More changes for SSO and convertdomain SSO coming soon
This commit is contained in:
root
parent
4af4a1e135
commit
60a0b73e54
@ -52,10 +52,8 @@ echo "$ADMINPASS" > /federated/apps/authelia/data/secrets/NOTIFIER_SMTP_PASSWORD
|
|||||||
openssl genrsa -out /federated/apps/authelia/data/secrets/private.pem 4096 2>/dev/null
|
openssl genrsa -out /federated/apps/authelia/data/secrets/private.pem 4096 2>/dev/null
|
||||||
openssl rsa -in /federated/apps/authelia/data/secrets/private.pem -outform PEM -pubout -out /federated/apps/authelia/data/secrets/public.pem 2>/dev/null
|
openssl rsa -in /federated/apps/authelia/data/secrets/private.pem -outform PEM -pubout -out /federated/apps/authelia/data/secrets/public.pem 2>/dev/null
|
||||||
POWERDNS_CLIENT_SECRET=$(create_password);
|
POWERDNS_CLIENT_SECRET=$(create_password);
|
||||||
POWERDNS_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $POWERDNS_CLIENT_SECRET 2>/dev/null | awk '{ print $2 }')
|
POWERDNS_CLIENT_SECRET_HASH=$(docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $POWERDNS_CLIENT_SECRET 2>/dev/null | awk '{ print $2 }')
|
||||||
[[ -d "/federated/apps/pdnsmysql/data/var/lib/mysql/pdnsadmin" ]] && POWERDNS_DB="pdnsadmin" || POWERDNS_DB="pdns"
|
[[ -d "/federated/apps/pdnsmysql/data/var/lib/mysql/pdnsadmin" ]] && POWERDNS_DB="pdnsadmin" || POWERDNS_DB="pdns"
|
||||||
#NEXTCLOUD_CLIENT_SECRET=$(create_password);
|
|
||||||
#NEXTCLOUD_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $NEXTCLOUD_CLIENT_SECRET | awk '{ print $2 }')
|
|
||||||
|
|
||||||
cat > /federated/apps/authelia/.env <<EOF
|
cat > /federated/apps/authelia/.env <<EOF
|
||||||
IMAGE_VERSION=4.38.8
|
IMAGE_VERSION=4.38.8
|
||||||
@ -206,10 +204,14 @@ start_authelia() {
|
|||||||
|
|
||||||
# If extra_hosts doesn't exist then insert extra_host configuration in pdnsadmin docker compose
|
# If extra_hosts doesn't exist then insert extra_host configuration in pdnsadmin docker compose
|
||||||
add_authelia_config_to_dockercompose "pdnsadmin"
|
add_authelia_config_to_dockercompose "pdnsadmin"
|
||||||
|
# [[ ! $(grep extra_hosts /federated/apps/pdnsadmin/docker-compose.yml 2>/dev/null) ]] && sed -i "/192.168.0.12/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/pdnsadmin/docker-compose.yml
|
||||||
|
|
||||||
# Stop and start pdnsadmin for internal dns externalhosts to work
|
# Stop and start pdnsadmin for internal dns externalhosts to work
|
||||||
run_command "/federated/bin/stop pdnsadmin"
|
/federated/bin/stop pdnsadmin &> /dev/null
|
||||||
run_command "/federated/bin/start pdnsadmin"
|
[ $? -ne 0 ] && fail "Couldn't stop pdnsadmin"
|
||||||
|
|
||||||
|
/federated/bin/start pdnsadmin &> /dev/null
|
||||||
|
[ $? -ne 0 ] && fail "Couldn't start pdnsadmin"
|
||||||
|
|
||||||
echo -ne "done.\n"
|
echo -ne "done.\n"
|
||||||
}
|
}
|
||||||
@ -217,7 +219,7 @@ uninstall_authelia() {
|
|||||||
echo -ne "* Uninstalling authelia container.."
|
echo -ne "* Uninstalling authelia container.."
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/authelia && docker compose -f docker-compose.yml -p authelia down &> /dev/null
|
cd /federated/apps/authelia && docker-compose -f docker-compose.yml -p authelia down &> /dev/null
|
||||||
|
|
||||||
# Delete the entries in the settings table
|
# Delete the entries in the settings table
|
||||||
[[ -d "/federated/apps/pdnsmysql/data/var/lib/mysql/pdnsadmin" ]] && POWERDNS_DB="pdnsadmin" || POWERDNS_DB="pdns"
|
[[ -d "/federated/apps/pdnsmysql/data/var/lib/mysql/pdnsadmin" ]] && POWERDNS_DB="pdnsadmin" || POWERDNS_DB="pdns"
|
||||||
|
|||||||
@ -167,7 +167,7 @@ uninstall_baserow() {
|
|||||||
SPINPID=$!
|
SPINPID=$!
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/baserow && docker compose -f docker-compose.yml -p baserow down &> /dev/null
|
cd /federated/apps/baserow && docker-compose -f docker-compose.yml -p baserow down &> /dev/null
|
||||||
|
|
||||||
# Delete database and user in postgresql
|
# Delete database and user in postgresql
|
||||||
docker exec postgresql psql -U postgres -c "DROP DATABASE baserow" &> /dev/null
|
docker exec postgresql psql -U postgres -c "DROP DATABASE baserow" &> /dev/null
|
||||||
|
|||||||
@ -174,7 +174,7 @@ uninstall_bookstack() {
|
|||||||
echo -ne "* Uninstalling bookstack container.."
|
echo -ne "* Uninstalling bookstack container.."
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/bookstack && docker compose -f docker-compose.yml -p bookstack down &> /dev/null
|
cd /federated/apps/bookstack && docker-compose -f docker-compose.yml -p bookstack down &> /dev/null
|
||||||
|
|
||||||
# Delete database and user
|
# Delete database and user
|
||||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'drop database bookstack;'" &> /dev/null
|
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'drop database bookstack;'" &> /dev/null
|
||||||
@ -207,7 +207,7 @@ configsso_bookstack() {
|
|||||||
[[ $(grep "### Bookstack" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Bookstack configuration."
|
[[ $(grep "### Bookstack" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Bookstack configuration."
|
||||||
|
|
||||||
BOOKSTACK_CLIENT_SECRET=$(create_password);
|
BOOKSTACK_CLIENT_SECRET=$(create_password);
|
||||||
BOOKSTACK_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $BOOKSTACK_CLIENT_SECRET | awk '{ print $2 }')
|
BOOKSTACK_CLIENT_SECRET_HASH=$(docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $BOOKSTACK_CLIENT_SECRET | awk '{ print $2 }')
|
||||||
|
|
||||||
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
||||||
### Bookstack
|
### Bookstack
|
||||||
@ -246,7 +246,7 @@ OIDC_END_SESSION_ENDPOINT=https://authelia.$DOMAIN/logout
|
|||||||
EOF
|
EOF
|
||||||
|
|
||||||
# Add in extra hosts config
|
# Add in extra hosts config
|
||||||
add_authelia_config_to_dockercompose "$APP"
|
add_authelia_config_to_dockercompose "bookstack"
|
||||||
|
|
||||||
# Setup external_auth_id for each user in bookstack users table
|
# Setup external_auth_id for each user in bookstack users table
|
||||||
BOOKSTACK_SECRET=$(cat /federated/apps/bookstack/.env | grep "DB_PASS" | awk -F= '{ print $2 }')
|
BOOKSTACK_SECRET=$(cat /federated/apps/bookstack/.env | grep "DB_PASS" | awk -F= '{ print $2 }')
|
||||||
|
|||||||
@ -188,7 +188,7 @@ uninstall_caddy() {
|
|||||||
SPINPID=$!
|
SPINPID=$!
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/caddy && docker compose -f docker-compose.yml -p caddy down &> /dev/null
|
cd /federated/apps/caddy && docker-compose -f docker-compose.yml -p caddy down &> /dev/null
|
||||||
|
|
||||||
# Delete the app directory
|
# Delete the app directory
|
||||||
rm -rf /federated/apps/caddy
|
rm -rf /federated/apps/caddy
|
||||||
|
|||||||
@ -168,7 +168,7 @@ uninstall_castopod() {
|
|||||||
SPINPID=$!
|
SPINPID=$!
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/castopod && docker compose -f docker-compose.yml -p castopod down &> /dev/null
|
cd /federated/apps/castopod && docker-compose -f docker-compose.yml -p castopod down &> /dev/null
|
||||||
|
|
||||||
# Delete database and user
|
# Delete database and user
|
||||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'drop database castopod;'" &> /dev/null
|
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'drop database castopod;'" &> /dev/null
|
||||||
|
|||||||
@ -71,10 +71,10 @@ start_connector() {
|
|||||||
|
|
||||||
if [ $DEBUG ]; then
|
if [ $DEBUG ]; then
|
||||||
# Start /federated/apps/connector with output to console for debug
|
# Start /federated/apps/connector with output to console for debug
|
||||||
docker compose -f /federated/apps/connector/docker-compose.yml -p connector up
|
docker-compose -f /federated/apps/connector/docker-compose.yml -p connector up
|
||||||
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/connector"
|
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/connector"
|
||||||
else
|
else
|
||||||
docker compose -f /federated/apps/connector/docker-compose.yml -p connector up -d &> /dev/null
|
docker-compose -f /federated/apps/connector/docker-compose.yml -p connector up -d &> /dev/null
|
||||||
|
|
||||||
# Keep trying connector port 80 to make sure it's up
|
# Keep trying connector port 80 to make sure it's up
|
||||||
# before we proceed
|
# before we proceed
|
||||||
@ -85,7 +85,7 @@ start_connector() {
|
|||||||
break
|
break
|
||||||
else
|
else
|
||||||
if [ "$RETRY" == 1 ]; then
|
if [ "$RETRY" == 1 ]; then
|
||||||
docker compose -f /federated/apps/connector/docker-compose.yml -p connector down &> /dev/null
|
docker-compose -f /federated/apps/connector/docker-compose.yml -p connector down &> /dev/null
|
||||||
kill -9 $SPINPID &> /dev/null
|
kill -9 $SPINPID &> /dev/null
|
||||||
fail "There was a problem starting service /federated/apps/connector\nCheck the output of 'docker logs connector' or turn on\ndebug with -d"
|
fail "There was a problem starting service /federated/apps/connector\nCheck the output of 'docker logs connector' or turn on\ndebug with -d"
|
||||||
fi
|
fi
|
||||||
|
|||||||
@ -75,7 +75,7 @@ uninstall_dashboard() {
|
|||||||
SPINPID=$!
|
SPINPID=$!
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/dashboard && docker compose -f docker-compose.yml -p dashboard down &> /dev/null
|
cd /federated/apps/dashboard && docker-compose -f docker-compose.yml -p dashboard down &> /dev/null
|
||||||
|
|
||||||
# Delete the app directory
|
# Delete the app directory
|
||||||
rm -rf /federated/apps/dashboard
|
rm -rf /federated/apps/dashboard
|
||||||
|
|||||||
@ -193,7 +193,7 @@ uninstall_discourse() {
|
|||||||
SPINPID=$!
|
SPINPID=$!
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/discourse && docker compose -f docker-compose.yml -p discourse down &> /dev/null
|
cd /federated/apps/discourse && docker-compose -f docker-compose.yml -p discourse down &> /dev/null
|
||||||
|
|
||||||
# Delete database and user in postgresql
|
# Delete database and user in postgresql
|
||||||
docker exec postgresql psql -U postgres -c "DROP DATABASE discourse" &> /dev/null
|
docker exec postgresql psql -U postgres -c "DROP DATABASE discourse" &> /dev/null
|
||||||
|
|||||||
@ -207,11 +207,11 @@ start_dns() {
|
|||||||
|
|
||||||
if [ $DEBUG ]; then
|
if [ $DEBUG ]; then
|
||||||
# Start /federated/apps/dns with output to console for debug
|
# Start /federated/apps/dns with output to console for debug
|
||||||
docker compose -f /federated/apps/dns/docker-compose.yml -p dns up
|
docker-compose -f /federated/apps/dns/docker-compose.yml -p dns up
|
||||||
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/dns"
|
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/dns"
|
||||||
else
|
else
|
||||||
# Start /federated/apps/dns with output to /dev/null
|
# Start /federated/apps/dns with output to /dev/null
|
||||||
docker compose -f /federated/apps/dns/docker-compose.yml -p dns up -d &> /dev/null
|
docker-compose -f /federated/apps/dns/docker-compose.yml -p dns up -d &> /dev/null
|
||||||
|
|
||||||
# Keep trying to see that certificates are generated
|
# Keep trying to see that certificates are generated
|
||||||
RETRY="18"
|
RETRY="18"
|
||||||
@ -231,7 +231,7 @@ start_dns() {
|
|||||||
break
|
break
|
||||||
else
|
else
|
||||||
if [ "$RETRY" == 1 ]; then
|
if [ "$RETRY" == 1 ]; then
|
||||||
docker compose -f /federated/apps/dns/docker-compose.yml -p dns down &> /dev/null
|
docker-compose -f /federated/apps/dns/docker-compose.yml -p dns down &> /dev/null
|
||||||
fail "There was a problem starting service /federated/apps/dns\nCheck the output of 'docker logs dns' or turn on\ndebug with -d"
|
fail "There was a problem starting service /federated/apps/dns\nCheck the output of 'docker logs dns' or turn on\ndebug with -d"
|
||||||
fi
|
fi
|
||||||
((RETRY--))
|
((RETRY--))
|
||||||
|
|||||||
@ -178,7 +178,7 @@ uninstall_espocrm() {
|
|||||||
echo -ne "* Uninstalling espocrm container.."
|
echo -ne "* Uninstalling espocrm container.."
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/espocrm && docker compose -f docker-compose.yml -p espocrm down &> /dev/null
|
cd /federated/apps/espocrm && docker-compose -f docker-compose.yml -p espocrm down &> /dev/null
|
||||||
|
|
||||||
# Delete database and user
|
# Delete database and user
|
||||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'drop database espocrm;'" &> /dev/null
|
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'drop database espocrm;'" &> /dev/null
|
||||||
@ -207,14 +207,14 @@ uninstall_espocrm() {
|
|||||||
echo -ne "done.\n"
|
echo -ne "done.\n"
|
||||||
}
|
}
|
||||||
configsso_espocrm() {
|
configsso_espocrm() {
|
||||||
echo -ne "* Configuring espocrm container with SSO.."
|
echo -ne "* Configuring matrix container with SSO.."
|
||||||
|
|
||||||
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
|
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
|
||||||
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
|
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
|
||||||
[[ $(grep "### Espocrm" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Espocrm configuration."
|
[[ $(grep "### Espocrm" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Espocrm configuration."
|
||||||
|
|
||||||
ESPOCRM_CLIENT_SECRET=$(create_password);
|
ESPOCRM_CLIENT_SECRET=$(create_password);
|
||||||
ESPOCRM_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $ESPOCRM_CLIENT_SECRET | awk '{ print $2 }')
|
ESPOCRM_CLIENT_SECRET_HASH=$(docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $ESPOCRM_CLIENT_SECRET | awk '{ print $2 }')
|
||||||
|
|
||||||
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
||||||
### Espocrm
|
### Espocrm
|
||||||
@ -262,8 +262,8 @@ EOF
|
|||||||
sed -i "/oidcScopes/d" /federated/apps/espocrm/data/var/www/html/data/config.php
|
sed -i "/oidcScopes/d" /federated/apps/espocrm/data/var/www/html/data/config.php
|
||||||
sed -i "/authenticationMethod/a \ 'oidcScopes' => [\n\ 0 => 'profile',\n\ 1 => 'email',\n\ 2 => 'groups',\n\ 3 => 'openid'\n\ ]," /federated/apps/espocrm/data/var/www/html/data/config.php
|
sed -i "/authenticationMethod/a \ 'oidcScopes' => [\n\ 0 => 'profile',\n\ 1 => 'email',\n\ 2 => 'groups',\n\ 3 => 'openid'\n\ ]," /federated/apps/espocrm/data/var/www/html/data/config.php
|
||||||
|
|
||||||
# Add in extra_hosts to docker compose
|
# Add in extra_hosts to docker-compose
|
||||||
add_authelia_config_to_dockercompose "$APP"
|
add_authelia_config_to_dockercompose "espocrm"
|
||||||
|
|
||||||
# Set auth method to Oidc only
|
# Set auth method to Oidc only
|
||||||
sed -i "s/ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/#ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/g" /federated/apps/espocrm/.env
|
sed -i "s/ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/#ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/g" /federated/apps/espocrm/.env
|
||||||
|
|||||||
@ -166,7 +166,7 @@ uninstall_freescout() {
|
|||||||
SPINPID=$!
|
SPINPID=$!
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/freescout && docker compose -f docker-compose.yml -p freescout down &> /dev/null
|
cd /federated/apps/freescout && docker-compose -f docker-compose.yml -p freescout down &> /dev/null
|
||||||
|
|
||||||
# Delete database and user in postgresql
|
# Delete database and user in postgresql
|
||||||
docker exec postgresql psql -U postgres -c "DROP DATABASE freescout" &> /dev/null
|
docker exec postgresql psql -U postgres -c "DROP DATABASE freescout" &> /dev/null
|
||||||
|
|||||||
@ -2,9 +2,17 @@
|
|||||||
|
|
||||||
# Define all services
|
# Define all services
|
||||||
CORE_APPS=("pdnsmysql" "pdns" "pdnsadmin" "traefik" "postgresql" "ldap")
|
CORE_APPS=("pdnsmysql" "pdns" "pdnsadmin" "traefik" "postgresql" "ldap")
|
||||||
EXTRA_APPS=("mail" "collabora" "nextcloud" "matrix" "element" "listmonk" "vaultwarden" "panel" "wireguard" "jitsi" "baserow" "gitea" "caddy" "autodiscover" "castopod" "wordpress" "coturn" "bookstack" "freescout" "msp" "espocrm" "nginx" "matrixslack" "matrixsignal" "matrixwhatsapp" "dashboard" "authelia" "jitsiopenid" "roundcube" "redis" "discourse" "wordpressshop")
|
EXTRA_APPS=("mail" "collabora" "authelia" "nextcloud" "matrix" "element" "listmonk" "vaultwarden" "panel" "wireguard" "jitsi" "baserow" "gitea" "caddy" "autodiscover" "castopod" "wordpress" "coturn" "bookstack" "freescout" "msp" "espocrm" "nginx" "matrixslack" "matrixsignal" "matrixwhatsapp" "dashboard" "jitsiopenid" "roundcube" "redis" "discourse" "wordpressshop")
|
||||||
SERVICES=("${CORE_APPS[@]}" "${EXTRA_APPS[@]}")
|
SERVICES=("${CORE_APPS[@]}" "${EXTRA_APPS[@]}")
|
||||||
|
|
||||||
|
failts() {
|
||||||
|
echo "$*" >&2;
|
||||||
|
exit 1;
|
||||||
|
}
|
||||||
|
run_command() {
|
||||||
|
$1 &> /dev/null
|
||||||
|
[[ $? -ne 0 ]] && echo "* FAILED - Couldn't run \"$1\"" >&2
|
||||||
|
}
|
||||||
fail() {
|
fail() {
|
||||||
echo -ne "FAILED\n\n$1\n\n"
|
echo -ne "FAILED\n\n$1\n\n"
|
||||||
kill -9 $SPINPID &> /dev/null
|
kill -9 $SPINPID &> /dev/null
|
||||||
@ -12,10 +20,6 @@ fail() {
|
|||||||
# docker network rm fstack &> /dev/null
|
# docker network rm fstack &> /dev/null
|
||||||
exit 2;
|
exit 2;
|
||||||
}
|
}
|
||||||
run_command() {
|
|
||||||
$1 &> /dev/null
|
|
||||||
[[ $? -ne 0 ]] && echo "* FAILED - Couldn't run \"$1\"" >&2
|
|
||||||
}
|
|
||||||
failcheck() {
|
failcheck() {
|
||||||
echo -ne "\n\nFAILED - $1\n\n"
|
echo -ne "\n\nFAILED - $1\n\n"
|
||||||
exit 2;
|
exit 2;
|
||||||
@ -137,7 +141,7 @@ upgrade_federated() {
|
|||||||
echo -ne "upgrading to $VERSION..\n"
|
echo -ne "upgrading to $VERSION..\n"
|
||||||
if [[ ! "$APP_NOTRUNNING" ]]; then
|
if [[ ! "$APP_NOTRUNNING" ]]; then
|
||||||
echo -ne "\n Shutting Down $APP.."
|
echo -ne "\n Shutting Down $APP.."
|
||||||
cd /federated/apps/$APP && docker compose -f docker-compose.yml -p $APP down
|
cd /federated/apps/$APP && docker-compose -f docker-compose.yml -p $APP down
|
||||||
fi
|
fi
|
||||||
if [ "$APP" = "jitsi" ]; then
|
if [ "$APP" = "jitsi" ]; then
|
||||||
sed -i "s/#JITSI_IMAGE_VERSION=.*/JITSI_IMAGE_VERSION=$VERSION/g" /federated/apps/$APP/.env
|
sed -i "s/#JITSI_IMAGE_VERSION=.*/JITSI_IMAGE_VERSION=$VERSION/g" /federated/apps/$APP/.env
|
||||||
@ -193,7 +197,7 @@ start_service_convert() {
|
|||||||
# Start /federated/apps/SERVICE with output to /dev/null
|
# Start /federated/apps/SERVICE with output to /dev/null
|
||||||
echo -ne "\n* Starting /federated/apps/$SERVICE service.."
|
echo -ne "\n* Starting /federated/apps/$SERVICE service.."
|
||||||
|
|
||||||
docker compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE up -d &> /dev/null
|
docker-compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE up -d &> /dev/null
|
||||||
|
|
||||||
# Keep trying service port to make sure it's up before
|
# Keep trying service port to make sure it's up before
|
||||||
# we proceed
|
# we proceed
|
||||||
@ -204,7 +208,7 @@ start_service_convert() {
|
|||||||
break
|
break
|
||||||
else
|
else
|
||||||
if [ "$RETRY" == 1 ]; then
|
if [ "$RETRY" == 1 ]; then
|
||||||
docker compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE down &> /dev/null
|
docker-compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE down &> /dev/null
|
||||||
fail "There was a problem starting service /federated/apps/$SERVICE\nCheck the output of 'docker logs $SERVICE' or turn on\ndebug with -d"
|
fail "There was a problem starting service /federated/apps/$SERVICE\nCheck the output of 'docker logs $SERVICE' or turn on\ndebug with -d"
|
||||||
fi
|
fi
|
||||||
((RETRY--))
|
((RETRY--))
|
||||||
@ -221,10 +225,10 @@ start_service_upgrade() {
|
|||||||
|
|
||||||
if [ $DEBUG ]; then
|
if [ $DEBUG ]; then
|
||||||
# Start /federated/apps/SERVICE with output to console for debug
|
# Start /federated/apps/SERVICE with output to console for debug
|
||||||
docker compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE up
|
docker-compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE up
|
||||||
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/$SERVICE"
|
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/$SERVICE"
|
||||||
else
|
else
|
||||||
docker compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE up -d &> /dev/null
|
docker-compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE up -d &> /dev/null
|
||||||
|
|
||||||
# Keep trying service port to make sure it's up before
|
# Keep trying service port to make sure it's up before
|
||||||
# we proceed
|
# we proceed
|
||||||
@ -235,7 +239,7 @@ start_service_upgrade() {
|
|||||||
break
|
break
|
||||||
else
|
else
|
||||||
if [ "$RETRY" == 1 ]; then
|
if [ "$RETRY" == 1 ]; then
|
||||||
docker compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE down &> /dev/null
|
docker-compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE down &> /dev/null
|
||||||
fail "There was a problem starting service /federated/apps/$SERVICE\nCheck the output of 'docker logs $SERVICE' or turn on\ndebug with -d"
|
fail "There was a problem starting service /federated/apps/$SERVICE\nCheck the output of 'docker logs $SERVICE' or turn on\ndebug with -d"
|
||||||
fi
|
fi
|
||||||
((RETRY--))
|
((RETRY--))
|
||||||
@ -251,7 +255,7 @@ start_service_withalert2() {
|
|||||||
ALERT="$4"
|
ALERT="$4"
|
||||||
|
|
||||||
# First start the service
|
# First start the service
|
||||||
docker compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE up -d &> /dev/null
|
docker-compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE up -d &> /dev/null
|
||||||
|
|
||||||
# Keep trying service COMMAND to make sure it's up before we proceed
|
# Keep trying service COMMAND to make sure it's up before we proceed
|
||||||
while [ "$RETRY" -gt "0" ]; do
|
while [ "$RETRY" -gt "0" ]; do
|
||||||
@ -267,13 +271,13 @@ start_service_withalert2() {
|
|||||||
|
|
||||||
if [ "$ALERT" = "yes" ]; then
|
if [ "$ALERT" = "yes" ]; then
|
||||||
EXTERNALIP=`dig @resolver4.opendns.com myip.opendns.com +short 2> /dev/null`
|
EXTERNALIP=`dig @resolver4.opendns.com myip.opendns.com +short 2> /dev/null`
|
||||||
docker compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE down &> /dev/null
|
docker-compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE down &> /dev/null
|
||||||
echo "Generated by /federated/bin/start" > /federated/apps/mail/data/root/certs/mailfile
|
echo "Generated by /federated/bin/start" > /federated/apps/mail/data/root/certs/mailfile
|
||||||
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"$SERVICE failed to start on $EXTERNALIP\" $ALERTS_EMAIL < /root/certs/mailfile"
|
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"$SERVICE failed to start on $EXTERNALIP\" $ALERTS_EMAIL < /root/certs/mailfile"
|
||||||
echo -ne "\nThere was a problem starting service /federated/apps/$SERVICE\nCheck the output of 'docker logs $SERVICE' while starting or run\ndocker compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE up\n"
|
echo -ne "\nThere was a problem starting service /federated/apps/$SERVICE\nCheck the output of 'docker logs $SERVICE' while starting or run\ndocker-compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE up\n"
|
||||||
else
|
else
|
||||||
docker compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE down &> /dev/null
|
docker-compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE down &> /dev/null
|
||||||
echo -ne "\nThere was a problem starting service /federated/apps/$SERVICE\nCheck the output of 'docker logs $SERVICE' while starting or run\ndocker compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE up\n"
|
echo -ne "\nThere was a problem starting service /federated/apps/$SERVICE\nCheck the output of 'docker logs $SERVICE' while starting or run\ndocker-compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE up\n"
|
||||||
fi
|
fi
|
||||||
echo -ne "\n"
|
echo -ne "\n"
|
||||||
fi
|
fi
|
||||||
@ -290,7 +294,7 @@ start_service_withalert() {
|
|||||||
|
|
||||||
echo -ne "* Starting $SERVICE.."
|
echo -ne "* Starting $SERVICE.."
|
||||||
|
|
||||||
docker compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE up -d &> /dev/null
|
docker-compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE up -d &> /dev/null
|
||||||
|
|
||||||
# Keep trying service port to make sure it's up before
|
# Keep trying service port to make sure it's up before
|
||||||
# we proceed
|
# we proceed
|
||||||
@ -306,12 +310,12 @@ start_service_withalert() {
|
|||||||
|
|
||||||
if [ "$ALERT" = "yes" ]; then
|
if [ "$ALERT" = "yes" ]; then
|
||||||
EXTERNALIP=`dig @resolver4.opendns.com myip.opendns.com +short 2> /dev/null`
|
EXTERNALIP=`dig @resolver4.opendns.com myip.opendns.com +short 2> /dev/null`
|
||||||
docker compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE down &> /dev/null
|
docker-compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE down &> /dev/null
|
||||||
echo "Generated by /federated/bin/start" > /federated/apps/mail/data/root/certs/mailfile
|
echo "Generated by /federated/bin/start" > /federated/apps/mail/data/root/certs/mailfile
|
||||||
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"$SERVICE failed to start on $EXTERNALIP\" $ALERTS_EMAIL < /root/certs/mailfile"
|
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"$SERVICE failed to start on $EXTERNALIP\" $ALERTS_EMAIL < /root/certs/mailfile"
|
||||||
echo -ne "\n\nThere was a problem starting service /federated/apps/$SERVICE\nCheck the output of 'docker logs $SERVICE' or turn on\ndebug with set -x\n\n"
|
echo -ne "\n\nThere was a problem starting service /federated/apps/$SERVICE\nCheck the output of 'docker logs $SERVICE' or turn on\ndebug with set -x\n\n"
|
||||||
else
|
else
|
||||||
docker compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE down &> /dev/null
|
docker-compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE down &> /dev/null
|
||||||
echo -ne "\n\nThere was a problem starting service /federated/apps/$SERVICE\nCheck the output of 'docker logs $SERVICE' or turn on\ndebug with set -x\n\n"
|
echo -ne "\n\nThere was a problem starting service /federated/apps/$SERVICE\nCheck the output of 'docker logs $SERVICE' or turn on\ndebug with set -x\n\n"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
@ -330,10 +334,10 @@ start_service() {
|
|||||||
|
|
||||||
if [ $DEBUG ]; then
|
if [ $DEBUG ]; then
|
||||||
# Start /federated/apps/SERVICE with output to console for debug
|
# Start /federated/apps/SERVICE with output to console for debug
|
||||||
docker compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE up
|
docker-compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE up
|
||||||
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/$SERVICE"
|
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/$SERVICE"
|
||||||
else
|
else
|
||||||
docker compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE up -d &> /dev/null
|
docker-compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE up -d &> /dev/null
|
||||||
|
|
||||||
# Keep trying service port to make sure it's up before
|
# Keep trying service port to make sure it's up before
|
||||||
# we proceed
|
# we proceed
|
||||||
@ -343,7 +347,7 @@ start_service() {
|
|||||||
break
|
break
|
||||||
else
|
else
|
||||||
if [ "$RETRY" == 1 ]; then
|
if [ "$RETRY" == 1 ]; then
|
||||||
docker compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE down &> /dev/null
|
docker-compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE down &> /dev/null
|
||||||
kill -9 $SPINPID &> /dev/null
|
kill -9 $SPINPID &> /dev/null
|
||||||
fail "There was a problem starting service /federated/apps/$SERVICE\nCheck the output of 'docker logs $SERVICE' or turn on\ndebug with set -x"
|
fail "There was a problem starting service /federated/apps/$SERVICE\nCheck the output of 'docker logs $SERVICE' or turn on\ndebug with set -x"
|
||||||
fi
|
fi
|
||||||
|
|||||||
23
lib/gitea.sh
23
lib/gitea.sh
@ -243,7 +243,7 @@ uninstall_gitea() {
|
|||||||
echo -ne "* Uninstalling gitea container.."
|
echo -ne "* Uninstalling gitea container.."
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/gitea && docker compose -f docker-compose.yml -p gitea down &> /dev/null
|
cd /federated/apps/gitea && docker-compose -f docker-compose.yml -p gitea down &> /dev/null
|
||||||
|
|
||||||
# Delete database and user in postgresql
|
# Delete database and user in postgresql
|
||||||
docker exec postgresql psql -U postgres -c "DROP DATABASE gitea" &> /dev/null
|
docker exec postgresql psql -U postgres -c "DROP DATABASE gitea" &> /dev/null
|
||||||
@ -262,8 +262,8 @@ uninstall_gitea() {
|
|||||||
if [[ $(grep "### Gitea" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
|
if [[ $(grep "### Gitea" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
|
||||||
sed -i '/### Gitea/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
|
sed -i '/### Gitea/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
|
||||||
sed -i '/### Gitea/d' /federated/apps/authelia/data/config/idproviders.yml
|
sed -i '/### Gitea/d' /federated/apps/authelia/data/config/idproviders.yml
|
||||||
run_command "/federated/bin/stop authelia"
|
/federated/bin/stop authelia
|
||||||
run_command "/federated/bin/start authelia"
|
/federated/bin/start authelia
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo -ne "done.\n"
|
echo -ne "done.\n"
|
||||||
@ -303,7 +303,8 @@ configsso_gitea() {
|
|||||||
get_appvars
|
get_appvars
|
||||||
|
|
||||||
GITEA_CLIENT_SECRET=$(create_password);
|
GITEA_CLIENT_SECRET=$(create_password);
|
||||||
GITEA_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $GITEA_CLIENT_SECRET | awk '{ print $2 }')
|
GITEA_CLIENT_SECRET_HASH=$(docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $GITEA_CLIENT_SECRET | awk '{ print $2 }')
|
||||||
|
echo "$GITEA_CLIENT_SECRET" > /federated/apps/gitea/.gitea.client.secret
|
||||||
|
|
||||||
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
||||||
### Gitea
|
### Gitea
|
||||||
@ -327,10 +328,10 @@ EOF
|
|||||||
run_command "/federated/bin/stop authelia"
|
run_command "/federated/bin/stop authelia"
|
||||||
run_command "/federated/bin/start authelia"
|
run_command "/federated/bin/start authelia"
|
||||||
|
|
||||||
docker exec --user 1000 gitea gitea admin auth add-oauth --name "Authelia" --provider "openidConnect" --key "gitea" --secret "$GITEA_CLIENT_SECRET" --auto-discover-url "https://authelia.$DOMAIN/.well-known/openid-configuration" --skip-local-2fa "true" --scopes "openid email profile" --group-claim-name "groups" --admin-group "admin" --restricted-group "guest"
|
|
||||||
|
|
||||||
# Add in extra hosts config
|
# Add in extra hosts config
|
||||||
add_authelia_config_to_dockercompose "$APP"
|
add_authelia_config_to_dockercompose "gitea"
|
||||||
|
run_command "/federated/bin/stop gitea"
|
||||||
|
run_command "/federated/bin/start gitea"
|
||||||
|
|
||||||
sed -i "s/GITEA__service__DISABLE_REGISTRATION=.*/GITEA__service__DISABLE_REGISTRATION=false/g" /federated/apps/gitea/.env
|
sed -i "s/GITEA__service__DISABLE_REGISTRATION=.*/GITEA__service__DISABLE_REGISTRATION=false/g" /federated/apps/gitea/.env
|
||||||
|
|
||||||
@ -348,5 +349,13 @@ EOF
|
|||||||
run_command "/federated/bin/stop gitea"
|
run_command "/federated/bin/stop gitea"
|
||||||
run_command "/federated/bin/start gitea"
|
run_command "/federated/bin/start gitea"
|
||||||
|
|
||||||
|
GITEA_RETRY="0"
|
||||||
|
until docker exec --user 1000 gitea gitea admin auth add-oauth --name "Authelia" --provider "openidConnect" --key "gitea" --secret "$GITEA_CLIENT_SECRET" --auto-discover-url "https://authelia.$DOMAIN/.well-known/openid-configuration" --skip-local-2fa "true" --scopes "openid email profile" --group-claim-name "groups" --admin-group "admin" --restricted-group "guest"; do
|
||||||
|
[[ "$GITEA_RETRY" -eq 30 ]] && echo "ERROR - Can't connect gitea add-oauth to authelia" && break
|
||||||
|
echo "Retrying.."
|
||||||
|
sleep 1
|
||||||
|
((GITEA_RETRY++))
|
||||||
|
done
|
||||||
|
|
||||||
echo -ne "done.\n"
|
echo -ne "done.\n"
|
||||||
}
|
}
|
||||||
|
|||||||
63
lib/jitsi.sh
63
lib/jitsi.sh
@ -429,19 +429,12 @@ cat > /federated/apps/jitsi/.env <<EOF
|
|||||||
# Directory where all configuration will be stored
|
# Directory where all configuration will be stored
|
||||||
CONFIG=/federated/apps/jitsi/data/config
|
CONFIG=/federated/apps/jitsi/data/config
|
||||||
|
|
||||||
EOF
|
|
||||||
if [ "$JITSI_SCALE" != "server" ]; then
|
|
||||||
cat >> /federated/apps/jitsi/.env <<EOF
|
|
||||||
# Exposed HTTP port
|
# Exposed HTTP port
|
||||||
HTTP_PORT=9000
|
HTTP_PORT=9000
|
||||||
|
|
||||||
# Exposed HTTPS port
|
# Exposed HTTPS port
|
||||||
HTTPS_PORT=9443
|
HTTPS_PORT=9443
|
||||||
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
|
|
||||||
cat >> /federated/apps/jitsi/.env <<EOF
|
|
||||||
# System time zone
|
# System time zone
|
||||||
TZ=UTC
|
TZ=UTC
|
||||||
|
|
||||||
@ -451,45 +444,21 @@ EOF
|
|||||||
|
|
||||||
if [ "$JITSI_SCALE" = "server" ]; then
|
if [ "$JITSI_SCALE" = "server" ]; then
|
||||||
cat >> /federated/apps/jitsi/.env <<EOF
|
cat >> /federated/apps/jitsi/.env <<EOF
|
||||||
XMPP_SERVER=xmpp.jitsitest.federatedcomputer.cloud,xmpp.jitsitest2.fedcom.net
|
XMPP_AUTH_DOMAIN=auth.jitsitest.federatedcomputer.cloud
|
||||||
EOF
|
XMPP_SERVER=xmpp.jitsitest.federatedcomputer.cloud
|
||||||
else
|
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.jitsitest.federatedcomputer.cloud
|
||||||
cat >> /federated/apps/jitsi/.env <<EOF
|
|
||||||
XMPP_SERVER=xmpp.$DOMAIN
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -n "$JITSI_SCALE" ]; then
|
|
||||||
# XMPP_AUTH_DOMAIN and XMPP_INTERNAL_MUC_DOMAIN don't
|
|
||||||
# need to resolve - they just need to be identical across
|
|
||||||
# the involved Jitsi components.
|
|
||||||
# So it is safe to use a common (even if nonexistant)
|
|
||||||
# domain across all Jitsi Scale clients so the JVB can
|
|
||||||
# use the same information for every Prosody instance
|
|
||||||
# it connects to.
|
|
||||||
cat >> /federated/apps/jitsi/.env <<EOF
|
|
||||||
XMPP_AUTH_DOMAIN=auth.jitsiscale.federated.computer
|
|
||||||
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.jitsiscale.federated.computer
|
|
||||||
EOF
|
|
||||||
else
|
|
||||||
cat >> /federated/apps/jitsi/.env <<EOF
|
|
||||||
XMPP_AUTH_DOMAIN=auth.$DOMAIN
|
|
||||||
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.$DOMAIN
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$JITSI_SCALE" = "server" ]; then
|
|
||||||
cat >> /federated/apps/jitsi/.env <<EOF
|
|
||||||
|
|
||||||
# XMPP password for JVB client connections
|
# XMPP password for JVB client connections
|
||||||
JVB_AUTH_PASSWORD=
|
JVB_AUTH_PASSWORD=
|
||||||
EOF
|
EOF
|
||||||
else
|
else
|
||||||
|
|
||||||
cat >> /federated/apps/jitsi/.env <<EOF
|
cat >> /federated/apps/jitsi/.env <<EOF
|
||||||
XMPP_DOMAIN=$DOMAIN
|
XMPP_DOMAIN=$DOMAIN
|
||||||
|
XMPP_AUTH_DOMAIN=auth.$DOMAIN
|
||||||
|
XMPP_SERVER=xmpp.$DOMAIN
|
||||||
XMPP_BOSH_URL_BASE=http://xmpp.$DOMAIN:5280
|
XMPP_BOSH_URL_BASE=http://xmpp.$DOMAIN:5280
|
||||||
XMPP_MUC_DOMAIN=muc.$DOMAIN
|
XMPP_MUC_DOMAIN=muc.$DOMAIN
|
||||||
|
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.$DOMAIN
|
||||||
XMPP_GUEST_DOMAIN=guest.$DOMAIN
|
XMPP_GUEST_DOMAIN=guest.$DOMAIN
|
||||||
XMPP_RECORDER_DOMAIN=recorder.$DOMAIN
|
XMPP_RECORDER_DOMAIN=recorder.$DOMAIN
|
||||||
|
|
||||||
@ -771,14 +740,13 @@ EOF
|
|||||||
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
|
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
|
||||||
rm /federated/apps/mail/data/root/certs/mailfile
|
rm /federated/apps/mail/data/root/certs/mailfile
|
||||||
|
|
||||||
kill -9 $SPINPID &> /dev/null
|
|
||||||
echo -ne "done.\n"
|
echo -ne "done.\n"
|
||||||
}
|
}
|
||||||
uninstall_jitsi() {
|
uninstall_jitsi() {
|
||||||
echo -ne "* Uninstalling jitsi container.."
|
echo -ne "* Uninstalling jitsi container.."
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/jitsi && docker compose -f docker-compose.yml -p jitsi down &> /dev/null
|
cd /federated/apps/jitsi && docker-compose -f docker-compose.yml -p jitsi down &> /dev/null
|
||||||
|
|
||||||
# Delete the app directory
|
# Delete the app directory
|
||||||
rm -rf /federated/apps/jitsi
|
rm -rf /federated/apps/jitsi
|
||||||
@ -796,12 +764,12 @@ uninstall_jitsi() {
|
|||||||
if [[ $(grep "### Jitsi" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
|
if [[ $(grep "### Jitsi" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
|
||||||
sed -i '/### Jitsi/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
|
sed -i '/### Jitsi/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
|
||||||
sed -i '/### Jitsi/d' /federated/apps/authelia/data/config/idproviders.yml
|
sed -i '/### Jitsi/d' /federated/apps/authelia/data/config/idproviders.yml
|
||||||
run_command "/federated/bin/stop authelia"
|
run_command "/federated/bin/stop authelia
|
||||||
run_command "/federated/bin/start authelia"
|
run_command "/federated/bin/start authelia
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -d "/federated/apps/jitsiopenid" ]]; then
|
if [[ -d "/federated/apps/jitsiopenid" ]]; then
|
||||||
cd /federated/apps/jitsiopenid && docker compose -f docker-compose.yml -p jitsiopenid down &> /dev/null
|
cd /federated/apps/jitsiopenid && docker-compose -f docker-compose.yml -p jitsiopenid down &> /dev/null
|
||||||
rm -rf /federated/apps/jitsiopenid
|
rm -rf /federated/apps/jitsiopenid
|
||||||
docker image rm mod242/jitsi-go-openid:latest &> /dev/null
|
docker image rm mod242/jitsi-go-openid:latest &> /dev/null
|
||||||
fi
|
fi
|
||||||
@ -811,12 +779,7 @@ uninstall_jitsi() {
|
|||||||
start_jitsi() {
|
start_jitsi() {
|
||||||
# Start service with command to make sure it's up before proceeding
|
# Start service with command to make sure it's up before proceeding
|
||||||
start_service "jitsi" "nc -z 192.168.0.25 443 &> /dev/null" "8"
|
start_service "jitsi" "nc -z 192.168.0.25 443 &> /dev/null" "8"
|
||||||
# Allow multiple JVBs to connect
|
|
||||||
if [ "$JITSI_SCALE" = "client" ]; then
|
|
||||||
for i in $(seq 1 10); do
|
|
||||||
docker exec -ti jitsi-prosody-1 prosodyctl --config /config/prosody.cfg.lua register jvb$i auth.jitsiscale.federated.computer J17515cAl3-jvb
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
echo -ne "done.\n"
|
echo -ne "done.\n"
|
||||||
}
|
}
|
||||||
configsso_jitsi() {
|
configsso_jitsi() {
|
||||||
@ -830,7 +793,7 @@ configsso_jitsi() {
|
|||||||
JITSI_CLIENT_SECRET=$(create_password);
|
JITSI_CLIENT_SECRET=$(create_password);
|
||||||
#echo "$JITSI_CLIENT_SECRET" > /federated/apps/jitsi/.jitsiclient.secret
|
#echo "$JITSI_CLIENT_SECRET" > /federated/apps/jitsi/.jitsiclient.secret
|
||||||
#chmod 600 /federated/apps/jitsi/.jitsiclient.secret
|
#chmod 600 /federated/apps/jitsi/.jitsiclient.secret
|
||||||
JITSI_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $JITSI_CLIENT_SECRET | awk '{ print $2 }')
|
JITSI_CLIENT_SECRET_HASH=$(docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $JITSI_CLIENT_SECRET | awk '{ print $2 }')
|
||||||
|
|
||||||
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
||||||
### Jitsi
|
### Jitsi
|
||||||
@ -914,4 +877,6 @@ chmod 600 /federated/apps/jitsiopenid/.env
|
|||||||
run_command "/federated/bin/stop jitsi"
|
run_command "/federated/bin/stop jitsi"
|
||||||
run_command "/federated/bin/start jitsi"
|
run_command "/federated/bin/start jitsi"
|
||||||
run_command "/federated/bin/start jitsiopenid"
|
run_command "/federated/bin/start jitsiopenid"
|
||||||
|
|
||||||
|
echo -ne "done.\n"
|
||||||
}
|
}
|
||||||
|
|||||||
@ -77,7 +77,7 @@ echo -ne "done."
|
|||||||
}
|
}
|
||||||
start_listmonk() {
|
start_listmonk() {
|
||||||
# Install the database scheme first
|
# Install the database scheme first
|
||||||
docker compose -f /federated/apps/listmonk/docker-compose.yml run --rm listmonk ./listmonk --install --yes &> /dev/null
|
docker-compose -f /federated/apps/listmonk/docker-compose.yml run --rm listmonk ./listmonk --install --yes &> /dev/null
|
||||||
|
|
||||||
# Change app.root_url and other settings to our domain
|
# Change app.root_url and other settings to our domain
|
||||||
docker exec postgresql psql -U listmonk -c "update settings set value='\"http://listmonk.$DOMAIN\"' where key='app.root_url'" &> /dev/null
|
docker exec postgresql psql -U listmonk -c "update settings set value='\"http://listmonk.$DOMAIN\"' where key='app.root_url'" &> /dev/null
|
||||||
@ -176,7 +176,7 @@ uninstall_listmonk() {
|
|||||||
SPINPID=$!
|
SPINPID=$!
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/listmonk && docker compose -f docker-compose.yml -p listmonk down &> /dev/null
|
cd /federated/apps/listmonk && docker-compose -f docker-compose.yml -p listmonk down &> /dev/null
|
||||||
|
|
||||||
# Delete database and user in postgresql
|
# Delete database and user in postgresql
|
||||||
docker exec postgresql psql -U postgres -c "DROP DATABASE listmonk" &> /dev/null
|
docker exec postgresql psql -U postgres -c "DROP DATABASE listmonk" &> /dev/null
|
||||||
|
|||||||
16
lib/mail.sh
16
lib/mail.sh
@ -85,13 +85,13 @@ LDAP_SERVER_HOST=ldap://ldap.$DOMAIN
|
|||||||
LDAP_SEARCH_BASE=ou=people,dc=federatedcomputer,dc=cloud
|
LDAP_SEARCH_BASE=ou=people,dc=federatedcomputer,dc=cloud
|
||||||
LDAP_BIND_DN=cn=admin,dc=federatedcomputer,dc=cloud
|
LDAP_BIND_DN=cn=admin,dc=federatedcomputer,dc=cloud
|
||||||
LDAP_BIND_PW=$LDAP_SECRET
|
LDAP_BIND_PW=$LDAP_SECRET
|
||||||
LDAP_QUERY_FILTER_USER="(&(mail=%s)(mailEnabled=TRUE))"
|
LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
|
||||||
LDAP_QUERY_FILTER_GROUP="(&(mailGroupMember=%s)(mailEnabled=TRUE))"
|
LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE))
|
||||||
LDAP_QUERY_FILTER_ALIAS="(&(mailAlias=%s)(mailEnabled=TRUE))"
|
LDAP_QUERY_FILTER_ALIAS=(&(mailAlias=%s)(mailEnabled=TRUE))
|
||||||
LDAP_QUERY_FILTER_DOMAIN="(|(mail=*@%s)(mailAlias=*@%s))"
|
LDAP_QUERY_FILTER_DOMAIN=(|(mail=*@%s)(mailAlias=*@%s))
|
||||||
# DOVECOT
|
# DOVECOT
|
||||||
DOVECOT_PASS_FILTER="(&(objectClass=inetOrgPerson)(mail=%u))"
|
DOVECOT_PASS_FILTER=(&(objectClass=inetOrgPerson)(mail=%u))
|
||||||
DOVECOT_USER_FILTER="(&(objectClass=inetOrgPerson)(mail=%u))"
|
DOVECOT_USER_FILTER=(&(objectClass=inetOrgPerson)(mail=%u))
|
||||||
DOVECOT_USER_ATTRS=homeDirectory=home,=uid=5000,=gid=5000
|
DOVECOT_USER_ATTRS=homeDirectory=home,=uid=5000,=gid=5000
|
||||||
# SASLAUTHD
|
# SASLAUTHD
|
||||||
ENABLE_SASLAUTHD=1
|
ENABLE_SASLAUTHD=1
|
||||||
@ -100,7 +100,7 @@ SASLAUTHD_LDAP_SERVER=ldap://ldap.$DOMAIN
|
|||||||
SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=federatedcomputer,dc=cloud
|
SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=federatedcomputer,dc=cloud
|
||||||
SASLAUTHD_LDAP_PASSWORD=$LDAP_SECRET
|
SASLAUTHD_LDAP_PASSWORD=$LDAP_SECRET
|
||||||
SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=federatedcomputer,dc=cloud
|
SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=federatedcomputer,dc=cloud
|
||||||
SASLAUTHD_LDAP_FILTER="(&(objectClass=inetOrgPerson)(mail=%U@%r))"
|
SASLAUTHD_LDAP_FILTER=(&(objectClass=inetOrgPerson)(mail=%U@%r))
|
||||||
POSTMASTER_ADDRESS=postmaster@localhost.localdomain
|
POSTMASTER_ADDRESS=postmaster@localhost.localdomain
|
||||||
POSTFIX_MESSAGE_SIZE_LIMIT=100000000
|
POSTFIX_MESSAGE_SIZE_LIMIT=100000000
|
||||||
ENABLE_MANAGESIEVE=1
|
ENABLE_MANAGESIEVE=1
|
||||||
@ -302,7 +302,7 @@ uninstall_mail() {
|
|||||||
echo -ne "* Uninstalling mail container.."
|
echo -ne "* Uninstalling mail container.."
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/mail && docker compose -f docker-compose.yml -p mail down &> /dev/null
|
cd /federated/apps/mail && docker-compose -f docker-compose.yml -p mail down &> /dev/null
|
||||||
|
|
||||||
# Delete the app directory
|
# Delete the app directory
|
||||||
rm -rf /federated/apps/mail
|
rm -rf /federated/apps/mail
|
||||||
|
|||||||
@ -65,7 +65,7 @@ sed -i 's!args:!!g' /federated/apps/matrix/data/matrix/homeserver.yaml
|
|||||||
cat >> /federated/apps/matrix/data/matrix/homeserver.yaml <<EOF
|
cat >> /federated/apps/matrix/data/matrix/homeserver.yaml <<EOF
|
||||||
|
|
||||||
web_client_location: https://element.$DOMAIN/
|
web_client_location: https://element.$DOMAIN/
|
||||||
#public_baseurl: https://matrix.$DOMAIN:443/
|
public_baseurl: https://matrix.$DOMAIN/
|
||||||
serve_server_wellknown: true
|
serve_server_wellknown: true
|
||||||
turn_uris: [ "turn:turn.$DOMAIN?transport=udp", "turn:turn.$DOMAIN?transport=tcp" ]
|
turn_uris: [ "turn:turn.$DOMAIN?transport=udp", "turn:turn.$DOMAIN?transport=tcp" ]
|
||||||
turn_shared_secret: "$COTURN_MATRIX_SECRET"
|
turn_shared_secret: "$COTURN_MATRIX_SECRET"
|
||||||
@ -220,7 +220,7 @@ uninstall_matrix() {
|
|||||||
echo -ne "* Uninstalling matrix container.."
|
echo -ne "* Uninstalling matrix container.."
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/matrix && docker compose -f docker-compose.yml -p matrix down &> /dev/null
|
cd /federated/apps/matrix && docker-compose -f docker-compose.yml -p matrix down &> /dev/null
|
||||||
|
|
||||||
# Delete database and user in postgresql
|
# Delete database and user in postgresql
|
||||||
docker exec postgresql psql -U postgres -c "DROP DATABASE matrix" &> /dev/null
|
docker exec postgresql psql -U postgres -c "DROP DATABASE matrix" &> /dev/null
|
||||||
@ -253,7 +253,8 @@ configsso_matrix() {
|
|||||||
[[ $(grep "### Matrix" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Matrix configuration."
|
[[ $(grep "### Matrix" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Matrix configuration."
|
||||||
|
|
||||||
MATRIX_CLIENT_SECRET=$(create_password);
|
MATRIX_CLIENT_SECRET=$(create_password);
|
||||||
MATRIX_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $MATRIX_CLIENT_SECRET | awk '{ print $2 }')
|
MATRIX_CLIENT_SECRET_HASH=$(docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $MATRIX_CLIENT_SECRET | awk '{ print $2 }')
|
||||||
|
echo "$MATRIX_CLIENT_SECRET" > /federated/apps/matrix/.matrix.client.secret
|
||||||
|
|
||||||
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
||||||
### Matrix
|
### Matrix
|
||||||
@ -276,7 +277,7 @@ EOF
|
|||||||
run_command "/federated/bin/stop authelia"
|
run_command "/federated/bin/stop authelia"
|
||||||
run_command "/federated/bin/start authelia"
|
run_command "/federated/bin/start authelia"
|
||||||
|
|
||||||
add_authelia_config_to_dockercompose "$APP"
|
add_authelia_config_to_dockercompose "matrix"
|
||||||
|
|
||||||
cat >> /federated/apps/matrix/data/matrix/homeserver.yaml <<EOF
|
cat >> /federated/apps/matrix/data/matrix/homeserver.yaml <<EOF
|
||||||
oidc_providers:
|
oidc_providers:
|
||||||
|
|||||||
@ -87,7 +87,7 @@ uninstall_matrixsignal() {
|
|||||||
SPINPID=$!
|
SPINPID=$!
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/matrixsignal && docker compose -f docker-compose.yml -p matrixsignal down &> /dev/null
|
cd /federated/apps/matrixsignal && docker-compose -f docker-compose.yml -p matrixsignal down &> /dev/null
|
||||||
|
|
||||||
# Delete database and user in postgresql
|
# Delete database and user in postgresql
|
||||||
docker exec postgresql psql -U postgres -c "DROP DATABASE matrixsignal" &> /dev/null
|
docker exec postgresql psql -U postgres -c "DROP DATABASE matrixsignal" &> /dev/null
|
||||||
|
|||||||
@ -87,7 +87,7 @@ uninstall_matrixslack() {
|
|||||||
SPINPID=$!
|
SPINPID=$!
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/matrixslack && docker compose -f docker-compose.yml -p matrixslack down &> /dev/null
|
cd /federated/apps/matrixslack && docker-compose -f docker-compose.yml -p matrixslack down &> /dev/null
|
||||||
|
|
||||||
# Delete database and user in postgresql
|
# Delete database and user in postgresql
|
||||||
docker exec postgresql psql -U postgres -c "DROP DATABASE matrixslack" &> /dev/null
|
docker exec postgresql psql -U postgres -c "DROP DATABASE matrixslack" &> /dev/null
|
||||||
|
|||||||
@ -87,7 +87,7 @@ uninstall_matrixwhatsapp() {
|
|||||||
SPINPID=$!
|
SPINPID=$!
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/matrixwhatsapp && docker compose -f docker-compose.yml -p matrixwhatsapp down &> /dev/null
|
cd /federated/apps/matrixwhatsapp && docker-compose -f docker-compose.yml -p matrixwhatsapp down &> /dev/null
|
||||||
|
|
||||||
# Delete database and user in postgresql
|
# Delete database and user in postgresql
|
||||||
docker exec postgresql psql -U postgres -c "DROP DATABASE matrixwhatsapp" &> /dev/null
|
docker exec postgresql psql -U postgres -c "DROP DATABASE matrixwhatsapp" &> /dev/null
|
||||||
|
|||||||
@ -152,7 +152,7 @@ uninstall_msp() {
|
|||||||
SPINPID=$!
|
SPINPID=$!
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/msp && docker compose -f docker-compose.yml -p msp down &> /dev/null
|
cd /federated/apps/msp && docker-compose -f docker-compose.yml -p msp down &> /dev/null
|
||||||
|
|
||||||
# Delete the app directory
|
# Delete the app directory
|
||||||
rm -rf /federated/apps/msp
|
rm -rf /federated/apps/msp
|
||||||
|
|||||||
@ -316,7 +316,7 @@ uninstall_nextcloud() {
|
|||||||
echo -ne "* Uninstalling nextcloud container.."
|
echo -ne "* Uninstalling nextcloud container.."
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/nextcloud && docker compose -f docker-compose.yml -p nextcloud down &> /dev/null
|
cd /federated/apps/nextcloud && docker-compose -f docker-compose.yml -p nextcloud down &> /dev/null
|
||||||
|
|
||||||
# Delete database and user in postgresql
|
# Delete database and user in postgresql
|
||||||
docker exec postgresql psql -U postgres -c "DROP DATABASE nextcloud" &> /dev/null
|
docker exec postgresql psql -U postgres -c "DROP DATABASE nextcloud" &> /dev/null
|
||||||
@ -350,7 +350,8 @@ configsso_nextcloud() {
|
|||||||
[[ $(grep "### Nextcloud" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Nextcloud configuration."
|
[[ $(grep "### Nextcloud" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Nextcloud configuration."
|
||||||
|
|
||||||
NEXTCLOUD_CLIENT_SECRET=$(create_password);
|
NEXTCLOUD_CLIENT_SECRET=$(create_password);
|
||||||
NEXTCLOUD_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $NEXTCLOUD_CLIENT_SECRET | awk '{ print $2 }')
|
NEXTCLOUD_CLIENT_SECRET_HASH=$(docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $NEXTCLOUD_CLIENT_SECRET | awk '{ print $2 }')
|
||||||
|
echo "$NEXTCLOUD_CLIENT_SECRET" > /federated/apps/nextcloud/.nextcloud.client.secret
|
||||||
|
|
||||||
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
||||||
### Nextcloud
|
### Nextcloud
|
||||||
@ -373,7 +374,7 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
|||||||
token_endpoint_auth_method: 'client_secret_post'
|
token_endpoint_auth_method: 'client_secret_post'
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
add_authelia_config_to_dockercompose "$APP"
|
add_authelia_config_to_dockercompose "nextcloud"
|
||||||
|
|
||||||
# Restart Authelia for changes to take the above configuration
|
# Restart Authelia for changes to take the above configuration
|
||||||
run_command "/federated/bin/stop authelia"
|
run_command "/federated/bin/stop authelia"
|
||||||
|
|||||||
@ -53,7 +53,7 @@ PDNS_api=yes
|
|||||||
PDNS_api_key=$PDNS_APIKEY
|
PDNS_api_key=$PDNS_APIKEY
|
||||||
PDNSCONF_API_KEY=$PDNS_APIKEY
|
PDNSCONF_API_KEY=$PDNS_APIKEY
|
||||||
PDNS_webserver=yes
|
PDNS_webserver=yes
|
||||||
PDNS_webserver_allow_from=127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
|
PDNS_webserver-allow-from=127.0.0.1,10.0.0.0/8,172.0.0.0/8,192.0.0.0/24,192.168.0.0/16
|
||||||
PDNS_webserver_address=0.0.0.0
|
PDNS_webserver_address=0.0.0.0
|
||||||
PDNS_webserver_password=$PDNS_WEBSERVER_PASSWORD
|
PDNS_webserver_password=$PDNS_WEBSERVER_PASSWORD
|
||||||
PDNS_version_string=anonymous
|
PDNS_version_string=anonymous
|
||||||
|
|||||||
@ -63,7 +63,7 @@ uninstall_redis() {
|
|||||||
SPINPID=$!
|
SPINPID=$!
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/redis && docker compose -f docker-compose.yml -p redis down &> /dev/null
|
cd /federated/apps/redis && docker-compose -f docker-compose.yml -p redis down &> /dev/null
|
||||||
|
|
||||||
# Delete the app directory
|
# Delete the app directory
|
||||||
rm -rf /federated/apps/redis
|
rm -rf /federated/apps/redis
|
||||||
|
|||||||
@ -111,7 +111,7 @@ uninstall_roundcube() {
|
|||||||
echo -ne "* Uninstalling roundcube container.."
|
echo -ne "* Uninstalling roundcube container.."
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/roundcube && docker compose -f docker-compose.yml -p roundcube down &> /dev/null
|
cd /federated/apps/roundcube && docker-compose -f docker-compose.yml -p roundcube down &> /dev/null
|
||||||
|
|
||||||
# Delete database and user
|
# Delete database and user
|
||||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'drop database roundcube;'" &> /dev/null
|
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'drop database roundcube;'" &> /dev/null
|
||||||
@ -138,14 +138,14 @@ uninstall_roundcube() {
|
|||||||
echo -ne "done.\n"
|
echo -ne "done.\n"
|
||||||
}
|
}
|
||||||
configsso_roundcube() {
|
configsso_roundcube() {
|
||||||
echo -ne "* Configuring roundcube container with SSO.."
|
echo -ne "* Configuring matrix container with SSO.."
|
||||||
|
|
||||||
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
|
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
|
||||||
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
|
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
|
||||||
[[ $(grep "### Roundcube" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Roundcube configuration."
|
[[ $(grep "### Roundcube" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Roundcube configuration."
|
||||||
|
|
||||||
ROUNDCUBE_CLIENT_SECRET=$(create_password);
|
ROUNDCUBE_CLIENT_SECRET=$(create_password);
|
||||||
ROUNDCUBE_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $ROUNDCUBE_CLIENT_SECRET | awk '{ print $2 }')
|
ROUNDCUBE_CLIENT_SECRET_HASH=$(docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $ROUNDCUBE_CLIENT_SECRET | awk '{ print $2 }')
|
||||||
|
|
||||||
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
||||||
### Roundcube
|
### Roundcube
|
||||||
@ -170,7 +170,7 @@ EOF
|
|||||||
run_command "/federated/bin/start authelia"
|
run_command "/federated/bin/start authelia"
|
||||||
|
|
||||||
# Add in extra hosts config
|
# Add in extra hosts config
|
||||||
add_authelia_config_to_dockercompose "$APP"
|
add_authelia_config_to_dockercompose "roundcube"
|
||||||
add_authelia_config_to_dockercompose "mail"
|
add_authelia_config_to_dockercompose "mail"
|
||||||
|
|
||||||
sed -i "/?php/a \ \$config['oauth_provider'] = 'generic'; \n\
|
sed -i "/?php/a \ \$config['oauth_provider'] = 'generic'; \n\
|
||||||
|
|||||||
@ -101,11 +101,11 @@ start_traefik_old() {
|
|||||||
|
|
||||||
if [ $DEBUG ]; then
|
if [ $DEBUG ]; then
|
||||||
# Start /federated/apps/traefik with output to console for debug
|
# Start /federated/apps/traefik with output to console for debug
|
||||||
docker compose -f /federated/apps/traefik/docker-compose.yml -p traefik up
|
docker-compose -f /federated/apps/traefik/docker-compose.yml -p traefik up
|
||||||
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/traefik"
|
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/traefik"
|
||||||
else
|
else
|
||||||
# Start /federated/apps/traefik with output to /dev/null
|
# Start /federated/apps/traefik with output to /dev/null
|
||||||
docker compose -f /federated/apps/traefik/docker-compose.yml -p traefik up -d &> /dev/null
|
docker-compose -f /federated/apps/traefik/docker-compose.yml -p traefik up -d &> /dev/null
|
||||||
|
|
||||||
# Keep trying to see that certificates are generated
|
# Keep trying to see that certificates are generated
|
||||||
RETRY="20"
|
RETRY="20"
|
||||||
@ -120,7 +120,7 @@ start_traefik_old() {
|
|||||||
break
|
break
|
||||||
else
|
else
|
||||||
if [ "$RETRY" == 1 ]; then
|
if [ "$RETRY" == 1 ]; then
|
||||||
docker compose -f /federated/apps/traefik/docker-compose.yml -p traefik down &> /dev/null
|
docker-compose -f /federated/apps/traefik/docker-compose.yml -p traefik down &> /dev/null
|
||||||
fail "There was a problem starting service /federated/apps/traefik\nCheck the output of 'docker logs traefik' or turn on\ndebug with -d"
|
fail "There was a problem starting service /federated/apps/traefik\nCheck the output of 'docker logs traefik' or turn on\ndebug with -d"
|
||||||
fi
|
fi
|
||||||
((RETRY--))
|
((RETRY--))
|
||||||
|
|||||||
@ -81,7 +81,7 @@ uninstall_vaultwarden() {
|
|||||||
SPINPID=$!
|
SPINPID=$!
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/vaultwarden && docker compose -f docker-compose.yml -p vaultwarden down &> /dev/null
|
cd /federated/apps/vaultwarden && docker-compose -f docker-compose.yml -p vaultwarden down &> /dev/null
|
||||||
|
|
||||||
# Delete database and user in postgresql
|
# Delete database and user in postgresql
|
||||||
docker exec postgresql psql -U postgres -c "DROP DATABASE vaultwarden" &> /dev/null
|
docker exec postgresql psql -U postgres -c "DROP DATABASE vaultwarden" &> /dev/null
|
||||||
|
|||||||
@ -138,7 +138,7 @@ uninstall_wireguard() {
|
|||||||
SPINPID=$!
|
SPINPID=$!
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/wireguard && docker compose -f docker-compose.yml -p wireguard down &> /dev/null
|
cd /federated/apps/wireguard && docker-compose -f docker-compose.yml -p wireguard down &> /dev/null
|
||||||
|
|
||||||
# Delete the app directory
|
# Delete the app directory
|
||||||
rm -rf /federated/apps/wireguard
|
rm -rf /federated/apps/wireguard
|
||||||
|
|||||||
@ -173,7 +173,7 @@ uninstall_wordpress() {
|
|||||||
echo -ne "* Uninstalling wordpress container.."
|
echo -ne "* Uninstalling wordpress container.."
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/wordpress && docker compose -f docker-compose.yml -p wordpress down &> /dev/null
|
cd /federated/apps/wordpress && docker-compose -f docker-compose.yml -p wordpress down &> /dev/null
|
||||||
|
|
||||||
# Delete database and user
|
# Delete database and user
|
||||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'drop database wordpress;'" &> /dev/null
|
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'drop database wordpress;'" &> /dev/null
|
||||||
@ -207,7 +207,7 @@ configsso_wordpress() {
|
|||||||
[[ $(grep "### Wordpress" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Wordpress configuration."
|
[[ $(grep "### Wordpress" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Wordpress configuration."
|
||||||
|
|
||||||
WORDPRESS_CLIENT_SECRET=$(create_password);
|
WORDPRESS_CLIENT_SECRET=$(create_password);
|
||||||
WORDPRESS_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $WORDPRESS_CLIENT_SECRET | awk '{ print $2 }')
|
WORDPRESS_CLIENT_SECRET_HASH=$(docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $WORDPRESS_CLIENT_SECRET | awk '{ print $2 }')
|
||||||
|
|
||||||
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
||||||
### Wordpress
|
### Wordpress
|
||||||
@ -232,7 +232,7 @@ EOF
|
|||||||
run_command "/federated/bin/stop authelia"
|
run_command "/federated/bin/stop authelia"
|
||||||
run_command "/federated/bin/start authelia"
|
run_command "/federated/bin/start authelia"
|
||||||
|
|
||||||
add_authelia_config_to_dockercompose "$APP"
|
add_authelia_config_to_dockercompose "wordpress"
|
||||||
|
|
||||||
sed -i "/Add any custom values/a \
|
sed -i "/Add any custom values/a \
|
||||||
define( 'OIDC_CLIENT_ID', 'wordpress' );\n\
|
define( 'OIDC_CLIENT_ID', 'wordpress' );\n\
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user