bero/test
1
0
Fork 0
Code Issues 52 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

More sso fixes and clean up

Browse Source
This commit is contained in:
root 2024-11-06 16:23:12 +00:00
parent f47b90acda
commit 5d5e949f92
10 changed files with 125 additions and 174 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/installapp-sso
View File

@ -1,4 +1,4 @@
#!/bin/bash -x
#!/bin/bash
#
# Installs SSO on app
. /etc/federated

27
lib/authelia.sh
View File

@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
get_appvars
config_authelia() {
echo -ne "\n* Configuring /federated/apps/authelia container.."
echo -ne "* Configuring authelia container.."
if [ ! -d "/federated/apps/authelia" ]; then
mkdir -p /federated/apps/authelia/data/config
@ -49,13 +49,13 @@ tr -cd '[:alnum:]' < /dev/urandom | fold -w "64" | head -n 1 > /federated/apps/a
tr -cd '[:alnum:]' < /dev/urandom | fold -w "64" | head -n 1 > /federated/apps/authelia/data/secrets/STORAGE_ENCRYPTION_KEY
echo "$LDAP_SECRET" > /federated/apps/authelia/data/secrets/AUTHENTICATION_BACKEND_LDAP_PASSWORD
echo "$ADMINPASS" > /federated/apps/authelia/data/secrets/NOTIFIER_SMTP_PASSWORD
openssl genrsa -out /federated/apps/authelia/data/secrets/private.pem 4096
openssl rsa -in /federated/apps/authelia/data/secrets/private.pem -outform PEM -pubout -out /federated/apps/authelia/data/secrets/public.pem
openssl genrsa -out /federated/apps/authelia/data/secrets/private.pem 4096 2>/dev/null
openssl rsa -in /federated/apps/authelia/data/secrets/private.pem -outform PEM -pubout -out /federated/apps/authelia/data/secrets/public.pem 2>/dev/null
POWERDNS_CLIENT_SECRET=$(create_password);
POWERDNS_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $POWERDNS_CLIENT_SECRET | awk '{ print $2 }')
POWERDNS_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $POWERDNS_CLIENT_SECRET 2>/dev/null | awk '{ print $2 }')
[[ -d "/federated/apps/pdnsmysql/data/var/lib/mysql/pdnsadmin" ]] && POWERDNS_DB="pdnsadmin" || POWERDNS_DB="pdns"
NEXTCLOUD_CLIENT_SECRET=$(create_password);
NEXTCLOUD_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $NEXTCLOUD_CLIENT_SECRET | awk '{ print $2 }')
#NEXTCLOUD_CLIENT_SECRET=$(create_password);
#NEXTCLOUD_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $NEXTCLOUD_CLIENT_SECRET | awk '{ print $2 }')
cat > /federated/apps/authelia/.env <<EOF
IMAGE_VERSION=4.38.8
@ -195,7 +195,7 @@ docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND7;'"
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND8;'"
echo -ne "done."
echo -ne "done.\n"
}
start_authelia() {
# Start service with command to make sure it's up before proceeding
@ -204,19 +204,17 @@ start_authelia() {
docker exec pdns pdnsutil add-record $DOMAIN authelia A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record for authelia"
# If extra_hosts doesn't exist then insert extra_host configuration in pdnsadmin
[[ ! $(grep extra_hosts /federated/apps/pdnsadmin/docker-compose.yml 2>/dev/null) ]] && sed -i "/192.168.0.12/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/pdnsadmin/docker-compose.yml
# If extra_hosts doesn't exist then insert extra_host configuration in pdnsadmin docker compose
add_authelia_config_to_dockercompose "pdnsadmin"
# Stop and start pdnsadmin for internal dns externalhosts to work
/federated/bin/stop pdnsadmin
/federated/bin/start pdnsadmin
run_command "/federated/bin/stop pdnsadmin"
run_command "/federated/bin/start pdnsadmin"
echo -ne "done."
echo -ne "done.\n"
}
uninstall_authelia() {
echo -ne "* Uninstalling authelia container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/authelia && docker-compose -f docker-compose.yml -p authelia down &> /dev/null
@ -234,6 +232,5 @@ uninstall_authelia() {
# Delete the DNS record
docker exec pdns pdnsutil delete-rrset $DOMAIN authelia A
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}

29
lib/bookstack.sh
View File

@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
get_appvars
config_bookstack() {
echo -ne "\n* Configuring bookstack container.."
echo -ne "* Configuring bookstack container.."
if [ ! -d "/federated/apps/bookstack" ]; then
mkdir -p /federated/apps/bookstack/data/config
@ -81,8 +81,8 @@ start_bookstack() {
docker exec pdns pdnsutil add-record $DOMAIN documentation A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record for bookstack"
docker exec pdnsmysql mysql -ubookstack -p$BOOKSTACK_SECRET bookstack -e "delete from users where email = 'admin@admin.com';"
docker exec bookstack php /app/www/artisan bookstack:create-admin --email="admin@$DOMAIN" --name="Admin" --password="$ADMINPASS"
docker exec pdnsmysql mysql -ubookstack -p$BOOKSTACK_SECRET bookstack -e "delete from users where email = 'admin@admin.com';" &> /dev/null
docker exec bookstack php /app/www/artisan bookstack:create-admin --email="admin@$DOMAIN" --name="Admin" --password="$ADMINPASS" &> /dev/null
# Set mail configuration
sed -i "s#MAIL_FROM=.*#MAIL_FROM=admin@$DOMAIN#g" /federated/apps/bookstack/data/config/www/.env
@ -93,13 +93,10 @@ start_bookstack() {
sed -i "s#MAIL_PASSWORD=.*#MAIL_PASSWORD=$ADMINPASS#g" /federated/apps/bookstack/data/config/www/.env
sed -i "s#MAIL_ENCRYPTION=.*#MAIL_ENCRYPTION=TLS#g" /federated/apps/bookstack/data/config/www/.env
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
email_bookstack() {
echo -ne "* Sending email to customer.."
spin &
SPINPID=$!
cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
<html>
@ -171,13 +168,10 @@ EOF
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
rm /federated/apps/mail/data/root/certs/mailfile
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
uninstall_bookstack() {
echo -ne "* Uninstalling bookstack container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/bookstack && docker-compose -f docker-compose.yml -p bookstack down &> /dev/null
@ -199,14 +193,15 @@ uninstall_bookstack() {
if [[ $(grep "### Bookstack" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
sed -i '/### Bookstack/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
sed -i '/### Bookstack/d' /federated/apps/authelia/data/config/idproviders.yml
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
fi
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
configsso_bookstack() {
echo -ne "* Configuring bookstack container with SSO.."
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
[[ $(grep "### Bookstack" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Bookstack configuration."
@ -232,8 +227,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
EOF
# Restart Authelia for changes to take the above configuration
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
cat >> /federated/apps/bookstack/.env <<EOF
AUTH_METHOD=oidc
@ -259,6 +254,8 @@ EOF
docker exec pdnsmysql mysql -ubookstack -p${BOOKSTACK_SECRET} bookstack -e "update users set external_auth_id = '$i' where email = '$i'";
done
/federated/bin/stop bookstack
/federated/bin/start bookstack
run_command "/federated/bin/stop bookstack"
run_command "/federated/bin/start bookstack"
echo -ne "done.\n"
}

26
lib/espocrm.sh
View File

@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
get_appvars
config_espocrm() {
echo -ne "\n* Configuring espocrm container.."
echo -ne "* Configuring espocrm container.."
if [ ! -d "/federated/apps/espocrm" ]; then
mkdir -p /federated/apps/espocrm/data/var/www/html
@ -42,7 +42,7 @@ EOF
ESPOCRM_SECRET=$(create_password);
cat > /federated/apps/espocrm/.env <<EOF
IMAGE_VERSION="8.0.5-apache"
IMAGE_VERSION="8.4.0-apache"
ESPOCRM_DATABASE_HOST=pdnsmysql.$DOMAIN
ESPOCRM_DATABASE_NAME=espocrm
ESPOCRM_DATABASE_USER=espocrm
@ -101,8 +101,6 @@ start_espocrm() {
}
email_espocrm() {
echo -ne "* Sending email to customer.."
spin &
SPINPID=$!
cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
<html>
@ -174,13 +172,10 @@ EOF
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
rm /federated/apps/mail/data/root/certs/mailfile
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
uninstall_espocrm() {
echo -ne "* Uninstalling espocrm container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/espocrm && docker-compose -f docker-compose.yml -p espocrm down &> /dev/null
@ -205,14 +200,15 @@ uninstall_espocrm() {
if [[ $(grep "### Espocrm" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
sed -i '/### Espocrm/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
sed -i '/### Espocrm/d' /federated/apps/authelia/data/config/idproviders.yml
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
fi
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
configsso_espocrm() {
echo -ne "* Configuring espocrm container with SSO.."
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
[[ $(grep "### Espocrm" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Espocrm configuration."
@ -240,8 +236,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
EOF
# Restart Authelia for changes to take the above configuration
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
cat >> /federated/apps/espocrm/.env <<EOF
ESPOCRM_CONFIG_AUTHENTICATION_METHOD=Oidc
@ -272,6 +268,8 @@ EOF
# Set auth method to Oidc only
sed -i "s/ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/#ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/g" /federated/apps/espocrm/.env
/federated/bin/stop espocrm
/federated/bin/start espocrm
run_command "/federated/bin/stop espocrm"
run_command "/federated/bin/start espocrm"
echo -ne "done.\n"
}

25
lib/gitea.sh
View File

@ -5,7 +5,7 @@
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_gitea() {
echo -ne "\n* Configuring /federated/apps/gitea container.."
echo -ne "* Configuring gitea container.."
if [ ! -d "/federated/apps/gitea" ]; then
mkdir -p /federated/apps/gitea/data/data
@ -159,7 +159,7 @@ docker exec postgresql psql -U postgres -c "CREATE USER gitea WITH PASSWORD '$GI
docker exec postgresql psql -U postgres -c "CREATE DATABASE gitea" &> /dev/null
docker exec postgresql psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE gitea TO gitea" &> /dev/null
echo -ne "done."
echo -ne "done.\n"
}
email_gitea() {
echo -ne "* Sending email to customer.."
@ -241,8 +241,6 @@ EOF
}
uninstall_gitea() {
echo -ne "* Uninstalling gitea container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/gitea && docker-compose -f docker-compose.yml -p gitea down &> /dev/null
@ -264,11 +262,10 @@ uninstall_gitea() {
if [[ $(grep "### Gitea" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
sed -i '/### Gitea/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
sed -i '/### Gitea/d' /federated/apps/authelia/data/config/idproviders.yml
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
fi
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
start_gitea() {
@ -295,9 +292,11 @@ start_gitea() {
# Remove creategitea.sh
rm /federated/apps/gitea/data/data/creategitea.sh
echo -ne "done."
echo -ne "done.\n"
}
configsso_gitea() {
echo -ne "* Configuring gitea container with SSO.."
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
[[ $(grep "### Gitea" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Gitea configuration."
@ -325,8 +324,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
EOF
# Restart Authelia for changes to take the above configuration
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
docker exec --user 1000 gitea gitea admin auth add-oauth --name "Authelia" --provider "openidConnect" --key "gitea" --secret "$GITEA_CLIENT_SECRET" --auto-discover-url "https://authelia.$DOMAIN/.well-known/openid-configuration" --skip-local-2fa "true" --scopes "openid email profile" --group-claim-name "groups" --admin-group "admin" --restricted-group "guest"
@ -346,6 +345,8 @@ GITEA__oauth2_client__ACCOUNT_LINKING=login
GITEA__oauth2_client__OPENID_CONNECT_SCOPES="openid profile email"
EOF
/federated/bin/stop gitea
/federated/bin/start gitea
run_command "/federated/bin/stop gitea"
run_command "/federated/bin/start gitea"
echo -ne "done.\n"
}

75
lib/jitsi.sh
View File

@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
get_appvars
config_jitsi() {
echo -ne "\n* Configuring /federated/apps/jitsi container.."
echo -ne "* Configuring jitsi container.."
if [ ! -d "/federated/apps/jitsi" ]; then
mkdir -p /federated/apps/jitsi
@ -429,19 +429,12 @@ cat > /federated/apps/jitsi/.env <<EOF
# Directory where all configuration will be stored
CONFIG=/federated/apps/jitsi/data/config
EOF
if [ "$JITSI_SCALE" != "server" ]; then
cat >> /federated/apps/jitsi/.env <<EOF
# Exposed HTTP port
HTTP_PORT=9000
# Exposed HTTPS port
HTTPS_PORT=9443
EOF
fi
cat >> /federated/apps/jitsi/.env <<EOF
# System time zone
TZ=UTC
@ -449,47 +442,23 @@ TZ=UTC
PUBLIC_URL=https://jitsi.$DOMAIN
EOF
if [ -n "$JITSI_SCALE" ]; then
if [ "$JITSI_SCALE" = "server" ]; then
cat >> /federated/apps/jitsi/.env <<EOF
XMPP_SERVER=xmpp.jitsitest.federatedcomputer.cloud
EOF
else
cat >> /federated/apps/jitsi/.env <<EOF
XMPP_SERVER=xmpp.$DOMAIN
EOF
fi
# XMPP_AUTH_DOMAIN and XMPP_INTERNAL_MUC_DOMAIN don't
# need to resolve - they just need to be identical across
# the involved Jitsi components.
# So it is safe to use a common (even if nonexistant)
# domain across all Jitsi Scale clients so the JVB can
# use the same information for every Prosody instance
# it connects to.
if [ "$JITSI_SCALE" = "server" ]; then
cat >> /federated/apps/jitsi/.env <<EOF
XMPP_AUTH_DOMAIN=auth.jitsiscale.federated.computer
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.jitsiscale.federated.computer
EOF
if [ "$JITSI_SCALE" = "server" ]; then
cat >> /federated/apps/jitsi/.env <<EOF
XMPP_AUTH_DOMAIN=auth.jitsitest.federatedcomputer.cloud
XMPP_SERVER=xmpp.jitsitest.federatedcomputer.cloud
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.jitsitest.federatedcomputer.cloud
# XMPP password for JVB client connections
JVB_AUTH_PASSWORD=
EOF
fi
else
cat >> /federated/apps/jitsi/.env <<EOF
XMPP_SERVER=xmpp.$DOMAIN
XMPP_AUTH_DOMAIN=auth.$DOMAIN
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.$DOMAIN
EOF
cat >> /federated/apps/jitsi/.env <<EOF
XMPP_DOMAIN=$DOMAIN
XMPP_AUTH_DOMAIN=auth.$DOMAIN
XMPP_SERVER=xmpp.$DOMAIN
XMPP_BOSH_URL_BASE=http://xmpp.$DOMAIN:5280
XMPP_MUC_DOMAIN=muc.$DOMAIN
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.$DOMAIN
XMPP_GUEST_DOMAIN=guest.$DOMAIN
XMPP_RECORDER_DOMAIN=recorder.$DOMAIN
@ -696,12 +665,10 @@ mkdir -p /federated/apps/jitsi/data/config/{web,transcripts,prosody/config,proso
/federated/apps/jitsi/gen-passwords.sh
[ $? -ne 0 ] && fail "Couldn't run /federated/apps/jitsi/gen-passwords.sh"
echo -ne "done."
echo -ne "done.\n"
}
email_jitsi() {
echo -ne "* Sending email to customer.."
spin &
SPINPID=$!
cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
<html>
@ -773,13 +740,10 @@ EOF
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
rm /federated/apps/mail/data/root/certs/mailfile
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
uninstall_jitsi() {
echo -ne "* Uninstalling jitsi container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/jitsi && docker-compose -f docker-compose.yml -p jitsi down &> /dev/null
@ -800,8 +764,8 @@ uninstall_jitsi() {
if [[ $(grep "### Jitsi" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
sed -i '/### Jitsi/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
sed -i '/### Jitsi/d' /federated/apps/authelia/data/config/idproviders.yml
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
fi
if [[ -d "/federated/apps/jitsiopenid" ]]; then
@ -810,16 +774,17 @@ uninstall_jitsi() {
docker image rm mod242/jitsi-go-openid:latest &> /dev/null
fi
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
start_jitsi() {
# Start service with command to make sure it's up before proceeding
start_service "jitsi" "nc -z 192.168.0.25 443 &> /dev/null" "8"
echo -ne "done."
echo -ne "done.\n"
}
configsso_jitsi() {
echo -ne "* Configuring jitsi container with SSO.."
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
[[ $(grep "### Jitsi" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Jitsi configuration."
@ -849,8 +814,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
EOF
# Restart Authelia for changes to take the above configuration
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
sed -i "s/AUTH_TYPE=.*/AUTH_TYPE=jwt/g" /federated/apps/jitsi/.env
sed -i "s/#JWT_APP_ID=.*/JWT_APP_ID=jitsi.$DOMAIN/g" /federated/apps/jitsi/.env
@ -909,7 +874,9 @@ NAME_KEY=name
EOF
chmod 600 /federated/apps/jitsiopenid/.env
/federated/bin/stop jitsi
/federated/bin/start jitsi
/federated/bin/start jitsiopenid
run_command "/federated/bin/stop jitsi"
run_command "/federated/bin/start jitsi"
run_command "/federated/bin/start jitsiopenid"
echo -ne "done.\n"
}

14
lib/mail.sh
View File

@ -85,13 +85,13 @@ LDAP_SERVER_HOST=ldap://ldap.$DOMAIN
LDAP_SEARCH_BASE=ou=people,dc=federatedcomputer,dc=cloud
LDAP_BIND_DN=cn=admin,dc=federatedcomputer,dc=cloud
LDAP_BIND_PW=$LDAP_SECRET
LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE))
LDAP_QUERY_FILTER_ALIAS=(&(mailAlias=%s)(mailEnabled=TRUE))
LDAP_QUERY_FILTER_DOMAIN=(|(mail=*@%s)(mailAlias=*@%s))
LDAP_QUERY_FILTER_USER="(&(mail=%s)(mailEnabled=TRUE))"
LDAP_QUERY_FILTER_GROUP="(&(mailGroupMember=%s)(mailEnabled=TRUE))"
LDAP_QUERY_FILTER_ALIAS="(&(mailAlias=%s)(mailEnabled=TRUE))"
LDAP_QUERY_FILTER_DOMAIN="(|(mail=*@%s)(mailAlias=*@%s))"
# DOVECOT
DOVECOT_PASS_FILTER=(&(objectClass=inetOrgPerson)(mail=%u))
DOVECOT_USER_FILTER=(&(objectClass=inetOrgPerson)(mail=%u))
DOVECOT_PASS_FILTER="(&(objectClass=inetOrgPerson)(mail=%u))"
DOVECOT_USER_FILTER="(&(objectClass=inetOrgPerson)(mail=%u))"
DOVECOT_USER_ATTRS=homeDirectory=home,=uid=5000,=gid=5000
# SASLAUTHD
ENABLE_SASLAUTHD=1
@ -100,7 +100,7 @@ SASLAUTHD_LDAP_SERVER=ldap://ldap.$DOMAIN
SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=federatedcomputer,dc=cloud
SASLAUTHD_LDAP_PASSWORD=$LDAP_SECRET
SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=federatedcomputer,dc=cloud
SASLAUTHD_LDAP_FILTER=(&(objectClass=inetOrgPerson)(mail=%U@%r))
SASLAUTHD_LDAP_FILTER="(&(objectClass=inetOrgPerson)(mail=%U@%r))"
POSTMASTER_ADDRESS=postmaster@localhost.localdomain
POSTFIX_MESSAGE_SIZE_LIMIT=100000000
ENABLE_MANAGESIEVE=1

32
lib/matrix.sh
View File

@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
get_appvars
config_matrix() {
echo -ne "\n* Configuring /federated/apps/matrix container.."
echo -ne "* Configuring matrix container.."
if [ ! -d "/federated/apps/matrix" ]; then
mkdir -p /federated/apps/matrix/data/matrix &> /dev/null
@ -64,8 +64,8 @@ sed -i 's!args:!!g' /federated/apps/matrix/data/matrix/homeserver.yaml
# Insert our Postgres and LDAP config
cat >> /federated/apps/matrix/data/matrix/homeserver.yaml <<EOF
#web_client_location: https://element.$DOMAIN/
public_baseurl: https://matrix.$DOMAIN:443/
web_client_location: https://element.$DOMAIN/
#public_baseurl: https://matrix.$DOMAIN:443/
serve_server_wellknown: true
turn_uris: [ "turn:turn.$DOMAIN?transport=udp", "turn:turn.$DOMAIN?transport=tcp" ]
turn_shared_secret: "$COTURN_MATRIX_SECRET"
@ -124,7 +124,7 @@ docker exec postgresql psql -U postgres -c "CREATE USER matrix WITH PASSWORD '$M
docker exec postgresql psql -U postgres -c "CREATE DATABASE matrix" &> /dev/null
docker exec postgresql psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix" &> /dev/null
echo -ne "done."
echo -ne "done.\n"
}
start_matrix() {
# Start service with command to make sure it's up before proceeding
@ -139,12 +139,10 @@ start_matrix() {
docker exec pdns pdnsutil add-record $DOMAIN matrix A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record for matrix"
echo -ne "done."
echo -ne "done.\n"
}
email_matrix() {
echo -ne "* Sending email to customer.."
spin &
SPINPID=$!
cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
<html>
@ -216,13 +214,10 @@ EOF
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
rm /federated/apps/mail/data/root/certs/mailfile
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
uninstall_matrix() {
echo -ne "* Uninstalling matrix container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/matrix && docker-compose -f docker-compose.yml -p matrix down &> /dev/null
@ -244,14 +239,15 @@ uninstall_matrix() {
if [[ $(grep "### Matrix" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
sed -i '/### Matrix/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
sed -i '/### Matrix/d' /federated/apps/authelia/data/config/idproviders.yml
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
fi
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
configsso_matrix() {
echo -ne "* Configuring matrix container with SSO.."
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
[[ $(grep "### Matrix" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Matrix configuration."
@ -277,8 +273,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
EOF
# Restart Authelia for changes to take the above configuration
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
add_authelia_config_to_dockercompose "$APP"
@ -302,6 +298,8 @@ oidc_providers:
EOF
# Restart Matrix for changes to take the above configuration
/federated/bin/stop matrix
/federated/bin/start matrix
run_command "/federated/bin/stop matrix"
run_command "/federated/bin/start matrix"
echo -ne "done.\n"
}

29
lib/roundcube.sh
View File

@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
get_appvars
config_roundcube() {
echo -ne "\n* Configuring roundcube container.."
echo -ne "* Configuring roundcube container.."
if [ ! -d "/federated/apps/roundcube" ]; then
mkdir -p /federated/apps/roundcube/data/var/www/html
@ -74,13 +74,10 @@ start_roundcube() {
docker exec pdns pdnsutil add-record $DOMAIN webmail A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record for roundcube"
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
email_roundcube() {
echo -ne "* Sending email to customer.."
spin &
SPINPID=$!
cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
<html>
@ -108,13 +105,10 @@ EOF
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
rm /federated/apps/mail/data/root/certs/mailfile
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
uninstall_roundcube() {
echo -ne "* Uninstalling roundcube container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/roundcube && docker-compose -f docker-compose.yml -p roundcube down &> /dev/null
@ -137,14 +131,15 @@ uninstall_roundcube() {
if [[ $(grep "### Roundcube" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
sed -i '/### Roundcube/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
sed -i '/### Roundcube/d' /federated/apps/authelia/data/config/idproviders.yml
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
fi
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
configsso_roundcube() {
echo -ne "* Configuring roundcube container with SSO.."
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
[[ $(grep "### Roundcube" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Roundcube configuration."
@ -171,8 +166,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
EOF
# Restart Authelia for changes to take the above configuration
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
# Add in extra hosts config
add_authelia_config_to_dockercompose "$APP"
@ -234,8 +229,10 @@ sed -i 's/SASLAUTHD_LDAP_FILTER=.*/#SASLAUTHD_LDAP_FILTER=\(\&\(objectClass\=ine
sed -i 's/DOVECOT_PASS_FILTER=.*/DOVECOT_PASS_FILTER=\(\|\(mail\=\%u\)\(uid\=\%u\)\)/g' /federated/apps/mail/.env
sed -i 's/DOVECOT_USER_FILTER=.*/DOVECOT_USER_FILTER=\(\|\(mail\=\%u\)\(uid\=\%u\)\)/g' /federated/apps/mail/.env
/federated/bin/stop roundcube
/federated/bin/start roundcube
/federated/bin/stop mail
/federated/bin/start mail
run_command "/federated/bin/stop roundcube"
run_command "/federated/bin/start roundcube"
run_command "/federated/bin/stop mail"
run_command "/federated/bin/start mail"
echo -ne "done.\n"
}

40
lib/wordpress.sh
View File

@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
get_appvars
config_wordpress() {
echo -ne "\n* Configuring wordpress container.."
echo -ne "* Configuring wordpress container.."
if [ ! -d "/federated/apps/wordpress" ]; then
mkdir -p /federated/apps/wordpress/data/bitnami/wordpress
@ -54,7 +54,7 @@ WORDPRESS_PASSWORD=$ADMINPASS
WORDPRESS_EMAIL=admin@$DOMAIN
WORDPRESS_FIRST_NAME=Admin
WORDPRESS_LAST_NAME=Wordpress
WORDPRESS_BLOG_NAME=$COMPANY Blog
WORDPRESS_BLOG_NAME="$COMPANY Blog"
WORDPRESS_DATABASE_HOST=pdnsmysql.$DOMAIN
WORDPRESS_DATABASE_PORT_NUMBER=3306
WORDPRESS_DATABASE_USER=wordpress
@ -86,20 +86,16 @@ start_wordpress() {
chmod -R 755 /federated/apps/wordpress/data/bitnami/wordpress/wp-content
chmod 740 /federated/apps/wordpress/data/bitnami/wordpress/wp-config.php
sed -i s#http://#https://#g /federated/apps/wordpress/data/bitnami/wordpress/wp-config.php
/federated/bin/stop wordpress
/federated/bin/start wordpress
docker exec pdns pdnsutil add-record $DOMAIN www A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record"
docker exec pdns pdnsutil add-record $DOMAIN wordpress A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record"
run_command "/federated/bin/stop wordpress"
run_command "/federated/bin/start wordpress"
run_command "docker exec pdns pdnsutil add-record $DOMAIN www A 86400 $EXTERNALIP"
run_command "docker exec pdns pdnsutil add-record $DOMAIN wordpress A 86400 $EXTERNALIP"
echo -ne "done.\n"
}
email_wordpress() {
echo -ne "* Sending email to customer.."
spin &
SPINPID=$!
cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
<html>
@ -171,13 +167,10 @@ EOF
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
rm /federated/apps/mail/data/root/certs/mailfile
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
uninstall_wordpress() {
echo -ne "* Uninstalling wordpress container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/wordpress && docker-compose -f docker-compose.yml -p wordpress down &> /dev/null
@ -200,14 +193,15 @@ uninstall_wordpress() {
if [[ $(grep "### Wordpress" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
sed -i '/### Wordpress/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
sed -i '/### Wordpress/d' /federated/apps/authelia/data/config/idproviders.yml
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
fi
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
configsso_wordpress() {
echo -ne "* Configuring wordpress container with SSO.."
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
[[ $(grep "### Wordpress" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Wordpress configuration."
@ -235,8 +229,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
EOF
# Restart Authelia for changes to take the above configuration
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
add_authelia_config_to_dockercompose "$APP"
@ -254,9 +248,11 @@ define( 'OIDC_LINK_EXISTING_USERS', '1' );\n\
define( 'OIDC_REDIRECT_USER_BACK', '1' );\n\
define( 'OIDC_REDIRECT_ON_LOGOUT', '1' );\n" /federated/apps/wordpress/data/bitnami/wordpress/wp-config.php
docker exec wordpress wp plugin install daggerhart-openid-connect-generic &> /dev/null
docker exec wordpress wp plugin activate daggerhart-openid-connect-generic &> /dev/null
run_command "docker exec wordpress wp plugin install daggerhart-openid-connect-generic"
run_command "docker exec wordpress wp plugin activate daggerhart-openid-connect-generic"
/federated/bin/stop wordpress
/federated/bin/start wordpress
run_command "/federated/bin/stop wordpress"
run_command "/federated/bin/start wordpress"
echo -ne "done.\n"
}