summarylogtreecommitdiffstats
path: root/pentest-ghostwriter-init
blob: 2ff5279b0d9579763fefeca06bc53b0f71e4c28f (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

#!/usr/bin/env bash
set -euo pipefail

ENV_FILE=/etc/pentest-ghostwriter/pentest-ghostwriter.env
PY312_BIN=/usr/bin/python3.12
local_trust=true

case "${1:-}" in
  "") ;;
  --local-trust) local_trust=true ;;
  --no-local-trust) local_trust=false ;;
  *)
    echo "Unknown parameter: ${1}" >&2
    echo "Usage: sudo pentest-ghostwriter-init [--local-trust|--no-local-trust]" >&2
    exit 1
    ;;
esac

if [[ $EUID -ne 0 ]]; then
  echo "Please run as root." >&2
  exit 1
fi

[[ -x "$PY312_BIN" ]] || { echo "Missing: $PY312_BIN (install python312 first)" >&2; exit 1; }

if [[ ! -f ${ENV_FILE} ]]; then
  install -Dm640 /etc/pentest-ghostwriter/pentest-ghostwriter.env.example "${ENV_FILE}"
fi

"$PY312_BIN" - "$ENV_FILE" "$local_trust" <<'PY'
from pathlib import Path
import sys
path = Path(sys.argv[1])
local_trust = 'true' if sys.argv[2] == 'true' else 'false'
lines = path.read_text(encoding='utf-8').splitlines()
out = []
seen = set()
updates = {
    'LOCAL_TRUST_MODE': local_trust,
}
for line in lines:
    if '=' in line:
        key = line.split('=', 1)[0]
        if key in updates:
            out.append(f'{key}={updates[key]}')
            seen.add(key)
        else:
            out.append(line)
    else:
        out.append(line)
for key, value in updates.items():
    if key not in seen:
        out.append(f'{key}={value}')
path.write_text('\n'.join(out) + '\n', encoding='utf-8')
PY

if [[ ! -s /var/lib/postgres/data/PG_VERSION ]]; then
  runuser -u postgres -- initdb --locale=C.UTF-8 --encoding=UTF8 -D /var/lib/postgres/data
fi

systemctl enable --now postgresql valkey

set -a
# shellcheck disable=SC1090
source "${ENV_FILE}"
set +a

runuser -u postgres -- psql postgres -v ON_ERROR_STOP=1 -c "DO \$\$
BEGIN
   IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '${POSTGRES_USER}') THEN
      CREATE ROLE ${POSTGRES_USER} LOGIN PASSWORD '${POSTGRES_PASSWORD}';
   ELSE
      ALTER ROLE ${POSTGRES_USER} WITH LOGIN PASSWORD '${POSTGRES_PASSWORD}';
   END IF;
END
\$\$;"

runuser -u postgres -- psql postgres -tAc "SELECT 1 FROM pg_database WHERE datname = '${POSTGRES_DB}'" | grep -q 1 \
  || runuser -u postgres -- createdb -O "${POSTGRES_USER}" "${POSTGRES_DB}"

pentest-ghostwriter-bootstrap
systemctl enable --now pentest-ghostwriter-web.service pentest-ghostwriter-queue.service pentest-ghostwriter-collab.service

echo
echo "Done."
echo "  URL:  http://127.0.0.1:8000/home/"
if [[ ${local_trust} == true ]]; then
  echo "  Local Trust Mode: ENABLED (automatic localhost login for 127.0.0.1 / ::1)"
else
  echo "  Admin credentials: /etc/pentest-ghostwriter/admin-credentials"
fi