diff --git a/bin/start.sh b/bin/start.sh index 968d616..6ad7e16 100755 --- a/bin/start.sh +++ b/bin/start.sh @@ -3,7 +3,7 @@ # Federated Start Script usage() { - echo "$0: all|dns|postgresql|ldap|mail|collabora|nextcloud|matrix|element|jitsi|listmonk|vaultwarden|panel|proxy|wireguard|connector|baserow|calcom" + echo "$0: all|dns|postgresql|ldap|mail|collabora|nextcloud|matrix|element|jitsi|listmonk|vaultwarden|panel|proxy|wireguard|connector|baserow|calcom|gitea|caddy" exit 2 } startservice() { @@ -11,7 +11,7 @@ startservice() { cd /federated/apps/$SERVICE && docker-compose -f docker-compose.yml -p $SERVICE up -d } startservice_all() { - for i in dns postgresql ldap mail collabora nextcloud matrix element jitsi listmonk vaultwarden panel proxy wireguard connector baserow calcom; do + for i in dns postgresql ldap mail collabora nextcloud matrix element jitsi listmonk vaultwarden panel proxy wireguard connector baserow calcom gitea caddy; do echo "* Starting $i.." cd /federated/apps/$i && docker-compose -f docker-compose.yml -p $i up -d done @@ -22,6 +22,6 @@ SERVICE=$1 case "$SERVICE" in all) startservice_all;; - dns|postgresql|ldap|mail|collabora|nextcloud|matrix|element|jitsi|listmonk|vaultwarden|panel|proxy|wireguard|connector|baserow|calcom) startservice;; + dns|postgresql|ldap|mail|collabora|nextcloud|matrix|element|jitsi|listmonk|vaultwarden|panel|proxy|wireguard|connector|baserow|calcom|gitea|caddy) startservice;; *) usage;; esac diff --git a/bin/stop.sh b/bin/stop.sh index 187606f..5159f88 100755 --- a/bin/stop.sh +++ b/bin/stop.sh @@ -3,7 +3,7 @@ # Federated Stop Script usage() { - echo "$0: all|dns|postgresql|ldap|mail|collabora|nextcloud|matrix|element|jitsi|listmonk|vaultwarden|panel|proxy|wireguard|connector|baserow|calcom" + echo "$0: all|dns|postgresql|ldap|mail|collabora|nextcloud|matrix|element|jitsi|listmonk|vaultwarden|panel|proxy|wireguard|connector|baserow|calcom|gitea|caddy" exit 2 } stopservice() { @@ -11,7 +11,7 @@ stopservice() { cd /federated/apps/$SERVICE && docker-compose -f docker-compose.yml -p $SERVICE down } stopservice_all() { - for i in dns postgresql ldap mail collabora nextcloud matrix element jitsi listmonk vaultwarden panel proxy wireguard connector baserow calcom; do + for i in dns postgresql ldap mail collabora nextcloud matrix element jitsi listmonk vaultwarden panel proxy wireguard connector baserow calcom gitea caddy; do echo "* Stopping $i.." cd /federated/apps/$i && docker-compose -f docker-compose.yml -p $i down done @@ -22,6 +22,6 @@ SERVICE=$1 case "$SERVICE" in all) stopservice_all;; - dns|postgresql|ldap|mail|collabora|nextcloud|matrix|element|jitsi|listmonk|vaultwarden|panel|proxy|wireguard|connector|baserow|calcom) stopservice;; + dns|postgresql|ldap|mail|collabora|nextcloud|matrix|element|jitsi|listmonk|vaultwarden|panel|proxy|wireguard|connector|baserow|calcom|gitea|caddy) stopservice;; *) usage;; esac diff --git a/lib/caddy.sh b/lib/caddy.sh index dd9741c..840d458 100644 --- a/lib/caddy.sh +++ b/lib/caddy.sh @@ -11,6 +11,7 @@ config_caddy() { if [ ! -d "/federated/apps/caddy" ]; then mkdir -p /federated/apps/caddy/data/data + mkdir -p /federated/apps/caddy/data/srv mkdir -p /federated/apps/caddy/data/etc/caddy fi @@ -32,10 +33,11 @@ services: federated: ipv4_address: 172.99.0.31 extra_hosts: - - "gitea.$DOMAIN:164.92.112.207" + - "gitea.$DOMAIN:$EXTERNALIP" env_file: - ./.env volumes: + - ./data/srv:/srv - ./data/etc/caddy/Caddyfile:/etc/caddy/Caddyfile - ./data/data:/data @@ -47,27 +49,57 @@ EOF cat > /federated/apps/caddy/.env < /federated/apps/caddy/data/etc/caddy/Caddyfile < /dev/null @@ -75,7 +107,7 @@ echo -ne "done." } start_caddy() { # Start service with command to make sure it's up before proceeding - start_service "caddy" "nc -z 172.99.0.31 2019 &> /dev/null" + start_service "caddy" "nc -z 172.99.0.31 80 &> /dev/null" kill -9 $SPINPID &> /dev/null echo -ne "done." diff --git a/lib/dns.sh b/lib/dns.sh index d90d432..38a97dd 100644 --- a/lib/dns.sh +++ b/lib/dns.sh @@ -190,6 +190,8 @@ vpn IN A $EXTERNALIP connector IN A $EXTERNALIP baserow IN A $EXTERNALIP calcom IN A $EXTERNALIP +blog IN A $EXTERNALIP +documentation IN A $EXTERNALIP $DOMAIN. IN A $EXTERNALIP EOF diff --git a/lib/element.sh b/lib/element.sh index 74b14aa..bd1eeb3 100644 --- a/lib/element.sh +++ b/lib/element.sh @@ -130,39 +130,10 @@ EOF kill -9 $SPINPID &> /dev/null echo -ne "done." } - start_element() { - # Start /federated/apps/element with output to /dev/null - echo -ne "\n* Starting /federated/apps/element service.." - spin & - SPINPID=$! + # Start service with command to make sure it's up before proceeding + start_service "element" "nc -z 172.99.0.18 80 &> /dev/null" - if [ $DEBUG ]; then - # Start /federated/apps/element with output to console for debug - docker-compose -f /federated/apps/element/docker-compose.yml -p element up - [ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/element" - else - docker-compose -f /federated/apps/element/docker-compose.yml -p element up -d &> /dev/null - - # Keep trying element port 80 to make sure it's up - # before we proceed - RETRY="30" - while [ $RETRY -gt 0 ]; do - nc -z 172.99.0.18 80 &> /dev/null - if [ $? -eq 0 ]; then - break - else - if [ "$RETRY" == 1 ]; then - docker-compose -f /federated/apps/element/docker-compose.yml -p element down &> /dev/null - kill -9 $SPINPID &> /dev/null - fail "There was a problem starting service /federated/apps/element\nCheck the output of 'docker logs element' or turn on\ndebug with -d" - fi - ((RETRY--)) - sleep 7 - fi - done - fi - kill -9 $SPINPID &> /dev/null echo -ne "done." } diff --git a/lib/functions.sh b/lib/functions.sh index 36e7bf0..9d017ad 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -114,7 +114,7 @@ password managers. https://vaultwarden.$DOMAIN Baserow: Easy Database. Replacement for Airtable. Build amazing, easy to create on-line databases to be used by your team. -https://baserom.$DOMAIN +https://baserow.$DOMAIN Cal.com: Easy scheduling. Create easy links so that others can easily schedule time on your calendar without the annoying back-and-forth. @@ -225,8 +225,8 @@ check_ports() { fi } check_os() { - OSRELEASE=`grep "VERSION_ID=" /etc/os-release | awk -F\" '{ print $2 }'` - if [ "$OSRELEASE" != "22.04" ]; then + VERSIONID=`grep "VERSION_ID=" /etc/os-release | awk -F\" '{ print $2 }'` + if [ "$VERSIONID" != "22.04" ]; then echo -ne "\nFederated requires a minimum of 4G of RAM and 25G of storage\n \ running Ubuntu 22.04 LTS. Your system is not supported. Please contact\n \ Federated @ support@federated.computer for assistance or choose our\n \ diff --git a/lib/gitea.sh b/lib/gitea.sh index 576cb63..2ab9ded 100644 --- a/lib/gitea.sh +++ b/lib/gitea.sh @@ -31,7 +31,9 @@ services: federated: ipv4_address: 172.99.0.30 extra_hosts: - - "www.$DOMAIN:164.92.112.207" + - "www.$DOMAIN:$EXTERNALIP" + - "blog.$DOMAIN:$EXTERNALIP" + - "documentation.$DOMAIN:$EXTERNALIP" ports: - 22:22 env_file: @@ -46,8 +48,10 @@ networks: external: true EOF +#GITEA_SECRET="RbzalooGM4BbQug6wvRaklR7NeN0GRSA" + cat > /federated/apps/gitea/.env < /federated/apps/gitea/data/creategitea.sh </dev/null | awk -F: '{ print \$4 }' | awk -F\" '{ print \$2 }'\` +GITEA_TOKEN_2=\`curl -H "Content-Type: application/json" -d '{"name":"gitea2","scopes":["all"]}' -u gitea:$ADMINPASS http://gitea.$DOMAIN:3000/api/v1/users/gitea/tokens 2>/dev/null | awk -F: '{ print \$4 }' | awk -F\" '{ print \$2 }'\` -# Create the repository hugowebsite -curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"hugowebsite","auto_init":true,"default_branch":"master"}' +# Create the repository website, blog, and documentation +#curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"www.$DOMAIN","auto_init":true,"default_branch":"master"}' +#curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"blog.$DOMAIN","auto_init":true,"default_branch":"master"}' +#curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"documentation.$DOMAIN","auto_init":true,"default_branch":"master"}' -# Create the webhook inside the hugowebsite repository -curl -X 'POST' \ - 'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/hugowebsite/hooks' \ +# Create the repository and webhooks +for i in www blog documentation; do + # Create the repository + curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"$i.$DOMAIN","auto_init":true,"default_branch":"master"}' + # Create the webhook + curl -X 'POST' \ + 'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/$i.$DOMAIN/hooks' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -H "Authorization: token \$GITEA_TOKEN_2" \ @@ -91,7 +101,46 @@ curl -X 'POST' \ "push" ], "type": "gitea" -}' + }' +done + +# Create the webhook inside the blog repository +#curl -X 'POST' \ +# 'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/blog.$DOMAIN/hooks' \ +# -H 'accept: application/json' \ +# -H 'Content-Type: application/json' \ +# -H "Authorization: token \$GITEA_TOKEN_2" \ +# -d '{ +# "active": true, +# "config": { +# "content_type": "json", +# "url": "https://blog.$DOMAIN/webhook", +# "secret": "$WEBHOOK_SECRET" +# }, +# "events": [ +# "push" +# ], +# "type": "gitea" +#}' + +# Create the webhook inside the documentation repository +#curl -X 'POST' \ +# 'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/documentation.$DOMAIN/hooks' \ +# -H 'accept: application/json' \ +# -H 'Content-Type: application/json' \ +# -H "Authorization: token \$GITEA_TOKEN_2" \ +# -d '{ +# "active": true, +# "config": { +# "content_type": "json", +# "url": "https://documentation.$DOMAIN/webhook", +# "secret": "$WEBHOOK_SECRET" +# }, +# "events": [ +# "push" +# ], +# "type": "gitea" +#}' EOF chmod +x /federated/apps/gitea/data/creategitea.sh @@ -102,14 +151,20 @@ start_gitea() { # Start service with command to make sure it's up before proceeding start_service "gitea" "nc -z 172.99.0.30 3000 &> /dev/null" + # Copy creategitea.sh inside gitea container mv /federated/apps/gitea/data/creategitea.sh /federated/apps/gitea/data/data/creategitea.sh + [ $? -ne 0 ] && fail "Couldn't mv creategitea.sh inside /federated/apps/gitea container" + + # Create admin user gitea docker exec --user 1000 gitea gitea admin user create --admin --username gitea --password $ADMINPASS --email admin@$DOMAIN [ $? -ne 0 ] && fail "Couldn't run gitea user create inside /federated/apps/gitea container" + # Run creategitea.sh inside gitea container docker exec -it gitea /data/creategitea.sh [ $? -ne 0 ] && fail "Couldn't run creategitea.sh inside /federated/apps/gitea container" - GITEA_TOKEN_1=`docker exec -it gitea curl -H "Content-Type: application/json" -d '{"name":"gitea1"}' -u gitea:$ADMINPASS http://gitea.$DOMAIN:3000/api/v1/users/gitea/tokens 2>/dev/null | awk -F: '{ print $4 }' | awk -F\" '{ print $2 }'` + # Create token to use for Caddy starting up next + GITEA_TOKEN_1=`docker exec -it gitea curl -H "Content-Type: application/json" -d '{"name":"gitea1","scopes":["all"]}' -u gitea:$ADMINPASS http://gitea.$DOMAIN:3000/api/v1/users/gitea/tokens 2>/dev/null | awk -F: '{ print $4 }' | awk -F\" '{ print $2 }'` [ $? -ne 0 ] && fail "Couldn't run gitea curl to get token inside /federated/apps/gitea container" kill -9 $SPINPID &> /dev/null diff --git a/lib/nextcloud.sh b/lib/nextcloud.sh index 5e84e36..a6ae918 100644 --- a/lib/nextcloud.sh +++ b/lib/nextcloud.sh @@ -50,7 +50,6 @@ services: secrets: - federated_psql_password - federated_nextcloud_password - command: [ "/root/nextcloud.sh" ] secrets: federated_psql_password: @@ -83,61 +82,6 @@ POSTGRES_PASSWORD_FILE=/run/secrets/federated_psql_password EOF chmod 600 /federated/apps/nextcloud/.env -cat > /federated/apps/nextcloud/data/root/supervisord.conf <<'EOF' -[supervisord] -nodaemon=true -logfile=/var/log/supervisord/supervisord.log -pidfile=/var/run/supervisord/supervisord.pid -childlogdir=/var/log/supervisord/ -logfile_maxbytes=50MB ; maximum size of logfile before rotation -logfile_backups=10 ; number of backed up logfiles -loglevel=error - -[program:apache2] -stdout_logfile=/dev/stdout -stdout_logfile_maxbytes=0 -stderr_logfile=/dev/stderr -stderr_logfile_maxbytes=0 -command=apache2-foreground - -[program:sshd] -stdout_logfile=/dev/stdout -stdout_logfile_maxbytes=0 -stderr_logfile=/dev/stderr -stderr_logfile_maxbytes=0 -command=service ssh start -EOF - -cat > /federated/apps/nextcloud/data/root/nextcloud.sh <<'EOF' -#!/bin/sh -x - -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -if [ ! -e /root/.init ]; then - echo "First start and initialization" - apt update -y && apt-get install ssh -y - apt-get install python3 -y && apt-get install sudo -y - - echo 'ansible ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers \ - && useradd -m ansible -s /bin/bash \ - && sudo -u ansible mkdir /home/ansible/.ssh \ - && mkdir -p /var/run/sshd - - apt-get install -y supervisor \ - && rm -rf /var/lib/apt/lists/* \ - && mkdir /var/log/supervisord /var/run/supervisord - - touch /root/.init - export NEXTCLOUD_UPDATE=1 - /usr/bin/supervisord -c /root/supervisord.conf -else - echo "Already Initialized, running supervisord" - export NEXTCLOUD_UPDATE=1 - /usr/bin/supervisord -c /root/supervisord.conf -fi -EOF -chmod +x /federated/apps/nextcloud/data/root/nextcloud.sh - cat > /federated/apps/nextcloud/data/configs.json < /federated/apps/panel/ansible_hosts < /federated/apps/panel/Dockerfile <> /etc/sudoers \ -&& useradd -m ansible -s /bin/bash \ -&& sudo -u ansible mkdir /home/ansible/.ssh && mkdir /etc/ansible -RUN sudo -u ansible ssh-keygen -q -t rsa -N '' -f /home/ansible/.ssh/id_rsa - -COPY ansible_hosts /etc/ansible/hosts -COPY new_user.php /opt/ldap_user_manager/account_manager/ -EOF - cat > /federated/apps/panel/docker-compose.yml < /dev/null echo -ne "done." } - start_panel() { - # Start /federated/apps/panel with output to /dev/null - echo -ne "\n* Starting /federated/apps/panel service.." - spin & - SPINPID=$! - - if [ $DEBUG ]; then - # Start /federated/apps/panel with output to console for debug - docker-compose -f /federated/apps/panel/docker-compose.yml -p panel up --build - [ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/panel" - else - docker-compose -f /federated/apps/panel/docker-compose.yml -p panel up --build -d &> /dev/null - - # Keep trying panel port 443 to make sure it's up - # before we proceed - RETRY="30" - while [ $RETRY -gt 0 ]; do - nc -z 172.99.0.21 80 &> /dev/null - if [ $? -eq 0 ]; then - break - else - if [ "$RETRY" == 1 ]; then - docker-compose -f /federated/apps/panel/docker-compose.yml -p panel down &> /dev/null - kill -9 $SPINPID &> /dev/null - fail "There was a problem starting service /federated/apps/panel\nCheck the output of 'docker logs panel' or turn on\ndebug with -d" - fi - ((RETRY--)) - sleep 7 - fi - done - fi - - # Insert ansible key into nextcloud - KEY=`docker exec -it panel bash -c "cat /home/ansible/.ssh/id_rsa.pub"` - docker exec -it nextcloud bash -c "echo $KEY > /home/ansible/.ssh/authorized_keys" + # Start service with command to make sure it's up before proceeding + start_service "panel" "nc -z 172.99.0.21 80 &> /dev/null" kill -9 $SPINPID &> /dev/null echo -ne "done."