From 866e1875cfde65ddc7a0d9bd17d904feded80f6c Mon Sep 17 00:00:00 2001
From: root <root@f11391a1.federatedcomputer.cloud>
Date: Wed, 6 Nov 2024 15:43:03 +0000
Subject: [PATCH 1/4] Testing SSO fix for mail.sh clean up

---
 lib/functions.sh |  4 ++++
 lib/mail.sh      | 34 +++++++++++++++-------------------
 2 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/lib/functions.sh b/lib/functions.sh
index 548b6ec..43f123a 100644
--- a/lib/functions.sh
+++ b/lib/functions.sh
@@ -12,6 +12,10 @@ fail() {
   #  docker network rm fstack &> /dev/null
   exit 2;
 }
+run_command() {
+  $1 &> /dev/null
+  [[ $? -ne 0 ]] && echo "* FAILED - Couldn't run \"$1\"" >&2
+}
 failcheck() {
   echo -ne "\n\nFAILED - $1\n\n"
   exit 2;
diff --git a/lib/mail.sh b/lib/mail.sh
index d711170..edde9d0 100644
--- a/lib/mail.sh
+++ b/lib/mail.sh
@@ -5,7 +5,7 @@
 PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
 config_mail() {
-  echo -ne "\n* Configuring /federated/apps/mail container.."
+  echo -ne "* Configuring mail container.."
 
   if [ ! -d "/federated/apps/mail" ]; then
     mkdir -p /federated/apps/mail/data/root/certs &> /dev/null
@@ -85,13 +85,13 @@ LDAP_SERVER_HOST=ldap://ldap.$DOMAIN
 LDAP_SEARCH_BASE=ou=people,dc=federatedcomputer,dc=cloud
 LDAP_BIND_DN=cn=admin,dc=federatedcomputer,dc=cloud
 LDAP_BIND_PW=$LDAP_SECRET
-LDAP_QUERY_FILTER_USER="(&(mail=%s)(mailEnabled=TRUE))"
-LDAP_QUERY_FILTER_GROUP="(&(mailGroupMember=%s)(mailEnabled=TRUE))"
-LDAP_QUERY_FILTER_ALIAS="(&(mailAlias=%s)(mailEnabled=TRUE))"
-LDAP_QUERY_FILTER_DOMAIN="(|(mail=*@%s)(mailAlias=*@%s))"
+LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
+LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE))
+LDAP_QUERY_FILTER_ALIAS=(&(mailAlias=%s)(mailEnabled=TRUE))
+LDAP_QUERY_FILTER_DOMAIN=(|(mail=*@%s)(mailAlias=*@%s))
 # DOVECOT
-DOVECOT_PASS_FILTER="(&(objectClass=inetOrgPerson)(mail=%u))"
-DOVECOT_USER_FILTER="(&(objectClass=inetOrgPerson)(mail=%u))"
+DOVECOT_PASS_FILTER=(&(objectClass=inetOrgPerson)(mail=%u))
+DOVECOT_USER_FILTER=(&(objectClass=inetOrgPerson)(mail=%u))
 DOVECOT_USER_ATTRS=homeDirectory=home,=uid=5000,=gid=5000
 # SASLAUTHD
 ENABLE_SASLAUTHD=1
@@ -100,7 +100,7 @@ SASLAUTHD_LDAP_SERVER=ldap://ldap.$DOMAIN
 SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=federatedcomputer,dc=cloud
 SASLAUTHD_LDAP_PASSWORD=$LDAP_SECRET
 SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=federatedcomputer,dc=cloud
-SASLAUTHD_LDAP_FILTER="(&(objectClass=inetOrgPerson)(mail=%U@%r))"
+SASLAUTHD_LDAP_FILTER=(&(objectClass=inetOrgPerson)(mail=%U@%r))
 POSTMASTER_ADDRESS=postmaster@localhost.localdomain
 POSTFIX_MESSAGE_SIZE_LIMIT=100000000
 ENABLE_MANAGESIEVE=1
@@ -269,18 +269,17 @@ bantime = 180d
 port = smtp,pop3,pop3s,imap,imaps,submission,submissions,sieve
 EOF
 
-  echo -ne "done."
+  echo -ne "done.\n"
 }
 start_mail() {
   # Start service with command to make sure it's up before proceeding
   start_service "mail" "nc -z 192.168.0.16 25 &> /dev/null" "25"
 
   # Generate the DKIM DNS key and setup
-  docker exec mail setup config dkim
-  docker exec mail setup config dkim keysize 2048 domain $DOMAIN &> /dev/null
-  [ $? -ne 0 ] && fail "Couldn't generate DKIM record"
+  run_command "docker exec mail setup config dkim"
+  run_command "docker exec mail setup config dkim keysize 2048 domain $DOMAIN"
 
-  docker exec mail bash -c "setup config dkim domain '$DOMAIN'"
+  docker exec mail bash -c "setup config dkim domain '$DOMAIN' &> /dev/null"
   [ $? -ne 0 ] && fail "Couldn't setup DKIM domain"
 
   # Insert the DKIM DNS TXT entry into /federated/apps/pdns container
@@ -294,15 +293,13 @@ start_mail() {
   [ $? -ne 0 ] && fail "Couldn't insert DMARC record into /federated/apps/pdns container"
 
   # Stop and Start mail to reload DKIM
-  /federated/bin/stop mail &> /dev/null
-  /federated/bin/start mail &> /dev/null
+  run_command "/federated/bin/stop mail"
+  run_command "/federated/bin/start mail"
 
-  echo -ne "done."
+  echo -ne "done.\n"
 }
 uninstall_mail() {
   echo -ne "* Uninstalling mail container.."
-  spin &
-  SPINPID=$!
 
   # First stop the service
   cd /federated/apps/mail && docker-compose -f docker-compose.yml -p mail down &> /dev/null
@@ -317,6 +314,5 @@ uninstall_mail() {
   docker exec pdns pdnsutil delete-rrset $DOMAIN mail._domainkey TXT
   docker exec pdns pdnsutil delete-rrset $DOMAIN _dmarc TXT
 
-  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }

From f47b90acda79d5ffe440d6238f249f561318ea38 Mon Sep 17 00:00:00 2001
From: root <root@f11391a1.federatedcomputer.cloud>
Date: Wed, 6 Nov 2024 15:59:33 +0000
Subject: [PATCH 2/4] Added sso fixes clean up for nextcloud

---
 lib/nextcloud.sh | 69 ++++++++++++++++++++++++------------------------
 1 file changed, 34 insertions(+), 35 deletions(-)

diff --git a/lib/nextcloud.sh b/lib/nextcloud.sh
index c8826c0..effaf95 100644
--- a/lib/nextcloud.sh
+++ b/lib/nextcloud.sh
@@ -5,7 +5,7 @@
 PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
 config_nextcloud() {
-  echo -ne "\n* Configuring /federated/apps/nextcloud container.."
+  echo -ne "* Configuring nextcloud container.."
 
   if [ ! -d "/federated/apps/nextcloud" ]; then
     mkdir -p /federated/apps/nextcloud/data/root &> /dev/null
@@ -272,52 +272,48 @@ EOF
 
 chmod +x /federated/apps/nextcloud/data/config.sh
 
-  echo -ne "done."
+  echo -ne "done.\n"
 }
 start_nextcloud() {
   # Start service with command to make sure it's up before proceeding
   start_service "nextcloud" "nc -z 192.168.0.18 80 &> /dev/null" "60"
 
   # Move config.sh and sidemenu config, set config.sh executable
-  mv /federated/apps/nextcloud/data/config.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/
-  docker exec nextcloud chown www-data:root /var/www/html/config.sh /var/www/html/configs.json
-  docker exec nextcloud chmod 755 /var/www/html/config.sh
-  [ $? -ne 0 ] && fail "Couldn't chown config.sh in /federated/apps/nextcloud container"
+  run_command "mv /federated/apps/nextcloud/data/config.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/"
+  run_command "docker exec nextcloud chown www-data:root /var/www/html/config.sh /var/www/html/configs.json"
+  run_command "docker exec nextcloud chmod 755 /var/www/html/config.sh"
 
   # Run config.sh - Setup LDAP, configuration for nextcloud
-  docker exec -u 33 nextcloud /var/www/html/config.sh &> /dev/null
-  [ $? -ne 0 ] && fail "Couldn't run config.sh inside /federated/apps/nextcloud container"
+  run_command "docker exec -u 33 nextcloud /var/www/html/config.sh"
 
   # Add admin user to group
   # Have to do it this many times so it will query LDAP and populate admin user first
-  docker exec -u 33 nextcloud /var/www/html/occ ldap:search admin
-  docker exec -u 33 nextcloud /var/www/html/occ group:list
-  docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin
-  docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin
-  docker exec -u 33 nextcloud /var/www/html/occ group:list
+  run_command "docker exec -u 33 nextcloud /var/www/html/occ ldap:search admin"
+  run_command "docker exec -u 33 nextcloud /var/www/html/occ group:list"
+  run_command "docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin"
+  run_command "docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin"
+  run_command "docker exec -u 33 nextcloud /var/www/html/occ group:list"
 
   # Setup admin email account
-  docker exec -u 33 nextcloud bash -c "/var/www/html/occ mail:account:create admin admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password" &> /dev/null
+#  docker exec -u 33 nextcloud bash -c "/var/www/html/occ mail:account:create admin admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password" &> /dev/null || failts "ERROR - There was an error running occ mail:account:create"
+  run_command "docker exec -u 33 nextcloud /var/www/html/occ mail:account:create admin admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password"
 
   # Add missing indexes and disable activity app
-  docker exec -u 33 nextcloud /var/www/html/occ db:add-missing-indices
-  docker exec -u 33 nextcloud /var/www/html/occ app:disable activity
+  run_command "docker exec -u 33 nextcloud /var/www/html/occ db:add-missing-indices"
+  run_command "docker exec -u 33 nextcloud /var/www/html/occ app:disable activity"
 
-  docker exec pdns pdnsutil add-record $DOMAIN nextcloud A 86400 $EXTERNALIP &> /dev/null
-  [ $? -ne 0 ] && fail "Couldn't add dns record for nextcloud"
+  run_command "docker exec pdns pdnsutil add-record $DOMAIN nextcloud A 86400 $EXTERNALIP"
 
   # Remove configs
-  rm /federated/apps/nextcloud/data/var/www/html/config.sh /federated/apps/nextcloud/data/var/www/html/configs.json
+  run_command "rm /federated/apps/nextcloud/data/var/www/html/config.sh /federated/apps/nextcloud/data/var/www/html/configs.json"
 
   # Truncate nextcloud log file
-  docker exec -u 33 nextcloud truncate /var/www/html/data/nextcloud.log --size 0
+  run_command "docker exec -u 33 nextcloud truncate /var/www/html/data/nextcloud.log --size 0"
 
-  echo -ne "done."
+  echo -ne "done.\n"
 }
 uninstall_nextcloud() {
   echo -ne "* Uninstalling nextcloud container.."
-  spin &
-  SPINPID=$!
 
   # First stop the service
   cd /federated/apps/nextcloud && docker-compose -f docker-compose.yml -p nextcloud down &> /dev/null
@@ -339,14 +335,15 @@ uninstall_nextcloud() {
   if [[ $(grep "### Nextcloud" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
     sed -i '/### Nextcloud/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
     sed -i '/### Nextcloud/d' /federated/apps/authelia/data/config/idproviders.yml
-    /federated/bin/stop authelia
-    /federated/bin/start authelia
+    /federated/bin/stop authelia &> /dev/null
+    /federated/bin/start authelia &> /dev/null
   fi
 
-  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
 configsso_nextcloud() {
+  echo -ne "* Configuring nextcloud container with SSO.."
+
   [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
   [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
   get_appvars
@@ -373,20 +370,22 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
           - 'email'
           - 'groups'
         userinfo_signed_response_alg: 'none'
-        token_endpoint_auth_method: 'client_secret_basic'
+        token_endpoint_auth_method: 'client_secret_post'
 EOF
 
   add_authelia_config_to_dockercompose "$APP"
 
   # Restart Authelia for changes to take the above configuration
-  /federated/bin/stop authelia
-  /federated/bin/start authelia
+  run_command "/federated/bin/stop authelia"
+  run_command "/federated/bin/start authelia"
 
-  docker exec -u 33 nextcloud /var/www/html/occ config:system:set allow_local_remote_servers --value=true
-  docker exec -u 33 nextcloud /var/www/html/occ app:enable user_oidc
-  docker exec -u 33 nextcloud /var/www/html/occ config:system:set --value=true --type=boolean user_oidc use_pkce
-  docker exec -u 33 nextcloud /var/www/html/occ user_oidc:provider Authelia --clientid="nextcloud" --clientsecret="$NEXTCLOUD_CLIENT_SECRET" --discoveryuri="https://authelia.$DOMAIN/.well-known/openid-configuration" --mapping-uid=name --endsessionendpointuri=https://authelia.$DOMAIN/logout
+  run_command "docker exec -u 33 nextcloud /var/www/html/occ config:system:set allow_local_remote_servers --value=true"
+  run_command "docker exec -u 33 nextcloud /var/www/html/occ app:enable user_oidc"
+  run_command "docker exec -u 33 nextcloud /var/www/html/occ config:system:set --value=true --type=boolean user_oidc use_pkce"
+  run_command "docker exec -u 33 nextcloud /var/www/html/occ user_oidc:provider Authelia --clientid="nextcloud" --clientsecret="$NEXTCLOUD_CLIENT_SECRET" --discoveryuri="https://authelia.$DOMAIN/.well-known/openid-configuration" --mapping-uid=name --endsessionendpointuri=https://authelia.$DOMAIN/logout"
 
-  /federated/bin/stop nextcloud
-  /federated/bin/start nextcloud
+  run_command "/federated/bin/stop nextcloud"
+  run_command "/federated/bin/start nextcloud"
+
+  echo -ne "done.\n"
 }

From 5d5e949f92dda5fd9d8678255a7aaa0e9c93d720 Mon Sep 17 00:00:00 2001
From: root <root@f11391a1.federatedcomputer.cloud>
Date: Wed, 6 Nov 2024 16:23:12 +0000
Subject: [PATCH 3/4] More sso fixes and clean up

---
 bin/installapp-sso |  2 +-
 lib/authelia.sh    | 27 ++++++++---------
 lib/bookstack.sh   | 29 ++++++++----------
 lib/espocrm.sh     | 26 ++++++++--------
 lib/gitea.sh       | 25 ++++++++--------
 lib/jitsi.sh       | 75 +++++++++++++---------------------------------
 lib/mail.sh        | 14 ++++-----
 lib/matrix.sh      | 32 ++++++++++----------
 lib/roundcube.sh   | 29 ++++++++----------
 lib/wordpress.sh   | 40 +++++++++++--------------
 10 files changed, 125 insertions(+), 174 deletions(-)

diff --git a/bin/installapp-sso b/bin/installapp-sso
index eded594..b69a23c 100755
--- a/bin/installapp-sso
+++ b/bin/installapp-sso
@@ -1,4 +1,4 @@
-#!/bin/bash -x
+#!/bin/bash
 #
 # Installs SSO on app
 . /etc/federated
diff --git a/lib/authelia.sh b/lib/authelia.sh
index 7a1ef6b..e0c31f2 100644
--- a/lib/authelia.sh
+++ b/lib/authelia.sh
@@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
 get_appvars
 
 config_authelia() {
-  echo -ne "\n* Configuring /federated/apps/authelia container.."
+  echo -ne "* Configuring authelia container.."
 
   if [ ! -d "/federated/apps/authelia" ]; then
     mkdir -p /federated/apps/authelia/data/config
@@ -49,13 +49,13 @@ tr -cd '[:alnum:]' < /dev/urandom | fold -w "64" | head -n 1 > /federated/apps/a
 tr -cd '[:alnum:]' < /dev/urandom | fold -w "64" | head -n 1 > /federated/apps/authelia/data/secrets/STORAGE_ENCRYPTION_KEY
 echo "$LDAP_SECRET" > /federated/apps/authelia/data/secrets/AUTHENTICATION_BACKEND_LDAP_PASSWORD
 echo "$ADMINPASS" > /federated/apps/authelia/data/secrets/NOTIFIER_SMTP_PASSWORD
-openssl genrsa -out /federated/apps/authelia/data/secrets/private.pem 4096
-openssl rsa -in /federated/apps/authelia/data/secrets/private.pem -outform PEM -pubout -out /federated/apps/authelia/data/secrets/public.pem
+openssl genrsa -out /federated/apps/authelia/data/secrets/private.pem 4096 2>/dev/null
+openssl rsa -in /federated/apps/authelia/data/secrets/private.pem -outform PEM -pubout -out /federated/apps/authelia/data/secrets/public.pem 2>/dev/null
 POWERDNS_CLIENT_SECRET=$(create_password);
-POWERDNS_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $POWERDNS_CLIENT_SECRET | awk '{ print $2 }')
+POWERDNS_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $POWERDNS_CLIENT_SECRET 2>/dev/null | awk '{ print $2 }')
 [[ -d "/federated/apps/pdnsmysql/data/var/lib/mysql/pdnsadmin" ]] && POWERDNS_DB="pdnsadmin" || POWERDNS_DB="pdns"
-NEXTCLOUD_CLIENT_SECRET=$(create_password);
-NEXTCLOUD_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $NEXTCLOUD_CLIENT_SECRET | awk '{ print $2 }')
+#NEXTCLOUD_CLIENT_SECRET=$(create_password);
+#NEXTCLOUD_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $NEXTCLOUD_CLIENT_SECRET | awk '{ print $2 }')
 
 cat > /federated/apps/authelia/.env <<EOF
 IMAGE_VERSION=4.38.8
@@ -195,7 +195,7 @@ docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -
 docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND7;'"
 docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND8;'"
  
-echo -ne "done."
+echo -ne "done.\n"
 }
 start_authelia() {
   # Start service with command to make sure it's up before proceeding
@@ -204,19 +204,17 @@ start_authelia() {
   docker exec pdns pdnsutil add-record $DOMAIN authelia A 86400 $EXTERNALIP &> /dev/null
   [ $? -ne 0 ] && fail "Couldn't add dns record for authelia"
 
-  # If extra_hosts doesn't exist then insert extra_host configuration in pdnsadmin
-  [[ ! $(grep extra_hosts /federated/apps/pdnsadmin/docker-compose.yml 2>/dev/null) ]] && sed -i "/192.168.0.12/a  \    extra_hosts:\n\      - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/pdnsadmin/docker-compose.yml
+  # If extra_hosts doesn't exist then insert extra_host configuration in pdnsadmin docker compose
+  add_authelia_config_to_dockercompose "pdnsadmin"
 
   # Stop and start pdnsadmin for internal dns externalhosts to work
-  /federated/bin/stop pdnsadmin
-  /federated/bin/start pdnsadmin
+  run_command "/federated/bin/stop pdnsadmin"
+  run_command "/federated/bin/start pdnsadmin"
 
-  echo -ne "done."
+  echo -ne "done.\n"
 }
 uninstall_authelia() {
   echo -ne "* Uninstalling authelia container.."
-  spin &
-  SPINPID=$!
 
   # First stop the service
   cd /federated/apps/authelia && docker-compose -f docker-compose.yml -p authelia down &> /dev/null
@@ -234,6 +232,5 @@ uninstall_authelia() {
   # Delete the DNS record
   docker exec pdns pdnsutil delete-rrset $DOMAIN authelia A
 
-  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
diff --git a/lib/bookstack.sh b/lib/bookstack.sh
index bb708bf..ff3a0ba 100644
--- a/lib/bookstack.sh
+++ b/lib/bookstack.sh
@@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
 get_appvars
 
 config_bookstack() {
-  echo -ne "\n* Configuring bookstack container.."
+  echo -ne "* Configuring bookstack container.."
 
   if [ ! -d "/federated/apps/bookstack" ]; then
     mkdir -p /federated/apps/bookstack/data/config
@@ -81,8 +81,8 @@ start_bookstack() {
   docker exec pdns pdnsutil add-record $DOMAIN documentation A 86400 $EXTERNALIP &> /dev/null
   [ $? -ne 0 ] && fail "Couldn't add dns record for bookstack"
 
-  docker exec pdnsmysql mysql -ubookstack -p$BOOKSTACK_SECRET bookstack -e "delete from users where email = 'admin@admin.com';"
-  docker exec bookstack php /app/www/artisan bookstack:create-admin --email="admin@$DOMAIN" --name="Admin" --password="$ADMINPASS"
+  docker exec pdnsmysql mysql -ubookstack -p$BOOKSTACK_SECRET bookstack -e "delete from users where email = 'admin@admin.com';" &> /dev/null
+  docker exec bookstack php /app/www/artisan bookstack:create-admin --email="admin@$DOMAIN" --name="Admin" --password="$ADMINPASS" &> /dev/null
 
   # Set mail configuration
   sed -i "s#MAIL_FROM=.*#MAIL_FROM=admin@$DOMAIN#g" /federated/apps/bookstack/data/config/www/.env
@@ -93,13 +93,10 @@ start_bookstack() {
   sed -i "s#MAIL_PASSWORD=.*#MAIL_PASSWORD=$ADMINPASS#g" /federated/apps/bookstack/data/config/www/.env
   sed -i "s#MAIL_ENCRYPTION=.*#MAIL_ENCRYPTION=TLS#g" /federated/apps/bookstack/data/config/www/.env
 
-  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
 email_bookstack() {
   echo -ne "* Sending email to customer.."
-  spin &
-  SPINPID=$!
 
 cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
 <html>
@@ -171,13 +168,10 @@ EOF
   docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
   rm /federated/apps/mail/data/root/certs/mailfile
 
-  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
 uninstall_bookstack() {
   echo -ne "* Uninstalling bookstack container.."
-  spin &
-  SPINPID=$!
 
   # First stop the service
   cd /federated/apps/bookstack && docker-compose -f docker-compose.yml -p bookstack down &> /dev/null
@@ -199,14 +193,15 @@ uninstall_bookstack() {
   if [[ $(grep "### Bookstack" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
     sed -i '/### Bookstack/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
     sed -i '/### Bookstack/d' /federated/apps/authelia/data/config/idproviders.yml
-    /federated/bin/stop authelia
-    /federated/bin/start authelia
+    run_command "/federated/bin/stop authelia"
+    run_command "/federated/bin/start authelia"
   fi
 
-  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
 configsso_bookstack() {
+  echo -ne "* Configuring bookstack container with SSO.."
+
   [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
   [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
   [[ $(grep "### Bookstack" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Bookstack configuration."
@@ -232,8 +227,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
 EOF
 
   # Restart Authelia for changes to take the above configuration
-  /federated/bin/stop authelia
-  /federated/bin/start authelia
+  run_command "/federated/bin/stop authelia"
+  run_command "/federated/bin/start authelia"
 
 cat >> /federated/apps/bookstack/.env <<EOF
 AUTH_METHOD=oidc
@@ -259,6 +254,8 @@ EOF
     docker exec pdnsmysql mysql -ubookstack -p${BOOKSTACK_SECRET} bookstack -e "update users set external_auth_id = '$i' where email = '$i'";
   done
 
-  /federated/bin/stop bookstack
-  /federated/bin/start bookstack
+  run_command "/federated/bin/stop bookstack"
+  run_command "/federated/bin/start bookstack"
+
+  echo -ne "done.\n"
 }
diff --git a/lib/espocrm.sh b/lib/espocrm.sh
index 3abad61..efcd6ae 100644
--- a/lib/espocrm.sh
+++ b/lib/espocrm.sh
@@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
 get_appvars
 
 config_espocrm() {
-  echo -ne "\n* Configuring espocrm container.."
+  echo -ne "* Configuring espocrm container.."
 
   if [ ! -d "/federated/apps/espocrm" ]; then
     mkdir -p /federated/apps/espocrm/data/var/www/html
@@ -42,7 +42,7 @@ EOF
 ESPOCRM_SECRET=$(create_password);
 
 cat > /federated/apps/espocrm/.env <<EOF
-IMAGE_VERSION="8.0.5-apache"
+IMAGE_VERSION="8.4.0-apache"
 ESPOCRM_DATABASE_HOST=pdnsmysql.$DOMAIN
 ESPOCRM_DATABASE_NAME=espocrm
 ESPOCRM_DATABASE_USER=espocrm
@@ -101,8 +101,6 @@ start_espocrm() {
 }
 email_espocrm() {
   echo -ne "* Sending email to customer.."
-  spin &
-  SPINPID=$!
 
 cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
 <html>
@@ -174,13 +172,10 @@ EOF
   docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
   rm /federated/apps/mail/data/root/certs/mailfile
 
-  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
 uninstall_espocrm() {
   echo -ne "* Uninstalling espocrm container.."
-  spin &
-  SPINPID=$!
 
   # First stop the service
   cd /federated/apps/espocrm && docker-compose -f docker-compose.yml -p espocrm down &> /dev/null
@@ -205,14 +200,15 @@ uninstall_espocrm() {
   if [[ $(grep "### Espocrm" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
     sed -i '/### Espocrm/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
     sed -i '/### Espocrm/d' /federated/apps/authelia/data/config/idproviders.yml
-    /federated/bin/stop authelia
-    /federated/bin/start authelia
+    run_command "/federated/bin/stop authelia"
+    run_command "/federated/bin/start authelia"
   fi
 
-  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
 configsso_espocrm() {
+  echo -ne "* Configuring espocrm container with SSO.."
+
   [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
   [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
   [[ $(grep "### Espocrm" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Espocrm configuration."
@@ -240,8 +236,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
 EOF
 
   # Restart Authelia for changes to take the above configuration
-  /federated/bin/stop authelia
-  /federated/bin/start authelia
+  run_command "/federated/bin/stop authelia"
+  run_command "/federated/bin/start authelia"
 
 cat >> /federated/apps/espocrm/.env <<EOF
 ESPOCRM_CONFIG_AUTHENTICATION_METHOD=Oidc
@@ -272,6 +268,8 @@ EOF
   # Set auth method to Oidc only
   sed -i "s/ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/#ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/g" /federated/apps/espocrm/.env
 
-  /federated/bin/stop espocrm
-  /federated/bin/start espocrm
+  run_command "/federated/bin/stop espocrm"
+  run_command "/federated/bin/start espocrm"
+
+  echo -ne "done.\n"
 }
diff --git a/lib/gitea.sh b/lib/gitea.sh
index 8f9c36b..8cf49e8 100644
--- a/lib/gitea.sh
+++ b/lib/gitea.sh
@@ -5,7 +5,7 @@
 PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
 config_gitea() {
-  echo -ne "\n* Configuring /federated/apps/gitea container.."
+  echo -ne "* Configuring gitea container.."
 
   if [ ! -d "/federated/apps/gitea" ]; then
     mkdir -p /federated/apps/gitea/data/data
@@ -159,7 +159,7 @@ docker exec postgresql psql -U postgres -c "CREATE USER gitea WITH PASSWORD '$GI
 docker exec postgresql psql -U postgres -c "CREATE DATABASE gitea" &> /dev/null
 docker exec postgresql psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE gitea TO gitea" &> /dev/null
  
-echo -ne "done."
+echo -ne "done.\n"
 }
 email_gitea() {
   echo -ne "* Sending email to customer.."
@@ -241,8 +241,6 @@ EOF
 }
 uninstall_gitea() {
   echo -ne "* Uninstalling gitea container.."
-  spin &
-  SPINPID=$!
 
   # First stop the service
   cd /federated/apps/gitea && docker-compose -f docker-compose.yml -p gitea down &> /dev/null
@@ -264,11 +262,10 @@ uninstall_gitea() {
   if [[ $(grep "### Gitea" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
     sed -i '/### Gitea/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
     sed -i '/### Gitea/d' /federated/apps/authelia/data/config/idproviders.yml
-    /federated/bin/stop authelia
-    /federated/bin/start authelia
+    run_command "/federated/bin/stop authelia"
+    run_command "/federated/bin/start authelia"
   fi
 
-  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
 start_gitea() {
@@ -295,9 +292,11 @@ start_gitea() {
   # Remove creategitea.sh
   rm /federated/apps/gitea/data/data/creategitea.sh
 
-  echo -ne "done."
+  echo -ne "done.\n"
 }
 configsso_gitea() {
+  echo -ne "* Configuring gitea container with SSO.."
+
   [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
   [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
   [[ $(grep "### Gitea" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Gitea configuration."
@@ -325,8 +324,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
 EOF
 
   # Restart Authelia for changes to take the above configuration
-  /federated/bin/stop authelia
-  /federated/bin/start authelia
+  run_command "/federated/bin/stop authelia"
+  run_command "/federated/bin/start authelia"
 
   docker exec --user 1000 gitea gitea admin auth add-oauth --name "Authelia" --provider "openidConnect" --key "gitea" --secret "$GITEA_CLIENT_SECRET" --auto-discover-url "https://authelia.$DOMAIN/.well-known/openid-configuration" --skip-local-2fa "true" --scopes "openid email profile" --group-claim-name "groups" --admin-group "admin" --restricted-group "guest"
 
@@ -346,6 +345,8 @@ GITEA__oauth2_client__ACCOUNT_LINKING=login
 GITEA__oauth2_client__OPENID_CONNECT_SCOPES="openid profile email"
 EOF
 
-  /federated/bin/stop gitea
-  /federated/bin/start gitea
+  run_command "/federated/bin/stop gitea"
+  run_command "/federated/bin/start gitea"
+
+  echo -ne "done.\n"
 }
diff --git a/lib/jitsi.sh b/lib/jitsi.sh
index 6bbf3f2..712d87d 100644
--- a/lib/jitsi.sh
+++ b/lib/jitsi.sh
@@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
 get_appvars
 
 config_jitsi() {
-  echo -ne "\n* Configuring /federated/apps/jitsi container.."
+  echo -ne "* Configuring jitsi container.."
 
   if [ ! -d "/federated/apps/jitsi" ]; then
      mkdir -p /federated/apps/jitsi
@@ -429,19 +429,12 @@ cat > /federated/apps/jitsi/.env <<EOF
 # Directory where all configuration will be stored
 CONFIG=/federated/apps/jitsi/data/config
 
-EOF
-if [ "$JITSI_SCALE" != "server" ]; then
-cat >> /federated/apps/jitsi/.env <<EOF
 # Exposed HTTP port
 HTTP_PORT=9000
 
 # Exposed HTTPS port
 HTTPS_PORT=9443
 
-EOF
-fi
-
-cat >> /federated/apps/jitsi/.env <<EOF
 # System time zone
 TZ=UTC
 
@@ -449,47 +442,23 @@ TZ=UTC
 PUBLIC_URL=https://jitsi.$DOMAIN
 EOF
 
-if [ -n "$JITSI_SCALE" ]; then
-	if [ "$JITSI_SCALE" = "server" ]; then
-		cat >> /federated/apps/jitsi/.env <<EOF
-XMPP_SERVER=xmpp.jitsitest.federatedcomputer.cloud
-EOF
-	else
-		cat >> /federated/apps/jitsi/.env <<EOF
-XMPP_SERVER=xmpp.$DOMAIN
-EOF
-	fi
-
-	# XMPP_AUTH_DOMAIN and XMPP_INTERNAL_MUC_DOMAIN don't
-	# need to resolve - they just need to be identical across
-	# the involved Jitsi components.
-	# So it is safe to use a common (even if nonexistant)
-	# domain across all Jitsi Scale clients so the JVB can
-	# use the same information for every Prosody instance
-	# it connects to.
+if [ "$JITSI_SCALE" = "server" ]; then
 	cat >> /federated/apps/jitsi/.env <<EOF
-XMPP_AUTH_DOMAIN=auth.jitsiscale.federated.computer
-XMPP_INTERNAL_MUC_DOMAIN=internal-muc.jitsiscale.federated.computer
-EOF
-
-	if [ "$JITSI_SCALE" = "server" ]; then
-		cat >> /federated/apps/jitsi/.env <<EOF
+XMPP_AUTH_DOMAIN=auth.jitsitest.federatedcomputer.cloud
+XMPP_SERVER=xmpp.jitsitest.federatedcomputer.cloud
+XMPP_INTERNAL_MUC_DOMAIN=internal-muc.jitsitest.federatedcomputer.cloud
 
 # XMPP password for JVB client connections
 JVB_AUTH_PASSWORD=
 EOF
-	fi
 else
-	cat >> /federated/apps/jitsi/.env <<EOF
-XMPP_SERVER=xmpp.$DOMAIN
-XMPP_AUTH_DOMAIN=auth.$DOMAIN
-XMPP_INTERNAL_MUC_DOMAIN=internal-muc.$DOMAIN
-EOF
-
 	cat >> /federated/apps/jitsi/.env <<EOF
 XMPP_DOMAIN=$DOMAIN
+XMPP_AUTH_DOMAIN=auth.$DOMAIN
+XMPP_SERVER=xmpp.$DOMAIN
 XMPP_BOSH_URL_BASE=http://xmpp.$DOMAIN:5280
 XMPP_MUC_DOMAIN=muc.$DOMAIN
+XMPP_INTERNAL_MUC_DOMAIN=internal-muc.$DOMAIN
 XMPP_GUEST_DOMAIN=guest.$DOMAIN
 XMPP_RECORDER_DOMAIN=recorder.$DOMAIN
 
@@ -696,12 +665,10 @@ mkdir -p /federated/apps/jitsi/data/config/{web,transcripts,prosody/config,proso
 /federated/apps/jitsi/gen-passwords.sh
 [ $? -ne 0 ] && fail "Couldn't run /federated/apps/jitsi/gen-passwords.sh"
 
-echo -ne "done."
+echo -ne "done.\n"
 }
 email_jitsi() {
   echo -ne "* Sending email to customer.."
-  spin &
-  SPINPID=$!
 
 cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
 <html>
@@ -773,13 +740,10 @@ EOF
   docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
   rm /federated/apps/mail/data/root/certs/mailfile
 
-  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
 uninstall_jitsi() {
   echo -ne "* Uninstalling jitsi container.."
-  spin &
-  SPINPID=$!
 
   # First stop the service
   cd /federated/apps/jitsi && docker-compose -f docker-compose.yml -p jitsi down &> /dev/null
@@ -800,8 +764,8 @@ uninstall_jitsi() {
   if [[ $(grep "### Jitsi" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
     sed -i '/### Jitsi/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
     sed -i '/### Jitsi/d' /federated/apps/authelia/data/config/idproviders.yml
-    /federated/bin/stop authelia
-    /federated/bin/start authelia
+    run_command "/federated/bin/stop authelia"
+    run_command "/federated/bin/start authelia"
   fi
 
   if [[ -d "/federated/apps/jitsiopenid" ]]; then
@@ -810,16 +774,17 @@ uninstall_jitsi() {
     docker image rm mod242/jitsi-go-openid:latest &> /dev/null
   fi
 
-  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
 start_jitsi() {
   # Start service with command to make sure it's up before proceeding
   start_service "jitsi" "nc -z 192.168.0.25 443 &> /dev/null" "8"
 
-  echo -ne "done."
+  echo -ne "done.\n"
 }
 configsso_jitsi() {
+  echo -ne "* Configuring jitsi container with SSO.."
+
   [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
   [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
   [[ $(grep "### Jitsi" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Jitsi configuration."
@@ -849,8 +814,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
 EOF
 
   # Restart Authelia for changes to take the above configuration
-  /federated/bin/stop authelia
-  /federated/bin/start authelia
+  run_command "/federated/bin/stop authelia"
+  run_command "/federated/bin/start authelia"
 
   sed -i "s/AUTH_TYPE=.*/AUTH_TYPE=jwt/g" /federated/apps/jitsi/.env
   sed -i "s/#JWT_APP_ID=.*/JWT_APP_ID=jitsi.$DOMAIN/g" /federated/apps/jitsi/.env
@@ -909,7 +874,9 @@ NAME_KEY=name
 EOF
 chmod 600 /federated/apps/jitsiopenid/.env
 
-  /federated/bin/stop jitsi
-  /federated/bin/start jitsi
-  /federated/bin/start jitsiopenid
+  run_command "/federated/bin/stop jitsi"
+  run_command "/federated/bin/start jitsi"
+  run_command "/federated/bin/start jitsiopenid"
+
+  echo -ne "done.\n"
 }
diff --git a/lib/mail.sh b/lib/mail.sh
index edde9d0..57dd34e 100644
--- a/lib/mail.sh
+++ b/lib/mail.sh
@@ -85,13 +85,13 @@ LDAP_SERVER_HOST=ldap://ldap.$DOMAIN
 LDAP_SEARCH_BASE=ou=people,dc=federatedcomputer,dc=cloud
 LDAP_BIND_DN=cn=admin,dc=federatedcomputer,dc=cloud
 LDAP_BIND_PW=$LDAP_SECRET
-LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
-LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE))
-LDAP_QUERY_FILTER_ALIAS=(&(mailAlias=%s)(mailEnabled=TRUE))
-LDAP_QUERY_FILTER_DOMAIN=(|(mail=*@%s)(mailAlias=*@%s))
+LDAP_QUERY_FILTER_USER="(&(mail=%s)(mailEnabled=TRUE))"
+LDAP_QUERY_FILTER_GROUP="(&(mailGroupMember=%s)(mailEnabled=TRUE))"
+LDAP_QUERY_FILTER_ALIAS="(&(mailAlias=%s)(mailEnabled=TRUE))"
+LDAP_QUERY_FILTER_DOMAIN="(|(mail=*@%s)(mailAlias=*@%s))"
 # DOVECOT
-DOVECOT_PASS_FILTER=(&(objectClass=inetOrgPerson)(mail=%u))
-DOVECOT_USER_FILTER=(&(objectClass=inetOrgPerson)(mail=%u))
+DOVECOT_PASS_FILTER="(&(objectClass=inetOrgPerson)(mail=%u))"
+DOVECOT_USER_FILTER="(&(objectClass=inetOrgPerson)(mail=%u))"
 DOVECOT_USER_ATTRS=homeDirectory=home,=uid=5000,=gid=5000
 # SASLAUTHD
 ENABLE_SASLAUTHD=1
@@ -100,7 +100,7 @@ SASLAUTHD_LDAP_SERVER=ldap://ldap.$DOMAIN
 SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=federatedcomputer,dc=cloud
 SASLAUTHD_LDAP_PASSWORD=$LDAP_SECRET
 SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=federatedcomputer,dc=cloud
-SASLAUTHD_LDAP_FILTER=(&(objectClass=inetOrgPerson)(mail=%U@%r))
+SASLAUTHD_LDAP_FILTER="(&(objectClass=inetOrgPerson)(mail=%U@%r))"
 POSTMASTER_ADDRESS=postmaster@localhost.localdomain
 POSTFIX_MESSAGE_SIZE_LIMIT=100000000
 ENABLE_MANAGESIEVE=1
diff --git a/lib/matrix.sh b/lib/matrix.sh
index d3024c1..864b394 100644
--- a/lib/matrix.sh
+++ b/lib/matrix.sh
@@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
 get_appvars
 
 config_matrix() {
-  echo -ne "\n* Configuring /federated/apps/matrix container.."
+  echo -ne "* Configuring matrix container.."
 
   if [ ! -d "/federated/apps/matrix" ]; then
     mkdir -p /federated/apps/matrix/data/matrix &> /dev/null
@@ -64,8 +64,8 @@ sed -i 's!args:!!g' /federated/apps/matrix/data/matrix/homeserver.yaml
 # Insert our Postgres and LDAP config
 cat >> /federated/apps/matrix/data/matrix/homeserver.yaml <<EOF
 
-#web_client_location: https://element.$DOMAIN/
-public_baseurl: https://matrix.$DOMAIN:443/
+web_client_location: https://element.$DOMAIN/
+#public_baseurl: https://matrix.$DOMAIN:443/
 serve_server_wellknown: true
 turn_uris: [ "turn:turn.$DOMAIN?transport=udp", "turn:turn.$DOMAIN?transport=tcp" ]
 turn_shared_secret: "$COTURN_MATRIX_SECRET"
@@ -124,7 +124,7 @@ docker exec postgresql psql -U postgres -c "CREATE USER matrix WITH PASSWORD '$M
 docker exec postgresql psql -U postgres -c "CREATE DATABASE matrix" &> /dev/null
 docker exec postgresql psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix" &> /dev/null
 
-echo -ne "done."
+echo -ne "done.\n"
 }
 start_matrix() {
   # Start service with command to make sure it's up before proceeding
@@ -139,12 +139,10 @@ start_matrix() {
   docker exec pdns pdnsutil add-record $DOMAIN matrix A 86400 $EXTERNALIP &> /dev/null
   [ $? -ne 0 ] && fail "Couldn't add dns record for matrix"
 
-  echo -ne "done."
+  echo -ne "done.\n"
 }
 email_matrix() {
   echo -ne "* Sending email to customer.."
-  spin &
-  SPINPID=$!
 
 cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
 <html>
@@ -216,13 +214,10 @@ EOF
   docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
   rm /federated/apps/mail/data/root/certs/mailfile
 
-  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
 uninstall_matrix() {
   echo -ne "* Uninstalling matrix container.."
-  spin &
-  SPINPID=$!
 
   # First stop the service
   cd /federated/apps/matrix && docker-compose -f docker-compose.yml -p matrix down &> /dev/null
@@ -244,14 +239,15 @@ uninstall_matrix() {
   if [[ $(grep "### Matrix" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
     sed -i '/### Matrix/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
     sed -i '/### Matrix/d' /federated/apps/authelia/data/config/idproviders.yml
-    /federated/bin/stop authelia
-    /federated/bin/start authelia
+    run_command "/federated/bin/stop authelia"
+    run_command "/federated/bin/start authelia"
   fi
 
-  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
 configsso_matrix() {
+  echo -ne "* Configuring matrix container with SSO.."
+
   [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
   [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
   [[ $(grep "### Matrix" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Matrix configuration."
@@ -277,8 +273,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
 EOF
 
   # Restart Authelia for changes to take the above configuration
-  /federated/bin/stop authelia
-  /federated/bin/start authelia
+  run_command "/federated/bin/stop authelia"
+  run_command "/federated/bin/start authelia"
 
   add_authelia_config_to_dockercompose "$APP"
 
@@ -302,6 +298,8 @@ oidc_providers:
 EOF
 
   # Restart Matrix for changes to take the above configuration
-  /federated/bin/stop matrix
-  /federated/bin/start matrix
+  run_command "/federated/bin/stop matrix"
+  run_command "/federated/bin/start matrix"
+
+  echo -ne "done.\n"
 }
diff --git a/lib/roundcube.sh b/lib/roundcube.sh
index 4db1247..78e5ac0 100644
--- a/lib/roundcube.sh
+++ b/lib/roundcube.sh
@@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
 get_appvars
 
 config_roundcube() {
-  echo -ne "\n* Configuring roundcube container.."
+  echo -ne "* Configuring roundcube container.."
 
   if [ ! -d "/federated/apps/roundcube" ]; then
     mkdir -p /federated/apps/roundcube/data/var/www/html
@@ -74,13 +74,10 @@ start_roundcube() {
   docker exec pdns pdnsutil add-record $DOMAIN webmail A 86400 $EXTERNALIP &> /dev/null
   [ $? -ne 0 ] && fail "Couldn't add dns record for roundcube"
 
-  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
 email_roundcube() {
   echo -ne "* Sending email to customer.."
-  spin &
-  SPINPID=$!
 
 cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
 <html>
@@ -108,13 +105,10 @@ EOF
   docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
   rm /federated/apps/mail/data/root/certs/mailfile
 
-  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
 uninstall_roundcube() {
   echo -ne "* Uninstalling roundcube container.."
-  spin &
-  SPINPID=$!
 
   # First stop the service
   cd /federated/apps/roundcube && docker-compose -f docker-compose.yml -p roundcube down &> /dev/null
@@ -137,14 +131,15 @@ uninstall_roundcube() {
   if [[ $(grep "### Roundcube" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
     sed -i '/### Roundcube/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
     sed -i '/### Roundcube/d' /federated/apps/authelia/data/config/idproviders.yml
-    /federated/bin/stop authelia
-    /federated/bin/start authelia
+    run_command "/federated/bin/stop authelia"
+    run_command "/federated/bin/start authelia"
   fi
 
-  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
 configsso_roundcube() {
+  echo -ne "* Configuring roundcube container with SSO.."
+
   [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
   [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
   [[ $(grep "### Roundcube" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Roundcube configuration."
@@ -171,8 +166,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
 EOF
 
   # Restart Authelia for changes to take the above configuration
-  /federated/bin/stop authelia
-  /federated/bin/start authelia
+  run_command "/federated/bin/stop authelia"
+  run_command "/federated/bin/start authelia"
 
   # Add in extra hosts config
   add_authelia_config_to_dockercompose "$APP"
@@ -234,8 +229,10 @@ sed -i 's/SASLAUTHD_LDAP_FILTER=.*/#SASLAUTHD_LDAP_FILTER=\(\&\(objectClass\=ine
 sed -i 's/DOVECOT_PASS_FILTER=.*/DOVECOT_PASS_FILTER=\(\|\(mail\=\%u\)\(uid\=\%u\)\)/g' /federated/apps/mail/.env
 sed -i 's/DOVECOT_USER_FILTER=.*/DOVECOT_USER_FILTER=\(\|\(mail\=\%u\)\(uid\=\%u\)\)/g' /federated/apps/mail/.env
 
-  /federated/bin/stop roundcube
-  /federated/bin/start roundcube
-  /federated/bin/stop mail
-  /federated/bin/start mail
+  run_command "/federated/bin/stop roundcube"
+  run_command "/federated/bin/start roundcube"
+  run_command "/federated/bin/stop mail"
+  run_command "/federated/bin/start mail"
+
+  echo -ne "done.\n"
 }
diff --git a/lib/wordpress.sh b/lib/wordpress.sh
index 0b510dd..56ef34c 100644
--- a/lib/wordpress.sh
+++ b/lib/wordpress.sh
@@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
 get_appvars
 
 config_wordpress() {
-  echo -ne "\n* Configuring wordpress container.."
+  echo -ne "* Configuring wordpress container.."
 
   if [ ! -d "/federated/apps/wordpress" ]; then
     mkdir -p /federated/apps/wordpress/data/bitnami/wordpress
@@ -54,7 +54,7 @@ WORDPRESS_PASSWORD=$ADMINPASS
 WORDPRESS_EMAIL=admin@$DOMAIN
 WORDPRESS_FIRST_NAME=Admin
 WORDPRESS_LAST_NAME=Wordpress
-WORDPRESS_BLOG_NAME=$COMPANY Blog
+WORDPRESS_BLOG_NAME="$COMPANY Blog"
 WORDPRESS_DATABASE_HOST=pdnsmysql.$DOMAIN
 WORDPRESS_DATABASE_PORT_NUMBER=3306
 WORDPRESS_DATABASE_USER=wordpress
@@ -86,20 +86,16 @@ start_wordpress() {
   chmod -R 755 /federated/apps/wordpress/data/bitnami/wordpress/wp-content
   chmod 740 /federated/apps/wordpress/data/bitnami/wordpress/wp-config.php
   sed -i s#http://#https://#g /federated/apps/wordpress/data/bitnami/wordpress/wp-config.php
-  /federated/bin/stop wordpress
-  /federated/bin/start wordpress
 
-  docker exec pdns pdnsutil add-record $DOMAIN www A 86400 $EXTERNALIP &> /dev/null
-  [ $? -ne 0 ] && fail "Couldn't add dns record"
-  docker exec pdns pdnsutil add-record $DOMAIN wordpress A 86400 $EXTERNALIP &> /dev/null
-  [ $? -ne 0 ] && fail "Couldn't add dns record"
+  run_command "/federated/bin/stop wordpress"
+  run_command "/federated/bin/start wordpress"
+  run_command "docker exec pdns pdnsutil add-record $DOMAIN www A 86400 $EXTERNALIP"
+  run_command "docker exec pdns pdnsutil add-record $DOMAIN wordpress A 86400 $EXTERNALIP"
 
   echo -ne "done.\n"
 }
 email_wordpress() {
   echo -ne "* Sending email to customer.."
-  spin &
-  SPINPID=$!
 
 cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
 <html>
@@ -171,13 +167,10 @@ EOF
   docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
   rm /federated/apps/mail/data/root/certs/mailfile
 
-  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
 uninstall_wordpress() {
   echo -ne "* Uninstalling wordpress container.."
-  spin &
-  SPINPID=$!
 
   # First stop the service
   cd /federated/apps/wordpress && docker-compose -f docker-compose.yml -p wordpress down &> /dev/null
@@ -200,14 +193,15 @@ uninstall_wordpress() {
   if [[ $(grep "### Wordpress" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
     sed -i '/### Wordpress/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
     sed -i '/### Wordpress/d' /federated/apps/authelia/data/config/idproviders.yml
-    /federated/bin/stop authelia
-    /federated/bin/start authelia
+    run_command "/federated/bin/stop authelia"
+    run_command "/federated/bin/start authelia"
   fi
 
-  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
 configsso_wordpress() {
+  echo -ne "* Configuring wordpress container with SSO.."
+
   [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
   [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
   [[ $(grep "### Wordpress" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Wordpress configuration."
@@ -235,8 +229,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
 EOF
 
   # Restart Authelia for changes to take the above configuration
-  /federated/bin/stop authelia
-  /federated/bin/start authelia
+  run_command "/federated/bin/stop authelia"
+  run_command "/federated/bin/start authelia"
 
   add_authelia_config_to_dockercompose "$APP"
 
@@ -254,9 +248,11 @@ define( 'OIDC_LINK_EXISTING_USERS', '1' );\n\
 define( 'OIDC_REDIRECT_USER_BACK', '1' );\n\
 define( 'OIDC_REDIRECT_ON_LOGOUT', '1' );\n" /federated/apps/wordpress/data/bitnami/wordpress/wp-config.php
 
-  docker exec wordpress wp plugin install daggerhart-openid-connect-generic &> /dev/null
-  docker exec wordpress wp plugin activate daggerhart-openid-connect-generic &> /dev/null
+  run_command "docker exec wordpress wp plugin install daggerhart-openid-connect-generic"
+  run_command "docker exec wordpress wp plugin activate daggerhart-openid-connect-generic"
 
-  /federated/bin/stop wordpress
-  /federated/bin/start wordpress
+  run_command "/federated/bin/stop wordpress"
+  run_command "/federated/bin/start wordpress"
+
+  echo -ne "done.\n"
 }

From 8f72fe6390cc4f9dbc16128d9e2563dd02469c7d Mon Sep 17 00:00:00 2001
From: root <root@f11391a1.federatedcomputer.cloud>
Date: Wed, 6 Nov 2024 19:08:23 +0000
Subject: [PATCH 4/4] Fixed jitsi for merge

---
 lib/jitsi.sh | 84 ++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 61 insertions(+), 23 deletions(-)

diff --git a/lib/jitsi.sh b/lib/jitsi.sh
index 712d87d..774c572 100644
--- a/lib/jitsi.sh
+++ b/lib/jitsi.sh
@@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
 get_appvars
 
 config_jitsi() {
-  echo -ne "* Configuring jitsi container.."
+  echo -ne "\n* Configuring /federated/apps/jitsi container.."
 
   if [ ! -d "/federated/apps/jitsi" ]; then
      mkdir -p /federated/apps/jitsi
@@ -429,12 +429,19 @@ cat > /federated/apps/jitsi/.env <<EOF
 # Directory where all configuration will be stored
 CONFIG=/federated/apps/jitsi/data/config
 
+EOF
+if [ "$JITSI_SCALE" != "server" ]; then
+cat >> /federated/apps/jitsi/.env <<EOF
 # Exposed HTTP port
 HTTP_PORT=9000
 
 # Exposed HTTPS port
 HTTPS_PORT=9443
 
+EOF
+fi
+
+cat >> /federated/apps/jitsi/.env <<EOF
 # System time zone
 TZ=UTC
 
@@ -444,21 +451,45 @@ EOF
 
 if [ "$JITSI_SCALE" = "server" ]; then
 	cat >> /federated/apps/jitsi/.env <<EOF
-XMPP_AUTH_DOMAIN=auth.jitsitest.federatedcomputer.cloud
-XMPP_SERVER=xmpp.jitsitest.federatedcomputer.cloud
-XMPP_INTERNAL_MUC_DOMAIN=internal-muc.jitsitest.federatedcomputer.cloud
+XMPP_SERVER=xmpp.jitsitest.federatedcomputer.cloud,xmpp.jitsitest2.fedcom.net
+EOF
+else
+	cat >> /federated/apps/jitsi/.env <<EOF
+XMPP_SERVER=xmpp.$DOMAIN
+EOF
+fi
+
+if [ -n "$JITSI_SCALE" ]; then
+	# XMPP_AUTH_DOMAIN and XMPP_INTERNAL_MUC_DOMAIN don't
+	# need to resolve - they just need to be identical across
+	# the involved Jitsi components.
+	# So it is safe to use a common (even if nonexistant)
+	# domain across all Jitsi Scale clients so the JVB can
+	# use the same information for every Prosody instance
+	# it connects to.
+	cat >> /federated/apps/jitsi/.env <<EOF
+XMPP_AUTH_DOMAIN=auth.jitsiscale.federated.computer
+XMPP_INTERNAL_MUC_DOMAIN=internal-muc.jitsiscale.federated.computer
+EOF
+else
+	cat >> /federated/apps/jitsi/.env <<EOF
+XMPP_AUTH_DOMAIN=auth.$DOMAIN
+XMPP_INTERNAL_MUC_DOMAIN=internal-muc.$DOMAIN
+EOF
+fi
+
+if [ "$JITSI_SCALE" = "server" ]; then
+	cat >> /federated/apps/jitsi/.env <<EOF
 
 # XMPP password for JVB client connections
 JVB_AUTH_PASSWORD=
 EOF
 else
+
 	cat >> /federated/apps/jitsi/.env <<EOF
 XMPP_DOMAIN=$DOMAIN
-XMPP_AUTH_DOMAIN=auth.$DOMAIN
-XMPP_SERVER=xmpp.$DOMAIN
 XMPP_BOSH_URL_BASE=http://xmpp.$DOMAIN:5280
 XMPP_MUC_DOMAIN=muc.$DOMAIN
-XMPP_INTERNAL_MUC_DOMAIN=internal-muc.$DOMAIN
 XMPP_GUEST_DOMAIN=guest.$DOMAIN
 XMPP_RECORDER_DOMAIN=recorder.$DOMAIN
 
@@ -665,10 +696,12 @@ mkdir -p /federated/apps/jitsi/data/config/{web,transcripts,prosody/config,proso
 /federated/apps/jitsi/gen-passwords.sh
 [ $? -ne 0 ] && fail "Couldn't run /federated/apps/jitsi/gen-passwords.sh"
 
-echo -ne "done.\n"
+echo -ne "done."
 }
 email_jitsi() {
   echo -ne "* Sending email to customer.."
+  spin &
+  SPINPID=$!
 
 cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
 <html>
@@ -740,13 +773,16 @@ EOF
   docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
   rm /federated/apps/mail/data/root/certs/mailfile
 
+  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
 uninstall_jitsi() {
   echo -ne "* Uninstalling jitsi container.."
+  spin &
+  SPINPID=$!
 
   # First stop the service
-  cd /federated/apps/jitsi && docker-compose -f docker-compose.yml -p jitsi down &> /dev/null
+  cd /federated/apps/jitsi && docker compose -f docker-compose.yml -p jitsi down &> /dev/null
 
   # Delete the app directory
   rm -rf /federated/apps/jitsi
@@ -764,27 +800,31 @@ uninstall_jitsi() {
   if [[ $(grep "### Jitsi" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
     sed -i '/### Jitsi/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
     sed -i '/### Jitsi/d' /federated/apps/authelia/data/config/idproviders.yml
-    run_command "/federated/bin/stop authelia"
-    run_command "/federated/bin/start authelia"
+    /federated/bin/stop authelia
+    /federated/bin/start authelia
   fi
 
   if [[ -d "/federated/apps/jitsiopenid" ]]; then
-    cd /federated/apps/jitsiopenid && docker-compose -f docker-compose.yml -p jitsiopenid down &> /dev/null
+    cd /federated/apps/jitsiopenid && docker compose -f docker-compose.yml -p jitsiopenid down &> /dev/null
     rm -rf /federated/apps/jitsiopenid
     docker image rm mod242/jitsi-go-openid:latest &> /dev/null
   fi
 
+  kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
 start_jitsi() {
   # Start service with command to make sure it's up before proceeding
   start_service "jitsi" "nc -z 192.168.0.25 443 &> /dev/null" "8"
-
-  echo -ne "done.\n"
+  # Allow multiple JVBs to connect
+  if [ "$JITSI_SCALE" = "client" ]; then
+    for i in $(seq 1 10); do
+      docker exec -ti jitsi-prosody-1 prosodyctl --config /config/prosody.cfg.lua register jvb$i auth.jitsiscale.federated.computer J17515cAl3-jvb
+    done
+  fi
+  echo -ne "done."
 }
 configsso_jitsi() {
-  echo -ne "* Configuring jitsi container with SSO.."
-
   [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
   [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
   [[ $(grep "### Jitsi" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Jitsi configuration."
@@ -814,8 +854,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
 EOF
 
   # Restart Authelia for changes to take the above configuration
-  run_command "/federated/bin/stop authelia"
-  run_command "/federated/bin/start authelia"
+  /federated/bin/stop authelia
+  /federated/bin/start authelia
 
   sed -i "s/AUTH_TYPE=.*/AUTH_TYPE=jwt/g" /federated/apps/jitsi/.env
   sed -i "s/#JWT_APP_ID=.*/JWT_APP_ID=jitsi.$DOMAIN/g" /federated/apps/jitsi/.env
@@ -874,9 +914,7 @@ NAME_KEY=name
 EOF
 chmod 600 /federated/apps/jitsiopenid/.env
 
-  run_command "/federated/bin/stop jitsi"
-  run_command "/federated/bin/start jitsi"
-  run_command "/federated/bin/start jitsiopenid"
-
-  echo -ne "done.\n"
+  /federated/bin/stop jitsi
+  /federated/bin/start jitsi
+  /federated/bin/start jitsiopenid
 }