extras/packaging/gnu-linux/debian/postinst

#!/bin/sh
set -e

umask 022

create_server_keys() {
    mkdir -p /etc/dhtnet/id
    if [ ! -f /etc/dhtnet/id/id-server.crt ] && [ ! -f /etc/dhtnet/id/id-server.pem ]; then
        echo "Generating server keys..."
        dhtnet-crtmgr --setup -o /etc/dhtnet/
        dhtnet-crtmgr -a -c /etc/dhtnet/id/id-server.crt -p /etc/dhtnet/id/id-server.pem
        configure_yaml
        disable_dnc_service
    fi
    echo "===================="
    echo "dnc server installed and configured."
    echo "To configure it, edit /etc/dhtnet/dnc.yaml"
    echo "To enable and start server, run:"
    echo "  systemctl enable dnc.service"
    echo "  systemctl start dnc.service"
    echo "To configure your dnc client, run:"
    echo "  dhtnet-crtmgr --interactive"
    echo "===================="
}

# reload_dnc_service() {
#     status=$(systemctl is-active dnc.service || true)
#     if [ "$status" = "failed" ]; then
#         echo "dnc.service failed to start, try a restart after keys was created..."
#         systemctl restart dnc.service
#     fi
# }

disable_dnc_service() {
    systemctl stop dnc.service
    systemctl disable dnc.service
}

configure_yaml() {
    if [ -f /etc/dhtnet/dnc.yaml ]; then
        sed -i 's/^#certificate:.*$/certificate: \"\/etc\/dhtnet\/id\/id-server.crt\"/' /etc/dhtnet/dnc.yaml
        sed -i 's/^#privateKey:.*$/privateKey: \"\/etc\/dhtnet\/id\/id-server.pem\"/' /etc/dhtnet/dnc.yaml
    else
        {
            echo "# The bootstrap node serves as the entry point to the DHT network."
            echo "# By default, bootstrap.jami.net is configured for the public DHT network and should be used for personal use only."
            echo "# For production environments, it is recommended to set up your own bootstrap node to establish your own DHT network."
            echo "# Documentation: https://docs.jami.net/en_US/user/lan-only.html#boostraping"
            echo "bootstrap: \"bootstrap.jami.net\""
            echo ""
            echo "# TURN server is used as a fallback for connections if the NAT block all possible connections."
            echo "# By default is turn.jami.net (which uses coturn) but can be any TURN."
            echo "# Developer must set up their own TURN server."
            echo "# Documentation: https://docs.jami.net/en_US/developer/going-further/setting-up-your-own-turn-server.html"
            echo "turn_host: \"turn.jami.net\""
            echo "turn_user: \"ring\""
            echo "turn_pass: \"ring\""
            echo "turn_realm: \"ring\""
            echo ""
            echo "# When verbose is set to true, the server logs all incoming connections"
            echo "verbose: false"
            echo ""
            echo "# On server, identities are saved in /etc/dhtnet/id/"
            echo "certificate: \"/etc/dhtnet/id/id-server.crt\""
            echo "privateKey: \"/etc/dhtnet/id/id-server.pem\""
            echo ""
            echo "# When anonymous is set to true, the server accepts any connection without checking CA"
            echo "# When anonymous is set to false, the server allows only connection which are issued by the same CA as the server"
            echo "anonymous: false"
            echo ""
            echo "# List of authorized services"
            echo "# Each service is defined by an IP and a port"
            echo "authorized_services:"
            echo "  - ip: \"127.0.0.1\""
            echo "    port: 22"
            echo "  # - ip: \"127.0.0.1\""
            echo "  #   port: 80"
            echo "  # - ip: \"127.0.0.1\""
            echo "  #   port: 443"
            echo ""
        } > /etc/dhtnet/dnc.yaml
    fi
}

create_server_keys