docker-init.sh at master · naim.abda.nl/lumen

naim.abda.nl / lumen
Your locally hosted lumina server for IDAPro
lumen / docker-init.sh
at master 2.8 kB view raw
 1#!/bin/sh
 2CFGPATH="/dockershare"
 3KEYPATH="/lumen/lumen.p12"
 4die(){
 5    echo "Exiting due to error: $@" && exit 1
 6}
 7do_config_fixup(){
 8           sed -i -e "s,connection_info.*,connection_info = \"${DATABASE_URL}\"," \
 9	   /lumen/config.toml
10}
11use_default_config(){
12    echo "No custom config.toml found, creating secure default."
13    tee /lumen/config.toml <<- EOF > /dev/null
14	[lumina]
15	bind_addr = "0.0.0.0:1234"
16	use_tls = true
17	server_name = "lumen"
18	[lumina.tls]
19	server_cert = "${KEYPATH}"
20	[database]
21	connection_info = "host=db port=5432 user=lumina password=1"
22	use_tls = false
23	[api_server]
24	bind_addr = "0.0.0.0:8082"
25	EOF
26}
27use_default_key(){
28    openssl req -x509 -newkey rsa:4096 -keyout /lumen/lumen_key.pem -out /lumen/lumen_crt.pem -days 365 -nodes \
29	    --subj "/C=US/ST=Texas/L=Austin/O=Lumina/OU=Naimd/CN=lumen" -passout "pass:" -extensions v3_req || die "Generating key"
30    openssl pkcs12 -export -out /lumen/lumen.p12 -inkey /lumen/lumen_key.pem -in /lumen/lumen_crt.pem  \
31	    -passin "pass:" -passout "pass:" || die "Exporting key"
32    openssl x509 -in /lumen/lumen_crt.pem -out $CFGPATH/hexrays.crt -passin "pass:" || die "Exporting hexrays.crt"
33    echo "hexrays.crt added to mounted volume.  Copy this to your IDA install dir." ;
34    sed -i -e "s,server_cert.*,server_cert = \"${KEYPATH}\"," /lumen/config.toml ;
35}
36setup_tls_key(){
37    PRIVKEY=$(find $CFGPATH -type f \( -name '*.p12' -o -name '*.pfx' \) | head -1)
38    PASSIN="-passin pass:$PKCSPASSWD"
39    if [ ! -z "${PRIVKEY}" ] ; then
40        KEYNAME=$(basename "${PRIVKEY}")
41	KEYPATH="/lumen/${KEYNAME}"
42        echo "Starting lumen with custom TLS certificate ${KEYNAME}" ;
43        cp "${PRIVKEY}" $KEYPATH ;
44        openssl pkcs12 -in $KEYPATH ${PASSIN} -clcerts -nokeys -out $CFGPATH/hexrays.crt || die "Exporting hexrays.crt from private key. If there's a password, add it in .env as PKCSPASSWD=...";
45        echo "hexrays.crt added to mounted volume.  Copy this to your IDA install dir." ;
46        sed -i -e "s,server_cert.*,server_cert = \"${KEYPATH}\"," /lumen/config.toml
47    else
48        echo "No custom TLS key with p12/pfx extension in the custom mount directory." ;
49	use_default_key ;
50    fi ;
51}
52setup_config(){
53    if [ -e $CFGPATH/config.toml ] ; then
54        echo "Detected custom config.toml"
55        cp $CFGPATH/config.toml /lumen/config.toml ;
56        if grep use_tls /lumen/config.toml | head -1 | grep -q false ; then
57            echo "Starting lumen without TLS.  Make sure to set LUMINA_TLS = NO in ida.cfg" ;
58        else
59	    setup_tls_key ;
60        fi ;
61    else
62	use_default_config ;
63	setup_tls_key ;
64    fi        
65}
66
67setup_config ;
68do_config_fixup ;
69echo Running DB migrations...
70diesel --config-file /usr/lib/lumen/diesel.toml migration run
71echo Migrations done.
72exec lumen -c /lumen/config.toml