#!/usr/bin/env bash # setup-secrets.sh — Helper interactiv pentru configurare secrets/ și .env # # Pentru fiecare server Oracle din backend/ssh-tunnels.json: # - Creează backend/secrets/{id}.oracle_pass # # Plus: copiază backend/.env.example → backend/.env dacă lipsește. # Nimic nu se overwrite-uiește dacă fișierul există deja. set -e REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" SECRETS_DIR="$REPO_ROOT/backend/secrets" TUNNELS_FILE="$REPO_ROOT/backend/ssh-tunnels.json" ENV_FILE="$REPO_ROOT/backend/.env" ENV_EXAMPLE="$REPO_ROOT/backend/.env.example" if ! command -v jq >/dev/null 2>&1; then echo "❌ jq nu este instalat. Rulează: sudo apt install jq" exit 1 fi if [ ! -f "$TUNNELS_FILE" ]; then echo "❌ $TUNNELS_FILE nu există. Copiază backend/ssh-tunnels.json.example întâi." exit 1 fi mkdir -p "$SECRETS_DIR" echo "" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo " ROA2WEB — Setup secrets/ și .env" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "" # ---------------------------------------------------------------------------- # 1) backend/.env # ---------------------------------------------------------------------------- if [ -f "$ENV_FILE" ]; then echo "✅ $ENV_FILE există — skip" else if [ -f "$ENV_EXAMPLE" ]; then cp "$ENV_EXAMPLE" "$ENV_FILE" chmod 600 "$ENV_FILE" echo "📄 $ENV_FILE creat din .env.example (chmod 600)" echo " 👉 Editează manual:" echo " - TELEGRAM_BOT_TOKEN (de la @BotFather)" echo " - JWT_SECRET_KEY: python3 -c 'import secrets; print(secrets.token_urlsafe(32))'" echo " - TELEGRAM_SMTP_USER / TELEGRAM_SMTP_PASSWORD" else echo "⚠️ $ENV_EXAMPLE lipsește — sări peste setup .env" fi fi echo "" # ---------------------------------------------------------------------------- # 2) secrets/{id}.oracle_pass # ---------------------------------------------------------------------------- SERVERS=$(jq -r '.[].id' "$TUNNELS_FILE") for srv_id in $SERVERS; do echo "── Server: $srv_id ──────────────────────────────" pass_file="$SECRETS_DIR/${srv_id}.oracle_pass" if [ -f "$pass_file" ]; then echo " ✅ $pass_file există — skip" else read -rsp " Parolă Oracle pentru '$srv_id' (Enter ca să sari): " oracle_pass echo if [ -n "$oracle_pass" ]; then printf '%s' "$oracle_pass" > "$pass_file" chmod 600 "$pass_file" echo " 📄 $pass_file creat (chmod 600, fără newline trailing)" else echo " ⏭ sărit" fi fi echo "" done # ---------------------------------------------------------------------------- # 3) Verificare finală # ---------------------------------------------------------------------------- echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo " Stare finală:" echo "" ls -la "$SECRETS_DIR" 2>/dev/null | grep -v "^total\|^d" | awk '{printf " %s %s %s %s\n", $1, $5, $9, ""}' echo "" echo " ✅ Setup complet. Pornește serverele cu: ./start.sh test" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"