bero/test
1
0
Fork 0
Code Issues 52 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Merge branch 'dev/sso1'

Browse Source
This commit is contained in:
root 2024-11-06 19:09:04 +00:00
commit 9920d6c642
11 changed files with 143 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/installapp-sso
View File

@ -1,4 +1,4 @@
#!/bin/bash -x
#!/bin/bash
#
# Installs SSO on app
. /etc/federated

27
lib/authelia.sh
View File

@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
get_appvars
config_authelia() {
echo -ne "\n* Configuring /federated/apps/authelia container.."
echo -ne "* Configuring authelia container.."
if [ ! -d "/federated/apps/authelia" ]; then
mkdir -p /federated/apps/authelia/data/config
@ -49,13 +49,13 @@ tr -cd '[:alnum:]' < /dev/urandom | fold -w "64" | head -n 1 > /federated/apps/a
tr -cd '[:alnum:]' < /dev/urandom | fold -w "64" | head -n 1 > /federated/apps/authelia/data/secrets/STORAGE_ENCRYPTION_KEY
echo "$LDAP_SECRET" > /federated/apps/authelia/data/secrets/AUTHENTICATION_BACKEND_LDAP_PASSWORD
echo "$ADMINPASS" > /federated/apps/authelia/data/secrets/NOTIFIER_SMTP_PASSWORD
openssl genrsa -out /federated/apps/authelia/data/secrets/private.pem 4096
openssl rsa -in /federated/apps/authelia/data/secrets/private.pem -outform PEM -pubout -out /federated/apps/authelia/data/secrets/public.pem
openssl genrsa -out /federated/apps/authelia/data/secrets/private.pem 4096 2>/dev/null
openssl rsa -in /federated/apps/authelia/data/secrets/private.pem -outform PEM -pubout -out /federated/apps/authelia/data/secrets/public.pem 2>/dev/null
POWERDNS_CLIENT_SECRET=$(create_password);
POWERDNS_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $POWERDNS_CLIENT_SECRET | awk '{ print $2 }')
POWERDNS_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $POWERDNS_CLIENT_SECRET 2>/dev/null | awk '{ print $2 }')
[[ -d "/federated/apps/pdnsmysql/data/var/lib/mysql/pdnsadmin" ]] && POWERDNS_DB="pdnsadmin" || POWERDNS_DB="pdns"
NEXTCLOUD_CLIENT_SECRET=$(create_password);
NEXTCLOUD_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $NEXTCLOUD_CLIENT_SECRET | awk '{ print $2 }')
#NEXTCLOUD_CLIENT_SECRET=$(create_password);
#NEXTCLOUD_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $NEXTCLOUD_CLIENT_SECRET | awk '{ print $2 }')
cat > /federated/apps/authelia/.env <<EOF
IMAGE_VERSION=4.38.8
@ -195,7 +195,7 @@ docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND7;'"
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND8;'"
echo -ne "done."
echo -ne "done.\n"
}
start_authelia() {
# Start service with command to make sure it's up before proceeding
@ -204,19 +204,17 @@ start_authelia() {
docker exec pdns pdnsutil add-record $DOMAIN authelia A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record for authelia"
# If extra_hosts doesn't exist then insert extra_host configuration in pdnsadmin
[[ ! $(grep extra_hosts /federated/apps/pdnsadmin/docker-compose.yml 2>/dev/null) ]] && sed -i "/192.168.0.12/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/pdnsadmin/docker-compose.yml
# If extra_hosts doesn't exist then insert extra_host configuration in pdnsadmin docker compose
add_authelia_config_to_dockercompose "pdnsadmin"
# Stop and start pdnsadmin for internal dns externalhosts to work
/federated/bin/stop pdnsadmin
/federated/bin/start pdnsadmin
run_command "/federated/bin/stop pdnsadmin"
run_command "/federated/bin/start pdnsadmin"
echo -ne "done."
echo -ne "done.\n"
}
uninstall_authelia() {
echo -ne "* Uninstalling authelia container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/authelia && docker compose -f docker-compose.yml -p authelia down &> /dev/null
@ -234,6 +232,5 @@ uninstall_authelia() {
# Delete the DNS record
docker exec pdns pdnsutil delete-rrset $DOMAIN authelia A
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}

29
lib/bookstack.sh
View File

@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
get_appvars
config_bookstack() {
echo -ne "\n* Configuring bookstack container.."
echo -ne "* Configuring bookstack container.."
if [ ! -d "/federated/apps/bookstack" ]; then
mkdir -p /federated/apps/bookstack/data/config
@ -81,8 +81,8 @@ start_bookstack() {
docker exec pdns pdnsutil add-record $DOMAIN documentation A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record for bookstack"
docker exec pdnsmysql mysql -ubookstack -p$BOOKSTACK_SECRET bookstack -e "delete from users where email = 'admin@admin.com';"
docker exec bookstack php /app/www/artisan bookstack:create-admin --email="admin@$DOMAIN" --name="Admin" --password="$ADMINPASS"
docker exec pdnsmysql mysql -ubookstack -p$BOOKSTACK_SECRET bookstack -e "delete from users where email = 'admin@admin.com';" &> /dev/null
docker exec bookstack php /app/www/artisan bookstack:create-admin --email="admin@$DOMAIN" --name="Admin" --password="$ADMINPASS" &> /dev/null
# Set mail configuration
sed -i "s#MAIL_FROM=.*#MAIL_FROM=admin@$DOMAIN#g" /federated/apps/bookstack/data/config/www/.env
@ -93,13 +93,10 @@ start_bookstack() {
sed -i "s#MAIL_PASSWORD=.*#MAIL_PASSWORD=$ADMINPASS#g" /federated/apps/bookstack/data/config/www/.env
sed -i "s#MAIL_ENCRYPTION=.*#MAIL_ENCRYPTION=TLS#g" /federated/apps/bookstack/data/config/www/.env
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
email_bookstack() {
echo -ne "* Sending email to customer.."
spin &
SPINPID=$!
cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
<html>
@ -171,13 +168,10 @@ EOF
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
rm /federated/apps/mail/data/root/certs/mailfile
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
uninstall_bookstack() {
echo -ne "* Uninstalling bookstack container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/bookstack && docker compose -f docker-compose.yml -p bookstack down &> /dev/null
@ -199,14 +193,15 @@ uninstall_bookstack() {
if [[ $(grep "### Bookstack" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
sed -i '/### Bookstack/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
sed -i '/### Bookstack/d' /federated/apps/authelia/data/config/idproviders.yml
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
fi
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
configsso_bookstack() {
echo -ne "* Configuring bookstack container with SSO.."
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
[[ $(grep "### Bookstack" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Bookstack configuration."
@ -232,8 +227,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
EOF
# Restart Authelia for changes to take the above configuration
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
cat >> /federated/apps/bookstack/.env <<EOF
AUTH_METHOD=oidc
@ -259,6 +254,8 @@ EOF
docker exec pdnsmysql mysql -ubookstack -p${BOOKSTACK_SECRET} bookstack -e "update users set external_auth_id = '$i' where email = '$i'";
done
/federated/bin/stop bookstack
/federated/bin/start bookstack
run_command "/federated/bin/stop bookstack"
run_command "/federated/bin/start bookstack"
echo -ne "done.\n"
}

26
lib/espocrm.sh
View File

@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
get_appvars
config_espocrm() {
echo -ne "\n* Configuring espocrm container.."
echo -ne "* Configuring espocrm container.."
if [ ! -d "/federated/apps/espocrm" ]; then
mkdir -p /federated/apps/espocrm/data/var/www/html
@ -42,7 +42,7 @@ EOF
ESPOCRM_SECRET=$(create_password);
cat > /federated/apps/espocrm/.env <<EOF
IMAGE_VERSION="8.0.5-apache"
IMAGE_VERSION="8.4.0-apache"
ESPOCRM_DATABASE_HOST=pdnsmysql.$DOMAIN
ESPOCRM_DATABASE_NAME=espocrm
ESPOCRM_DATABASE_USER=espocrm
@ -101,8 +101,6 @@ start_espocrm() {
}
email_espocrm() {
echo -ne "* Sending email to customer.."
spin &
SPINPID=$!
cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
<html>
@ -174,13 +172,10 @@ EOF
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
rm /federated/apps/mail/data/root/certs/mailfile
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
uninstall_espocrm() {
echo -ne "* Uninstalling espocrm container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/espocrm && docker compose -f docker-compose.yml -p espocrm down &> /dev/null
@ -205,14 +200,15 @@ uninstall_espocrm() {
if [[ $(grep "### Espocrm" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
sed -i '/### Espocrm/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
sed -i '/### Espocrm/d' /federated/apps/authelia/data/config/idproviders.yml
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
fi
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
configsso_espocrm() {
echo -ne "* Configuring espocrm container with SSO.."
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
[[ $(grep "### Espocrm" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Espocrm configuration."
@ -240,8 +236,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
EOF
# Restart Authelia for changes to take the above configuration
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
cat >> /federated/apps/espocrm/.env <<EOF
ESPOCRM_CONFIG_AUTHENTICATION_METHOD=Oidc
@ -272,6 +268,8 @@ EOF
# Set auth method to Oidc only
sed -i "s/ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/#ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/g" /federated/apps/espocrm/.env
/federated/bin/stop espocrm
/federated/bin/start espocrm
run_command "/federated/bin/stop espocrm"
run_command "/federated/bin/start espocrm"
echo -ne "done.\n"
}

4
lib/functions.sh
View File

@ -12,6 +12,10 @@ fail() {
# docker network rm fstack &> /dev/null
exit 2;
}
run_command() {
$1 &> /dev/null
[[ $? -ne 0 ]] && echo "* FAILED - Couldn't run \"$1\"" >&2
}
failcheck() {
echo -ne "\n\nFAILED - $1\n\n"
exit 2;

25
lib/gitea.sh
View File

@ -5,7 +5,7 @@
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_gitea() {
echo -ne "\n* Configuring /federated/apps/gitea container.."
echo -ne "* Configuring gitea container.."
if [ ! -d "/federated/apps/gitea" ]; then
mkdir -p /federated/apps/gitea/data/data
@ -159,7 +159,7 @@ docker exec postgresql psql -U postgres -c "CREATE USER gitea WITH PASSWORD '$GI
docker exec postgresql psql -U postgres -c "CREATE DATABASE gitea" &> /dev/null
docker exec postgresql psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE gitea TO gitea" &> /dev/null
echo -ne "done."
echo -ne "done.\n"
}
email_gitea() {
echo -ne "* Sending email to customer.."
@ -241,8 +241,6 @@ EOF
}
uninstall_gitea() {
echo -ne "* Uninstalling gitea container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/gitea && docker compose -f docker-compose.yml -p gitea down &> /dev/null
@ -264,11 +262,10 @@ uninstall_gitea() {
if [[ $(grep "### Gitea" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
sed -i '/### Gitea/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
sed -i '/### Gitea/d' /federated/apps/authelia/data/config/idproviders.yml
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
fi
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
start_gitea() {
@ -295,9 +292,11 @@ start_gitea() {
# Remove creategitea.sh
rm /federated/apps/gitea/data/data/creategitea.sh
echo -ne "done."
echo -ne "done.\n"
}
configsso_gitea() {
echo -ne "* Configuring gitea container with SSO.."
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
[[ $(grep "### Gitea" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Gitea configuration."
@ -325,8 +324,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
EOF
# Restart Authelia for changes to take the above configuration
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
docker exec --user 1000 gitea gitea admin auth add-oauth --name "Authelia" --provider "openidConnect" --key "gitea" --secret "$GITEA_CLIENT_SECRET" --auto-discover-url "https://authelia.$DOMAIN/.well-known/openid-configuration" --skip-local-2fa "true" --scopes "openid email profile" --group-claim-name "groups" --admin-group "admin" --restricted-group "guest"
@ -346,6 +345,8 @@ GITEA__oauth2_client__ACCOUNT_LINKING=login
GITEA__oauth2_client__OPENID_CONNECT_SCOPES="openid profile email"
EOF
/federated/bin/stop gitea
/federated/bin/start gitea
run_command "/federated/bin/stop gitea"
run_command "/federated/bin/start gitea"
echo -ne "done.\n"
}

20
lib/mail.sh
View File

@ -5,7 +5,7 @@
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_mail() {
echo -ne "\n* Configuring /federated/apps/mail container.."
echo -ne "* Configuring mail container.."
if [ ! -d "/federated/apps/mail" ]; then
mkdir -p /federated/apps/mail/data/root/certs &> /dev/null
@ -269,18 +269,17 @@ bantime = 180d
port = smtp,pop3,pop3s,imap,imaps,submission,submissions,sieve
EOF
echo -ne "done."
echo -ne "done.\n"
}
start_mail() {
# Start service with command to make sure it's up before proceeding
start_service "mail" "nc -z 192.168.0.16 25 &> /dev/null" "25"
# Generate the DKIM DNS key and setup
docker exec mail setup config dkim
docker exec mail setup config dkim keysize 2048 domain $DOMAIN &> /dev/null
[ $? -ne 0 ] && fail "Couldn't generate DKIM record"
run_command "docker exec mail setup config dkim"
run_command "docker exec mail setup config dkim keysize 2048 domain $DOMAIN"
docker exec mail bash -c "setup config dkim domain '$DOMAIN'"
docker exec mail bash -c "setup config dkim domain '$DOMAIN' &> /dev/null"
[ $? -ne 0 ] && fail "Couldn't setup DKIM domain"
# Insert the DKIM DNS TXT entry into /federated/apps/pdns container
@ -294,15 +293,13 @@ start_mail() {
[ $? -ne 0 ] && fail "Couldn't insert DMARC record into /federated/apps/pdns container"
# Stop and Start mail to reload DKIM
/federated/bin/stop mail &> /dev/null
/federated/bin/start mail &> /dev/null
run_command "/federated/bin/stop mail"
run_command "/federated/bin/start mail"
echo -ne "done."
echo -ne "done.\n"
}
uninstall_mail() {
echo -ne "* Uninstalling mail container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/mail && docker compose -f docker-compose.yml -p mail down &> /dev/null
@ -317,6 +314,5 @@ uninstall_mail() {
docker exec pdns pdnsutil delete-rrset $DOMAIN mail._domainkey TXT
docker exec pdns pdnsutil delete-rrset $DOMAIN _dmarc TXT
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}

32
lib/matrix.sh
View File

@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
get_appvars
config_matrix() {
echo -ne "\n* Configuring /federated/apps/matrix container.."
echo -ne "* Configuring matrix container.."
if [ ! -d "/federated/apps/matrix" ]; then
mkdir -p /federated/apps/matrix/data/matrix &> /dev/null
@ -64,8 +64,8 @@ sed -i 's!args:!!g' /federated/apps/matrix/data/matrix/homeserver.yaml
# Insert our Postgres and LDAP config
cat >> /federated/apps/matrix/data/matrix/homeserver.yaml <<EOF
#web_client_location: https://element.$DOMAIN/
public_baseurl: https://matrix.$DOMAIN:443/
web_client_location: https://element.$DOMAIN/
#public_baseurl: https://matrix.$DOMAIN:443/
serve_server_wellknown: true
turn_uris: [ "turn:turn.$DOMAIN?transport=udp", "turn:turn.$DOMAIN?transport=tcp" ]
turn_shared_secret: "$COTURN_MATRIX_SECRET"
@ -124,7 +124,7 @@ docker exec postgresql psql -U postgres -c "CREATE USER matrix WITH PASSWORD '$M
docker exec postgresql psql -U postgres -c "CREATE DATABASE matrix" &> /dev/null
docker exec postgresql psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix" &> /dev/null
echo -ne "done."
echo -ne "done.\n"
}
start_matrix() {
# Start service with command to make sure it's up before proceeding
@ -139,12 +139,10 @@ start_matrix() {
docker exec pdns pdnsutil add-record $DOMAIN matrix A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record for matrix"
echo -ne "done."
echo -ne "done.\n"
}
email_matrix() {
echo -ne "* Sending email to customer.."
spin &
SPINPID=$!
cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
<html>
@ -216,13 +214,10 @@ EOF
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
rm /federated/apps/mail/data/root/certs/mailfile
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
uninstall_matrix() {
echo -ne "* Uninstalling matrix container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/matrix && docker compose -f docker-compose.yml -p matrix down &> /dev/null
@ -244,14 +239,15 @@ uninstall_matrix() {
if [[ $(grep "### Matrix" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
sed -i '/### Matrix/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
sed -i '/### Matrix/d' /federated/apps/authelia/data/config/idproviders.yml
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
fi
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
configsso_matrix() {
echo -ne "* Configuring matrix container with SSO.."
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
[[ $(grep "### Matrix" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Matrix configuration."
@ -277,8 +273,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
EOF
# Restart Authelia for changes to take the above configuration
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
add_authelia_config_to_dockercompose "$APP"
@ -302,6 +298,8 @@ oidc_providers:
EOF
# Restart Matrix for changes to take the above configuration
/federated/bin/stop matrix
/federated/bin/start matrix
run_command "/federated/bin/stop matrix"
run_command "/federated/bin/start matrix"
echo -ne "done.\n"
}

69
lib/nextcloud.sh
View File

@ -5,7 +5,7 @@
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_nextcloud() {
echo -ne "\n* Configuring /federated/apps/nextcloud container.."
echo -ne "* Configuring nextcloud container.."
if [ ! -d "/federated/apps/nextcloud" ]; then
mkdir -p /federated/apps/nextcloud/data/root &> /dev/null
@ -272,52 +272,48 @@ EOF
chmod +x /federated/apps/nextcloud/data/config.sh
echo -ne "done."
echo -ne "done.\n"
}
start_nextcloud() {
# Start service with command to make sure it's up before proceeding
start_service "nextcloud" "nc -z 192.168.0.18 80 &> /dev/null" "60"
# Move config.sh and sidemenu config, set config.sh executable
mv /federated/apps/nextcloud/data/config.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/
docker exec nextcloud chown www-data:root /var/www/html/config.sh /var/www/html/configs.json
docker exec nextcloud chmod 755 /var/www/html/config.sh
[ $? -ne 0 ] && fail "Couldn't chown config.sh in /federated/apps/nextcloud container"
run_command "mv /federated/apps/nextcloud/data/config.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/"
run_command "docker exec nextcloud chown www-data:root /var/www/html/config.sh /var/www/html/configs.json"
run_command "docker exec nextcloud chmod 755 /var/www/html/config.sh"
# Run config.sh - Setup LDAP, configuration for nextcloud
docker exec -u 33 nextcloud /var/www/html/config.sh &> /dev/null
[ $? -ne 0 ] && fail "Couldn't run config.sh inside /federated/apps/nextcloud container"
run_command "docker exec -u 33 nextcloud /var/www/html/config.sh"
# Add admin user to group
# Have to do it this many times so it will query LDAP and populate admin user first
docker exec -u 33 nextcloud /var/www/html/occ ldap:search admin
docker exec -u 33 nextcloud /var/www/html/occ group:list
docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin
docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin
docker exec -u 33 nextcloud /var/www/html/occ group:list
run_command "docker exec -u 33 nextcloud /var/www/html/occ ldap:search admin"
run_command "docker exec -u 33 nextcloud /var/www/html/occ group:list"
run_command "docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin"
run_command "docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin"
run_command "docker exec -u 33 nextcloud /var/www/html/occ group:list"
# Setup admin email account
docker exec -u 33 nextcloud bash -c "/var/www/html/occ mail:account:create admin admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password" &> /dev/null
# docker exec -u 33 nextcloud bash -c "/var/www/html/occ mail:account:create admin admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password" &> /dev/null || failts "ERROR - There was an error running occ mail:account:create"
run_command "docker exec -u 33 nextcloud /var/www/html/occ mail:account:create admin admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password"
# Add missing indexes and disable activity app
docker exec -u 33 nextcloud /var/www/html/occ db:add-missing-indices
docker exec -u 33 nextcloud /var/www/html/occ app:disable activity
run_command "docker exec -u 33 nextcloud /var/www/html/occ db:add-missing-indices"
run_command "docker exec -u 33 nextcloud /var/www/html/occ app:disable activity"
docker exec pdns pdnsutil add-record $DOMAIN nextcloud A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record for nextcloud"
run_command "docker exec pdns pdnsutil add-record $DOMAIN nextcloud A 86400 $EXTERNALIP"
# Remove configs
rm /federated/apps/nextcloud/data/var/www/html/config.sh /federated/apps/nextcloud/data/var/www/html/configs.json
run_command "rm /federated/apps/nextcloud/data/var/www/html/config.sh /federated/apps/nextcloud/data/var/www/html/configs.json"
# Truncate nextcloud log file
docker exec -u 33 nextcloud truncate /var/www/html/data/nextcloud.log --size 0
run_command "docker exec -u 33 nextcloud truncate /var/www/html/data/nextcloud.log --size 0"
echo -ne "done."
echo -ne "done.\n"
}
uninstall_nextcloud() {
echo -ne "* Uninstalling nextcloud container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/nextcloud && docker compose -f docker-compose.yml -p nextcloud down &> /dev/null
@ -339,14 +335,15 @@ uninstall_nextcloud() {
if [[ $(grep "### Nextcloud" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
sed -i '/### Nextcloud/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
sed -i '/### Nextcloud/d' /federated/apps/authelia/data/config/idproviders.yml
/federated/bin/stop authelia
/federated/bin/start authelia
/federated/bin/stop authelia &> /dev/null
/federated/bin/start authelia &> /dev/null
fi
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
configsso_nextcloud() {
echo -ne "* Configuring nextcloud container with SSO.."
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
get_appvars
@ -373,20 +370,22 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
- 'email'
- 'groups'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
token_endpoint_auth_method: 'client_secret_post'
EOF
add_authelia_config_to_dockercompose "$APP"
# Restart Authelia for changes to take the above configuration
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
docker exec -u 33 nextcloud /var/www/html/occ config:system:set allow_local_remote_servers --value=true
docker exec -u 33 nextcloud /var/www/html/occ app:enable user_oidc
docker exec -u 33 nextcloud /var/www/html/occ config:system:set --value=true --type=boolean user_oidc use_pkce
docker exec -u 33 nextcloud /var/www/html/occ user_oidc:provider Authelia --clientid="nextcloud" --clientsecret="$NEXTCLOUD_CLIENT_SECRET" --discoveryuri="https://authelia.$DOMAIN/.well-known/openid-configuration" --mapping-uid=name --endsessionendpointuri=https://authelia.$DOMAIN/logout
run_command "docker exec -u 33 nextcloud /var/www/html/occ config:system:set allow_local_remote_servers --value=true"
run_command "docker exec -u 33 nextcloud /var/www/html/occ app:enable user_oidc"
run_command "docker exec -u 33 nextcloud /var/www/html/occ config:system:set --value=true --type=boolean user_oidc use_pkce"
run_command "docker exec -u 33 nextcloud /var/www/html/occ user_oidc:provider Authelia --clientid="nextcloud" --clientsecret="$NEXTCLOUD_CLIENT_SECRET" --discoveryuri="https://authelia.$DOMAIN/.well-known/openid-configuration" --mapping-uid=name --endsessionendpointuri=https://authelia.$DOMAIN/logout"
/federated/bin/stop nextcloud
/federated/bin/start nextcloud
run_command "/federated/bin/stop nextcloud"
run_command "/federated/bin/start nextcloud"
echo -ne "done.\n"
}

29
lib/roundcube.sh
View File

@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
get_appvars
config_roundcube() {
echo -ne "\n* Configuring roundcube container.."
echo -ne "* Configuring roundcube container.."
if [ ! -d "/federated/apps/roundcube" ]; then
mkdir -p /federated/apps/roundcube/data/var/www/html
@ -74,13 +74,10 @@ start_roundcube() {
docker exec pdns pdnsutil add-record $DOMAIN webmail A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record for roundcube"
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
email_roundcube() {
echo -ne "* Sending email to customer.."
spin &
SPINPID=$!
cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
<html>
@ -108,13 +105,10 @@ EOF
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
rm /federated/apps/mail/data/root/certs/mailfile
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
uninstall_roundcube() {
echo -ne "* Uninstalling roundcube container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/roundcube && docker compose -f docker-compose.yml -p roundcube down &> /dev/null
@ -137,14 +131,15 @@ uninstall_roundcube() {
if [[ $(grep "### Roundcube" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
sed -i '/### Roundcube/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
sed -i '/### Roundcube/d' /federated/apps/authelia/data/config/idproviders.yml
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
fi
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
configsso_roundcube() {
echo -ne "* Configuring roundcube container with SSO.."
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
[[ $(grep "### Roundcube" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Roundcube configuration."
@ -171,8 +166,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
EOF
# Restart Authelia for changes to take the above configuration
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
# Add in extra hosts config
add_authelia_config_to_dockercompose "$APP"
@ -234,8 +229,10 @@ sed -i 's/SASLAUTHD_LDAP_FILTER=.*/#SASLAUTHD_LDAP_FILTER=\(\&\(objectClass\=ine
sed -i 's/DOVECOT_PASS_FILTER=.*/DOVECOT_PASS_FILTER=\(\|\(mail\=\%u\)\(uid\=\%u\)\)/g' /federated/apps/mail/.env
sed -i 's/DOVECOT_USER_FILTER=.*/DOVECOT_USER_FILTER=\(\|\(mail\=\%u\)\(uid\=\%u\)\)/g' /federated/apps/mail/.env
/federated/bin/stop roundcube
/federated/bin/start roundcube
/federated/bin/stop mail
/federated/bin/start mail
run_command "/federated/bin/stop roundcube"
run_command "/federated/bin/start roundcube"
run_command "/federated/bin/stop mail"
run_command "/federated/bin/start mail"
echo -ne "done.\n"
}

40
lib/wordpress.sh
View File

@ -6,7 +6,7 @@ PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sb
get_appvars
config_wordpress() {
echo -ne "\n* Configuring wordpress container.."
echo -ne "* Configuring wordpress container.."
if [ ! -d "/federated/apps/wordpress" ]; then
mkdir -p /federated/apps/wordpress/data/bitnami/wordpress
@ -54,7 +54,7 @@ WORDPRESS_PASSWORD=$ADMINPASS
WORDPRESS_EMAIL=admin@$DOMAIN
WORDPRESS_FIRST_NAME=Admin
WORDPRESS_LAST_NAME=Wordpress
WORDPRESS_BLOG_NAME=$COMPANY Blog
WORDPRESS_BLOG_NAME="$COMPANY Blog"
WORDPRESS_DATABASE_HOST=pdnsmysql.$DOMAIN
WORDPRESS_DATABASE_PORT_NUMBER=3306
WORDPRESS_DATABASE_USER=wordpress
@ -86,20 +86,16 @@ start_wordpress() {
chmod -R 755 /federated/apps/wordpress/data/bitnami/wordpress/wp-content
chmod 740 /federated/apps/wordpress/data/bitnami/wordpress/wp-config.php
sed -i s#http://#https://#g /federated/apps/wordpress/data/bitnami/wordpress/wp-config.php
/federated/bin/stop wordpress
/federated/bin/start wordpress
docker exec pdns pdnsutil add-record $DOMAIN www A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record"
docker exec pdns pdnsutil add-record $DOMAIN wordpress A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record"
run_command "/federated/bin/stop wordpress"
run_command "/federated/bin/start wordpress"
run_command "docker exec pdns pdnsutil add-record $DOMAIN www A 86400 $EXTERNALIP"
run_command "docker exec pdns pdnsutil add-record $DOMAIN wordpress A 86400 $EXTERNALIP"
echo -ne "done.\n"
}
email_wordpress() {
echo -ne "* Sending email to customer.."
spin &
SPINPID=$!
cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
<html>
@ -171,13 +167,10 @@ EOF
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
rm /federated/apps/mail/data/root/certs/mailfile
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
uninstall_wordpress() {
echo -ne "* Uninstalling wordpress container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/wordpress && docker compose -f docker-compose.yml -p wordpress down &> /dev/null
@ -200,14 +193,15 @@ uninstall_wordpress() {
if [[ $(grep "### Wordpress" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
sed -i '/### Wordpress/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
sed -i '/### Wordpress/d' /federated/apps/authelia/data/config/idproviders.yml
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
fi
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
configsso_wordpress() {
echo -ne "* Configuring wordpress container with SSO.."
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
[[ $(grep "### Wordpress" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Wordpress configuration."
@ -235,8 +229,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
EOF
# Restart Authelia for changes to take the above configuration
/federated/bin/stop authelia
/federated/bin/start authelia
run_command "/federated/bin/stop authelia"
run_command "/federated/bin/start authelia"
add_authelia_config_to_dockercompose "$APP"
@ -254,9 +248,11 @@ define( 'OIDC_LINK_EXISTING_USERS', '1' );\n\
define( 'OIDC_REDIRECT_USER_BACK', '1' );\n\
define( 'OIDC_REDIRECT_ON_LOGOUT', '1' );\n" /federated/apps/wordpress/data/bitnami/wordpress/wp-config.php
docker exec wordpress wp plugin install daggerhart-openid-connect-generic &> /dev/null
docker exec wordpress wp plugin activate daggerhart-openid-connect-generic &> /dev/null
run_command "docker exec wordpress wp plugin install daggerhart-openid-connect-generic"
run_command "docker exec wordpress wp plugin activate daggerhart-openid-connect-generic"
/federated/bin/stop wordpress
/federated/bin/start wordpress
run_command "/federated/bin/stop wordpress"
run_command "/federated/bin/start wordpress"
echo -ne "done.\n"
}