From 48d5c01e0a4a2dd499baa62dfbcea84dedd02a39 Mon Sep 17 00:00:00 2001
From: Mason Payne <mason@masonitestudios.com>
Date: Wed, 30 Oct 2024 23:37:25 -0600
Subject: [PATCH] add postgres setup script

---
 setup_postgres.sh | 60 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 setup_postgres.sh

diff --git a/setup_postgres.sh b/setup_postgres.sh
new file mode 100644
index 0000000..74aeddd
--- /dev/null
+++ b/setup_postgres.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+
+# Exit immediately if a command exits with a non-zero status.
+set -e
+
+# Update package lists
+sudo apt-get update
+
+# Install PostgreSQL
+sudo apt-get install -y postgresql postgresql-contrib
+
+# Ensure PostgreSQL service is running
+sudo systemctl start postgresql
+sudo systemctl enable postgresql
+
+# Switch to the postgres user
+sudo -i -u postgres bash << EOF
+
+# Create user 'ente' with password 'ente_password'
+psql -c "CREATE USER ente WITH PASSWORD 'ente_password';"
+
+# Create a new database owned by 'ente'
+psql -c "CREATE DATABASE ente_db OWNER ente;"
+
+# Connect to the new database and create a schema named 'ente'
+psql -d ente_db -c "CREATE SCHEMA ente AUTHORIZATION ente;"
+
+EOF
+
+# Allow TCP/IP connections by modifying the pg_hba.conf file
+PG_HBA="/etc/postgresql/$(ls /etc/postgresql)/main/pg_hba.conf"
+sudo sed -i "/# IPv4 local connections:/a hostssl    all             all             0.0.0.0/0               md5" $PG_HBA
+
+# Allow PostgreSQL to listen on all IP addresses by modifying the postgresql.conf file
+POSTGRESQL_CONF="/etc/postgresql/$(ls /etc/postgresql)/main/postgresql.conf"
+sudo sed -i "s/#listen_addresses = 'localhost'/listen_addresses = '*'/g" $POSTGRESQL_CONF
+
+# Enable SSL and specify SSL key and certificate paths
+sudo sed -i "s/#ssl = off/ssl = on/g" $POSTGRESQL_CONF
+sudo sed -i "s|#ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'|ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'|g" $POSTGRESQL_CONF
+sudo sed -i "s|#ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'|ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'|g" $POSTGRESQL_CONF
+
+# Generate self-signed SSL certificate
+sudo openssl req -new -x509 -days 365 -nodes -text -out /etc/ssl/certs/postgresql.crt -keyout /etc/ssl/private/postgresql.key -subj "/CN=postgresql"
+sudo chmod 600 /etc/ssl/private/postgresql.key
+sudo chown postgres:postgres /etc/ssl/private/postgresql.key
+sudo chown postgres:postgres /etc/ssl/certs/postgresql.crt
+
+# Update PostgreSQL configuration to use the generated certificate and key
+sudo sed -i "s|ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'|ssl_cert_file = '/etc/ssl/certs/postgresql.crt'|g" $POSTGRESQL_CONF
+sudo sed -i "s|ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'|ssl_key_file = '/etc/ssl/private/postgresql.key'|g" $POSTGRESQL_CONF
+
+# Reload PostgreSQL service to apply changes
+sudo systemctl restart postgresql
+
+# Confirm PostgreSQL is running and listening on the correct port
+sudo systemctl status postgresql
+# netstat -plnt | grep postgres
+
+echo "PostgreSQL has been set up successfully with SSL. User 'ente' has been created with access via TCP/IP and SSL."