
- Username: keycloak
- Password: ${KC_DB_PASSWORD}
- Test Admin Credentials:
- Password: ${TESTADMIN_PASSWORD}
- Test User Credentials:
- Password: ${TESTUSER_PASSWORD}
- Nextcloud Database Credentials:
- Root Password: ${NEXTCLOUD_DB_ROOT_PASSWORD}
- User: ${NEXTCLOUD_DB_USER}
- Password: ${NEXTCLOUD_DB_PASSWORD}
- Nextcloud Admin Credentials:
- Username: ${NEXTCLOUD_ADMIN_USER}
- Password: ${NEXTCLOUD_ADMIN_PASSWORD}
- EOL
- # Encrypt credentials file
- gpg --symmetric --cipher-algo AES256 "${CREDENTIALS_DIR}/credentials_${SETUP_DATE}.txt"
- rm "${CREDENTIALS_DIR}/credentials_${SETUP_DATE}.txt"
- echo "Environment setup completed!"
- echo "Credentials have been saved and encrypted in: ${CREDENTIALS_DIR}/credentials_${SETUP_DATE}.txt.gpg"
- echo ".env file for docker-compose has been created in: ${DOCKER_DIR}/.env"
- echo ".env file for setup_realm.js has been created in: ${KEYCLOAK_SCRIPTS_DIR}/.env"
- echo ""
- echo "To view credentials, use:"
- echo "gpg -d ${CREDENTIALS_DIR}/credentials_${SETUP_DATE}.txt.gpg"
- echo ">>> Nextcloud Konfiguration..."
- # Verify if variable is set from earlier in the script
- echo ">>> Debug: Checking original variable..."
- echo ">>> Debug: KEYCLOAK_NEXTCLOUD_CLIENT_SECRET = ${KEYCLOAK_NEXTCLOUD_CLIENT_SECRET}"
- # Try reading from .env file if variable is empty
- if [ -z "${KEYCLOAK_NEXTCLOUD_CLIENT_SECRET}" ]; then
- echo ">>> Debug: Variable is empty, trying to read from .env file..."
- KEYCLOAK_NEXTCLOUD_CLIENT_SECRET=$(grep KEYCLOAK_NEXTCLOUD_CLIENT_SECRET "${KEYCLOAK_SCRIPTS_DIR}/.env" | cut -d '=' -f2)
- echo ">>> Debug: Value from .env file = ${KEYCLOAK_NEXTCLOUD_CLIENT_SECRET}"
- fi
- # Ensure we have a value
- if [ -z "${KEYCLOAK_NEXTCLOUD_CLIENT_SECRET}" ]; then
- echo ">>> Error: Could not get client secret value"
- exit 1
- fi
- # Escape special characters in the secret for JSON
- ESCAPED_SECRET=$(echo "$KEYCLOAK_NEXTCLOUD_CLIENT_SECRET" | sed 's/["\]/\\&/g')
- echo ">>> Debug: Escaped secret = $ESCAPED_SECRET"
- # Create the extra vars
- EXTRA_VARS="{\"client_secret\": \"$ESCAPED_SECRET\"}"
- echo ">>> Debug: Extra vars = $EXTRA_VARS"
- # Run Ansible with the extra vars
- sudo ansible-playbook \
- -i "$ANSIBLE_INVENTORY" \
- "$ANSIBLE_PLAYBOOK" \
- --extra-vars "$EXTRA_VARS" \
- -v
- echo ">>> Fertig"
|
