[plane] Initial configuration

- Create the admin user - Configure email - Disallow uninvited signup - Fixes
2024-12-19 08:14:21 +01:00 · 2024-12-19 08:14:21 +01:00 · 3eecbd6470
commit 3eecbd6470
parent a09b77ac23
1 changed files with 67 additions and 6 deletions
--- a/lib/plane.sh
+++ b/lib/plane.sh
@ -4,6 +4,8 @@

 PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

+. /federated/lib/helpers.sh
+
 # FIXME plane's nginx proxy has a few additional rules that we may
 # need to port to Traefik:
 #        add_header X-Content-Type-Options    "nosniff" always;
@ -23,6 +25,7 @@ config_plane() {
 	fi

 	POSTGRES_PASSWORD=$(create_password)
+	EMAIL_PASSWORD="$(cat /federated/apps/panel/.env |grep ^SMTP_PASSWORD= |cut -d= -f2-)"

 	USE_TRAEFIK=true

@ -84,6 +87,15 @@ FILE_SIZE_LIMIT=5242880
 # Gunicorn Workers
 GUNICORN_WORKERS=1

+# Email
+EMAIL_HOST=mail.@DOMAIN@
+EMAIL_HOST_USER=fcore@@DOMAIN@
+EMAIL_HOST_PASSWORD=@EMAIL_PASSWORD@
+EMAIL_PORT=587
+EMAIL_FROM=admin@@DOMAIN@
+EMAIL_USE_TLS=1
+EMAIL_USE_SSL=0
+
 # UNCOMMENT `DOCKER_PLATFORM` IF YOU ARE ON `ARM64` AND DOCKER IMAGE IS NOT AVAILABLE FOR RESPECTIVE `APP_RELEASE`
 # DOCKER_PLATFORM=linux/amd64

@ -455,16 +467,15 @@ networks:
 EOF
 	sed -i -e "s,@DOMAIN@,${DOMAIN},g" \
 	       -e "s,@POSTGRES_PASSWORD@,${POSTGRES_PASSWORD},g" \
+	       -e "s,@EMAIL_PASSWORD@,${EMAIL_PASSWORD},g" \
 		/federated/apps/plane/docker-compose.yml \
 		/federated/apps/plane/plane.env

-	set -x
 	# Create database and user in postgresql
-	docker exec postgresql psql -U postgres -c "CREATE DATABASE plane" &> /dev/null
-	docker exec postgresql psql -U postgres -c "CREATE USER plane WITH PASSWORD '${POSTGRES_PASSWORD}'" &> /dev/null
-	docker exec postgresql psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE plane TO plane" &> /dev/null
-	set +x
-
+	SQL="docker exec postgresql psql --csv -U postgres"
+	$SQL -c "CREATE DATABASE plane" &> /dev/null
+	$SQL -c "CREATE USER plane WITH PASSWORD '${POSTGRES_PASSWORD}'" &> /dev/null
+	$SQL -c "GRANT ALL PRIVILEGES ON DATABASE plane TO plane" &> /dev/null
 	unset POSTGRES_PASSWORD

 	cat > /federated/apps/plane/.env <<EOF
@ -472,11 +483,61 @@ EOF
 EOF
 	chmod 600 /federated/apps/plane/.env

+
+	# migrator is usually started at the same time as plane - we need to
+	# run it manually once to create the initial database so we can make
+	# modifications to it (like creating the admin user) before plane is
+	# run the regular way
+	pushd /federated/apps/plane
+	docker compose up -d migrator
+	popd
+	# Wait for the migrator to exit -- at that point, the database should be
+	# ready for manipulation
+	echo "Waiting for completion of the initial plane database - this will take some time."
+	while [ -n "$(docker ps -q -f name=plane-migrator-1)" ]; do
+		sleep 1s
+		echo -n .
+	done
+	echo
+
+	INSTANCE_ID=$(random xxxxxxxxxxxxxxxxxxxxxxxx)
+	INSTANCE_UUID=$(random xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
+	USER_UUID=$(random xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
+	ADMIN_UUID=$(random xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
+	NOTIFICATION_UUID=$(random xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
+	PROFILE_UUID=$(random xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
+	SIGNUP_UUID=$(random xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
+	TOKEN=$(random xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx)
+	ADMINPASS=$(grep ADMINPASS= /var/lib/cloud/instances/[0-9]*/cloud-config.txt |cut -d= -f2- |tr -d \")
+	ENCODED_PASSWORD=$(python3 -c "from passlib.hash import django_pbkdf2_sha256; print(django_pbkdf2_sha256.hash('$ADMINPASS'))")
+	# FIXME don't hardcode 0.24.0
+	cat >/federated/apps/postgresql/data/var/lib/postgresql/data/plane-initial-user.sql <<EOF
+INSERT INTO instances(created_at, updated_at, id,               instance_name,                instance_id,    current_version, last_checked_at, is_telemetry_enabled, is_support_required, is_setup_done, is_signup_screen_visited, is_verified, domain,    latest_version, edition,           is_test)
+	       VALUES(NOW(),      NOW(),      '$INSTANCE_UUID', 'Federated Computer - Plane', '$INSTANCE_ID', '0.24.0',        NOW(),           FALSE,                FALSE,               TRUE,          TRUE,                     TRUE,        '$DOMAIN', '0.24.0',       'PLANE_COMMUNITY', FALSE);
+UPDATE instances SET instance_name='Federated Computer - Plane';
+UPDATE instances SET is_telemetry_enabled=FALSE;
+UPDATE instances SET is_setup_done=TRUE;
+INSERT INTO users (password,            last_login, id,           username, email,           first_name, last_name, avatar, date_joined, created_at, updated_at, last_location, created_location, is_superuser, is_managed, is_password_expired, is_active, is_staff, is_email_verified, is_password_autoset, token,    user_timezone, last_active, last_login_time, last_logout_time, last_login_ip,  last_logout_ip, last_login_medium, last_login_uagent,      is_bot, display_name)
+	    VALUES('$ENCODED_PASSWORD', NOW(),      '$USER_UUID', 'admin',  'admin@$DOMAIN', 'Plane',    'Admin',   '',     NOW(),       NOW(),      NOW(),      '',            '',               TRUE,         FALSE,      FALSE,               TRUE,      TRUE,     TRUE,              FALSE,               '$TOKEN', 'UTC',         NOW(),       NOW(),           NOW(),            '192.168.0.13', '192.168.0.13', 'email',           'Federated Signup/1.0', FALSE,  'admin');
+INSERT INTO user_notification_preferences(created_at, updated_at, id,                   property_change, state_change, comment, mention, issue_completed, user_id)
+				   VALUES(NOW(),      NOW(),      '$NOTIFICATION_UUID', FALSE,           FALSE,        FALSE,   FALSE,   FALSE,           '$USER_UUID');
+INSERT INTO profiles(created_at, updated_at, id,            theme, is_tour_completed, onboarding_step,                                                                                                use_case, role, is_onboarded, billing_address_country, has_billing_address, company_name,         user_id)
+	      VALUES(NOW(),      NOW(),      '$PROFILE_UUID', '{}',  FALSE,             '{"workspace_join": false, "profile_complete": false, "workspace_create": false, "workspace_invite": false}', '',       '',   FALSE,        'INDIA',                 FALSE,               '$DOMAIN',            '$USER_UUID');
+INSERT INTO instance_admins(created_at, updated_at, id,            role, is_verified, instance_id,      user_id)
+                     VALUES(NOW(),      NOW(),      '$ADMIN_UUID', 20,   TRUE,        '$INSTANCE_UUID', '$USER_UUID');
+INSERT INTO instance_configurations(created_at, updated_at, id,             key,             value, category,         is_encrypted)
+			     VALUES(NOW(),      NOW(),      '$SIGNUP_UUID', 'ENABLE_SIGNUP', '0',   'AUTHENTICATION', FALSE);
+UPDATE instance_configurations SET value=0 WHERE key='ENABLE_SIGNUP';
+EOF
+	$SQL plane -f /var/lib/postgresql/data/plane-initial-user.sql
+#	rm /federated/apps/postgresql/data/var/lib/postgresql/data/plane-initial-user.sql
+
 	echo -ne "done."
 }
 start_plane() {
 	# Start service with command to make sure it's up before proceeding
 #	start_service "plane" "nc -z 192.168.0.48 80 &> /dev/null" "7"
+	/federated/bin/start plane
 	echo -ne "done."
 }
 uninstall_plane() {