From 4223fd154c921f21f5398f476627e70249ccbd55 Mon Sep 17 00:00:00 2001
From: root <derek@federated.company>
Date: Tue, 6 Jun 2023 19:01:51 +0000
Subject: [PATCH] Fixed backuptool for powerdns and backup one db at a time,
 added gitea mailer, fixed listmonk

---
 bin/backuptool                      | 62 +++++++++++++++++++++++++----
 bin/{gluerecords.sh => gluerecords} |  0
 bin/install-federated               | 10 ++---
 lib/functions.sh                    |  1 +
 lib/gitea.sh                        |  9 +++++
 lib/listmonk.sh                     | 10 ++++-
 lib/wireguard.sh                    |  4 +-
 7 files changed, 79 insertions(+), 17 deletions(-)
 rename bin/{gluerecords.sh => gluerecords} (100%)

diff --git a/bin/backuptool b/bin/backuptool
index 039642d..54511a5 100755
--- a/bin/backuptool
+++ b/bin/backuptool
@@ -25,18 +25,45 @@ createbucket() {
   fi
 }
 listbackup() {
-  echo "* Listing backup files in $SERVICE.."
-  PASSPHRASE=$GPG_PASSPHRASE duplicity list-current-files b2://$B2_APPLICATION_KEY_ID:$B2_APPLICATION_KEY@$UUID/$SERVICE/
+  if [ "$SERVICE" = "all" ]; then
+    echo "* Listing backup files in all services.."
+    for i in "${SERVICES[@]}"; do
+      echo "* Listing backup files in $i.."
+      PASSPHRASE=$GPG_PASSPHRASE duplicity list-current-files b2://$B2_APPLICATION_KEY_ID:$B2_APPLICATION_KEY@$UUID/$i/
+    done
+  else
+    echo "* Listing backup files in $SERVICE.."
+    PASSPHRASE=$GPG_PASSPHRASE duplicity list-current-files b2://$B2_APPLICATION_KEY_ID:$B2_APPLICATION_KEY@$UUID/$SERVICE/
+  fi
 }
 backupservice() {
   echo "* Backing up $SERVICE.."
-
+  
+  # Dump only users and roles for postgresql service
   if [ "$SERVICE" = "postgresql" ]; then
-    docker exec postgresql /bin/bash -c "pg_dumpall -c -U postgres | gzip -9 > /docker-entrypoint-initdb.d/dump_`date +%m-%d-%Y`.sql.gz"
+    docker exec postgresql /bin/bash -c "pg_dumpall --globals-only -c -U postgres | gzip -9 > /docker-entrypoint-initdb.d/dump_$SERVICE.sql.gz"
     PASSPHRASE=$GPG_PASSPHRASE duplicity /federated/apps/$SERVICE b2://$B2_APPLICATION_KEY_ID:$B2_APPLICATION_KEY@$UUID/$SERVICE/
     rm /federated/apps/postgresql/data/docker-entrypoint-initdb.d/dump_*
-  else 
+  elif [ "$SERVICE" = "pdnsmysql" ]; then
+    docker exec -it pdnsmysql mysqldump -uroot -p${MYSQL_PASSWORD} mysql user | gzip -9 > /federated/apps/pdnsmysql/dump_$SERVICE.sql.gz
     PASSPHRASE=$GPG_PASSPHRASE duplicity /federated/apps/$SERVICE b2://$B2_APPLICATION_KEY_ID:$B2_APPLICATION_KEY@$UUID/$SERVICE/
+    rm /federated/apps/pdnsmysql/dump_$SERVICE.sql.gz
+  elif [ "$SERVICE" = "pdns" ]; then
+    docker exec -it pdnsmysql mysqldump -uroot -p${MYSQL_PASSWORD} pdns | gzip -9 > /federated/apps/pdns/dump_$SERVICE.sql.gz
+    PASSPHRASE=$GPG_PASSPHRASE duplicity /federated/apps/$SERVICE b2://$B2_APPLICATION_KEY_ID:$B2_APPLICATION_KEY@$UUID/$SERVICE/
+    rm /federated/apps/pdns/dump_$SERVICE.sql.gz
+  elif [ "$SERVICE" = "pdnsadmin" ]; then
+    docker exec -it pdnsmysql mysqldump -uroot -p${MYSQL_PASSWORD} pdns | gzip -9 > /federated/apps/pdnsadmin/dump_$SERVICE.sql.gz
+    PASSPHRASE=$GPG_PASSPHRASE duplicity /federated/apps/$SERVICE b2://$B2_APPLICATION_KEY_ID:$B2_APPLICATION_KEY@$UUID/$SERVICE/
+    rm /federated/apps/pdnsadmin/dump_$SERVICE.sql.gz
+  else
+  # For all other services, If the postgresql database exists for that service then dump it
+    if [ ! "`docker exec -it postgresql psql -U $SERVICE -c '\q'`" ]; then
+      docker exec postgresql /bin/bash -c "pg_dump $SERVICE -c -U postgres | gzip -9 > /docker-entrypoint-initdb.d/dump_$SERVICE.sql.gz"
+      mv /federated/apps/postgresql/data/docker-entrypoint-initdb.d/dump_$SERVICE.sql.gz /federated/apps/$SERVICE/
+    fi
+    PASSPHRASE=$GPG_PASSPHRASE duplicity /federated/apps/$SERVICE b2://$B2_APPLICATION_KEY_ID:$B2_APPLICATION_KEY@$UUID/$SERVICE/
+    [ -f "/federated/apps/$SERVICE/dump_$SERVICE.sql.gz" ] && rm /federated/apps/$SERVICE/dump_$SERVICE.sql.gz
   fi
 }
 backupserviceall() {
@@ -44,12 +71,30 @@ backupserviceall() {
 
   for i in "${SERVICES[@]}"; do
     echo "** Backing up $i.."
-    if [ "$SERVICE" = "postgresql" ]; then
-      docker exec postgresql /bin/bash -c "pg_dumpall -c -U postgres | gzip -9 > /docker-entrypoint-initdb.d/dump_`date +%m-%d-%Y`.sql.gz"
+    if [ "$i" = "postgresql" ]; then
+      docker exec postgresql /bin/bash -c "pg_dumpall --globals-only -c -U postgres | gzip -9 > /docker-entrypoint-initdb.d/dump_$i.sql.gz"
       PASSPHRASE=$GPG_PASSPHRASE duplicity /federated/apps/$i b2://$B2_APPLICATION_KEY_ID:$B2_APPLICATION_KEY@$UUID/$i/
       rm /federated/apps/postgresql/data/docker-entrypoint-initdb.d/dump_*
-    else
+    elif [ "$i" = "pdnsmysql" ]; then
+      docker exec -it pdnsmysql mysqldump -uroot -p${MYSQL_PASSWORD} mysql user | gzip -9 > /federated/apps/pdnsmysql/dump_$i.sql.gz
       PASSPHRASE=$GPG_PASSPHRASE duplicity /federated/apps/$i b2://$B2_APPLICATION_KEY_ID:$B2_APPLICATION_KEY@$UUID/$i/
+      rm /federated/apps/pdnsmysql/dump_$i.sql.gz
+    elif [ "$i" = "pdns" ]; then
+      docker exec -it pdnsmysql mysqldump -uroot -p${MYSQL_PASSWORD} pdns | gzip -9 > /federated/apps/pdns/dump_$i.sql.gz
+      PASSPHRASE=$GPG_PASSPHRASE duplicity /federated/apps/$i b2://$B2_APPLICATION_KEY_ID:$B2_APPLICATION_KEY@$UUID/$i/
+      rm /federated/apps/pdns/dump_$i.sql.gz
+    elif [ "$i" = "pdnsadmin" ]; then
+      docker exec -it pdnsmysql mysqldump -uroot -p${MYSQL_PASSWORD} pdns | gzip -9 > /federated/apps/pdnsadmin/dump_$i.sql.gz
+      PASSPHRASE=$GPG_PASSPHRASE duplicity /federated/apps/$i b2://$B2_APPLICATION_KEY_ID:$B2_APPLICATION_KEY@$UUID/$i/
+      rm /federated/apps/pdnsadmin/dump_$i.sql.gz
+    else
+      if [ ! "`docker exec -it postgresql psql -U $i -c '\q'`" ]; then
+        docker exec postgresql /bin/bash -c "pg_dump $i -c -U postgres | gzip -9 > /docker-entrypoint-initdb.d/dump_$i.sql.gz"
+        mv /federated/apps/postgresql/data/docker-entrypoint-initdb.d/dump_$i.sql.gz /federated/apps/$i/
+      fi
+      PASSPHRASE=$GPG_PASSPHRASE duplicity /federated/apps/$i b2://$B2_APPLICATION_KEY_ID:$B2_APPLICATION_KEY@$UUID/$i/
+      rm /federated/apps/$i/dump_$i.sql.gz
+      [ -f "/federated/apps/$i/dump_$i.sql.gz" ] && rm /federated/apps/$i/dump_$i.sql.gz
     fi
   done
 }
@@ -112,6 +157,7 @@ fi
 [ -f "/federated/bin/.b2init" ] && UUID=`cat /federated/bin/.b2init`
 [ $LIST_BACKUP ] && listbackup
 [ $RUN_DELETE ] && deletebackup
+MYSQL_PASSWORD=`cat /federated/apps/pdnsmysql/.env | grep MYSQL_ROOT_PASSWORD | awk -F= '{ print $2 }'`
 
 if [ $RUN_RESTORE ]; then
   if printf '%s\0' "${SERVICES[@]}" | grep -Fxqz -- "$SERVICE"; then
diff --git a/bin/gluerecords.sh b/bin/gluerecords
similarity index 100%
rename from bin/gluerecords.sh
rename to bin/gluerecords
diff --git a/bin/install-federated b/bin/install-federated
index 75755cd..861373c 100755
--- a/bin/install-federated
+++ b/bin/install-federated
@@ -68,10 +68,10 @@ get_config() {
     failcheck "$DOMAIN is not a valid domain.com or sub.domain.com"
   fi
 
-  ADMINPASS=$(create_password);
-  echo "$ADMINPASS" > /federated/bin/.adminpass
-  LISTMONKPASS=$(create_password);
-  echo "$LISTMONKPASS" >> /federated/bin/.adminpass
+#  ADMINPASS=$(create_password);
+#  echo "$ADMINPASS" > /federated/bin/.adminpass
+#  LISTMONKPASS=$(create_password);
+#  echo "$LISTMONKPASS" >> /federated/bin/.adminpass
 }
 
 while getopts d OPTION; do
@@ -98,7 +98,7 @@ config_network
 # Configure and start each federated service
 for i in "${SERVICES[@]}"; do
 	config_$i
-	start_$i
+#	start_$i
 done
 
 # Add cron jobs for backup, upgrade, dumpcerts
diff --git a/lib/functions.sh b/lib/functions.sh
index a2415a9..1cd31ba 100644
--- a/lib/functions.sh
+++ b/lib/functions.sh
@@ -352,6 +352,7 @@ EOF
 cat /federated/apps/wireguard/data/config/peer1/peer1.conf >> /federated/apps/mail/data/root/certs/mailfile
 
 cat >> /federated/apps/mail/data/root/certs/mailfile <<EOF
+
 Additional information about the VPN service can be found at https://documentation.federated.computer/docs/core_applications/vpn.
 
 PowerDNS: https://powerdns.{domain.com}
diff --git a/lib/gitea.sh b/lib/gitea.sh
index 189b83c..45514ac 100644
--- a/lib/gitea.sh
+++ b/lib/gitea.sh
@@ -63,6 +63,15 @@ GITEA__database__HOST=postgresql.$DOMAIN:5432
 GITEA__database__NAME=gitea
 GITEA__database__USER=gitea
 GITEA__database__PASSWD=$GITEA_SECRET
+GITEA__database__SSL_MODE=verify-full
+GITEA__mailer__ENABLED=true
+GITEA__mailer__FROM=gitea@gitea.$DOMAIN
+GITEA__mailer__MAILER_TYPE=smtp
+GITEA__mailer__SMTP_PORT=587
+GITEA__mailer__HOST=mail.$DOMAIN
+GITEA__mailer__IS_TLS_ENABLED=true
+GITEA__mailer__USER=admin
+GITEA__mailer__PASSWD=$ADMINPASS
 GITEA__security__INSTALL_LOCK=true
 GITEA__server__ROOT_URL=https://gitea.$DOMAIN
 GITEA__server__DOMAIN=$DOMAIN
diff --git a/lib/listmonk.sh b/lib/listmonk.sh
index aead03e..632cdf3 100644
--- a/lib/listmonk.sh
+++ b/lib/listmonk.sh
@@ -23,7 +23,7 @@ services:
     hostname: listmonk.$DOMAIN
     domainname: $DOMAIN
     restart: always
-    command: [sh, -c, "yes | ./listmonk --install --config config.toml && ./listmonk --config config.toml"]
+#    command: [sh, -c, "yes | ./listmonk --install --config config.toml && ./listmonk --config config.toml"]
     networks:
       federated:
         ipv4_address: 172.99.0.21
@@ -72,6 +72,14 @@ kill -9 $SPINPID &> /dev/null
 echo -ne "done."
 }
 start_listmonk() {
+  # Install the database scheme first
+  docker-compose -f /federated/apps/listmonk/docker-compose.yml run --rm listmonk ./listmonk --install --yes
+
+  # Change app.root_url and other settings to our domain
+  docker exec -it postgresql psql -U listmonk -c "update settings set value='\"http://listmonk.$DOMAIN\"' where key='app.root_url'"
+  docker exec -it postgresql psql -U listmonk -c "update settings set value='\"listmonk <listmonk@listmonk.$DOMAIN>\"' where key='app.from_email'"
+  docker exec -it postgresql psql -U listmonk -c "update settings set value='[{\"host\": \"mail.$DOMAIN\", \"port\": 587, \"enabled\": true, \"password\": \"$ADMINPASS\", \"tls_type\": \"STARTTLS\", \"username\": \"admin\", \"max_conns\": 10, \"idle_timeout\": \"15s\", \"wait_timeout\": \"5s\", \"auth_protocol\": \"login\", \"email_headers\": [], \"hello_hostname\": \"\", \"max_msg_retries\": 2, \"tls_skip_verify\": false}, {\"host\": \"smtp.gmail.com\", \"port\": 465, \"enabled\": false, \"password\": \"password\", \"tls_type\": \"TLS\", \"username\": \"username@gmail.com\", \"max_conns\": 10, \"idle_timeout\": \"15s\", \"wait_timeout\": \"5s\", \"auth_protocol\": \"login\", \"email_headers\": [], \"hello_hostname\": \"\", \"max_msg_retries\": 2, \"tls_skip_verify\": false}]' where key='smtp';"
+
   # Grab the container IP from docker-compose above
   SERVICE_IP=`grep ipv4_address /federated/apps/listmonk/docker-compose.yml | awk '{ print $2 }'`
 
diff --git a/lib/wireguard.sh b/lib/wireguard.sh
index 0990b23..f1c826d 100644
--- a/lib/wireguard.sh
+++ b/lib/wireguard.sh
@@ -29,6 +29,7 @@ services:
       - 51820:51820/udp
     volumes:
       - ./data/config:/config
+      - ./data/etc/coredns/Corefile:/etc/coredns/Corefile
       - /lib/modules:/lib/modules
     env_file:
       - ./.env
@@ -56,9 +57,6 @@ LOG_CONFS=true
 EOF
 chmod 600 /federated/apps/wireguard/.env
 
-# Create the A records for domain
-for i in ns1 ns2 pdnsadmin powerdns traefik mail www computer panel nextcloud collabora jitsi matrix element listmonk vaultwarden vpn wireguard baserow gitea blog documentation; do
-
 cat /federated/apps/wireguard/data/config/coredns/Corefile <<EOF
 . {
     hosts {