bero/test
1
0
Fork 0
Code Issues 52 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

New changes for threads in app files

Browse Source
This commit is contained in:
root 2024-04-05 14:04:21 +00:00
parent 920848b3eb
commit a142dcb3d1
10 changed files with 723 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/collabora.sh
View File

@ -15,6 +15,7 @@ config_collabora() {
cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/collabora/data/root/certs/ cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/collabora/data/root/certs/
chown 104 /federated/apps/collabora/data/root/certs/* chown 104 /federated/apps/collabora/data/root/certs/*
fi fi
get_externalip
cat > /federated/apps/collabora/docker-compose.yml <<EOF cat > /federated/apps/collabora/docker-compose.yml <<EOF
version: '3.7' version: '3.7'

78
lib/collabora.sh.old Normal file
View File

@ -0,0 +1,78 @@
#!/bin/bash
#
# Collabora Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_collabora() {
echo -ne "\n* Configuring /federated/apps/collabora container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/collabora" ]; then
mkdir -p /federated/apps/collabora/data/root/certs &> /dev/null
mkdir -p /federated/apps/collabora/data/opt/collaboraoffice/share/fonts/truetype &> /dev/null
cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/collabora/data/root/certs/
chown 104 /federated/apps/collabora/data/root/certs/*
fi
cat > /federated/apps/collabora/docker-compose.yml <<EOF
version: '3.7'
services:
collabora:
image: collabora/code:\${IMAGE_VERSION}
container_name: collabora
hostname: collabora.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.17
extra_hosts:
- "nextcloud.$DOMAIN:$EXTERNALIP"
ports:
- "9980:9980"
volumes:
- ./data/root:/root
- ./data/opt/collaboraoffice/share/fonts/truetype:/opt/collaboraoffice/share/fonts/truetype
# - ./data/root/certs/$DOMAIN.crt:/etc/coolwsd/cert.pem
# - ./data/root/certs/$DOMAIN.key:/etc/coolwsd/key.pem
env_file:
- ./.env
cap_add:
- MKNOD
labels:
- "traefik.enable=true"
- "traefik.http.routers.collabora.rule=Host(\`collabora.$DOMAIN\`)"
- "traefik.http.routers.collabora.entrypoints=websecure"
- "traefik.http.routers.collabora.tls.certresolver=letsencrypt"
- "traefik.http.services.collabora.loadbalancer.server.port=9980"
networks:
federated:
external: true
EOF
cat > /federated/apps/collabora/.env <<EOF
IMAGE_VERSION=23.05.10.1.1
domain=nextcloud.$DOMAIN
server_name=collabora.$DOMAIN
extra_params=--o:ssl.enable=false --o:ssl.termination=true
EOF
chmod 600 /federated/apps/collabora/.env
# Extract extra fonts into collabora
tar zxvf /federated/lib/files/collabora/fonts.tar.gz -C /federated/apps/collabora/data/opt/collaboraoffice/share/fonts/truetype/
[ $? -ne 0 ] && fail "Couldn't extract files/collabora/fonts.tar.gz into collabora"
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_collabora() {
# Start service with command to make sure it's up before proceeding
start_service "collabora" "nc -z 172.99.0.17 9980 &> /dev/null" "15"
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}

7
lib/nextcloud.sh
View File

@ -18,6 +18,7 @@ config_nextcloud() {
mkdir -p /federated/apps/nextcloud/data/var/www/data &> /dev/null mkdir -p /federated/apps/nextcloud/data/var/www/data &> /dev/null
mkdir -p /federated/apps/nextcloud/data/usr/local/etc/php/conf.d &> /dev/null mkdir -p /federated/apps/nextcloud/data/usr/local/etc/php/conf.d &> /dev/null
fi fi
get_externalip
cat > /federated/apps/nextcloud/docker-compose.yml <<EOF cat > /federated/apps/nextcloud/docker-compose.yml <<EOF
version: '3.7' version: '3.7'
@ -77,10 +78,16 @@ networks:
EOF EOF
LDAP_SECRET=`cat /federated/apps/ldap/.ldap.secret` LDAP_SECRET=`cat /federated/apps/ldap/.ldap.secret`
NEXTCLOUD_SECRET=$(create_password)
echo "$NEXTCLOUD_SECRET" > /federated/apps/nextcloud/.postgresql.secret echo "$NEXTCLOUD_SECRET" > /federated/apps/nextcloud/.postgresql.secret
echo "$ADMINPASS" > /federated/apps/nextcloud/.nextcloud.secret echo "$ADMINPASS" > /federated/apps/nextcloud/.nextcloud.secret
chmod 600 /federated/apps/nextcloud/.postgresql.secret /federated/apps/nextcloud/.nextcloud.secret chmod 600 /federated/apps/nextcloud/.postgresql.secret /federated/apps/nextcloud/.nextcloud.secret
# Create database and user in postgresql
docker exec postgresql psql -U postgres -c "CREATE DATABASE nextcloud" &> /dev/null
docker exec postgresql psql -U postgres -c "CREATE USER nextcloud WITH PASSWORD '$NEXTCLOUD_SECRET'" &> /dev/null
docker exec postgresql psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud" &> /dev/null
cat > /federated/apps/nextcloud/.env <<EOF cat > /federated/apps/nextcloud/.env <<EOF
IMAGE_VERSION=28.0.4 IMAGE_VERSION=28.0.4
NEXTCLOUD_UPDATE=1 NEXTCLOUD_UPDATE=1

307
lib/nextcloud.sh.old Normal file
View File

@ -0,0 +1,307 @@
#!/bin/bash -x
#
# NextCloud Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_nextcloud() {
echo -ne "\n* Configuring /federated/apps/nextcloud container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/nextcloud" ]; then
mkdir -p /federated/apps/nextcloud/data/root &> /dev/null
mkdir -p /federated/apps/nextcloud/data/home &> /dev/null
mkdir -p /federated/apps/nextcloud/data/var/www/html &> /dev/null
mkdir -p /federated/apps/nextcloud/data/var/www/html/custom_apps &> /dev/null
mkdir -p /federated/apps/nextcloud/data/var/www/config &> /dev/null
mkdir -p /federated/apps/nextcloud/data/var/www/data &> /dev/null
mkdir -p /federated/apps/nextcloud/data/usr/local/etc/php/conf.d &> /dev/null
fi
cat > /federated/apps/nextcloud/docker-compose.yml <<EOF
version: '3.7'
services:
nextcloud:
image: nextcloud:\${IMAGE_VERSION}
container_name: nextcloud
hostname: nextcloud.$DOMAIN
domainname: $DOMAIN
restart: always
# working_dir: /var/www/html
networks:
federated:
ipv4_address: 172.99.0.18
extra_hosts:
- "collabora.$DOMAIN:$EXTERNALIP"
volumes:
- ./data/root:/root
- ./data/home:/home
- ./data/var/www/html:/var/www/html
- ./data/var/www/html/custom_apps:/var/www/html/custom_apps
- ./data/var/www/config:/var/www/config
- ./data/var/www/data:/var/www/data
- ./data/usr/local/etc/php/conf.d/opcache-recommended.ini:/usr/local/etc/php/conf.d/opcache-recommended.ini
- ./data/usr/local/etc/php/conf.d/docker-php-ext-apcu.ini:/usr/local/etc/php/conf.d/docker-php-ext-apcu.ini
env_file:
- ./.env
secrets:
- federated_psql_password
- federated_nextcloud_password
labels:
- "traefik.enable=true"
- "traefik.http.routers.nextcloud.rule=Host(\`nextcloud.$DOMAIN\`)"
- "traefik.http.routers.nextcloud.entrypoints=websecure"
- "traefik.http.routers.nextcloud.tls.certresolver=letsencrypt"
- "traefik.http.routers.nextcloud.middlewares=nextcloud-redirectregex1,nextcloud-redirectregex2,nextcloudheader"
- "traefik.http.middlewares.nextcloud-redirectregex1.redirectregex.permanent=true"
- "traefik.http.middlewares.nextcloud-redirectregex1.redirectregex.regex=https?://([^/]*)/.well-known/(card|cal)dav"
- "traefik.http.middlewares.nextcloud-redirectregex1.redirectregex.replacement=https://\$\${1}/remote.php/dav/"
- "traefik.http.middlewares.nextcloud-redirectregex2.redirectregex.permanent=true"
- "traefik.http.middlewares.nextcloud-redirectregex2.redirectregex.regex=https?://([^/]*)(/.well-known[^#]*)"
- "traefik.http.middlewares.nextcloud-redirectregex2.redirectregex.replacement=https://\$\${1}/index.php\$\${2}"
- "traefik.http.middlewares.nextcloudheader.headers.stsSeconds=15552000"
- "traefik.http.middlewares.nextcloudheader.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.nextcloudheader.headers.stsPreload=true"
- "traefik.http.middlewares.nextcloudheader.headers.forceSTSHeader=true"
secrets:
federated_psql_password:
file: ./.postgresql.secret
federated_nextcloud_password:
file: ./.nextcloud.secret
networks:
federated:
external: true
EOF
LDAP_SECRET=`cat /federated/apps/ldap/.ldap.secret`
echo "$NEXTCLOUD_SECRET" > /federated/apps/nextcloud/.postgresql.secret
echo "$ADMINPASS" > /federated/apps/nextcloud/.nextcloud.secret
chmod 600 /federated/apps/nextcloud/.postgresql.secret /federated/apps/nextcloud/.nextcloud.secret
cat > /federated/apps/nextcloud/.env <<EOF
IMAGE_VERSION=28.0.4
NEXTCLOUD_UPDATE=1
PHP_MEMORY_LIMIT=2048M
PHP_UPLOAD_LIMIT=2048M
TRUSTED_PROXIES=172.99.0.0/16
NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.$DOMAIN
NEXTCLOUD_ADMIN_USER=nextcloud
NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/federated_nextcloud_password
POSTGRES_HOST=postgresql.$DOMAIN
POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud
POSTGRES_PASSWORD_FILE=/run/secrets/federated_psql_password
EOF
chmod 600 /federated/apps/nextcloud/.env
cat > /federated/apps/nextcloud/data/usr/local/etc/php/conf.d/opcache-recommended.ini <<EOF
opcache.enable=1
opcache.interned_strings_buffer=32
opcache.max_accelerated_files=18000
opcache.memory_consumption=256
opcache.save_comments=1
opcache.revalidate_freq=60
EOF
cat > /federated/apps/nextcloud/data/usr/local/etc/php/conf.d/docker-php-ext-apcu.ini <<EOF
extension=apcu
apc.enable_cli=1
apc.shm_size=256M
apc.ttl=3600
apc.user_ttl=7200
apc.gc_ttl=3600
apc.max_file_size=2M
EOF
#if [[ "$BUNDLE" = "starter" ]]; then
# sed -i "s/2048M/96M/g" /federated/apps/nextcloud/.env
# sed -i "s/256/64/g" /federated/apps/nextcloud/data/usr/local/etc/php/conf.d/opcache-recommended.ini
# sed -i "s/256M/64M/g" /federated/apps/nextcloud/data/usr/local/etc/php/conf.d/docker-php-ext-apcu.ini
#fi
cat > /federated/apps/nextcloud/data/configs.json <<EOF
{
"system": {
"mail_smtpmode": "smtp",
"mail_smtpsecure": "tls",
"mail_sendmailmode": "smtp",
"mail_from_address": "nextcloud",
"mail_domain": "$DOMAIN",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtphost": "mail.$DOMAIN",
"mail_smtpport": "587",
"mail_smtpname": "fcore",
"mail_smtppassword": "$ADMINPASS"
},
"apps": {
"core": {
"backgroundjobs_mode": "cron"
},
"side_menu": {
"background-color-opacity": "100",
"current-app-background-color": "#005b8d",
"types": "",
"enabled": "yes",
"text-color": "#ffffff",
"loader-color": "#339bd4",
"types": "",
"always-displayed": "0",
"big-menu": "0",
"side-with-categories": "0",
"background-color": "#0068a1",
"background-color-to": "#0068a1",
"icon-invert-filter": "0",
"icon-opacity": "100",
"opener": "side-menu-opener",
"dark-mode-background-color": "#0068a1",
"dark-mode-background-color-to": "#0068a1",
"dark-mode-background-color-opacity": "100",
"dark-mode-current-app-background-color": "#005b8d",
"dark-mode-text-color": "#ffffff",
"dark-mode-loader-color": "#ffffff",
"dark-mode-icon-invert-filter": "0",
"dark-mode-icon-opacity": "100",
"dark-mode-opener": "side-menu-opener",
"opener-position": "before",
"opener-only": "0",
"hide-when-no-apps": "0",
"opener-hover": "0",
"display-logo": "1",
"use-avatar": "0",
"add-logo-link": "1",
"big-menu-hidden-apps": "[]",
"show-settings": "0",
"size-icon": "normal",
"size-text": "normal",
"target-blank-apps": "[]",
"loader-enabled": "1",
"top-side-menu-apps": "[]",
"top-menu-mouse-over-hidden-label": "0",
"apps-order": "[\"dashboard\",\"mail\",\"calendar\",\"contacts\",\"notes\",\"tasks\",\"files\",\"deck\",\"bookmarks\",\"forms\",\"spreed\",\"photos\",\"activity\"]",
"categories-order-type": "default",
"categories-custom": "[]",
"apps-categories-custom": "[]",
"categories-order": "[\"other\",\"customization\",\"dashboard\",\"external_links\",\"files\",\"workflow\",\"games\",\"integration\",\"monitoring\",\"multimedia\",\"office\",\"organization\",\"search\",\"security\",\"social\",\"tools\"]",
"default-enabled": "1",
"force": "0",
"top-menu-apps": "[\"photos\",\"activity\",\"dashboard\",\"forms\",\"calendar\",\"tasks\",\"bookmarks\",\"deck\",\"contacts\",\"notes\",\"spreed\",\"mail\",\"files\"]",
"cache": "2"
}
}
}
EOF
cat > /federated/apps/nextcloud/data/config.sh <<EOF
#!/bin/sh
PATH=/var/www/html:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/bin
/var/www/html/occ app:enable user_ldap
/var/www/html/occ ldap:create-empty-config
/var/www/html/occ ldap:set-config s01 ldapHost 'ldaps://ldap.$DOMAIN'
/var/www/html/occ ldap:set-config s01 ldapAgentName cn=admin,dc=federatedcomputer,dc=cloud
/var/www/html/occ ldap:set-config s01 ldapAgentPassword $LDAP_SECRET
/var/www/html/occ ldap:set-config s01 ldapBase ou=people,dc=federatedcomputer,dc=cloud
/var/www/html/occ ldap:set-config s01 ldapBaseGroups ou=groups,dc=federatedcomputer,dc=cloud
/var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=people,dc=federatedcomputer,dc=cloud
/var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail
/var/www/html/occ ldap:set-config s01 ldapGidNumber gidNumber
/var/www/html/occ ldap:set-config s01 ldapGroupDisplayName cn
/var/www/html/occ ldap:set-config s01 ldapGroupFilter '(&(|(objectclass=posixGroup)))'
/var/www/html/occ ldap:set-config s01 ldapGroupFilterMode 0
/var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass inetOrgPerson
/var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr uniqueMember
/var/www/html/occ ldap:set-config s01 ldapLoginFilter '(&(|(objectclass=inetOrgPerson))(mail=%uid))'
/var/www/html/occ ldap:set-config s01 ldapLoginFilterEmail 0
/var/www/html/occ ldap:set-config s01 ldapLoginFilterMode 0
/var/www/html/occ ldap:set-config s01 ldapLoginFilterUsername 1
/var/www/html/occ ldap:set-config s01 ldapLoginFilterEmail 0
/var/www/html/occ ldap:set-config s01 ldapMatchingRuleInChainState unknown
/var/www/html/occ ldap:set-config s01 ldapNestedGroups 0
/var/www/html/occ ldap:set-config s01 ldapPagingSize 500
/var/www/html/occ ldap:set-config s01 ldapPort 636
/var/www/html/occ ldap:set-config s01 ldapTLS 1
/var/www/html/occ ldap:set-config s01 ldapUserAvatarRule default
/var/www/html/occ ldap:set-config s01 ldapUserDisplayName cn
/var/www/html/occ ldap:set-config s01 ldapUserFilter '(|(objectclass=inetOrgPerson))'
/var/www/html/occ ldap:set-config s01 ldapUserFilterMode 0
/var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass inetOrgPerson
/var/www/html/occ ldap:set-config s01 ldapUuidGroupAttribute auto
/var/www/html/occ ldap:set-config s01 ldapUuidUserAttribute auto
/var/www/html/occ ldap:set-config s01 turnOffCertCheck 0
/var/www/html/occ ldap:set-config s01 turnOnPasswordChange 0
/var/www/html/occ ldap:set-config s01 useMemberOfToDetectMembership 1
/var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1
/var/www/html/occ ldap:set-config s01 ldap_expert_username_attr uid
/var/www/html/occ ldap:set-config s01 ldap_display_name givenName
/var/www/html/occ config:system:set overwriteprotocol --value=https
/var/www/html/occ config:system:set default_phone_region --value="$COUNTRY"
/var/www/html/occ config:system:delete trusted_domains
/var/www/html/occ config:system:set trusted_domains 1 --value=*
/var/www/html/occ group:adduser admin admin
/var/www/html/occ user:delete nextcloud
/var/www/html/occ app:enable mail
/var/www/html/occ app:enable calendar
/var/www/html/occ app:enable contacts
/var/www/html/occ app:enable notes
/var/www/html/occ app:enable deck
/var/www/html/occ app:enable tasks
/var/www/html/occ app:enable bookmarks
/var/www/html/occ app:enable forms
/var/www/html/occ app:enable spreed
/var/www/html/occ app:enable side_menu
/var/www/html/occ app:enable external
/var/www/html/occ app:enable richdocuments
/var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments public_wopi_url
/var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments wopi_url
/var/www/html/occ config:app:set --value ooxml richdocuments doc_format
/var/www/html/occ config:app:set --value "" richdocuments disable_certificate_verification
/var/www/html/occ config:app:set external sites "--value={\"1\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":1,\"name\":\"Video Conference (Jitsi)\",\"url\":\"https:\/\/jitsi.$DOMAIN\"},\"2\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":2,\"name\":\"Worldwide Chat (Element)\",\"url\":\"https:\/\/element.$DOMAIN\"},\"3\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":3,\"name\":\"Mailing Lists (Listmonk)\",\"url\":\"https:\/\/listmonk.$DOMAIN\"},\"4\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":4,\"name\":\"Databases (Baserow)\",\"url\":\"https:\/\/baserow.$DOMAIN\"},\"5\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":5,\"name\":\"Passwords (Vaultwarden)\",\"url\":\"https:\/\/vaultwarden.$DOMAIN\"},\"7\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":7,\"name\":\"Source code (Gitea)\",\"url\":\"https:\/\/gitea.$DOMAIN\"}}"
/var/www/html/occ config:import configs.json
EOF
chmod +x /federated/apps/nextcloud/data/config.sh
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_nextcloud() {
# Start service with command to make sure it's up before proceeding
start_service "nextcloud" "nc -z 172.99.0.18 80 &> /dev/null" "35"
# Move config.sh and sidemenu config, set config.sh executable
mv /federated/apps/nextcloud/data/config.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/
docker exec nextcloud chown www-data:root /var/www/html/config.sh /var/www/html/configs.json
docker exec nextcloud chmod 755 /var/www/html/config.sh
[ $? -ne 0 ] && fail "Couldn't chown config.sh in /federated/apps/nextcloud container"
# Run config.sh - Setup LDAP, configuration for nextcloud
docker exec -u 33 nextcloud /var/www/html/config.sh &> /dev/null
[ $? -ne 0 ] && fail "Couldn't run config.sh inside /federated/apps/nextcloud container"
# Add admin user to group
# Have to do it this many times so it will query LDAP and populate admin user first
docker exec -u 33 nextcloud /var/www/html/occ ldap:search admin
docker exec -u 33 nextcloud /var/www/html/occ group:list
docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin
docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin
docker exec -u 33 nextcloud /var/www/html/occ group:list
# Setup admin email account
docker exec -u 33 nextcloud bash -c "/var/www/html/occ mail:account:create admin admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password" &> /dev/null
# Add missing indexes and disable activity app
docker exec -u 33 nextcloud /var/www/html/occ db:add-missing-indices
docker exec -u 33 nextcloud /var/www/html/occ app:disable activity
# Remove configs
rm /federated/apps/nextcloud/data/var/www/html/config.sh /federated/apps/nextcloud/data/var/www/html/configs.json
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}

12
lib/postgresql.sh
View File

@ -69,19 +69,7 @@ chmod 600 /federated/apps/postgresql/.env
PSQL_SECRET=$(create_password); PSQL_SECRET=$(create_password);
echo "$PSQL_SECRET" > /federated/apps/postgresql/.postgresql.secret echo "$PSQL_SECRET" > /federated/apps/postgresql/.postgresql.secret
chmod 600 /federated/apps/postgresql/.postgresql.secret chmod 600 /federated/apps/postgresql/.postgresql.secret
NEXTCLOUD_SECRET=$(create_password);
VAULTWARDEN_SECRET=$(create_password);
# cat postgresql/data/docker-entrypoint-initdb.d/init.sql
cat > /federated/apps/postgresql/data/docker-entrypoint-initdb.d/init.sql <<EOF
CREATE USER nextcloud WITH PASSWORD '$NEXTCLOUD_SECRET';
CREATE DATABASE nextcloud;
GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud;
CREATE USER vaultwarden WITH PASSWORD '$VAULTWARDEN_SECRET';
CREATE DATABASE vaultwarden;
GRANT ALL PRIVILEGES ON DATABASE vaultwarden TO vaultwarden;
EOF
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."
} }

114
lib/postgresql.sh.old Normal file
View File

@ -0,0 +1,114 @@
#!/bin/bash
#
# Postgresql Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_postgresql() {
echo -ne "\n* Configuring /federated/apps/postgresql container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/postgresql" ]; then
mkdir -p /federated/apps/postgresql/data/var/lib/postgresql /federated/apps/postgresql/data/docker-entrypoint-initdb.d
cp /federated/certs/certs/$DOMAIN.crt /federated/apps/postgresql/data/var/lib/postgresql/server.crt
cp /federated/certs/private/$DOMAIN.key /federated/apps/postgresql/data/var/lib/postgresql/server.key
chown 999 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key
chmod 600 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key
fi
cat > /federated/apps/postgresql/docker-compose.yml <<EOF
version: "3.7"
services:
postgresql:
image: postgres:\${IMAGE_VERSION}
container_name: postgresql
hostname: postgresql.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.14
volumes:
- ./data/var/lib/postgresql/server.crt:/var/lib/postgresql/server.crt
- ./data/var/lib/postgresql/server.key:/var/lib/postgresql/server.key
- ./data/var/lib/postgresql/data:/var/lib/postgresql/data
- ./data/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
env_file:
- ./.env
secrets:
- federated_psql_password
command: >
-c ssl=on
-c ssl_cert_file=/var/lib/postgresql/server.crt
-c ssl_key_file=/var/lib/postgresql/server.key
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 10s
timeout: 5s
retries: 5
secrets:
federated_psql_password:
file: ./.postgresql.secret
networks:
federated:
external: true
EOF
cat > /federated/apps/postgresql/.env <<EOF
IMAGE_VERSION="14"
POSTGRES_DB=postgres
POSTGRES_USER=postgres
POSTGRES_PASSWORD_FILE=/run/secrets/federated_psql_password
POSTGRES_INITDB_ARGS=--encoding='UTF8' --lc-collate='C' --lc-ctype='C'
EOF
chmod 600 /federated/apps/postgresql/.env
PSQL_SECRET=$(create_password);
echo "$PSQL_SECRET" > /federated/apps/postgresql/.postgresql.secret
chmod 600 /federated/apps/postgresql/.postgresql.secret
NEXTCLOUD_SECRET=$(create_password);
VAULTWARDEN_SECRET=$(create_password);
# cat postgresql/data/docker-entrypoint-initdb.d/init.sql
cat > /federated/apps/postgresql/data/docker-entrypoint-initdb.d/init.sql <<EOF
CREATE USER nextcloud WITH PASSWORD '$NEXTCLOUD_SECRET';
CREATE DATABASE nextcloud;
GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud;
CREATE USER vaultwarden WITH PASSWORD '$VAULTWARDEN_SECRET';
CREATE DATABASE vaultwarden;
GRANT ALL PRIVILEGES ON DATABASE vaultwarden TO vaultwarden;
EOF
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_postgresql() {
# Start service with command to make sure it's up before proceeding
start_service "postgresql" "nc -z 172.99.0.14 5432 &> /dev/null" "18"
# Tune PostgreSQL
# if [[ "$BUNDLE" = "starter" ]]; then
# sed -i "s#shared_buffers =.*#shared_buffers = 50MB#g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
# sed -i "s#max_connections =.*#max_connections = 400#g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
# sed -i "s/#work_mem =.*/work_mem = 4MB/g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
# sed -i "s/#maintenance_work_mem =.*/maintenance_work_mem = 50MB/g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
# else
sed -i "s#shared_buffers =.*#shared_buffers = 800MB#g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
sed -i "s#max_connections =.*#max_connections = 400#g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
sed -i "s/#work_mem =.*/work_mem = 16MB/g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
sed -i "s/#maintenance_work_mem =.*/maintenance_work_mem = 128MB/g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
# fi
# Restart PostgreSQL
/federated/bin/stop postgresql &> /dev/null
/federated/bin/start postgresql &> /dev/null
# Remove init.sql
# rm /federated/apps/postgresql/data/docker-entrypoint-initdb.d/init.sql
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}

6
lib/traefik.sh
View File

@ -93,8 +93,12 @@ chmod 600 /federated/apps/traefik/.env
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."
} }
start_traefik() { start_traefik() {
# Start service with command to make sure it's up before proceeding
start_service "traefik" "traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/acme.json --dest /federated/certs &> /dev/null && ls /federated/certs/private/$DOMAIN.key /federat
ed/certs/certs/$DOMAIN.crt &> /dev/null" "4"
}
start_traefik_old() {
echo -ne "\n* Starting /federated/apps/traefik service.." echo -ne "\n* Starting /federated/apps/traefik service.."
spin & spin &

132
lib/traefik.sh.old Normal file
View File

@ -0,0 +1,132 @@
#!/bin/bash
#
# Traefik Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_traefik() {
echo -ne "\n* Configuring /federated/apps/traefik container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/traefik" ]; then
mkdir -p /federated/apps/traefik/data/letsencrypt
fi
TRAEFIK_HTTPAUTH_STRING=$(echo `htpasswd -nb admin $ADMINPASS` | sed -e s/\\$/\\$\\$/g)
cat > /federated/apps/traefik/docker-compose.yml <<EOF
version: "3.7"
services:
traefik:
image: traefik:\${IMAGE_VERSION}
container_name: traefik
hostname: traefik.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.13
command:
# Tell Traefik to discover containers using the Docker API
- --providers.docker=true
# Enable the Trafik dashboard
- --api.dashboard=true
# Set up LetsEncrypt
- --certificatesresolvers.letsencrypt.acme.dnschallenge=true
- --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=pdns
- --certificatesresolvers.letsencrypt.acme.email=hostmaster@$DOMAIN
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
- --certificatesresolvers.letsencrypt.acme.dnschallenge.DisablePropagationCheck=true
# --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
# Added HTTP challenge
- --certificatesresolvers.httpresolver.acme.httpchallenge=true
- --certificatesresolvers.httpresolver.acme.httpchallenge.entrypoint=web
#- "--certificatesresolvers.httpresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- --certificatesresolvers.httpresolver.acme.email=hostmaster@$DOMAIN
- --certificatesresolvers.httpresolver.acme.storage=/letsencrypt/httpacme.json
- --log.level=DEBUG
# Set up an insecure listener that redirects all traffic to HTTPS
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
# Set up the TLS configuration for our websecure listener
- --entrypoints.websecure.http.tls=true
- --entrypoints.websecure.http.tls.certResolver=letsencrypt
- --entrypoints.websecure.http.tls.domains[0].main=$DOMAIN
- --entrypoints.websecure.http.tls.domains[0].sans=*.$DOMAIN
env_file:
- ./.env
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/letsencrypt:/letsencrypt
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(\`traefik.$DOMAIN\`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.middlewares=strip"
- "traefik.http.middlewares.strip.stripprefix.prefixes=/traefik"
- "traefik.http.routers.traefik.middlewares=traefik-auth"
- "traefik.http.middlewares.traefik-auth.basicauth.users=$TRAEFIK_HTTPAUTH_STRING"
networks:
federated:
external: true
EOF
PDNS_APIKEY=`grep PDNS_api_key /federated/apps/pdns/.env | awk -F= '{ print $2 }'`
cat > /federated/apps/traefik/.env <<EOF
IMAGE_VERSION="v2.10.1"
PDNS_API_KEY=$PDNS_APIKEY
PDNS_API_URL=http://pdns.$DOMAIN:8081
EOF
chmod 600 /federated/apps/traefik/.env
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_traefik() {
echo -ne "\n* Starting /federated/apps/traefik service.."
spin &
SPINPID=$!
if [ $DEBUG ]; then
# Start /federated/apps/traefik with output to console for debug
docker-compose -f /federated/apps/traefik/docker-compose.yml -p traefik up
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/traefik"
else
# Start /federated/apps/traefik with output to /dev/null
docker-compose -f /federated/apps/traefik/docker-compose.yml -p traefik up -d &> /dev/null
# Keep trying to see that certificates are generated
RETRY="20"
while [ $RETRY -gt 0 ]; do
traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/acme.json --dest /federated/certs &> /dev/null
# Check if certs are generated
ls /federated/certs/private/$DOMAIN.key /federated/certs/certs/$DOMAIN.crt &> /dev/null
if [ $? -eq 0 ]; then
kill -9 $SPINPID &> /dev/null
echo -ne "done."
break
else
if [ "$RETRY" == 1 ]; then
docker-compose -f /federated/apps/traefik/docker-compose.yml -p traefik down &> /dev/null
fail "There was a problem starting service /federated/apps/traefik\nCheck the output of 'docker logs traefik' or turn on\ndebug with -d"
fi
((RETRY--))
sleep 9
fi
done
fi
}

7
lib/vaultwarden.sh
View File

@ -3,6 +3,7 @@
# Vaultwarden Service # Vaultwarden Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
get_appvars
config_vaultwarden() { config_vaultwarden() {
echo -ne "\n* Configuring /federated/apps/vaultwarden container.." echo -ne "\n* Configuring /federated/apps/vaultwarden container.."
@ -12,6 +13,7 @@ config_vaultwarden() {
if [ ! -d "/federated/apps/vaultwarden" ]; then if [ ! -d "/federated/apps/vaultwarden" ]; then
mkdir -p /federated/apps/vaultwarden/data/data mkdir -p /federated/apps/vaultwarden/data/data
fi fi
VAULTWARDEN_SECRET=$(create_password)
cat > /federated/apps/vaultwarden/docker-compose.yml <<EOF cat > /federated/apps/vaultwarden/docker-compose.yml <<EOF
version: '3.7' version: '3.7'
@ -59,6 +61,11 @@ SIGNUPS_DOMAINS_WHITELIST=$DOMAIN
SIGNUPS_VERIFY=true SIGNUPS_VERIFY=true
EOF EOF
chmod 600 /federated/apps/vaultwarden/.env chmod 600 /federated/apps/vaultwarden/.env
# Create database and user in postgresql
docker exec postgresql psql -U postgres -c "CREATE DATABASE vaultwarden" &> /dev/null
docker exec postgresql psql -U postgres -c "CREATE USER vaultwarden WITH PASSWORD '$VAULTWARDEN_SECRET'" &> /dev/null
docker exec postgresql psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE vaultwarden TO vaultwarden" &> /dev/null
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done." echo -ne "done."

72
lib/vaultwarden.sh.old Normal file
View File

@ -0,0 +1,72 @@
#!/bin/bash
#
# Vaultwarden Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_vaultwarden() {
echo -ne "\n* Configuring /federated/apps/vaultwarden container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/vaultwarden" ]; then
mkdir -p /federated/apps/vaultwarden/data/data
fi
cat > /federated/apps/vaultwarden/docker-compose.yml <<EOF
version: '3.7'
services:
vaultwarden:
image: vaultwarden/server:\${IMAGE_VERSION}
container_name: vaultwarden
hostname: vaultwarden.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.22
env_file:
- ./.env
volumes:
- ./data/data:/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.vaultwarden.rule=Host(\`vaultwarden.$DOMAIN\`)"
- "traefik.http.routers.vaultwarden.entrypoints=websecure"
- "traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt"
networks:
federated:
external: true
EOF
cat > /federated/apps/vaultwarden/.env <<EOF
IMAGE_VERSION="1.28.1"
DATABASE_URL=postgresql://vaultwarden:$VAULTWARDEN_SECRET@postgresql.$DOMAIN:5432/vaultwarden
WEBSOCKET_ENABLED=true
DOMAIN=https://vaultwarden.$DOMAIN
ADMIN_TOKEN=$VAULTWARDEN_SECRET
#- SIGNUPS_ALLOWED=false
SMTP_HOST=mail.$DOMAIN
SMTP_FROM=vaultwarden@$DOMAIN
SMTP_PORT=587
SMTP_SECURITY=starttls
SMTP_USERNAME=fcore
SMTP_PASSWORD=$ADMINPASS
SIGNUPS_ALLOWED=false
SIGNUPS_DOMAINS_WHITELIST=$DOMAIN
SIGNUPS_VERIFY=true
EOF
chmod 600 /federated/apps/vaultwarden/.env
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_vaultwarden() {
# Start service with command to make sure it's up before proceeding
start_service "vaultwarden" "nc -z 172.99.0.22 80 &> /dev/null" "8"
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}