#! /bin/sh # postinst script for gitlab # copied from postinst script for hplip # $Id: hplip.postinst,v 1.1 2005/10/15 21:39:04 hmh Exp $ # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package # # quoting from the policy: # Any necessary prompting should almost always be confined to the # post-installation script, and should be protected with a conditional # so that unnecessary prompting doesn't happen if a package's # installation fails and the `postinst' is called with `abort-upgrade', # `abort-remove' or `abort-deconfigure'. case "$1" in configure) # Show debconf questions . /usr/share/debconf/confmodule # Read and export debian specific configuration # Only exported variables will be passed on to gitlab app # Bootstrap config file - first try gitlab_debian_conf_example=/usr/share/doc/gitlab/gitlab-debian.conf.example export $(cat ${gitlab_debian_conf_example}) # second try test -f ${gitlab_debian_conf_private} || \ cp ${gitlab_debian_conf_example} ${gitlab_debian_conf_private} export $(cat ${gitlab_debian_conf_private}) # If /etc/gitlab/gitlab-debian.conf is already present, use it test -f ${gitlab_debian_conf} && export $(cat ${gitlab_debian_conf}) # Create gitlab user . /usr/lib/gitlab/scripts/adduser.sh gitlab_builds_log=${gitlab_log_dir}/builds gitlab_repo_path=${gitlab_data_dir}/repositories gitlab_uploads_path=${gitlab_data_dir}/public/uploads # Create directories and change ownership echo "Creating runtime directories for gitlab..." for i in ${gitlab_repo_path} ${gitlab_cache_path} ${gitlab_uploads_path}\ ${gitlab_pid_path} ${gitlab_log_dir} ${gitlab_shell_log} ${gitlab_builds_log}; do mkdir -p $i chown -R ${gitlab_user}: $i done # nginx/httpd should be able to connect to gitlab-workhorse.socket and serve public chown ${gitlab_user}:${nginx_user} -R ${gitlab_uploads_path}/.. ${gitlab_pid_path} # Customize permissions echo "Updating file permissions..." chmod -R ug+rwX,o-rwx ${gitlab_repo_path}/ chmod -R ug-s ${gitlab_repo_path}/ find ${gitlab_repo_path}/ -type d -print0 | xargs -0 chmod g+s for i in ${gitlab_data_dir} ${gitlab_shell_root}; do chown -R ${gitlab_user}: $i done su ${gitlab_user} -s /bin/sh -c "chmod 700 ${gitlab_uploads_path}" su ${gitlab_user} -s /bin/sh -c 'git config --global core.autocrlf "input"' # Commands below needs to be run from gitlab_app_root cd ${gitlab_app_root} # Obtain hostname from debconf db db_get gitlab/fqdn if [ "${RET}" != "" ]; then if ! grep GITLAB_HOST ${gitlab_debian_conf_private}; then echo "Configuring hostname and email..." export GITLAB_HOST=${RET} # We need this to configure nginx below cat <> ${gitlab_debian_conf_private} GITLAB_HOST=${RET} GITLAB_EMAIL_FROM="no-reply@${RET}" GITLAB_EMAIL_DISPLAY_NAME="Gitlab" GITLAB_EMAIL_REPLY_TO="no-reply@${RET}" EOF fi # Check if ssl option is selected db_get gitlab/ssl gl_proto="http" # Copy example configurations test -f ${gitlab_yml_private} || \ zcat ${gitlab_yml_example} > ${gitlab_yml_private} test -f ${gitlab_shell_config_private} || \ cp ${gitlab_shell_config_example} ${gitlab_shell_config_private} if [ "${RET}" = "true" ]; then echo "Configuring nginx with HTTPS..." if ! grep GITLAB_HTTPS ${gitlab_debian_conf_private}; then echo GITLAB_HTTPS=${RET} >> ${gitlab_debian_conf_private} # Workaround for #813770 gl_proto="https" echo "Configuring gitlab with HTTPS..." sed -i "s/#port: 80/port: 443/" ${gitlab_yml_private} sed -i "s/https: false/https: true/" ${gitlab_yml_private} echo "Updating gitlab_url in gitlab-shell configuration..." sed -i \ "s/gitlab_url: http*:\/\/.*/gitlab_url: ${gl_proto}:\/\/${GITLAB_HOST}/"\ ${gitlab_shell_config_private} fi mkdir -p /etc/gitlab/ssl if [ -f "${nginx_ssl_conf_example_gz}" ]; then # undo dh_installdocs auto compress export nginx_conf_example_tmp=$(mktemp) zcat ${nginx_ssl_conf_example_gz} > ${nginx_conf_example_tmp} export nginx_conf_example=${nginx_conf_example_tmp} fi # Check if letsencrypt option is selected db_get gitlab/letsencrypt if [ "${RET}" = "true" ]; then echo "Configuring letsencrypt..." ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem \ /etc/gitlab/ssl/gitlab.crt ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/privkey.pem \ /etc/gitlab/ssl/gitlab.key # Check if certificate is already present if [ -e /etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem ]; then echo "Let's encrypt certificate already present." else # Port 80 and 443 should be available for letsencrypt if command -v nginx > /dev/null; then echo "Stopping nginx for letsencrypt..." invoke-rc.d nginx stop fi letsencrypt -d ${GITLAB_HOST} certonly || { echo "letsencrypt auto configuration failed..." echo "Stop your webserver and try running letsencrypt manually..." echo "letsencrypt -d ${GITLAB_HOST} certonly" } fi fi fi # Manage gitlab-shell's config.yml via ucf mkdir -p /etc/gitlab-shell echo "Registering ${gitlab_shell_config} via ucf" ucf --debconf-ok --three-way ${gitlab_shell_config_private} ${gitlab_shell_config} ucfr gitlab ${gitlab_shell_config} # Manage gitlab.yml via ucf echo "Registering ${gitlab_yml} via ucf" ucf --debconf-ok --three-way ${gitlab_yml_private} ${gitlab_yml} ucfr gitlab ${gitlab_yml} # Manage gitlab-debian.conf via ucf echo "Registering ${gitlab_debian_conf} via ucf" ucf --debconf-ok --three-way ${gitlab_debian_conf_private} ${gitlab_debian_conf} ucfr gitlab ${gitlab_debian_conf} # configure nginx site if test -d /etc/nginx/sites-available/; then if test -f ${nginx_conf_example}; then nginx_site="/etc/nginx/sites-available/${GITLAB_HOST}" sed -e "s/YOUR_SERVER_FQDN/${GITLAB_HOST}/"\ ${nginx_conf_example} >${nginx_site_private} ucf --debconf-ok --three-way ${nginx_site_private} ${nginx_site} ucfr gitlab ${nginx_site} ln -fs ${nginx_site} /etc/nginx/sites-enabled/ rm -f ${nginx_conf_example_tmp} else echo "nginx example configuration file not found" exit 1 fi fi # Reload nginx if command -v nginx > /dev/null; then echo "Reloading nginx configuration..." invoke-rc.d nginx reload fi else echo "Failed to retrieve fully qualified domain name" exit 1 fi db_stop echo "Create database if not present" if ! su postgres -s /bin/sh -c "psql gitlab_production -c ''"; then su postgres -c 'createdb -E unicode -T template0 gitlab_production' fi # Adjust database privileges . /usr/lib/gitlab/scripts/grantpriv.sh # Remove Gemfile.lock if present rm -f ${gitlab_data_dir}/Gemfile.lock # Create Gemfile.lock and .secret in /var/lib/gitlab su ${gitlab_user} -s /bin/sh -c "touch ${gitlab_data_dir}/Gemfile.lock" ln -sf ${gitlab_data_dir}/Gemfile.lock ${gitlab_app_root}/Gemfile.lock if ! [ -e ${gitlab_app_root}/.secret ] ; then ln -sf ${gitlab_data_dir}/.secret ${gitlab_app_root}/.secret fi echo "Verifying we have all required libraries..." su ${gitlab_user} -s /bin/sh -c 'bundle install --local' echo "Running final rake tasks and tweaks..." . /usr/lib/gitlab/scripts/rake-tasks.sh ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac #DEBHELPER# exit 0