master
1#!/bin/bash
2
3set -euo pipefail
4
5getent passwd pocketid >/dev/null || \
6sudo useradd \
7 --system \
8 --home /var/lib/pocket-id \
9 --shell /usr/sbin/nologin \
10 pocketid
11
12sudo install --directory \
13 --owner=pocketid \
14 --group=pocketid \
15 --mode=0750 \
16 /etc/pocket-id
17
18sudo install --directory \
19 --owner=pocketid \
20 --group=pocketid \
21 --mode=0750 \
22 /var/lib/pocket-id
23
24KEY=/etc/pocket-id/encryption_key
25ENV=/etc/pocket-id/env
26
27sudo install --owner=pocketid \
28 --group=pocketid \
29 --mode=0600 \
30 /dev/null \
31 "${KEY}"
32openssl rand -base64 32 | sudo tee "${KEY}"
33
34sudo install --owner=pocketid \
35 --group=pocketid \
36 --mode=0600 \
37 /dev/null \
38 "${ENV}"
39sudo tee "${ENV}" << 'EOF'
40APP_URL=https://id.trustme.click
41UNIX_SOCKET=/run/pocket-id/pocket-id.sock
42ENCRYPTION_KEY_FILE=/etc/pocket-id/encryption_key
43TRUST_PROXY=true
44EOF