diff --git a/lib/collabora.sh b/lib/collabora.sh index 5cf5d81..9c0bb02 100644 --- a/lib/collabora.sh +++ b/lib/collabora.sh @@ -15,6 +15,7 @@ config_collabora() { cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/collabora/data/root/certs/ chown 104 /federated/apps/collabora/data/root/certs/* fi + get_externalip cat > /federated/apps/collabora/docker-compose.yml < /dev/null + mkdir -p /federated/apps/collabora/data/opt/collaboraoffice/share/fonts/truetype &> /dev/null + cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/collabora/data/root/certs/ + chown 104 /federated/apps/collabora/data/root/certs/* + fi + +cat > /federated/apps/collabora/docker-compose.yml < /federated/apps/collabora/.env < /dev/null +echo -ne "done." +} +start_collabora() { + # Start service with command to make sure it's up before proceeding + start_service "collabora" "nc -z 172.99.0.17 9980 &> /dev/null" "15" + + kill -9 $SPINPID &> /dev/null + echo -ne "done." +} diff --git a/lib/nextcloud.sh b/lib/nextcloud.sh index 02c4829..4914abe 100644 --- a/lib/nextcloud.sh +++ b/lib/nextcloud.sh @@ -18,6 +18,7 @@ config_nextcloud() { mkdir -p /federated/apps/nextcloud/data/var/www/data &> /dev/null mkdir -p /federated/apps/nextcloud/data/usr/local/etc/php/conf.d &> /dev/null fi + get_externalip cat > /federated/apps/nextcloud/docker-compose.yml < /federated/apps/nextcloud/.postgresql.secret echo "$ADMINPASS" > /federated/apps/nextcloud/.nextcloud.secret chmod 600 /federated/apps/nextcloud/.postgresql.secret /federated/apps/nextcloud/.nextcloud.secret +# Create database and user in postgresql +docker exec postgresql psql -U postgres -c "CREATE DATABASE nextcloud" &> /dev/null +docker exec postgresql psql -U postgres -c "CREATE USER nextcloud WITH PASSWORD '$NEXTCLOUD_SECRET'" &> /dev/null +docker exec postgresql psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud" &> /dev/null + cat > /federated/apps/nextcloud/.env < /dev/null + mkdir -p /federated/apps/nextcloud/data/home &> /dev/null + mkdir -p /federated/apps/nextcloud/data/var/www/html &> /dev/null + mkdir -p /federated/apps/nextcloud/data/var/www/html/custom_apps &> /dev/null + mkdir -p /federated/apps/nextcloud/data/var/www/config &> /dev/null + mkdir -p /federated/apps/nextcloud/data/var/www/data &> /dev/null + mkdir -p /federated/apps/nextcloud/data/usr/local/etc/php/conf.d &> /dev/null + fi + +cat > /federated/apps/nextcloud/docker-compose.yml < /federated/apps/nextcloud/.postgresql.secret +echo "$ADMINPASS" > /federated/apps/nextcloud/.nextcloud.secret +chmod 600 /federated/apps/nextcloud/.postgresql.secret /federated/apps/nextcloud/.nextcloud.secret + +cat > /federated/apps/nextcloud/.env < /federated/apps/nextcloud/data/usr/local/etc/php/conf.d/opcache-recommended.ini < /federated/apps/nextcloud/data/usr/local/etc/php/conf.d/docker-php-ext-apcu.ini < /federated/apps/nextcloud/data/configs.json < /federated/apps/nextcloud/data/config.sh < /dev/null + echo -ne "done." +} + +start_nextcloud() { + # Start service with command to make sure it's up before proceeding + start_service "nextcloud" "nc -z 172.99.0.18 80 &> /dev/null" "35" + + # Move config.sh and sidemenu config, set config.sh executable + mv /federated/apps/nextcloud/data/config.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/ + docker exec nextcloud chown www-data:root /var/www/html/config.sh /var/www/html/configs.json + docker exec nextcloud chmod 755 /var/www/html/config.sh + [ $? -ne 0 ] && fail "Couldn't chown config.sh in /federated/apps/nextcloud container" + + # Run config.sh - Setup LDAP, configuration for nextcloud + docker exec -u 33 nextcloud /var/www/html/config.sh &> /dev/null + [ $? -ne 0 ] && fail "Couldn't run config.sh inside /federated/apps/nextcloud container" + + # Add admin user to group + # Have to do it this many times so it will query LDAP and populate admin user first + docker exec -u 33 nextcloud /var/www/html/occ ldap:search admin + docker exec -u 33 nextcloud /var/www/html/occ group:list + docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin + docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin + docker exec -u 33 nextcloud /var/www/html/occ group:list + + # Setup admin email account + docker exec -u 33 nextcloud bash -c "/var/www/html/occ mail:account:create admin admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password" &> /dev/null + + # Add missing indexes and disable activity app + docker exec -u 33 nextcloud /var/www/html/occ db:add-missing-indices + docker exec -u 33 nextcloud /var/www/html/occ app:disable activity + + # Remove configs + rm /federated/apps/nextcloud/data/var/www/html/config.sh /federated/apps/nextcloud/data/var/www/html/configs.json + + kill -9 $SPINPID &> /dev/null + echo -ne "done." +} diff --git a/lib/postgresql.sh b/lib/postgresql.sh index 8c20ebf..37ebcb7 100644 --- a/lib/postgresql.sh +++ b/lib/postgresql.sh @@ -69,19 +69,7 @@ chmod 600 /federated/apps/postgresql/.env PSQL_SECRET=$(create_password); echo "$PSQL_SECRET" > /federated/apps/postgresql/.postgresql.secret chmod 600 /federated/apps/postgresql/.postgresql.secret -NEXTCLOUD_SECRET=$(create_password); -VAULTWARDEN_SECRET=$(create_password); -# cat postgresql/data/docker-entrypoint-initdb.d/init.sql -cat > /federated/apps/postgresql/data/docker-entrypoint-initdb.d/init.sql < /dev/null echo -ne "done." } diff --git a/lib/postgresql.sh.old b/lib/postgresql.sh.old new file mode 100644 index 0000000..8c20ebf --- /dev/null +++ b/lib/postgresql.sh.old @@ -0,0 +1,114 @@ +#!/bin/bash +# +# Postgresql Service + +PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +config_postgresql() { + echo -ne "\n* Configuring /federated/apps/postgresql container.." + spin & + SPINPID=$! + + if [ ! -d "/federated/apps/postgresql" ]; then + mkdir -p /federated/apps/postgresql/data/var/lib/postgresql /federated/apps/postgresql/data/docker-entrypoint-initdb.d + cp /federated/certs/certs/$DOMAIN.crt /federated/apps/postgresql/data/var/lib/postgresql/server.crt + cp /federated/certs/private/$DOMAIN.key /federated/apps/postgresql/data/var/lib/postgresql/server.key + chown 999 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key + chmod 600 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key + fi + +cat > /federated/apps/postgresql/docker-compose.yml < + -c ssl=on + -c ssl_cert_file=/var/lib/postgresql/server.crt + -c ssl_key_file=/var/lib/postgresql/server.key + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 10s + timeout: 5s + retries: 5 + +secrets: + federated_psql_password: + file: ./.postgresql.secret +networks: + federated: + external: true +EOF + +cat > /federated/apps/postgresql/.env < /federated/apps/postgresql/.postgresql.secret +chmod 600 /federated/apps/postgresql/.postgresql.secret +NEXTCLOUD_SECRET=$(create_password); +VAULTWARDEN_SECRET=$(create_password); + +# cat postgresql/data/docker-entrypoint-initdb.d/init.sql +cat > /federated/apps/postgresql/data/docker-entrypoint-initdb.d/init.sql < /dev/null +echo -ne "done." +} +start_postgresql() { + # Start service with command to make sure it's up before proceeding + start_service "postgresql" "nc -z 172.99.0.14 5432 &> /dev/null" "18" + + # Tune PostgreSQL +# if [[ "$BUNDLE" = "starter" ]]; then +# sed -i "s#shared_buffers =.*#shared_buffers = 50MB#g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf +# sed -i "s#max_connections =.*#max_connections = 400#g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf +# sed -i "s/#work_mem =.*/work_mem = 4MB/g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf +# sed -i "s/#maintenance_work_mem =.*/maintenance_work_mem = 50MB/g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf +# else + sed -i "s#shared_buffers =.*#shared_buffers = 800MB#g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf + sed -i "s#max_connections =.*#max_connections = 400#g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf + sed -i "s/#work_mem =.*/work_mem = 16MB/g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf + sed -i "s/#maintenance_work_mem =.*/maintenance_work_mem = 128MB/g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf +# fi + + # Restart PostgreSQL + /federated/bin/stop postgresql &> /dev/null + /federated/bin/start postgresql &> /dev/null + + # Remove init.sql +# rm /federated/apps/postgresql/data/docker-entrypoint-initdb.d/init.sql + + kill -9 $SPINPID &> /dev/null + echo -ne "done." +} diff --git a/lib/traefik.sh b/lib/traefik.sh index 0ab75e6..5a87304 100644 --- a/lib/traefik.sh +++ b/lib/traefik.sh @@ -93,8 +93,12 @@ chmod 600 /federated/apps/traefik/.env kill -9 $SPINPID &> /dev/null echo -ne "done." } - start_traefik() { + # Start service with command to make sure it's up before proceeding + start_service "traefik" "traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/acme.json --dest /federated/certs &> /dev/null && ls /federated/certs/private/$DOMAIN.key /federat +ed/certs/certs/$DOMAIN.crt &> /dev/null" "4" +} +start_traefik_old() { echo -ne "\n* Starting /federated/apps/traefik service.." spin & diff --git a/lib/traefik.sh.old b/lib/traefik.sh.old new file mode 100644 index 0000000..0ab75e6 --- /dev/null +++ b/lib/traefik.sh.old @@ -0,0 +1,132 @@ +#!/bin/bash +# +# Traefik Service + +PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +config_traefik() { + echo -ne "\n* Configuring /federated/apps/traefik container.." + spin & + SPINPID=$! + + if [ ! -d "/federated/apps/traefik" ]; then + mkdir -p /federated/apps/traefik/data/letsencrypt + fi + +TRAEFIK_HTTPAUTH_STRING=$(echo `htpasswd -nb admin $ADMINPASS` | sed -e s/\\$/\\$\\$/g) + +cat > /federated/apps/traefik/docker-compose.yml < /federated/apps/traefik/.env < /dev/null +echo -ne "done." +} + +start_traefik() { + echo -ne "\n* Starting /federated/apps/traefik service.." + + spin & + SPINPID=$! + + if [ $DEBUG ]; then + # Start /federated/apps/traefik with output to console for debug + docker-compose -f /federated/apps/traefik/docker-compose.yml -p traefik up + [ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/traefik" + else + # Start /federated/apps/traefik with output to /dev/null + docker-compose -f /federated/apps/traefik/docker-compose.yml -p traefik up -d &> /dev/null + + # Keep trying to see that certificates are generated + RETRY="20" + while [ $RETRY -gt 0 ]; do + traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/acme.json --dest /federated/certs &> /dev/null + + # Check if certs are generated + ls /federated/certs/private/$DOMAIN.key /federated/certs/certs/$DOMAIN.crt &> /dev/null + if [ $? -eq 0 ]; then + kill -9 $SPINPID &> /dev/null + echo -ne "done." + break + else + if [ "$RETRY" == 1 ]; then + docker-compose -f /federated/apps/traefik/docker-compose.yml -p traefik down &> /dev/null + fail "There was a problem starting service /federated/apps/traefik\nCheck the output of 'docker logs traefik' or turn on\ndebug with -d" + fi + ((RETRY--)) + sleep 9 + fi + done + fi +} diff --git a/lib/vaultwarden.sh b/lib/vaultwarden.sh index 1f4a967..637cdba 100644 --- a/lib/vaultwarden.sh +++ b/lib/vaultwarden.sh @@ -3,6 +3,7 @@ # Vaultwarden Service PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +get_appvars config_vaultwarden() { echo -ne "\n* Configuring /federated/apps/vaultwarden container.." @@ -12,6 +13,7 @@ config_vaultwarden() { if [ ! -d "/federated/apps/vaultwarden" ]; then mkdir -p /federated/apps/vaultwarden/data/data fi + VAULTWARDEN_SECRET=$(create_password) cat > /federated/apps/vaultwarden/docker-compose.yml < /dev/null +docker exec postgresql psql -U postgres -c "CREATE USER vaultwarden WITH PASSWORD '$VAULTWARDEN_SECRET'" &> /dev/null +docker exec postgresql psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE vaultwarden TO vaultwarden" &> /dev/null kill -9 $SPINPID &> /dev/null echo -ne "done." diff --git a/lib/vaultwarden.sh.old b/lib/vaultwarden.sh.old new file mode 100644 index 0000000..1f4a967 --- /dev/null +++ b/lib/vaultwarden.sh.old @@ -0,0 +1,72 @@ +#!/bin/bash +# +# Vaultwarden Service + +PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +config_vaultwarden() { + echo -ne "\n* Configuring /federated/apps/vaultwarden container.." + spin & + SPINPID=$! + + if [ ! -d "/federated/apps/vaultwarden" ]; then + mkdir -p /federated/apps/vaultwarden/data/data + fi + +cat > /federated/apps/vaultwarden/docker-compose.yml < /federated/apps/vaultwarden/.env < /dev/null +echo -ne "done." +} +start_vaultwarden() { + # Start service with command to make sure it's up before proceeding + start_service "vaultwarden" "nc -z 172.99.0.22 80 &> /dev/null" "8" + + kill -9 $SPINPID &> /dev/null + echo -ne "done." +}