2023-12-11 20:14:08 +00:00
#!/hint/bash -euE
# Copyright (C) 2023 Umorpha Systems
# SPDX-License-Identifier: AGPL-3.0-or-later
load_module " $( dirname -- " ${ BASH_SOURCE [0] } " ) /base-uwsgi.sh "
load_module " $( dirname -- " ${ BASH_SOURCE [0] } " ) /base-nginx.sh "
2023-12-14 06:04:24 +00:00
load_module " $( dirname -- " ${ BASH_SOURCE [0] } " ) /base-mariadb.sh "
2023-12-11 20:14:08 +00:00
packages += (
uwsgi-plugin-php
)
post_install += ( 20:bookstack:post_install)
bookstack:post_install( ) {
local arg_mountpoint = $1
install -Dm644 /dev/stdin " $arg_mountpoint /etc/nginx/sites/bookstack.conf " <<-'EOF'
# -*- mode: nginx; nginx-indent-level: 4; intent-tabs-mode: nil -*-
server {
server_name bookstack.mothstuff.lol;
include /etc/nginx/snippets/listen.conf;
root /usr/share/webapps/bookstack/public;
index index.php index.html;
2023-12-14 10:05:09 +00:00
location / {
try_files $uri $uri / /index.php?$query_string ;
}
2023-12-11 20:14:08 +00:00
location /index.php {
uwsgi_cache_key $host $request_uri ;
uwsgi_cache_valid 5m;
include uwsgi_params;
uwsgi_modifier1 14; # Standard PHP request
uwsgi_pass unix:/run/uwsgi/bookstack.sock;
}
}
EOF
2023-12-15 07:08:13 +00:00
install -Dm755 /dev/stdin " $arg_mountpoint /etc/webapps/bookstack/config.env.gen " <<-'EOF'
2023-12-11 20:14:08 +00:00
#!/usr/bin/env bash
cat <<CFGEOF
APP_KEY = $( cat /etc/umorpha-secrets/bookstack-app-key.txt)
APP_URL = https://bookstack.mothstuff.lol
DB_HOST = localhost
DB_DATABASE = bookstack
DB_USERNAME = bookstack
MAIL_DRIVER = smtp
MAIL_HOST = mail.infomaniak.com
MAIL_PORT = 465
MAIL_ENCRYPTION = tls
MAIL_USERNAME = $( cat /etc/umorpha-secrets/bookstack-infomaniak-mailaddr.txt)
MAIL_PASSWORD = $( cat /etc/umorpha-secrets/bookstack-infomaniak-mailpassword.txt)
MAIL_FROM = $( cat /etc/umorpha-secrets/bookstack-infomaniak-mailaddr.txt)
MAIL_FROM_NAME = "Umorpha BookStack"
AUTH_METHOD = oidc
2023-12-15 07:08:13 +00:00
AUTH_AUTO_INITIATE = false
APP_THEME = umorpha
2023-12-11 20:14:08 +00:00
OIDC_NAME = Infomaniak
OIDC_DISPLAY_NAME_CLAIMS = name
OIDC_CLIENT_ID = $( cat /etc/umorpha-secrets/bookstack-infomaniak-clientid.txt)
OIDC_CLIENT_SECRET = $( cat /etc/umorpha-secrets/bookstack-infomaniak-clientsecret.txt)
OIDC_ISSUER = https://login.infomaniak.com
OIDC_ISSUER_DISCOVER = true
CFGEOF
EOF
2023-12-15 07:08:13 +00:00
# BookStack and Infomaniak disagree about whether the claims implied by the 'profile'
# scope-value should be in the access token or the ID token (and my reading of the spec is
# that the correct answer is *neither*; you should use the access token to get those claims
# from the userinfo endpoint).
install -Dm644 /dev/stdin " $arg_mountpoint /usr/share/webapps/bookstack/themes/umorpha/functions.php " <<-'EOF'
<?php
use BookStack\F acades\T heme;
use BookStack\T heming\T hemeEvents;
use League\O Auth2\C lient\T oken\A ccessToken;
Theme::listen( ThemeEvents::OIDC_ID_TOKEN_PRE_VALIDATE, function ( array $idTokenData , array $accessTokenData ) {
return ( new AccessToken( $accessTokenData ) ) ->getValues( ) ;
} ) ;
EOF
2023-12-11 20:14:08 +00:00
install -Dm644 /dev/stdin " $arg_mountpoint /etc/systemd/system/bookstack-init.service " <<-'EOF'
[ Unit]
Description = Initialize BookStack configuration
Before = uwsgi@bookstack.service
2023-12-14 08:07:09 +00:00
Requires = mariadb.service
After = mariadb.service
2023-12-11 20:14:08 +00:00
ConditionPathExists = /etc/umorpha-secrets/bookstack-app-key.txt
ConditionPathExists = /etc/umorpha-secrets/bookstack-infomaniak-mailaddr.txt
ConditionPathExists = /etc/umorpha-secrets/bookstack-infomaniak-mailpassword.txt
ConditionPathExists = /etc/umorpha-secrets/bookstack-infomaniak-clientid.txt
ConditionPathExists = /etc/umorpha-secrets/bookstack-infomaniak-clientsecret.txt
[ Service]
Type = oneshot
2023-12-14 10:05:09 +00:00
ExecStart = /etc/systemd/system/bookstack-init
EOF
2023-12-15 07:08:13 +00:00
local phpset = (
extension = pdo_mysql.so
extension = iconv.so
extension = gd.so
)
install -Dm755 /dev/stdin " $arg_mountpoint /etc/systemd/system/bookstack-init " <<-EOF
2023-12-14 10:05:09 +00:00
#!/bin/sh
2023-12-15 07:08:13 +00:00
set -x
sudo -u bookstack sh -c "umask 0077; /etc/webapps/bookstack/config.env.gen >/etc/webapps/bookstack/config.env"
2023-12-14 10:05:09 +00:00
if ! [ -e /var/lib/mysql/bookstack/db.opt ] ; then
sudo -u mysql mariadb --execute= "CREATE DATABASE bookstack; CREATE USER 'bookstack'@'localhost'; GRANT ALL ON bookstack.* TO 'bookstack'@'localhost'; FLUSH PRIVILEGES;"
fi
2023-12-15 07:08:13 +00:00
sudo -u bookstack sh -c " cd /usr/share/webapps/bookstack && php ${ phpset [*]/#/-d } ./artisan migrate --no-interaction --force "
2023-12-11 20:14:08 +00:00
EOF
mkdir -p -- " $arg_mountpoint /etc/systemd/system/uwsgi@bookstack.service.wants "
ln -s "../bookstack-init.service" " $arg_mountpoint /etc/systemd/system/uwsgi@bookstack.service.wants "
2023-12-15 07:08:13 +00:00
install -Dm644 /dev/stdin " $arg_mountpoint /etc/uwsgi/bookstack.ini " <<-EOF
2023-12-11 20:14:08 +00:00
[ uwsgi]
master = true
processes = 4
uid = %n
gid = http
plugins = php
2023-12-15 07:08:13 +00:00
${ phpset [*]/#/ $'\nphp-set = ' }
2023-12-11 20:14:08 +00:00
EOF
systemctl --root= " $arg_mountpoint " enable uwsgi@bookstack.socket
}
