ogdhcp/debian/ogdhcp.postinst

#!/bin/bash
set -e

. /usr/share/debconf/confmodule

KEA_CTRL_AGENT_CONF="/etc/kea/kea-ctrl-agent.conf"
PUBLIC_DIR="/opt/opengnsys/ogdhcp/api/public"
APPARMOR_PROFILE="/etc/apparmor.d/usr.sbin.kea-dhcp4"
APPARMOR_LOCAL_PROFILE="/etc/apparmor.d/local/usr.sbin.kea-dhcp4"
KEA_CONFIG="/etc/kea/kea-dhcp4.conf"

db_get opengnsys/ogdhcp_interfaces
OGDHCP_INTERFACES="$RET"
db_get opengnsys/ogdhcp_ip
OGDHCP_IP="$RET"
db_get opengnsys/ogdhcp_ogbootIP
OGBOOT_IP="$RET"

case "$1" in
    configure)
        echo "Configurando ogdhcp..."

        # --- KEA CTRL AGENT ---
        if dpkg -s kea-ctrl-agent > /dev/null 2>&1; then
            echo "Configurando kea-ctrl-agent..."

            if [ -e "$KEA_CTRL_AGENT_CONF" ]; then
                dpkg-divert --package ogdhcp --divert "$KEA_CTRL_AGENT_CONF.dpkg-dist" --rename "$KEA_CTRL_AGENT_CONF"
                cp -a "$KEA_CTRL_AGENT_CONF.dpkg-dist" "$KEA_CTRL_AGENT_CONF"

                echo "Eliminando autenticación de kea-ctrl-agent..."
                if grep -q '^[^#]*"authentication": {' "$KEA_CTRL_AGENT_CONF"; then
                    sed -i '/"authentication": {/,/^[[:space:]]*},/ {
                        s/^\([[:space:]]*\)\([^#]\)/\1#\2/
                    }' "$KEA_CTRL_AGENT_CONF"
                fi
            fi
        else
            echo "kea-ctrl-agent no está instalado. Se omite configuración."
        fi

        # --- APPARMOR + KEA-DHCP4 ---
        if dpkg -s kea-dhcp4-server > /dev/null 2>&1; then
            echo "Configurando AppArmor y kea-dhcp4..."

            if [ -e "$APPARMOR_PROFILE" ]; then
                dpkg-divert --package ogdhcp --divert "${APPARMOR_PROFILE}.dpkg-dist" --rename "$APPARMOR_PROFILE"
                cp -a "${APPARMOR_PROFILE}.dpkg-dist" "$APPARMOR_PROFILE"
            fi

            mkdir -p "$(dirname "$APPARMOR_LOCAL_PROFILE")"
            cat > "$APPARMOR_LOCAL_PROFILE" <<EOF
/etc/kea/ rw,
/etc/kea/** rw,
EOF

            echo "Recargando perfiles de AppArmor..."
            if apparmor_parser -r "$APPARMOR_PROFILE"; then
                echo "AppArmor recargado correctamente."
            else
                echo "Error al recargar AppArmor."
            fi

            echo "Configurando archivo kea-dhcp4.conf..."
            IFS=',' read -r -a INTERFACES <<< "$OGDHCP_INTERFACES"
            if [ -e "$KEA_CONFIG" ]; then
                dpkg-divert --package ogdhcp --divert "$KEA_CONFIG.dpkg-dist" --rename "$KEA_CONFIG"
                cat > "$KEA_CONFIG" <<EOF
{
    "Dhcp4": {
        "interfaces-config": {
            "interfaces": [ $( 
                for interface in "${INTERFACES[@]}"; do
                    echo "\"$interface\""
                done | paste -sd "," -
            ) ]
        },
        "client-classes": [
            {
                "name": "UEFI-64",
                "test": "not substring(option[60].hex,0,20) == 'PXEClient:Arch:00000'",
                "boot-file-name": "ipxe.efi",
                "next-server": "$OGBOOT_IP"
            },
            {
                "name": "Legacy",
                "test": "substring(option[60].hex,0,20) == 'PXEClient:Arch:00000'",
                "boot-file-name": "undionly.kpxe",
                "next-server": "$OGBOOT_IP"
            }
        ],
        "control-socket": {
            "socket-name": "/run/kea/kea4-ctrl-socket",
            "socket-type": "unix"
        }
    }
}
EOF
            fi
        else
            echo "kea-dhcp4-server no está instalado. Se omite configuración."
        fi

        # --- NGINX ---
        echo "Configurando nginx..."
        PHP_VERSION=$(php -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')
        NGINX_CONF="/etc/nginx/sites-available/ogdhcp.conf"

        if [ ! -f "$NGINX_CONF" ]; then
            cp /opt/opengnsys/ogdhcp/etc/nginxServer.conf.tmpl "$NGINX_CONF"
            sed -i "s|__PHPVERSION__|$PHP_VERSION|g" "$NGINX_CONF"
            sed -i "s|__SERVERIP__|$OGDHCP_IP|g" "$NGINX_CONF"
            sed -i "s|__PUBLICDIR__|$PUBLIC_DIR|g" "$NGINX_CONF"
            ln -s "$NGINX_CONF" /etc/nginx/sites-enabled/ogdhcp.conf
        else
            echo "nginx ya configurado."
        fi

        # --- PHP-FPM ---
        echo "Configurando php-fpm..."
        PHP_FPM_CONF="/etc/php/$PHP_VERSION/fpm/pool.d/ogdhcp.conf"
        if [ ! -f "$PHP_FPM_CONF" ]; then
            cp /opt/opengnsys/ogdhcp/etc/php/fpm/ogdhcp-fpm.conf "$PHP_FPM_CONF"
        fi
        ;;

    abort-upgrade|abort-remove|abort-deconfigure)
        ;;
    *)
        echo "postinst called with unknown argument '$1'" >&2
        exit 1
        ;;
esac

# Permisos
chown opengnsys:www-data /opt/opengnsys/
chown -R opengnsys:www-data /opt/opengnsys/ogdhcp

# Solo si kea está instalado
if dpkg -s kea-dhcp4-server > /dev/null 2>&1; then
    chown -R _kea:_kea /etc/kea
fi

# Reiniciar servicios (fallar silenciosamente si no existen)
systemctl daemon-reload
systemctl restart nginx || true
systemctl restart php"$PHP_VERSION"-fpm || true
systemctl restart kea-dhcp4-server || true
systemctl restart kea-ctrl-agent || true

exit 0