diff --git a/bin/convertdomain.bcksaint20250113 b/bin/convertdomain.bcksaint20250113 index cff5c04..adec0b8 100644 --- a/bin/convertdomain.bcksaint20250113 +++ b/bin/convertdomain.bcksaint20250113 @@ -1,187 +1,1044 @@ -#!/bin/bash +#!/bin/bash -x # -# Listmonk Service -PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +# Federated Convert Domain +# +# Converts Federated Core services +# From: customer.federatedcomputer.cloud +# To: domain.com +# +# Assumes all services are currently running +. /federated/lib/functions.sh . /etc/federated -get_appvars -config_listmonk() { - echo -ne "* Configuring listmonk container.." - if [ ! -d "/federated/apps/listmonk" ]; then - mkdir -p /federated/apps/listmonk/data/listmonk/static /federated/apps/listmonk/data/listmonk/uploads +check_gluerecords() { + echo -ne "\n* Checking glue records for $DOMAIN_NEW.." + NS_PARENT="$(dig @8.8.8.8 +short NS "$DOMAIN_LAST." | head -n 1)" + CHECK_NS1=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep NS | grep -i ns1.$DOMAIN_NEW` + [ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative NS record ns1.$DOMAIN_NEW" + CHECK_NS2=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep NS | grep -i ns2.$DOMAIN_NEW` + [ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative NS record ns2.$DOMAIN_NEW" + CHECK_A1=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep A | grep -i ns1.$DOMAIN_NEW | grep $EXTERNALIP` + [ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative A record ns1.$DOMAIN_NEW to $EXTERNALIP" + CHECK_A2=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep A | grep -i ns2.$DOMAIN_NEW | grep $EXTERNALIP` + [ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative A record ns2.$DOMAIN_NEW to $EXTERNALIP" + echo -ne "done." +} +do_serviceprep() { + # Create DNS records for newdomain + docker exec pdns pdnsutil create-zone $DOMAIN_NEW + docker exec pdns pdnsutil set-kind $DOMAIN_NEW native + docker exec pdns pdnsutil set-meta $DOMAIN_NEW SOA-EDIT-API DEFAULT + for i in ns1 ns2 powerdns traefik mail www computer panel nextcloud collabora jitsi matrix element listmonk vaultwarden vpn wireguard baserow gitea blog documentation podcasts castopod caddy wordpress bookstack freescout msp espocrm dashboard; do + docker exec pdns pdnsutil add-record $DOMAIN_NEW $i A 86400 $EXTERNALIP + done + docker exec pdns pdnsutil add-record $DOMAIN_NEW @ NS ns1.$DOMAIN_NEW + docker exec pdns pdnsutil add-record $DOMAIN_NEW @ NS ns2.$DOMAIN_NEW + docker exec pdns pdnsutil add-record $DOMAIN_NEW @ MX 86400 "10 mail.$DOMAIN_NEW" + docker exec pdns pdnsutil add-record $DOMAIN_NEW @ TXT 86400 "\"v=spf1 mx a:$DOMAIN_NEW ~all\"" + docker exec pdns pdnsutil add-record $DOMAIN_NEW \* CNAME 86400 www.$DOMAIN_NEW + docker exec pdns pdnsutil add-record $DOMAIN_NEW @ A 86400 $EXTERNALIP + # Set SMTP user based on if fcore exists + [[ $(docker exec ldap slapcat | grep fcore) ]] && SMTPUSER="fcore" || SMTPUSER="admin" + # Other pre-prep service stuff + docker exec -u 33 nextcloud /var/www/html/occ -vv ldap:delete-config s01 + docker exec -u 33 nextcloud /var/www/html/occ app:disable user_ldap + docker exec ldap bash -c "slapcat > /root/convertdomain.ldif" + # Remove first lines of ldap config, replace dc= with new domain, replace domain name + sed -n '/^dn: ou=people,dc=federatedcomputer,dc=cloud$/,$p' /federated/apps/ldap/data/root/convertdomain.ldif > /federated/apps/ldap/data/root/convertdomain1.ldif + if [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then + sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_MIDDLE,dc=$DOMAIN_LAST#g" /federated/apps/ldap/data/root/convertdomain1.ldif + else + sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/ldap/data/root/convertdomain1.ldif fi - LISTMONK_SECRET=$(create_password) -cat > /federated/apps/listmonk/docker-compose.yml < /dev/null" + echo -ne "done." +} +convert_pdns() { + #### Convert PowerDNS pdns + echo -ne "\n* Converting pdns.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/pdns/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/pdns/.env + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/pdns/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "pdns" "nc -z ${SERVICE_IP} 8081 &> /dev/null" + echo -ne "done." +} +convert_pdnsadmin() { + #### Convert PowerDNS pdnsadmin + echo -ne "\n* Converting pdnsadmin.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/pdnsadmin/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/pdnsadmin/.env + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/pdnsadmin/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "pdnsadmin" "nc -z ${SERVICE_IP} 9494 &> /dev/null" + MYSQL_ROOTPASSWORD=`cat /federated/apps/pdnsmysql/.env | grep MYSQL_ROOT_PASSWORD | awk -F= '{ print $2 }'` + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdns -e \"update user set username='admin@$DOMAIN_NEW' where id='1';\"" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdns -e \"update user set email='admin@$DOMAIN_NEW' where id='1';\"" + echo -ne "done." +} +convert_traefik() { + #### Convert Traefik + echo -ne "\n* Converting traefik. Waiting 60s first for dns.." + sleep 60 + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/traefik/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/traefik/.env + rm -rf /federated/apps/traefik/data/letsencrypt/acme.json + # Start Traefik + docker compose -f /federated/apps/traefik/docker-compose.yml -p traefik up -d &> /dev/null + # Keep trying to see that certificates are generated + RETRY="20" + while [ $RETRY -gt 0 ]; do + traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/acme.json --dest /federated/certs &> /dev/null + # Check if certs are generated + ls /federated/certs/private/$DOMAIN_NEW.key /federated/certs/certs/$DOMAIN_NEW.crt &> /dev/null + if [ $? -eq 0 ]; then + break + else + if [ "$RETRY" == 1 ]; then + docker compose -f /federated/apps/traefik/docker-compose.yml -p traefik down &> /dev/null + failcheck "There was a problem starting service /federated/apps/traefik\nCheck the output of 'docker logs traefik'" + fi + ((RETRY--)) + sleep 9 + fi + done + echo -ne "done." +} +convert_postgresql() { + #### Convert Postgresql + echo -ne "\n* Converting postgresql.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/postgresql/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/postgresql/.env + cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/apps/postgresql/data/var/lib/postgresql/server.crt + cp /federated/certs/private/$DOMAIN_NEW.key /federated/apps/postgresql/data/var/lib/postgresql/server.key + chown 999 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key + chmod 600 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/postgresql/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "postgresql" "nc -z ${SERVICE_IP} 5432 &> /dev/null" + echo -ne "done." +} +convert_ldap() { + #### Convert LDAP + echo -ne "\n* Converting ldap.." + + # Remove LDAP files so we can start clean + rm -rf /federated/apps/ldap/data/var/lib/ldap/* + rm -rf /federated/apps/ldap/data/etc/ldap/slapd.d/* + rm -rf /federated/apps/ldap/data/root/.ldaprc + rm -rf /federated/apps/ldap/data/certs/dhparam.pem + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/ldap/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/ldap/.env + sed -i "s#LDAP_DOMAIN=.*#LDAP_DOMAIN=$DOMAIN_NEW#g" /federated/apps/ldap/.env + sed -i "s#LDAP_ORGANISATION=.*#LDAP_ORGANISATION=$ORG_NEW#g" /federated/apps/ldap/.env + cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/certs/private/$DOMAIN_NEW.key /federated/apps/ldap/data/certs/ + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/ldap/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "ldap" "nc -z $SERVICE_IP 636 &> /dev/null" + # This imports the modified LDAP configuration above + docker exec ldap bash -c "slapadd -v -l /root/convertdomain1.ldif" +# [ $? -ne 0 ] && failcheck "Couldn't slapadd convertdomain1.ldif inside ldap container" + echo -ne "done." +} +convert_mail() { + #### Convert Mail + echo -ne "\n* Converting mail.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/mail/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/mail/.env + cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/certs/private/$DOMAIN_NEW.key /federated/apps/mail/data/root/certs/ + + if [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then + sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_MIDDLE,dc=$DOMAIN_LAST#g" /federated/apps/mail/.env + else + sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/mail/.env + fi + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/mail/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "mail" "nc -z $SERVICE_IP 25 &> /dev/null" + # Generate the DKIM DNS key for new domain + docker exec mail setup config dkim keysize 2048 domain $DOMAIN_NEW &> /dev/null + [ $? -ne 0 ] && fail "Couldn't generate DKIM record" + # Insert the DKIM DNS TXT entry into /federated/apps/pdns container + DKIM_RECORD_STRIP=`cat /federated/apps/mail/data/tmp/docker-mailserver/opendkim/keys/$DOMAIN_NEW/mail.txt | sed 's/.*(//'` + DKIM_RECORD=`echo $DKIM_RECORD_STRIP | sed 's/).*//'` + docker exec pdns pdnsutil add-record $DOMAIN_NEW mail._domainkey TXT 86400 "$DKIM_RECORD" &> /dev/null + [ $? -ne 0 ] && fail "Couldn't insert DKIM record into /federated/apps/pdns container" + # Insert the DMARC DNS TXT entry into /federated/apps/pdns container + docker exec pdns pdnsutil add-record $DOMAIN_NEW _dmarc TXT 86400 "\"v=DMARC1; p=quarantine; rua=mailto:admin@$DOMAIN_NEW; ruf=mailto:admin@$DOMAIN_NEW; sp=none; ri=86400\"" &> /dev/null + [ $? -ne 0 ] && fail "Couldn't insert DMARC record into /federated/apps/pdns container" + # Stop and Start mail to reload DKIM + /federated/bin/stop mail &> /dev/null + /federated/bin/start mail &> /dev/null + echo -ne "done." +} +convert_collabora() { + #### Convert Collabora + echo -ne "\n* Converting collabora.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/collabora/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/collabora/.env + cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/certs/private/$DOMAIN_NEW.key /federated/apps/collabora/data/root/certs/ + chown 104 /federated/apps/collabora/data/root/certs/* + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/collabora/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "collabora" "nc -z $SERVICE_IP 9980 &> /dev/null" + echo -ne "done." +} +convert_nextcloud() { + #### Convert Nextcloud + echo -ne "\n* Converting nextcloud.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/nextcloud/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/nextcloud/.env + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/nextcloud/data/var/www/html/config/config.php + # Make new nextcloud config + cat > /federated/apps/nextcloud/data/configs.json < /federated/apps/nextcloud/data/config.sh < /federated/apps/nextcloud/data/config.sh < /dev/null" + # Move config.sh and sidemenu config, set config.sh executable + mv /federated/apps/nextcloud/data/config.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/ + docker exec nextcloud chown www-data:root /var/www/html/config.sh /var/www/html/configs.json + docker exec nextcloud chmod 755 /var/www/html/config.sh + [ $? -ne 0 ] && fail "Couldn't chown config.sh in /federated/apps/nextcloud container" + # Run config.sh - Setup LDAP, configuration for nextcloud + docker exec -u 33 nextcloud /var/www/html/config.sh &> /dev/null + [ $? -ne 0 ] && fail "Couldn't run config.sh inside /federated/apps/nextcloud container" + # Add admin user to group + # Have to do it this many times so it will query LDAP and populate admin user first + docker exec -u 33 nextcloud /var/www/html/occ ldap:search admin + docker exec -u 33 nextcloud /var/www/html/occ group:list + docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin + docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin + docker exec -u 33 nextcloud /var/www/html/occ group:list + # Config admin email + docker exec -u 33 nextcloud bash -c "/var/www/html/occ mail:account:create admin admin admin@$DOMAIN_NEW mail.$DOMAIN_NEW 993 ssl admin@$DOMAIN_NEW $ADMINPASS mail.$DOMAIN_NEW 465 ssl admin@$DOMAIN_NEW $ADMINPASS password" + # Remove configs + rm /federated/apps/nextcloud/data/var/www/html/config.sh /federated/apps/nextcloud/data/var/www/html/configs.json + # Configure SSO to Authelia + NEXTCLOUD_CLIENT_SECRET=$(cat /federated/apps/nextcloud/.nextcloud.client.secret) + docker exec -u 33 nextcloud /var/www/html/occ user_oidc:provider:delete Authelia -f + docker exec -u 33 nextcloud /var/www/html/occ config:system:set allow_local_remote_servers --value=true + docker exec -u 33 nextcloud /var/www/html/occ app:enable user_oidc + docker exec -u 33 nextcloud /var/www/html/occ config:system:set --value=true --type=boolean user_oidc use_pkce + docker exec -u 33 nextcloud /var/www/html/occ user_oidc:provider Authelia --clientid="nextcloud" --clientsecret="$NEXTCLOUD_CLIENT_SECRET" --discoveryuri="https://authelia.$DOMAIN_NEW/.well-known/openid-configuration" --mapping-uid=name --endsessionendpointuri=https://authelia.$DOMAIN_NEW/logout + docker exec -u 33 nextcloud /var/www/html/occ ldap:set-config s01 ldapLoginFilter '(&(|(objectclass=inetOrgPerson))(uid=%uid))' + echo -ne "done." +} +convert_matrix() { + #### Convert Matrix + echo -ne "\n* Converting matrix.." + # Delete matrix database so we can start from scratch + MATRIX_SECRET=$(create_password); + COTURN_MATRIX_SECRET=$(create_password); + docker exec postgresql psql -U postgres -c "drop database matrix" &> /dev/null + docker exec postgresql psql -U postgres -c "drop user matrix" &> /dev/null + docker exec postgresql psql -U postgres -c "CREATE USER matrix WITH PASSWORD '$MATRIX_SECRET'" + docker exec postgresql psql -U postgres -c "CREATE DATABASE matrix" + docker exec postgresql psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix" + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/matrix/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/matrix/.env + rm -rf /federated/apps/matrix/data + mkdir -p /federated/apps/matrix/data/matrix + cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/certs/private/$DOMAIN_NEW.key /federated/apps/matrix/data/matrix/ + chmod 644 /federated/apps/matrix/data/matrix/$DOMAIN_NEW.crt /federated/apps/matrix/data/matrix/$DOMAIN_NEW.key + chown -R 991:991 /federated/apps/matrix/data/matrix + # Generate the matrix homeserver.yaml file + docker run --rm -v "/federated/apps/matrix/data/matrix:/data" -e SYNAPSE_SERVER_NAME=matrix.$DOMAIN_NEW -e SYNAPSE_REPORT_STATS=yes matrixdotorg/synapse:latest generate &> /dev/null + [ $? -ne 0 ] && fail "Couldn't run docker matrixdotorg/synapse:latest generate" + # Take out default Sqlite database config + sed -i 's!database: /data/homeserver.db!!g' /federated/apps/matrix/data/matrix/homeserver.yaml + sed -i 's!database:!!g' /federated/apps/matrix/data/matrix/homeserver.yaml + sed -i 's!name: sqlite3!!g' /federated/apps/matrix/data/matrix/homeserver.yaml + sed -i 's!args:!!g' /federated/apps/matrix/data/matrix/homeserver.yaml + # Insert our Postgres and LDAP config +cat >> /federated/apps/matrix/data/matrix/homeserver.yaml <" + app_name: $ORG_NEW Matrix Server +modules: + - module: "ldap_auth_provider.LdapAuthProviderModule" + config: + enabled: true + uri: "ldaps://ldap.$DOMAIN_NEW:636" + start_tls: true + base: "dc=federatedcomputer,dc=cloud" + attributes: + mail: "mail" + uid: "uid" + name: "givenName" + bind_dn: cn=admin,dc=federatedcomputer,dc=cloud + bind_password: $LDAP_SECRET + tls_options: + validate: true + local_certificate_file: /data/$DOMAIN_NEW.crt + local_private_key_file: /data/$DOMAIN_NEW.key +EOF + if [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then + sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_MIDDLE,dc=$DOMAIN_LAST#g" /federated/apps/matrix/data/matrix/homeserver.yaml + else + sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/matrix/data/matrix/homeserver.yaml + fi + chown -R 991:991 /federated/apps/matrix/data/matrix +# sed -i "s#server_name: \"matrix.$DOMAIN\"#server_name: \"matrix.$DOMAIN_NEW\"#g" /federated/apps/matrix/data/matrix/homeserver.yaml +# sed -i "s#smtp_host: \"mail.$DOMAIN\"#smtp_host: \"mail.$DOMAIN_NEW\"#g" /federated/apps/matrix/data/matrix/homeserver.yaml +# sed -i "s#notif_from:.*#notif_from: \"Your Friendly %(app)s homeserver \"#g" /federated/apps/matrix/data/matrix/homeserver.yaml +# sed -i "s#app_name:.*#app_name: $ORG_NEW Matrix Server#g" /federated/apps/matrix/data/matrix/homeserver.yaml +# sed -i "s#postgresql.$DOMAIN#postgresql.$DOMAIN_NEW#g" /federated/apps/matrix/data/matrix/homeserver.yaml +# sed -i "s#ldap.$DOMAIN#ldap.$DOMAIN_NEW#g" /federated/apps/matrix/data/matrix/homeserver.yaml +# sed -i "s#$DOMAIN.crt#$DOMAIN_NEW.crt#g" /federated/apps/matrix/data/matrix/homeserver.yaml +# sed -i "s#$DOMAIN.key#$DOMAIN_NEW.key#g" /federated/apps/matrix/data/matrix/homeserver.yaml + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/matrix/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "matrix" "nc -z $SERVICE_IP 8008 &> /dev/null" + chown -R 991:991 /federated/apps/matrix/data/matrix + # Set admin user as admin in Matrix + docker exec postgresql psql -U matrix -c "update users set admin='1' where name='\"@admin:matrix.$DOMAIN_NEW\"'" &> /dev/null + # Configure SSO to Authelia + MATRIX_CLIENT_SECRET=$(cat /federated/apps/matrix/.matrix.client.secret) +cat >> /federated/apps/matrix/data/matrix/homeserver.yaml < /dev/null" + echo -ne "done." +} +convert_listmonk() { + #### Convert Listmonk + echo -ne "\n* Converting listmonk.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/listmonk/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/listmonk/.env + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/listmonk/data/listmonk/config.toml + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/listmonk/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "listmonk" "nc -z $SERVICE_IP 9000 &> /dev/null" + # Change app.root_url and other settings to our domain + docker exec postgresql psql -U listmonk -c "update settings set value='\"http://listmonk.$DOMAIN_NEW\"' where key='app.root_url'" &> /dev/null + docker exec postgresql psql -U listmonk -c "update settings set value='\"listmonk \"' where key='app.from_email'" &> /dev/null + docker exec postgresql psql -U listmonk -c "update settings set value='[{\"host\": \"mail.$DOMAIN_NEW\", \"port\": 587, \"enabled\": true, \"password\": \"$ADMINPASS\", \"tls_type\": \"STARTTLS\", \"username\": \"$SMTPUSER\", \"max_conns\": 10, \"idle_timeout\": \"15s\", \"wait_timeout\": \"5s\", \"auth_protocol\": \"login\", \"email_headers\": [], \"hello_hostname\": \"\", \"max_msg_retries\": 2, \"tls_skip_verify\": false}, {\"host\": \"smtp.gmail.com\", \"port\": 465, \"enabled\": false, \"password\": \"password\", \"tls_type\": \"TLS\", \"username\": \"username@gmail.com\", \"max_conns\": 10, \"idle_timeout\": \"15s\", \"wait_timeout\": \"5s\", \"auth_protocol\": \"login\", \"email_headers\": [], \"hello_hostname\": \"\", \"max_msg_retries\": 2, \"tls_skip_verify\": false}]' where key='smtp';" &> /dev/null + echo -ne "done." +} +convert_vaultwarden() { + #### Convert Vaultwarden + echo -ne "\n* Converting vaultwarden.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/vaultwarden/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/vaultwarden/.env + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/vaultwarden/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "vaultwarden" "nc -z $SERVICE_IP 80 &> /dev/null" + echo -ne "done." +} +convert_panel() { + #### Convert Panel + echo -ne "\n* Converting panel.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/panel/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/panel/.env + if [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then + sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_MIDDLE,dc=$DOMAIN_LAST#g" /federated/apps/panel/.env + else + sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/panel/.env + fi + sed -i "s#SITE_NAME=.*#SITE_NAME=$ORG_NEW Panel#g" /federated/apps/panel/.env + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/panel/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "panel" "nc -z $SERVICE_IP 80 &> /dev/null" + echo -ne "done." +} +convert_wireguard() { + #### Convert Wireguard + echo -ne "\n* Converting wireguard.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wireguard/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wireguard/.env + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wireguard/data/config/.donoteditthisfile + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wireguard/data/config/peer1/peer1.conf + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wireguard/data/config/coredns/Corefile + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/wireguard/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "wireguard" "nc -uvz $SERVICE_IP 51820 &> /dev/null" + echo -ne "done." +} +convert_jitsi() { + #### Convert Jitsi + echo -ne "\n* Converting jitsi.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/jitsi/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/jitsi/.env + if [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then + sed -i "s#DC=federatedcomputer,DC=cloud#DC=$DOMAIN_FIRST,DC=$DOMAIN_MIDDLE,DC=$DOMAIN_LAST#g" /federated/apps/jitsi/.env + else + sed -i "s#DC=federatedcomputer,DC=cloud#DC=$DOMAIN_FIRST,DC=$DOMAIN_LAST#g" /federated/apps/jitsi/.env + fi + start_service_convert "jitsi" "nc -z 192.168.0.25 443 &> /dev/null" + echo -ne "done." +} +convert_baserow() { + #### Convert Baserow + echo -ne "\n* Converting baserow.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/baserow/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/baserow/.env + docker exec postgresql bash -c "psql -U baserow -c \"update auth_user set username='admin@$DOMAIN_NEW' where username='admin@$DOMAIN'\"" &> /dev/null + [ $? -ne 0 ] && fail "Couldn't update auth_user table in baserow" + docker exec postgresql bash -c "psql -U baserow -c \"update auth_user set email='admin@$DOMAIN_NEW' where email='admin@$DOMAIN'\"" &> /dev/null + [ $? -ne 0 ] && fail "Couldn't update auth_user table in baserow" + start_service_convert "baserow" "docker exec baserow curl http://localhost:8000 &> /dev/null" + echo -ne "done." +} +convert_gitea() { + #### Convert Gitea + echo -ne "\n* Converting gitea.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/gitea/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/gitea/.env + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/gitea/data/data/gitea/conf/app.ini + # Replace users in Gitea postgres database with new domain name + for i in `docker exec postgresql bash -c "psql -U gitea -t -c 'select * from email_address;' | grep $DOMAIN" | awk -F\@ '{ print $1 }' | awk '{ print $5 }'`; do + USER="$i"; + docker exec postgresql bash -c "psql -U gitea -c \"update email_address set email='$USER@$DOMAIN_NEW' where email='$USER@$DOMAIN'\"" + docker exec postgresql bash -c "psql -U gitea -c \"update email_address set lower_email='$USER@$DOMAIN_NEW' where lower_email='$USER@$DOMAIN'\"" + done + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/gitea/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "gitea" "nc -z $SERVICE_IP 3000 &> /dev/null" + # Delete the current admin and create the admin user with new domain name + docker exec --user 1000 gitea bash -c "gitea admin user delete --id 1" + docker exec --user 1000 gitea gitea admin user create --admin --username gitea --password $ADMINPASS --email admin@$DOMAIN_NEW + # Configure SSO to Authelia + GITEA_CLIENT_SECRET=$(cat /federated/apps/gitea/.gitea.client.secret) + GITEA_AUTH_ID=$(docker exec --user 1000 gitea gitea admin auth list | tail -1 | awk '{ print $1 }') + docker exec --user 1000 gitea gitea admin auth delete --id ${GITEA_AUTH_ID} + docker exec --user 1000 gitea gitea admin auth add-oauth --name "Authelia" --provider "openidConnect" --key "gitea" --secret "$GITEA_CLIENT_SECRET" --auto-discover-url "https://authelia.$DOMAIN_NEW/.well-known/openid-configuration" --skip-local-2fa "true" --scopes "openid email profile" --group-claim-name "groups" --admin-group "admin" --restricted-group "guest" + echo -ne "done." +} +convert_caddy() { + #### Convert Caddy + echo -ne "\n* Converting caddy.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/caddy/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/caddy/.env + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/caddy/data/etc/caddy/Caddyfile + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/caddy/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "caddy" "nc -z $SERVICE_IP 80 &> /dev/null" + echo -ne "done." +} +convert_castopod() { + #### Convert Castopod + echo -ne "\n* Converting castopod.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/castopod/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/castopod/.env + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/castopod/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "castopod" "nc -z $SERVICE_IP 8000 &> /dev/null" + MYSQL_ROOTPASSWORD=`cat /federated/apps/pdnsmysql/.env | grep MYSQL_ROOT_PASSWORD | awk -F= '{ print $2 }'` + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD castopod -e \"update cp_auth_identities set secret='admin@$DOMAIN_NEW' where id='1';\"" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD castopod -e \"update cp_users set username='admin@$DOMAIN_NEW' where id='1';\"" + echo -ne "done." +} +convert_autodiscover() { + #### Convert Autodiscover + echo -ne "\n* Converting autodiscover.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/autodiscover/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/autodiscover/.env + sed -i "s#COMPANY_NAME=.*#COMPANY_NAME=$ORG_NEW#g" /federated/apps/autodiscover/.env + # Add DNS records for auto discovery + docker exec pdns pdnsutil add-record $DOMAIN_NEW autoconfig A 86400 $EXTERNALIP + [ $? -ne 0 ] && fail "Couldn't add dns record for auto discovery" + docker exec pdns pdnsutil add-record $DOMAIN_NEW autodiscover A 86400 $EXTERNALIP + [ $? -ne 0 ] && fail "Couldn't add dns record for auto discovery" + docker exec pdns pdnsutil add-record $DOMAIN_NEW @ TXT 86400 "\"mailconf=https://autoconfig.$DOMAIN_NEW/mail/config-v1.1.xml\"" + [ $? -ne 0 ] && fail "Couldn't add dns record for auto discovery" + docker exec pdns pdnsutil add-record $DOMAIN_NEW _imaps._tcp SRV 86400 "0 0 993 mail.$DOMAIN_NEW" + [ $? -ne 0 ] && fail "Couldn't add dns record for auto discovery" + docker exec pdns pdnsutil add-record $DOMAIN_NEW _pop3s._tcp SRV 86400 "0 0 995 mail.$DOMAIN_NEW" + [ $? -ne 0 ] && fail "Couldn't add dns record for auto discovery" + docker exec pdns pdnsutil add-record $DOMAIN_NEW _imaps._tcp SRV 86400 "0 0 993 mail.$DOMAIN_NEW" + [ $? -ne 0 ] && fail "Couldn't add dns record for auto discovery" + docker exec pdns pdnsutil add-record $DOMAIN_NEW _submission._tcp SRV 86400 "0 0 587 $DOMAIN_NEW" + [ $? -ne 0 ] && fail "Couldn't add dns record for auto discovery" + docker exec pdns pdnsutil add-record $DOMAIN_NEW _autodiscover._tcp SRV 86400 "0 0 443 autodiscover.$DOMAIN_NEW" + [ $? -ne 0 ] && fail "Couldn't add dns record for auto discovery" + docker exec pdns pdnsutil add-record $DOMAIN_NEW _ldap._tcp SRV 86400 "0 0 636 ldap.$DOMAIN_NEW" + [ $? -ne 0 ] && fail "Couldn't add dns record for auto discovery" + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/autodiscover/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "autodiscover" "nc -z $SERVICE_IP 8000 &> /dev/null" + echo -ne "done." +} +convert_wordpress() { + #### Convert Wordpress + echo -ne "\n* Converting wordpress.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wordpress/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wordpress/.env + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wordpress/data/bitnami/wordpress/wp-config.php + sed -i "s#WORDPRESS_BLOG_NAME=.*#WORDPRESS_BLOG_NAME=$ORG_NEW#g" /federated/apps/wordpress/.env + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD wordpress -e \"update wp_users set user_login='admin@$DOMAIN_NEW' where ID='1';\"" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD wordpress -e \"update wp_users set user_email='admin@$DOMAIN_NEW' where ID='1';\"" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD wordpress -e \"update wp_usermeta set meta_value='admin@$DOMAIN_NEW' where meta_value='admin@$DOMAIN';\"" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD wordpress -e \"update wp_users set display_name='admin@$DOMAIN_NEW' where ID='1';\"" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD wordpress -e \"update wp_options set option_value = '$ORG_NEW Blog' where option_name = 'blogname';\"" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD wordpress -e \"update wp_options set option_value = 'admin@$DOMAIN_NEW' where option_name = 'admin_email';\"" + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/wordpress/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "wordpress" "nc -z $SERVICE_IP 8080 &> /dev/null" + echo -ne "done." +} +convert_coturn() { + #### Convert Coturn + echo -ne "\n* Converting coturn.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/coturn/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/coturn/.env + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/coturn/data/etc/turnserver.conf + sed -i "s#static-auth-secret=.*#static-auth-secret=$COTURN_MATRIX_SECRET#g" /federated/apps/coturn/data/etc/turnserver.conf + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/coturn/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "coturn" "nc -z $SERVICE_IP 3478 &> /dev/null" + echo -ne "done." +} +convert_bookstack() { + #### Convert Bookstack + echo -ne "\n* Converting bookstack.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/bookstack/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/bookstack/.env + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/bookstack/data/config/www/.env + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD bookstack -e \"update users set email='admin@$DOMAIN_NEW' where id = 1;\"" + # Setup external_auth_id for each user in bookstack users table + BOOKSTACK_SECRET=$(cat /federated/apps/bookstack/.env | grep "DB_PASS" | awk -F= '{ print $2 }') +# for i in $(docker exec pdnsmysql mysql -ubookstack -p${BOOKSTACK_SECRET} bookstack -sN -e "select email from users;"); do +# docker exec pdnsmysql mysql -ubookstack -p${BOOKSTACK_SECRET} bookstack -e "update users set external_auth_id = '$i' where email = '$i'"; +# done + for i in $(docker exec pdnsmysql mysql -ubookstack -p${BOOKSTACK_SECRET} bookstack -sN -e "select name from users;"); do + NAME_LOWERCASE=$(echo "$i" | tr '[:upper:]' '[:lower:]'); + docker exec pdnsmysql mysql -ubookstack -p${BOOKSTACK_SECRET} bookstack -sN -e "update users set email = '$NAME_LOWERCASE@$DOMAIN_NEW' where name = '$i';"; + docker exec pdnsmysql mysql -ubookstack -p${BOOKSTACK_SECRET} bookstack -sN -e "update users set external_auth_id = '$NAME_LOWERCASE@$DOMAIN_NEW' where name = '$i';"; + done + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/bookstack/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "bookstack" "nc -z $SERVICE_IP 80 &> /dev/null" + echo -ne "done." +} +convert_freescout() { + #### Convert Freescout + echo -ne "\n* Converting freescout.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/freescout/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/freescout/.env + docker exec postgresql bash -c "psql -U freescout -c \"update users set email='admin@$DOMAIN_NEW' where id='1'\"" + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/freescout/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "freescout" "nc -z $SERVICE_IP 80 &> /dev/null" + echo -ne "done." +} +convert_msp() { + #### Convert MSP + echo -ne "\n* Converting msp.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/msp/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/msp/.env + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/msp/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "msp" "nc -z $SERVICE_IP 3000 &> /dev/null" + echo -ne "done." +} +convert_espocrm() { + #### Convert EspoCRM + echo -ne "\n* Converting espocrm.." + # Grab the SSO client secret for config below before removing espocrm + ESPOCRM_CLIENT_SECRET=$(cat /federated/apps/espocrm/.env | grep ESPOCRM_CONFIG_OIDC_CLIENT_SECRET | awk -F= '{ print $2 }') + ESPOCRM_IMAGE_VERSION=$(cat /federated/apps/espocrm/.env | grep IMAGE_VERSION | awk -F\" '{ print $2 }') + rm -rf /federated/apps/espocrm + mkdir -p /federated/apps/espocrm/data/var/www/html +cat > /federated/apps/espocrm/docker-compose.yml < /federated/apps/listmonk/.env < /federated/apps/espocrm/.env < /federated/apps/listmonk/data/listmonk/config.toml < /federated/apps/listmonk/data/listmonk/config.toml < /dev/null -docker exec postgresql psql -U postgres -c "CREATE DATABASE listmonk" &> /dev/null -docker exec postgresql psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE listmonk TO listmonk" &> /dev/null - -echo -ne "done.\n" -} -start_listmonk() { - # Install the database scheme first - docker compose -f /federated/apps/listmonk/docker-compose.yml run --rm listmonk ./listmonk --install --yes &> /dev/null - # Change app.root_url and other settings to our domain - docker exec postgresql psql -U listmonk -c "update settings set value='\"http://listmonk.$DOMAIN\"' where key='app.root_url'" &> /dev/null - docker exec postgresql psql -U listmonk -c "update settings set value='\"listmonk \"' where key='app.from_email'" &> /dev/null - docker exec postgresql psql -U listmonk -c "update settings set value='[{\"host\": \"mail.$DOMAIN\", \"port\": 587, \"enabled\": true, \"password\": \"$ADMINPASS\", \"tls_type\": \"STARTTLS\", \"username\": \"fcore\", \"max_conns\": 10, \"idle_timeout\": \"15s\", \"wait_timeout\": \"5s\", \"auth_protocol\": \"login\", \"email_headers\": [], \"hello_hostname\": \"\", \"max_msg_retries\": 2, \"tls_skip_verify\": false}, {\"host\": \"smtp.gmail.com\", \"port\": 465, \"enabled\": false, \"password\": \"password\", \"tls_type\": \"TLS\", \"username\": \"username@gmail.com\", \"max_conns\": 10, \"idle_timeout\": \"15s\", \"wait_timeout\": \"5s\", \"auth_protocol\": \"login\", \"email_headers\": [], \"hello_hostname\": \"\", \"max_msg_retries\": 2, \"tls_skip_verify\": false}]' where key='smtp';" &> /dev/null +chmod 600 /federated/apps/espocrm/.env + # Create database and user in mysql + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'drop database espocrm;'" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'drop user espocrm;'" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'create database espocrm;'" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e \"CREATE USER 'espocrm'@'%' IDENTIFIED BY '$ESPOCRM_SECRET';\"" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e \"grant all privileges on espocrm.* to 'espocrm'@'%';\"" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'flush privileges;'" + if [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then + sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_MIDDLE,dc=$DOMAIN_LAST#g" /federated/apps/espocrm/.env + else + sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/espocrm/.env + fi + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/espocrm/docker-compose.yml | awk '{ print $2 }'` # Start service with command to make sure it's up before proceeding - start_service "listmonk" "nc -z 192.168.0.21 9000 &> /dev/null" "8" - [[ "${PLUS}" = "false" ]] && docker exec pdns pdnsutil add-record $DOMAIN listmonk A 86400 $EXTERNALIP &> /dev/null + start_service_convert "espocrm" "nc -z $SERVICE_IP 80 &> /dev/null" + # Configure SSO to Authelia +cat >> /federated/apps/espocrm/.env < [\n\ 0 => 'profile',\n\ 1 => 'email',\n\ 2 => 'groups',\n\ 3 => 'openid'\n\ ]," /federated/apps/espocrm/data/var/www/html/data/config.php + # Set auth method to Oidc only + sed -i "s/ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/#ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/g" /federated/apps/espocrm/.env + run_command "/federated/bin/stop espocrm" + run_command "/federated/bin/start espocrm" echo -ne "done." } -email_listmonk() { - echo -ne "* Sending email to customer.." -cat > /federated/apps/mail/data/root/certs/mailfile < -
-

-

Listmonk is now installed on $DOMAIN

-

-Here is your applications chart with on how to access this service:
-

-

Applications

- - -------- - - - - - - - - - - - - - - - - - - - - -
ServiceLinkUser / PassAccessDocsDescription
Listmonklistmonk.$DOMAINadmin@$DOMAIN
$ADMINPASS		User access is separate from panelClick hereListmonk is (a replacement for Mailchimp) is used to create e-mail subscription lists
-

Thanks for your support!

-

-Thank you for your support of Federated Computer. We really appreciate it and hope you have a very successful -time with Federated Core. -

-Again, if we can be of any assistance, please don't hesitate to get in touch. -

-Support: https://support.federated.computer
-Phone: (970) 722-8715
-Email: support@federated.computer
-

-It's your computer. Let's make it work for you! - -EOF - # Send out e-mail from mail container with details - docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile" - rm /federated/apps/mail/data/root/certs/mailfile - echo -ne "done.\n" +convert_dashboard() { + #### Convert Dashboard + echo -ne "\n* Converting dashboard.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/dashboard/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/dashboard/.env + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/dashboard/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "dashboard" "nc -z $SERVICE_IP 8080 &> /dev/null" + echo -ne "done." } -uninstall_listmonk() { - echo -ne "* Uninstalling listmonk container.." - # First stop the service - cd /federated/apps/listmonk && docker compose -f docker-compose.yml -p listmonk down &> /dev/null - # Delete database and user in postgresql - docker exec postgresql psql -U postgres -c "DROP DATABASE listmonk" &> /dev/null - docker exec postgresql psql -U postgres -c "DROP USER listmonk" &> /dev/null - # Delete the app directory - rm -rf /federated/apps/listmonk - echo -ne "done.\n" +convert_roundcube() { + #### Convert Roundcube + echo -ne "\n* Converting roundcube.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/roundcube/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/roundcube/.env + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/roundcube/data/var/www/html/config/config.inc.php + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/roundcube/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "roundcube" "nc -z $SERVICE_IP 80 &> /dev/null" + echo -ne "done." } - - +convert_authelia() { + #### Convert Authelia + echo -ne "\n* Converting authelia.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/authelia/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/authelia/.env + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/authelia/data/config/configuration.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/authelia/data/config/idproviders.yml + if [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then + sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_MIDDLE,dc=$DOMAIN_LAST#g" /federated/apps/authelia/.env + else + sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/authelia/.env + fi + # Configure SSO to Authelia + # Delete the entries in the pdns settings table + [[ -d "/federated/apps/pdnsmysql/data/var/lib/mysql/pdnsadmin" ]] && POWERDNS_DB="pdnsadmin" || POWERDNS_DB="pdns" + docker exec pdnsmysql mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e "delete from setting where name like '%oidc_oauth%';" + POWERDNS_CLIENT_SECRET=$(cat /federated/apps/authelia/.powerdns.client.secret) + # Insert PowerDNS configuration because we need an initial + # config for Authelia to run + PDNS_MYSQL_COMMAND1="insert into setting (name, value) values (\"oidc_oauth_enabled\", \"True\");insert into setting (name, value) values (\"oidc_oauth_key\", \"powerdns\");" + PDNS_MYSQL_COMMAND2="insert into setting (name, value) values (\"oidc_oauth_scope\", \"openid profile groups email\");insert into setting (name, value) values (\"oidc_oauth_api_url\", \"https://authelia.$DOMAIN_NEW/api/oidc/userinfo\");" + PDNS_MYSQL_COMMAND3="insert into setting (name, value) values (\"oidc_oauth_auto_configure\", \"True\");insert into setting (name, value) values (\"oidc_oauth_metadata_url\", \"https://authelia.$DOMAIN_NEW/.well-known/openid-configuration\");" + PDNS_MYSQL_COMMAND4="insert into setting (name, value) values (\"oidc_oauth_token_url\", \"\");insert into setting (name, value) values (\"oidc_oauth_authorize_url\", \"\");" + PDNS_MYSQL_COMMAND5="insert into setting (name, value) values (\"oidc_oauth_logout_url\", \"https://authelia.$DOMAIN_NEW/logout\");insert into setting (name, value) values (\"oidc_oauth_username\", \"preferred_username\");" + PDNS_MYSQL_COMMAND6="insert into setting (name, value) values (\"oidc_oauth_email\", \"email\");insert into setting (name, value) values (\"oidc_oauth_firstname\", \"preferred_username\");" + PDNS_MYSQL_COMMAND7="insert into setting (name, value) values (\"oidc_oauth_last_name\", \"name\");insert into setting (name, value) values (\"oidc_oauth_account_name_property\", \"preferred_username\");" + PDNS_MYSQL_COMMAND8="insert into setting (name, value) values (\"oidc_oauth_account_description_property\", \"name\");insert into setting (name, value) values (\"oidc_oauth_secret\", \"$POWERDNS_CLIENT_SECRET\");" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND;'" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND1;'" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND2;'" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND3;'" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND4;'" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND5;'" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND6;'" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND7;'" + docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND8;'" + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/authelia/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + start_service_convert "authelia" "nc -z $SERVICE_IP 9091 &> /dev/null" + echo -ne "done." +} +convert_jitsiopenid() { + #### Convert JitsiOpenID + echo -ne "\n* Converting jitsiopenid.." + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/jitsiopenid/docker-compose.yml + sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/jitsiopenid/.env + # Grab the container IP from docker-compose + SERVICE_IP=`grep ipv4_address /federated/apps/jitsiopenid/docker-compose.yml | awk '{ print $2 }'` + # Start service with command to make sure it's up before proceeding + run_command "/federated/bin/start jitsiopenid" + echo -ne "done." +} +usage() { + echo "$0: " + exit 2 +} +[ $# != 2 ] && usage +DOMAIN_NEW=$1 +ORG_NEW=$2 +# Check if DNS works +EXTERNALIP=`dig @resolver4.opendns.com myip.opendns.com +short 2> /dev/null` +[ $? -ne 0 ] && failcheck "Couldn't run dig, dns is not working" +# Setup DOMAIN variable for domain or subdomain +DOMAIN_ARRAY=(${DOMAIN_NEW//./ }) +if [ "${#DOMAIN_ARRAY[@]}" -eq "2" ]; then + DOMAIN_FIRST=${DOMAIN_ARRAY[0]} + DOMAIN_LAST=${DOMAIN_ARRAY[1]} +elif [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then + DOMAIN_FIRST=${DOMAIN_ARRAY[0]} + DOMAIN_MIDDLE=${DOMAIN_ARRAY[1]} + DOMAIN_LAST=${DOMAIN_ARRAY[2]} +else + failcheck "$DOMAIN_NEW is not a valid domain.com or sub.domain.com" +fi +ADMINPASS=`cat /federated/bin/.adminpass | head -1` +LDAP_SECRET=`cat /federated/apps/ldap/.ldap.secret` +echo -ne "\n\nConverting Federated Core $DOMAIN to $DOMAIN_NEW.\n\n" +check_gluerecords +#get_installedapps +do_serviceprep +# Stop all services +/federated/bin/stop all &> /dev/null +# Convert each services in SERVICES list +for i in "${SERVICES[@]}"; do + if [ -d "/federated/apps/$i" ]; then + convert_$i + fi +done