private/apostol-dm
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Docker fix: add ensubst

Browse Source
This commit is contained in:
status404
2024-02-20 13:09:09 +03:00
parent 68ce2f1358
commit 7eaeb727c3
11 changed files with 443 additions and 286 deletions
Download Patch File Download Diff File Expand all files Collapse all files

194
docker/run.sh Executable file
View File

@@ -0,0 +1,194 @@
#!/bin/bash
##
## BitDeals Module configuration helper script for Docker Container.
## It writes an Environment variables to the daemon config files.
## And can generate a Bitcoin and PGP key filies at first start.
##
DM_LC_ALL=${DM_LC_ALL:-"en_US.UTF-8"}
DM_TZ=${DM_TZ:-"Etc/UTC"}
export DM_FORWEB=${DM_FORWEB:-127.0.0.1}
export DM_TESTNET=${DM_TESTNET:-false}
export DM_WEB_LANG=${DM_WEB_LANG:-en}
export YEAR=$(date '+%Y')
## Variable for tput color output
export TERM=xterm
set_locale()
{
## Setup locale
if [ "$DM_LC_ALL" ]; then
update-locale LC_ALL="$DM_LC_ALL" LANG="$DM_LC_ALL"
fi
## Setup Timezone
if [ "$DM_TZ" ]; then
echo $DM_TZ > /etc/timezone
ln -snf /usr/share/zoneinfo/$DM_TZ /etc/localtime
dpkg-reconfigure -f noninteractive tzdata
fi
}
init_config()
{
BITCOIN_KEYS_BACKUP="$UHOME/bitcoin.backup_and_remove"
NPROC="$(nproc)"
export WORKERS="${WORKERS:-$NPROC}"
export PGP_SEC_FILE="$UHOME/pgp-key.sec"
if [ "$DM_TESTNET" = false ]
then
export DM_OAUTH_WEB_SECRET="${DM_OAUTH_WEB_SECRET:-vTcvnpHbTmxxGP8AfRTHETXG}"
export DM_OAUTH_MODULE_SECRET="${DM_OAUTH_MODULE_SECRET:-6DbqdnrJEDeSmaBMuZZde9ec}"
export BITDEALS_PGP_FILE="/etc/dm/bitdeals.asc"
export BITDEALS_SERVER=mainnet.bitdeals.org
export BX_CONFIG="--config /usr/local/etc/libbitcoin/bx.cfg"
else
export DM_OAUTH_WEB_SECRET="${DM_OAUTH_WEB_SECRET:-4aJEJi3dsSypeUSRCah4gIIs}"
export DM_OAUTH_MODULE_SECRET="${DM_OAUTH_MODULE_SECRET:-TypQHP4TK44khO3cvOyuHYg3}"
export BITDEALS_PGP_FILE="/etc/dm/bitdeals-testnet.asc"
export BITDEALS_SERVER=testnet.bitdeals.org
export BX_CONFIG="--config /usr/local/etc/libbitcoin/bx-testnet.cfg"
fi
# User PGP secret key
if [ "$DM_PGP_SEC" ]; then
echo "$DM_PGP_SEC" > "$PGP_SEC_FILE"
fi
# BitDeals PGP public key
if [ "$DM_BITDEALS_PGP" ]; then
echo "$DM_BITDEALS_PGP" > "$BITDEALS_PGP_FILE"
fi
if [ "$DM_BITDEALS_PGP_FINGERPRINT" ]; then
for i in {1..3}; do gpg --keyserver keyserver.ubuntu.com --recv-keys "$BITDEALS_KEY_FINGERPRINT" && break; done && \
gpg --armor --export "$BITDEALS_KEY_FINGERPRINT" > "$BITDEALS_PGP_FILE"
gpgconf --kill all
fi
# Create log directory
install --directory --mode=755 --owner=$UNAME --group=$UNAME /var/log/dm
envsubst < /opt/dm.conf > /etc/dm/dm.conf
envsubst < /opt/conf/bitcoin.conf > /etc/dm/conf/bitcoin.conf
envsubst < /opt/oauth2/default.json > /etc/dm/oauth2/default.json
envsubst < /opt/oauth2/service.json > /etc/dm/oauth2/service.json
envsubst < /opt/sites/default.json > /etc/dm/sites/default.json
envsubst < /opt/web-config.js > /var/www/web/config.js
}
generate_pgp_key()
{
## Create user PGP key if the file is empty
if [ ! -f "$PGP_SEC_FILE" ]
then
if [ ! "$DM_ACCOUNT_URL" ]
then
echo -en "Generating new PGP key...\nPlease enter your site URL like https://example.com : "
read DM_ACCOUNT_URL \
|| { echo -en "\n" ; DM_ACCOUNT_URL="https://example-$RANDOM$RANDOM.com" ;}
fi
#GNUPGHOME="$(mktemp -d)" ; ## Works for gpg2
gpg --faked-system-time $(TZ=UTC date --date=$(date +'%Y-%m-%d') +%s) \
--pinentry-mode loopback --passphrase "$DM_PGP_PASSWORD" \
--openpgp --batch --gen-key 2>/dev/null <<-EOF
Key-Type: RSA
Key-Usage: cert,sign
Key-Length: 1024
Subkey-Type: RSA
Subkey-Usage: encr
Subkey-Length: 1024
Name-Real: Account_URL
Name-Comment: $DM_ACCOUNT_URL
Expire-Date: 0
EOF
tput setaf 2
cat <<-EOF
$(gpg -k --keyid-format long 2>/dev/null | tail -n5)
$(echo ; gpg --armor --export-secret-keys --passphrase "$DM_PGP_PASSWORD" | tee "$PGP_SEC_FILE")
EOF
tput sgr0
gpgconf --kill all
else
echo -e "NOTE: Your PGP key location: $PGP_SEC_FILE"
fi
## Change PGP keyfile owner
if [ -f "$PGP_SEC_FILE" ]; then
chown $UNAME:$UNAME "$PGP_SEC_FILE"
chmod 600 "$PGP_SEC_FILE"
fi
}
generate_btc_key()
{
## Create new Bitcoin keys. If user address (_DM_BITCOIN var) is empty.
_DM_BITCOIN="$(sed -n '/^[ \t]*\[module\]/,/\[/s/^[ \t]*address[ \t]*=[ \t]*//p' /etc/dm/dm.conf)"
B=$(tput bold ; tput setaf 1)
N=$(tput sgr0)
if [ -z "$_DM_BITCOIN" ]
then
## Generate bitcoin key pair
PRIVKEY="$(cat /dev/random | tr -cd "[:digit:]" | head -c 64)"
PUBKEY="$(/usr/local/bin/bx ec-to-public $PRIVKEY $BX_CONFIG)"
BITCOIN="$(/usr/local/bin/bx ec-to-address $PUBKEY $BX_CONFIG)"
PRIVKEYWIF="$(/usr/local/bin/bx ec-to-wif $PRIVKEY $BX_CONFIG)"
## Write the bitcoin address to the daemon config
sed -i "/\[module\]/,/\[/ s/^#*address=.*/address=$BITCOIN/" /etc/dm/dm.conf
## Show bitcoin key
tee -a $BITCOIN_KEYS_BACKUP <<-EOF
${B}Please backup this BITCOIN KEY:${N}
Private key (WIF form): $PRIVKEYWIF
Public key: $PUBKEY
Bitcoin address: $BITCOIN
EOF
chmod 600 $BITCOIN_KEYS_BACKUP
else
test -f $BITCOIN_KEYS_BACKUP \
&& echo -e "NOTE: Your Bitcoin key saved to $(dirname $BITCOIN_KEYS_BACKUP)/${B}$(basename $BITCOIN_KEYS_BACKUP)${N}"\
|| echo -e "NOTE: Your Bitcoin address: $_DM_BITCOIN\n"
fi
}
generate_ssl_key()
{
WEB_CERT="$UHOME/ssl-fullchain.pem"
WEB_KEY="$UHOME/ssl-privkey.pem"
WEB_DH="/etc/ssl/dhparam.pem"
## Generate self-signed certificate
if ! [ -f $WEB_KEY -a -f $WEB_CERT ]; then
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -batch \
-keyout $WEB_KEY \
-out $WEB_CERT
fi
if ! [ -f $WEB_DH ]; then
echo "Generating DH parameters, 1024 bit long safe prime"
openssl dhparam -out $WEB_DH 1024 2>/dev/null
fi
}
set_locale
init_config
generate_pgp_key
generate_btc_key
generate_ssl_key
## Run the daemon
/etc/init.d/nginx start
exec /usr/sbin/dm -p /etc/dm -c /etc/dm/dm.conf $@