From 5f5569a0c7e3f078a4ecb656d8c317e097784b41 Mon Sep 17 00:00:00 2001
From: Oscar Krause <oscar.krause@collinwebdesigns.de>
Date: Wed, 4 Jan 2023 11:02:54 +0100
Subject: [PATCH] improved debian installation

---
 .DEBIAN/env.default         | 27 ++++++++++++
 .DEBIAN/fastapi-dls.service | 25 +++++++++++
 .DEBIAN/postinst            | 87 +++++--------------------------------
 .gitlab-ci.yml              |  6 ++-
 4 files changed, 69 insertions(+), 76 deletions(-)
 create mode 100644 .DEBIAN/env.default
 create mode 100644 .DEBIAN/fastapi-dls.service

diff --git a/.DEBIAN/env.default b/.DEBIAN/env.default
new file mode 100644
index 0000000..835f29e
--- /dev/null
+++ b/.DEBIAN/env.default
@@ -0,0 +1,27 @@
+# Toggle debug mode
+#DEBUG=false
+
+# Where the client can find the DLS server
+DLS_URL=127.0.0.1
+DLS_PORT=443
+
+# CORS configuration
+## comma separated list without spaces
+#CORS_ORIGINS="https://$DLS_URL:$DLS_PORT"
+
+# Lease expiration in days
+LEASE_EXPIRE_DAYS=90
+LEASE_RENEWAL_PERIOD=0.2
+
+# Database location
+## https://docs.sqlalchemy.org/en/14/core/engines.html
+DATABASE=sqlite:////etc/fastapi-dls/db.sqlite
+
+# UUIDs for identifying the instance
+#SITE_KEY_XID="00000000-0000-0000-0000-000000000000"
+#INSTANCE_REF="10000000-0000-0000-0000-000000000001"
+#ALLOTMENT_REF="20000000-0000-0000-0000-000000000001"
+
+# Site-wide signing keys
+INSTANCE_KEY_RSA=/etc/fastapi-dls/instance.private.pem
+INSTANCE_KEY_PUB=/etc/fastapi-dls/instance.public.pem
diff --git a/.DEBIAN/fastapi-dls.service b/.DEBIAN/fastapi-dls.service
new file mode 100644
index 0000000..368d494
--- /dev/null
+++ b/.DEBIAN/fastapi-dls.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=Service for fastapi-dls
+Documentation=https://git.collinwebdesigns.de/oscar.krause/fastapi-dls
+After=network.target
+
+[Service]
+User=www-data
+Group=www-data
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+WorkingDirectory=/usr/share/fastapi-dls/app
+EnvironmentFile=/etc/fastapi-dls/env
+ExecStart=uvicorn main:app \
+  --env-file /etc/fastapi-dls/env \
+  --host $DLS_URL --port $DLS_PORT \
+  --app-dir /usr/share/fastapi-dls/app \
+  --ssl-keyfile /etc/fastapi-dls/webserver.key \
+  --ssl-certfile /etc/fastapi-dls/webserver.crt \
+  --proxy-headers
+Restart=always
+KillSignal=SIGQUIT
+Type=simple
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target
diff --git a/.DEBIAN/postinst b/.DEBIAN/postinst
index d4ceee0..5624d34 100644
--- a/.DEBIAN/postinst
+++ b/.DEBIAN/postinst
@@ -3,89 +3,26 @@
 WORKING_DIR=/usr/share/fastapi-dls
 CONFIG_DIR=/etc/fastapi-dls
 
-echo "> Create config directory ..."
-mkdir -p $CONFIG_DIR
-
-# normally we would define services in `conffiles` and as separate file, but we like to keep thinks simple.
-echo "> Install service ..."
-cat <<EOF >/etc/systemd/system/fastapi-dls.service
-[Unit]
-Description=Service for fastapi-dls
-Documentation=https://git.collinwebdesigns.de/oscar.krause/fastapi-dls
-After=network.target
-
-[Service]
-User=www-data
-Group=www-data
-AmbientCapabilities=CAP_NET_BIND_SERVICE
-WorkingDirectory=$WORKING_DIR/app
-EnvironmentFile=$CONFIG_DIR/env
-ExecStart=uvicorn main:app \\
-  --env-file /etc/fastapi-dls/env \\
-  --host \$DLS_URL --port \$DLS_PORT \\
-  --app-dir $WORKING_DIR/app \\
-  --ssl-keyfile /etc/fastapi-dls/webserver.key \\
-  --ssl-certfile /etc/fastapi-dls/webserver.crt \\
-  --proxy-headers
-Restart=always
-KillSignal=SIGQUIT
-Type=simple
-NotifyAccess=all
-
-[Install]
-WantedBy=multi-user.target
-
-EOF
-
-systemctl daemon-reload
-
-# normally we would define configfiles in `conffiles` and as separate file, but we like to keep thinks simple.
-if [[ ! -f $CONFIG_DIR/env ]]; then
-  echo "> Writing initial config ..."
-  touch $CONFIG_DIR/env
-  cat <<EOF >$CONFIG_DIR/env
-# Toggle debug mode
-#DEBUG=false
-
-# Where the client can find the DLS server
-DLS_URL=127.0.0.1
-DLS_PORT=443
-
-# CORS configuration
-## comma separated list without spaces
-#CORS_ORIGINS="https://$DLS_URL:$DLS_PORT"
-
-# Lease expiration in days
-LEASE_EXPIRE_DAYS=90
-
-# Database location
-## https://docs.sqlalchemy.org/en/14/core/engines.html
-DATABASE=sqlite:///$CONFIG_DIR/db.sqlite
-
-# UUIDs for identifying the instance
-#SITE_KEY_XID="00000000-0000-0000-0000-000000000000"
-#INSTANCE_REF="00000000-0000-0000-0000-000000000000"
-
-# Site-wide signing keys
-INSTANCE_KEY_RSA=$CONFIG_DIR/instance.private.pem
-INSTANCE_KEY_PUB=$CONFIG_DIR/instance.public.pem
-
-EOF
+if [[ ! -f $CONFIG_DIR/instance.private.pem ]]; then
+  echo "> Create dls-instance keypair ..."
+  openssl genrsa -out $CONFIG_DIR/instance.private.pem 2048
+  openssl rsa -in $CONFIG_DIR/instance.private.pem -outform PEM -pubout -out $CONFIG_DIR/instance.public.pem
+else
+  echo "> Create dls-instance keypair skipped! (exists)"
 fi
 
-echo "> Create dls-instance keypair ..."
-openssl genrsa -out $CONFIG_DIR/instance.private.pem 2048
-openssl rsa -in $CONFIG_DIR/instance.private.pem -outform PEM -pubout -out $CONFIG_DIR/instance.public.pem
-
 while true; do
-  read -p "> Do you wish to create self-signed webserver certificate? [Y/n]" yn
-  yn=${yn:-y} # ${parameter:-word} If parameter is unset or null, the expansion of word is substituted. Otherwise, the value of parameter is substituted.
+  [[ -f $CONFIG_DIR/webserver.key ]] && default_answer="N" || default_answer="Y"
+  [[ $default_answer == "Y" ]] && V="Y/n" || V="y/N"
+  read -p "> Do you wish to create self-signed webserver certificate? [${V}]" yn
+  yn=${yn:-$default_answer} # ${parameter:-word} If parameter is unset or null, the expansion of word is substituted. Otherwise, the value of parameter is substituted.
   case $yn in
   [Yy]*)
+    echo "> Generating keypair ..."
     openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $CONFIG_DIR/webserver.key -out $CONFIG_DIR/webserver.crt
     break
     ;;
-  [Nn]*) break ;;
+  [Nn]*) echo "> Generating keypair skipped! (exists)"; break ;;
   *) echo "Please answer [y] or [n]." ;;
   esac
 done
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6f0e7a8..95b343a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -46,7 +46,10 @@ build:apt:
     - cp README.md version.env build/usr/share/fastapi-dls
     # create conf file
     - mkdir -p build/etc/fastapi-dls
-    - touch build/etc/fastapi-dls/env
+    - cp .DEBIAN/env.default build/etc/fastapi-dls/env
+    # create service file
+    - mkdir -p build/etc/systemd/system
+    - cp .DEBIAN/fastapi-dls.service build/etc/systemd/system
     # cd into "build/"
     - cd build/
   script:
@@ -142,6 +145,7 @@ test:
       --proxy-headers &
     - FASTAPI_DLS_PID=$!
     - echo "Started service with pid $FASTAPI_DLS_PID"
+    - cat /etc/fastapi-dls/env
     # testing service
     - if [ "`curl --insecure -s https://127.0.0.1/-/health | jq .status`" != "up" ]; then echo "Success"; else "Error"; fi
     # cleanup