diff --git a/debian/configure.sh b/debian/configure.sh new file mode 100644 index 0000000..477fe5e --- /dev/null +++ b/debian/configure.sh @@ -0,0 +1,216 @@ +#!/bin/sh + +# configure.sh - Interactively collect variables and write resources/config.sh +# Drop this file alongside install.sh in the debian/ (or ubuntu/, devuan/, etc.) directory. +# It is sourced/called by install.sh BEFORE resources/config.sh is sourced. +# +# Usage (standalone): ./configure.sh +# Usage (from install): source ./configure.sh OR . ./configure.sh + +#move to the directory this script lives in so relative paths work +cd "$(dirname "$0")" 2>/dev/null || true + +CONFIG_FILE="./resources/config.sh" + +# --------------------------------------------------------------------------- +# Helper: prompt with a default value +# ask +# --------------------------------------------------------------------------- +ask() { + _var="$1" + _prompt="$2" + _default="$3" + + printf "%s [%s]: " "$_prompt" "$_default" + read -r _input +# --------------------------------------------------------------------------- +ask_secret() { + _var="$1" + _prompt="$2" + + # stty may not be available in all minimal environments; fall back gracefully + if stty -echo 2>/dev/null; then + printf "%s: " "$_prompt" + read -r _input +# --------------------------------------------------------------------------- +ask_bool() { + _var="$1" + _prompt="$2" + _default="$3" + + while true; do + printf "%s (true/false) [%s]: " "$_prompt" "$_default" + read -r _input }" +echo " Credentials will be stored in /root/.git-credentials (mode 600)." +echo " Leave username blank to skip credential store configuration." +echo "" +ask git_username "Git username or email" "" +if [ -n "$git_username" ]; then + ask_secret git_password "Git password or personal access token" +else + git_password="" +fi +echo "" + +# --------------------------------------------------------------------------- +# Write config.sh +# --------------------------------------------------------------------------- +cat > "$CONFIG_FILE" < Profile -> Personal Auth Token + +# Sofia-Sip Settings +sofia_version=${sofia_version} # release-version for sofia-sip to use + +# Database Settings +database_name=${database_name} # Database name (safe characters A-Z, a-z, 0-9) +database_username=${database_username} # Database username (safe characters A-Z, a-z, 0-9) +database_password=${database_password} # random or a custom value (safe characters A-Z, a-z, 0-9) +database_repo=${database_repo} # PostgreSQL official, system +database_version=${database_version} # requires repo official +database_host=${database_host} # hostname or IP address +database_port=${database_port} # port number +database_backup=${database_backup} # true or false + +# General Settings +php_version=${php_version} # PHP version 8.3, 8.2, 8.1 +letsencrypt_folder=${letsencrypt_folder} # true or false + +# Optional Applications +application_transcribe=${application_transcribe} # Speech to Text +application_speech=${application_speech} # Text to Speech +application_language_model=${application_language_model} # Language model +application_device_logs=${application_device_logs} # Log device provision requests +application_dialplan_tools=${application_dialplan_tools} # Add additional dialplan applications +application_edit=${application_edit} # Editor for XML, Provision, Scripts, and PHP +application_sip_trunks=${application_sip_trunks} # Registration-based SIP trunks + +# Git Settings +git_server=${git_server} # Hostname parsed from resources/fusionpbx.sh clone URL +git_username=${git_username} # Git username or email for credential store +git_password=${git_password} # Git password or personal access token +EOF + +# Protect config.sh since it now contains credentials +chmod 600 "$CONFIG_FILE" + +echo "============================================================" +echo " Configuration saved to: $CONFIG_FILE" +echo "============================================================" +echo "" \ No newline at end of file diff --git a/debian/install.sh b/debian/install.sh index 36c1be6..e51018f 100755 --- a/debian/install.sh +++ b/debian/install.sh @@ -3,6 +3,9 @@ #move to script directory so all relative paths work cd "$(dirname "$0")" +#collect configuration variables (writes resources/config.sh) +. ./configure.sh + #includes . ./resources/config.sh . ./resources/colors.sh @@ -25,6 +28,10 @@ apt-get install -y dialog apt-get install -y nano apt-get install -y net-tools apt-get install -y gpg +apt-get install -y git + +#Git global config, credential store, and safe directory +resources/git.sh #SNMP apt-get install -y snmpd @@ -65,4 +72,4 @@ resources/switch.sh server_address=$(hostname -I) #add the database schema, user and groups -resources/finish.sh +resources/finish.sh \ No newline at end of file diff --git a/debian/resources/config.sh b/debian/resources/config.sh index e54c675..48b071e 100755 --- a/debian/resources/config.sh +++ b/debian/resources/config.sh @@ -1,40 +1,50 @@ +#!/bin/sh # FusionPBX Settings -domain_name=ip_address # hostname, ip_address or a custom value -system_username=admin # default username admin -system_password=random # random or a custom value -system_branch=5.5 # master, 5.5 +domain_name=ip_address # hostname, ip_address or a custom value +system_username=admin # default username admin +system_password=random # random or a custom value +system_branch=5.5 # master, 5.5 # FreeSWITCH Settings -switch_branch=stable # master, stable -switch_source=true # true (source compile) or false (binary package) -switch_package=false # true (binary package) or false (source compile) -switch_version=1.10.12 # which source code to download, only for source -switch_tls=true # true or false -switch_token= # Get the auth token from https://signalwire.com - # Signup or Login -> Profile -> Personal Auth Token +switch_branch=stable # master, stable +switch_source=true # true (source compile) or false (binary package) +switch_package=false # true (binary package) or false (source compile) +switch_version=1.10.12 # which source code to download, only for source +switch_tls=true # true or false +switch_token= # Get the auth token from https://signalwire.com + # Signup or Login -> Profile -> Personal Auth Token + # Sofia-Sip Settings -sofia_version=1.13.17 # release-version for sofia-sip to use +sofia_version=1.13.17 # release-version for sofia-sip to use # Database Settings -database_name=fusionpbx # Database name (safe characters A-Z, a-z, 0-9) -database_username=fusionpbx # Database username (safe characters A-Z, a-z, 0-9) -database_password=random # random or a custom value (safe characters A-Z, a-z, 0-9) -database_repo=official # PostgreSQL official, system -database_version=18 # requires repo official -database_host=127.0.0.1 # hostname or IP address -database_port=5432 # port number -database_backup=false # true or false +database_name=fusionpbx # Database name (safe characters A-Z, a-z, 0-9) +database_username=fusionpbx # Database username (safe characters A-Z, a-z, 0-9) +database_password=random # random or a custom value (safe characters A-Z, a-z, 0-9) +database_repo=official # PostgreSQL official, system +database_version=18 # requires repo official +database_host=127.0.0.1 # hostname or IP address +database_port=5432 # port number +database_backup=false # true or false # General Settings -php_version=8.2 # PHP version 8.3, 8.2, 8.1 -letsencrypt_folder=true # true or false +php_version=8.2 # PHP version 8.3, 8.2, 8.1 +letsencrypt_folder=true # true or false # Optional Applications -application_transcribe=true # Speech to Text -application_speech=true # Text to Speech -application_language_model=true # Language model -application_device_logs=true # Log device provision requests -application_dialplan_tools=false # Add additional dialplan applications -application_edit=false # Editor for XML, Provision, Scripts, and PHP -application_sip_trunks=false # Registration-based SIP trunks +application_transcribe=true # Speech to Text +application_speech=true # Text to Speech +application_language_model=true # Language model +application_device_logs=true # Log device provision requests +application_dialplan_tools=false # Add additional dialplan applications +application_edit=false # Editor for XML, Provision, Scripts, and PHP +application_sip_trunks=false # Registration-based SIP trunks + +# Git Settings +# git_server is auto-detected from the clone URL in resources/fusionpbx.sh +# by configure.sh at install time. Set manually here only if running git.sh +# standalone without configure.sh. +git_server= # Hostname for the git credential store entry +git_username= # Git username or email for credential store +git_password= # Git password or personal access token \ No newline at end of file diff --git a/debian/resources/git.sh b/debian/resources/git.sh new file mode 100644 index 0000000..fe22bfa --- /dev/null +++ b/debian/resources/git.sh @@ -0,0 +1,82 @@ +#!/bin/sh + +# git.sh - Configure global git settings for the installer +# - Credential helper pointing to the file-based store +# - ~/.git-credentials entry for the internal git server +# (server hostname is read from git_server in config.sh, which is +# auto-parsed from the clone URL in resources/fusionpbx.sh) +# - safe.directory for /var/www/fusionpbx (needed when git runs +# as root but the directory is owned by www-data) +# +# This script must be called AFTER resources/config.sh has been sourced +# so that git_* variables are available. + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh + +verbose "Configuring global git settings" + +CREDENTIALS_FILE="/root/.git-credentials" + +# --------------------------------------------------------------------------- +# 1. Credential store +# --------------------------------------------------------------------------- +if [ -n "$git_username" ] && [ -n "$git_password" ] && [ -n "$git_server" ]; then + + # Point git at the file-based credential store + git config --global credential.helper "store --file $CREDENTIALS_FILE" + verbose " credential.helper = store --file $CREDENTIALS_FILE" + + # Build the credential URL: https://user:pass@server + # URL-encode only the characters that would break the URL inside the + # credentials file (@, :, /, space). For most tokens/passwords this + # is sufficient; complex passwords with other special chars should use + # a personal access token instead. + _encoded_user=$(printf '%s' "$git_username" | sed \ + -e 's/%/%25/g' \ + -e 's/ /%20/g' \ + -e 's/:/%3A/g' \ + -e 's/@/%40/g') + _encoded_pass=$(printf '%s' "$git_password" | sed \ + -e 's/%/%25/g' \ + -e 's/ /%20/g' \ + -e 's/:/%3A/g' \ + -e 's/@/%40/g') + + _cred_entry="https://${_encoded_user}:${_encoded_pass}@${git_server}" + + # Write (or replace) the entry for this server in the credentials file. + # Remove any pre-existing line for the same server first to avoid duplicates. + if [ -f "$CREDENTIALS_FILE" ]; then + # Strip existing entries for this server + sed -i "/@${git_server}/d" "$CREDENTIALS_FILE" + fi + + printf '%s\n' "$_cred_entry" >> "$CREDENTIALS_FILE" + chmod 600 "$CREDENTIALS_FILE" + + verbose " credentials written to $CREDENTIALS_FILE" + + # Clear sensitive variables from the environment as soon as they are + # no longer needed. + unset _encoded_pass _cred_entry + +else + verbose " git credentials not configured (git_username or git_password not set)" +fi + +# --------------------------------------------------------------------------- +# 2. Safe directory for /var/www/fusionpbx +# Git ≥ 2.35.2 refuses to operate on directories owned by a different +# user. The installer runs as root but chowns the checkout to www-data, +# so subsequent git operations (updates, pulls) fail unless the directory +# is explicitly marked safe. +# --------------------------------------------------------------------------- +git config --global --add safe.directory /var/www/fusionpbx +verbose " safe.directory += /var/www/fusionpbx" + +verbose "Git configuration complete" \ No newline at end of file