diff --git a/.devops/scripts/create-application.sh b/.devops/scripts/create-application.sh new file mode 100644 index 0000000..52a7669 --- /dev/null +++ b/.devops/scripts/create-application.sh @@ -0,0 +1,74 @@ +#!/usr/bin/env bash + +# Usage: ./generate application.sh +# Example: ./generate application.sh hvgblog-7koznapi > .env.hvgblog-7koznapi + +script_dir=$(dirname "$0") + +APPLICATION_NAME=${1:-"dev"} +if [ -z "$APPLICATION_NAME" ]; then + echo "Usage: $0 " + exit 1 +fi + +SALT_PATTERN=${SALT_PATTERN:-':alnum:!"#$%&()*+,-./:;<=>?@[\]^_`{|}~'} +SALT_LENGTH=${SALT_LENGTH:-64} + +PASS_PATTERN=${PASS_PATTERN:-':alnum:'} +PASS_LENGTH=${PASS_LENGTH:-16} + +APPLICATION_NAMESPACE=${APPLICATION_NAMESPACE:-'hvg-dev'} +APPLICATION_DOMAIN=${APPLICATION_DOMAIN:-'hvgblog.hu'} +APPLICATION_HOST=${APPLICATION_HOST:-"${APPLICATION_NAME}.${APPLICATION_DOMAIN}"} +APPLICATION_EMAIL=${APPLICATION_EMAIL:-'blogadmin@hvg.hu'} + +CERT=${SEAL_CERT_TMP:-$(mktemp)} + +if [ -z "$SEAL_CERT" ]; then + echo "SEAL_CERT is not set, fetching..." | tee /dev/stderr + kubeseal --fetch-cert > "$CERT" +else + regex='(https?|ftp|file)://[-[:alnum:]\+&@#/%?=~_|!:,.;]*[-[:alnum:]\+&@#/%=~_|]' + if [[ $SEAL_CERT =~ $regex ]]; then + echo "SEAL_CERT looks like a URL, fetching..." | tee /dev/stderr + curl -sSL "$SEAL_CERT" -o "$CERT" + else + if [ -f "$SEAL_CERT" ]; then + echo "SEAL_CERT looks like a file path, using..." | tee /dev/stderr + cp "$SEAL_CERT" "$CERT" + else + echo "SEAL_CERT is not a valid URL or file path, exiting." | tee /dev/stderr + exit 1 + fi + fi +fi + +seal() { + local value=$1 + echo -n "$value" | + kubeseal --cert "$CERT" --from-file=/dev/stdin --raw --scope cluster-wide +} + +gen_salt() { + cat /dev/urandom | tr -dc "$SALT_PATTERN" | fold -w $SALT_LENGTH | head -n 1 | sed 's/\n//' +} + +gen_pass() { + cat /dev/urandom | tr -dc "$PASS_PATTERN" | fold -w $PASS_LENGTH | head -n 1 | sed 's/\n//' +} + +get_parameter() { + local key=$1 + echo "${parameters[$key]}" +} + +dump_parameters() { + echo "parameters:" + for key in "${!parameters[@]}"; do + echo " - name: $key" + echo " value: ${parameters[$key]}" + done +} + +. "$script_dir/parameters.tmp" +dump_parameters | tee diff --git a/.devops/scripts/parameters.tmp b/.devops/scripts/parameters.tmp new file mode 100644 index 0000000..c3cada0 --- /dev/null +++ b/.devops/scripts/parameters.tmp @@ -0,0 +1,19 @@ +declare -A parameters=( \ + [db.name]=$APPLICATION_NAME \ + [db.username]=$APPLICATION_NAME \ + [db.sealedPassword]=$(seal $(gen_pass)) \ + [env.BLOG_SLUG]=$APPLICATION_NAME \ + [env.WP_HOME]="https://${APPLICATION_HOST}" \ + [env.WP_SITEURL]="https://${APPLICATION_HOST}/wp" \ + [env.ADMIN_EMAIL]=$APPLICATION_EMAIL \ + [env.S3_UPLOADS_BUCKET]="hvgblog/${APPLICATION_NAME}" \ + [env.S3_UPLOADS_BUCKET_URL]="https://cdn.${APPLICATION_DOMAIN}/${APPLICATION_NAME}" \ + [sealedSecretEnv.AUTH_KEY]=$(seal $(gen_salt)) \ + [sealedSecretEnv.AUTH_SALT]=$(seal $(gen_salt)) \ + [sealedSecretEnv.LOGGED_IN_KEY]=$(seal $(gen_salt)) \ + [sealedSecretEnv.LOGGED_IN_SALT]=$(seal $(gen_salt)) \ + [sealedSecretEnv.NONCE_KEY]=$(seal $(gen_salt)) \ + [sealedSecretEnv.NONCE_SALT]=$(seal $(gen_salt)) \ + [sealedSecretEnv.SECURE_AUTH_KEY]=$(seal $(gen_salt)) \ + [sealedSecretEnv.SECURE_AUTH_SALT]=$(seal $(gen_salt)) \ +)