5 files changed, 143 insertions, 75 deletions
diff --git a/tools/000-boca.conf b/tools/000-boca.conf
index 66c62fe..2ea68d9 100644
--- a/tools/000-boca.conf
+++ b/tools/000-boca.conf
@@ -1,15 +1,21 @@
-<Directory /var/www/boca/src>
-       AllowOverride Options AuthConfig Limit
-       Order Allow,Deny
-       Allow from all
-       AddDefaultCharset utf-8
-</Directory>
-<Directory /var/www/boca/src/private>
-       AllowOverride Options AuthConfig Limit
-       Deny from all
-</Directory>
-<Directory /var/www/boca>
-       AllowOverride Options AuthConfig Limit
-       Deny from all
-</Directory>
-Alias /boca /var/www/boca/src
+<VirtualHost *:80>
+
+  ServerAdmin boca@bombonera.org
+  DocumentRoot /var/www/boca
+  <Directory "/var/www/boca/src">
+         AllowOverride Options AuthConfig Limit
+         Order Allow,Deny
+         Allow from all
+         AddDefaultCharset utf-8
+  </Directory>
+  <Directory "/var/www/boca/src/private">
+         AllowOverride Options AuthConfig Limit
+         Deny from all
+  </Directory>
+  <Directory /var/www/boca>
+         AllowOverride Options AuthConfig Limit
+         Deny from all
+  </Directory>
+  Alias /boca /var/www/boca/src
+
+</VirtualHost>
diff --git a/tools/boca-config-dbhost.sh b/tools/boca-config-dbhost.sh
index 306f44f..bfe710e 100644
--- a/tools/boca-config-dbhost.sh
+++ b/tools/boca-config-dbhost.sh
@@ -35,6 +35,8 @@ bdservernew=$1
 
 . /etc/boca.conf
 
+privatedir=$bocadir/src/private
+
 CHANGE=n
 if [[ "x$bdserver" == "x" ]]; then
   echo "bdserver=$bdservernew" >> /etc/boca.conf
@@ -46,21 +48,23 @@ fi
 
 bdserver=$bdservernew
 
-if [[ "$bdserver" == "localhost" && "x$bdcreated" != "xy" ]]; then
-  if [[ "$CHANGE" == "n" ]]; then
-    boca-createdb
-  else
-    boca-createdb -f
-  fi
-elif [[ "$bdserver" != "localhost" ]]; then
-  printf "You will be asked to prompt the BD password [enter do continue]"
-  read
-  #just to config password
-  if [[ "$CHANGE" == "n" ]]; then
-    boca-createdb nocreate
-  else
-    boca-createdb -f nocreate
-  fi
+#update conf.php
+# PASSWD should be environment defined. While installing boca-common package
+# this variable will be set
+PASS=$PASSWD
+if [[ "x$PASS" == "x" ]]; then
+  read -p "Enter DB password: " -s PASS
 fi
+PASSK=`makepasswd --chars 20`
+awk -v boca="$bdserver" -v pass="$PASS" -v passk="$PASSK" '{ if(index($0,"[\"dbpass\"]")>0) \
+  print "$conf[\"dbpass\"]=\"" pass "\";"; \
+  else if(index($0,"[\"dbhost\"]")>0) print "$conf[\"dbhost\"]=\"" boca "\";"; \
+  else if(index($0,"[\"dbsuperpass\"]")>0) print "$conf[\"dbsuperpass\"]=\"" pass "\";"; \
+  else if(index($0,"[\"key\"]")>0) print "$conf[\"key\"]=\"" passk "\";"; else print $0; }' \
+  < $privatedir/conf.php > $privatedir/conf.php1
+mv -f $privatedir/conf.php1 $privatedir/conf.php
+
+chown www-data.www-data $privatedir/conf.php
+chmod 600 $privatedir/conf.php
 
 exit 0
diff --git a/tools/boca-createdb.sh b/tools/boca-createdb.sh
index c230819..0c36a3f 100644
--- a/tools/boca-createdb.sh
+++ b/tools/boca-createdb.sh
@@ -37,7 +37,7 @@ privatedir=$bocadir/src/private
 postgresuser=postgres
 
 if [[ "x$bdserver" == "x" ]]; then
-  echo "Please run boca-config-dbhost"
+  echo "Please run boca-config-dbhost first"
   exit 2
 fi
 
@@ -57,54 +57,10 @@ if [[ "x$bdcreated" == "x" || "$1" == "-f" ]] ; then
   fi
   echo "Keep the DB password safe!"
 
-  PASSK=`makepasswd --chars 20`
-  awk -v boca="$bdserver" -v pass="$PASS" -v passk="$PASSK" '{ if(index($0,"[\"dbpass\"]")>0) \
-    print "$conf[\"dbpass\"]=\"" pass "\";"; \
-    else if(index($0,"[\"dbhost\"]")>0) print "$conf[\"dbhost\"]=\"" boca "\";"; \
-    else if(index($0,"[\"dbsuperpass\"]")>0) print "$conf[\"dbsuperpass\"]=\"" pass "\";"; \
-    else if(index($0,"[\"key\"]")>0) print "$conf[\"key\"]=\"" passk "\";"; else print $0; }' \
-    < $privatedir/conf.php > $privatedir/conf.php1
-  mv -f $privatedir/conf.php1 $privatedir/conf.php
-
   if [[ "$bdserver" == "localhost" ]]; then
     su - $postgresuser -c "echo drop user bocauser | psql -d template1 >/dev/null 2>/dev/null"
     su - $postgresuser -c "echo create user bocauser createdb password \'$PASS\'| psql -d template1"
     su - $postgresuser -c "echo alter user bocauser createdb password \'$PASS\'| psql -d template1"
-    #allowing outside connections
-    if ! echo "$*" | grep -q notouchpgconf; then
-      echo "##########################"
-      echo "     ATENTION"
-      echo "##########################"
-      echo
-      echo "I AM GIVING ACCESS TO THE DATABASE FROM ANY IP (AS LONG AS THE PASSWORD IS OK)"
-      CONTINUE="y"
-      printf "May I give access? [Y/n]"
-      read CONTINUE
-
-      if [[ "$CONTINUE" == "Y" || "$CONTINUE" == "y" ]]; then
-        for i in /etc/postgresql/*/main/pg_hba.conf; do
-          if grep -q "host.*bocadb.*bocauser" $i; then
-            continue;
-          fi
-          echo "host bocadb bocauser 0/0 md5" >> $i
-          echo "host postgres replication 0/0 md5" >> $i
-        done
-        for i in /etc/postgresql/*/main/postgresql.conf; do
-        if ! grep -q "^[^\#]*listen_addresses" $i; then
-          echo "listen_addresses = '*'" >> $i
-        fi
-        done
-        service postgresql restart
-
-      else
-        echo "#### READ THIS ####"
-        echo "If you change your mind later, you may call me again as:"
-        echo "$0 -f"
-        sleep 3
-        echo
-        echo
-      fi
-    fi
   fi
   if [[ "x$bdcreated" == "x" ]]; then
     echo 'bdcreated=y' >> /etc/boca.conf
diff --git a/tools/postgresql/10/main/conf.d/000-boca.conf b/tools/postgresql/10/main/conf.d/000-boca.conf
new file mode 100644
index 0000000..128ef1a
--- /dev/null
+++ b/tools/postgresql/10/main/conf.d/000-boca.conf
@@ -0,0 +1 @@
+listen_addresses = '*'
diff --git a/tools/postgresql/10/main/pg_hba.conf b/tools/postgresql/10/main/pg_hba.conf
new file mode 100644
index 0000000..4eeaa6e
--- /dev/null
+++ b/tools/postgresql/10/main/pg_hba.conf
@@ -0,0 +1,101 @@
+# PostgreSQL Client Authentication Configuration File
+# ===================================================
+#
+# Refer to the "Client Authentication" section in the PostgreSQL
+# documentation for a complete description of this file.  A short
+# synopsis follows.
+#
+# This file controls: which hosts are allowed to connect, how clients
+# are authenticated, which PostgreSQL user names they can use, which
+# databases they can access.  Records take one of these forms:
+#
+# local      DATABASE  USER  METHOD  [OPTIONS]
+# host       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+# hostssl    DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+# hostnossl  DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+#
+# (The uppercase items must be replaced by actual values.)
+#
+# The first field is the connection type: "local" is a Unix-domain
+# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
+# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
+# plain TCP/IP socket.
+#
+# DATABASE can be "all", "sameuser", "samerole", "replication", a
+# database name, or a comma-separated list thereof. The "all"
+# keyword does not match "replication". Access to replication
+# must be enabled in a separate record (see example below).
+#
+# USER can be "all", a user name, a group name prefixed with "+", or a
+# comma-separated list thereof.  In both the DATABASE and USER fields
+# you can also write a file name prefixed with "@" to include names
+# from a separate file.
+#
+# ADDRESS specifies the set of hosts the record matches.  It can be a
+# host name, or it is made up of an IP address and a CIDR mask that is
+# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
+# specifies the number of significant bits in the mask.  A host name
+# that starts with a dot (.) matches a suffix of the actual host name.
+# Alternatively, you can write an IP address and netmask in separate
+# columns to specify the set of hosts.  Instead of a CIDR-address, you
+# can write "samehost" to match any of the server's own IP addresses,
+# or "samenet" to match any address in any subnet that the server is
+# directly connected to.
+#
+# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
+# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
+# Note that "password" sends passwords in clear text; "md5" or
+# "scram-sha-256" are preferred since they send encrypted passwords.
+#
+# OPTIONS are a set of options for the authentication in the format
+# NAME=VALUE.  The available options depend on the different
+# authentication methods -- refer to the "Client Authentication"
+# section in the documentation for a list of which options are
+# available for which authentication methods.
+#
+# Database and user names containing spaces, commas, quotes and other
+# special characters must be quoted.  Quoting one of the keywords
+# "all", "sameuser", "samerole" or "replication" makes the name lose
+# its special character, and just match a database or username with
+# that name.
+#
+# This file is read on server startup and when the server receives a
+# SIGHUP signal.  If you edit the file on a running system, you have to
+# SIGHUP the server for the changes to take effect, run "pg_ctl reload",
+# or execute "SELECT pg_reload_conf()".
+#
+# Put your actual configuration here
+# ----------------------------------
+#
+# If you want to allow non-local connections, you need to add more
+# "host" records.  In that case you will also need to make PostgreSQL
+# listen on a non-local interface via the listen_addresses
+# configuration parameter, or via the -i or -h command line switches.
+
+
+
+
+# DO NOT DISABLE!
+# If you change this first entry you will need to make sure that the
+# database superuser can access the database using some other method.
+# Noninteractive access to all databases is required during automatic
+# maintenance (custom daily cronjobs, replication, and similar tasks).
+#
+# Database administrative login by Unix domain socket
+local   all             postgres                                peer
+
+# TYPE  DATABASE        USER            ADDRESS                 METHOD
+
+# "local" is for Unix domain socket connections only
+local   all             all                                     peer
+# IPv4 local connections:
+host    all             all             127.0.0.1/32            md5
+# IPv6 local connections:
+host    all             all             ::1/128                 md5
+# Allow replication connections from localhost, by a user with the
+# replication privilege.
+local   replication     all                                     peer
+host    replication     all             127.0.0.1/32            md5
+host    replication     all             ::1/128                 md5
+host bocadb bocauser 0/0 md5
+host postgres replication 0/0 md5