Initial commit

factory/.env.example

@@ -0,0 +1,26 @@
+# All WissKi and Drupal Installations are contained within a single directory. 
+# The name of each subfolder corresponds to the appropriate domain name. 
+# This variable determines the subfolder to place installations into. 
+DRUPAL_ROOT=/var/www/factory
+
+# Each Drupal instance requires a corresponding system user, database users and databases. 
+# These are also set by the appropriate domain name. 
+# To differentiate them from other users of the system, these names can be prefixed. 
+# The prefix to use can be configured here. 
+# When changing these please consider that no system user may exist that has the same name as a mysql user. 
+# This is a MariaDB restriction. 
+SYSTEM_USER_PREFIX=factory-
+MYSQL_USER_PREFIX=mysql-factory-
+MYSQL_DATABASE_PREFIX=mysql-factory-
+GRAPHDB_USER_PREFIX=graphdb-factory-
+GRAPHDB_REPO_PREFIX=graphdb-factory-
+
+# Each created Drupal Instance corresponds to a single domain name. 
+# These domain names should either be a complete domain name or a sub-domain of a default domain. 
+# This setting configures the default domain-name to create subdomains of. 
+DEFAULT_DOMAIN=localhost.kwarc.info
+
+# Various components use password-based-authentication. 
+# These passwords are generated automatically. 
+# This variable can be used to determine their length. 
+PASSWORD_LENGTH=64

factory/lib/00_init.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+set -e
+
+# This is a library file. 
+# It should be 'source'd only, if it is not we bail out here. 
+if [[ "$0" = "$BASH_SOURCE" ]]; then
+   echo "This file should not be executed directly, it should be 'source'd only. "
+   exit 1;
+fi
+
+# Check that we are running on a linux system, to prevent accidentally running on Windows or Mac. 
+# Ideally we would want to explicitly limit to Debian / Ubuntu but at this point that's not needed. 
+OS="$(uname -s)"
+case "${OS}" in
+    Linux*) :;;
+    *)      echo "This script must be run under Linux. "; exit 1;;
+esac
+
+# To prevent accidentally messing up permissions, we need to always run as root. 
+# Check that the uid is 0, and otherwise bail out. 
+if [[ $EUID -ne 0 ]]; then
+   echo "This script should be run as root, use 'sudo' if in doubt. "
+   exit 1;
+fi
+
+# We enable shell aliases, to allow us to setup utility functions much more easily. 
+# To be safe that we don't have any other ones in the environment, we first unalias everything. 
+unalias -a
+shopt -s expand_aliases
+
+# Setup some basic input/output functions
+function log_info() {
+   echo -e "\033[1m$1\033[0m"
+}
+
+function log_ok() {
+   echo -e "\033[0;32m$1\033[0m"
+}
+
+function log_warn() {
+   echo -e "\033[1;33m$1\033[0m"
+}
+
+function log_error() {
+   echo -e "\033[0;31m$1\033[0m"
+}

factory/lib/10_config.sh

@@ -0,0 +1,128 @@
+#!/bin/bash
+set -e
+
+# This is a library file. 
+# It should be 'source'd only, if it is not we bail out here. 
+if [[ "$0" = "$BASH_SOURCE" ]]; then
+   echo "This file should not be executed directly, it should be 'source'd only. "
+   exit 1;
+fi
+
+# The Path to the configuration file. 
+CONFIG_FILE="$SCRIPT_DIR/.env"
+
+# Check that the configuration file exists. 
+# If it does not, throw an error
+log_info " => Reading configuration file"
+if ! [ -f "$CONFIG_FILE" ]; then
+   log_error ""
+   log_error "Missing configuration, provide a '.env' file"
+    exit 1
+fi
+
+# 'source' in the configuration file. 
+# Ideally we would want to make sure to prevent code-executation within the .env file
+# But for the moment let's not. 
+source "$CONFIG_FILE"
+
+# Next, validate all the configuration settings. 
+
+# is_valid_slug checks if it's argument is a valid 'slug'. 
+# A slug is any non-empty string of alphanumeric characters or '-'s.
+# The first character of a slug may not be a dash. 
+function is_valid_slug() {
+   if [[ "$1" =~ ^[a-zA-Z0-9][-a-zA-Z0-9]*$ ]]; then
+      return 0;
+   else
+      return 1;
+   fi;
+}
+
+# is_valid_abspath checks if it's argument is an absolute path. 
+function is_valid_abspath() {
+   if [[ "$1" =~ ^\/(.+)\/([^/]+)$ ]]; then
+      return 0;
+   else
+      return 1;
+   fi;
+}
+
+# 'is_valid_domain' checks if a number is a valid domain. 
+# A domain consists of at least one slug, seperated by '.'s.
+# Each token is a slug. 
+function is_valid_domain() {
+   if [[ "$1" =~ ^([a-zA-Z0-9][-a-zA-Z0-9]*\.)*[a-zA-Z0-9][-a-zA-Z0-9]*$ ]]; then
+      return 0;
+   else
+      return 1;
+   fi;
+}
+
+# 'is_valid_number' checks if a value is a valid number. 
+function is_valid_number() {
+   if [[ "$1" =~ ^[1-9][0-9]*$ ]]; then
+      return 0;
+   else
+      return 1;
+   fi;
+}
+
+# The 'DRUPAL_ROOT' variable must be an absolute path. 
+if ! is_valid_abspath "$DRUPAL_ROOT"; then
+   log_error "Variable 'DRUPAL_ROOT' is missing or not a valid path. ";
+   log_info "Please verify that it is set correctly in '.env'. ";
+   log_info "Please ensure that it does not end in '/'. ";
+   exit 1;
+fi
+
+# The 'SYSTEM_USER_PREFIX' variable must be a valid slug. 
+if ! is_valid_slug "$SYSTEM_USER_PREFIX"; then
+   log_error "Variable 'SYSTEM_USER_PREFIX' is missing or not a valid slug. ";
+   log_info "Please verify that it is set correctly in '.env'. ";
+   exit 1;
+fi
+
+# The 'MYSQL_USER_PREFIX' variable must be a valid slug. 
+if ! is_valid_slug "$MYSQL_USER_PREFIX"; then
+   log_error "Variable 'MYSQL_USER_PREFIX' is missing or not a valid slug. ";
+   log_info "Please verify that it is set correctly in '.env'. ";
+   exit 1;
+fi
+
+# The 'MYSQL_DATABASE_PREFIX' variable must be a valid slug. 
+if ! is_valid_slug "$MYSQL_DATABASE_PREFIX"; then
+   log_error "Variable 'MYSQL_DATABASE_PREFIX' is missing or not a valid slug. ";
+   log_info "Please verify that it is set correctly in '.env'. ";
+   exit 1;
+fi
+
+# The 'GRAPHDB_USER_PREFIX' variable must be a valid slug. 
+if ! is_valid_slug "$GRAPHDB_USER_PREFIX"; then
+   log_error "Variable 'DATABASE_PREFIX' is missing or not a valid slug. ";
+   log_info "Please verify that it is set correctly in '.env'. ";
+   exit 1;
+fi
+
+# The 'GRAPHDB_REPO_PREFIX' variable must be a valid slug. 
+if ! is_valid_slug "$GRAPHDB_REPO_PREFIX"; then
+   log_error "Variable 'GRAPHDB_REPO_PREFIX' is missing or not a valid slug. ";
+   log_info "Please verify that it is set correctly in '.env'. ";
+   exit 1;
+fi
+
+
+# The 'DOMAIN' variable must be a valid domain. 
+if ! is_valid_domain "$DEFAULT_DOMAIN"; then
+   log_error "Variable 'DEFAULT_DOMAIN' is missing or not a valid domain. ";
+   log_info "Please verify that it is set correctly in '.env'. ";
+   exit 1;
+fi
+
+# The 'PASSWORD_LENGTH' variable must be a valid number. 
+if ! is_valid_number "$PASSWORD_LENGTH"; then
+   log_error "Variable 'PASSWORD_LENGTH' is missing or not a valid number. ";
+   log_info "Please verify that it is set correctly in '.env'. ";
+   exit 1;
+fi
+
+log_ok "Read and validated configuration file. "

factory/lib/20_slug.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+set -e
+
+# This is a library file. 
+# It should be 'source'd only, if it is not we bail out here. 
+if [[ "$0" = "$BASH_SOURCE" ]]; then
+   echo "This file should not be executed directly, it should be 'source'd only. "
+   exit 1;
+fi
+
+# This file reads a single slug command line option. 
+# This is validated when 'require_slug_argument' is called. 
+
+function require_slug_argument() {
+    # The 'SLUG' argument must be a valid slug. 
+    if ! is_valid_slug "$SLUG"; then
+        log_error "Argument 'SLUG' is missing or not a valid slug. ";
+        log_info "Please provide it via the command line. ";
+        exit 1;
+    fi
+
+    log_info " => Deriving configuration for '$SLUG'. "
+    echo "Domain Name:          $INSTANCE_DOMAIN"
+    echo "Base Directory:       $BASE_DIR"
+    echo "System User:          $SYSTEM_USER"
+    echo "MySQL User:           $MYSQL_USER"
+    echo "MySQL Database:       $MYSQL_DATABASE"
+    echo "GraphDB User:         $GRAPHDB_USER"
+    echo "GraphDB Repository:   $GRAPHDB_REPO"
+}
+
+# Read the slug argument. 
+# We also read it in for scripts where it is not required, and will only use it if that is the case. 
+SLUG="$1"
+
+# Compute the domain name for this instance.
+# Also lowercase the domain name for consistency. 
+INSTANCE_DOMAIN="$SLUG.$DEFAULT_DOMAIN"
+INSTANCE_DOMAIN="$(echo "$INSTANCE_DOMAIN" | tr '[:upper:]' '[:lower:]')"
+
+# Next we need a username base. 
+# This will be used as a username across the system (linux), MySQL and GraphDB. 
+# For this we can only allow [0-9a-zA-Z-], hence we have to escape. 
+# In most cases, the only characters that require escaping are '.'s. 
+# Hence we replace '.' with '-'s.
+# We replace the other two characters that require escaping (_ and -)s with --u and --s respectively. 
+# Because no two dots can ever follow each other in the INSTANCE_DOMAIN, this is guaranteed collision free. 
+# We also have to do the '-' replacement first, to prevent escaped other characters from being escaped twice. 
+USERNAME_BASE="$SLUG"
+USERNAME_BASE="${USERNAME_BASE//-/--d}"
+USERNAME_BASE="${USERNAME_BASE//_/--u}"
+USERNAME_BASE="${USERNAME_BASE//./-}"
+
+# Generate the user and database names for the various systems
+SYSTEM_USER="${SYSTEM_USER_PREFIX}${USERNAME_BASE}"
+MYSQL_USER="${MYSQL_USER_PREFIX}${USERNAME_BASE}"
+MYSQL_DATABASE="${MYSQL_DATABASE_PREFIX}${USERNAME_BASE}"
+GRAPHDB_USER="${GRAPHDB_USER_PREFIX}${USERNAME_BASE}"
+GRAPHDB_REPO="${GRAPHDB_REPO_PREFIX}${USERNAME_BASE}"
+
+# Compute the base directory for the files that will live on disk. 
+BASE_DIR="$DRUPAL_ROOT/$INSTANCE_DOMAIN"
+COMPOSER_DIR="$BASE_DIR/project"
+WEB_DIR="$COMPOSER_DIR/web"
+
+# Setup aliases for drush and composer. 
+alias composer="sudo -u $SYSTEM_USER /usr/local/bin/composer"
+alias drush="sudo -u $SYSTEM_USER $COMPOSER_DIR/vendor/bin/drush"
+
+# Because of a bug in Drupal we constantly have to reset the permissions of the site directory. 
+# See https://www.drupal.org/project/drupal/issues/3091285. 
+function drupal_sites_permission_workaround() {
+    chmod -R u+w "$WEB_DIR/sites/"
+}
+
+# Apache configuration paths
+APACHE_CONFIG_SITE_AVAILABLE="/etc/apache2/sites-available/${INSTANCE_DOMAIN}.conf"
+APACHE_CONFIG_SITE_ENABLED="/etc/apache2/sites-enabled/${INSTANCE_DOMAIN}.conf"

factory/lib/30_utils.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+set -e
+
+# This is a library file. 
+# It should be 'source'd only, if it is not we bail out here. 
+if [[ "$0" = "$BASH_SOURCE" ]]; then
+   echo "This file should not be executed directly, it should be 'source'd only. "
+   exit 1;
+fi
+
+# Set a few variables to point to the debian frontend
+export DEBIAN_FRONTEND=noninteractive
+
+# This file just sets a few utility functions to be used by the code. 
+# randompw generates a random password as per the configuration file. 
+alias randompw="cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $PASSWORD_LENGTH | head -n 1"

factory/lib/lib.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+set -e
+
+# This file will load all the library functions needed by the various scripts. 
+# It should be 'source'd only, if it is not we bail out here. 
+if [[ "$0" = "$BASH_SOURCE" ]]; then
+   echo "This file should not be executed directly, it should be 'source'd only. "
+   exit 1;
+fi
+
+# Set variables for the script_dir and the lib_dir
+SCRIPT_DIR="$(pwd)"
+LIB_DIR="$SCRIPT_DIR/lib"
+
+# Next, we load a bunch of utility functions stored in lib/lib_<number>_<system>.sh 
+# These contain functionality used in the various scripts. 
+source "$LIB_DIR/00_init.sh";
+source "$LIB_DIR/10_config.sh";
+source "$LIB_DIR/20_slug.sh";
+source "$LIB_DIR/30_utils.sh";

factory/provision.sh

@@ -0,0 +1,193 @@
+#!/bin/bash
+
+# This script will provision a new Drupal instance and make it available to apache. 
+# Usage: sudo ./provision.sh $SLUG
+# In case the installation fails, it will bail out and leave you with an incomplete installation. 
+# To delete an incomplete installation, use the ./remove.sh script, or try fixing the error manually. 
+set -e
+
+# read the lib/shared.sh and read the slug argument. 
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd "$DIR"
+source "$DIR/lib/lib.sh"
+require_slug_argument
+
+
+# Check that the apache2 config is correct. 
+# This is a sanity test so that we don't randomly fail later because of bad config. 
+log_info " => Checking apache configuration"
+apache2ctl configtest > /dev/null
+
+# Create a system user and group
+log_info " => Creating system user and group '$SYSTEM_USER'"
+addgroup --system "$SYSTEM_USER"
+adduser --home "$BASE_DIR" --system --disabled-password --disabled-login --ingroup "$SYSTEM_USER" "$SYSTEM_USER"
+
+# Make directory for the composer project to live in
+log_info " => Making composer directory '$COMPOSER_DIR'"
+sudo -u "$SYSTEM_USER" mkdir -p "$COMPOSER_DIR"
+cd "$COMPOSER_DIR"
+
+# Write out a new apache configuration file into /etc/apache2/sites-available. 
+# We will need to substiute in some configuration directories. 
+log_info " => Writing new apache configuration file"
+cat << EOF >> "$APACHE_CONFIG_SITE_AVAILABLE"
+<VirtualHost *:80>
+    DocumentRoot $WEB_DIR
+    ServerName $INSTANCE_DOMAIN
+    AssignUserId $SYSTEM_USER $SYSTEM_USER
+
+    <Directory $WEB_DIR>
+        Options Indexes FollowSymLinks
+        AllowOverride All
+        Require all granted
+    </Directory>
+    ErrorLog \${APACHE_LOG_DIR}/error.log
+    CustomLog \${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
+EOF
+
+# Create a new composer project. 
+log_info " => Creating composer project"
+composer create-project drupal/recommended-project .
+composer require drush/drush
+
+# Randomly generate the database name and user we will configure. 
+# Use the 'randompw' alias for this. 
+log_info " => Generating new MySQL password"
+MYSQL_PASSWORD="$(randompw)"
+
+# Initialize the SQL database with those credentials. 
+log_info " => Intializing new SQL database '${MYSQL_DATABASE}' and user '$MYSQL_USER'. "
+mysql -e "CREATE DATABASE \`${MYSQL_DATABASE}\`;"
+mysql -e "CREATE USER \`${MYSQL_USER}\`@localhost IDENTIFIED BY '${MYSQL_PASSWORD}';"
+mysql -e "GRANT ALL PRIVILEGES ON \`${MYSQL_DATABASE}\`.* TO \`${MYSQL_USER}\`@localhost;"
+mysql -e "FLUSH PRIVILEGES;"
+
+# Generate some more random credentials, this time for drupal. 
+# We again make use of the randompw alias. 
+log_info " => Generating new drupal credentials"
+DRUPAL_USER="admin"
+DRUPAL_PASS="$(randompw)"
+
+# Use 'drush' to run the site-installation. 
+# Here we need to use the username, password and database creds we made above. 
+log_info " => Running drupal installation scripts"
+drush site-install standard --yes --site-name=${INSTANCE_DOMAIN} --account-name=$DRUPAL_USER --account-pass=$DRUPAL_PASS --db-url=mysql://${MYSQL_USER}:${MYSQL_PASSWORD}@localhost/${MYSQL_DATABASE}
+drupal_sites_permission_workaround
+
+# Create a new repository for GraphDB. 
+# First write out the configuration into a new directory. 
+log_info " => Writing GraphDB configuration in temporary directory"
+tmpdir="$(mktemp -d)"
+cd "$tmpdir"
+cat << EOF > repo-config.ttl
+# Creates a new GraphDB repository with Wisski
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>.
+@prefix rep: <http://www.openrdf.org/config/repository#>.
+@prefix sr: <http://www.openrdf.org/config/repository/sail#>.
+@prefix sail: <http://www.openrdf.org/config/sail#>.
+@prefix owlim: <http://www.ontotext.com/trree/owlim#>.
+
+[] a rep:Repository ;
+    rep:repositoryID "$GRAPHDB_REPO" ;
+    rdfs:label "$INSTANCE_DOMAIN" ;
+    rep:repositoryImpl [
+        rep:repositoryType "graphdb:FreeSailRepository" ;
+        sr:sailImpl [
+            sail:sailType "graphdb:FreeSail" ;
+
+            owlim:owlim-license "" ;
+
+            owlim:base-URL "http://$INSTANCE_DOMAIN#" ;
+            owlim:defaultNS "" ;
+            owlim:entity-index-size "10000000" ;
+            owlim:entity-id-size  "32" ;
+            owlim:imports "" ;
+            owlim:repository-type "file-repository" ;
+            owlim:ruleset "empty" ;
+            owlim:storage-folder "storage" ;
+
+            owlim:enable-context-index "false" ;
+            owlim:cache-memory "80m" ;
+            owlim:tuple-index-memory "80m" ;
+
+            owlim:enablePredicateList "false" ;
+            owlim:predicate-memory "0%" ;
+
+            owlim:fts-memory "0%" ;
+            owlim:ftsIndexPolicy "never" ;
+            owlim:ftsLiteralsOnly "true" ;
+
+            owlim:in-memory-literal-properties "false" ;
+            owlim:enable-literal-index "true" ;
+            owlim:index-compression-ratio "-1" ;
+
+            owlim:check-for-inconsistencies "false" ;
+            owlim:disable-sameAs  "false" ;
+            owlim:enable-optimization  "true" ;
+            owlim:transaction-mode "safe" ;
+            owlim:transaction-isolation "true" ;
+            owlim:query-timeout  "0" ;
+            owlim:query-limit-results  "0" ;
+            owlim:throw-QueryEvaluationException-on-timeout "false" ;
+            owlim:useShutdownHooks  "true" ;
+            owlim:read-only "false" ;
+            owlim:nonInterpretablePredicates "http://www.w3.org/2000/01/rdf-schema#label;http://www.w3.org/1999/02/22-rdf-syntax-ns#type;http://www.ontotext.com/owlim/ces#gazetteerConfig;http://www.ontotext.com/owlim/ces#metadataConfig" ;
+        ]
+    ].
+EOF
+
+# Create the configuration and use the configuration generated above. 
+# TODO: Permissions for GraphdDB
+log_info "Generating new GraphDB repository '$GRAPHDB_REPO'"
+curl -X POST\
+    http://127.0.0.1:7200/rest/repositories\
+    -H 'Content-Type: multipart/form-data'\
+    -F "config=@repo-config.ttl"
+
+# Remove the temporary directory. 
+cd ..
+rm -rf "$tmpdir"
+
+# Install the Wisski packages. 
+log_info " => Installing Wisski packages"
+cd "$COMPOSER_DIR"
+
+drupal_sites_permission_workaround
+composer require drupal/wisski
+
+drupal_sites_permission_workaround
+composer require drupal/inline_entity_form
+
+drupal_sites_permission_workaround
+composer require drupal/imagemagick
+
+drupal_sites_permission_workaround
+composer require drupal/image_effects
+
+drupal_sites_permission_workaround
+composer require drupal/colorbox
+
+
+# Enable the WissKi modules. 
+log_info " => Enable Wisski modules"
+drush pm-enable --yes wisski_core wisski_linkblock wisski_pathbuilder wisski_adapter_sparql11_pb wisski_salz
+drupal_sites_permission_workaround
+
+# TODO: Setup WissKi-Salz. 
+
+# Finally enable the apache2 config. 
+# And then reload to start serving it. 
+log_info " => Enabling and reloading apache configuration"
+a2ensite "${INSTANCE_DOMAIN}"
+systemctl reload apache2
+
+# TODO: Certbot support
+
+# and done!
+log_info " => Finished"
+log_info " => Your Drupal Instance is available at http://$INSTANCE_DOMAIN"
+log_info " => Your Drupal username is '$DRUPAL_USER', your password is '$DRUPAL_PASS'. "
+

factory/remove.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+set -e
+
+# TODO: Delete system user
+
+# read the lib/shared.sh and read the slug argument. 
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd "$DIR"
+source "$DIR/lib/lib.sh"
+require_slug_argument
+
+# Delete the apache configurationf files first. 
+# This prevents drupal from being served. 
+log_info " => Removing apache configuration files"
+rm "$APACHE_CONFIG_SITE_ENABLED" || true
+rm "$APACHE_CONFIG_SITE_AVAILABLE" || true
+
+# Reload apache to apply the configuration. 
+log_info " => Reloading apache"
+systemctl reload apache2
+
+# Delete the MySQL database next. 
+log_info " => Deleting MySQL database '$MYSQL_DATABASE' and user '$MYSQL_USER'. "
+mysql -e "DROP DATABASE IF EXISTS \`${MYSQL_DATABASE}\`;" || true
+mysql -e "DROP USER IF EXISTS \`${DBNAME}\`@localhost;"  || true
+
+# Clear the GraphDB repository. 
+log_info " => Deleting GraphDB repository '$GRAPHDB_REPO'"
+curl -X DELETE http://127.0.0.1:7200/rest/repositories/$GRAPHDB_REPO/
+
+log_info " => Deleting system user and group '$SYSTEM_USER'"
+deluser "$SYSTEM_USER" || true
+delgroup "$SYSTEM_USER" || true
+
+# Finally remove any trace of the repository by removing the base directory. 
+log_info " => Removing directory '$BASE_DIR'"
+rm -rf "$BASE_DIR"
+
+log_info " => Finished, '$INSTANCE_DOMAIN' has been removed. "

factory/shell.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+set -e
+
+# read the lib/shared.sh and lib/slug.sh
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd "$DIR"
+source "$DIR/lib/lib.sh"
+require_slug_argument
+
+log_info " => Opening shell in '$COMPOSER_DIR'"
+
+# cd into the right directory. 
+cd "$COMPOSER_DIR"
+
+# add /usr/local/bin (for composer) and the vendor bin (for drush) to path
+# and open a bash shell as www-data there. 
+sudo -u "$SYSTEM_USER" PATH="$COMPOSER_DIR/vendor/bin:/usr/local/bin:$PATH" /bin/bash

factory/system_install.sh

@@ -0,0 +1,111 @@
+#!/bin/bash
+set -e
+
+# read the lib/shared.sh
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd "$DIR"
+source "$DIR/lib/lib.sh"
+
+# This script will prepare a server to become a factory for Drupal Instances. 
+# Even though it assumes a clean server, it *should* be idempotent. 
+log_info "=> Preparing system to serve as a factory. "
+
+# Read the 'GRAPHDB_ZIP' argument from the command line. 
+# If it's not set, throw an error. 
+GRAPHDB_ZIP=$1
+if [ -z "$GRAPHDB_ZIP" ]; then
+    log_error "Usage: system_install.sh GRAPHDB_ZIP"
+    exit 1;
+fi;
+
+# Make a temporary directory to use for various tasks during this script. 
+log_info " => Making temporary directory"
+tmpdir="$(mktemp -d)"
+log_ok "Made $tmpdir"
+
+# fetch new package versions, then upgrade everything we already have. 
+# This isn't technically neccessary, but it means it'll work on an otherwise untouched system. 
+log_info " => Installing package updates ..."
+apt-get update
+apt-get dist-upgrade -y
+
+# Install composer, by downloading it using curl and then run it with php to install it in /usr/local/bin. 
+log_info " => Installing composer"
+apt-get install -y curl php-cli php-mbstring git unzip
+curl -sS https://getcomposer.org/installer -o "$tmpdir/composer-setup.php"
+php $tmpdir/composer-setup.php --install-dir=/usr/local/bin --filename=composer
+
+# Install required php extensions for Drupal and WissKi. 
+log_info " => Installing required php extensions"
+apt-get install -y php-xml php-gd php-mysql php-common php-xmlrpc php-soap php-gd php-intl php-mysql php-zip php-curl php-ssh2
+
+# Install the mariadb kernel. 
+log_info " => Installing mariadb"
+apt-get -y install mariadb-server
+
+# Install apache and required php extensions. 
+log_info " => Installing apache2, php and auth modules"
+apt-get install -y apache2 libapache2-mod-php libapache2-mpm-itk
+
+# Make the directory for all drupal instances to live in. 
+log_info " => Making root directory for Drupal Installations"
+mkdir -p "$DRUPAL_ROOT"
+
+# Install java for GraphDB. 
+# We use the 'headless' package to prevent installing anything graphical on a headless server. 
+log_info " => Installing java"
+apt-get install -y default-jre-headless
+
+
+# Next we have to check if we need to install graphdb. 
+# If '/opt/graphdb' exists, assume that the installation has already been performed. 
+if [ -d "/opt/graphdb" ]; then
+    log_info " => 'opt/graphdb' exists, skipping setup step. ";
+else
+
+    # Unzip the GraphDB sources into a temporary directory. 
+    echo " => Unzipping GraphDB into temporary directory"
+    unzip "$GRAPHDB_ZIP" -d "$tmpdir/graphdb"
+
+    # Then move them into /opt/graphdb.
+    # Here we need to make sure that the first subdirectoy is renamed appropriately during the move. 
+    echo " => Moving GraphDB into /opt/graphdb"
+    mv "$tmpdir/graphdb"/* /opt/graphdb
+fi
+
+# Next make a system group 'graphdb' and system user 'graphdb'. 
+# And also chown the /opt/graphdb directory to that user. 
+# As the user might already exist, we surpress errors of the commands. 
+log_info " => Making GraphDB group and user"
+addgroup --system graphdb || true
+adduser --home "/opt/graphdb" --system --no-create-home --disabled-password --disabled-login --ingroup graphdb graphdb || true
+chown -R graphdb:graphdb /opt/graphdb
+
+# Create a service file to use graphdb with systemd. 
+# This file uses the users created above, and also hard-codes listening address and maximum memory. 
+# This avoids having to write the config file using bash hacks. 
+log_info " => Making 'graphdb.service'"
+cat << "EOF" > /etc/systemd/system/graphdb.service
+[Unit]
+Description=GraphDB
+
+[Service]
+Type=simple
+User=graphdb
+Group=graphdb
+ExecStart=/opt/graphdb/bin/graphdb –Xmx6g -Dgraphdb.connector.address=127.0.0.1
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# We just created a service, so now start it and put it into autostart mode. 
+log_info " => Starting and enabling graphdb.service"
+systemctl enable graphdb
+systemctl start graphdb
+
+# Finally remove the temporary directory we created above. 
+log_info " => Removing temporary directory"
+rm -rf "$tmpdir"
+
+log_info " => Server is now ready to become a factory. "

factory/update.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+set -e
+
+# read the lib/shared.sh and lib/slug.sh
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd "$DIR"
+source "$DIR/lib/lib.sh"
+require_slug_argument
+
+# TODO: Figure out if this is enough. 
+echo " => Running 'composer update'"
+cd "$COMPOSER_DIR"
+drupal_sites_permission_workaround
+composer update