#!/bin/bash ## ## BitDeals Module configuration helper script for Docker Container. ## It writes an Environment variables to the daemon config files. ## And can generate a Bitcoing and PGP key filies at first start. ## ## Web app requires the dmHost address should be accessable from your browser DM_FORWEB=${DM_FORWEB:-https://127.0.0.1} DM_WEBAUTH=${DM_WEBAUTH:-0} DM_TESTNET=${DM_TESTNET:-0} ## Daemon config files CONF_FILES=$(find /etc/dm/ -type f -name "*.conf" -not -name "default.conf") BITDEALS_PGP_FILE="/etc/dm/bitdeals.asc" BITDEALS_TEST_PGP_FILE="/etc/dm/bitdeals-testnet.asc" PGP_SEC_FILE="$UHOME/pgp-key.sec" BX_CONF_FILE="/usr/local/etc/libbitcoin/bx.cfg" WEB_CONF_FILE="/var/www/web/config.js" WEB_CONF_SITES="/etc/dm/sites/default.json" WEB_CONF_OAUTH="/etc/dm/oauth2/default.json" WEB_CERT="$UHOME/ssl-fullchain.pem" WEB_KEY="$UHOME/ssl-privkey.pem" WEB_DH="/etc/ssl/dhparam.pem" BITCOIN_KEYS_BACKUP="$UHOME/bitcoin.backup_and_remove" #variable for tput color output export TERM=xterm ## Write a default variables to dm config sed -i -e "/\[main\]/,/\[/ s/.*user=.*/user=$UNAME/" \ -e "/\[main\]/,/\[/ s/.*group=.*/group=$UNAME/" \ -e "/\[daemon\]/,/\[/ s/.*daemon=.*/daemon=false/" \ -e "/\[server\]/,/\[/ s/.*listen=.*/listen=0.0.0.0/" \ -e "/\[server\]/,/\[/ s/.*port=.*/port=4999/" $CONF_FILES ## Change dm Website config sed -i "s|dmHost:.*|dmHost: \"$DM_FORWEB\",|" $WEB_CONF_FILE if [ "$DM_WEBAUTH" = 1 -o "$DM_WEBAUTH" = true ]; then sed -i 's/confAuthorize:.*/confAuthorize: true,/' $WEB_CONF_FILE else sed -i 's/confAuthorize:.*/confAuthorize: false,/' $WEB_CONF_FILE fi if [ "$DM_LC_ALL" = "ru_RU.UTF-8" ]; then sed -i 's/defaultLanguage:.*/defaultLanguage: "ru",/' $WEB_CONF_FILE else sed -i 's/defaultLanguage:.*/defaultLanguage: "en",/' $WEB_CONF_FILE fi [ "$DM_LC_ALL" ] && \ export LC_ALL="$DM_LC_ALL" ## Add DM_FORWEB to dm oauth config cat $WEB_CONF_OAUTH | \ jq --arg host "$DM_FORWEB" '.web | .redirect_uris=[$host+"/oauth2/code",$host+"/oauth2/callback"]' | \ sponge $WEB_CONF_OAUTH cat $WEB_CONF_SITES | \ jq --arg host "$(basename $DM_FORWEB)" '.hosts = [$host]' | \ sponge $WEB_CONF_SITES ## Write the PGP keys locations to dm config sed -i "/\[pgp\]/,/\[/ s%^private=.*%private=$PGP_SEC_FILE%" $CONF_FILES if [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ]; then sed -i "/\[pgp\]/,/\[/ s%^public=.*%public=$BITDEALS_TEST_PGP_FILE%" $CONF_FILES else sed -i "/\[pgp\]/,/\[/ s%^public=.*%public=$BITDEALS_PGP_FILE%" $CONF_FILES fi ## Write a user variables to the daemon config files. if [ "$DM_BITCOIN" ]; then sed -i "/\[module\]/,/\[/ s/^address=.*/address=$DM_BITCOIN/" $CONF_FILES fi if [ "$DM_FEE" ]; then sed -i "/\[module\]/,/\[/ s/^#\?fee=.*/fee=$DM_FEE/" $CONF_FILES fi if [ "$DM_PGP_PASSWORD" ] ; then #escaping the '/' in password line for use it in `sed` DM_PGP_PASSWORD="$(echo $DM_PGP_PASSWORD | sed 's/\//\\\//g')" sed -i "/\[pgp\]/,/\[/ s/^passphrase=.*/passphrase=$DM_PGP_PASSWORD/" $CONF_FILES fi if [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ]; then sed -i "/\[main\]/,/\[/ s/.*testnet=.*/testnet=true/" $CONF_FILES else sed -i "/\[main\]/,/\[/ s/.*testnet=.*/testnet=false/" $CONF_FILES fi ## Write PGP key variables to files if [ "$DM_BITDEALS_PGP" ]; then echo "$BITDEALS_PGP" > "$BITDEALS_PGP_FILE" fi if [ "$DM_BITDEALS_TEST_PGP" ]; then echo "$BITDEALS_TEST_PGP" > "$BITDEALS_TEST_PGP_FILE" fi if [ "$DM_PGP_SEC" ]; then echo "$DM_PGP_SEC" > "$PGP_SEC_FILE" fi ## Create user PGP key if the file is empty if [ ! -f "$PGP_SEC_FILE" ] then [ "$DM_ACCOUNT_URL" ] || \ { echo -en "\nGenerating new PGP key...\nPlease enter your site URL like https://example.com : " ; \ read DM_ACCOUNT_URL ;} #GNUPGHOME="$(mktemp -d)" ;# works for gpg2 gpg --faked-system-time $(TZ=UTC date --date=$(date +'%Y-%m-%d') +%s) \ --pinentry-mode loopback --passphrase "$DM_PGP_PASSWORD" \ --openpgp --batch --gen-key 2>/dev/null <<-EOF Key-Type: RSA Key-Usage: cert,sign Key-Length: 1024 Subkey-Type: RSA Subkey-Usage: encr Subkey-Length: 1024 Name-Real: Account_URL Name-Comment: ${DM_ACCOUNT_URL:-https://example-$RANDOM$RANDOM.com} Expire-Date: 0 EOF tput setaf 2 cat <<-EOF $(gpg -k --keyid-format long 2>/dev/null | tail -n5) $(gpg --armor --export-secret-keys --passphrase "$DM_PGP_PASSWORD" | tee "$PGP_SEC_FILE") EOF tput sgr0 gpgconf --kill all else echo -e "NOTE: Your PGP key location: $PGP_SEC_FILE" fi ## Change PGP keyfile owner if [ -f "$PGP_SEC_FILE" ]; then chown $UNAME:$UNAME "$PGP_SEC_FILE" chmod 600 "$PGP_SEC_FILE" fi ## Setup testnet settings in libbitcoin-explorer config for new user bitcoin address generation [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ] && \ sed -i -e "/\[wallet\]/,/\[/ s/wif_version? =.*/wif_version = 239/" \ -e "/\[wallet\]/,/\[/ s/hd_public_version =.*/hd_public_version = 70617039/" \ -e "/\[wallet\]/,/\[/ s/hd_secret_version =.*/hd_secret_version = 70615956/" \ -e "/\[wallet\]/,/\[/ s/pay_to_public_key_hash_version =.*/pay_to_public_key_hash_version = 111/" \ -e "/\[wallet\]/,/\[/ s/pay_to_script_hash_version =.*/pay_to_script_hash_version = 196/" \ -e "/\[network\]/,/\[/ s/identifier =.*/identifier = 118034699/" \ -e "/seed = mainnet[0-9].libbitcoin.net:8333/ s/^/#/" \ -e "/url = tcp:\/\/mainnet.libbitcoin.net:9091/ s/^/#/" \ -e "/block_url = tcp:\/\/mainnet.libbitcoin.net:9093/ s/^/#/" \ -e "/transaction_url = tcp:\/\/mainnet.libbitcoin.net:9094/ s/^/#/" \ -e "/#seed = testnet[0-9].libbitcoin.net:18333/ s/^#//" \ -e "/#url = tcp:\/\/testnet.libbitcoin.net:19091/ s/^#//" \ -e "/#block_url = tcp:\/\/testnet.libbitcoin.net:19093/ s/^#//" \ -e "/#transaction_url = tcp:\/\/testnet.libbitcoin.net:19094/ s/^#//" "$BX_CONF_FILE" ## Create new Bitcoin keys. If user address (_DM_BITCOIN var) is empty. _DM_BITCOIN="$(sed -n '/^[ \t]*\[module\]/,/\[/s/^[ \t]*address[ \t]*=[ \t]*//p' $CONF_FILES)" B=$(tput bold ; tput setaf 1) N=$(tput sgr0) if [ -z "$_DM_BITCOIN" ] then ## Generate bitcoin keys PRIVKEY="$(cat /dev/random | tr -cd "[:digit:]" | head -c 64)" PUBKEY="$(bx ec-to-public $PRIVKEY)" BITCOIN="$(bx ec-to-address $PUBKEY)" PRIVKEYWIF="$(bx ec-to-wif $PRIVKEY)" ## Write the bitcoin address to the daemon config sed -i "/\[module\]/,/\[/ s/^address=.*/address=$BITCOIN/" $CONF_FILES ## Show bitcoin key tee -a $BITCOIN_KEYS_BACKUP <<-EOF ${B}Please backup this BITCOIN KEY:${N} Private key (WIF form): $PRIVKEYWIF Public key: $PUBKEY Bitcoin address: $BITCOIN EOF chmod 600 $BITCOIN_KEYS_BACKUP else test -f $BITCOIN_KEYS_BACKUP \ && echo -e "NOTE: Your Bitcoin key saved to $(dirname $BITCOIN_KEYS_BACKUP)/${B}$(basename $BITCOIN_KEYS_BACKUP)${N}"\ || echo -e "NOTE: Your Bitcoin address: $_DM_BITCOIN" fi ## Generate self-signed certificate if ! [ -f $WEB_KEY -a -f $WEB_CERT ]; then openssl req -x509 -nodes -days 365 -newkey rsa:2048 -batch \ -keyout $WEB_KEY \ -out $WEB_CERT fi if ! [ -f $WEB_DH ]; then echo "Generating DH parameters, 1024 bit long safe prime" openssl dhparam -out $WEB_DH 1024 2>/dev/null fi ## Run the daemon /etc/init.d/nginx start exec /usr/sbin/dm -p /etc/dm -c /etc/dm/dm.conf $@