From db907aaf50ac266cb8e9c9c02f8bdebb8d9167bb Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Fri, 30 Jul 2021 13:07:28 +0200 Subject: debian: anastasis has its own config --- contrib/gana | 2 +- debian/anastasis-httpd.install | 1 - debian/anastasis-httpd.postinst | 31 +--------------------- debian/conf/apache.conf | 11 -------- debian/conf/nginx.conf | 8 ------ debian/db/install/pgsql | 19 +++++++------ debian/etc/anastasis/anastasis.conf | 4 +++ .../etc/anastasis/secrets/anastasis-db.secret.conf | 3 +++ debian/etc/apache2/sites-available/anastasis.conf | 11 ++++++++ debian/etc/nginx/sites-available/anastasis | 8 ++++++ debian/etc/taler/conf.d/anastasis.conf | 2 -- 11 files changed, 39 insertions(+), 61 deletions(-) delete mode 100644 debian/conf/apache.conf delete mode 100644 debian/conf/nginx.conf create mode 100644 debian/etc/anastasis/anastasis.conf create mode 100644 debian/etc/anastasis/secrets/anastasis-db.secret.conf create mode 100644 debian/etc/apache2/sites-available/anastasis.conf create mode 100644 debian/etc/nginx/sites-available/anastasis delete mode 100644 debian/etc/taler/conf.d/anastasis.conf diff --git a/contrib/gana b/contrib/gana index 0f1eb85..65b3235 160000 --- a/contrib/gana +++ b/contrib/gana @@ -1 +1 @@ -Subproject commit 0f1eb8555b89056fe62e093211e53a1f9ba85d56 +Subproject commit 65b32359b300f5369eff62fceb5001e609c2f339 diff --git a/debian/anastasis-httpd.install b/debian/anastasis-httpd.install index a97180b..b0f9700 100644 --- a/debian/anastasis-httpd.install +++ b/debian/anastasis-httpd.install @@ -9,5 +9,4 @@ usr/share/anastasis/* usr/share/anastasis/sql/* usr/share/anastasis/config.d/* debian/etc/* /etc/ -debian/conf/* etc/anastasis/ debian/db/install/* usr/share/dbconfig-common/scripts/anastasis/install/ diff --git a/debian/anastasis-httpd.postinst b/debian/anastasis-httpd.postinst index 77acf49..fcf9062 100644 --- a/debian/anastasis-httpd.postinst +++ b/debian/anastasis-httpd.postinst @@ -2,6 +2,7 @@ set -e +TALER_HOME="/var/lib/taler/" _USERNAME=anastasis-httpd _GROUPNAME=www-data @@ -10,39 +11,12 @@ _GROUPNAME=www-data dbc_dbfile_owner="${_USERNAME}:${_GROUPNAME}" dbc_dbfile_perms="0600" -# 1st argument will be the SECURITYTOKEN to use. -apache_install() { - echo -n "Starting Apache setup..." - mkdir -p /etc/apache2/conf-available - if [ ! -f /etc/apache2/conf-available/anastasis.conf ]; then - echo -n "..." - cat /etc/anastasis/apache.conf | sed -e "s/%SECURITYTOKEN%/$1/" >/etc/apache2/conf-available/anastasis.conf - fi - echo "Done" -} - -# 1st argument will be the SECURITYTOKEN to use. -nginx_install() { - echo -n "Starting Nginx setup..." - mkdir -p /etc/nginx/conf-available - if [ ! -f /etc/nginx/conf-available/anastasis.conf ]; then - echo -n "..." - cat /etc/anastasis/nginx.conf | sed -e "s/%SECURITYTOKEN%/$1/" >/etc/nginx/conf-available/anastasis.conf - fi - echo "Done" -} - . /usr/share/debconf/confmodule case "${1}" in configure) - db_start db_version 2.0 - # Read default values - CONFIG_FILE="/etc/default/anastasis" - TALER_HOME="/var/lib/taler/" - echo " User setup" # Creating taler users if needed if ! getent passwd ${_USERNAME} >/dev/null; then @@ -56,9 +30,6 @@ configure) dbc_go anastasis "$@" fi - cat >"/etc/systemd/system/anastasis-httpd.service" < - - -ProxyPass "unix:/var/lib/anastasis/httpd/anastasis.sock|http://example.com/" - diff --git a/debian/conf/nginx.conf b/debian/conf/nginx.conf deleted file mode 100644 index 6828f0b..0000000 --- a/debian/conf/nginx.conf +++ /dev/null @@ -1,8 +0,0 @@ -location /anastasis/ { - proxy_pass http://unix:/var/lib/anastasis/httpd/anastasis.sock; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host "example.com"; - proxy_set_header X-Forwarded-Proto "https"; - -} \ No newline at end of file diff --git a/debian/db/install/pgsql b/debian/db/install/pgsql index d61008c..81f0a0e 100755 --- a/debian/db/install/pgsql +++ b/debian/db/install/pgsql @@ -2,19 +2,22 @@ set -eu +conf_anastasis_db=/etc/taler/secrets/anastasis-db.secret.conf +conf_override=/etc/taler/override.conf + # get database settings from dbconfig-common and configure # for ADMINISTRATIVE access if [ -f /etc/dbconfig-common/anastasis.conf ]; then . /etc/dbconfig-common/anastasis.conf case "$dbc_dbtype" in pgsql) - anastasis-config -w \ - -c /etc/anastasis.conf \ + anastasis-config \ + -c $conf_anastasis_db \ -s "stasis-postgres" \ -o "CONFIG" \ -V "postgres:///$dbc_dbname" - anastasis-config -w \ - -c /etc/anastasis.conf \ + anastasis-config \ + -c $conf_override \ -s "anastasis" \ -o "DB" \ -V "postgres" @@ -50,13 +53,13 @@ if [ -f /etc/dbconfig-common/anastasis.conf ]; then echo "GRANT SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO \"$dbc_dbuser\";" \ | sudo -u postgres psql "postgres:///$dbc_dbname" - anastasis-config -w \ - -c /etc/anastasis.conf \ + anastasis-config \ + -c $conf_anastasis_db \ -s "stasis-postgres" \ -o "CONFIG" \ -V "postgres://$dbc_dbuser:$dbc_dbpass@$dbc_dbserver/$dbc_dbname" - anastasis-config -w \ - -c /etc/anastasis.conf \ + anastasis-config \ + -c $conf_override \ -s "anastasis" \ -o "DB" \ -V "postgres" diff --git a/debian/etc/anastasis/anastasis.conf b/debian/etc/anastasis/anastasis.conf new file mode 100644 index 0000000..0acc145 --- /dev/null +++ b/debian/etc/anastasis/anastasis.conf @@ -0,0 +1,4 @@ +[anastasis] +DATABASE = postgres + +@inline-secret@ stasis-postgres secrets/anastasis-db.secret.conf diff --git a/debian/etc/anastasis/secrets/anastasis-db.secret.conf b/debian/etc/anastasis/secrets/anastasis-db.secret.conf new file mode 100644 index 0000000..8f9fb54 --- /dev/null +++ b/debian/etc/anastasis/secrets/anastasis-db.secret.conf @@ -0,0 +1,3 @@ +[stasis-postgres] +#The connection string the plugin has to use for connecting to the database +CONFIG = postgres:///anastasis diff --git a/debian/etc/apache2/sites-available/anastasis.conf b/debian/etc/apache2/sites-available/anastasis.conf new file mode 100644 index 0000000..1d73ed1 --- /dev/null +++ b/debian/etc/apache2/sites-available/anastasis.conf @@ -0,0 +1,11 @@ + + + +ProxyPass "unix:/var/lib/anastasis/httpd/anastasis.sock|http://example.com/" + diff --git a/debian/etc/nginx/sites-available/anastasis b/debian/etc/nginx/sites-available/anastasis new file mode 100644 index 0000000..6828f0b --- /dev/null +++ b/debian/etc/nginx/sites-available/anastasis @@ -0,0 +1,8 @@ +location /anastasis/ { + proxy_pass http://unix:/var/lib/anastasis/httpd/anastasis.sock; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host "example.com"; + proxy_set_header X-Forwarded-Proto "https"; + +} \ No newline at end of file diff --git a/debian/etc/taler/conf.d/anastasis.conf b/debian/etc/taler/conf.d/anastasis.conf deleted file mode 100644 index 96b66b3..0000000 --- a/debian/etc/taler/conf.d/anastasis.conf +++ /dev/null @@ -1,2 +0,0 @@ -[anastasis] -DATABASE = postgres -- cgit v1.2.3