install.config

#!/bin/sh
# OpenXPKI Install Settings


WORK_DIR=$(/bin/pwd);
FQDN=$(hostname -f);
IP_ADDR=$(hostname -i | grep -oE '((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])');

### OpenXPKI Core ###
OPENXPKI_SRC_DIR="openxpki-source";
#   Default:  INSTALLSITESCRIPT = /usr/local/bin         (OpenXPKI binaries)
INSTALLSITESCRIPT="/usr/bin";
# Will import openxpkid.service if one is provided or we'll download and import SYSTEMD_SERVICE_URL
SYSTEMD_SERVICE_FILE="openxpkid.service"
SYSTEMD_SERVICE_URL="https://raw.githubusercontent.com/openxpki/openxpki/master/package/debian/core/libopenxpki-perl.openxpkid.service";
OPENXPKI_PID="/run/openxpkid.pid";
# socket path seems hard coded somewhere, leave it at /var/openxpki/openxpki.socket
SOCKET_DIR="/var/openxpki";
SOCKET_FILE="${SOCKET_DIR}/openxpki.socket";
OPENXPKI_USR="openxpki";

### OpenXPKI Config ###
# Will import a config directory if one is provided or we'll download the base conf from github
IMPORT_OPENXPKI_CONFIG_DIR="openxpki-config";
OPENXPKI_CONFIG_DIR="/etc/openxpki";
## Realm
REALM="democa";
REALM_LONG_NAME="${FQDN}";
REALM_URL="https://${FQDN}/openxpki/";
TEST_ACCT_PASSWD="openxpki";
# OpenXPKI comes with several test accounts, if we create a realm (not importing openxpki-config) will replace them
PROFILE_CERT_EXPIR="0006";
# The profile cert expiration for the certificate profiles, must be before the CA Issuer expires
# https://openxpki.readthedocs.io/en/latest/reference/configuration/profile.html#validity

### Fast CGI ###
CGI_BIN_DIR="/usr/lib/cgi-bin";


### Database ###
# Will import schema file if one is provided or we'll download and import DB_SCHEMA_URL
DB_SCHEMA_FILE="openxpki-schema.sql";
DB_SCHEMA_URL="https://raw.githubusercontent.com/openxpki/openxpki-config/community/contrib/sql/schema-mariadb.sql";
DB_NAME="openxpki"
DB_ROOT_PASS="openxpki";
DB_USER_NAME="openxpki";
DB_USER_PASS="openxpki";
DB_SESSION_USER_NAME="openxpki_session";
DB_SESSION_USER_PASS="openxpki";


### Website ###
WEB_ROOT_DIR="/var/www";
WEB_OPENXPKI_DIR="${WEB_ROOT_DIR}/openxpki";
# Will import apache .conf if one is provided or we'll download and import APACHE_CONF_URL
APACHE_CONF_FILE="openxpki-site.conf";
APACHE_CONF_URL="https://raw.githubusercontent.com/openxpki/openxpki-config/community/contrib/apache2-openxpki-site.conf";
APACHE_CONF_DST="/etc/httpd/conf.d/openxpki.conf";
APACHE_USER="apache";
# Static Directory
# Will import home.html if one is provided or we'll download and import WEB_STATIC_URL
WEB_STATIC_INDEX="home.html";
WEB_STATIC_URL="https://raw.githubusercontent.com/openxpki/openxpki-config/community/contrib/home.html";
WEB_STATIC_DIR="${WEB_ROOT_DIR}/static";
## HTML Template ##
# Will import localconfig.yaml if one is provided or we'll copy it from localconfig.yaml.template 
WEB_TEMPLATE_FILE="localconfig.yaml";
WEB_TEMPLATE_URL="https://raw.githubusercontent.com/openxpki/openxpki-config/community/contrib/localconfig.yaml";
# Will import custom.css if one is provided or we'll create it
CUSTOM_CSS_FILE="custom.css";


### Logging ###
OPENXPKI_LOG_DIR="/var/log/openxpki";


### Session Driver ###
SESSION_DIR="/var/tmp";


### SCEP ###
LIBSCEP_SRC="libscep-source";
# SecretChallenge
SCEP_CHALLENGE="SecretChallenge";
# verysecret
HMAC_SECRET="verysecret";


### Publishing ###
OPENXPKI_PUBLISH_DIR="${WEB_ROOT_DIR}/download";


### Certificates ###
# Will import certificates if they are provided or we'll generate them with gen-certs.sh
# Root CA
ROOT_CA_CERT="root-ca.pem";
ROOT_CA_KEY="root-ca.key";
# Issuer CA
ISSUER_CA_CERT="issuer-ca.pem";
ISSUER_CA_KEY="issuer-ca.key";
# Datavault
DATAVAULT_CERT="datavault.pem";
DATAVAULT_KEY="datavault.key";
# SCEP RA
SCEP_RA_CERT="scep-ra.pem";
SCEP_RA_KEY="scep-ra.key";
# Web
WEB_CERT="${FQDN}.pem";
WEB_KEY="${FQDN}.key";