More sso fixes and clean up

2024-11-06 16:23:12 +00:00 · 2024-11-06 16:23:12 +00:00 · 5d5e949f92
commit 5d5e949f92
parent f47b90acda
10 changed files with 125 additions and 174 deletions
--- a/bin/installapp-sso
+++ b/bin/installapp-sso
@ -1,4 +1,4 @@
-#!/bin/bash -x
+#!/bin/bash
 #
 # Installs SSO on app
 . /etc/federated
--- a/lib/authelia.sh
+++ b/lib/authelia.sh
@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
 get_appvars
 config_authelia() {
-  echo -ne "\n* Configuring /federated/apps/authelia container.."
+  echo -ne "* Configuring authelia container.."
  if [ ! -d "/federated/apps/authelia" ]; then
    mkdir -p /federated/apps/authelia/data/config
@ -49,13 +49,13 @@ tr -cd '[:alnum:]' < /dev/urandom | fold -w "64" | head -n 1 > /federated/apps/a
 tr -cd '[:alnum:]' < /dev/urandom | fold -w "64" | head -n 1 > /federated/apps/authelia/data/secrets/STORAGE_ENCRYPTION_KEY
 echo "$LDAP_SECRET" > /federated/apps/authelia/data/secrets/AUTHENTICATION_BACKEND_LDAP_PASSWORD
 echo "$ADMINPASS" > /federated/apps/authelia/data/secrets/NOTIFIER_SMTP_PASSWORD
-openssl genrsa -out /federated/apps/authelia/data/secrets/private.pem 4096
+openssl genrsa -out /federated/apps/authelia/data/secrets/private.pem 4096 2>/dev/null
-openssl rsa -in /federated/apps/authelia/data/secrets/private.pem -outform PEM -pubout -out /federated/apps/authelia/data/secrets/public.pem
+openssl rsa -in /federated/apps/authelia/data/secrets/private.pem -outform PEM -pubout -out /federated/apps/authelia/data/secrets/public.pem 2>/dev/null
 POWERDNS_CLIENT_SECRET=$(create_password);
-POWERDNS_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $POWERDNS_CLIENT_SECRET | awk '{ print $2 }')
+POWERDNS_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $POWERDNS_CLIENT_SECRET 2>/dev/null | awk '{ print $2 }')
 [[ -d "/federated/apps/pdnsmysql/data/var/lib/mysql/pdnsadmin" ]] && POWERDNS_DB="pdnsadmin" || POWERDNS_DB="pdns"
-NEXTCLOUD_CLIENT_SECRET=$(create_password);
+#NEXTCLOUD_CLIENT_SECRET=$(create_password);
-NEXTCLOUD_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $NEXTCLOUD_CLIENT_SECRET | awk '{ print $2 }')
+#NEXTCLOUD_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $NEXTCLOUD_CLIENT_SECRET | awk '{ print $2 }')
 cat > /federated/apps/authelia/.env <<EOF
 IMAGE_VERSION=4.38.8
@ -195,7 +195,7 @@ docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -
 docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND7;'"
 docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND8;'"
-echo -ne "done."
+echo -ne "done.\n"
 }
 start_authelia() {
  # Start service with command to make sure it's up before proceeding
@ -204,19 +204,17 @@ start_authelia() {
  docker exec pdns pdnsutil add-record $DOMAIN authelia A 86400 $EXTERNALIP &> /dev/null
  [ $? -ne 0 ] && fail "Couldn't add dns record for authelia"
-  # If extra_hosts doesn't exist then insert extra_host configuration in pdnsadmin
+  # If extra_hosts doesn't exist then insert extra_host configuration in pdnsadmin docker compose
-  [[ ! $(grep extra_hosts /federated/apps/pdnsadmin/docker-compose.yml 2>/dev/null) ]] && sed -i "/192.168.0.12/a  \    extra_hosts:\n\      - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/pdnsadmin/docker-compose.yml
+  add_authelia_config_to_dockercompose "pdnsadmin"
  # Stop and start pdnsadmin for internal dns externalhosts to work
-  /federated/bin/stop pdnsadmin
+  run_command "/federated/bin/stop pdnsadmin"
-  /federated/bin/start pdnsadmin
+  run_command "/federated/bin/start pdnsadmin"
-  echo -ne "done."
+  echo -ne "done.\n"
 }
 uninstall_authelia() {
  echo -ne "* Uninstalling authelia container.."
  spin &
  SPINPID=$!
  # First stop the service
  cd /federated/apps/authelia && docker-compose -f docker-compose.yml -p authelia down &> /dev/null
@ -234,6 +232,5 @@ uninstall_authelia() {
  # Delete the DNS record
  docker exec pdns pdnsutil delete-rrset $DOMAIN authelia A
  kill -9 $SPINPID &> /dev/null
  echo -ne "done.\n"
 }
--- a/lib/bookstack.sh
+++ b/lib/bookstack.sh
@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
 get_appvars
 config_bookstack() {
-  echo -ne "\n* Configuring bookstack container.."
+  echo -ne "* Configuring bookstack container.."
  if [ ! -d "/federated/apps/bookstack" ]; then
    mkdir -p /federated/apps/bookstack/data/config
@ -81,8 +81,8 @@ start_bookstack() {
  docker exec pdns pdnsutil add-record $DOMAIN documentation A 86400 $EXTERNALIP &> /dev/null
  [ $? -ne 0 ] && fail "Couldn't add dns record for bookstack"
-  docker exec pdnsmysql mysql -ubookstack -p$BOOKSTACK_SECRET bookstack -e "delete from users where email = 'admin@admin.com';"
+  docker exec pdnsmysql mysql -ubookstack -p$BOOKSTACK_SECRET bookstack -e "delete from users where email = 'admin@admin.com';" &> /dev/null
-  docker exec bookstack php /app/www/artisan bookstack:create-admin --email="admin@$DOMAIN" --name="Admin" --password="$ADMINPASS"
+  docker exec bookstack php /app/www/artisan bookstack:create-admin --email="admin@$DOMAIN" --name="Admin" --password="$ADMINPASS" &> /dev/null
  # Set mail configuration
  sed -i "s#MAIL_FROM=.*#MAIL_FROM=admin@$DOMAIN#g" /federated/apps/bookstack/data/config/www/.env
@ -93,13 +93,10 @@ start_bookstack() {
  sed -i "s#MAIL_PASSWORD=.*#MAIL_PASSWORD=$ADMINPASS#g" /federated/apps/bookstack/data/config/www/.env
  sed -i "s#MAIL_ENCRYPTION=.*#MAIL_ENCRYPTION=TLS#g" /federated/apps/bookstack/data/config/www/.env
  kill -9 $SPINPID &> /dev/null
  echo -ne "done.\n"
 }
 email_bookstack() {
  echo -ne "* Sending email to customer.."
  spin &
  SPINPID=$!
 cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
 <html>
@ -171,13 +168,10 @@ EOF
  docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
  rm /federated/apps/mail/data/root/certs/mailfile
  kill -9 $SPINPID &> /dev/null
  echo -ne "done.\n"
 }
 uninstall_bookstack() {
  echo -ne "* Uninstalling bookstack container.."
  spin &
  SPINPID=$!
  # First stop the service
  cd /federated/apps/bookstack && docker-compose -f docker-compose.yml -p bookstack down &> /dev/null
@ -199,14 +193,15 @@ uninstall_bookstack() {
  if [[ $(grep "### Bookstack" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
    sed -i '/### Bookstack/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
    sed -i '/### Bookstack/d' /federated/apps/authelia/data/config/idproviders.yml
-    /federated/bin/stop authelia
+    run_command "/federated/bin/stop authelia"
-    /federated/bin/start authelia
+    run_command "/federated/bin/start authelia"
  fi
  kill -9 $SPINPID &> /dev/null
  echo -ne "done.\n"
 }
 configsso_bookstack() {
  echo -ne "* Configuring bookstack container with SSO.."
  [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
  [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
  [[ $(grep "### Bookstack" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Bookstack configuration."
@ -232,8 +227,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
 EOF
  # Restart Authelia for changes to take the above configuration
-  /federated/bin/stop authelia
+  run_command "/federated/bin/stop authelia"
-  /federated/bin/start authelia
+  run_command "/federated/bin/start authelia"
 cat >> /federated/apps/bookstack/.env <<EOF
 AUTH_METHOD=oidc
@ -259,6 +254,8 @@ EOF
    docker exec pdnsmysql mysql -ubookstack -p${BOOKSTACK_SECRET} bookstack -e "update users set external_auth_id = '$i' where email = '$i'";
  done
-  /federated/bin/stop bookstack
+  run_command "/federated/bin/stop bookstack"
-  /federated/bin/start bookstack
+  run_command "/federated/bin/start bookstack"
  echo -ne "done.\n"
 }
--- a/lib/espocrm.sh
+++ b/lib/espocrm.sh
@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
 get_appvars
 config_espocrm() {
-  echo -ne "\n* Configuring espocrm container.."
+  echo -ne "* Configuring espocrm container.."
  if [ ! -d "/federated/apps/espocrm" ]; then
    mkdir -p /federated/apps/espocrm/data/var/www/html
@ -42,7 +42,7 @@ EOF
 ESPOCRM_SECRET=$(create_password);
 cat > /federated/apps/espocrm/.env <<EOF
-IMAGE_VERSION="8.0.5-apache"
+IMAGE_VERSION="8.4.0-apache"
 ESPOCRM_DATABASE_HOST=pdnsmysql.$DOMAIN
 ESPOCRM_DATABASE_NAME=espocrm
 ESPOCRM_DATABASE_USER=espocrm
@ -101,8 +101,6 @@ start_espocrm() {
 }
 email_espocrm() {
  echo -ne "* Sending email to customer.."
  spin &
  SPINPID=$!
 cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
 <html>
@ -174,13 +172,10 @@ EOF
  docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
  rm /federated/apps/mail/data/root/certs/mailfile
  kill -9 $SPINPID &> /dev/null
  echo -ne "done.\n"
 }
 uninstall_espocrm() {
  echo -ne "* Uninstalling espocrm container.."
  spin &
  SPINPID=$!
  # First stop the service
  cd /federated/apps/espocrm && docker-compose -f docker-compose.yml -p espocrm down &> /dev/null
@ -205,14 +200,15 @@ uninstall_espocrm() {
  if [[ $(grep "### Espocrm" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
    sed -i '/### Espocrm/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
    sed -i '/### Espocrm/d' /federated/apps/authelia/data/config/idproviders.yml
-    /federated/bin/stop authelia
+    run_command "/federated/bin/stop authelia"
-    /federated/bin/start authelia
+    run_command "/federated/bin/start authelia"
  fi
  kill -9 $SPINPID &> /dev/null
  echo -ne "done.\n"
 }
 configsso_espocrm() {
  echo -ne "* Configuring espocrm container with SSO.."
  [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
  [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
  [[ $(grep "### Espocrm" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Espocrm configuration."
@ -240,8 +236,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
 EOF
  # Restart Authelia for changes to take the above configuration
-  /federated/bin/stop authelia
+  run_command "/federated/bin/stop authelia"
-  /federated/bin/start authelia
+  run_command "/federated/bin/start authelia"
 cat >> /federated/apps/espocrm/.env <<EOF
 ESPOCRM_CONFIG_AUTHENTICATION_METHOD=Oidc
@ -272,6 +268,8 @@ EOF
  # Set auth method to Oidc only
  sed -i "s/ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/#ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/g" /federated/apps/espocrm/.env
-  /federated/bin/stop espocrm
+  run_command "/federated/bin/stop espocrm"
-  /federated/bin/start espocrm
+  run_command "/federated/bin/start espocrm"
  echo -ne "done.\n"
 }
--- a/lib/gitea.sh
+++ b/lib/gitea.sh
@ -5,7 +5,7 @@
 PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 config_gitea() {
-  echo -ne "\n* Configuring /federated/apps/gitea container.."
+  echo -ne "* Configuring gitea container.."
  if [ ! -d "/federated/apps/gitea" ]; then
    mkdir -p /federated/apps/gitea/data/data
@ -159,7 +159,7 @@ docker exec postgresql psql -U postgres -c "CREATE USER gitea WITH PASSWORD '$GI
 docker exec postgresql psql -U postgres -c "CREATE DATABASE gitea" &> /dev/null
 docker exec postgresql psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE gitea TO gitea" &> /dev/null
-echo -ne "done."
+echo -ne "done.\n"
 }
 email_gitea() {
  echo -ne "* Sending email to customer.."
@ -241,8 +241,6 @@ EOF
 }
 uninstall_gitea() {
  echo -ne "* Uninstalling gitea container.."
  spin &
  SPINPID=$!
  # First stop the service
  cd /federated/apps/gitea && docker-compose -f docker-compose.yml -p gitea down &> /dev/null
@ -264,11 +262,10 @@ uninstall_gitea() {
  if [[ $(grep "### Gitea" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
    sed -i '/### Gitea/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
    sed -i '/### Gitea/d' /federated/apps/authelia/data/config/idproviders.yml
-    /federated/bin/stop authelia
+    run_command "/federated/bin/stop authelia"
-    /federated/bin/start authelia
+    run_command "/federated/bin/start authelia"
  fi
  kill -9 $SPINPID &> /dev/null
  echo -ne "done.\n"
 }
 start_gitea() {
@ -295,9 +292,11 @@ start_gitea() {
  # Remove creategitea.sh
  rm /federated/apps/gitea/data/data/creategitea.sh
-  echo -ne "done."
+  echo -ne "done.\n"
 }
 configsso_gitea() {
  echo -ne "* Configuring gitea container with SSO.."
  [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
  [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
  [[ $(grep "### Gitea" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Gitea configuration."
@ -325,8 +324,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
 EOF
  # Restart Authelia for changes to take the above configuration
-  /federated/bin/stop authelia
+  run_command "/federated/bin/stop authelia"
-  /federated/bin/start authelia
+  run_command "/federated/bin/start authelia"
  docker exec --user 1000 gitea gitea admin auth add-oauth --name "Authelia" --provider "openidConnect" --key "gitea" --secret "$GITEA_CLIENT_SECRET" --auto-discover-url "https://authelia.$DOMAIN/.well-known/openid-configuration" --skip-local-2fa "true" --scopes "openid email profile" --group-claim-name "groups" --admin-group "admin" --restricted-group "guest"
@ -346,6 +345,8 @@ GITEA__oauth2_client__ACCOUNT_LINKING=login
 GITEA__oauth2_client__OPENID_CONNECT_SCOPES="openid profile email"
 EOF
-  /federated/bin/stop gitea
+  run_command "/federated/bin/stop gitea"
-  /federated/bin/start gitea
+  run_command "/federated/bin/start gitea"
  echo -ne "done.\n"
 }
--- a/lib/jitsi.sh
+++ b/lib/jitsi.sh
@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
 get_appvars
 config_jitsi() {
-  echo -ne "\n* Configuring /federated/apps/jitsi container.."
+  echo -ne "* Configuring jitsi container.."
  if [ ! -d "/federated/apps/jitsi" ]; then
     mkdir -p /federated/apps/jitsi
@ -429,19 +429,12 @@ cat > /federated/apps/jitsi/.env <<EOF
 # Directory where all configuration will be stored
 CONFIG=/federated/apps/jitsi/data/config
 EOF
 if [ "$JITSI_SCALE" != "server" ]; then
 cat >> /federated/apps/jitsi/.env <<EOF
 # Exposed HTTP port
 HTTP_PORT=9000
 # Exposed HTTPS port
 HTTPS_PORT=9443
 EOF
 fi
 cat >> /federated/apps/jitsi/.env <<EOF
 # System time zone
 TZ=UTC
@ -449,47 +442,23 @@ TZ=UTC
 PUBLIC_URL=https://jitsi.$DOMAIN
 EOF
 if [ -n "$JITSI_SCALE" ]; then
 if [ "$JITSI_SCALE" = "server" ]; then
 	cat >> /federated/apps/jitsi/.env <<EOF
 XMPP_AUTH_DOMAIN=auth.jitsitest.federatedcomputer.cloud
 XMPP_SERVER=xmpp.jitsitest.federatedcomputer.cloud
-EOF
+XMPP_INTERNAL_MUC_DOMAIN=internal-muc.jitsitest.federatedcomputer.cloud
 	else
 		cat >> /federated/apps/jitsi/.env <<EOF
 XMPP_SERVER=xmpp.$DOMAIN
 EOF
 	fi
 	# XMPP_AUTH_DOMAIN and XMPP_INTERNAL_MUC_DOMAIN don't
 	# need to resolve - they just need to be identical across
 	# the involved Jitsi components.
 	# So it is safe to use a common (even if nonexistant)
 	# domain across all Jitsi Scale clients so the JVB can
 	# use the same information for every Prosody instance
 	# it connects to.
 	cat >> /federated/apps/jitsi/.env <<EOF
 XMPP_AUTH_DOMAIN=auth.jitsiscale.federated.computer
 XMPP_INTERNAL_MUC_DOMAIN=internal-muc.jitsiscale.federated.computer
 EOF
 	if [ "$JITSI_SCALE" = "server" ]; then
 		cat >> /federated/apps/jitsi/.env <<EOF
 # XMPP password for JVB client connections
 JVB_AUTH_PASSWORD=
 EOF
 	fi
 else
 	cat >> /federated/apps/jitsi/.env <<EOF
 XMPP_SERVER=xmpp.$DOMAIN
 XMPP_AUTH_DOMAIN=auth.$DOMAIN
 XMPP_INTERNAL_MUC_DOMAIN=internal-muc.$DOMAIN
 EOF
 	cat >> /federated/apps/jitsi/.env <<EOF
 XMPP_DOMAIN=$DOMAIN
 XMPP_AUTH_DOMAIN=auth.$DOMAIN
 XMPP_SERVER=xmpp.$DOMAIN
 XMPP_BOSH_URL_BASE=http://xmpp.$DOMAIN:5280
 XMPP_MUC_DOMAIN=muc.$DOMAIN
 XMPP_INTERNAL_MUC_DOMAIN=internal-muc.$DOMAIN
 XMPP_GUEST_DOMAIN=guest.$DOMAIN
 XMPP_RECORDER_DOMAIN=recorder.$DOMAIN
@ -696,12 +665,10 @@ mkdir -p /federated/apps/jitsi/data/config/{web,transcripts,prosody/config,proso
 /federated/apps/jitsi/gen-passwords.sh
 [ $? -ne 0 ] && fail "Couldn't run /federated/apps/jitsi/gen-passwords.sh"
-echo -ne "done."
+echo -ne "done.\n"
 }
 email_jitsi() {
  echo -ne "* Sending email to customer.."
  spin &
  SPINPID=$!
 cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
 <html>
@ -773,13 +740,10 @@ EOF
  docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
  rm /federated/apps/mail/data/root/certs/mailfile
  kill -9 $SPINPID &> /dev/null
  echo -ne "done.\n"
 }
 uninstall_jitsi() {
  echo -ne "* Uninstalling jitsi container.."
  spin &
  SPINPID=$!
  # First stop the service
  cd /federated/apps/jitsi && docker-compose -f docker-compose.yml -p jitsi down &> /dev/null
@ -800,8 +764,8 @@ uninstall_jitsi() {
  if [[ $(grep "### Jitsi" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
    sed -i '/### Jitsi/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
    sed -i '/### Jitsi/d' /federated/apps/authelia/data/config/idproviders.yml
-    /federated/bin/stop authelia
+    run_command "/federated/bin/stop authelia"
-    /federated/bin/start authelia
+    run_command "/federated/bin/start authelia"
  fi
  if [[ -d "/federated/apps/jitsiopenid" ]]; then
@ -810,16 +774,17 @@ uninstall_jitsi() {
    docker image rm mod242/jitsi-go-openid:latest &> /dev/null
  fi
  kill -9 $SPINPID &> /dev/null
  echo -ne "done.\n"
 }
 start_jitsi() {
  # Start service with command to make sure it's up before proceeding
  start_service "jitsi" "nc -z 192.168.0.25 443 &> /dev/null" "8"
-  echo -ne "done."
+  echo -ne "done.\n"
 }
 configsso_jitsi() {
  echo -ne "* Configuring jitsi container with SSO.."
  [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
  [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
  [[ $(grep "### Jitsi" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Jitsi configuration."
@ -849,8 +814,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
 EOF
  # Restart Authelia for changes to take the above configuration
-  /federated/bin/stop authelia
+  run_command "/federated/bin/stop authelia"
-  /federated/bin/start authelia
+  run_command "/federated/bin/start authelia"
  sed -i "s/AUTH_TYPE=.*/AUTH_TYPE=jwt/g" /federated/apps/jitsi/.env
  sed -i "s/#JWT_APP_ID=.*/JWT_APP_ID=jitsi.$DOMAIN/g" /federated/apps/jitsi/.env
@ -909,7 +874,9 @@ NAME_KEY=name
 EOF
 chmod 600 /federated/apps/jitsiopenid/.env
-  /federated/bin/stop jitsi
+  run_command "/federated/bin/stop jitsi"
-  /federated/bin/start jitsi
+  run_command "/federated/bin/start jitsi"
-  /federated/bin/start jitsiopenid
+  run_command "/federated/bin/start jitsiopenid"
  echo -ne "done.\n"
 }
--- a/lib/mail.sh
+++ b/lib/mail.sh
@ -85,13 +85,13 @@ LDAP_SERVER_HOST=ldap://ldap.$DOMAIN
 LDAP_SEARCH_BASE=ou=people,dc=federatedcomputer,dc=cloud
 LDAP_BIND_DN=cn=admin,dc=federatedcomputer,dc=cloud
 LDAP_BIND_PW=$LDAP_SECRET
-LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
+LDAP_QUERY_FILTER_USER="(&(mail=%s)(mailEnabled=TRUE))"
-LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE))
+LDAP_QUERY_FILTER_GROUP="(&(mailGroupMember=%s)(mailEnabled=TRUE))"
-LDAP_QUERY_FILTER_ALIAS=(&(mailAlias=%s)(mailEnabled=TRUE))
+LDAP_QUERY_FILTER_ALIAS="(&(mailAlias=%s)(mailEnabled=TRUE))"
-LDAP_QUERY_FILTER_DOMAIN=(|(mail=*@%s)(mailAlias=*@%s))
+LDAP_QUERY_FILTER_DOMAIN="(|(mail=*@%s)(mailAlias=*@%s))"
 # DOVECOT
-DOVECOT_PASS_FILTER=(&(objectClass=inetOrgPerson)(mail=%u))
+DOVECOT_PASS_FILTER="(&(objectClass=inetOrgPerson)(mail=%u))"
-DOVECOT_USER_FILTER=(&(objectClass=inetOrgPerson)(mail=%u))
+DOVECOT_USER_FILTER="(&(objectClass=inetOrgPerson)(mail=%u))"
 DOVECOT_USER_ATTRS=homeDirectory=home,=uid=5000,=gid=5000
 # SASLAUTHD
 ENABLE_SASLAUTHD=1
@ -100,7 +100,7 @@ SASLAUTHD_LDAP_SERVER=ldap://ldap.$DOMAIN
 SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=federatedcomputer,dc=cloud
 SASLAUTHD_LDAP_PASSWORD=$LDAP_SECRET
 SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=federatedcomputer,dc=cloud
-SASLAUTHD_LDAP_FILTER=(&(objectClass=inetOrgPerson)(mail=%U@%r))
+SASLAUTHD_LDAP_FILTER="(&(objectClass=inetOrgPerson)(mail=%U@%r))"
 POSTMASTER_ADDRESS=postmaster@localhost.localdomain
 POSTFIX_MESSAGE_SIZE_LIMIT=100000000
 ENABLE_MANAGESIEVE=1
--- a/lib/matrix.sh
+++ b/lib/matrix.sh
@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
 get_appvars
 config_matrix() {
-  echo -ne "\n* Configuring /federated/apps/matrix container.."
+  echo -ne "* Configuring matrix container.."
  if [ ! -d "/federated/apps/matrix" ]; then
    mkdir -p /federated/apps/matrix/data/matrix &> /dev/null
@ -64,8 +64,8 @@ sed -i 's!args:!!g' /federated/apps/matrix/data/matrix/homeserver.yaml
 # Insert our Postgres and LDAP config
 cat >> /federated/apps/matrix/data/matrix/homeserver.yaml <<EOF
-#web_client_location: https://element.$DOMAIN/
+web_client_location: https://element.$DOMAIN/
-public_baseurl: https://matrix.$DOMAIN:443/
+#public_baseurl: https://matrix.$DOMAIN:443/
 serve_server_wellknown: true
 turn_uris: [ "turn:turn.$DOMAIN?transport=udp", "turn:turn.$DOMAIN?transport=tcp" ]
 turn_shared_secret: "$COTURN_MATRIX_SECRET"
@ -124,7 +124,7 @@ docker exec postgresql psql -U postgres -c "CREATE USER matrix WITH PASSWORD '$M
 docker exec postgresql psql -U postgres -c "CREATE DATABASE matrix" &> /dev/null
 docker exec postgresql psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix" &> /dev/null
-echo -ne "done."
+echo -ne "done.\n"
 }
 start_matrix() {
  # Start service with command to make sure it's up before proceeding
@ -139,12 +139,10 @@ start_matrix() {
  docker exec pdns pdnsutil add-record $DOMAIN matrix A 86400 $EXTERNALIP &> /dev/null
  [ $? -ne 0 ] && fail "Couldn't add dns record for matrix"
-  echo -ne "done."
+  echo -ne "done.\n"
 }
 email_matrix() {
  echo -ne "* Sending email to customer.."
  spin &
  SPINPID=$!
 cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
 <html>
@ -216,13 +214,10 @@ EOF
  docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
  rm /federated/apps/mail/data/root/certs/mailfile
  kill -9 $SPINPID &> /dev/null
  echo -ne "done.\n"
 }
 uninstall_matrix() {
  echo -ne "* Uninstalling matrix container.."
  spin &
  SPINPID=$!
  # First stop the service
  cd /federated/apps/matrix && docker-compose -f docker-compose.yml -p matrix down &> /dev/null
@ -244,14 +239,15 @@ uninstall_matrix() {
  if [[ $(grep "### Matrix" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
    sed -i '/### Matrix/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
    sed -i '/### Matrix/d' /federated/apps/authelia/data/config/idproviders.yml
-    /federated/bin/stop authelia
+    run_command "/federated/bin/stop authelia"
-    /federated/bin/start authelia
+    run_command "/federated/bin/start authelia"
  fi
  kill -9 $SPINPID &> /dev/null
  echo -ne "done.\n"
 }
 configsso_matrix() {
  echo -ne "* Configuring matrix container with SSO.."
  [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
  [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
  [[ $(grep "### Matrix" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Matrix configuration."
@ -277,8 +273,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
 EOF
  # Restart Authelia for changes to take the above configuration
-  /federated/bin/stop authelia
+  run_command "/federated/bin/stop authelia"
-  /federated/bin/start authelia
+  run_command "/federated/bin/start authelia"
  add_authelia_config_to_dockercompose "$APP"
@ -302,6 +298,8 @@ oidc_providers:
 EOF
  # Restart Matrix for changes to take the above configuration
-  /federated/bin/stop matrix
+  run_command "/federated/bin/stop matrix"
-  /federated/bin/start matrix
+  run_command "/federated/bin/start matrix"
  echo -ne "done.\n"
 }
--- a/lib/roundcube.sh
+++ b/lib/roundcube.sh
@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
 get_appvars
 config_roundcube() {
-  echo -ne "\n* Configuring roundcube container.."
+  echo -ne "* Configuring roundcube container.."
  if [ ! -d "/federated/apps/roundcube" ]; then
    mkdir -p /federated/apps/roundcube/data/var/www/html
@ -74,13 +74,10 @@ start_roundcube() {
  docker exec pdns pdnsutil add-record $DOMAIN webmail A 86400 $EXTERNALIP &> /dev/null
  [ $? -ne 0 ] && fail "Couldn't add dns record for roundcube"
  kill -9 $SPINPID &> /dev/null
  echo -ne "done.\n"
 }
 email_roundcube() {
  echo -ne "* Sending email to customer.."
  spin &
  SPINPID=$!
 cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
 <html>
@ -108,13 +105,10 @@ EOF
  docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
  rm /federated/apps/mail/data/root/certs/mailfile
  kill -9 $SPINPID &> /dev/null
  echo -ne "done.\n"
 }
 uninstall_roundcube() {
  echo -ne "* Uninstalling roundcube container.."
  spin &
  SPINPID=$!
  # First stop the service
  cd /federated/apps/roundcube && docker-compose -f docker-compose.yml -p roundcube down &> /dev/null
@ -137,14 +131,15 @@ uninstall_roundcube() {
  if [[ $(grep "### Roundcube" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
    sed -i '/### Roundcube/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
    sed -i '/### Roundcube/d' /federated/apps/authelia/data/config/idproviders.yml
-    /federated/bin/stop authelia
+    run_command "/federated/bin/stop authelia"
-    /federated/bin/start authelia
+    run_command "/federated/bin/start authelia"
  fi
  kill -9 $SPINPID &> /dev/null
  echo -ne "done.\n"
 }
 configsso_roundcube() {
  echo -ne "* Configuring roundcube container with SSO.."
  [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
  [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
  [[ $(grep "### Roundcube" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Roundcube configuration."
@ -171,8 +166,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
 EOF
  # Restart Authelia for changes to take the above configuration
-  /federated/bin/stop authelia
+  run_command "/federated/bin/stop authelia"
-  /federated/bin/start authelia
+  run_command "/federated/bin/start authelia"
  # Add in extra hosts config
  add_authelia_config_to_dockercompose "$APP"
@ -234,8 +229,10 @@ sed -i 's/SASLAUTHD_LDAP_FILTER=.*/#SASLAUTHD_LDAP_FILTER=\(\&\(objectClass\=ine
 sed -i 's/DOVECOT_PASS_FILTER=.*/DOVECOT_PASS_FILTER=\(\|\(mail\=\%u\)\(uid\=\%u\)\)/g' /federated/apps/mail/.env
 sed -i 's/DOVECOT_USER_FILTER=.*/DOVECOT_USER_FILTER=\(\|\(mail\=\%u\)\(uid\=\%u\)\)/g' /federated/apps/mail/.env
-  /federated/bin/stop roundcube
+  run_command "/federated/bin/stop roundcube"
-  /federated/bin/start roundcube
+  run_command "/federated/bin/start roundcube"
-  /federated/bin/stop mail
+  run_command "/federated/bin/stop mail"
-  /federated/bin/start mail
+  run_command "/federated/bin/start mail"
  echo -ne "done.\n"
 }
--- a/lib/wordpress.sh
+++ b/lib/wordpress.sh
@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
 get_appvars
 config_wordpress() {
-  echo -ne "\n* Configuring wordpress container.."
+  echo -ne "* Configuring wordpress container.."
  if [ ! -d "/federated/apps/wordpress" ]; then
    mkdir -p /federated/apps/wordpress/data/bitnami/wordpress
@ -54,7 +54,7 @@ WORDPRESS_PASSWORD=$ADMINPASS
 WORDPRESS_EMAIL=admin@$DOMAIN
 WORDPRESS_FIRST_NAME=Admin
 WORDPRESS_LAST_NAME=Wordpress
-WORDPRESS_BLOG_NAME=$COMPANY Blog
+WORDPRESS_BLOG_NAME="$COMPANY Blog"
 WORDPRESS_DATABASE_HOST=pdnsmysql.$DOMAIN
 WORDPRESS_DATABASE_PORT_NUMBER=3306
 WORDPRESS_DATABASE_USER=wordpress
@ -86,20 +86,16 @@ start_wordpress() {
  chmod -R 755 /federated/apps/wordpress/data/bitnami/wordpress/wp-content
  chmod 740 /federated/apps/wordpress/data/bitnami/wordpress/wp-config.php
  sed -i s#http://#https://#g /federated/apps/wordpress/data/bitnami/wordpress/wp-config.php
  /federated/bin/stop wordpress
  /federated/bin/start wordpress
-  docker exec pdns pdnsutil add-record $DOMAIN www A 86400 $EXTERNALIP &> /dev/null
+  run_command "/federated/bin/stop wordpress"
-  [ $? -ne 0 ] && fail "Couldn't add dns record"
+  run_command "/federated/bin/start wordpress"
-  docker exec pdns pdnsutil add-record $DOMAIN wordpress A 86400 $EXTERNALIP &> /dev/null
+  run_command "docker exec pdns pdnsutil add-record $DOMAIN www A 86400 $EXTERNALIP"
-  [ $? -ne 0 ] && fail "Couldn't add dns record"
+  run_command "docker exec pdns pdnsutil add-record $DOMAIN wordpress A 86400 $EXTERNALIP"
  echo -ne "done.\n"
 }
 email_wordpress() {
  echo -ne "* Sending email to customer.."
  spin &
  SPINPID=$!
 cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
 <html>
@ -171,13 +167,10 @@ EOF
  docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
  rm /federated/apps/mail/data/root/certs/mailfile
  kill -9 $SPINPID &> /dev/null
  echo -ne "done.\n"
 }
 uninstall_wordpress() {
  echo -ne "* Uninstalling wordpress container.."
  spin &
  SPINPID=$!
  # First stop the service
  cd /federated/apps/wordpress && docker-compose -f docker-compose.yml -p wordpress down &> /dev/null
@ -200,14 +193,15 @@ uninstall_wordpress() {
  if [[ $(grep "### Wordpress" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
    sed -i '/### Wordpress/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
    sed -i '/### Wordpress/d' /federated/apps/authelia/data/config/idproviders.yml
-    /federated/bin/stop authelia
+    run_command "/federated/bin/stop authelia"
-    /federated/bin/start authelia
+    run_command "/federated/bin/start authelia"
  fi
  kill -9 $SPINPID &> /dev/null
  echo -ne "done.\n"
 }
 configsso_wordpress() {
  echo -ne "* Configuring wordpress container with SSO.."
  [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
  [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
  [[ $(grep "### Wordpress" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Wordpress configuration."
@ -235,8 +229,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
 EOF
  # Restart Authelia for changes to take the above configuration
-  /federated/bin/stop authelia
+  run_command "/federated/bin/stop authelia"
-  /federated/bin/start authelia
+  run_command "/federated/bin/start authelia"
  add_authelia_config_to_dockercompose "$APP"
@ -254,9 +248,11 @@ define( 'OIDC_LINK_EXISTING_USERS', '1' );\n\
 define( 'OIDC_REDIRECT_USER_BACK', '1' );\n\
 define( 'OIDC_REDIRECT_ON_LOGOUT', '1' );\n" /federated/apps/wordpress/data/bitnami/wordpress/wp-config.php
-  docker exec wordpress wp plugin install daggerhart-openid-connect-generic &> /dev/null
+  run_command "docker exec wordpress wp plugin install daggerhart-openid-connect-generic"
-  docker exec wordpress wp plugin activate daggerhart-openid-connect-generic &> /dev/null
+  run_command "docker exec wordpress wp plugin activate daggerhart-openid-connect-generic"
-  /federated/bin/stop wordpress
+  run_command "/federated/bin/stop wordpress"
-  /federated/bin/start wordpress
+  run_command "/federated/bin/start wordpress"
  echo -ne "done.\n"
 }