bero/test
1
0
Fork 0
Code Issues 52 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Removed old files

Browse Source
This commit is contained in:
root 2024-07-17 14:37:10 +00:00
parent 933c0974a2
commit 46978df205
18 changed files with 0 additions and 4320 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
bin/install-federated.old
View File

@ -1,116 +0,0 @@
#!/bin/bash -x
#
# Federated installation script
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
. /federated/lib/functions.sh
. /federated/lib/network.sh
trap cleanup `seq 1 15`
get_config() {
# FSTACKURL="http://137.184.95.3:8000"
# [ ! -d "/federated/lib" ] && mkdir -p /federated/lib
# Download each library file
# for i in checks network dns ldap mail; do
# if [ ! -f "/federated/lib/$i.sh" ]; then
# curl $FSTACKURL/$i.sh -o /federated/lib/$i.sh -s -f &> /dev/null
# [ $? -ne 0 ] && failcheck "Couldn't download $i.sh"
# fi
# done
COUNTRIES=("AF" "AL" "DZ" "AS" "AD" "AO" "AI" "AQ" "AG" "AR" "AM" "AW" "AU" "AT" "AZ" "BS" "BH" "BD" "BB" "BY" "BE" "BZ" "BJ" "BM" "BT" "BO" "BO" "BA" "BW" "BV" "BR" "IO" "BN" "BN" "BG" "BF" "BI" "KH" "CM" "CA" "CV" "KY" "CF" "TD" "CL" "CN" "CX" "CC" "CO" "KM" "CG" "CD" "CK" "CR" "CI" "CI" "HR" "CU" "CY" "CZ" "DK" "DJ" "DM" "DO" "EC" "EG" "SV" "GQ" "ER" "EE" "ET" "FK" "FO" "FJ" "FI" "FR" "GF" "PF" "TF" "GA" "GM" "GE" "DE" "GH" "GI" "GR" "GL" "GD" "GP" "GU" "GT" "GG" "GN" "GW" "GY" "HT" "HM" "VA" "HN" "HK" "HU" "IS" "IN" "ID" "IR" "IQ" "IE" "IM" "IL" "IT" "JM" "JP" "JE" "JO" "KZ" "KE" "KI" "KP" "KR" "KR" "KW" "KG" "LA" "LV" "LB" "LS" "LR" "LY" "LY" "LI" "LT" "LU" "MO" "MK" "MG" "MW" "MY" "MV" "ML" "MT" "MH" "MQ" "MR" "MU" "YT" "MX" "FM" "MD" "MC" "MN" "ME" "MS" "MA" "MZ" "MM" "MM" "NA" "NR" "NP" "NL" "AN" "NC" "NZ" "NI" "NE" "NG" "NU" "NF" "MP" "NO" "OM" "PK" "PW" "PS" "PA" "PG" "PY" "PE" "PH" "PN" "PL" "PT" "PR" "QA" "RE" "RO" "RU" "RU" "RW" "SH" "KN" "LC" "PM" "VC" "VC" "VC" "WS" "SM" "ST" "SA" "SN" "RS" "SC" "SL" "SG" "SK" "SI" "SB" "SO" "ZA" "GS" "SS" "ES" "LK" "SD" "SR" "SJ" "SZ" "SE" "CH" "SY" "TW" "TW" "TJ" "TZ" "TH" "TL" "TG" "TK" "TO" "TT" "TN" "TR" "TM" "TC" "TV" "UG" "UA" "AE" "GB" "US" "UM" "UY" "UZ" "VU" "VE" "VE" "VN" "VN" "VG" "VI" "WF" "EH" "YE" "ZM" "ZW")
if [ -f "/etc/federated" ]; then
. /etc/federated
[ -z "$DOMAIN" ] && failcheck "/etc/federated doesn't include DOMAIN"
[ -z "$COMPANY" ] && failcheck "/etc/federated doesn't include COMPANY"
[ -z "$COUNTRY" ] && failcheck "/etc/federated doesn't include COUNTRY"
[ -z "$BUNDLE" ] && failcheck "/etc/federated doesn't include BUNDLE"
if ! printf '%s\0' "${COUNTRIES[@]}" | grep -Fxqz -- "$COUNTRY"; then
failcheck "$COUNTRY is not a valid country code. Use US, GB, HK, etc"
fi
[ -z "$B2_APPLICATION_KEY_ID" ] && echo -ne "\nWarning: B2_APPLICATION_KEY_ID doesn't exist in /etc/federated\nBackups will be disabled"
[ -z "$B2_APPLICATION_KEY" ] && echo -ne "\nWarning: B2_APPLICATION_KEY doesn't exist in /etc/federated\nBackups will be disabled"
else
failcheck "/etc/federated doesn't exist"
fi
# Setup DOMAIN variable for domain or subdomain
DOMAIN_ARRAY=(${DOMAIN//./ })
if [ "${#DOMAIN_ARRAY[@]}" -eq "2" ]; then
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
elif [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_MIDDLE=${DOMAIN_ARRAY[1]}
DOMAIN_LAST=${DOMAIN_ARRAY[2]}
else
failcheck "$DOMAIN is not a valid domain.com or sub.domain.com"
fi
}
while getopts d OPTION; do
case "$OPTION" in
d) DEBUG=ON;;
esac
done
# Download lib scripts and take in setup variables
get_config
echo -ne "\nStarting Federated install for $DOMAIN\n"
# Check that we have docker installed. Check that
# we have all ports available and not in use
check_docker
check_os
#check_memory
check_ports
# Configure docker private network
config_network
# Setup SERVICES array to what bundle
if [ "$BUNDLE" = "starter" ]; then
SERVICES=("pdnsmysql" "pdns" "pdnsadmin" "traefik" "postgresql" "ldap" "mail" "collabora" "nextcloud" "autodiscover" "panel" "vaultwarden")
elif [ "$BUNDLE" = "team" ]; then
SERVICES=("pdnsmysql" "pdns" "pdnsadmin" "traefik" "postgresql" "ldap" "mail" "collabora" "nextcloud" "autodiscover" "panel" "vaultwarden" "matrix" "element" "coturn" "wordpress" "freescout" "espocrm")
elif [ "$BUNDLE" = "creator" ]; then
SERVICES=("pdnsmysql" "pdns" "pdnsadmin" "traefik" "postgresql" "ldap" "mail" "collabora" "nextcloud" "autodiscover" "panel" "vaultwarden" "matrix" "element" "coturn" "wordpress")
elif [ "$BUNDLE" = "enterprise" ]; then
SERVICES=("pdnsmysql" "pdns" "pdnsadmin" "traefik" "postgresql" "ldap" "mail" "collabora" "nextcloud" "matrix" "element" "listmonk" "vaultwarden" "panel" "wireguard" "jitsi" "baserow" "gitea" "caddy" "autodiscover" "castopod" "wordpress" "coturn" "bookstack" "freescout" "msp" "espocrm")
else
SERVICES=("pdnsmysql" "pdns" "pdnsadmin" "traefik" "postgresql" "ldap" "mail" "collabora" "nextcloud" "matrix" "element" "listmonk" "vaultwarden" "panel" "wireguard" "jitsi" "baserow" "gitea" "caddy" "autodiscover" "castopod" "wordpress" "coturn" "bookstack" "freescout" "msp" "espocrm")
fi
# Get apps that need to be installed and create array for it
#IFS=$'\n' read -r -d '' -a CORE_APPS_LIST < <(awk -F',' '{ for( i=1; i<=NF; i++ ) print $i }' <<<"$CORE_APPS")
#IFS=$'\n' read -r -d '' -a EXTRA_APPS_LIST < <(awk -F',' '{ for( i=1; i<=NF; i++ ) print $i }' <<<"$EXTRA_APPS")
#SERVICES=("${CORE_APPS_LIST[@]}" "${EXTRA_APPS_LIST[@]}")
# Configure and start each federated app
for i in "${SERVICES[@]}"; do
. /federated/lib/$i.sh
config_$i
start_$i
done
# Add cron jobs for backup, upgrade, dumpcerts
add_cron
# Print out federated environment details
echo -ne "\n\n"
if [ "$BUNDLE" = "starter" ]; then
print_details_starter
elif [ "$BUNDLE" = "team" ]; then
print_details_team
elif [ "$BUNDLE" = "creator" ]; then
print_details_creator
elif [ "$BUNDLE" = "enterprise" ]; then
print_details
else
print_details
fi
echo -ne "\n\n"
exit 0

123
bin/start.old
View File

@ -1,123 +0,0 @@
#!/bin/bash
#
# Federated Start Script
. /federated/lib/functions.sh
. /etc/federated
usage() {
printf -v SERVICES_JOINED '%s|' "${SERVICES[@]}"
echo "$0: ${SERVICES_JOINED%|}"
exit 2
}
startservice_jitsi() {
if [ "$(docker container inspect -f '{{.State.Status}}' jitsi_web_1 2>/dev/null)" = "running" ]; then
echo -ne "* $SERVICE is already running.\n"
else
if [ -z "$ALERTS_EMAIL" ]; then
spin &
SPINPID=$!
NC_COMMAND=`grep start_service /federated/lib/$SERVICE.sh | awk -F\" '{ print $4 }'`
RETRY=`grep start_service /federated/lib/jitsi.sh | awk -F\" '{ print $6 }'`
start_service_withalert "jitsi" "$NC_COMMAND" "$RETRY" "no"
disown $SPINPID &> /dev/null
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
else
spin &
SPINPID=$!
NC_COMMAND=`grep start_service /federated/lib/$SERVICE.sh | awk -F\" '{ print $4 }'`
RETRY=`grep start_service /federated/lib/jitsi.sh | awk -F\" '{ print $6 }'`
start_service_withalert "$SERVICE" "$NC_COMMAND" "$RETRY" "yes"
disown $SPINPID &> /dev/null
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
fi
fi
}
startservice() {
if [ "$(docker container inspect -f '{{.State.Status}}' $SERVICE 2>/dev/null)" = "running" ]; then
echo -ne "* $SERVICE is already running.\n"
else
if [ -z "$ALERTS_EMAIL" ]; then
NC_COMMAND=`grep start_service /federated/lib/$SERVICE.sh | awk -F\" '{ print $4 }'`
RETRY=`grep start_service /federated/lib/$SERVICE.sh | awk -F\" '{ print $6 }'`
eval start_service_withalert "$SERVICE" "$NC_COMMAND" "$RETRY" "no"
disown $SPINPID &> /dev/null
kill -9 $SPINPID &> /dev/null
echo -ne "done."
else
spin &
SPINPID=$!
NC_COMMAND=`grep start_service /federated/lib/$SERVICE.sh | awk -F\" '{ print $4 }'`
RETRY=`grep start_service /federated/lib/$SERVICE.sh | awk -F\" '{ print $6 }'`
eval start_service_withalert "$SERVICE" "$NC_COMMAND" "$RETRY" "yes"
disown $SPINPID &> /dev/null
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
fi
fi
}
startservice_all() {
for SERVICE in "${SERVICES[@]}"; do
# If app isn't installed then skip
[ ! -d "/federated/apps/$SERVICE" ] && echo "* $SERVICE not installed, skipping." && continue
FAILED="no"
if [ "$SERVICE" = "jitsi" ]; then
if [ "$(docker container inspect -f '{{.State.Status}}' jitsi_web_1 2>/dev/null)" = "running" ]; then
echo -ne "* $SERVICE is already running.\n"
else
startservice_jitsi
fi
else
if [ "$(docker container inspect -f '{{.State.Status}}' $SERVICE 2>/dev/null)" = "running" ]; then
echo -ne "* $SERVICE is already running.\n"
else
if [ -z "$ALERTS_EMAIL" ]; then
spin &
SPINPID=$!
NC_COMMAND=`grep start_service /federated/lib/$SERVICE.sh | awk -F\" '{ print $4 }'`
RETRY=`grep start_service /federated/lib/$SERVICE.sh | awk -F\" '{ print $6 }'`
eval start_service_withalert "$SERVICE" "$NC_COMMAND" "$RETRY" "no"
disown $SPINPID &> /dev/null
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
else
spin &
SPINPID=$!
NC_COMMAND=`grep start_service /federated/lib/$SERVICE.sh | awk -F\" '{ print $4 }'`
RETRY=`grep start_service /federated/lib/$SERVICE.sh | awk -F\" '{ print $6 }'`
eval start_service_withalert "$SERVICE" "$NC_COMMAND" "$RETRY" "yes"
disown $SPINPID &> /dev/null
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
fi
fi
fi
done
}
#get_installedapps
[ $# != 1 ] && usage
SERVICE=$1
if [ "$SERVICE" = "jitsi" ]; then
startservice_jitsi
elif [ "$SERVICE" = "all" ]; then
startservice_all
elif printf '%s\0' "${SERVICES[@]}" | grep -Fxqz -- "$SERVICE"; then
startservice
else
usage
fi

104
lib/baserow.sh.old
View File

@ -1,104 +0,0 @@
#!/bin/bash
#
# Baserow Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_baserow() {
echo -ne "\n* Configuring /federated/apps/baserow container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/baserow" ]; then
mkdir -p /federated/apps/baserow/data/baserow/data
fi
cat > /federated/apps/baserow/docker-compose.yml <<EOF
version: '3.7'
services:
baserow:
image: baserow/baserow:\${IMAGE_VERSION}
container_name: baserow
hostname: baserow.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.29
env_file:
- ./.env
volumes:
- ./data/baserow/data:/baserow/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.baserow.rule=Host(\`baserow.$DOMAIN\`)"
- "traefik.http.routers.baserow.entrypoints=websecure"
- "traefik.http.routers.baserow.tls.certresolver=letsencrypt"
networks:
federated:
external: true
EOF
cat > /federated/apps/baserow/.env <<EOF
IMAGE_VERSION="1.18.0"
BASEROW_PUBLIC_URL=https://baserow.$DOMAIN
DATABASE_HOST=postgresql.$DOMAIN
DATABASE_NAME=baserow
DATABASE_USER=baserow
DATABASE_PASSWORD_FILE=/baserow/data/.federated.postgresql.secret
DATABASE_PORT=5432
BASEROW_AMOUNT_OF_WORKERS=1
BASEROW_AMOUNT_OF_GUNICORN_WORKERS=1
BASEROW_RUN_MINIMAL=1
BASEROW_TRIGGER_SYNC_TEMPLATES_AFTER_MIGRATION="false"
EMAIL_SMTP=True
FROM_EMAIL=baserow@$DOMAIN
EMAIL_SMTP_HOST=mail.$DOMAIN
EMAIL_SMTP_PORT=587
EMAIL_SMTP_USER=fcore
EMAIL_SMTP_PASSWORD=$ADMINPASS
EMAIL_SMTP_USE_TLS=True
EOF
chmod 600 /federated/apps/baserow/.env
echo "$BASEROW_SECRET" > /federated/apps/baserow/data/baserow/data/.federated.postgresql.secret
cat > /federated/apps/baserow/data/createuser.sh <<EOF
#!/bin/bash
curl -X POST -H 'Content-Type: application/json' -i http://localhost/api/user/ --data '{
"name": "admin",
"email": "admin@$DOMAIN",
"password": "$ADMINPASS"
}' &> /dev/null
EOF
chmod +x /federated/apps/baserow/data/createuser.sh
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_baserow() {
# Start service with command to make sure it's up before proceeding
start_service "baserow" "docker exec baserow curl http://localhost:8000 &> /dev/null" "20"
# Move createuser.sh and set it executable
mv /federated/apps/baserow/data/createuser.sh /federated/apps/baserow/data/baserow/data/
docker exec baserow chmod 755 /baserow/data/createuser.sh
[ $? -ne 0 ] && fail "Couldn't chown createuser.sh in /federated/apps/baserow container"
# Run createuser.sh inside baserow container
docker exec baserow /baserow/data/createuser.sh
[ $? -ne 0 ] && fail "Couldn't run createuser.sh in /federated/apps/baserow container"
# Disable new sign ups
docker exec postgresql psql -U baserow -c "update core_settings set allow_new_signups='f' where allow_new_signups='t';"
# Remove baserow create user
rm /federated/apps/baserow/data/baserow/data/createuser.sh
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}

185
lib/bookstack.old
View File

@ -1,185 +0,0 @@
#!/bin/bash
#
# Bookstack Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_bookstack() {
echo -ne "\n* Configuring bookstack container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/bookstack" ]; then
mkdir -p /federated/apps/bookstack/data/config
fi
cat > /federated/apps/bookstack/docker-compose.yml <<EOF
version: "3.7"
services:
bookstack:
image: lscr.io/linuxserver/bookstack:\${IMAGE_VERSION}
container_name: bookstack
hostname: bookstack.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.36
env_file:
- ./.env
volumes:
- ./data/config:/config
labels:
- "traefik.enable=true"
- "traefik.http.routers.bookstack.rule=Host(\`bookstack.$DOMAIN\`,\`documentation.$DOMAIN\`)"
- "traefik.http.routers.bookstack.entrypoints=websecure"
- "traefik.http.routers.bookstack.tls.certresolver=letsencrypt"
networks:
federated:
external: true
EOF
EXTERNALIP=$(get_externalip);
ADMINPASS=`cat /federated/apps/panel/.env | grep SMTP_PASSWORD | awk -F= '{ print $2 }'`
BOOKSTACK_ADMINPASSWORD=`htpasswd -bnBC 10 "" $ADMINPASS | tr -d ':\n' | sed 's/$2y/$2b/'`
BOOKSTACK_SECRET=$(create_password);
MYSQL_ROOTPASSWORD=`cat /federated/apps/pdnsmysql/.env | grep MYSQL_ROOT_PASSWORD | awk -F= '{ print $2 }'`
# Set SMTP user based on if fcore exists
[[ $(docker exec ldap slapcat | grep fcore) ]] && SMTPUSER="fcore" || SMTPUSER="admin"
cat > /federated/apps/bookstack/.env <<EOF
IMAGE_VERSION="23.08.3"
PUID=1000
PGID=1000
APP_URL=https://bookstack.$DOMAIN
DB_HOST=pdnsmysql.$DOMAIN
DB_PORT=3306
DB_USER=bookstack
DB_PASS=$BOOKSTACK_SECRET
DB_PORT=3306
DB_DATABASE=bookstack
QUEUE_CONNECTION=database
#MAIL_DRIVER=smtp
MAIL_FROM=bookstack@$DOMAIN
MAIL_FROM_NAME=bookstack
MAIL_HOST=mail.$DOMAIN
MAIL_PORT=587
MAIL_USERNAME=$SMTPUSER
MAIL_PASSWORD=$ADMINPASS
MAIL_ENCRYPTION=TLS
EOF
chmod 600 /federated/apps/bookstack/.env
# Create database and user in mysql
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'create database bookstack;'" &> /dev/null
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e \"CREATE USER 'bookstack'@'%' IDENTIFIED BY '$BOOKSTACK_SECRET';\"" &> /dev/null
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e \"grant all privileges on bookstack.* to 'bookstack'@'%';\"" &> /dev/null
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'flush privileges;'" &> /dev/null
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
start_bookstack() {
# Start service with command to make sure it's up before proceeding
start_service "bookstack" "nc -z 172.99.0.36 80 &> /dev/null" "7"
docker exec pdns pdnsutil add-record $DOMAIN bookstack A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record for bookstack"
docker exec pdns pdnsutil add-record $DOMAIN documentation A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record for bookstack"
PDNS_MYSQL_COMMAND="update users set password=\"$BOOKSTACK_ADMINPASSWORD\" where id = \"1\";" &> /dev/null
docker exec pdnsmysql bash -c "mysql -ubookstack -p$BOOKSTACK_SECRET bookstack -e '$PDNS_MYSQL_COMMAND;'" &> /dev/null
docker exec pdnsmysql bash -c "mysql -ubookstack -p$BOOKSTACK_SECRET bookstack -e \"update users set email='admin@$DOMAIN' where id = 1;\"" &> /dev/null
# Set mail configuration
sed -i "s#MAIL_FROM=.*#MAIL_FROM=admin@$DOMAIN#g" /federated/apps/bookstack/data/config/www/.env
sed -i "s#MAIL_FROM_NAME=.*#MAIL_FROM_NAME=admin#g" /federated/apps/bookstack/data/config/www/.env
sed -i "s#MAIL_HOST=.*#MAIL_HOST=mail.$DOMAIN#g" /federated/apps/bookstack/data/config/www/.env
sed -i "s#MAIL_PORT=.*#MAIL_PORT=587#g" /federated/apps/bookstack/data/config/www/.env
sed -i "s#MAIL_USERNAME=.*#MAIL_USERNAME=admin#g" /federated/apps/bookstack/data/config/www/.env
sed -i "s#MAIL_PASSWORD=.*#MAIL_PASSWORD=$ADMINPASS#g" /federated/apps/bookstack/data/config/www/.env
sed -i "s#MAIL_ENCRYPTION=.*#MAIL_ENCRYPTION=TLS#g" /federated/apps/bookstack/data/config/www/.env
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
email_bookstack() {
echo -ne "* Sending email to customer.."
spin &
SPINPID=$!
cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
<html>
<img src="https://www.federated.computer/wp-content/uploads/2023/11/logo.png" alt="" /><br>
<p>
<h4>Bookstack is now installed on $DOMAIN</h4>
<p>
Here is your applications chart on how to access this service:<br>
<p>
<h4>Applications</h4>
<style type="text/css">
.tg {border-collapse:collapse;border-spacing:0;}
.tg td{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px;
overflow:hidden;padding:10px 5px;word-break:normal;}
.tg th{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px;
font-weight:normal;overflow:hidden;padding:10px 5px;word-break:normal;}
.tg .tg-cul6{border-color:inherit;color:#340096;text-align:left;text-decoration:underline;vertical-align:top}
.tg .tg-acii{background-color:#FFF;border-color:inherit;color:#333;text-align:left;vertical-align:top}
.tg .tg-0hty{background-color:#000000;border-color:inherit;color:#ffffff;font-weight:bold;text-align:left;vertical-align:top}
.tg .tg-kwiq{border-color:inherit;color:#000000;text-align:left;vertical-align:top}
.tg .tg-0pky{border-color:inherit;text-align:left;vertical-align:top}
</style>
<table class="tg" style="undefined;table-layout: fixed; width: 996px">
<colgroup>
<col style="width: 101.333333px">
<col style="width: 203.333333px">
<col style="width: 282.333333px">
<col style="width: 185.33333px">
<col style="width: 78.333333px">
<col style="width: 220.333333px">
</colgroup>
<thead>
<tr>
<th class="tg-0hty">Service</th>
<th class="tg-0hty">Link</th>
<th class="tg-0hty">User / Pass</th>
<th class="tg-0hty">Access</th>
<th class="tg-0hty">Docs</th>
<th class="tg-0hty">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tg-0pky">Bookstack</td>
<td class="tg-0pky"><a href="https://bookstack.$DOMAIN/login" target="_blank" rel="noopener noreferrer"><span style="color:#340096">bookstack.$DOMAIN</span></a></td>
<td class="tg-0pky">admin@$DOMAIN<br>$ADMINPASS</td>
<td class="tg-0pky">User access is separate from panel</td>
<td class="tg-cul6"><a href="https://documentation.federated.computer/docs/getting_started/welcome/" target="_blank" rel="noopener noreferrer"><span style="color:#340096">Click here</span></a></td>
<td class="tg-0pky">Bookstack is a simple, open-source, self-hosted, easy-to-use platform (Wiki) for organising and storing information</td>
</tr>
</tbody>
</table>
<h4>Thanks for your support!</h4>
<p>
Thank you for your support of Federated Computer. We really appreciate it and hope you have a very successful
time with Federated Core.
<p>
Again, if we can be of any assistance, please don't hesitate to get in touch.
<p>
Support: https://support.federated.computer<br>
Phone: (970) 722-8715<br>
Email: support@federated.computer<br>
<p>
It's <b>your</b> computer. Let's make it work for you!
</html>
EOF
# Send out e-mail from mail container with details
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
rm /federated/apps/mail/data/root/certs/mailfile
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}

116
lib/caddy.sh.old
View File

@ -1,116 +0,0 @@
#!/bin/bash
#
# Caddy Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_caddy() {
echo -ne "\n* Configuring /federated/apps/caddy container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/caddy" ]; then
mkdir -p /federated/apps/caddy/data/data
mkdir -p /federated/apps/caddy/data/srv
mkdir -p /federated/apps/caddy/data/etc/caddy
fi
cat > /federated/apps/caddy/docker-compose.yml <<EOF
version: "3.7"
services:
caddy:
image: federatedcomputer/caddy:\${IMAGE_VERSION}
container_name: caddy
hostname: caddy.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.31
extra_hosts:
- "gitea.$DOMAIN:$EXTERNALIP"
env_file:
- ./.env
volumes:
- ./data/srv:/srv
- ./data/etc/caddy/Caddyfile:/etc/caddy/Caddyfile
- ./data/data:/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.caddy.rule=Host(\`caddy.$DOMAIN\`,\`blog.$DOMAIN\`)"
- "traefik.http.routers.caddy.entrypoints=websecure"
- "traefik.http.routers.caddy.tls.certresolver=letsencrypt"
networks:
federated:
external: true
EOF
cat > /federated/apps/caddy/.env <<EOF
IMAGE_VERSION="latest"
EOF
chmod 600 /federated/apps/caddy/.env
cat > /federated/apps/caddy/data/etc/caddy/Caddyfile <<EOF
$DOMAIN:80 {
root * /srv/www/public
file_server
}
caddy.$DOMAIN:80 {
root * /srv/www/public
file_server
route /webhook {
webhook {
repo https://gitea.$DOMAIN/gitea/www
type github
secret $WEBHOOK_SECRET
submodule
token $GITEA_TOKEN_1
path www
branch master
}
}
}
blog.$DOMAIN:80 {
root * /srv/blog/public
file_server
route /webhook {
webhook {
repo https://gitea.$DOMAIN/gitea/blog
type github
secret $WEBHOOK_SECRET
submodule
token $GITEA_TOKEN_1
path blog
branch master
}
}
}
documentation.$DOMAIN:80 {
root * /srv/documentation/public
file_server
route /webhook {
webhook {
repo https://gitea.$DOMAIN/gitea/documentation
type github
secret $WEBHOOK_SECRET
submodule
token $GITEA_TOKEN_1
path documentation
branch master
}
}
}
EOF
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_caddy() {
# Start service with command and retry amount to make sure it's up before proceeding
start_service "caddy" "nc -z 172.99.0.31 80 &> /dev/null" "7"
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}

78
lib/collabora.sh.old
View File

@ -1,78 +0,0 @@
#!/bin/bash
#
# Collabora Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_collabora() {
echo -ne "\n* Configuring /federated/apps/collabora container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/collabora" ]; then
mkdir -p /federated/apps/collabora/data/root/certs &> /dev/null
mkdir -p /federated/apps/collabora/data/opt/collaboraoffice/share/fonts/truetype &> /dev/null
cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/collabora/data/root/certs/
chown 104 /federated/apps/collabora/data/root/certs/*
fi
cat > /federated/apps/collabora/docker-compose.yml <<EOF
version: '3.7'
services:
collabora:
image: collabora/code:\${IMAGE_VERSION}
container_name: collabora
hostname: collabora.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.17
extra_hosts:
- "nextcloud.$DOMAIN:$EXTERNALIP"
ports:
- "9980:9980"
volumes:
- ./data/root:/root
- ./data/opt/collaboraoffice/share/fonts/truetype:/opt/collaboraoffice/share/fonts/truetype
# - ./data/root/certs/$DOMAIN.crt:/etc/coolwsd/cert.pem
# - ./data/root/certs/$DOMAIN.key:/etc/coolwsd/key.pem
env_file:
- ./.env
cap_add:
- MKNOD
labels:
- "traefik.enable=true"
- "traefik.http.routers.collabora.rule=Host(\`collabora.$DOMAIN\`)"
- "traefik.http.routers.collabora.entrypoints=websecure"
- "traefik.http.routers.collabora.tls.certresolver=letsencrypt"
- "traefik.http.services.collabora.loadbalancer.server.port=9980"
networks:
federated:
external: true
EOF
cat > /federated/apps/collabora/.env <<EOF
IMAGE_VERSION=23.05.10.1.1
domain=nextcloud.$DOMAIN
server_name=collabora.$DOMAIN
extra_params=--o:ssl.enable=false --o:ssl.termination=true
EOF
chmod 600 /federated/apps/collabora/.env
# Extract extra fonts into collabora
tar zxvf /federated/lib/files/collabora/fonts.tar.gz -C /federated/apps/collabora/data/opt/collaboraoffice/share/fonts/truetype/
[ $? -ne 0 ] && fail "Couldn't extract files/collabora/fonts.tar.gz into collabora"
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_collabora() {
# Start service with command to make sure it's up before proceeding
start_service "collabora" "nc -z 172.99.0.17 9980 &> /dev/null" "15"
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}

207
lib/espocrm.sh.old
View File

@ -1,207 +0,0 @@
#!/bin/bash
#
# EspoCRM Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_espocrm() {
echo -ne "\n* Configuring espocrm container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/espocrm" ]; then
mkdir -p /federated/apps/espocrm/data/var/www/html
fi
cat > /federated/apps/espocrm/docker-compose.yml <<EOF
version: '3.7'
services:
espocrm:
image: espocrm/espocrm:\${IMAGE_VERSION}
container_name: espocrm
hostname: espocrm.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.39
env_file:
- ./.env
volumes:
- ./data/var/www/html:/var/www/html
labels:
- "traefik.enable=true"
- "traefik.http.routers.espocrm.rule=Host(\`espocrm.$DOMAIN\`)"
- "traefik.http.routers.espocrm.entrypoints=websecure"
- "traefik.http.routers.espocrm.tls.certresolver=letsencrypt"
networks:
federated:
external: true
EOF
ADMINPASS=`cat /federated/apps/panel/.env | grep SMTP_PASSWORD | awk -F= '{ print $2 }'`
EXTERNALIP=$(get_externalip);
ESPOCRM_SECRET=$(create_password);
MYSQL_ROOTPASSWORD=`cat /federated/apps/pdnsmysql/.env | grep MYSQL_ROOT_PASSWORD | awk -F= '{ print $2 }'`
LDAP_SECRET=`cat /federated/apps/ldap/.ldap.secret`
# Set SMTP user based on if fcore exists
[[ $(docker exec ldap slapcat | grep fcore) ]] && SMTPUSER="fcore" || SMTPUSER="admin"
cat > /federated/apps/espocrm/.env <<EOF
IMAGE_VERSION="8.0.5-apache"
ESPOCRM_DATABASE_HOST=pdnsmysql.$DOMAIN
ESPOCRM_DATABASE_NAME=espocrm
ESPOCRM_DATABASE_USER=espocrm
ESPOCRM_DATABASE_PASSWORD=$ESPOCRM_SECRET
ESPOCRM_ADMIN_USERNAME=admin@$DOMAIN
ESPOCRM_ADMIN_PASSWORD=$ADMINPASS
ESPOCRM_CONFIG_SMTP_PORT=587
ESPOCRM_CONFIG_SMTP_AUTH=true
ESPOCRM_CONFIG_SMTP_SECURITY=TLS
ESPOCRM_CONFIG_SMTP_USERNAME=$SMTPUSER
ESPOCRM_CONFIG_SMTP_PASSWORD=$ADMINPASS
ESPOCRM_CONFIG_SMTP_SERVER=mail.$DOMAIN
ESPOCRM_CONFIG_OUTBOUND_EMAIL_FROM_ADDRESS=espocrm@$DOMAIN
ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP
ESPOCRM_CONFIG_LDAP_USER_NAME_ATTRIBUTE=mail
ESPOCRM_CONFIG_LDAP_USER_FIRST_NAME_ATTRIBUTE=givenName
ESPOCRM_CONFIG_LDAP_USER_LAST_NAME_ATTRIBUTE=sn
ESPOCRM_CONFIG_LDAP_USER_TITLE_ATTRIBUTE=cn
ESPOCRM_CONFIG_LDAP_USER_EMAIL_ADDRESS_ATTRIBUTE=mail
ESPOCRM_CONFIG_LDAP_USER_PHONE_NUMBER_ATTRIBUTE=cn
ESPOCRM_CONFIG_LDAP_USER_OBJECT_CLASS=inetOrgPerson
ESPOCRM_CONFIG_LDAP_HOST=ldap.$DOMAIN
ESPOCRM_CONFIG_LDAP_PORT=636
ESPOCRM_CONFIG_LDAP_SECURITY=SSL
ESPOCRM_CONFIG_LDAP_AUTH=true
ESPOCRM_CONFIG_LDAP_USERNAME=cn=admin,dc=federatedcomputer,dc=cloud
ESPOCRM_CONFIG_LDAP_PASSWORD=$LDAP_SECRET
ESPOCRM_CONFIG_LDAP_ACCOUNT_CANONICAL_FORM=Dn
ESPOCRM_CONFIG_LDAP_BASE_DN=dc=federatedcomputer,dc=cloud
ESPOCRM_CONFIG_LDAP_BIND_REQUIRES_DN=true
ESPOCRM_CONFIG_LDAP_CREATE_ESPO_USER=true
ESPOCRM_CONFIG_LDAP_PORTAL_USER_LDAP_AUTH=true
ESPOCRM_SITE_URL="https://espocrm.$DOMAIN"
EOF
chmod 600 /federated/apps/espocrm/.env
# Create database and user in mysql
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'create database espocrm;'"
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e \"CREATE USER 'espocrm'@'%' IDENTIFIED BY '$ESPOCRM_SECRET';\""
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e \"grant all privileges on espocrm.* to 'espocrm'@'%';\""
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'flush privileges;'"
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
start_espocrm() {
# Start service with command to make sure it's up before proceeding
start_service "espocrm" "nc -z 172.99.0.39 80 &> /dev/null" "7"
docker exec pdns pdnsutil add-record $DOMAIN espocrm A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record for espocrm"
# Install cronjob
(crontab -l 2>/dev/null; echo "* * * * * /usr/bin/docker exec espocrm /usr/local/bin/php -f /var/www/html/cron.php > /dev/null 2>&1") | sort -u | crontab -
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
email_espocrm() {
echo -ne "* Sending email to customer.."
spin &
SPINPID=$!
cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
<html>
<img src="https://www.federated.computer/wp-content/uploads/2023/11/logo.png" alt="" /><br>
<p>
<h4>EspoCRM is now installed on $DOMAIN</h4>
<p>
Here is your applications chart on how to access this service:<br>
<p>
<h4>Applications</h4>
<style type="text/css">
.tg {border-collapse:collapse;border-spacing:0;}
.tg td{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px;
overflow:hidden;padding:10px 5px;word-break:normal;}
.tg th{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px;
font-weight:normal;overflow:hidden;padding:10px 5px;word-break:normal;}
.tg .tg-cul6{border-color:inherit;color:#340096;text-align:left;text-decoration:underline;vertical-align:top}
.tg .tg-acii{background-color:#FFF;border-color:inherit;color:#333;text-align:left;vertical-align:top}
.tg .tg-0hty{background-color:#000000;border-color:inherit;color:#ffffff;font-weight:bold;text-align:left;vertical-align:top}
.tg .tg-kwiq{border-color:inherit;color:#000000;text-align:left;vertical-align:top}
.tg .tg-0pky{border-color:inherit;text-align:left;vertical-align:top}
</style>
<table class="tg" style="undefined;table-layout: fixed; width: 996px">
<colgroup>
<col style="width: 101.333333px">
<col style="width: 203.333333px">
<col style="width: 282.333333px">
<col style="width: 185.33333px">
<col style="width: 78.333333px">
<col style="width: 220.333333px">
</colgroup>
<thead>
<tr>
<th class="tg-0hty">Service</th>
<th class="tg-0hty">Link</th>
<th class="tg-0hty">User / Pass</th>
<th class="tg-0hty">Access</th>
<th class="tg-0hty">Docs</th>
<th class="tg-0hty">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tg-0pky">EspoCRM</td>
<td class="tg-0pky"><a href="https://espocrm.$DOMAIN" target="_blank" rel="noopener noreferrer"><span style="color:#340096">espocrm.$DOMAIN</span></a></td>
<td class="tg-0pky">admin@$DOMAIN<br>your admin password</td>
<td class="tg-0pky">All users in panel can access EspoCRM using user@$DOMAIN</td>
<td class="tg-cul6"><a href="https://documentation.federated.computer/docs/getting_started/welcome/" target="_blank" rel="noopener noreferrer"><span style="color:#340096">Click here</span></a></td>
<td class="tg-0pky">EspoCRM is an Open Source CRM (Customer Relationship Management) software that allows you to see, enter and evaluate all your company relationships</td>
</tr>
</tbody>
</table>
<h4>Thanks for your support!</h4>
<p>
Thank you for your support of Federated Computer. We really appreciate it and hope you have a very successful
time with Federated Core.
<p>
Again, if we can be of any assistance, please don't hesitate to get in touch.
<p>
Support: https://support.federated.computer<br>
Phone: (970) 722-8715<br>
Email: support@federated.computer<br>
<p>
It's <b>your</b> computer. Let's make it work for you!
</html>
EOF
# Send out e-mail from mail container with details
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
rm /federated/apps/mail/data/root/certs/mailfile
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
uninstall_espocrm() {
echo -ne "* Uninstalling espocrm container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/espocrm && docker-compose -f docker-compose.yml -p espocrm down &> /dev/null
# Delete database and user
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'drop database espocrm;'" &> /dev/null
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'drop user espocrm;'" &> /dev/null
# Delete the app directory
rm -rf /federated/apps/espocrm
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}

188
lib/freescout.sh.old
View File

@ -1,188 +0,0 @@
#!/bin/bash
#
# Freescout Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_freescout() {
echo -ne "\n* Configuring freescout container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/freescout" ]; then
mkdir -p /federated/apps/freescout/data/data
mkdir -p /federated/apps/freescout/data/www/logs
fi
cat > /federated/apps/freescout/docker-compose.yml <<EOF
version: "3.7"
services:
freescout:
image: ghcr.io/tiredofit/docker-freescout:\${IMAGE_VERSION}
container_name: freescout
hostname: freescout.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.37
env_file:
- ./.env
volumes:
- ./data/data:/data
- ./data/www/logs:/www/logs
labels:
- "traefik.enable=true"
- "traefik.http.routers.freescout.rule=Host(\`freescout.$DOMAIN\`)"
- "traefik.http.routers.freescout.entrypoints=websecure"
- "traefik.http.routers.freescout.tls.certresolver=letsencrypt"
networks:
federated:
external: true
EOF
ADMINPASS=`cat /federated/apps/panel/.env | grep SMTP_PASSWORD | awk -F= '{ print $2 }'`
EXTERNALIP=$(get_externalip);
FREESCOUT_SECRET=$(create_password);
# Set SMTP user based on if fcore exists
[[ $(docker exec ldap slapcat | grep fcore) ]] && SMTPUSER="fcore" || SMTPUSER="admin"
cat > /federated/apps/freescout/.env <<EOF
IMAGE_VERSION="latest_php8.3"
ADMIN_EMAIL=admin@$DOMAIN
ADMIN_PASS=$ADMINPASS
SITE_URL=https://freescout.$DOMAIN
DB_TYPE=pgsql
DB_HOST=postgresql.$DOMAIN
DB_USER=freescout
DB_PASS=$FREESCOUT_SECRET
DB_PORT=5432
DB_NAME=freescout
ENABLE_SSL_PROXY=TRUE
DISPLAY_ERRORS=FALSE
CONTAINER_ENABLE_MONITORING=FALSE
SMTP_HOST=mail.$DOMAIN
SMTP_USER=$SMTPUSER
SMTP_PASS=$ADMINPASS
SMTP_TLS=true
SMTP_PORT=587
CONTAINER_ENABLE_MESSAGING=TRUE
CONTAINER_MESSAGING_BACKEND=msmtp
EOF
chmod 600 /federated/apps/freescout/.env
# Create database and user in postgresql
docker exec postgresql psql -U postgres -c "CREATE USER freescout WITH PASSWORD '$FREESCOUT_SECRET'" &> /dev/null
docker exec postgresql psql -U postgres -c "CREATE DATABASE freescout" &> /dev/null
docker exec postgresql psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE freescout TO freescout" &> /dev/null
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
start_freescout() {
# Start service with command to make sure it's up before proceeding
start_service "freescout" "nc -z 172.99.0.37 80 &> /dev/null" "7"
docker exec pdns pdnsutil add-record $DOMAIN freescout A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record for freescout"
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
email_freescout() {
echo -ne "* Sending email to customer.."
spin &
SPINPID=$!
cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
<html>
<img src="https://www.federated.computer/wp-content/uploads/2023/11/logo.png" alt="" /><br>
<p>
<h4>Freescout is now installed on $DOMAIN</h4>
<p>
Here is your applications chart on how to access this service:<br>
<p>
<h4>Applications</h4>
<style type="text/css">
.tg {border-collapse:collapse;border-spacing:0;}
.tg td{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px;
overflow:hidden;padding:10px 5px;word-break:normal;}
.tg th{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px;
font-weight:normal;overflow:hidden;padding:10px 5px;word-break:normal;}
.tg .tg-cul6{border-color:inherit;color:#340096;text-align:left;text-decoration:underline;vertical-align:top}
.tg .tg-acii{background-color:#FFF;border-color:inherit;color:#333;text-align:left;vertical-align:top}
.tg .tg-0hty{background-color:#000000;border-color:inherit;color:#ffffff;font-weight:bold;text-align:left;vertical-align:top}
.tg .tg-kwiq{border-color:inherit;color:#000000;text-align:left;vertical-align:top}
.tg .tg-0pky{border-color:inherit;text-align:left;vertical-align:top}
</style>
<table class="tg" style="undefined;table-layout: fixed; width: 996px">
<colgroup>
<col style="width: 101.333333px">
<col style="width: 203.333333px">
<col style="width: 282.333333px">
<col style="width: 185.33333px">
<col style="width: 78.333333px">
<col style="width: 220.333333px">
</colgroup>
<thead>
<tr>
<th class="tg-0hty">Service</th>
<th class="tg-0hty">Link</th>
<th class="tg-0hty">User / Pass</th>
<th class="tg-0hty">Access</th>
<th class="tg-0hty">Docs</th>
<th class="tg-0hty">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tg-0pky">Freescout</td>
<td class="tg-0pky"><a href="https://freescout.$DOMAIN/login" target="_blank" rel="noopener noreferrer"><span style="color:#340096">freescout.$DOMAIN</span></a></td>
<td class="tg-0pky">admin@$DOMAIN<br>$ADMINPASS</td>
<td class="tg-0pky">User access is separate from panel</td>
<td class="tg-cul6"><a href="https://documentation.federated.computer/docs/getting_started/welcome/" target="_blank" rel="noopener noreferrer"><span style="color:#340096">Click here</span></a></td>
<td class="tg-0pky">FreeScout is the super lightweight and powerful free open source help desk</td>
</tr>
</tbody>
</table>
<h4>Thanks for your support!</h4>
<p>
Thank you for your support of Federated Computer. We really appreciate it and hope you have a very successful
time with Federated Core.
<p>
Again, if we can be of any assistance, please don't hesitate to get in touch.
<p>
Support: https://support.federated.computer<br>
Phone: (970) 722-8715<br>
Email: support@federated.computer<br>
<p>
It's <b>your</b> computer. Let's make it work for you!
</html>
EOF
# Send out e-mail from mail container with details
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
rm /federated/apps/mail/data/root/certs/mailfile
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
uninstall_freescout() {
echo -ne "* Uninstalling freescout container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/freescout && docker-compose -f docker-compose.yml -p freescout down &> /dev/null
# Delete database and user in postgresql
docker exec postgresql psql -U postgres -c "DROP DATABASE freescout" &> /dev/null
docker exec postgresql psql -U postgres -c "DROP USER freescout" &> /dev/null
# Delete the app directory
rm -rf /federated/apps/freescout
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}

1429
lib/functions.sh.old
View File

File diff suppressed because it is too large Load Diff

186
lib/gitea.sh.old
View File

@ -1,186 +0,0 @@
#!/bin/bash
#
# Gitea Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_gitea() {
echo -ne "\n* Configuring /federated/apps/gitea container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/gitea" ]; then
mkdir -p /federated/apps/gitea/data/data
mkdir -p /federated/apps/gitea/data/data/git/.ssh
touch /federated/apps/gitea/data/data/git/.ssh/authorized_keys
chmod 600 /federated/apps/gitea/data/data/git/.ssh/authorized_keys
fi
cat > /federated/apps/gitea/docker-compose.yml <<EOF
version: "3.7"
services:
gitea:
image: gitea/gitea:\${IMAGE_VERSION}
container_name: gitea
hostname: gitea.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.30
extra_hosts:
- "caddy.$DOMAIN:$EXTERNALIP"
- "blog.$DOMAIN:$EXTERNALIP"
- "documentation.$DOMAIN:$EXTERNALIP"
ports:
- "2222:22"
env_file:
- ./.env
volumes:
- ./data/data:/data
- ./data/data/git/.ssh:/data/git/.ssh
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitea.rule=Host(\`gitea.$DOMAIN\`)"
- "traefik.http.routers.gitea.entrypoints=websecure"
- "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
networks:
federated:
external: true
EOF
cat > /federated/apps/gitea/.env <<EOF
IMAGE_VERSION="1.19.0"
USER_UID=1000
USER_GID=1000
GITEA__database__DB_TYPE=postgres
GITEA__database__HOST=postgresql.$DOMAIN:5432
GITEA__database__NAME=gitea
GITEA__database__USER=gitea
GITEA__database__PASSWD=$GITEA_SECRET
GITEA__database__SSL_MODE=verify-full
GITEA__mailer__ENABLED=true
GITEA__mailer__FROM=gitea@gitea.$DOMAIN
GITEA__mailer__MAILER_TYPE=smtp
GITEA__mailer__SMTP_PORT=587
GITEA__mailer__HOST=mail.$DOMAIN
GITEA__mailer__IS_TLS_ENABLED=true
GITEA__mailer__USER=fcore
GITEA__mailer__PASSWD=$ADMINPASS
GITEA__security__INSTALL_LOCK=true
GITEA__server__ROOT_URL=https://gitea.$DOMAIN
GITEA__server__DOMAIN=$DOMAIN
GITEA__server__SSH_DOMAIN=$DOMAIN
GITEA__server__SSH_PORT=2222
GITEA__server__SSH_LISTEN_PORT=2222
GITEA__service__DISABLE_REGISTRATION=true
EOF
chmod 600 /federated/apps/gitea/.env
WEBHOOK_SECRET=$(create_password);
cat > /federated/apps/gitea/data/creategitea.sh <<EOF
#!/bin/bash
# Get the Gitea API token
GITEA_TOKEN_2=\`curl -H "Content-Type: application/json" -d '{"name":"gitea2","scopes":["all"]}' -u gitea:$ADMINPASS http://gitea.$DOMAIN:3000/api/v1/users/gitea/tokens 2>/dev/null | awk -F: '{ print \$4 }' | awk -F\" '{ print \$2 }'\`
# Create the repository website, blog, and documentation
curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"www","auto_init":true,"default_branch":"master","private":true}'
curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"blog","auto_init":true,"default_branch":"master","private":true}'
curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"documentation","auto_init":true,"default_branch":"master","private":true}'
# Create the webhook inside the www repository
curl -X 'POST' \
'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/www/hooks' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H "Authorization: token \$GITEA_TOKEN_2" \
-d '{
"active": true,
"config": {
"content_type": "json",
"url": "https://caddy.$DOMAIN/webhook",
"secret": "$WEBHOOK_SECRET"
},
"events": [
"push"
],
"type": "gitea"
}'
# Create the webhook inside the blog repository
curl -X 'POST' \
'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/blog/hooks' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H "Authorization: token \$GITEA_TOKEN_2" \
-d '{
"active": true,
"config": {
"content_type": "json",
"url": "https://blog.$DOMAIN/webhook",
"secret": "$WEBHOOK_SECRET"
},
"events": [
"push"
],
"type": "gitea"
}'
# Create the webhook inside the documentation repository
curl -X 'POST' \
'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/documentation/hooks' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H "Authorization: token \$GITEA_TOKEN_2" \
-d '{
"active": true,
"config": {
"content_type": "json",
"url": "https://documentation.$DOMAIN/webhook",
"secret": "$WEBHOOK_SECRET"
},
"events": [
"push"
],
"type": "gitea"
}'
EOF
chmod +x /federated/apps/gitea/data/creategitea.sh
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_gitea() {
# Start service with command to make sure it's up before proceeding
start_service "gitea" "nc -z 172.99.0.30 3000 &> /dev/null" "7"
# Copy creategitea.sh inside gitea container
mv /federated/apps/gitea/data/creategitea.sh /federated/apps/gitea/data/data/creategitea.sh
[ $? -ne 0 ] && fail "Couldn't mv creategitea.sh inside /federated/apps/gitea container"
# Create admin user gitea
docker exec --user 1000 gitea gitea admin user create --admin --username gitea --password $ADMINPASS --email admin@$DOMAIN &> /dev/null
[ $? -ne 0 ] && fail "Couldn't run gitea user create inside /federated/apps/gitea container"
# Run creategitea.sh inside gitea container
docker exec gitea /data/creategitea.sh &> /dev/null
[ $? -ne 0 ] && fail "Couldn't run creategitea.sh inside /federated/apps/gitea container"
# Create token to use for Caddy starting up next
GITEA_TOKEN_1=`docker exec gitea curl -H "Content-Type: application/json" -d '{"name":"gitea1","scopes":["all"]}' -u gitea:$ADMINPASS http://gitea.$DOMAIN:3000/api/v1/users/gitea/tokens 2>/dev/null | awk -F: '{ print $4 }' | awk -F\" '{ print $2 }'` &> /dev/null
[ $? -ne 0 ] && fail "Couldn't run gitea curl to get token inside /federated/apps/gitea container"
# Remove creategitea.sh
rm /federated/apps/gitea/data/data/creategitea.sh
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}

622
lib/jitsi.sh.old
View File

@ -1,622 +0,0 @@
#!/bin/bash
#
# Jitsi Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_jitsi() {
echo -ne "\n* Configuring /federated/apps/jitsi container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/jitsi" ]; then
mkdir -p /federated/apps/jitsi
# mkdir -p /federated/apps/jitsi/data/config/keys &> /dev/null
# cp -rf /federated/apps/dns/data/etc/letsencrypt/archive/$DOMAIN/*.pem apps/jitsi/data/config/keys
# mv /federated/apps/jitsi/data/config/keys/fullchain1.pem apps/jitsi/data/config/keys/cert.crt
# mv /federated/apps/jitsi/data/config/keys/privkey1.pem apps/jitsi/data/config/keys/cert.key
# chmod 644 /federated/apps/jitsi/data/config/keys/*.pem
fi
# Extract Jitsi into /federated/apps/jitsi
tar zxvf /federated/lib/files/jitsi/stable-* --strip-components 1 -C /federated/apps/jitsi &> /dev/null
[ $? -ne 0 ] && fail "Couldn't extract files/jitsi/stable* into /federated/apps/jitsi"
# Create docker compose file
cat > /federated/apps/jitsi/docker-compose.yml <<EOF
version: '3.7'
services:
# Frontend
web:
image: jitsi/web:\${JITSI_IMAGE_VERSION:-stable-7882}
restart: \${RESTART_POLICY:-unless-stopped}
ports:
- '\${HTTP_PORT}:80'
- '\${HTTPS_PORT}:443'
volumes:
- \${CONFIG}/web:/config:Z
- \${CONFIG}/web/crontabs:/var/spool/cron/crontabs:Z
- \${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
- ./data/config/keys:/config/keys:Z
labels:
- "traefik.enable=true"
- "traefik.http.routers.jitsi.rule=Host(\`jitsi.$DOMAIN\`)"
- "traefik.http.routers.jitsi.entrypoints=websecure"
- "traefik.http.routers.jitsi.tls.certresolver=letsencrypt"
environment:
- AMPLITUDE_ID
- ANALYTICS_SCRIPT_URLS
- ANALYTICS_WHITELISTED_EVENTS
- AUDIO_QUALITY_OPUS_BITRATE
- BRANDING_DATA_URL
- CALLSTATS_CUSTOM_SCRIPT_URL
- CALLSTATS_ID
- CALLSTATS_SECRET
- CHROME_EXTENSION_BANNER_JSON
- CONFCODE_URL
- CONFIG_EXTERNAL_CONNECT
- DEFAULT_LANGUAGE
- DEPLOYMENTINFO_ENVIRONMENT
- DEPLOYMENTINFO_ENVIRONMENT_TYPE
- DEPLOYMENTINFO_REGION
- DEPLOYMENTINFO_SHARD
- DEPLOYMENTINFO_USERREGION
- DESKTOP_SHARING_FRAMERATE_MIN
- DESKTOP_SHARING_FRAMERATE_MAX
- DIALIN_NUMBERS_URL
- DIALOUT_AUTH_URL
- DIALOUT_CODES_URL
- DISABLE_AUDIO_LEVELS
- DISABLE_DEEP_LINKING
- DISABLE_GRANT_MODERATOR
- DISABLE_HTTPS
- DISABLE_KICKOUT
- DISABLE_LOCAL_RECORDING
- DISABLE_POLLS
- DISABLE_PRIVATE_CHAT
- DISABLE_PROFILE
- DISABLE_REACTIONS
- DISABLE_REMOTE_VIDEO_MENU
- DROPBOX_APPKEY
- DROPBOX_REDIRECT_URI
- DYNAMIC_BRANDING_URL
- ENABLE_AUDIO_PROCESSING
- ENABLE_AUTH
- ENABLE_BREAKOUT_ROOMS
- ENABLE_CALENDAR
- ENABLE_COLIBRI_WEBSOCKET
- ENABLE_E2EPING
- ENABLE_FILE_RECORDING_SHARING
- ENABLE_GUESTS
- ENABLE_HSTS
- ENABLE_HTTP_REDIRECT
- ENABLE_IPV6
- ENABLE_LETSENCRYPT
- ENABLE_LIPSYNC
- ENABLE_NO_AUDIO_DETECTION
- ENABLE_NOISY_MIC_DETECTION
- ENABLE_OCTO
- ENABLE_OPUS_RED
- ENABLE_PREJOIN_PAGE
- ENABLE_P2P
- ENABLE_WELCOME_PAGE
- ENABLE_CLOSE_PAGE
- ENABLE_LIVESTREAMING
- ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT
- ENABLE_LOCAL_RECORDING_SELF_START
- ENABLE_RECORDING
- ENABLE_REMB
- ENABLE_REQUIRE_DISPLAY_NAME
- ENABLE_SERVICE_RECORDING
- ENABLE_SIMULCAST
- ENABLE_STATS_ID
- ENABLE_STEREO
- ENABLE_SUBDOMAINS
- ENABLE_TALK_WHILE_MUTED
- ENABLE_TCC
- ENABLE_TRANSCRIPTIONS
- ENABLE_XMPP_WEBSOCKET
- ENABLE_JAAS_COMPONENTS
- ENABLE_MULTI_STREAM
- ETHERPAD_PUBLIC_URL
- ETHERPAD_URL_BASE
- E2EPING_NUM_REQUESTS
- E2EPING_MAX_CONFERENCE_SIZE
- E2EPING_MAX_MESSAGE_PER_SECOND
- GOOGLE_ANALYTICS_ID
- GOOGLE_API_APP_CLIENT_ID
- HIDE_PREMEETING_BUTTONS
- HIDE_PREJOIN_DISPLAY_NAME
- HIDE_PREJOIN_EXTRA_BUTTONS
- INVITE_SERVICE_URL
- JICOFO_AUTH_USER
- LETSENCRYPT_DOMAIN
- LETSENCRYPT_EMAIL
- LETSENCRYPT_USE_STAGING
- MATOMO_ENDPOINT
- MATOMO_SITE_ID
- MICROSOFT_API_APP_CLIENT_ID
- NGINX_RESOLVER
- NGINX_WORKER_PROCESSES
- NGINX_WORKER_CONNECTIONS
- PEOPLE_SEARCH_URL
- PUBLIC_URL
- P2P_PREFERRED_CODEC
- RESOLUTION
- RESOLUTION_MIN
- RESOLUTION_WIDTH
- RESOLUTION_WIDTH_MIN
- START_AUDIO_MUTED
- START_AUDIO_ONLY
- START_BITRATE
- START_SILENT
- START_WITH_AUDIO_MUTED
- START_VIDEO_MUTED
- START_WITH_VIDEO_MUTED
- TESTING_CAP_SCREENSHARE_BITRATE
- TESTING_OCTO_PROBABILITY
- TOKEN_AUTH_URL
- TOOLBAR_BUTTONS
- TZ
- VIDEOQUALITY_BITRATE_H264_LOW
- VIDEOQUALITY_BITRATE_H264_STANDARD
- VIDEOQUALITY_BITRATE_H264_HIGH
- VIDEOQUALITY_BITRATE_VP8_LOW
- VIDEOQUALITY_BITRATE_VP8_STANDARD
- VIDEOQUALITY_BITRATE_VP8_HIGH
- VIDEOQUALITY_BITRATE_VP9_LOW
- VIDEOQUALITY_BITRATE_VP9_STANDARD
- VIDEOQUALITY_BITRATE_VP9_HIGH
- VIDEOQUALITY_ENFORCE_PREFERRED_CODEC
- VIDEOQUALITY_PREFERRED_CODEC
- XMPP_AUTH_DOMAIN
- XMPP_BOSH_URL_BASE
- XMPP_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN
- XMPP_PORT
networks:
federated:
ipv4_address: 172.99.0.25
# XMPP server
prosody:
image: jitsi/prosody:\${JITSI_IMAGE_VERSION:-stable-7882}
restart: \${RESTART_POLICY:-unless-stopped}
expose:
- '\${XMPP_PORT:-5222}'
- '5347'
- '5280'
volumes:
- \${CONFIG}/prosody/config:/config:Z
- \${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
environment:
- AUTH_TYPE
- DISABLE_POLLS
- ENABLE_AUTH
- ENABLE_AV_MODERATION
- ENABLE_BREAKOUT_ROOMS
- ENABLE_END_CONFERENCE
- ENABLE_GUESTS
- ENABLE_IPV6
- ENABLE_LOBBY
- ENABLE_RECORDING
- ENABLE_XMPP_WEBSOCKET
- ENABLE_JAAS_COMPONENTS
- GC_TYPE
- GC_INC_TH
- GC_INC_SPEED
- GC_INC_STEP_SIZE
- GC_GEN_MIN_TH
- GC_GEN_MAX_TH
- GLOBAL_CONFIG
- GLOBAL_MODULES
- JIBRI_RECORDER_USER
- JIBRI_RECORDER_PASSWORD
- JIBRI_XMPP_USER
- JIBRI_XMPP_PASSWORD
- JICOFO_AUTH_USER
- JICOFO_AUTH_PASSWORD
- JICOFO_COMPONENT_SECRET
- JIGASI_XMPP_USER
- JIGASI_XMPP_PASSWORD
- JVB_AUTH_USER
- JVB_AUTH_PASSWORD
- JWT_APP_ID
- JWT_APP_SECRET
- JWT_ACCEPTED_ISSUERS
- JWT_ACCEPTED_AUDIENCES
- JWT_ASAP_KEYSERVER
- JWT_ALLOW_EMPTY
- JWT_AUTH_TYPE
- JWT_ENABLE_DOMAIN_VERIFICATION
- JWT_TOKEN_AUTH_MODULE
- MATRIX_UVS_URL
- MATRIX_UVS_ISSUER
- MATRIX_UVS_AUTH_TOKEN
- MATRIX_UVS_SYNC_POWER_LEVELS
- LOG_LEVEL
- LDAP_AUTH_METHOD
- LDAP_BASE
- LDAP_BINDDN
- LDAP_BINDPW
- LDAP_FILTER
- LDAP_VERSION
- LDAP_TLS_CIPHERS
- LDAP_TLS_CHECK_PEER
- LDAP_TLS_CACERT_FILE
- LDAP_TLS_CACERT_DIR
- LDAP_START_TLS
- LDAP_URL
- LDAP_USE_TLS
- MAX_PARTICIPANTS
- PROSODY_RESERVATION_ENABLED
- PROSODY_RESERVATION_REST_BASE_URL
- PUBLIC_URL
- TURN_CREDENTIALS
- TURN_HOST
- TURNS_HOST
- TURN_PORT
- TURNS_PORT
- TZ
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_MODULES
- XMPP_MUC_MODULES
- XMPP_MUC_CONFIGURATION
- XMPP_INTERNAL_MUC_MODULES
- XMPP_RECORDER_DOMAIN
- XMPP_PORT
networks:
federated:
ipv4_address: 172.99.0.26
aliases:
- xmpp.meet.jitsi
# Focus component
jicofo:
image: jitsi/jicofo:\${JITSI_IMAGE_VERSION:-stable-7882}
restart: \${RESTART_POLICY:-unless-stopped}
volumes:
- \${CONFIG}/jicofo:/config:Z
environment:
- AUTH_TYPE
- BRIDGE_AVG_PARTICIPANT_STRESS
- BRIDGE_STRESS_THRESHOLD
- ENABLE_AUTH
- ENABLE_AUTO_OWNER
- ENABLE_CODEC_VP8
- ENABLE_CODEC_VP9
- ENABLE_CODEC_H264
- ENABLE_OCTO
- ENABLE_RECORDING
- ENABLE_SCTP
- ENABLE_AUTO_LOGIN
- JICOFO_AUTH_USER
- JICOFO_AUTH_PASSWORD
- JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS
- JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT
- JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT
- JICOFO_ENABLE_HEALTH_CHECKS
- JICOFO_SHORT_ID
- JIBRI_BREWERY_MUC
- JIBRI_REQUEST_RETRIES
- JIBRI_PENDING_TIMEOUT
- JIGASI_BREWERY_MUC
- JIGASI_SIP_URI
- JVB_BREWERY_MUC
- MAX_BRIDGE_PARTICIPANTS
- OCTO_BRIDGE_SELECTION_STRATEGY
- SENTRY_DSN="\${JICOFO_SENTRY_DSN:-0}"
- SENTRY_ENVIRONMENT
- SENTRY_RELEASE
- TZ
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN
- XMPP_SERVER
- XMPP_PORT
depends_on:
- prosody
networks:
federated:
ipv4_address: 172.99.0.27
# Video bridge
jvb:
image: jitsi/jvb:\${JITSI_IMAGE_VERSION:-stable-7882}
restart: \${RESTART_POLICY:-unless-stopped}
ports:
- '\${JVB_PORT:-10000}:\${JVB_PORT:-10000}/udp'
- '127.0.0.1:\${JVB_COLIBRI_PORT:-9090}:9090'
volumes:
- \${CONFIG}/jvb:/config:Z
environment:
- DOCKER_HOST_ADDRESS
- ENABLE_COLIBRI_WEBSOCKET
- ENABLE_OCTO
- ENABLE_MULTI_STREAM
- JVB_ADVERTISE_IPS
- JVB_ADVERTISE_PRIVATE_CANDIDATES
- JVB_AUTH_USER
- JVB_AUTH_PASSWORD
- JVB_BREWERY_MUC
- JVB_DISABLE_STUN
- JVB_PORT
- JVB_MUC_NICKNAME
- JVB_STUN_SERVERS
- JVB_OCTO_BIND_ADDRESS
- JVB_OCTO_REGION
- JVB_OCTO_RELAY_ID
- JVB_WS_DOMAIN
- JVB_WS_SERVER_ID
- PUBLIC_URL
- SENTRY_DSN="\${JVB_SENTRY_DSN:-0}"
- SENTRY_ENVIRONMENT
- SENTRY_RELEASE
- COLIBRI_REST_ENABLED
- SHUTDOWN_REST_ENABLED
- TZ
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER
- XMPP_PORT
depends_on:
- prosody
networks:
federated:
ipv4_address: 172.99.0.28
networks:
federated:
external: true
EOF
LDAP_SECRET=`cat /federated/apps/ldap/.ldap.secret`
# Create Jitsi .env file
cat > /federated/apps/jitsi/.env <<EOF
# shellcheck disable=SC2034
################################################################################
################################################################################
# Welcome to the Jitsi Meet Docker setup!
#
# This sample .env file contains some basic options to get you started.
# The full options reference can be found here:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker
################################################################################
################################################################################
#
# Basic configuration options
#
# Directory where all configuration will be stored
CONFIG=~/.jitsi-meet-cfg
# Exposed HTTP port
HTTP_PORT=9000
# Exposed HTTPS port
HTTPS_PORT=9443
# System time zone
TZ=UTC
# Public URL for the web service (required)
PUBLIC_URL=https://jitsi.$DOMAIN
#XMPP_DOMAIN=$DOMAIN
# Media IP addresses to advertise by the JVB
# This setting deprecates DOCKER_HOST_ADDRESS, and supports a comma separated list of IPs
# See the "Running behind NAT or on a LAN environment" section in the Handbook:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
#JVB_ADVERTISE_IPS=192.168.1.1,1.2.3.4
#
# JaaS Components (beta)
# https://jaas.8x8.vc
#
# Enable JaaS Components (hosted Jigasi)
#ENABLE_JAAS_COMPONENTS=0
#
# Let's Encrypt configuration
#
# Enable Let's Encrypt certificate generation
#ENABLE_LETSENCRYPT=1
# Domain for which to generate the certificate
#LETSENCRYPT_DOMAIN=meet.example.com
# E-Mail for receiving important account notifications (mandatory)
#LETSENCRYPT_EMAIL=alice@atlanta.net
# Use the staging server (for avoiding rate limits while testing)
#LETSENCRYPT_USE_STAGING=1
#
# Etherpad integration (for document sharing)
#
# Set etherpad-lite URL in docker local network (uncomment to enable)
#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001
# Set etherpad-lite public URL, including /p/ pad path fragment (uncomment to enable)
#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/
# Name your etherpad instance!
ETHERPAD_TITLE=Video Chat
# The default text of a pad
ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n"
# Name of the skin for etherpad
ETHERPAD_SKIN_NAME=colibris
# Skin variants for etherpad
ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor"
#
# Basic Jigasi configuration options (needed for SIP gateway support)
#
# SIP URI for incoming / outgoing calls
#JIGASI_SIP_URI=test@sip2sip.info
# Password for the specified SIP account as a clear text
#JIGASI_SIP_PASSWORD=passw0rd
# SIP server (use the SIP account domain if in doubt)
#JIGASI_SIP_SERVER=sip2sip.info
# SIP server port
#JIGASI_SIP_PORT=5060
# SIP server transport
#JIGASI_SIP_TRANSPORT=UDP
#
# Authentication configuration (see handbook for details)
#
# Enable authentication
ENABLE_AUTH=1
# Enable guest access
ENABLE_GUESTS=1
# Select authentication type: internal, jwt, ldap or matrix
AUTH_TYPE=ldap
# JWT authentication
#
# Application identifier
#JWT_APP_ID=my_jitsi_app_id
# Application secret known only to your token generator
#JWT_APP_SECRET=my_jitsi_app_secret
# (Optional) Set asap_accepted_issuers as a comma separated list
#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client
# (Optional) Set asap_accepted_audiences as a comma separated list
#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2
# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
#
# LDAP url for connection
LDAP_URL=ldap://ldap.$DOMAIN/
# LDAP base DN. Can be empty
LDAP_BASE=DC=federatedcomputer,DC=cloud
# LDAP user DN. Do not specify this parameter for the anonymous bind
LDAP_BINDDN=CN=admin,DC=federatedcomputer,DC=cloud
# LDAP user password. Do not specify this parameter for the anonymous bind
LDAP_BINDPW=$LDAP_SECRET
# LDAP filter. Tokens example:
# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail
# %s - %s is replaced by the complete service string
# %r - %r is replaced by the complete realm string
#LDAP_FILTER=(sAMAccountName=%u)
#LDAP_FILTER=(mail=%u@$DOMAIN)
# LDAP authentication method
LDAP_AUTH_METHOD=bind
# LDAP version
#LDAP_VERSION=3
# LDAP TLS using
#LDAP_USE_TLS=1
# List of SSL/TLS ciphers to allow
#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC
# Require and verify server certificate
#LDAP_TLS_CHECK_PEER=1
# Path to CA cert file. Used when server certificate verify is enabled
#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt
# Path to CA certs directory. Used when server certificate verify is enabled
#LDAP_TLS_CACERT_DIR=/etc/ssl/certs
# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://
#LDAP_START_TLS=1
#
# Security
#
# Set these to strong passwords to avoid intruders from impersonating a service account
# The service(s) won't start unless these are specified
# Running ./gen-passwords.sh will update .env with strong passwords
# You may skip the Jigasi and Jibri passwords if you are not using those
# DO NOT reuse passwords
#
# XMPP password for Jicofo client connections
JICOFO_AUTH_PASSWORD=
# XMPP password for JVB client connections
JVB_AUTH_PASSWORD=
# XMPP password for Jigasi MUC client connections
JIGASI_XMPP_PASSWORD=
# XMPP recorder password for Jibri client connections
JIBRI_RECORDER_PASSWORD=
# XMPP password for Jibri client connections
JIBRI_XMPP_PASSWORD=
#
# Docker Compose options
#
# Container restart policy
#RESTART_POLICY=unless-stopped
# Jitsi image version (useful for local development)
#JITSI_IMAGE_VERSION=latest
ENABLE_SIMULCAST=false
EOF
mkdir -p ~/.jitsi-meet-cfg/{web,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}
[ $? -ne 0 ] && fail "Couldn't run mkdir for jitsi configurations"
/federated/apps/jitsi/gen-passwords.sh
[ $? -ne 0 ] && fail "Couldn't run /federated/apps/jitsi/gen-passwords.sh"
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_jitsi() {
# Start service with command to make sure it's up before proceeding
start_service "jitsi" "nc -z 172.99.0.25 443 &> /dev/null" "8"
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}

88
lib/listmonk.sh.old
View File

@ -1,88 +0,0 @@
#!/bin/bash
#
# Listmonk Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_listmonk() {
echo -ne "\n* Configuring /federated/apps/listmonk container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/listmonk" ]; then
mkdir -p /federated/apps/listmonk/data/listmonk/static /federated/apps/listmonk/data/listmonk/uploads
fi
cat > /federated/apps/listmonk/docker-compose.yml <<EOF
version: "3.7"
services:
listmonk:
image: listmonk/listmonk:\${IMAGE_VERSION}
container_name: listmonk
hostname: listmonk.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.21
env_file:
- ./.env
volumes:
- ./data/listmonk/config.toml:/listmonk/config.toml
- ./data/listmonk/static:/listmonk/static
- ./data/listmonk/uploads:/listmonk/uploads
labels:
- "traefik.enable=true"
- "traefik.http.routers.listmonk.rule=Host(\`listmonk.$DOMAIN\`)"
- "traefik.http.routers.listmonk.entrypoints=websecure"
- "traefik.http.routers.listmonk.tls.certresolver=letsencrypt"
networks:
federated:
external: true
EOF
cat > /federated/apps/listmonk/.env <<EOF
IMAGE_VERSION="v2.4.0"
TZ=Etc/UTC
EOF
cat > /federated/apps/listmonk/data/listmonk/config.toml <<EOF
[app]
address = "0.0.0.0:9000"
admin_username = "listmonk"
admin_password = "$LISTMONKPASS"
# Database.
[db]
host = "postgresql.$DOMAIN"
port = 5432
user = "listmonk"
password = "$LISTMONK_SECRET"
database = "listmonk"
ssl_mode = "verify-full"
max_open = 25
max_idle = 25
max_lifetime = "300s"
EOF
chmod 600 /federated/apps/listmonk/data/listmonk/config.toml /federated/apps/listmonk/.env
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_listmonk() {
# Install the database scheme first
docker-compose -f /federated/apps/listmonk/docker-compose.yml run --rm listmonk ./listmonk --install --yes &> /dev/null
# Change app.root_url and other settings to our domain
docker exec postgresql psql -U listmonk -c "update settings set value='\"http://listmonk.$DOMAIN\"' where key='app.root_url'" &> /dev/null
docker exec postgresql psql -U listmonk -c "update settings set value='\"listmonk <listmonk@listmonk.$DOMAIN>\"' where key='app.from_email'" &> /dev/null
docker exec postgresql psql -U listmonk -c "update settings set value='[{\"host\": \"mail.$DOMAIN\", \"port\": 587, \"enabled\": true, \"password\": \"$ADMINPASS\", \"tls_type\": \"STARTTLS\", \"username\": \"fcore\", \"max_conns\": 10, \"idle_timeout\": \"15s\", \"wait_timeout\": \"5s\", \"auth_protocol\": \"login\", \"email_headers\": [], \"hello_hostname\": \"\", \"max_msg_retries\": 2, \"tls_skip_verify\": false}, {\"host\": \"smtp.gmail.com\", \"port\": 465, \"enabled\": false, \"password\": \"password\", \"tls_type\": \"TLS\", \"username\": \"username@gmail.com\", \"max_conns\": 10, \"idle_timeout\": \"15s\", \"wait_timeout\": \"5s\", \"auth_protocol\": \"login\", \"email_headers\": [], \"hello_hostname\": \"\", \"max_msg_retries\": 2, \"tls_skip_verify\": false}]' where key='smtp';" &> /dev/null
# Start service with command to make sure it's up before proceeding
start_service "listmonk" "nc -z 172.99.0.21 9000 &> /dev/null" "8"
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}

154
lib/msp.sh.old
View File

@ -1,154 +0,0 @@
#!/bin/bash
#
# MSP Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_msp() {
echo -ne "\n* Configuring msp container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/msp" ]; then
mkdir -p /federated/apps/msp/data
fi
EXTERNALIP=$(get_externalip);
ADMINPASS=`cat /federated/apps/panel/.env | grep SMTP_PASSWORD | awk -F= '{ print $2 }'`
TRAEFIK_HTTPAUTH_STRING_MSP=$(echo `htpasswd -nb admin@$DOMAIN $ADMINPASS` | sed -e s/\\$/\\$\\$/g)
cat > /federated/apps/msp/docker-compose.yml <<EOF
version: '3.7'
services:
msp:
image: thebells1111/federated-msp:\${IMAGE_VERSION}
container_name: msp
hostname: msp.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.38
volumes:
- ./data/var/docker/msp/credentials:/usr/src/app/msp/credentials
- ./data/var/docker/msp/mspDB:/usr/src/app/msp/mspDB
- ./data/var/docker/msp/albums:/usr/src/app/msp/public
env_file:
- ./.env
labels:
- "traefik.enable=true"
- "traefik.http.routers.msp.rule=Host(\`msp.$DOMAIN\`)"
- "traefik.http.routers.msp.service=msp"
- "traefik.http.routers.msp.entrypoints=websecure"
- "traefik.http.routers.msp.tls.certresolver=letsencrypt"
- "traefik.http.services.msp.loadbalancer.server.port=3000"
- "traefik.http.routers.msp.middlewares=msp-auth"
- "traefik.http.middlewares.msp-auth.basicauth.users=$TRAEFIK_HTTPAUTH_STRING_MSP"
- "traefik.http.routers.mspnew.rule=Host(\`msp.$DOMAIN\`) && PathPrefix(\`/albums\`)"
- "traefik.http.routers.mspnew.entrypoints=websecure"
- "traefik.http.routers.mspnew.tls.certresolver=letsencrypt"
- "traefik.http.routers.mspnew.service=mspnew"
- "traefik.http.services.mspnew.loadbalancer.server.port=3000"
networks:
federated:
external: true
EOF
cat > /federated/apps/msp/.env <<EOF
IMAGE_VERSION="latest"
EOF
chmod 600 /federated/apps/msp/.env
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
start_msp() {
# Start service with command to make sure it's up before proceeding
start_service "msp" "nc -z 172.99.0.38 3000 &> /dev/null" "7"
docker exec pdns pdnsutil add-record $DOMAIN msp A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record for msp"
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
email_msp() {
echo -ne "* Sending email to customer.."
spin &
SPINPID=$!
cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
<html>
<img src="https://www.federated.computer/wp-content/uploads/2023/11/logo.png" alt="" /><br>
<p>
<h4>MSP (Music Side Project) is now installed on $DOMAIN</h4>
<p>
Here is your applications chart on how to access this service:<br>
<p>
<h4>Applications</h4>
<style type="text/css">
.tg {border-collapse:collapse;border-spacing:0;}
.tg td{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px;
overflow:hidden;padding:10px 5px;word-break:normal;}
.tg th{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px;
font-weight:normal;overflow:hidden;padding:10px 5px;word-break:normal;}
.tg .tg-cul6{border-color:inherit;color:#340096;text-align:left;text-decoration:underline;vertical-align:top}
.tg .tg-acii{background-color:#FFF;border-color:inherit;color:#333;text-align:left;vertical-align:top}
.tg .tg-0hty{background-color:#000000;border-color:inherit;color:#ffffff;font-weight:bold;text-align:left;vertical-align:top}
.tg .tg-kwiq{border-color:inherit;color:#000000;text-align:left;vertical-align:top}
.tg .tg-0pky{border-color:inherit;text-align:left;vertical-align:top}
</style>
<table class="tg" style="undefined;table-layout: fixed; width: 996px">
<colgroup>
<col style="width: 101.333333px">
<col style="width: 203.333333px">
<col style="width: 282.333333px">
<col style="width: 185.33333px">
<col style="width: 78.333333px">
<col style="width: 220.333333px">
</colgroup>
<thead>
<tr>
<th class="tg-0hty">Service</th>
<th class="tg-0hty">Link</th>
<th class="tg-0hty">User / Pass</th>
<th class="tg-0hty">Access</th>
<th class="tg-0hty">Docs</th>
<th class="tg-0hty">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tg-kwiq">Music Side Project</td>
<td class="tg-kwiq"><a href="https://msp.$DOMAIN/" target="_blank" rel="noopener noreferrer"><span style="color:#340096">msp.$DOMAIN</span></a></td>
<td class="tg-kwiq">admin@$DOMAIN<br>$ADMINPASS</td>
<td class="tg-kwiq">User access is separate from panel</td>
<td class="tg-cul6"><a href="https://documentation.federated.computer/docs/getting_started/welcome/" target="_blank" rel="noopener noreferrer"><span style="color:#340096">Click here</span></a></td>
<td class="tg-kwiq">Music Side Project Studio enables you to harness the potential of RSS feeds and the Lightning Network, allowing you to self-host your music and receive direct payment from your fans</td>
</tr>
</tbody>
</table>
<h4>Thanks for your support!</h4>
<p>
Thank you for your support of Federated Computer. We really appreciate it and hope you have a very successful
time with Federated Core.
<p>
Again, if we can be of any assistance, please don't hesitate to get in touch.
<p>
Support: https://support.federated.computer<br>
Phone: (970) 722-8715<br>
Email: support@federated.computer<br>
<p>
It's <b>your</b> computer. Let's make it work for you!
</html>
EOF
# Send out e-mail from mail container with details
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
rm /federated/apps/mail/data/root/certs/mailfile
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}

307
lib/nextcloud.sh.old
View File

@ -1,307 +0,0 @@
#!/bin/bash -x
#
# NextCloud Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_nextcloud() {
echo -ne "\n* Configuring /federated/apps/nextcloud container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/nextcloud" ]; then
mkdir -p /federated/apps/nextcloud/data/root &> /dev/null
mkdir -p /federated/apps/nextcloud/data/home &> /dev/null
mkdir -p /federated/apps/nextcloud/data/var/www/html &> /dev/null
mkdir -p /federated/apps/nextcloud/data/var/www/html/custom_apps &> /dev/null
mkdir -p /federated/apps/nextcloud/data/var/www/config &> /dev/null
mkdir -p /federated/apps/nextcloud/data/var/www/data &> /dev/null
mkdir -p /federated/apps/nextcloud/data/usr/local/etc/php/conf.d &> /dev/null
fi
cat > /federated/apps/nextcloud/docker-compose.yml <<EOF
version: '3.7'
services:
nextcloud:
image: nextcloud:\${IMAGE_VERSION}
container_name: nextcloud
hostname: nextcloud.$DOMAIN
domainname: $DOMAIN
restart: always
# working_dir: /var/www/html
networks:
federated:
ipv4_address: 172.99.0.18
extra_hosts:
- "collabora.$DOMAIN:$EXTERNALIP"
volumes:
- ./data/root:/root
- ./data/home:/home
- ./data/var/www/html:/var/www/html
- ./data/var/www/html/custom_apps:/var/www/html/custom_apps
- ./data/var/www/config:/var/www/config
- ./data/var/www/data:/var/www/data
- ./data/usr/local/etc/php/conf.d/opcache-recommended.ini:/usr/local/etc/php/conf.d/opcache-recommended.ini
- ./data/usr/local/etc/php/conf.d/docker-php-ext-apcu.ini:/usr/local/etc/php/conf.d/docker-php-ext-apcu.ini
env_file:
- ./.env
secrets:
- federated_psql_password
- federated_nextcloud_password
labels:
- "traefik.enable=true"
- "traefik.http.routers.nextcloud.rule=Host(\`nextcloud.$DOMAIN\`)"
- "traefik.http.routers.nextcloud.entrypoints=websecure"
- "traefik.http.routers.nextcloud.tls.certresolver=letsencrypt"
- "traefik.http.routers.nextcloud.middlewares=nextcloud-redirectregex1,nextcloud-redirectregex2,nextcloudheader"
- "traefik.http.middlewares.nextcloud-redirectregex1.redirectregex.permanent=true"
- "traefik.http.middlewares.nextcloud-redirectregex1.redirectregex.regex=https?://([^/]*)/.well-known/(card|cal)dav"
- "traefik.http.middlewares.nextcloud-redirectregex1.redirectregex.replacement=https://\$\${1}/remote.php/dav/"
- "traefik.http.middlewares.nextcloud-redirectregex2.redirectregex.permanent=true"
- "traefik.http.middlewares.nextcloud-redirectregex2.redirectregex.regex=https?://([^/]*)(/.well-known[^#]*)"
- "traefik.http.middlewares.nextcloud-redirectregex2.redirectregex.replacement=https://\$\${1}/index.php\$\${2}"
- "traefik.http.middlewares.nextcloudheader.headers.stsSeconds=15552000"
- "traefik.http.middlewares.nextcloudheader.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.nextcloudheader.headers.stsPreload=true"
- "traefik.http.middlewares.nextcloudheader.headers.forceSTSHeader=true"
secrets:
federated_psql_password:
file: ./.postgresql.secret
federated_nextcloud_password:
file: ./.nextcloud.secret
networks:
federated:
external: true
EOF
LDAP_SECRET=`cat /federated/apps/ldap/.ldap.secret`
echo "$NEXTCLOUD_SECRET" > /federated/apps/nextcloud/.postgresql.secret
echo "$ADMINPASS" > /federated/apps/nextcloud/.nextcloud.secret
chmod 600 /federated/apps/nextcloud/.postgresql.secret /federated/apps/nextcloud/.nextcloud.secret
cat > /federated/apps/nextcloud/.env <<EOF
IMAGE_VERSION=28.0.4
NEXTCLOUD_UPDATE=1
PHP_MEMORY_LIMIT=2048M
PHP_UPLOAD_LIMIT=2048M
TRUSTED_PROXIES=172.99.0.0/16
NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.$DOMAIN
NEXTCLOUD_ADMIN_USER=nextcloud
NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/federated_nextcloud_password
POSTGRES_HOST=postgresql.$DOMAIN
POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud
POSTGRES_PASSWORD_FILE=/run/secrets/federated_psql_password
EOF
chmod 600 /federated/apps/nextcloud/.env
cat > /federated/apps/nextcloud/data/usr/local/etc/php/conf.d/opcache-recommended.ini <<EOF
opcache.enable=1
opcache.interned_strings_buffer=32
opcache.max_accelerated_files=18000
opcache.memory_consumption=256
opcache.save_comments=1
opcache.revalidate_freq=60
EOF
cat > /federated/apps/nextcloud/data/usr/local/etc/php/conf.d/docker-php-ext-apcu.ini <<EOF
extension=apcu
apc.enable_cli=1
apc.shm_size=256M
apc.ttl=3600
apc.user_ttl=7200
apc.gc_ttl=3600
apc.max_file_size=2M
EOF
#if [[ "$BUNDLE" = "starter" ]]; then
# sed -i "s/2048M/96M/g" /federated/apps/nextcloud/.env
# sed -i "s/256/64/g" /federated/apps/nextcloud/data/usr/local/etc/php/conf.d/opcache-recommended.ini
# sed -i "s/256M/64M/g" /federated/apps/nextcloud/data/usr/local/etc/php/conf.d/docker-php-ext-apcu.ini
#fi
cat > /federated/apps/nextcloud/data/configs.json <<EOF
{
"system": {
"mail_smtpmode": "smtp",
"mail_smtpsecure": "tls",
"mail_sendmailmode": "smtp",
"mail_from_address": "nextcloud",
"mail_domain": "$DOMAIN",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtphost": "mail.$DOMAIN",
"mail_smtpport": "587",
"mail_smtpname": "fcore",
"mail_smtppassword": "$ADMINPASS"
},
"apps": {
"core": {
"backgroundjobs_mode": "cron"
},
"side_menu": {
"background-color-opacity": "100",
"current-app-background-color": "#005b8d",
"types": "",
"enabled": "yes",
"text-color": "#ffffff",
"loader-color": "#339bd4",
"types": "",
"always-displayed": "0",
"big-menu": "0",
"side-with-categories": "0",
"background-color": "#0068a1",
"background-color-to": "#0068a1",
"icon-invert-filter": "0",
"icon-opacity": "100",
"opener": "side-menu-opener",
"dark-mode-background-color": "#0068a1",
"dark-mode-background-color-to": "#0068a1",
"dark-mode-background-color-opacity": "100",
"dark-mode-current-app-background-color": "#005b8d",
"dark-mode-text-color": "#ffffff",
"dark-mode-loader-color": "#ffffff",
"dark-mode-icon-invert-filter": "0",
"dark-mode-icon-opacity": "100",
"dark-mode-opener": "side-menu-opener",
"opener-position": "before",
"opener-only": "0",
"hide-when-no-apps": "0",
"opener-hover": "0",
"display-logo": "1",
"use-avatar": "0",
"add-logo-link": "1",
"big-menu-hidden-apps": "[]",
"show-settings": "0",
"size-icon": "normal",
"size-text": "normal",
"target-blank-apps": "[]",
"loader-enabled": "1",
"top-side-menu-apps": "[]",
"top-menu-mouse-over-hidden-label": "0",
"apps-order": "[\"dashboard\",\"mail\",\"calendar\",\"contacts\",\"notes\",\"tasks\",\"files\",\"deck\",\"bookmarks\",\"forms\",\"spreed\",\"photos\",\"activity\"]",
"categories-order-type": "default",
"categories-custom": "[]",
"apps-categories-custom": "[]",
"categories-order": "[\"other\",\"customization\",\"dashboard\",\"external_links\",\"files\",\"workflow\",\"games\",\"integration\",\"monitoring\",\"multimedia\",\"office\",\"organization\",\"search\",\"security\",\"social\",\"tools\"]",
"default-enabled": "1",
"force": "0",
"top-menu-apps": "[\"photos\",\"activity\",\"dashboard\",\"forms\",\"calendar\",\"tasks\",\"bookmarks\",\"deck\",\"contacts\",\"notes\",\"spreed\",\"mail\",\"files\"]",
"cache": "2"
}
}
}
EOF
cat > /federated/apps/nextcloud/data/config.sh <<EOF
#!/bin/sh
PATH=/var/www/html:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/bin
/var/www/html/occ app:enable user_ldap
/var/www/html/occ ldap:create-empty-config
/var/www/html/occ ldap:set-config s01 ldapHost 'ldaps://ldap.$DOMAIN'
/var/www/html/occ ldap:set-config s01 ldapAgentName cn=admin,dc=federatedcomputer,dc=cloud
/var/www/html/occ ldap:set-config s01 ldapAgentPassword $LDAP_SECRET
/var/www/html/occ ldap:set-config s01 ldapBase ou=people,dc=federatedcomputer,dc=cloud
/var/www/html/occ ldap:set-config s01 ldapBaseGroups ou=groups,dc=federatedcomputer,dc=cloud
/var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=people,dc=federatedcomputer,dc=cloud
/var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail
/var/www/html/occ ldap:set-config s01 ldapGidNumber gidNumber
/var/www/html/occ ldap:set-config s01 ldapGroupDisplayName cn
/var/www/html/occ ldap:set-config s01 ldapGroupFilter '(&(|(objectclass=posixGroup)))'
/var/www/html/occ ldap:set-config s01 ldapGroupFilterMode 0
/var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass inetOrgPerson
/var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr uniqueMember
/var/www/html/occ ldap:set-config s01 ldapLoginFilter '(&(|(objectclass=inetOrgPerson))(mail=%uid))'
/var/www/html/occ ldap:set-config s01 ldapLoginFilterEmail 0
/var/www/html/occ ldap:set-config s01 ldapLoginFilterMode 0
/var/www/html/occ ldap:set-config s01 ldapLoginFilterUsername 1
/var/www/html/occ ldap:set-config s01 ldapLoginFilterEmail 0
/var/www/html/occ ldap:set-config s01 ldapMatchingRuleInChainState unknown
/var/www/html/occ ldap:set-config s01 ldapNestedGroups 0
/var/www/html/occ ldap:set-config s01 ldapPagingSize 500
/var/www/html/occ ldap:set-config s01 ldapPort 636
/var/www/html/occ ldap:set-config s01 ldapTLS 1
/var/www/html/occ ldap:set-config s01 ldapUserAvatarRule default
/var/www/html/occ ldap:set-config s01 ldapUserDisplayName cn
/var/www/html/occ ldap:set-config s01 ldapUserFilter '(|(objectclass=inetOrgPerson))'
/var/www/html/occ ldap:set-config s01 ldapUserFilterMode 0
/var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass inetOrgPerson
/var/www/html/occ ldap:set-config s01 ldapUuidGroupAttribute auto
/var/www/html/occ ldap:set-config s01 ldapUuidUserAttribute auto
/var/www/html/occ ldap:set-config s01 turnOffCertCheck 0
/var/www/html/occ ldap:set-config s01 turnOnPasswordChange 0
/var/www/html/occ ldap:set-config s01 useMemberOfToDetectMembership 1
/var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1
/var/www/html/occ ldap:set-config s01 ldap_expert_username_attr uid
/var/www/html/occ ldap:set-config s01 ldap_display_name givenName
/var/www/html/occ config:system:set overwriteprotocol --value=https
/var/www/html/occ config:system:set default_phone_region --value="$COUNTRY"
/var/www/html/occ config:system:delete trusted_domains
/var/www/html/occ config:system:set trusted_domains 1 --value=*
/var/www/html/occ group:adduser admin admin
/var/www/html/occ user:delete nextcloud
/var/www/html/occ app:enable mail
/var/www/html/occ app:enable calendar
/var/www/html/occ app:enable contacts
/var/www/html/occ app:enable notes
/var/www/html/occ app:enable deck
/var/www/html/occ app:enable tasks
/var/www/html/occ app:enable bookmarks
/var/www/html/occ app:enable forms
/var/www/html/occ app:enable spreed
/var/www/html/occ app:enable side_menu
/var/www/html/occ app:enable external
/var/www/html/occ app:enable richdocuments
/var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments public_wopi_url
/var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments wopi_url
/var/www/html/occ config:app:set --value ooxml richdocuments doc_format
/var/www/html/occ config:app:set --value "" richdocuments disable_certificate_verification
/var/www/html/occ config:app:set external sites "--value={\"1\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":1,\"name\":\"Video Conference (Jitsi)\",\"url\":\"https:\/\/jitsi.$DOMAIN\"},\"2\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":2,\"name\":\"Worldwide Chat (Element)\",\"url\":\"https:\/\/element.$DOMAIN\"},\"3\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":3,\"name\":\"Mailing Lists (Listmonk)\",\"url\":\"https:\/\/listmonk.$DOMAIN\"},\"4\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":4,\"name\":\"Databases (Baserow)\",\"url\":\"https:\/\/baserow.$DOMAIN\"},\"5\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":5,\"name\":\"Passwords (Vaultwarden)\",\"url\":\"https:\/\/vaultwarden.$DOMAIN\"},\"7\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":7,\"name\":\"Source code (Gitea)\",\"url\":\"https:\/\/gitea.$DOMAIN\"}}"
/var/www/html/occ config:import configs.json
EOF
chmod +x /federated/apps/nextcloud/data/config.sh
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_nextcloud() {
# Start service with command to make sure it's up before proceeding
start_service "nextcloud" "nc -z 172.99.0.18 80 &> /dev/null" "35"
# Move config.sh and sidemenu config, set config.sh executable
mv /federated/apps/nextcloud/data/config.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/
docker exec nextcloud chown www-data:root /var/www/html/config.sh /var/www/html/configs.json
docker exec nextcloud chmod 755 /var/www/html/config.sh
[ $? -ne 0 ] && fail "Couldn't chown config.sh in /federated/apps/nextcloud container"
# Run config.sh - Setup LDAP, configuration for nextcloud
docker exec -u 33 nextcloud /var/www/html/config.sh &> /dev/null
[ $? -ne 0 ] && fail "Couldn't run config.sh inside /federated/apps/nextcloud container"
# Add admin user to group
# Have to do it this many times so it will query LDAP and populate admin user first
docker exec -u 33 nextcloud /var/www/html/occ ldap:search admin
docker exec -u 33 nextcloud /var/www/html/occ group:list
docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin
docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin
docker exec -u 33 nextcloud /var/www/html/occ group:list
# Setup admin email account
docker exec -u 33 nextcloud bash -c "/var/www/html/occ mail:account:create admin admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password" &> /dev/null
# Add missing indexes and disable activity app
docker exec -u 33 nextcloud /var/www/html/occ db:add-missing-indices
docker exec -u 33 nextcloud /var/www/html/occ app:disable activity
# Remove configs
rm /federated/apps/nextcloud/data/var/www/html/config.sh /federated/apps/nextcloud/data/var/www/html/configs.json
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}

114
lib/postgresql.sh.old
View File

@ -1,114 +0,0 @@
#!/bin/bash
#
# Postgresql Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_postgresql() {
echo -ne "\n* Configuring /federated/apps/postgresql container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/postgresql" ]; then
mkdir -p /federated/apps/postgresql/data/var/lib/postgresql /federated/apps/postgresql/data/docker-entrypoint-initdb.d
cp /federated/certs/certs/$DOMAIN.crt /federated/apps/postgresql/data/var/lib/postgresql/server.crt
cp /federated/certs/private/$DOMAIN.key /federated/apps/postgresql/data/var/lib/postgresql/server.key
chown 999 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key
chmod 600 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key
fi
cat > /federated/apps/postgresql/docker-compose.yml <<EOF
version: "3.7"
services:
postgresql:
image: postgres:\${IMAGE_VERSION}
container_name: postgresql
hostname: postgresql.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.14
volumes:
- ./data/var/lib/postgresql/server.crt:/var/lib/postgresql/server.crt
- ./data/var/lib/postgresql/server.key:/var/lib/postgresql/server.key
- ./data/var/lib/postgresql/data:/var/lib/postgresql/data
- ./data/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
env_file:
- ./.env
secrets:
- federated_psql_password
command: >
-c ssl=on
-c ssl_cert_file=/var/lib/postgresql/server.crt
-c ssl_key_file=/var/lib/postgresql/server.key
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 10s
timeout: 5s
retries: 5
secrets:
federated_psql_password:
file: ./.postgresql.secret
networks:
federated:
external: true
EOF
cat > /federated/apps/postgresql/.env <<EOF
IMAGE_VERSION="14"
POSTGRES_DB=postgres
POSTGRES_USER=postgres
POSTGRES_PASSWORD_FILE=/run/secrets/federated_psql_password
POSTGRES_INITDB_ARGS=--encoding='UTF8' --lc-collate='C' --lc-ctype='C'
EOF
chmod 600 /federated/apps/postgresql/.env
PSQL_SECRET=$(create_password);
echo "$PSQL_SECRET" > /federated/apps/postgresql/.postgresql.secret
chmod 600 /federated/apps/postgresql/.postgresql.secret
NEXTCLOUD_SECRET=$(create_password);
VAULTWARDEN_SECRET=$(create_password);
# cat postgresql/data/docker-entrypoint-initdb.d/init.sql
cat > /federated/apps/postgresql/data/docker-entrypoint-initdb.d/init.sql <<EOF
CREATE USER nextcloud WITH PASSWORD '$NEXTCLOUD_SECRET';
CREATE DATABASE nextcloud;
GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud;
CREATE USER vaultwarden WITH PASSWORD '$VAULTWARDEN_SECRET';
CREATE DATABASE vaultwarden;
GRANT ALL PRIVILEGES ON DATABASE vaultwarden TO vaultwarden;
EOF
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_postgresql() {
# Start service with command to make sure it's up before proceeding
start_service "postgresql" "nc -z 172.99.0.14 5432 &> /dev/null" "18"
# Tune PostgreSQL
# if [[ "$BUNDLE" = "starter" ]]; then
# sed -i "s#shared_buffers =.*#shared_buffers = 50MB#g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
# sed -i "s#max_connections =.*#max_connections = 400#g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
# sed -i "s/#work_mem =.*/work_mem = 4MB/g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
# sed -i "s/#maintenance_work_mem =.*/maintenance_work_mem = 50MB/g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
# else
sed -i "s#shared_buffers =.*#shared_buffers = 800MB#g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
sed -i "s#max_connections =.*#max_connections = 400#g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
sed -i "s/#work_mem =.*/work_mem = 16MB/g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
sed -i "s/#maintenance_work_mem =.*/maintenance_work_mem = 128MB/g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
# fi
# Restart PostgreSQL
/federated/bin/stop postgresql &> /dev/null
/federated/bin/start postgresql &> /dev/null
# Remove init.sql
# rm /federated/apps/postgresql/data/docker-entrypoint-initdb.d/init.sql
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}

132
lib/traefik.sh.old
View File

@ -1,132 +0,0 @@
#!/bin/bash
#
# Traefik Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_traefik() {
echo -ne "\n* Configuring /federated/apps/traefik container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/traefik" ]; then
mkdir -p /federated/apps/traefik/data/letsencrypt
fi
TRAEFIK_HTTPAUTH_STRING=$(echo `htpasswd -nb admin $ADMINPASS` | sed -e s/\\$/\\$\\$/g)
cat > /federated/apps/traefik/docker-compose.yml <<EOF
version: "3.7"
services:
traefik:
image: traefik:\${IMAGE_VERSION}
container_name: traefik
hostname: traefik.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.13
command:
# Tell Traefik to discover containers using the Docker API
- --providers.docker=true
# Enable the Trafik dashboard
- --api.dashboard=true
# Set up LetsEncrypt
- --certificatesresolvers.letsencrypt.acme.dnschallenge=true
- --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=pdns
- --certificatesresolvers.letsencrypt.acme.email=hostmaster@$DOMAIN
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
- --certificatesresolvers.letsencrypt.acme.dnschallenge.DisablePropagationCheck=true
# --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
# Added HTTP challenge
- --certificatesresolvers.httpresolver.acme.httpchallenge=true
- --certificatesresolvers.httpresolver.acme.httpchallenge.entrypoint=web
#- "--certificatesresolvers.httpresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- --certificatesresolvers.httpresolver.acme.email=hostmaster@$DOMAIN
- --certificatesresolvers.httpresolver.acme.storage=/letsencrypt/httpacme.json
- --log.level=DEBUG
# Set up an insecure listener that redirects all traffic to HTTPS
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
# Set up the TLS configuration for our websecure listener
- --entrypoints.websecure.http.tls=true
- --entrypoints.websecure.http.tls.certResolver=letsencrypt
- --entrypoints.websecure.http.tls.domains[0].main=$DOMAIN
- --entrypoints.websecure.http.tls.domains[0].sans=*.$DOMAIN
env_file:
- ./.env
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/letsencrypt:/letsencrypt
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(\`traefik.$DOMAIN\`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.middlewares=strip"
- "traefik.http.middlewares.strip.stripprefix.prefixes=/traefik"
- "traefik.http.routers.traefik.middlewares=traefik-auth"
- "traefik.http.middlewares.traefik-auth.basicauth.users=$TRAEFIK_HTTPAUTH_STRING"
networks:
federated:
external: true
EOF
PDNS_APIKEY=`grep PDNS_api_key /federated/apps/pdns/.env | awk -F= '{ print $2 }'`
cat > /federated/apps/traefik/.env <<EOF
IMAGE_VERSION="v2.10.1"
PDNS_API_KEY=$PDNS_APIKEY
PDNS_API_URL=http://pdns.$DOMAIN:8081
EOF
chmod 600 /federated/apps/traefik/.env
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_traefik() {
echo -ne "\n* Starting /federated/apps/traefik service.."
spin &
SPINPID=$!
if [ $DEBUG ]; then
# Start /federated/apps/traefik with output to console for debug
docker-compose -f /federated/apps/traefik/docker-compose.yml -p traefik up
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/traefik"
else
# Start /federated/apps/traefik with output to /dev/null
docker-compose -f /federated/apps/traefik/docker-compose.yml -p traefik up -d &> /dev/null
# Keep trying to see that certificates are generated
RETRY="20"
while [ $RETRY -gt 0 ]; do
traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/acme.json --dest /federated/certs &> /dev/null
# Check if certs are generated
ls /federated/certs/private/$DOMAIN.key /federated/certs/certs/$DOMAIN.crt &> /dev/null
if [ $? -eq 0 ]; then
kill -9 $SPINPID &> /dev/null
echo -ne "done."
break
else
if [ "$RETRY" == 1 ]; then
docker-compose -f /federated/apps/traefik/docker-compose.yml -p traefik down &> /dev/null
fail "There was a problem starting service /federated/apps/traefik\nCheck the output of 'docker logs traefik' or turn on\ndebug with -d"
fi
((RETRY--))
sleep 9
fi
done
fi
}

72
lib/vaultwarden.sh.old
View File

@ -1,72 +0,0 @@
#!/bin/bash
#
# Vaultwarden Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_vaultwarden() {
echo -ne "\n* Configuring /federated/apps/vaultwarden container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/vaultwarden" ]; then
mkdir -p /federated/apps/vaultwarden/data/data
fi
cat > /federated/apps/vaultwarden/docker-compose.yml <<EOF
version: '3.7'
services:
vaultwarden:
image: vaultwarden/server:\${IMAGE_VERSION}
container_name: vaultwarden
hostname: vaultwarden.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.22
env_file:
- ./.env
volumes:
- ./data/data:/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.vaultwarden.rule=Host(\`vaultwarden.$DOMAIN\`)"
- "traefik.http.routers.vaultwarden.entrypoints=websecure"
- "traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt"
networks:
federated:
external: true
EOF
cat > /federated/apps/vaultwarden/.env <<EOF
IMAGE_VERSION="1.28.1"
DATABASE_URL=postgresql://vaultwarden:$VAULTWARDEN_SECRET@postgresql.$DOMAIN:5432/vaultwarden
WEBSOCKET_ENABLED=true
DOMAIN=https://vaultwarden.$DOMAIN
ADMIN_TOKEN=$VAULTWARDEN_SECRET
#- SIGNUPS_ALLOWED=false
SMTP_HOST=mail.$DOMAIN
SMTP_FROM=vaultwarden@$DOMAIN
SMTP_PORT=587
SMTP_SECURITY=starttls
SMTP_USERNAME=fcore
SMTP_PASSWORD=$ADMINPASS
SIGNUPS_ALLOWED=false
SIGNUPS_DOMAINS_WHITELIST=$DOMAIN
SIGNUPS_VERIFY=true
EOF
chmod 600 /federated/apps/vaultwarden/.env
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_vaultwarden() {
# Start service with command to make sure it's up before proceeding
start_service "vaultwarden" "nc -z 172.99.0.22 80 &> /dev/null" "8"
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}

99
lib/wireguard.sh.old
View File

@ -1,99 +0,0 @@
#!/bin/bash
#
# Wireguard / VPN Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_wireguard() {
echo -ne "\n* Configuring /federated/apps/wireguard container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/wireguard" ]; then
mkdir -p /federated/apps/wireguard/data/config/coredns
fi
cat > /federated/apps/wireguard/docker-compose.yml <<EOF
version: "3.7"
services:
wireguard:
image: linuxserver/wireguard:\${IMAGE_VERSION}
container_name: wireguard
hostname: wireguard.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.24
ports:
- 51820:51820/udp
volumes:
- ./data/config:/config
- ./data/etc/coredns/Corefile:/etc/coredns/Corefile
- /lib/modules:/lib/modules
env_file:
- ./.env
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
networks:
federated:
external: true
EOF
cat > /federated/apps/wireguard/.env <<EOF
IMAGE_VERSION="1.0.20210914"
PUID=1000
PGID=1000
SERVERURL=wireguard.$DOMAIN
SERVERPORT=51820
PEERS=1
PEERDNS=auto
ALLOWEDIPS=0.0.0.0/0,::/0,172.99.0.0/16,192.160.0.0/16,10.13.13.1/32
LOG_CONFS=true
EOF
chmod 600 /federated/apps/wireguard/.env
cat > /federated/apps/wireguard/data/config/coredns/Corefile <<EOF
. {
hosts {
172.99.0.13 powerdns.$DOMAIN
172.99.0.13 traefik.$DOMAIN
172.99.0.13 panel.$DOMAIN
172.99.0.13 nextcloud.$DOMAIN
172.99.0.13 listmonk.$DOMAIN
172.99.0.13 vaultwarden.$DOMAIN
172.99.0.13 jitsi.$DOMAIN
172.99.0.13 element.$DOMAIN
172.99.0.13 matrix.$DOMAIN
172.99.0.13 baserow.$DOMAIN
172.99.0.13 gitea.$DOMAIN
172.99.0.13 autodiscover.$DOMAIN
172.99.0.13 castopod.$DOMAIN
172.99.0.13 wordpress.$DOMAIN
172.99.0.13 bookstack.$DOMAIN
172.99.0.13 freescout.$DOMAIN
172.99.0.13 msp.$DOMAIN
172.99.0.13 espocrm.$DOMAIN
fallthrough
}
loop
health
forward . /etc/resolv.conf
}
EOF
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_wireguard() {
# Start service with command to make sure it's up before proceeding
start_service "wireguard" "nc -uvz 172.99.0.24 51820 &> /dev/null" "8"
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}