feat: add config files

netoik-vault.spec

@@ -22,14 +22,49 @@ Install the secrets vault called vaultwarden with a predefined configuration.
 %make_install
 
 %post
+# Display commands and exit on error
+set -xe
+
+# Change rights of config file
+chgrp vaultwarden %{_sysconfdir}/vaultwarden/netoik_vaultwarden.cfg
+
+# Add vaultwarden user to postgres group
+usermod --groups postgres --append vaultwarden
+
+# Create postgres user and db
+if ! runuser --user=postgres -- psql --quiet --tuples-only --command='\du' | grep --quiet vaultwarden; then
+  runuser --user=postgres -- createuser vaultwarden
+fi
+if ! runuser --user=postgres -- psql --quiet --tuples-only --command='\l' | grep --quiet vaultwarden; then
+  runuser --user=postgres -- createdb --owner=vaultwarden vaultwarden
+fi
+
 # Restart services
 systemctl daemon-reload
-systemctl reenable nginx.service vaultwarden.service 
+systemctl reenable nginx.service vaultwarden.service
 systemctl restart nginx.service vaultwarden.service
 
 %postun
+# Display commands and exit on error
+set -xe
+
+# If uninstalling, then delete users and db
+if [ $1 == 0 ]; then
+  # Remove gitea database if existing
+  if runuser --user=postgres -- psql --quiet --tuples-only --command='\l' | grep --quiet vaultwarden; then
+    runuser --user=postgres -- dropdb vaultwarden
+  fi
+  if runuser --user=postgres -- psql --quiet --tuples-only --command='\du' | grep --quiet vaultwarden; then
+    runuser --user=postgres -- dropuser vaultwarden
+  fi
+fi
 
 %files
+%attr(644, root, root) %{_sysconfdir}/nginx/conf.d/vault.netoik.io.conf
+%attr(640, root, -) %{_sysconfdir}/vaultwarden/netoik_vaultwarden.cfg
+
+%dir %attr(755, root, root) %{_unitdir}/vaultwarden.service.d
+%attr(644, root, root) %{_unitdir}/vaultwarden.service.d/vaultwarden.conf
 
 %changelog
 %autochangelog