boban
/
mailwolt-installer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Laudende Default seite entfernen

main
boksbc 2025-10-16 12:27:15 +02:00
parent 5f3d76e7e8
commit 93ba754738
3 changed files with 33 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
scripts/10-provision.sh
View File

@ -32,12 +32,34 @@ mkdir -p /etc/mysql/mariadb.conf.d
[[ -f /etc/mysql/mariadb.cnf ]] || echo '!include /etc/mysql/mariadb.conf.d/*.cnf' > /etc/mysql/mariadb.cnf [[ -f /etc/mysql/mariadb.cnf ]] || echo '!include /etc/mysql/mariadb.conf.d/*.cnf' > /etc/mysql/mariadb.cnf
log "Redis absichern …" log "Redis absichern …"
REDIS_CONF="/etc/redis/redis.conf" # Aktiven Redis-Config-Pfad aus systemd holen (Fallback: Standard)
REDIS_CONF="$(systemctl show -p ExecStart redis-server \
| sed -n 's/^ExecStart=.*redis-server[[:space:]]\+\([^[:space:]]\+\).*/\1/p')"
REDIS_CONF="${REDIS_CONF:-/etc/redis/redis.conf}"
# Einmaliges, zufälliges Passwort (falls nicht von außen gesetzt)
REDIS_PASS="${REDIS_PASS:-$(openssl rand -hex 16)}" REDIS_PASS="${REDIS_PASS:-$(openssl rand -hex 16)}"
sed -i 's/^\s*#\?\s*bind .*/bind 127.0.0.1/' "$REDIS_CONF"
sed -i 's/^\s*#\?\s*protected-mode .*/protected-mode yes/' "$REDIS_CONF" # Bind + protected-mode hart setzen
grep -qE '^\s*#?\s*requirepass ' "$REDIS_CONF" \ sed -i 's/^[[:space:]]*#\?[[:space:]]*bind .*/bind 127.0.0.1/' "$REDIS_CONF"
&& sed -i "s/^\s*#\?\s*requirepass .*/requirepass ${REDIS_PASS}/" "$REDIS_CONF" \ sed -i 's/^[[:space:]]*#\?[[:space:]]*protected-mode .*/protected-mode yes/' "$REDIS_CONF"
|| printf "\nrequirepass %s\n" "${REDIS_PASS}" >> "$REDIS_CONF"
# Vorherige requirepass-Zeilen entfernen (kommentiert/unkommentiert), dann neu schreiben
sed -i '/^[[:space:]]*#\?[[:space:]]*requirepass[[:space:]]\+/d' "$REDIS_CONF"
printf '\nrequirepass %s\n' "${REDIS_PASS}" >> "$REDIS_CONF"
# Dienst aktivieren & neu starten
systemctl enable --now redis-server systemctl enable --now redis-server
systemctl restart redis-server || true systemctl restart redis-server || true
# Passwort für spätere Steps persistieren (damit 80-app.sh es hat)
install -d -m 0755 /etc/mailwolt
echo "REDIS_PASS=${REDIS_PASS}" > /etc/mailwolt/installer.env
chmod 600 /etc/mailwolt/installer.env
# Sanity-Check (kein harter Exit, nur Log)
if redis-cli -a "${REDIS_PASS}" ping 2>/dev/null | grep -q PONG; then
log "Redis mit Passwort OK."
else
warn "Redis PING mit Passwort fehlgeschlagen bitte /etc/redis/redis.conf prüfen."
fi

4
scripts/80-app.sh
View File

@ -53,6 +53,8 @@ else
fi fi
fi fi
[ -z "${REDIS_PASS:-}" ] && REDIS_PASS="$(awk '/^[[:space:]]*requirepass[[:space:]]+/ {print $2}' /etc/redis/redis.conf | tail -n1 || true)"
# --- .env schreiben (vollständig wie vorher) -------------------------------- # --- .env schreiben (vollständig wie vorher) --------------------------------
upsert_env APP_URL "${APP_URL_VAL}" upsert_env APP_URL "${APP_URL_VAL}"
upsert_env APP_HOST "${APP_HOST_VAL}" upsert_env APP_HOST "${APP_HOST_VAL}"
@ -102,7 +104,7 @@ upsert_env SESSION_SAMESITE "lax"
upsert_env REDIS_CLIENT "phpredis" upsert_env REDIS_CLIENT "phpredis"
upsert_env REDIS_HOST "127.0.0.1" upsert_env REDIS_HOST "127.0.0.1"
upsert_env REDIS_PORT "6379" upsert_env REDIS_PORT "6379"
upsert_env REDIS_PASSWORD "${REDIS_PASS:-}" upsert_env REDIS_PASSWORD "${REDIS_PASS}"
upsert_env REDIS_DB "0" upsert_env REDIS_DB "0"
upsert_env REDIS_CACHE_DB "1" upsert_env REDIS_CACHE_DB "1"
upsert_env REDIS_CACHE_CONNECTION "cache" upsert_env REDIS_CACHE_CONNECTION "cache"

1
scripts/lib.sh
View File

@ -1,5 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
[ -f /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env
# ── Styling ──────────────────────────────────────────────────────────────── # ── Styling ────────────────────────────────────────────────────────────────
GREEN="$(printf '\033[1;32m')"; YELLOW="$(printf '\033[1;33m')" GREEN="$(printf '\033[1;32m')"; YELLOW="$(printf '\033[1;33m')"